npm - codeslick-cli - Versions diffs - 1.0.0 - Mend

codeslick-cli 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (455) hide show

package/dist/src/lib/security/severity-scoring.js ADDED Viewed

@@ -0,0 +1,965 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.calculateSeverityScore = calculateSeverityScore;
+exports.getSeverityLabel = getSeverityLabel;
+exports.getSeverityColor = getSeverityColor;
+exports.sortBySeverity = sortBySeverity;
+/**
+ * Calculate CVSS-like score and severity level
+ *
+ * Score Ranges:
+ * - CRITICAL: 9.0-10.0 (Immediate exploit risk, data breach potential)
+ * - HIGH: 7.0-8.9 (Exploitable with moderate effort, significant impact)
+ * - MEDIUM: 4.0-6.9 (Requires specific conditions, moderate impact)
+ * - LOW: 1.0-3.9 (Limited impact, information disclosure)
+ */
+function calculateSeverityScore(vulnerabilityType, context) {
+    const baseScores = getBaseScore(vulnerabilityType);
+    // Adjust score based on context
+    let adjustedScore = baseScores.cvssScore;
+    if (context?.hasUserInput) {
+        adjustedScore += 0.5;
+    }
+    if (context?.isPublicFacing) {
+        adjustedScore += 0.5;
+    }
+    if (context?.containsSensitiveData) {
+        adjustedScore += 1.0;
+    }
+    // Cap at 10.0
+    adjustedScore = Math.min(adjustedScore, 10.0);
+    // Recalculate severity based on adjusted score
+    const severity = getSeverityFromScore(adjustedScore);
+    return {
+        ...baseScores,
+        cvssScore: adjustedScore,
+        severity,
+    };
+}
+/**
+ * Get base severity score for vulnerability type
+ */
+function getBaseScore(vulnerabilityType) {
+    const scoreMap = {
+        // CRITICAL (9.0-10.0) - Immediate exploitation, RCE, data breach
+        'sql-injection': {
+            severity: 'critical',
+            cvssScore: 9.8,
+            exploitLikelihood: 'high',
+            impact: 'data-breach',
+        },
+        'nosql-injection': {
+            severity: 'critical',
+            cvssScore: 9.8,
+            exploitLikelihood: 'high',
+            impact: 'data-breach',
+        },
+        'ssrf': {
+            severity: 'critical',
+            cvssScore: 9.1,
+            exploitLikelihood: 'high',
+            impact: 'data-breach',
+        },
+        'command-injection': {
+            severity: 'critical',
+            cvssScore: 9.8,
+            exploitLikelihood: 'high',
+            impact: 'rce',
+        },
+        'deserialization': {
+            severity: 'critical',
+            cvssScore: 9.8,
+            exploitLikelihood: 'high',
+            impact: 'rce',
+        },
+        'eval-usage': {
+            severity: 'critical',
+            cvssScore: 9.3,
+            exploitLikelihood: 'high',
+            impact: 'rce',
+        },
+        'hardcoded-credentials': {
+            severity: 'critical',
+            cvssScore: 9.1,
+            exploitLikelihood: 'high',
+            impact: 'authentication-bypass',
+        },
+        'hardcoded-database-credentials': {
+            severity: 'high',
+            cvssScore: 7.5,
+            exploitLikelihood: 'high',
+            impact: 'data-breach',
+        },
+        'hardcoded-aws-credentials': {
+            severity: 'critical',
+            cvssScore: 9.8,
+            exploitLikelihood: 'high',
+            impact: 'authentication-bypass',
+        },
+        'log4j-vulnerable-version': {
+            severity: 'critical',
+            cvssScore: 10.0,
+            exploitLikelihood: 'high',
+            impact: 'rce',
+        },
+        'log4j-unsafe-logging': {
+            severity: 'critical',
+            cvssScore: 10.0,
+            exploitLikelihood: 'high',
+            impact: 'rce',
+        },
+        // PHASE 6 (2025-11-21): Node.js/Express Security Checks
+        'nodejs-require-injection': {
+            severity: 'critical',
+            cvssScore: 9.8,
+            exploitLikelihood: 'high',
