vaspera 2.9.2 → 2.10.0

package/dist/scanners/logic/types.js

@@ -0,0 +1,142 @@
+/**
+ * Business Logic Vulnerability Types
+ *
+ * Types for detecting BOLA, IDOR, BFLA, and other
+ * authorization/business logic vulnerabilities.
+ *
+ * @module scanners/logic/types
+ */
+/**
+ * CWE mappings for logic vulnerabilities
+ */
+export const LOGIC_VULN_CWE_MAP = {
+    "bola": ["CWE-639", "CWE-284"],
+    "idor": ["CWE-639", "CWE-284", "CWE-285"],
+    "bfla": ["CWE-285", "CWE-863"],
+    "mass-assignment": ["CWE-915"],
+    "race-condition-auth": ["CWE-362", "CWE-367"],
+    "privilege-escalation": ["CWE-269", "CWE-250"],
+    "missing-auth": ["CWE-306"],
+    "missing-authz": ["CWE-862"],
+    "direct-db-access": ["CWE-639", "CWE-284"],
+    "horizontal-priv-esc": ["CWE-639"],
+    "vertical-priv-esc": ["CWE-269"],
+};
+/**
+ * OWASP references for logic vulnerabilities
+ */
+export const LOGIC_VULN_OWASP_MAP = {
+    "bola": ["OWASP API1:2023", "OWASP A01:2021"],
+    "idor": ["OWASP API1:2023", "OWASP A01:2021"],
+    "bfla": ["OWASP API5:2023", "OWASP A01:2021"],
+    "mass-assignment": ["OWASP API6:2023", "OWASP A08:2021"],
+    "race-condition-auth": ["OWASP API4:2023"],
+    "privilege-escalation": ["OWASP API5:2023", "OWASP A01:2021"],
+    "missing-auth": ["OWASP API2:2023", "OWASP A07:2021"],
+    "missing-authz": ["OWASP API1:2023", "OWASP A01:2021"],
+    "direct-db-access": ["OWASP API1:2023"],
+    "horizontal-priv-esc": ["OWASP API1:2023"],
+    "vertical-priv-esc": ["OWASP API5:2023"],
+};
+/**
+ * Default severity for each vulnerability type
+ */
+export const LOGIC_VULN_SEVERITY_MAP = {
+    "bola": "high",
+    "idor": "high",
+    "bfla": "high",
+    "mass-assignment": "medium",
+    "race-condition-auth": "high",
+    "privilege-escalation": "critical",
+    "missing-auth": "critical",
+    "missing-authz": "high",
+    "direct-db-access": "high",
+    "horizontal-priv-esc": "high",
+    "vertical-priv-esc": "critical",
+};
+/**
+ * Patterns for detecting framework types
+ */
+export const FRAMEWORK_DETECTION_PATTERNS = {
+    nextjs: {
+        packageNames: ["next"],
+        filePatterns: [/next\.config\.(js|mjs|ts)$/, /pages\/api\//, /app\/api\//],
+        codePatterns: [/NextApiRequest|NextRequest/],
