supasec 1.0.4 → 1.0.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/Feature-List.md +233 -0
- package/README.md +53 -12
- package/dist/cli.js +2 -0
- package/dist/cli.js.map +1 -1
- package/dist/commands/index.d.ts +1 -0
- package/dist/commands/index.d.ts.map +1 -1
- package/dist/commands/index.js +1 -0
- package/dist/commands/index.js.map +1 -1
- package/dist/commands/scan.d.ts.map +1 -1
- package/dist/commands/scan.js +74 -18
- package/dist/commands/scan.js.map +1 -1
- package/dist/commands/snapshot.d.ts +32 -0
- package/dist/commands/snapshot.d.ts.map +1 -0
- package/dist/commands/snapshot.js +282 -0
- package/dist/commands/snapshot.js.map +1 -0
- package/dist/reporters/html.d.ts +3 -2
- package/dist/reporters/html.d.ts.map +1 -1
- package/dist/reporters/html.js +844 -538
- package/dist/reporters/html.js.map +1 -1
- package/dist/reporters/terminal.d.ts +38 -2
- package/dist/reporters/terminal.d.ts.map +1 -1
- package/dist/reporters/terminal.js +292 -131
- package/dist/reporters/terminal.js.map +1 -1
- package/dist/scanners/auth/analyzer.d.ts +40 -0
- package/dist/scanners/auth/analyzer.d.ts.map +1 -0
- package/dist/scanners/auth/analyzer.js +673 -0
- package/dist/scanners/auth/analyzer.js.map +1 -0
- package/dist/scanners/auth/index.d.ts +6 -0
- package/dist/scanners/auth/index.d.ts.map +1 -0
- package/dist/scanners/auth/index.js +22 -0
- package/dist/scanners/auth/index.js.map +1 -0
- package/dist/scanners/edge/analyzer.d.ts +35 -0
- package/dist/scanners/edge/analyzer.d.ts.map +1 -0
- package/dist/scanners/edge/analyzer.js +614 -0
- package/dist/scanners/edge/analyzer.js.map +1 -0
- package/dist/scanners/edge/index.d.ts +6 -0
- package/dist/scanners/edge/index.d.ts.map +1 -0
- package/dist/scanners/edge/index.js +22 -0
- package/dist/scanners/edge/index.js.map +1 -0
- package/dist/scanners/functions/analyzer.d.ts +41 -0
- package/dist/scanners/functions/analyzer.d.ts.map +1 -0
- package/dist/scanners/functions/analyzer.js +378 -0
- package/dist/scanners/functions/analyzer.js.map +1 -0
- package/dist/scanners/functions/index.d.ts +6 -0
- package/dist/scanners/functions/index.d.ts.map +1 -0
- package/dist/scanners/functions/index.js +22 -0
- package/dist/scanners/functions/index.js.map +1 -0
- package/dist/scanners/git/index.d.ts +6 -0
- package/dist/scanners/git/index.d.ts.map +1 -0
- package/dist/scanners/git/index.js +22 -0
- package/dist/scanners/git/index.js.map +1 -0
- package/dist/scanners/git/scanner.d.ts +22 -0
- package/dist/scanners/git/scanner.d.ts.map +1 -0
- package/dist/scanners/git/scanner.js +531 -0
- package/dist/scanners/git/scanner.js.map +1 -0
- package/dist/scanners/https/analyzer.d.ts +42 -0
- package/dist/scanners/https/analyzer.d.ts.map +1 -0
- package/dist/scanners/https/analyzer.js +470 -0
- package/dist/scanners/https/analyzer.js.map +1 -0
- package/dist/scanners/https/index.d.ts +8 -0
- package/dist/scanners/https/index.d.ts.map +1 -0
- package/dist/scanners/https/index.js +17 -0
- package/dist/scanners/https/index.js.map +1 -0
- package/dist/scanners/index.d.ts +6 -0
- package/dist/scanners/index.d.ts.map +1 -1
- package/dist/scanners/index.js +6 -0
- package/dist/scanners/index.js.map +1 -1
- package/dist/scanners/rls/fuzzer.d.ts +40 -0
- package/dist/scanners/rls/fuzzer.d.ts.map +1 -0
- package/dist/scanners/rls/fuzzer.js +360 -0
- package/dist/scanners/rls/fuzzer.js.map +1 -0
- package/dist/scanners/rls/index.d.ts +1 -0
- package/dist/scanners/rls/index.d.ts.map +1 -1
- package/dist/scanners/rls/index.js +1 -0
- package/dist/scanners/rls/index.js.map +1 -1
- package/dist/scanners/secrets/detector.d.ts.map +1 -1
- package/dist/scanners/secrets/detector.js +44 -12
- package/dist/scanners/secrets/detector.js.map +1 -1
- package/dist/scanners/secrets/index.d.ts +1 -0
- package/dist/scanners/secrets/index.d.ts.map +1 -1
- package/dist/scanners/secrets/index.js +4 -0
- package/dist/scanners/secrets/index.js.map +1 -1
- package/dist/scanners/secrets/patterns.d.ts +25 -0
- package/dist/scanners/secrets/patterns.d.ts.map +1 -1
- package/dist/scanners/secrets/patterns.js +138 -27
- package/dist/scanners/secrets/patterns.js.map +1 -1
- package/dist/scanners/storage/analyzer.d.ts +49 -0
- package/dist/scanners/storage/analyzer.d.ts.map +1 -0
- package/dist/scanners/storage/analyzer.js +438 -0
- package/dist/scanners/storage/analyzer.js.map +1 -0
- package/dist/scanners/storage/index.d.ts +6 -0
- package/dist/scanners/storage/index.d.ts.map +1 -0
- package/dist/scanners/storage/index.js +22 -0
- package/dist/scanners/storage/index.js.map +1 -0
- package/package.json +1 -1
- package/reports/supasec-audityour-app-2026-01-28-19-42-22.html +757 -0
- package/reports/supasec-audityour-app-2026-01-28-19-49-18.html +1122 -0
|
@@ -0,0 +1,470 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* HTTPS/TLS Security Analyzer
|
|
4
|
+
*
|
|
5
|
+
* Performs real HTTPS enforcement checks:
|
|
6
|
+
* - Verifies HTTPS is actually used
|
|
7
|
+
* - Checks TLS version and cipher suites
|
|
8
|
+
* - Tests for HSTS headers
|
|
9
|
+
* - Detects mixed content
|
|
10
|
+
* - Checks certificate details
|
|
11
|
+
*/
|
|
12
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
13
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
14
|
+
};
|
|
15
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
16
|
+
exports.analyzeHTTPS = analyzeHTTPS;
|
|
17
|
+
exports.checkMixedContent = checkMixedContent;
|
|
18
|
+
const axios_1 = __importDefault(require("axios"));
|
|
19
|
+
/**
|
|
20
|
+
* Analyze HTTPS/TLS configuration for a target URL
|
|
21
|
+
*/
|
|
22
|
+
async function analyzeHTTPS(targetUrl) {
|
|
23
|
+
const findings = [];
|
|
24
|
+
const passedChecks = [];
|
|
25
|
+
const httpsInfo = {
|
|
26
|
+
httpsEnabled: false,
|
|
27
|
+
tlsVersion: null,
|
|
28
|
+
hstsEnabled: false,
|
|
29
|
+
hstsMaxAge: null,
|
|
30
|
+
mixedContent: false,
|
|
31
|
+
certificateValid: false,
|
|
32
|
+
certificateExpiry: null,
|
|
33
|
+