+            impact: 'rce',
+        },
+        'nodejs-command-injection': {
+            severity: 'critical',
+            cvssScore: 9.8,
+            exploitLikelihood: 'high',
+            impact: 'rce',
+        },
+        'log4j-jndi-pattern': {
+            severity: 'critical',
+            cvssScore: 10.0,
+            exploitLikelihood: 'high',
+            impact: 'rce',
+        },
+        // DEC 16, 2025: Supply Chain - Dynamic require() (Check #87)
+        'dynamic-require-env-var': {
+            severity: 'critical',
+            cvssScore: 9.0,
+            exploitLikelihood: 'high',
+            impact: 'rce',
+        },
+        // DEC 16, 2025 (Phase 11): Authentication Failures (Checks #88, #89, #90)
+        'plaintext-password-comparison': {
+            severity: 'critical',
+            cvssScore: 9.8,
+            exploitLikelihood: 'high',
+            impact: 'authentication-bypass',
+        },
+        'weak-token-generation': {
+            severity: 'high',
+            cvssScore: 8.1,
+            exploitLikelihood: 'high',
+            impact: 'authentication-bypass',
+        },
+        'master-password-backdoor': {
+            severity: 'high',
+            cvssScore: 7.5,
+            exploitLikelihood: 'high',
+            impact: 'authentication-bypass',
+        },
+        'fail-open-authorization': {
+            severity: 'critical',
+            cvssScore: 9.1,
+            exploitLikelihood: 'high',
+            impact: 'privilege-escalation',
+        },
+        'fail-open-authentication': {
+            severity: 'critical',
+            cvssScore: 9.1,
+            exploitLikelihood: 'high',
+            impact: 'privilege-escalation',
+        },
+        // DEC 20, 2025 (Phase A P0): JWT Vulnerabilities (Checks #3, #4)
+        'jwt-none-algorithm': {
+            severity: 'critical',
+            cvssScore: 9.1,
+            exploitLikelihood: 'high',
+            impact: 'authentication-bypass',
+        },
+        'jwt-decode-authentication': {
+            severity: 'critical',
+            cvssScore: 9.1,
+            exploitLikelihood: 'high',
+            impact: 'authentication-bypass',
+        },
+        'jwt-weak-secret': {
+            severity: 'critical',
+            cvssScore: 9.1,
+            exploitLikelihood: 'high',
+            impact: 'authentication-bypass',
+        },
+        // DEC 20, 2025 (Phase B): Template Injection (Check #11)
+        'ssti': {
+            severity: 'critical',
+            cvssScore: 9.0,
+            exploitLikelihood: 'high',
+            impact: 'rce',
+        },
+        // DEC 16, 2025: Information Disclosure - Direct stack exposure (Check #86 variant)
+        'direct-stack-exposure': {
+            severity: 'high',
+            cvssScore: 7.0,
+            exploitLikelihood: 'medium',
+            impact: 'info-disclosure',
+        },
+        // PHASE 6 (2025-11-23): Django/Flask Security Checks - CRITICAL
+        'django-orm-sql-injection': {
+            severity: 'critical',
+            cvssScore: 9.8,
+            exploitLikelihood: 'high',
+            impact: 'data-breach',
+        },
+        'django-debug-true': {
+            severity: 'critical',
+            cvssScore: 9.3,
+            exploitLikelihood: 'high',
+            impact: 'info-disclosure',
+        },
+        'django-weak-secret-key': {
+            severity: 'critical',
+            cvssScore: 9.1,
+            exploitLikelihood: 'high',
+            impact: 'authentication-bypass',
+        },
+        'flask-debug-mode': {
+            severity: 'critical',
+            cvssScore: 9.8,
+            exploitLikelihood: 'high',
+            impact: 'rce',
+        },
+        'ai-generated-code-high': {
+            severity: 'critical',
+            cvssScore: 8.5,
+            exploitLikelihood: 'high',
+            impact: 'code-integrity',
+        },
+        // HIGH (7.0-8.9) - Exploitable with moderate effort