+    },
+    express: {
+        packageNames: ["express"],
+        filePatterns: [/routes?\//],
+        codePatterns: [/express\(\)|Router\(\)|app\.(get|post|put|delete|patch)/],
+    },
+    fastify: {
+        packageNames: ["fastify"],
+        filePatterns: [/routes?\//],
+        codePatterns: [/fastify\.(get|post|put|delete|patch)/],
+    },
+    koa: {
+        packageNames: ["koa"],
+        filePatterns: [/routes?\//],
+        codePatterns: [/new Koa\(\)|router\.(get|post|put|delete)/],
+    },
+    hapi: {
+        packageNames: ["@hapi/hapi"],
+        filePatterns: [/routes?\//],
+        codePatterns: [/Hapi\.server\(|server\.route\(/],
+    },
+    nestjs: {
+        packageNames: ["@nestjs/core"],
+        filePatterns: [/\.controller\.ts$/, /\.module\.ts$/],
+        codePatterns: [/@Controller|@Get|@Post|@Put|@Delete/],
+    },
+    django: {
+        packageNames: ["django"],
+        filePatterns: [/urls\.py$/, /views\.py$/],
+        codePatterns: [/path\(|re_path\(|@api_view/],
+    },
+    flask: {
+        packageNames: ["flask"],
+        filePatterns: [/routes?\//],
+        codePatterns: [/@app\.route|Flask\(/],
+    },
+    fastapi: {
+        packageNames: ["fastapi"],
+        filePatterns: [/routers?\//],
+        codePatterns: [/FastAPI\(|@app\.(get|post|put|delete)/],
+    },
+    rails: {
+        packageNames: ["rails"],
+        filePatterns: [/routes\.rb$/, /controllers\//],
+        codePatterns: [/resources\s+:|get\s+'|post\s+'|Rails\.application/],
+    },
+    spring: {
+        packageNames: ["spring-boot"],
+        filePatterns: [/Controller\.java$/, /RestController/],
+        codePatterns: [/@RestController|@GetMapping|@PostMapping/],
+    },
+    laravel: {
+        packageNames: ["laravel/framework"],
+        filePatterns: [/routes\/web\.php$/, /routes\/api\.php$/],
+        codePatterns: [/Route::(get|post|put|delete)/],
+    },
+    gin: {
+        packageNames: ["github.com/gin-gonic/gin"],
+        filePatterns: [/routes?\//],
+        codePatterns: [/gin\.(Default|New)\(|r\.(GET|POST|PUT|DELETE)/],
+    },
+    echo: {
+        packageNames: ["github.com/labstack/echo"],
+        filePatterns: [/routes?\//],