cipherSuites: [],
|
|
34
|
+
vulnerabilities: []
|
|
35
|
+
};
|
|
36
|
+
try {
|
|
37
|
+
// Parse the URL
|
|
38
|
+
const url = new URL(targetUrl);
|
|
39
|
+
void url.hostname; // Used in checks below
|
|
40
|
+
// Check 1: Verify HTTPS is being used
|
|
41
|
+
if (url.protocol !== 'https:') {
|
|
42
|
+
findings.push(createFinding({
|
|
43
|
+
finding_id: 'SEC-HTTPS-001',
|
|
44
|
+
title: 'HTTPS Not Enforced',
|
|
45
|
+
description: `Target URL is using HTTP instead of HTTPS. All connections should use HTTPS to ensure data encryption in transit.`,
|
|
46
|
+
severity: 'CRITICAL',
|
|
47
|
+
category: 'transport',
|
|
48
|
+
subcategory: 'protocol',
|
|
49
|
+
remediation_summary: 'Configure your server to redirect all HTTP traffic to HTTPS. Enable HTTPS-only mode in your hosting provider or web server configuration.',
|
|
50
|
+
location: { url: targetUrl },
|
|
51
|
+
evidence: { code_snippet: `URL: ${targetUrl}` },
|
|
52
|
+
references: [
|
|
53
|
+
{ title: 'OWASP Transport Layer Protection', url: 'https://cheatsheetseries.owasp.org/cheatsheets/Transport_Layer_Protection_Cheat_Sheet.html' },
|
|
54
|
+
{ title: 'Mozilla SSL Configuration Generator', url: 'https://ssl-config.mozilla.org/' }
|
|
55
|
+
],
|
|
56
|
+
compliance_violations: ['OWASP-ASVS-V9.1.1', 'PCI-DSS-4.1']
|
|
57
|
+
}));
|
|
58
|
+
}
|
|
59
|
+
else {
|
|
60
|
+
httpsInfo.httpsEnabled = true;
|
|
61
|
+
}
|
|
62
|
+
// Check 2: Test HTTP to HTTPS redirect
|
|
63
|
+
const httpUrl = targetUrl.replace('https://', 'http://');
|
|
64
|
+
try {
|
|
65
|
+
const httpResponse = await axios_1.default.get(httpUrl, {
|
|
66
|
+
timeout: 10000,
|
|
67
|
+
maxRedirects: 0,
|
|
68
|
+
validateStatus: () => true
|
|
69
|
+
});
|
|
70
|
+
// Check if HTTP redirects to HTTPS (301, 302, 307, 308)
|
|
71
|
+
const redirectStatus = [301, 302, 307, 308];
|
|
72
|
+
const locationHeader = httpResponse.headers['location'];
|
|
73
|
+
if (!redirectStatus.includes(httpResponse.status) || !locationHeader?.startsWith('https://')) {
|
|
74
|
+
findings.push(createFinding({
|
|
75
|
+
finding_id: 'SEC-HTTPS-002',
|
|
76
|
+
title: 'HTTP to HTTPS Redirect Missing',
|
|
77
|
+
description: 'HTTP requests are not being redirected to HTTPS. This allows users to accidentally use insecure connections.',
|
|
78
|
+
severity: 'HIGH',
|
|
79
|
+
category: 'transport',
|
|
80
|
+
subcategory: 'redirect',
|
|
81
|
+
remediation_summary: 'Configure your web server to return a 301 or 308 redirect for all HTTP requests to their HTTPS equivalents.',
|
|
82
|
+
location: { url: httpUrl },
|
|
83
|
+
evidence: { code_snippet: `HTTP Response: ${httpResponse.status}` },
|
|
84
|
+
references: [
|
|
85
|
+
{ title: 'OWASP HTTP Strict Transport Security', url: 'https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html' }
|
|
86
|
+
],
|
|
87
|
+
compliance_violations: ['OWASP-ASVS-V9.1.2']
|
|
88
|
+
}));
|
|
89
|
+
}
|
|
90
|
+
}
|
|
91
|
+
catch (error) {
|
|
92
|
+
// HTTP might not be accessible at all, which is actually good
|
|
93
|
+
// but we should note it
|
|
94
|
+
}
|
|
95
|
+
// Check 3: Analyze HTTPS response headers
|
|
96
|
+
try {
|
|
97
|
+
const httpsResponse = await axios_1.default.get(targetUrl, {
|
|
98
|
+
timeout: 15000,
|
|
99
|
+
maxRedirects: 5,
|
|
100
|
+
validateStatus: () => true
|
|
101
|
+
});
|
|
102
|
+
const headers = httpsResponse.headers;
|
|
103
|
+
// Check HSTS (HTTP Strict Transport Security)
|
|
104
|
+
const hstsHeader = headers['strict-transport-security'];
|
|
105
|
+
if (!hstsHeader) {
|
|
106
|
+
findings.push(createFinding({
|
|
107
|
+
finding_id: 'SEC-HTTPS-003',
|
|
108
|
+
title: 'HSTS Header Missing',
|
|
109
|
+
description: 'HTTP Strict Transport Security (HSTS) header is not set. This allows SSL stripping attacks where an attacker forces the connection to use HTTP.',
|
|
110
|
+
severity: 'HIGH',
|
|
111
|
+
category: 'transport',
|
|
112
|
+
subcategory: 'hsts',
|
|
113
|
+
remediation_summary: 'Add the Strict-Transport-Security header with a max-age of at least 31536000 seconds (1 year) and includeSubDomains directive.',
|
|
114
|
+
location: { url: targetUrl },
|
|
115
|
+
evidence: { code_snippet: 'Header missing: Strict-Transport-Security' },
|
|
116
|
+
references: [
|
|
117
|
+
{ title: 'MDN HSTS Documentation', url: 'https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security' },
|
|
118
|
+
{ title: 'OWASP HSTS Cheat Sheet', url: 'https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html' }
|
|
119
|
+
],
|
|
120
|
+
compliance_violations: ['OWASP-ASVS-V9.1.3']
|
|
121
|
+
}));
|
|
122
|
+
}
|
|
123
|
+
else {
|
|
124
|
+
httpsInfo.hstsEnabled = true;
|
|
125
|
+
// Parse HSTS max-age
|
|
126
|
+
const maxAgeMatch = hstsHeader.match(/max-age=(\d+)/);
|
|
127
|
+
if (maxAgeMatch) {
|
|
128
|
+
httpsInfo.hstsMaxAge = parseInt(maxAgeMatch[1], 10);
|
|
129
|
+
// Check if max-age is too short
|
|
130
|
+
if (httpsInfo.hstsMaxAge < 2592000) { // Less than 30 days
|
|
131
|
+
findings.push(createFinding({
|
|
132
|
+
finding_id: 'SEC-HTTPS-004',
|
|
133
|
+
title: 'HSTS Max-Age Too Short',
|
|
134
|
+
description: `HSTS max-age is set to ${httpsInfo.hstsMaxAge} seconds (${Math.round(httpsInfo.hstsMaxAge / 86400)} days). This is less than the recommended 30 days minimum.`,
|
|
135
|
+
severity: 'MEDIUM',
|
|
136
|
+
category: 'transport',
|
|
137
|
+
subcategory: 'hsts',
|
|
138
|
+
remediation_summary: 'Increase the HSTS max-age to at least 2592000 seconds (30 days), preferably 31536000 seconds (1 year).',
|
|
139
|
+
location: { url: targetUrl },
|
|
140
|
+
evidence: { code_snippet: `Strict-Transport-Security: ${hstsHeader}` },
|
|
141
|
+
references: [
|
|
142
|
+
{ title: 'HSTS Preload Requirements', url: 'https://hstspreload.org/' }
|
|
143
|
+
],
|
|
144
|
+
compliance_violations: ['OWASP-ASVS-V9.1.3']
|
|
145
|
+
}));
|
|
146
|
+
}
|
|
147
|
+
}
|
|
148
|
+
// Check for preload directive
|
|
149
|
+
if (!hstsHeader.includes('preload')) {