+        'xss': {
+            severity: 'high',
+            cvssScore: 8.2,
+            exploitLikelihood: 'high',
+            impact: 'xss',
+        },
+        'xxe': {
+            severity: 'high',
+            cvssScore: 8.5,
+            exploitLikelihood: 'high',
+            impact: 'data-breach',
+        },
+        'path-traversal': {
+            severity: 'high',
+            cvssScore: 7.5,
+            exploitLikelihood: 'high',
+            impact: 'info-disclosure',
+        },
+        'ldap-injection': {
+            severity: 'high',
+            cvssScore: 8.8,
+            exploitLikelihood: 'high',
+            impact: 'authentication-bypass',
+        },
+        'redis-injection': {
+            severity: 'high',
+            cvssScore: 7.5,
+            exploitLikelihood: 'high',
+            impact: 'info-disclosure',
+        },
+        'xpath-injection': {
+            severity: 'high',
+            cvssScore: 8.1,
+            exploitLikelihood: 'medium',
+            impact: 'data-breach',
+        },
+        'prototype-pollution': {
+            severity: 'high',
+            cvssScore: 7.5,
+            exploitLikelihood: 'medium',
+            impact: 'privilege-escalation',
+        },
+        'unsafe-yaml-load': {
+            severity: 'high',
+            cvssScore: 7.5,
+            exploitLikelihood: 'medium',
+            impact: 'rce',
+        },
+        'unsafe-pickle': {
+            severity: 'high',
+            cvssScore: 7.5,
+            exploitLikelihood: 'medium',
+            impact: 'rce',
+        },
+        'unsafe-reflection': {
+            severity: 'high',
+            cvssScore: 7.5,
+            exploitLikelihood: 'medium',
+            impact: 'rce',
+        },
+        'file-upload-no-validation': {
+            severity: 'high',
+            cvssScore: 7.5,
+            exploitLikelihood: 'high',
+            impact: 'rce',
+        },
+        'log4j-missing-protection': {
+            severity: 'high',
+            cvssScore: 8.1,
+            exploitLikelihood: 'high',
+            impact: 'rce',
+        },
+        // PHASE 6 (2025-11-21): Node.js/Express Security Checks - HIGH
+        'nodejs-path-traversal': {
+            severity: 'high',
+            cvssScore: 7.5,
+            exploitLikelihood: 'medium',
+            impact: 'data-breach',
+        },
+        'nodejs-unsafe-request-params': {
+            severity: 'high',
+            cvssScore: 7.3,
+            exploitLikelihood: 'high',
+            impact: 'data-breach',
+        },
+        // PHASE 6 (2025-11-23): Django/Flask Security Checks - HIGH
+        'django-csrf-exempt': {
+            severity: 'high',
+            cvssScore: 8.1,
+            exploitLikelihood: 'high',
+            impact: 'privilege-escalation',
+        },
+        'django-mark-safe-xss': {
+            severity: 'high',
+            cvssScore: 7.4,
+            exploitLikelihood: 'high',
+            impact: 'xss',
+        },
+        // DEC 16, 2025: TypeScript Security Checks (Check #85, #86)
+        'idor-no-authorization': {
+            severity: 'high',
+            cvssScore: 7.5,
+            exploitLikelihood: 'high',
+            impact: 'privilege-escalation',
+        },
+        'stack-trace-exposure': {
+            severity: 'high',
+            cvssScore: 7.0,
+            exploitLikelihood: 'medium',
+            impact: 'info-disclosure',
+        },
+        'ai-generated-code-medium': {
+            severity: 'high',
+            cvssScore: 7.5,
+            exploitLikelihood: 'medium',
+            impact: 'code-integrity',
+        },
+        // MEDIUM (4.0-6.9) - Moderate impact, requires specific conditions
+        'spring-missing-method-security': {
+            severity: 'medium',
+            cvssScore: 6.5,
+            exploitLikelihood: 'high',
+            impact: 'privilege-escalation',
+        },