+        codePatterns: [/echo\.New\(|e\.(GET|POST|PUT|DELETE)/],
+    },
+    fiber: {
+        packageNames: ["github.com/gofiber/fiber"],
+        filePatterns: [/routes?\//],
+        codePatterns: [/fiber\.New\(|app\.(Get|Post|Put|Delete)/],
+    },
+    auto: {
+        packageNames: [],
+        filePatterns: [],
+        codePatterns: [],
+    },
+};
+//# sourceMappingURL=types.js.map

package/dist/scanners/logic/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../src/scanners/logic/types.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AA0UH;;GAEG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAAoC;IACjE,MAAM,EAAE,CAAC,SAAS,EAAE,SAAS,CAAC;IAC9B,MAAM,EAAE,CAAC,SAAS,EAAE,SAAS,EAAE,SAAS,CAAC;IACzC,MAAM,EAAE,CAAC,SAAS,EAAE,SAAS,CAAC;IAC9B,iBAAiB,EAAE,CAAC,SAAS,CAAC;IAC9B,qBAAqB,EAAE,CAAC,SAAS,EAAE,SAAS,CAAC;IAC7C,sBAAsB,EAAE,CAAC,SAAS,EAAE,SAAS,CAAC;IAC9C,cAAc,EAAE,CAAC,SAAS,CAAC;IAC3B,eAAe,EAAE,CAAC,SAAS,CAAC;IAC5B,kBAAkB,EAAE,CAAC,SAAS,EAAE,SAAS,CAAC;IAC1C,qBAAqB,EAAE,CAAC,SAAS,CAAC;IAClC,mBAAmB,EAAE,CAAC,SAAS,CAAC;CACjC,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAoC;IACnE,MAAM,EAAE,CAAC,iBAAiB,EAAE,gBAAgB,CAAC;IAC7C,MAAM,EAAE,CAAC,iBAAiB,EAAE,gBAAgB,CAAC;IAC7C,MAAM,EAAE,CAAC,iBAAiB,EAAE,gBAAgB,CAAC;IAC7C,iBAAiB,EAAE,CAAC,iBAAiB,EAAE,gBAAgB,CAAC;IACxD,qBAAqB,EAAE,CAAC,iBAAiB,CAAC;IAC1C,sBAAsB,EAAE,CAAC,iBAAiB,EAAE,gBAAgB,CAAC;IAC7D,cAAc,EAAE,CAAC,iBAAiB,EAAE,gBAAgB,CAAC;IACrD,eAAe,EAAE,CAAC,iBAAiB,EAAE,gBAAgB,CAAC;IACtD,kBAAkB,EAAE,CAAC,iBAAiB,CAAC;IACvC,qBAAqB,EAAE,CAAC,iBAAiB,CAAC;IAC1C,mBAAmB,EAAE,CAAC,iBAAiB,CAAC;CACzC,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,uBAAuB,GAAoC;IACtE,MAAM,EAAE,MAAM;IACd,MAAM,EAAE,MAAM;IACd,MAAM,EAAE,MAAM;IACd,iBAAiB,EAAE,QAAQ;IAC3B,qBAAqB,EAAE,MAAM;IAC7B,sBAAsB,EAAE,UAAU;IAClC,cAAc,EAAE,UAAU;IAC1B,eAAe,EAAE,MAAM;IACvB,kBAAkB,EAAE,MAAM;IAC1B,qBAAqB,EAAE,MAAM;IAC7B,mBAAmB,EAAE,UAAU;CAChC,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,4BAA4B,GAIpC;IACH,MAAM,EAAE;QACN,YAAY,EAAE,CAAC,MAAM,CAAC;QACtB,YAAY,EAAE,CAAC,4BAA4B,EAAE,cAAc,EAAE,YAAY,CAAC;QAC1E,YAAY,EAAE,CAAC,4BAA4B,CAAC;KAC7C;IACD,OAAO,EAAE;QACP,YAAY,EAAE,CAAC,SAAS,CAAC;QACzB,YAAY,EAAE,CAAC,WAAW,CAAC;QAC3B,YAAY,EAAE,CAAC,yDAAyD,CAAC;KAC1E;IACD,OAAO,EAAE;QACP,YAAY,EAAE,CAAC,SAAS,CAAC