|
|
150
|
+
findings.push(createFinding({
|
|
151
|
+
finding_id: 'SEC-HTTPS-005',
|
|
152
|
+
title: 'HSTS Preload Not Enabled',
|
|
153
|
+
description: 'HSTS header does not include the preload directive. Enabling preload ensures browsers always use HTTPS for your domain.',
|
|
154
|
+
severity: 'LOW',
|
|
155
|
+
category: 'transport',
|
|
156
|
+
subcategory: 'hsts',
|
|
157
|
+
remediation_summary: 'Add "preload" to your HSTS header and submit your domain to hstspreload.org after thorough testing.',
|
|
158
|
+
location: { url: targetUrl },
|
|
159
|
+
evidence: { code_snippet: `Strict-Transport-Security: ${hstsHeader}` },
|
|
160
|
+
references: [
|
|
161
|
+
{ title: 'HSTS Preload Submission', url: 'https://hstspreload.org/' }
|
|
162
|
+
]
|
|
163
|
+
}));
|
|
164
|
+
}
|
|
165
|
+
}
|
|
166
|
+
// Check for insecure content security
|
|
167
|
+
const cspHeader = headers['content-security-policy'];
|
|
168
|
+
if (cspHeader) {
|
|
169
|
+
// Check for mixed content in CSP
|
|
170
|
+
if (!cspHeader.includes('block-all-mixed-content') && !cspHeader.includes('upgrade-insecure-requests')) {
|
|
171
|
+
findings.push(createFinding({
|
|
172
|
+
finding_id: 'SEC-HTTPS-006',
|
|
173
|
+
title: 'CSP Mixed Content Protection Missing',
|
|
174
|
+
description: 'Content Security Policy does not include directives to prevent mixed content (HTTP resources on HTTPS pages).',
|
|
175
|
+
severity: 'MEDIUM',
|
|
176
|
+
category: 'transport',
|
|
177
|
+
subcategory: 'csp',
|
|
178
|
+
remediation_summary: 'Add "block-all-mixed-content" or "upgrade-insecure-requests" to your Content-Security-Policy header.',
|
|
179
|
+
location: { url: targetUrl },
|
|
180
|
+
evidence: { code_snippet: `Content-Security-Policy: ${cspHeader.substring(0, 100)}...` },
|
|
181
|
+
references: [
|
|
182
|
+
{ title: 'MDN CSP Mixed Content', url: 'https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/block-all-mixed-content' }
|
|
183
|
+
]
|
|
184
|
+
}));
|
|
185
|
+
}
|
|
186
|
+
}
|
|
187
|
+
// Check for X-Forwarded-Proto issues
|
|
188
|
+
const xfpHeader = headers['x-forwarded-proto'];
|
|
189
|
+
if (xfpHeader && xfpHeader === 'http') {
|
|
190
|
+
findings.push(createFinding({
|
|
191
|
+
finding_id: 'SEC-HTTPS-007',
|
|
192
|
+
title: 'X-Forwarded-Proto Indicates HTTP',
|
|
193
|
+
description: 'The X-Forwarded-Proto header indicates the original request was HTTP, which may indicate improper HTTPS termination or proxy configuration.',
|
|
194
|
+
severity: 'MEDIUM',
|
|
195
|
+
category: 'transport',
|
|
196
|
+
subcategory: 'proxy',
|
|
197
|
+
remediation_summary: 'Ensure your load balancer or proxy correctly sets X-Forwarded-Proto to "https" for HTTPS requests.',
|
|
198
|
+
location: { url: targetUrl },
|
|
199
|
+
evidence: { code_snippet: `X-Forwarded-Proto: ${xfpHeader}` }
|
|
200
|
+
}));
|
|
201
|
+
}
|
|
202
|
+
// Check for insecure cookies
|
|
203
|
+
const setCookieHeader = headers['set-cookie'];
|
|
204
|
+
if (setCookieHeader && Array.isArray(setCookieHeader)) {
|
|
205
|
+
for (const cookie of setCookieHeader) {
|
|
206
|
+
if (!cookie.toLowerCase().includes('secure')) {
|
|
207
|
+
findings.push(createFinding({
|
|
208
|
+
finding_id: 'SEC-HTTPS-008',
|
|
209
|
+
title: 'Insecure Cookie (Missing Secure Flag)',
|
|
210
|
+
description: 'A cookie is being set without the Secure flag, allowing it to be transmitted over HTTP connections.',
|
|
211
|
+
severity: 'HIGH',
|
|
212
|
+
category: 'transport',
|
|
213
|
+
subcategory: 'cookies',
|
|
214
|
+
remediation_summary: 'Add the Secure flag to all cookies that should only be transmitted over HTTPS.',
|
|
215
|
+
location: { url: targetUrl },
|
|
216
|
+
evidence: { code_snippet: `Set-Cookie: ${cookie.substring(0, 100)}...` },
|
|
217
|
+
references: [
|
|
218
|
+
{ title: 'OWASP Secure Cookie Flag', url: 'https://owasp.org/www-community/controls/SecureCookieAttribute' }
|
|
219
|
+
],
|
|
220
|
+
compliance_violations: ['OWASP-ASVS-V3.4.1']
|
|
221
|
+
}));
|
|
222
|
+
}
|
|
223
|
+
if (!cookie.toLowerCase().includes('httponly')) {
|
|
224
|
+
findings.push(createFinding({
|
|
225
|
+
finding_id: 'SEC-HTTPS-009',
|
|
226
|
+
title: 'Cookie Missing HttpOnly Flag',
|
|
227
|
+
description: 'A cookie is being set without the HttpOnly flag, making it accessible to JavaScript and vulnerable to XSS attacks.',
|
|
228
|
+
severity: 'MEDIUM',
|
|
229
|
+
category: 'transport',
|
|
230
|
+
subcategory: 'cookies',
|
|
231
|
+
remediation_summary: 'Add the HttpOnly flag to cookies that don\'t need to be accessed by JavaScript.',
|
|
232
|
+
location: { url: targetUrl },
|
|
233
|
+
evidence: { code_snippet: `Set-Cookie: ${cookie.substring(0, 100)}...` },
|
|
234
|
+
references: [
|
|
235
|
+
{ title: 'OWASP HttpOnly Cookie Flag', url: 'https://owasp.org/www-community/HttpOnly' }
|
|
236
|
+
]
|
|
237
|
+
}));
|
|
238
|
+
}
|
|
239
|
+
}
|
|
240
|
+
}
|
|
241
|
+
// Check for referrer policy
|
|
242
|
+
const referrerPolicy = headers['referrer-policy'];
|
|
243
|
+
if (!referrerPolicy || referrerPolicy === 'unsafe-url') {
|
|
244
|
+
findings.push(createFinding({
|
|
245
|
+
finding_id: 'SEC-HTTPS-010',
|
|
246
|
+
title: 'Weak Referrer Policy',
|
|
247
|
+
description: referrerPolicy
|
|
248
|
+
? 'Referrer-Policy is set to "unsafe-url" which sends full URLs including sensitive query parameters to all destinations.'
|
|
249
|
+
: 'Referrer-Policy header is missing, which may leak sensitive information in the Referer header.',
|
|
250
|
+
severity: 'LOW',
|
|
251
|
+
category: 'transport',
|
|
252
|
+
subcategory: 'headers',
|
|
253
|
+
remediation_summary: 'Set Referrer-Policy to "strict-origin-when-cross-origin" or "no-referrer-when-downgrade" to prevent information leakage.',
|
|
254
|
+
location: { url: targetUrl },
|
|
255
|
+
evidence: { code_snippet: referrerPolicy ? `Referrer-Policy: ${referrerPolicy}` : 'Header missing' },
|
|
256
|
+
references: [
|
|
257
|
+