+        // PHASE 6 (2025-11-21): Node.js/Express Security Checks - MEDIUM
+        'nodejs-missing-helmet': {
+            severity: 'medium',
+            cvssScore: 5.0,
+            exploitLikelihood: 'medium',
+            impact: 'info-disclosure',
+        },
+        // DEC 20, 2025 (Phase B): Helmet Misconfiguration (Check #10)
+        'helmet-misconfiguration': {
+            severity: 'high',
+            cvssScore: 7.5,
+            exploitLikelihood: 'high',
+            impact: 'xss',
+        },
+        // DEC 20, 2025 (Phase B): Missing CSRF Protection (Check #11)
+        'missing-csrf-protection': {
+            severity: 'high',
+            cvssScore: 8.1,
+            exploitLikelihood: 'high',
+            impact: 'authentication-bypass',
+        },
+        // DEC 20, 2025 (Phase B): Missing SameSite Cookie Attribute (Check #11)
+        'missing-samesite-cookie': {
+            severity: 'high',
+            cvssScore: 8.1,
+            exploitLikelihood: 'high',
+            impact: 'authentication-bypass',
+        },
+        // DEC 20, 2025 (Phase B): Weak Encryption - AES-ECB Mode (Check #12)
+        'weak-encryption-ecb': {
+            severity: 'high',
+            cvssScore: 8.5,
+            exploitLikelihood: 'high',
+            impact: 'data-breach',
+        },
+        // DEC 20, 2025 (Phase B): Deprecated crypto.createCipher (Check #12)
+        'deprecated-createcipher': {
+            severity: 'high',
+            cvssScore: 8.5,
+            exploitLikelihood: 'high',
+            impact: 'data-breach',
+        },
+        // DEC 20, 2025 (Phase B): Insecure TLS - rejectUnauthorized: false (Check #13)
+        'insecure-tls-reject-unauthorized': {
+            severity: 'high',
+            cvssScore: 7.5,
+            exploitLikelihood: 'high',
+            impact: 'data-breach',
+        },
+        // DEC 20, 2025 (Phase B): Insecure TLS Version (Check #13)
+        'insecure-tls-version': {
+            severity: 'high',
+            cvssScore: 7.5,
+            exploitLikelihood: 'high',
+            impact: 'data-breach',
+        },
+        // DEC 20, 2025 (Phase B): NODE_TLS_REJECT_UNAUTHORIZED=0 (Check #13)
+        'node-tls-reject-unauthorized': {
+            severity: 'high',
+            cvssScore: 7.5,
+            exploitLikelihood: 'high',
+            impact: 'data-breach',
+        },
+        // DEC 25, 2025: OWASP A10:2025 - Exception Handling (Phase 7B Day 9)
+        'unhandled-promise-rejection': {
+            severity: 'high',
+            cvssScore: 7.5,
+            exploitLikelihood: 'high',
+            impact: 'dos',
+        },
+        'error-object-exposure': {
+            severity: 'high',
+            cvssScore: 7.5,
+            exploitLikelihood: 'high',
+            impact: 'info-disclosure',
+        },
+        'error-details-exposed': {
+            severity: 'medium',
+            cvssScore: 5.5,
+            exploitLikelihood: 'medium',
+            impact: 'info-disclosure',
+        },
+        'async-without-try-catch': {
+            severity: 'medium',
+            cvssScore: 5.3,
+            exploitLikelihood: 'medium',
+            impact: 'dos',
+        },
+        // DEC 25, 2025: Java A06:2025 - Insecure Design (Phase 7B Day 9)
+        'missing-input-validation': {
+            severity: 'high',
+            cvssScore: 8.1,
+            exploitLikelihood: 'high',
+            impact: 'data-breach',
+        },
+        'direct-database-query': {
+            severity: 'medium',
+            cvssScore: 6.1,
+            exploitLikelihood: 'medium',
+            impact: 'privilege-escalation',
+        },
+        // DEC 25, 2025: Java A09:2025 - Logging Failures (Phase 7B Day 9)
+        'missing-security-logging': {
+            severity: 'medium',
+            cvssScore: 5.9,
+            exploitLikelihood: 'medium',
+            impact: 'info-disclosure',
+        },