;QACzB,YAAY,EAAE,CAAC,WAAW,CAAC;QAC3B,YAAY,EAAE,CAAC,sCAAsC,CAAC;KACvD;IACD,GAAG,EAAE;QACH,YAAY,EAAE,CAAC,KAAK,CAAC;QACrB,YAAY,EAAE,CAAC,WAAW,CAAC;QAC3B,YAAY,EAAE,CAAC,2CAA2C,CAAC;KAC5D;IACD,IAAI,EAAE;QACJ,YAAY,EAAE,CAAC,YAAY,CAAC;QAC5B,YAAY,EAAE,CAAC,WAAW,CAAC;QAC3B,YAAY,EAAE,CAAC,gCAAgC,CAAC;KACjD;IACD,MAAM,EAAE;QACN,YAAY,EAAE,CAAC,cAAc,CAAC;QAC9B,YAAY,EAAE,CAAC,mBAAmB,EAAE,eAAe,CAAC;QACpD,YAAY,EAAE,CAAC,qCAAqC,CAAC;KACtD;IACD,MAAM,EAAE;QACN,YAAY,EAAE,CAAC,QAAQ,CAAC;QACxB,YAAY,EAAE,CAAC,WAAW,EAAE,YAAY,CAAC;QACzC,YAAY,EAAE,CAAC,4BAA4B,CAAC;KAC7C;IACD,KAAK,EAAE;QACL,YAAY,EAAE,CAAC,OAAO,CAAC;QACvB,YAAY,EAAE,CAAC,WAAW,CAAC;QAC3B,YAAY,EAAE,CAAC,qBAAqB,CAAC;KACtC;IACD,OAAO,EAAE;QACP,YAAY,EAAE,CAAC,SAAS,CAAC;QACzB,YAAY,EAAE,CAAC,YAAY,CAAC;QAC5B,YAAY,EAAE,CAAC,uCAAuC,CAAC;KACxD;IACD,KAAK,EAAE;QACL,YAAY,EAAE,CAAC,OAAO,CAAC;QACvB,YAAY,EAAE,CAAC,aAAa,EAAE,eAAe,CAAC;QAC9C,YAAY,EAAE,CAAC,mDAAmD,CAAC;KACpE;IACD,MAAM,EAAE;QACN,YAAY,EAAE,CAAC,aAAa,CAAC;QAC7B,YAAY,EAAE,CAAC,mBAAmB,EAAE,gBAAgB,CAAC;QACrD,YAAY,EAAE,CAAC,0CAA0C,CAAC;KAC3D;IACD,OAAO,EAAE;QACP,YAAY,EAAE,CAAC,mBAAmB,CAAC;QACnC,YAAY,EAAE,CAAC,mBAAmB,EAAE,mBAAmB,CAAC;QACxD,YAAY,EAAE,CAAC,8BAA8B,CAAC;KAC/C;IACD,GAAG,EAAE;QACH,YAAY,EAAE,CAAC,0BAA0B,CAAC;QAC1C,YAAY,EAAE,CAAC,WAAW,CAAC;QAC3B,YAAY,EAAE,CAAC,+CAA+C,CAAC;KAChE;IACD,IAAI,EAAE;QACJ,YAAY,EAAE,CAAC,0BAA0B,CAAC;QAC1C,YAAY,EAAE,CAAC,WAAW,CAAC;QAC3B,YAAY,EAAE,CAAC,sCAAsC,CAAC;KACvD;IACD,KAAK,EAAE;QACL,YAAY,EAAE,CAAC,0BAA0B,CAAC;QAC1C,YAAY,EAAE,CAAC,WAAW,CAAC;QAC3B,YAAY,EAAE,CAAC,yCAAyC,CAAC;KAC1D;IACD,IAAI,EAAE;QACJ,YAAY,EAAE,EAAE;QAChB,YAAY,EAAE,EAAE;QAChB,YAAY,EAAE,EAAE;KACjB;CACF,CAAC"}

package/dist/scanners/types.d.ts

@@ -13,7 +13,7 @@ export type { Severity };
 /**
  * Supported scanner types
  */
-export type ScannerType = "semgrep" | "npm-audit" | "gitleaks" | "tsc" | "eslint" | "bandit" | "gosec" | "brakeman" | "trivy" | "binary-analysis" | "memory-safety" | "race-condition" | "healthcare" | "plugin";
+export type ScannerType = "semgrep" | "npm-audit" | "gitleaks" | "tsc" | "eslint" | "bandit" | "gosec" | "brakeman" | "trivy" | "binary-analysis" | "memory-safety" | "race-condition" | "healthcare" | "logic" | "dast" | "zap" | "nuclei" | "plugin";
 /**
  * A finding from a deterministic scanner.