{ title: 'MDN Referrer-Policy', url: 'https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy' }
|
|
258
|
+
]
|
|
259
|
+
}));
|
|
260
|
+
}
|
|
261
|
+
}
|
|
262
|
+
catch (error) {
|
|
263
|
+
findings.push(createFinding({
|
|
264
|
+
finding_id: 'SEC-HTTPS-ERR',
|
|
265
|
+
title: 'HTTPS Connection Error',
|
|
266
|
+
description: `Failed to establish HTTPS connection: ${error instanceof Error ? error.message : 'Unknown error'}`,
|
|
267
|
+
severity: 'HIGH',
|
|
268
|
+
category: 'transport',
|
|
269
|
+
subcategory: 'connection',
|
|
270
|
+
remediation_summary: 'Verify the target URL is correct and accessible via HTTPS.',
|
|
271
|
+
location: { url: targetUrl }
|
|
272
|
+
}));
|
|
273
|
+
}
|
|
274
|
+
// Check 4: Test for known TLS vulnerabilities
|
|
275
|
+
await checkTLSVulnerabilities(targetUrl, findings, httpsInfo);
|
|
276
|
+
// Add passed checks if no issues found
|
|
277
|
+
if (httpsInfo.httpsEnabled && !findings.some(f => f.finding_id.startsWith('SEC-HTTPS'))) {
|
|
278
|
+
passedChecks.push({
|
|
279
|
+
check_id: 'SEC-HTTPS-001',
|
|
280
|
+
category: 'transport',
|
|
281
|
+
title: 'HTTPS Enforced',
|
|
282
|
+
description: 'All connections use HTTPS with proper configuration'
|
|
283
|
+
});
|
|
284
|
+
}
|
|
285
|
+
if (httpsInfo.hstsEnabled && !findings.some(f => f.finding_id === 'SEC-HTTPS-003')) {
|
|
286
|
+
passedChecks.push({
|
|
287
|
+
check_id: 'SEC-HTTPS-003',
|
|
288
|
+
category: 'transport',
|
|
289
|
+
title: 'HSTS Enabled',
|
|
290
|
+
description: `HTTP Strict Transport Security is enabled with max-age of ${httpsInfo.hstsMaxAge} seconds`
|
|
291
|
+
});
|
|
292
|
+
}
|
|
293
|
+
}
|
|
294
|
+
catch (error) {
|
|
295
|
+
findings.push(createFinding({
|
|
296
|
+
finding_id: 'SEC-HTTPS-ERR',
|
|
297
|
+
title: 'HTTPS Analysis Failed',
|
|
298
|
+
description: `Failed to analyze HTTPS configuration: ${error instanceof Error ? error.message : 'Unknown error'}`,
|
|
299
|
+
severity: 'HIGH',
|
|
300
|
+
category: 'transport',
|
|
301
|
+
subcategory: 'analysis',
|
|
302
|
+
remediation_summary: 'Verify the target URL is correct and accessible.',
|
|
303
|
+
location: { url: targetUrl }
|
|
304
|
+
}));
|
|
305
|
+
}
|
|
306
|
+
return { findings, passedChecks, httpsInfo };
|
|
307
|
+
}
|
|
308
|
+
/**
|
|
309
|
+
* Helper function to create a Finding with all required fields
|
|
310
|
+
*/
|
|
311
|
+
function createFinding(params) {
|
|
312
|
+
return {
|
|
313
|
+
finding_id: params.finding_id,
|
|
314
|
+
timestamp: new Date().toISOString(),
|
|
315
|
+
severity: params.severity,
|
|
316
|
+
category: params.category,
|
|
317
|
+
subcategory: params.subcategory,
|
|
318
|
+
title: params.title,
|
|
319
|
+
description: params.description,
|
|
320
|
+
location: params.location,
|
|
321
|
+
evidence: params.evidence,
|
|
322
|
+
impact: {
|
|
323
|
+
severity_score: params.severity === 'CRITICAL' ? 10 : params.severity === 'HIGH' ? 8 : params.severity === 'MEDIUM' ? 5 : 2,
|
|
324
|
+
description: params.description,
|
|
325
|
+
affected_resources: params.location?.url ? [params.location.url] : [],
|
|
326
|
+
compliance_violations: params.compliance_violations
|
|
327
|
+
},
|
|
328
|
+
remediation: {
|
|
329
|
+
summary: params.remediation_summary,
|
|
330
|
+
priority: params.severity === 'CRITICAL' ? 'IMMEDIATE' : params.severity === 'HIGH' ? 'HIGH' : params.severity === 'MEDIUM' ? 'MEDIUM' : 'LOW',
|
|
331
|
+
effort: 'LOW',
|
|
332
|
+
auto_fixable: false
|
|
333
|
+
},
|
|
334
|
+
references: params.references || [],
|
|
335
|
+
false_positive_likelihood: 'VERY_LOW',
|
|
336
|
+
confidence: 0.95
|
|
337
|
+
};
|
|
338
|
+
}
|
|
339
|
+
/**
|
|
340
|
+
* Check for known TLS/SSL vulnerabilities
|
|
341
|
+
*/
|
|
342
|
+
async function checkTLSVulnerabilities(targetUrl, findings, httpsInfo) {
|
|
343
|
+
const url = new URL(targetUrl);
|
|
344
|
+
const hostname = url.hostname;
|
|
345
|
+
// Check for SSLv3, TLS 1.0, TLS 1.1 (deprecated protocols)
|
|
346
|
+
const deprecatedProtocols = [
|
|
347
|
+
{ name: 'SSLv3', severity: 'CRITICAL' },
|
|
348
|
+
{ name: 'TLS 1.0', severity: 'HIGH' },
|
|
349
|
+
{ name: 'TLS 1.1', severity: 'HIGH' }
|
|
350
|
+
];
|
|
351
|
+
for (const protocol of deprecatedProtocols) {
|
|
352
|
+
try {
|
|
353
|
+
// Try to connect with deprecated protocol
|
|
354
|
+
// This is a simulated check - in production, you'd use a TLS library
|
|
355
|
+
// that allows protocol version negotiation
|
|
356
|
+
const isSupported = await testProtocolSupport(hostname, protocol.name);
|
|
357
|
+
if (isSupported) {
|
|
358
|
+
findings.push(createFinding({
|
|
359
|
+
finding_id: `SEC-TLS-${protocol.name.replace(/\s/g, '')}`,
|
|
360
|
+
title: `Deprecated ${protocol.name} Protocol Enabled`,
|
|
361
|
+
description: `The server supports ${protocol.name}, which has known vulnerabilities and should be disabled.`,
|
|
362
|
+
severity: protocol.severity,
|
|
363
|
+
category: 'transport',
|
|
364
|
+
subcategory: 'tls',
|
|
365
|
+
remediation_summary: `Disable ${protocol.name} support in your web server configuration. Only enable TLS 1.2 and TLS 1.3.`,
|
|
366
|
+
location: { url: targetUrl },
|
|
367
|
+
references: [
|
|
368
|
+
{ title: 'PCI DSS TLS Requirements', url: 'https://www.pcisecuritystandards.org/' },
|
|
369
|
+
{ title: 'RFC 8996: Deprecating TLS 1.0 and TLS 1.1', url: 'https://tools.ietf.org/html/rfc8996' }
|
|
370
|
+
],
|
|
371
|
+
compliance_violations: ['PCI-DSS-4.1', 'OWASP-ASVS-V9.1.1']
|
|
372
|
+
}));
|
|
373
|
+
httpsInfo.vulnerabilities.push(`${protocol.name} supported`);
|
|
374
|
+
}
|
|
375
|
+
}
|
|
376
|
+
catch (error) {
|
|
377
|
+
// Protocol test failed - likely not supported (which is good)
|
|
378
|
+
}
|
|
379
|
+
}
|
|
380
|
+
// Check for weak cipher suites
|
|
381
|
+
const weakCiphers = [
|
|
382
|
+
'RC4',
|
|
383
|
+
'DES',
|
|
384
|
+
'3DES',
|
|
385
|
+
'MD5',
|
|
386
|
+
'NULL',
|
|
387
|
+
'EXPORT'
|
|
388
|
+
];
|
|
389
|
+
for (const cipher of weakCiphers) {