+        'system-out-println': {
+            severity: 'low',
+            cvssScore: 3.1,
+            exploitLikelihood: 'low',
+            impact: 'info-disclosure',
+        },
+        // DEC 23, 2025: OWASP A03:2025 - Supply Chain (HIGH)
+        'dynamic-import-no-integrity': {
+            severity: 'high',
+            cvssScore: 7.5,
+            exploitLikelihood: 'high',
+            impact: 'rce',
+        },
+        'suspicious-package-pattern': {
+            severity: 'high',
+            cvssScore: 7.5,
+            exploitLikelihood: 'high',
+            impact: 'rce',
+        },
+        // HIGH (7.0-8.9) - Significant risk
+        'weak-random': {
+            severity: 'high',
+            cvssScore: 7.2,
+            exploitLikelihood: 'high',
+            impact: 'privilege-escalation',
+        },
+        'weak-encryption-des': {
+            severity: 'high',
+            cvssScore: 7.5,
+            exploitLikelihood: 'high',
+            impact: 'data-breach',
+        },
+        'weak-hash-md5': {
+            severity: 'medium',
+            cvssScore: 5.9,
+            exploitLikelihood: 'low',
+            impact: 'data-breach',
+        },
+        'weak-hash-sha1': {
+            severity: 'medium',
+            cvssScore: 5.9,
+            exploitLikelihood: 'low',
+            impact: 'data-breach',
+        },
+        'ecb-mode-encryption': {
+            severity: 'medium',
+            cvssScore: 5.3,
+            exploitLikelihood: 'low',
+            impact: 'data-breach',
+        },
+        'insecure-storage': {
+            severity: 'medium',
+            cvssScore: 4.3,
+            exploitLikelihood: 'low',
+            impact: 'info-disclosure',
+        },
+        'regex-dos': {
+            severity: 'medium',
+            cvssScore: 5.3,
+            exploitLikelihood: 'medium',
+            impact: 'dos',
+        },
+        'document-write': {
+            severity: 'medium',
+            cvssScore: 4.3,
+            exploitLikelihood: 'low',
+            impact: 'xss',
+        },
+        'function-constructor': {
+            severity: 'medium',
+            cvssScore: 6.1,
+            exploitLikelihood: 'medium',
+            impact: 'rce',
+        },
+        'settimeout-string': {
+            severity: 'medium',
+            cvssScore: 4.3,
+            exploitLikelihood: 'low',
+            impact: 'xss',
+        },
+        // DEC 23, 2025: OWASP A10:2025 - Exception Handling (MEDIUM)
+        'empty-catch-block': {
+            severity: 'medium',
+            cvssScore: 5.0,
+            exploitLikelihood: 'medium',
+            impact: 'info-disclosure',
+        },
+        'ignored-exception': {
+            severity: 'medium',
+            cvssScore: 5.0,
+            exploitLikelihood: 'medium',
+            impact: 'info-disclosure',
+        },
+        'missing-resource-cleanup': {
+            severity: 'medium',
+            cvssScore: 5.0,
+            exploitLikelihood: 'medium',
+            impact: 'dos',
+        },
+        // DEC 23, 2025: OWASP A03:2025 - Supply Chain (MEDIUM)
+        'runtime-dependency-loading': {
+            severity: 'high',
+            cvssScore: 7.5,
+            exploitLikelihood: 'high',
+            impact: 'rce',
+        },
+        'unrestricted-cdn-usage': {
+            severity: 'medium',
+            cvssScore: 5.0,
+            exploitLikelihood: 'medium',
+            impact: 'rce',
+        },
+        // DEC 24, 2025: Python A10:2025 - Exception Handling (HIGH)
+        'bare-except-clause': {
+            severity: 'high',
+            cvssScore: 7.0,
+            exploitLikelihood: 'high',
+            impact: 'info-disclosure',
+        },
+        'exception-details-exposed': {
+            severity: 'high',
+            cvssScore: 7.5,
+            exploitLikelihood: 'high',
+            impact: 'info-disclosure',
+        },
+        // DEC 24, 2025: Python A10:2025 - Exception Handling (MEDIUM)