  *

package/dist/scanners/types.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/scanners/types.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,2BAA2B,CAAC;AAG1D,YAAY,EAAE,QAAQ,EAAE,CAAC;AAEzB;;GAEG;AACH,MAAM,MAAM,WAAW,GACnB,SAAS,GACT,WAAW,GACX,UAAU,GACV,KAAK,GACL,QAAQ,GACR,QAAQ,GACR,OAAO,GACP,UAAU,GACV,OAAO,GACP,iBAAiB,GACjB,eAAe,GACf,gBAAgB,GAChB,YAAY,GACZ,QAAQ,CAAC;AAEb;;;;;GAKG;AACH,MAAM,WAAW,oBAAoB;IACnC,qCAAqC;IACrC,OAAO,EAAE,WAAW,CAAC;IAErB,+EAA+E;IAC/E,MAAM,EAAE,MAAM,CAAC;IAEf,mDAAmD;IACnD,IAAI,EAAE,MAAM,CAAC;IAEb,8BAA8B;IAC9B,IAAI,EAAE,MAAM,CAAC;IAEb,0CAA0C;IAC1C,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB,qCAAqC;IACrC,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB,uCAAuC;IACvC,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB,8CAA8C;IAC9C,OAAO,EAAE,MAAM,CAAC;IAEhB,qBAAqB;IACrB,QAAQ,EAAE,QAAQ,CAAC;IAEnB,wEAAwE;IACxE,UAAU,EAAE,MAAM,CAAC;IAEnB,8CAA8C;IAC9C,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,0DAA0D;IAC1D,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAElB,6CAA6C;IAC7C,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAElB,4CAA4C;IAC5C,YAAY,CAAC,EAAE,OAAO,CAAC;IAEvB,iCAAiC;IACjC,GAAG,CAAC,EAAE,MAAM,CAAC;IAEb,iDAAiD;IACjD,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,2CAA2C;IAC3C,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACpC;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,4BAA4B;IAC5B,OAAO,EAAE,WAAW,CAAC;IAErB,0CAA0C;IAC1C,QAAQ,EAAE,oBAAoB,EAAE,CAAC;IAEjC,6CAA6C;IAC7C,QAAQ,EAAE,MAAM,CAAC;IAEjB,8CAA8C;IAC9C,OAAO,EAAE,OAAO,CAAC;IAEjB,mCAAmC;IACnC,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf,yCAAyC;IACzC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,2BAA2B;IAC3B,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB,8BAA8B;IAC9B,YAAY,CAAC,EAAE,MAAM,CAAC;IAEtB,iCAAiC;IACjC,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;IAErB,2CAA2C;IAC3C,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACpC;AAED;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,4BAA4B;IAC5B,SAAS,EAAE,MAAM,CAAC;IAElB,oCAAoC;IACpC,WAAW,EAAE,MAAM,CAAC;IAEpB,gCAAgC;IAChC,QAAQ,EAAE,aAAa,EAAE,CAAC;IAE1B,yCAAyC;IACzC,aAAa,EAAE,MAAM,CAAC;IAEtB,mCAAmC;IACnC,UAAU,EAAE,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IAErC,kCAAkC;IAClC,SAAS,EAAE,MAAM,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;IAEvC,0CAA0C;IAC1C,aAAa,EAAE,MAAM,CAAC;IAEtB,qCAAqC;IACrC,YAAY,EAAE,OAAO,CAAC;IAEtB,2BAA2B;IAC3B,cAAc,EAAE,WAAW,EAAE,CAAC;CAC/B;