|
|
390
|
+
try {
|
|
391
|
+
const isSupported = await testCipherSupport(hostname, cipher);
|
|
392
|
+
if (isSupported) {
|
|
393
|
+
findings.push(createFinding({
|
|
394
|
+
finding_id: `SEC-CIPHER-${cipher}`,
|
|
395
|
+
title: `Weak Cipher Suite Enabled: ${cipher}`,
|
|
396
|
+
description: `The server supports ${cipher} cipher suites, which are cryptographically weak and should be disabled.`,
|
|
397
|
+
severity: 'HIGH',
|
|
398
|
+
category: 'transport',
|
|
399
|
+
subcategory: 'cipher',
|
|
400
|
+
remediation_summary: `Disable ${cipher} cipher suites in your TLS configuration. Use only AEAD ciphers with PFS (Perfect Forward Secrecy).`,
|
|
401
|
+
location: { url: targetUrl },
|
|
402
|
+
references: [
|
|
403
|
+
{ title: 'Mozilla SSL Configuration', url: 'https://ssl-config.mozilla.org/' }
|
|
404
|
+
],
|
|
405
|
+
compliance_violations: ['OWASP-ASVS-V9.1.1']
|
|
406
|
+
}));
|
|
407
|
+
httpsInfo.vulnerabilities.push(`${cipher} cipher supported`);
|
|
408
|
+
}
|
|
409
|
+
}
|
|
410
|
+
catch (error) {
|
|
411
|
+
// Cipher test failed - likely not supported
|
|
412
|
+
}
|
|
413
|
+
}
|
|
414
|
+
}
|
|
415
|
+
/**
|
|
416
|
+
* Test if a specific TLS protocol is supported
|
|
417
|
+
* Note: This is a simplified check. In production, use a proper TLS testing library
|
|
418
|
+
*/
|
|
419
|
+
async function testProtocolSupport(_hostname, _protocol) {
|
|
420
|
+
// In a real implementation, this would use a TLS library to attempt
|
|
421
|
+
// a handshake with the specific protocol version
|
|
422
|
+
// For now, we return false (assume secure) but log that we're checking
|
|
423
|
+
return false;
|
|
424
|
+
}
|
|
425
|
+
/**
|
|
426
|
+
* Test if a specific cipher suite is supported
|
|
427
|
+
*/
|
|
428
|
+
async function testCipherSupport(_hostname, _cipher) {
|
|
429
|
+
// Similar to above - would use TLS library in production
|
|
430
|
+
return false;
|
|
431
|
+
}
|
|
432
|
+
/**
|
|
433
|
+
* Check for mixed content on the page
|
|
434
|
+
*/
|
|
435
|
+
async function checkMixedContent(htmlContent, baseUrl) {
|
|
436
|
+
const findings = [];
|
|
437
|
+
if (!baseUrl.startsWith('https://')) {
|
|
438
|
+
return findings;
|
|
439
|
+
}
|
|
440
|
+
// Patterns for HTTP resources on HTTPS pages
|
|
441
|
+
const httpPatterns = [
|
|
442
|
+
{ pattern: /src=["']http:\/\/[^"']+["']/gi, type: 'script/image source' },
|
|
443
|
+
{ pattern: /href=["']http:\/\/[^"']+["']/gi, type: 'stylesheet/link' },
|
|
444
|
+
{ pattern: /url\(["']?http:\/\/[^)]+\)/gi, type: 'CSS URL' },
|
|
445
|
+
{ pattern: /http:\/\/[^\s"'<>]+\.(js|css|png|jpg|jpeg|gif|svg|woff|woff2|ttf)/gi, type: 'resource' }
|
|
446
|
+
];
|
|
447
|
+
for (const { pattern, type } of httpPatterns) {
|
|
448
|
+
const matches = htmlContent.match(pattern);
|
|
449
|
+
if (matches && matches.length > 0) {
|
|
450
|
+
findings.push(createFinding({
|
|
451
|
+
finding_id: 'SEC-MIXED-CONTENT',
|
|
452
|
+
title: 'Mixed Content Detected',
|
|
453
|
+
description: `Found ${matches.length} HTTP ${type} reference(s) on HTTPS page. This creates security warnings and can be exploited by attackers.`,
|
|
454
|
+
severity: 'MEDIUM',
|
|
455
|
+
category: 'transport',
|
|
456
|
+
subcategory: 'mixed-content',
|
|
457
|
+
remediation_summary: 'Update all resource URLs to use HTTPS. Use protocol-relative URLs (//example.com) or relative paths (/path/to/resource).',
|
|
458
|
+
location: { url: baseUrl },
|
|
459
|
+
evidence: { code_snippet: matches.slice(0, 3).join('\n') + (matches.length > 3 ? `\n... and ${matches.length - 3} more` : '') },
|
|
460
|
+
references: [
|
|
461
|
+
{ title: 'MDN Mixed Content', url: 'https://developer.mozilla.org/en-US/docs/Web/Security/Mixed_content' }
|
|
462
|
+
]
|
|
463
|
+
}));
|
|
464
|
+
break; // Only report once per page
|
|
465
|
+
}
|
|
466
|
+
}
|
|
467
|
+
return findings;
|
|
468
|
+
}
|
|
469
|
+
exports.default = analyzeHTTPS;
|
|
470
|
+
//# sourceMappingURL=analyzer.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"analyzer.js","sourceRoot":"","sources":["../../../src/scanners/https/analyzer.ts"],"names":[],"mappings":";AAAA;;;;;;;;;GASG;;;;;AA4BH,oCAmTC;AAyJD,8CAqCC;AA3gBD,kDAA0B;AAsB1B;;GAEG;AAEI,KAAK,UAAU,YAAY,CAAC,SAAiB;IAKlD,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,MAAM,YAAY,GAAkB,EAAE,CAAC;IAEvC,MAAM,SAAS,GAAqB;QAClC,YAAY,EAAE,KAAK;QACnB,UAAU,EAAE,IAAI;QAChB,WAAW,EAAE,KAAK;QAClB,UAAU,EAAE,IAAI;QAChB,YAAY,EAAE,KAAK;QACnB,gBAAgB,EAAE,KAAK;QACvB,iBAAiB,EAAE,IAAI;QACvB,YAAY,EAAE,EAAE;QAChB,eAAe,EAAE,EAAE;KACpB,CAAC;IAEF,IAAI,CAAC;QACH,gBAAgB;QAChB,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,CAAC;QAC/B,KAAK,GAAG,CAAC,QAAQ,CAAC,CAAC,uBAAuB;QAE1C,sCAAsC;QACtC,IAAI,GAAG,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;YAC9B,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC;gBAC1B,UAAU,EAAE,eAAe;gBAC3B,KAAK,EAAE,oBAAoB;gBAC3B,WAAW,EAAE,mHAAmH;gBAChI,QAAQ,EAAE,UAAsB;gBAChC,QAAQ,EAAE,WAAuB;gBACjC,WAAW,EAAE,UAAU;gBACvB,mBAAmB,EAAE,2IAA2I;gBAChK,QAAQ,EAAE,EAAE,GAAG,EAAE,SAAS,EAAE;gBAC5B,QAAQ,EAAE,EAAE,YAAY,EAAE,QAAQ,SAAS,EAAE,EAAE;gBAC/C,UAAU,EAAE;oBACV,EAAE,KAAK,EAAE,kCAAkC,EAAE,GAAG,EAAE,4FAA4F,EAAE;oBAChJ,EAAE,KAAK,EAAE,qCAAqC,EAAE,GAAG,EAAE,iCAAiC,EAAE;iBACzF;gBACD,qBAAqB,EAAE,CAAC,mBAAmB,EAAE,aAAa,CAAC;aAC5D,CAAC,CAAC,CAAC;QACN,CAAC;aAAM,CAAC;YACN,SAAS,CAAC,YAAY,GAAG,IAAI,CAAC;QAChC,CAAC;QAED,uCAAuC;QACvC,MAAM,OAAO,GAAG,SAAS,CAAC,OAAO,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC;QACzD,IAAI,CAAC;YACH,MAAM,YAAY,GAAG,MAAM,eAAK,CAAC,GAAG,CAAC,OAAO,EAAE;gBAC5C,OAAO,EAAE,KAAK;gBACd,YAAY,EAAE,CAAC;gBACf,cAAc,EAAE,GAAG,EAAE,CAAC,IAAI;aAC3B,CAAC,CAAC;YAEH,wDAAwD;YACxD,MAAM,cAAc,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC;YAC5C,MAAM,cAAc,GAAG,YAAY,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;YAExD,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,YAAY,CAAC,MAAM,CAAC,IAAI,CAAC,cAAc,EAAE,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;gBAC7F,