+        'silent-exception-suppression': {
+            severity: 'medium',
+            cvssScore: 5.5,
+            exploitLikelihood: 'medium',
+            impact: 'info-disclosure',
+        },
+        'incorrect-exception-pattern': {
+            severity: 'medium',
+            cvssScore: 5.0,
+            exploitLikelihood: 'medium',
+            impact: 'info-disclosure',
+        },
+        // DEC 24, 2025: Python A03:2025 - Supply Chain (HIGH)
+        'dynamic-import-no-validation': {
+            severity: 'high',
+            cvssScore: 8.0,
+            exploitLikelihood: 'high',
+            impact: 'rce',
+        },
+        'runtime-package-installation': {
+            severity: 'high',
+            cvssScore: 8.5,
+            exploitLikelihood: 'high',
+            impact: 'rce',
+        },
+        'untrusted-package-source': {
+            severity: 'high',
+            cvssScore: 7.5,
+            exploitLikelihood: 'high',
+            impact: 'rce',
+        },
+        // DEC 24, 2025: Python A03:2025 - Supply Chain (MEDIUM)
+        'package-typosquatting-pattern': {
+            severity: 'medium',
+            cvssScore: 6.0,
+            exploitLikelihood: 'medium',
+            impact: 'rce',
+        },
+        // DEC 24, 2025: Python A01:2025 - Broken Access Control (HIGH)
+        'missing-authentication-decorator': {
+            severity: 'high',
+            cvssScore: 8.1,
+            exploitLikelihood: 'high',
+            impact: 'privilege-escalation',
+        },
+        'insecure-direct-object-reference': {
+            severity: 'high',
+            cvssScore: 8.2,
+            exploitLikelihood: 'high',
+            impact: 'data-breach',
+        },
+        // DEC 24, 2025: Python A04:2025 - Cryptographic Failures (HIGH)
+        'weak-crypto-algorithm': {
+            severity: 'high',
+            cvssScore: 7.5,
+            exploitLikelihood: 'high',
+            impact: 'data-breach',
+        },
+        'insecure-random': {
+            severity: 'high',
+            cvssScore: 7.8,
+            exploitLikelihood: 'high',
+            impact: 'privilege-escalation',
+        },
+        // DEC 24, 2025: Python A06:2025 - Insecure Design (HIGH)
+        'missing-rate-limiting': {
+            severity: 'high',
+            cvssScore: 7.3,
+            exploitLikelihood: 'high',
+            impact: 'dos',
+        },
+        'mass-assignment': {
+            severity: 'high',
+            cvssScore: 8.0,
+            exploitLikelihood: 'high',
+            impact: 'privilege-escalation',
+        },
+        // DEC 24, 2025: Python A09:2025 - Logging Failures
+        'sensitive-data-logging': {
+            severity: 'high',
+            cvssScore: 7.5,
+            exploitLikelihood: 'high',
+            impact: 'info-disclosure',
+        },
+        // DEC 24, 2025: Python A08:2025 - Software and Data Integrity Failures (CRITICAL)
+        'insecure-deserialization': {
+            severity: 'critical',
+            cvssScore: 9.8,
+            exploitLikelihood: 'high',
+            impact: 'rce',
+        },
+        // DEC 25, 2025: Java A10:2025 - Exception Handling (Phase 7B Day 6)
+        'broad-exception-catching': {
+            severity: 'high',
+            cvssScore: 7.2,
+            exploitLikelihood: 'medium',
+            impact: 'info-disclosure',
+        },
+        'printstacktrace-usage': {
+            severity: 'high',
+            cvssScore: 7.0,
+            exploitLikelihood: 'high',
+            impact: 'info-disclosure',
+        },
+        'swallowed-interrupted-exception': {
+            severity: 'medium',
+            cvssScore: 5.8,
+            exploitLikelihood: 'medium',
+            impact: 'dos',
+        },
+        // DEC 25, 2025: Java A03:2025 - Supply Chain Security (Phase 7B Day 7)
+        'dynamic-class-loading': {
+            severity: 'critical',