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,8CAA8C;IAC9C,OAAO,CAAC,EAAE,OAAO,CAAC;IAElB,uDAAuD;IACvD,YAAY,CAAC,EAAE,OAAO,CAAC;IAEvB,yCAAyC;IACzC,OAAO,CAAC,EAAE,OAAO,CAAC;IAElB,gDAAgD;IAChD,UAAU,CAAC,EAAE,OAAO,CAAC;IAErB,kCAAkC;IAClC,MAAM,CAAC,EAAE,OAAO,CAAC;IAEjB,qCAAqC;IACrC,MAAM,CAAC,EAAE,OAAO,CAAC;IAEjB,gCAAgC;IAChC,KAAK,CAAC,EAAE,OAAO,CAAC;IAEhB,qCAAqC;IACrC,QAAQ,CAAC,EAAE,OAAO,CAAC;IAEnB,2CAA2C;IAC3C,KAAK,CAAC,EAAE,OAAO,CAAC;IAEhB,6CAA6C;IAC7C,cAAc,CAAC,EAAE,OAAO,CAAC;IAEzB,gDAAgD;IAChD,YAAY,CAAC,EAAE,OAAO,CAAC;IAEvB,mCAAmC;IACnC,aAAa,CAAC,EAAE,OAAO,CAAC;IAExB,qCAAqC;IACrC,eAAe,CAAC,EAAE,MAAM,CAAC;IAEzB,uCAAuC;IACvC,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IAEnB,uCAAuC;IACvC,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IAEnB,0CAA0C;IAC1C,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,eAAO,MAAM,uBAAuB,EAAE,QAAQ,CAAC,IAAI,CAAC,cAAc,EAAE,iBAAiB,GAAG,SAAS,GAAG,SAAS,CAAC,CAc7G,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,iBAAiB;;kBAGF,QAAQ;cAChB,QAAQ;kBACF,QAAQ;aAChB,QAAQ;cACN,QAAQ;;;eAKP,QAAQ;iBACJ,QAAQ;cACd,QAAQ;;;iBAKA,QAAQ;;;eAKd,QAAQ;iBACJ,QAAQ;oBACR,QAAQ;iBACV,QAAQ;;;cAKX,QAAQ;gBACJ,QAAQ;aACd,QAAQ;;;cAKN,QAAQ;gBACJ,QAAQ;aACd,QAAQ;;;cAKN,QAAQ;gBACJ,QAAQ;cACb,QAAQ;;;kBAKC,QAAQ;cAChB,QAAQ;gBACJ,QAAQ;aACd,QAAQ;iBACH,QAAQ;;CAE9B,CAAC;AAEF;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,OAAO,EAAE,WAAW,CAAC;IACrB,SAAS,EAAE,OAAO,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,OAAO,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,MAAM,CAmBvF"}
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/scanners/types.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,2BAA2B,CAAC;AAG1D,YAAY,EAAE,QAAQ,EAAE,CAAC;AAEzB;;GAEG;AACH,MAAM,MAAM,WAAW,GACnB,SAAS,GACT,WAAW,GACX,UAAU,GACV,KAAK,GACL,QAAQ,GACR,QAAQ,GACR,OAAO,GACP,UAAU,GACV,OAAO,GACP,iBAAiB,GACjB,eAAe,GACf,gBAAgB,GAChB,YAAY,GACZ,OAAO,GACP,MAAM,GACN,KAAK,GACL,QAAQ,GACR,QAAQ,CAAC;AAEb;;;;;GAKG;AACH,MAAM,WAAW,oBAAoB;IACnC,qCAAqC;IACrC,OAAO,EAAE,WAAW,CAAC;IAErB,+EAA+E;IAC/E,MAAM,EAAE,MAAM,CAAC;IAEf,mDAAmD;IACnD,IAAI,EAAE,MAAM,CAAC;IAEb,8BAA8B;IAC9B,IAAI,EAAE,MAAM,CAAC;IAEb,0CAA0C;IAC1C,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB,qCAAqC;IACrC,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB,uCAAuC;IACvC,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB,8CAA8C;IAC9C,OAAO,EAAE,MAAM,CAAC;IAEhB,qBAAqB;IACrB,QAAQ,EAAE,QAAQ,CAAC;IAEnB,wEAAwE;IACxE,UAAU,EAAE,MAAM,CAAC;IAEnB,8CAA8C;IAC9C,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