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC;oBAC1B,UAAU,EAAE,eAAe;oBAC3B,KAAK,EAAE,gCAAgC;oBACvC,WAAW,EAAE,8GAA8G;oBAC3H,QAAQ,EAAE,MAAkB;oBAC5B,QAAQ,EAAE,WAAuB;oBACjC,WAAW,EAAE,UAAU;oBACvB,mBAAmB,EAAE,6GAA6G;oBAClI,QAAQ,EAAE,EAAE,GAAG,EAAE,OAAO,EAAE;oBAC1B,QAAQ,EAAE,EAAE,YAAY,EAAE,kBAAkB,YAAY,CAAC,MAAM,EAAE,EAAE;oBACnE,UAAU,EAAE;wBACV,EAAE,KAAK,EAAE,sCAAsC,EAAE,GAAG,EAAE,gGAAgG,EAAE;qBACzJ;oBACD,qBAAqB,EAAE,CAAC,mBAAmB,CAAC;iBAC7C,CAAC,CAAC,CAAC;YACN,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,8DAA8D;YAC9D,wBAAwB;QAC1B,CAAC;QAED,0CAA0C;QAC1C,IAAI,CAAC;YACH,MAAM,aAAa,GAAG,MAAM,eAAK,CAAC,GAAG,CAAC,SAAS,EAAE;gBAC/C,OAAO,EAAE,KAAK;gBACd,YAAY,EAAE,CAAC;gBACf,cAAc,EAAE,GAAG,EAAE,CAAC,IAAI;aAC3B,CAAC,CAAC;YAEH,MAAM,OAAO,GAAG,aAAa,CAAC,OAAO,CAAC;YAEtC,8CAA8C;YAC9C,MAAM,UAAU,GAAG,OAAO,CAAC,2BAA2B,CAAC,CAAC;YACxD,IAAI,CAAC,UAAU,EAAE,CAAC;gBAChB,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC;oBAC1B,UAAU,EAAE,eAAe;oBAC3B,KAAK,EAAE,qBAAqB;oBAC5B,WAAW,EAAE,iJAAiJ;oBAC9J,QAAQ,EAAE,MAAkB;oBAC5B,QAAQ,EAAE,WAAuB;oBACjC,WAAW,EAAE,MAAM;oBACnB,mBAAmB,EAAE,gIAAgI;oBACrJ,QAAQ,EAAE,EAAE,GAAG,EAAE,SAAS,EAAE;oBAC5B,QAAQ,EAAE,EAAE,YAAY,EAAE,2CAA2C,EAAE;oBACvE,UAAU,EAAE;wBACV,EAAE,KAAK,EAAE,wBAAwB,EAAE,GAAG,EAAE,qFAAqF,EAAE;wBAC/H,EAAE,KAAK,EAAE,wBAAwB,EAAE,GAAG,EAAE,gGAAgG,EAAE;qBAC3I;oBACD,qBAAqB,EAAE,CAAC,mBAAmB,CAAC;iBAC7C,CAAC,CAAC,CAAC;YACN,CAAC;iBAAM,CAAC;gBACN,SAAS,CAAC,WAAW,GAAG,IAAI,CAAC;gBAE7B,qBAAqB;gBACrB,MAAM,WAAW,GAAG,UAAU,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;gBACtD,IAAI,WAAW,EAAE,CAAC;oBAChB,SAAS,CAAC,UAAU,GAAG,QAAQ,CAAC,WAAW,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;oBAEpD,gCAAgC;oBAChC,IAAI,SAAS,CAAC,UAAU,GAAG,OAAO,EAAE,CAAC,CAAC,oBAAoB;wBACxD,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC;4BAC1B,UAAU,EAAE,eAAe;4BAC3B,KAAK,EAAE,wBAAwB;4BAC/B,WAAW,EAAE,0BAA0B,SAAS,CAAC,UAAU,aAAa,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,UAAU,GAAG,KAAK,CAAC,4DAA4D;4BAC5K,QAAQ,EAAE,QAAoB;4BAC9B,QAAQ,EAAE,WAAuB;4BACjC,WAAW,EAAE,MAAM;4BACnB,mBAAmB,EAAE,wGAAwG;4BAC7H,QAAQ,EAAE,EAAE,GAAG,EAAE,SAAS,EAAE;4BAC5B,QAAQ,EAAE,EAAE,YAAY,EAAE,8BAA8B,UAAU,EAAE,EAAE;4BACtE,UAAU,EAAE;gCACV,EAAE,KAAK,EAAE,2BAA2B,EAAE,GAAG,EAAE,0BAA0B,EAAE;6BACxE;4BACD,qBAAqB,EAAE,CAAC,mBAAmB,CAAC;yBAC7C,CAAC,CAAC,CAAC;oBACN,CAAC;gBACH,CAAC;gBAED,8BAA8B;gBAC9B,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;oBACpC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC;wBAC1B,UAAU,EAAE,eAAe;wBAC3B,KAAK,EAAE,0BAA0B;wBACjC,WAAW,EAAE,yHAAyH;wBACtI,QAAQ,EAAE,KAAiB;wBAC3B,QAAQ,EAAE,WAAuB;wBACjC,WAAW,EAAE,MAAM;wBACnB,mBAAmB,EAAE,qGAAqG;wBAC1H,QAAQ,EAAE,EAAE,GAAG,EAAE,SAAS,EAAE;wBAC5B,QAAQ,EAAE,EAAE,YAAY,EAAE,8BAA8B,UAAU,EAAE,EAAE;wBACtE,UAAU,EAAE;4BACV,EAAE,KAAK,EAAE,yBAAyB,EAAE,GAAG,EAAE,0BAA0B,EAAE;yBACtE;qBACF,CAAC,CAAC,CAAC;gBACN,CAAC;YACH,CAAC;YAED,sCAAsC;YACtC,MAAM,SAAS,GAAG,OAAO,CAAC,yBAAyB,CAAC,CAAC;YACrD,IAAI,SAAS,EAAE,CAAC;gBACd,iCAAiC;gBACjC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,yBAAyB,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,2BAA2B,CAAC,EAAE,CAAC;oBACvG,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC;wBAC1B,UAAU,EAAE,eAAe;wBAC3B,KAAK,EAAE,sCAAsC;wBAC7C,WAAW,EAAE,+GAA+G;wBAC5H,QAAQ,EAAE,QAAoB;wBAC9B,QAAQ,EAAE,WAAuB;wBACjC,WAAW,EAAE,KAAK;wBAClB,mBAAmB,EAAE,sGAAsG;wBAC3H,QAAQ,EAAE,EAAE,GAAG,EAAE,SAAS,EAAE;wBAC5B,QAAQ,EAAE,EAAE,YAAY,EAAE,4BAA4B,SAAS,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC,KAAK,EAAE;wBACxF,UAAU,EAAE;4BACV,EAAE,KAAK,EAAE,uBAAuB,EAAE,GAAG,EAAE,2GAA2G,EAAE;yBACrJ;qBACF,CAAC,CAAC,CAAC;gBACN,CAAC;YACH,CAAC;YAED,qCAAqC;YACrC,MAAM,SAAS,GAAG,OAAO,CAAC,mBAAmB,CAAC,CAAC;YAC/C,IAAI,SAAS,IAAI,SAAS,KAAK,MAAM,EAAE,CAAC;gBACtC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC;oBAC1B,UAAU,EAAE,eAAe;oBAC3B,KAAK,EAAE,kCAAkC;oBACzC,WAAW,EAAE,6IAA6I;oBAC1J,QAAQ,EAAE,QAAoB;oBAC9B,QAAQ,EAAE,WAAuB;oBACjC,WAAW,EAAE,OAAO;oBACpB,mBAAmB,EAAE,oGAAoG;oBACzH,QAAQ,EAAE,EAAE,GAAG,EAAE,SAAS,EAAE;oBAC5B,QAAQ,EAAE,EAAE,YAAY,EAAE,sBAAsB,SAAS,EAAE,EAAE;iBAC9D,CAAC,CAAC,CAAC;YACN,CAAC;YAED,6BAA6B;YAC7B,MAAM,eAAe,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;YAC9C,IAAI,eAAe,IAAI,KAAK,CAAC,OAAO,CAAC,eAAe,CAAC,EAAE,CAAC;gBACtD,KAAK,MAAM,MAAM,IAAI,eAAe,EAAE,CAAC;oBACrC,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;wBAC7C,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC;4BAC1B,UAAU,EAAE,eAAe;4BAC3B,KAAK,EAAE,uCAAuC;4BAC9C,WAAW,EAAE,qGAAqG;4BAClH,QAAQ,EAAE,MAAkB;4BAC5B,QAAQ,EAAE,WAAuB;4BACjC,WAAW,EAAE,SAAS;4BACtB,mBAAmB,EAAE,gFAAgF;4BACrG,QAAQ,EAAE,EAAE,GAAG,EAAE,SAAS,EAAE;4BAC5B,QAAQ,EAAE,EAAE,YAAY,EAAE,eAAe,MAAM,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC,KAAK,EAAE;4BACxE,UAAU,EAAE;gCACV,EAAE,KAAK,EAAE,0BAA0B,EAAE,GAAG,EAAE,gEAAgE,EAAE;6BAC7G;4BACD,qBAAqB,EAAE,CAAC,mBAAmB,CAAC;yBAC7C,CAAC,CAAC,CAAC;oBACN,CAAC;oBAED,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;wBAC/C,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC;4BAC1B,UAAU,EAAE,eAAe;4BAC3B,KAAK,EAAE,8BAA8B;4BACrC,WAAW,EAAE,oHAAoH;4BACjI,QAAQ,EAAE,QAAoB;4BAC9B,QAAQ,EAAE,WAAuB;4BACjC,WAAW,EAAE,SAAS;4BACtB,mBAAmB,EAAE,iFAAiF;4BACtG,QAAQ,EAAE,EAAE,GAAG,EAAE,SAAS,EAAE;4BAC5B,QAAQ,EAAE,EAAE,YAAY,EAAE,eAAe,MAAM,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC,KAAK,EAAE;4BACxE,UAAU,EAAE;gCACV,EAAE,KAAK,EAAE,4BAA4B,EAAE,GAAG,EAAE,0CAA0C,EAAE;6BACzF;yBACF,CAAC,CAAC,CAAC;oBACN,CAAC;gBACH,CAAC;YACH,CAAC;YAED,4BAA4B;YAC5B,MAAM,cAAc,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAAC;YAClD,IAAI,CAAC,cAAc,IAAI,cAAc,KAAK,YAAY,EAAE,CAAC;gBACvD,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC;oBAC1B,UAAU,EAAE,eAAe;oBAC3B,KAAK,EAAE,sBAAsB;oBAC7B,WAAW,EAAE,cAAc;wBACzB,CAAC,CAAC,wHAAwH;wBAC1H,CAAC,CAAC,gGAAgG;oBACpG,QAAQ,EAAE,KAAiB;oBAC3B,QAAQ,EAAE,WAAuB;oBACjC,WAAW,EAAE,SAAS;oBACtB,mBAAmB,EAAE,0HAA0H;oBAC/I,QAAQ,EAAE,EAAE,GAAG,EAAE,SAAS,EAAE;oBAC5B,QAAQ,EAAE,EAAE,YAAY,EAAE,cAAc,CAAC,CAAC,CAAC,oBAAoB,cAAc,EAAE,CAAC,CAAC,CAAC,gBAAgB,EAAE;oBACpG,UAAU,EAAE;wBACV,EAAE,KAAK,EAAE,qBAAqB,EAAE,GAAG,EAAE,2EAA2E,EAAE;qBACnH;iBACF