+            cvssScore: 9.8,
+            exploitLikelihood: 'high',
+            impact: 'rce',
+        },
+        'insecure-maven-repository': {
+            severity: 'high',
+            cvssScore: 7.5,
+            exploitLikelihood: 'high',
+            impact: 'data-breach',
+        },
+        'package-typosquatting': {
+            severity: 'critical',
+            cvssScore: 9.0,
+            exploitLikelihood: 'high',
+            impact: 'rce',
+        },
+        'unsigned-jar-usage': {
+            severity: 'high',
+            cvssScore: 7.2,
+            exploitLikelihood: 'high',
+            impact: 'rce',
+        },
+        'dependency-confusion': {
+            severity: 'high',
+            cvssScore: 7.8,
+            exploitLikelihood: 'high',
+            impact: 'rce',
+        },
+        'runtime-bytecode-loading': {
+            severity: 'critical',
+            cvssScore: 9.5,
+            exploitLikelihood: 'high',
+            impact: 'rce',
+        },
+        // DEC 25, 2025: Java A01:2025 - Access Control (Phase 7B Day 8)
+        'missing-authorization': {
+            severity: 'high',
+            cvssScore: 8.1,
+            exploitLikelihood: 'high',
+            impact: 'privilege-escalation',
+        },
+        'hardcoded-roles': {
+            severity: 'medium',
+            cvssScore: 5.3,
+            exploitLikelihood: 'low',
+            impact: 'info-disclosure',
+        },
+        // DEC 25, 2025: JavaScript/TypeScript A01:2025 - Access Control (Phase 7B Day 11)
+        'missing-authentication-middleware': {
+            severity: 'high',
+            cvssScore: 8.1,
+            exploitLikelihood: 'high',
+            impact: 'authentication-bypass',
+        },
+        'client-side-authorization': {
+            severity: 'high',
+            cvssScore: 7.5,
+            exploitLikelihood: 'high',
+            impact: 'privilege-escalation',
+        },
+        // DEC 25, 2025: JavaScript/TypeScript A07:2025 - Authentication Failures (Phase 7B Day 11)
+        'missing-mfa': {
+            severity: 'medium',
+            cvssScore: 6.5,
+            exploitLikelihood: 'high',
+            impact: 'authentication-bypass',
+        },
+        'no-rate-limiting': {
+            severity: 'medium',
+            cvssScore: 5.3,
+            exploitLikelihood: 'high',
+            impact: 'dos',
+        },
+        // DEC 25, 2025: Java A04:2025 - Cryptographic Failures (Phase 7B Day 8)
+        'weak-cipher-rc4': {
+            severity: 'high',
+            cvssScore: 7.4,
+            exploitLikelihood: 'high',
+            impact: 'data-breach',
+        },
+        'assert-security': {
+            severity: 'medium',
+            cvssScore: 4.3,
+            exploitLikelihood: 'low',
+            impact: 'privilege-escalation',
+        },
+        'input-no-validation': {
+            severity: 'medium',
+            cvssScore: 5.3,
+            exploitLikelihood: 'medium',
+            impact: 'info-disclosure',
+        },
+        // PHASE 6 (2025-11-23): Django/Flask Security Checks - MEDIUM
+        'django-missing-login-required': {
+            severity: 'medium',
+            cvssScore: 6.5,
+            exploitLikelihood: 'high',
+            impact: 'privilege-escalation',
+        },
+        'flask-missing-csrf': {
+            severity: 'medium',
+            cvssScore: 6.1,
+            exploitLikelihood: 'high',
+            impact: 'privilege-escalation',
+        },
+        'flask-ssti': {
+            severity: 'medium',
+            cvssScore: 6.5,
+            exploitLikelihood: 'medium',
+            impact: 'rce',
+        },
+        'flask-markup-xss': {
+            severity: 'medium',
+            cvssScore: 5.4,
+            exploitLikelihood: 'medium',
+            impact: 'xss',
+        },
+        'flask-weak-secret-key': {
+            severity: 'medium',
+            cvssScore: 5.3,