,0DAA0D;IAC1D,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAElB,6CAA6C;IAC7C,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAElB,4CAA4C;IAC5C,YAAY,CAAC,EAAE,OAAO,CAAC;IAEvB,iCAAiC;IACjC,GAAG,CAAC,EAAE,MAAM,CAAC;IAEb,iDAAiD;IACjD,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,2CAA2C;IAC3C,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACpC;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,4BAA4B;IAC5B,OAAO,EAAE,WAAW,CAAC;IAErB,0CAA0C;IAC1C,QAAQ,EAAE,oBAAoB,EAAE,CAAC;IAEjC,6CAA6C;IAC7C,QAAQ,EAAE,MAAM,CAAC;IAEjB,8CAA8C;IAC9C,OAAO,EAAE,OAAO,CAAC;IAEjB,mCAAmC;IACnC,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf,yCAAyC;IACzC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,2BAA2B;IAC3B,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB,8BAA8B;IAC9B,YAAY,CAAC,EAAE,MAAM,CAAC;IAEtB,iCAAiC;IACjC,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;IAErB,2CAA2C;IAC3C,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACpC;AAED;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,4BAA4B;IAC5B,SAAS,EAAE,MAAM,CAAC;IAElB,oCAAoC;IACpC,WAAW,EAAE,MAAM,CAAC;IAEpB,gCAAgC;IAChC,QAAQ,EAAE,aAAa,EAAE,CAAC;IAE1B,yCAAyC;IACzC,aAAa,EAAE,MAAM,CAAC;IAEtB,mCAAmC;IACnC,UAAU,EAAE,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IAErC,kCAAkC;IAClC,SAAS,EAAE,MAAM,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;IAEvC,0CAA0C;IAC1C,aAAa,EAAE,MAAM,CAAC;IAEtB,qCAAqC;IACrC,YAAY,EAAE,OAAO,CAAC;IAEtB,2BAA2B;IAC3B,cAAc,EAAE,WAAW,EAAE,CAAC;CAC/B;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,8CAA8C;IAC9C,OAAO,CAAC,EAAE,OAAO,CAAC;IAElB,uDAAuD;IACvD,YAAY,CAAC,EAAE,OAAO,CAAC;IAEvB,yCAAyC;IACzC,OAAO,CAAC,EAAE,OAAO,CAAC;IAElB,gDAAgD;IAChD,UAAU,CAAC,EAAE,OAAO,CAAC;IAErB,kCAAkC;IAClC,MAAM,CAAC,EAAE,OAAO,CAAC;IAEjB,qCAAqC;IACrC,MAAM,CAAC,EAAE,OAAO,CAAC;IAEjB,gCAAgC;IAChC,KAAK,CAAC,EAAE,OAAO,CAAC;IAEhB,qCAAqC;IACrC,QAAQ,CAAC,EAAE,OAAO,CAAC;IAEnB,2CAA2C;IAC3C,KAAK,CAAC,EAAE,OAAO,CAAC;IAEhB,6CAA6C;IAC7C,cAAc,CAAC,EAAE,OAAO,CAAC;IAEzB,gDAAgD;IAChD,YAAY,CAAC,EAAE,OAAO,CAAC;IAEvB,mCAAmC;IACnC,aAAa,CAAC,EAAE,OAAO,CAAC;IAExB,qCAAqC;IACrC,eAAe,CAAC,EAAE,MAAM,CAAC;IAEzB,uCAAuC;IACvC,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IAEnB,uCAAuC;IACvC,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IAEnB,0CAA0C;IAC1C,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,eAAO,MAAM,uBAAuB,EAAE,QAAQ,CAAC,IAAI,CAAC,cAAc,EAAE,iBAAiB,GAAG,SAAS,GAAG,SAAS,CAAC,CAc7G,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