,CAAC,CAAC,CAAC;YACN,CAAC;QAEH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC;gBAC1B,UAAU,EAAE,eAAe;gBAC3B,KAAK,EAAE,wBAAwB;gBAC/B,WAAW,EAAE,yCAAyC,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE;gBAChH,QAAQ,EAAE,MAAkB;gBAC5B,QAAQ,EAAE,WAAuB;gBACjC,WAAW,EAAE,YAAY;gBACzB,mBAAmB,EAAE,4DAA4D;gBACjF,QAAQ,EAAE,EAAE,GAAG,EAAE,SAAS,EAAE;aAC7B,CAAC,CAAC,CAAC;QACN,CAAC;QAED,8CAA8C;QAC9C,MAAM,uBAAuB,CAAC,SAAS,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAC;QAE9D,uCAAuC;QACvC,IAAI,SAAS,CAAC,YAAY,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC,EAAE,CAAC;YACxF,YAAY,CAAC,IAAI,CAAC;gBAChB,QAAQ,EAAE,eAAe;gBACzB,QAAQ,EAAE,WAAuB;gBACjC,KAAK,EAAE,gBAAgB;gBACvB,WAAW,EAAE,qDAAqD;aACnE,CAAC,CAAC;QACL,CAAC;QAED,IAAI,SAAS,CAAC,WAAW,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,UAAU,KAAK,eAAe,CAAC,EAAE,CAAC;YACnF,YAAY,CAAC,IAAI,CAAC;gBAChB,QAAQ,EAAE,eAAe;gBACzB,QAAQ,EAAE,WAAuB;gBACjC,KAAK,EAAE,cAAc;gBACrB,WAAW,EAAE,6DAA6D,SAAS,CAAC,UAAU,UAAU;aACzG,CAAC,CAAC;QACL,CAAC;IAEH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC;YAC1B,UAAU,EAAE,eAAe;YAC3B,KAAK,EAAE,uBAAuB;YAC9B,WAAW,EAAE,0CAA0C,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE;YACjH,QAAQ,EAAE,MAAkB;YAC5B,QAAQ,EAAE,WAAuB;YACjC,WAAW,EAAE,UAAU;YACvB,mBAAmB,EAAE,kDAAkD;YACvE,QAAQ,EAAE,EAAE,GAAG,EAAE,SAAS,EAAE;SAC7B,CAAC,CAAC,CAAC;IACN,CAAC;IAED,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,SAAS,EAAE,CAAC;AAC/C,CAAC;AAED;;GAEG;AACH,SAAS,aAAa,CAAC,MAYtB;IACC,OAAO;QACL,UAAU,EAAE,MAAM,CAAC,UAAU;QAC7B,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,WAAW,EAAE,MAAM,CAAC,WAAW;QAC/B,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,WAAW,EAAE,MAAM,CAAC,WAAW;QAC/B,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,MAAM,EAAE;YACN,cAAc,EAAE,MAAM,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAC3H,WAAW,EAAE,MAAM,CAAC,WAAW;YAC/B,kBAAkB,EAAE,MAAM,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE;YACrE,qBAAqB,EAAE,MAAM,CAAC,qBAAqB;SACpD;QACD,WAAW,EAAE;YACX,OAAO,EAAE,MAAM,CAAC,mBAAmB;YACnC,QAAQ,EAAE,MAAM,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK;YAC9I,MAAM,EAAE,KAAK;YACb,YAAY,EAAE,KAAK;SACpB;QACD,UAAU,EAAE,MAAM,CAAC,UAAU,IAAI,EAAE;QACnC,yBAAyB,EAAE,UAAU;QACrC,UAAU,EAAE,IAAI;KACjB,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,uBAAuB,CACpC,SAAiB,EACjB,QAAmB,EACnB,SAA2B;IAE3B,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,CAAC;IAC/B,MAAM,QAAQ,GAAG,GAAG,CAAC,QAAQ,CAAC;IAE9B,2DAA2D;IAC3D,MAAM,mBAAmB,GAAG;QAC1B,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,UAAsB,EAAE;QACnD,EAAE,IAAI,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAkB,EAAE;QACjD,EAAE,IAAI,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAkB,EAAE;KAClD,CAAC;IAEF,KAAK,MAAM,QAAQ,IAAI,mBAAmB,EAAE,CAAC;QAC3C,IAAI,CAAC;YACH,0CAA0C;YAC1C,qEAAqE;YACrE,2CAA2C;YAC3C,MAAM,WAAW,GAAG,MAAM,mBAAmB,CAAC,QAAQ,EAAE,QAAQ,CAAC,IAAI,CAAC,CAAC;YAEvE,IAAI,WAAW,EAAE,CAAC;gBAChB,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC;oBAC1B,UAAU,EAAE,WAAW,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,EAAE;oBACzD,KAAK,EAAE,cAAc,QAAQ,CAAC,IAAI,mBAAmB;oBACrD,WAAW,EAAE,uBAAuB,QAAQ,CAAC,IAAI,2DAA2D;oBAC5G,QAAQ,EAAE,QAAQ,CAAC,QAAQ;oBAC3B,QAAQ,EAAE,WAAuB;oBACjC,WAAW,EAAE,KAAK;oBAClB,mBAAmB,EAAE,WAAW,QAAQ,CAAC,IAAI,6EAA6E;oBAC1H,QAAQ,EAAE,EAAE,GAAG,EAAE,SAAS,EAAE;oBAC5B,UAAU,EAAE;wBACV,EAAE,KAAK,EAAE,0BAA0B,EAAE,GAAG,EAAE,uCAAuC,EAAE;wBACnF,EAAE,KAAK,EAAE,2CAA2C,EAAE,GAAG,EAAE,qCAAqC,EAAE;qBACnG;oBACD,qBAAqB,EAAE,CAAC,aAAa,EAAE,mBAAmB,CAAC;iBAC5D,CAAC,CAAC,CAAC;gBACJ,SAAS,CAAC,eAAe,CAAC,IAAI,CAAC,GAAG,QAAQ,CAAC,IAAI,YAAY,CAAC,CAAC;YAC/D,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,8DAA8D;QAChE,CAAC;IACH,CAAC;IAED,+BAA+B;IAC/B,MAAM,WAAW,GAAG;QAClB,KAAK;QACL,KAAK;QACL,MAAM;QACN,KAAK;QACL,MAAM;QACN,QAAQ;KACT,CAAC;IAEF,KAAK,MAAM,MAAM,IAAI,WAAW,EAAE,CAAC;QACjC,IAAI,CAAC;YACH,MAAM,WAAW,GAAG,MAAM,iBAAiB,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;YAE9D,IAAI,WAAW,EAAE,CAAC;gBAChB,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC;oBAC1B,UAAU,EAAE,cAAc,MAAM,EAAE;oBAClC,KAAK,EAAE,8BAA8B,MAAM,EAAE;oBAC7C,WAAW,EAAE,uBAAuB,MAAM,0EAA0E;oBACpH,QAAQ,EAAE,MAAkB;oBAC5B,QAAQ,EAAE,WAAuB;oBACjC,WAAW,EAAE,QAAQ;oBACrB,mBAAmB,EAAE,WAAW,MAAM,qGAAqG;oBAC3I,QAAQ,EAAE,EAAE,GAAG,EAAE,SAAS,EAAE;oBAC5B,UAAU,EAAE;wBACV,EAAE,KAAK,EAAE,2BAA2B,EAAE,GAAG,EAAE,iCAAiC,EAAE;qBAC/E;oBACD,qBAAqB,EAAE,CAAC,mBAAmB,CAAC;iBAC7C,CAAC,CAAC,CAAC;gBACJ,SAAS,CAAC,eAAe,CAAC,IAAI,CAAC,GAAG,MAAM,mBAAmB,CAAC,CAAC;YAC/D,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,4CAA4C;QAC9C,CAAC;IACH,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,mBAAmB,CAAC,SAAiB,EAAE,SAAiB;IACrE,oEAAoE;IACpE,iDAAiD;IACjD,uEAAuE;IACvE,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,iBAAiB,CAAC,SAAiB,EAAE,OAAe;IACjE,yDAAyD;IACzD,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,iBAAiB,CAAC,WAAmB,EAAE,OAAe;IAC1E,MAAM,QAAQ,GAAc,EAAE,CAAC;IAE/B,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QACpC,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,6CAA6C;IAC7C,MAAM,YAAY,GAAG;QACnB,EAAE,OAAO,EAAE,+BAA+B,EAAE,IAAI,EAAE,qBAAqB,EAAE;QACzE,EAAE,OAAO,EAAE,gCAAgC,EAAE,IAAI,EAAE,iBAAiB,EAAE;QACtE,EAAE,OAAO,EAAE,8BAA8B,EAAE,IAAI,EAAE,SAAS,EAAE;QAC5D,EAAE,OAAO,EAAE,qEAAqE,EAAE,IAAI,EAAE,UAAU,EAAE;KACrG,CAAC;IAEF,KAAK,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,YAAY,EAAE,CAAC;QAC7C,MAAM,OAAO,GAAG,WAAW,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAC3C,IAAI,OAAO,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAClC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC;gBAC1B,UAAU,EAAE,mBAAmB;gBAC/B,KAAK,EAAE,wBAAwB;gBAC/B,WAAW,EAAE,SAAS,OAAO,CAAC,MAAM,SAAS,IAAI,gGAAgG;gBACjJ,QAAQ,EAAE,QAAoB;gBAC9B,QAAQ,EAAE,WAAuB;gBACjC,WAAW,EAAE,eAAe;gBAC5B,mBAAmB,EAAE,0HAA0H;gBAC/I,QAAQ,EAAE,EAAE,GAAG,EAAE,OAAO,EAAE;gBAC1B,QAAQ,EAAE,EAAE,YAAY,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,aAAa,OAAO,CAAC,MAAM,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE;gBAC/H,UAAU,EAAE;oBACV,EAAE,KAAK,EAAE,mBAAmB,EAAE,GAAG,EAAE,qEAAqE,EAAE;iBAC3G;aACF,CAAC,CAAC,CAAC;YACJ,MAAM,CAAC,4BAA4B;QACrC,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,kBAAe,YAAY,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/scanners/https/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,YAAY,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,eAAe,CAAC;AAClF,OAAO,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC"}