+            exploitLikelihood: 'medium',
+            impact: 'authentication-bypass',
+        },
+        'ai-generated-code-low': {
+            severity: 'medium',
+            cvssScore: 5.5,
+            exploitLikelihood: 'low',
+            impact: 'code-quality',
+        },
+        // LOW (1.0-3.9) - Limited impact, information disclosure
+        // CODE QUALITY (0.0) - Not security vulnerabilities (Dec 16, 2025 - Phase 11)
+        'any-type-usage': {
+            severity: 'low',
+            cvssScore: 0.0,
+            exploitLikelihood: 'low',
+            impact: 'info-disclosure',
+        },
+        'console-log': {
+            severity: 'low',
+            cvssScore: 2.6,
+            exploitLikelihood: 'low',
+            impact: 'info-disclosure',
+        },
+        'print-statement': {
+            severity: 'low',
+            cvssScore: 2.6,
+            exploitLikelihood: 'low',
+            impact: 'info-disclosure',
+        },
+        'printstacktrace': {
+            severity: 'low',
+            cvssScore: 3.7,
+            exploitLikelihood: 'low',
+            impact: 'info-disclosure',
+        },
+        'empty-except': {
+            severity: 'low',
+            cvssScore: 3.1,
+            exploitLikelihood: 'low',
+            impact: 'info-disclosure',
+        },
+        'missing-error-handling': {
+            severity: 'low',
+            cvssScore: 3.1,
+            exploitLikelihood: 'low',
+            impact: 'info-disclosure',
+        },
+        'generic-exception-catch': {
+            severity: 'low',
+            cvssScore: 3.1,
+            exploitLikelihood: 'low',
+            impact: 'info-disclosure',
+        },
+        'null-pointer-unhandled': {
+            severity: 'low',
+            cvssScore: 2.6,
+            exploitLikelihood: 'low',
+            impact: 'dos',
+        },
+    };
+    return scoreMap[vulnerabilityType] || {
+        severity: 'medium',
+        cvssScore: 5.0,
+        exploitLikelihood: 'medium',
+        impact: 'info-disclosure',
+    };
+}
+/**
+ * Get severity level from CVSS score
+ */
+function getSeverityFromScore(score) {
+    if (score >= 9.0)
+        return 'critical';
+    if (score >= 7.0)
+        return 'high';
+    if (score >= 4.0)
+        return 'medium';
+    return 'low';
+}
+/**
+ * Get severity label for display
+ */
+function getSeverityLabel(severity) {
+    const labels = {
+        critical: 'CRITICAL',
+        high: 'HIGH',
+        medium: 'MEDIUM',
+        low: 'LOW',
+    };
+    return labels[severity];
+}
+/**
+ * Get severity color for UI
+ */
+function getSeverityColor(severity) {
+    const colors = {
+        critical: {
+            bg: 'bg-red-100',
+            text: 'text-red-900',
+            border: 'border-red-500',
+        },
+        high: {
+            bg: 'bg-orange-100',
+            text: 'text-orange-900',
+            border: 'border-orange-500',
+        },
+        medium: {
+            bg: 'bg-yellow-100',
+            text: 'text-yellow-900',
+            border: 'border-yellow-500',
+        },
+        low: {
+            bg: 'bg-gray-100',
+            text: 'text-gray-700',
+            border: 'border-gray-400',
+        },
+    };
+    return colors[severity];
+}
+/**
+ * Sort security issues by severity (critical first)
+ */
+function sortBySeverity(issues) {
+    const severityOrder = {
+        critical: 4,
+        high: 3,
+        medium: 2,
+        low: 1,
+    };
+    return [...issues].sort((a, b) => {
+        // First sort by severity level
+        const severityDiff = severityOrder[b.severity] - severityOrder[a.severity];
+        if (severityDiff !== 0)
+            return severityDiff;
+        // Then by CVSS score if available
+        if (a.cvssScore && b.cvssScore) {
+            return b.cvssScore - a.cvssScore;
+        }
+        return 0;
+    });
+}
+//# sourceMappingURL=severity-scoring.js.map