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* HTTPS Scanner Module
|
|
4
|
+
*
|
|
5
|
+
* Exports HTTPS/TLS security analysis functionality
|
|
6
|
+
*/
|
|
7
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
8
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
9
|
+
};
|
|
10
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
11
|
+
exports.default = exports.checkMixedContent = exports.analyzeHTTPS = void 0;
|
|
12
|
+
var analyzer_js_1 = require("./analyzer.js");
|
|
13
|
+
Object.defineProperty(exports, "analyzeHTTPS", { enumerable: true, get: function () { return analyzer_js_1.analyzeHTTPS; } });
|
|
14
|
+
Object.defineProperty(exports, "checkMixedContent", { enumerable: true, get: function () { return analyzer_js_1.checkMixedContent; } });
|
|
15
|
+
var analyzer_js_2 = require("./analyzer.js");
|
|
16
|
+
Object.defineProperty(exports, "default", { enumerable: true, get: function () { return __importDefault(analyzer_js_2).default; } });
|
|
17
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/scanners/https/index.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;;;;AAEH,6CAAkF;AAAzE,2GAAA,YAAY,OAAA;AAAE,gHAAA,iBAAiB,OAAA;AACxC,6CAAwC;AAA/B,uHAAA,OAAO,OAAA"}
|
package/dist/scanners/index.d.ts
CHANGED
|
@@ -4,4 +4,10 @@
|
|
|
4
4
|
*/
|
|
5
5
|
export * from './secrets/index.js';
|
|
6
6
|
export * from './rls/index.js';
|
|
7
|
+
export * from './functions/index.js';
|
|
8
|
+
export * from './storage/index.js';
|
|
9
|
+
export * from './auth/index.js';
|
|
10
|
+
export * from './git/index.js';
|
|
11
|
+
export * from './edge/index.js';
|
|
12
|
+
export * from './https/index.js';
|
|
7
13
|
//# sourceMappingURL=index.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/scanners/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,cAAc,oBAAoB,CAAC;AACnC,cAAc,gBAAgB,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/scanners/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,cAAc,oBAAoB,CAAC;AACnC,cAAc,gBAAgB,CAAC;AAC/B,cAAc,sBAAsB,CAAC;AACrC,cAAc,oBAAoB,CAAC;AACnC,cAAc,iBAAiB,CAAC;AAChC,cAAc,gBAAgB,CAAC;AAC/B,cAAc,iBAAiB,CAAC;AAChC,cAAc,kBAAkB,CAAC"}
|
package/dist/scanners/index.js
CHANGED
|
@@ -20,4 +20,10 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
|
20
20
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
21
21
|
__exportStar(require("./secrets/index.js"), exports);
|
|
22
22
|
__exportStar(require("./rls/index.js"), exports);
|
|
23
|
+
__exportStar(require("./functions/index.js"), exports);
|
|
24
|
+
__exportStar(require("./storage/index.js"), exports);
|
|
25
|
+
__exportStar(require("./auth/index.js"), exports);
|
|
26
|
+
__exportStar(require("./git/index.js"), exports);
|
|
27
|
+
__exportStar(require("./edge/index.js"), exports);
|
|
28
|
+
__exportStar(require("./https/index.js"), exports);
|
|
23
29
|
//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/scanners/index.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;;;;;;;;;;;;;;AAEH,qDAAmC;AACnC,iDAA+B"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/scanners/index.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;;;;;;;;;;;;;;AAEH,qDAAmC;AACnC,iDAA+B;AAC/B,uDAAqC;AACrC,qDAAmC;AACnC,kDAAgC;AAChC,iDAA+B;AAC/B,kDAAgC;AAChC,mDAAiC"}
|
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* RLS Fuzzer
|
|
3
|
+
* Actually attempts to read/write data to test RLS policy effectiveness
|
|
4
|
+
*/
|
|
5
|
+
import { Finding } from '../../models/finding.js';
|
|
6
|
+
export interface TableFuzzTarget {
|
|
7
|
+
name: string;
|
|
8
|
+
schema: string;
|
|
9
|
+
columns: string[];
|
|
10
|
+
estimatedRowCount: number;
|
|
11
|
+
}
|
|
12
|
+
export interface FuzzResult {
|
|
13
|
+
canRead: boolean;
|
|
14
|
+
canWrite: boolean;
|
|
15
|
+
canDelete: boolean;
|
|
16
|
+
rowsAccessible?: number;
|
|
17
|
+
sampleData?: any[];
|
|
18
|
+
error?: string;
|
|
19
|
+
}
|
|
20
|
+
export interface RLSFuzzOptions {
|
|
21
|
+
tables: TableFuzzTarget[];
|
|
22
|
+
supabaseUrl: string;
|
|
23
|
+
anonKey: string;
|
|
24
|
+
serviceKey?: string;
|
|
25
|
+
}
|
|
26
|
+
export interface RLSFuzzResult {
|
|
27
|
+
findings: Finding[];
|
|
28
|
+
tablesTested: number;
|
|
29
|
+
exposedTables: number;
|
|
30
|
+
totalRowsExposed: number;
|
|
31
|
+
}
|
|
32
|
+
/**
|
|
33
|
+
* Fuzz test RLS policies by attempting actual data access
|
|
34
|
+
*/
|
|
35
|
+
export declare function fuzzRLS(options: RLSFuzzOptions): Promise<RLSFuzzResult>;
|
|
36
|
+
/**
|
|
37
|
+
* Get mock tables for fuzzing
|
|
38
|
+
*/
|
|
39
|
+
export declare function getMockFuzzTargets(): TableFuzzTarget[];
|
|
40
|
+
//# sourceMappingURL=fuzzer.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"fuzzer.d.ts","sourceRoot":"","sources":["../../../src/scanners/rls/fuzzer.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,OAAO,EAAqB,MAAM,yBAAyB,CAAC;AAErE,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,iBAAiB,EAAE,MAAM,CAAC;CAC3B;AAED,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,OAAO,CAAC;IACjB,QAAQ,EAAE,OAAO,CAAC;IAClB,SAAS,EAAE,OAAO,CAAC;IACnB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,UAAU,CAAC,EAAE,GAAG,EAAE,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,cAAc;IAC7B,MAAM,EAAE,eAAe,EAAE,CAAC;IAC1B,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,aAAa;IAC5B,QAAQ,EAAE,OAAO,EAAE,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,EAAE,MAAM,CAAC;IACtB,gBAAgB,EAAE,MAAM,CAAC;CAC1B;AAED;;GAEG;AACH,wBAAsB,OAAO,CAAC,OAAO,EAAE,cAAc,GAAG,OAAO,CAAC,aAAa,CAAC,CAqC7E;AA2TD;;GAEG;AACH,wBAAgB,kBAAkB,IAAI,eAAe,EAAE,CAqBtD"}
|