,iBAAiB;;kBAGF,QAAQ;cAChB,QAAQ;kBACF,QAAQ;aAChB,QAAQ;cACN,QAAQ;;;eAKP,QAAQ;iBACJ,QAAQ;cACd,QAAQ;;;iBAKA,QAAQ;;;eAKd,QAAQ;iBACJ,QAAQ;oBACR,QAAQ;iBACV,QAAQ;;;cAKX,QAAQ;gBACJ,QAAQ;aACd,QAAQ;;;cAKN,QAAQ;gBACJ,QAAQ;aACd,QAAQ;;;cAKN,QAAQ;gBACJ,QAAQ;cACb,QAAQ;;;kBAKC,QAAQ;cAChB,QAAQ;gBACJ,QAAQ;aACd,QAAQ;iBACH,QAAQ;;CAE9B,CAAC;AAEF;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,OAAO,EAAE,WAAW,CAAC;IACrB,SAAS,EAAE,OAAO,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,OAAO,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,MAAM,CAuBvF"}

package/dist/scanners/types.js

@@ -100,6 +100,10 @@ export function toFindingId(scanner, ruleId, index) {
         "memory-safety": "mem",
         "race-condition": "rac",
         healthcare: "hc",
+        logic: "log",
+        dast: "dst",
+        zap: "zap",
+        nuclei: "nuc",
         plugin: "plg",
     };
     return `${prefix[scanner]}-${String(index + 1).padStart(3, "0")}`;

package/dist/scanners/types.js.map

@@ -1 +1 @@
-{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/scanners/types.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AA6MH;;GAEG;AACH,MAAM,CAAC,MAAM,uBAAuB,GAA8E;IAChH,OAAO,EAAE,IAAI;IACb,YAAY,EAAE,IAAI;IAClB,OAAO,EAAE,IAAI;IACb,UAAU,EAAE,IAAI;IAChB,MAAM,EAAE,KAAK,EAAU,mCAAmC;IAC1D,MAAM,EAAE,KAAK,EAAU,kCAAkC;IACzD,KAAK,EAAE,KAAK,EAAW,8BAA8B;IACrD,QAAQ,EAAE,KAAK,EAAQ,gCAAgC;IACvD,KAAK,EAAE,KAAK,EAAW,kCAAkC;IACzD,cAAc,EAAE,IAAI,EAAG,6CAA6C;IACpE,YAAY,EAAE,KAAK,EAAI,sCAAsC;IAC7D,aAAa,EAAE,IAAI,EAAI,qBAAqB;IAC5C,OAAO,EAAE,MAAM,EAAQ,wBAAwB;CAChD,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAAG;IAC/B,0BAA0B;IAC1B,GAAG,EAAE;QACH,QAAQ,EAAE,UAAsB;QAChC,IAAI,EAAE,MAAkB;QACxB,QAAQ,EAAE,QAAoB;QAC9B,GAAG,EAAE,KAAiB;QACtB,IAAI,EAAE,MAAkB;KACzB;IAED,UAAU;IACV,OAAO,EAAE;QACP,KAAK,EAAE,MAAkB;QACzB,OAAO,EAAE,QAAoB;QAC7B,IAAI,EAAE,KAAiB;KACxB;IAED,sCAAsC;IACtC,QAAQ,EAAE;QACR,OAAO,EAAE,UAAsB;KAChC;IAED,sBAAsB;IACtB,UAAU,EAAE;QACV,KAAK,EAAE,MAAkB;QACzB,OAAO,EAAE,QAAoB;QAC7B,UAAU,EAAE,KAAiB;QAC7B,OAAO,EAAE,MAAkB;KAC5B;IAED,kBAAkB;IAClB,MAAM,EAAE;QACN,IAAI,EAAE,MAAkB;QACxB,MAAM,EAAE,QAAoB;QAC5B,GAAG,EAAE,KAAiB;KACvB;IAED,aAAa;IACb,KAAK,EAAE;QACL,IAAI,EAAE,MAAkB;QACxB,MAAM,EAAE,QAAoB;QAC5B,GAAG,EAAE,KAAiB;KACvB;IAED,kBAAkB;IAClB,QAAQ,EAAE;QACR,IAAI,EAAE,MAAkB;QACxB,MAAM,EAAE,QAAoB;QAC5B,IAAI,EAAE,KAAiB;KACxB;IAED,QAAQ;IACR,KAAK,EAAE;QACL,QAAQ,EAAE,UAAsB;QAChC,IAAI,EAAE,MAAkB;QACxB,MAAM,EAAE,QAAoB;QAC5B,GAAG,EAAE,KAAiB;QACtB,OAAO,EAAE,MAAkB;KAC5B;CACF,CAAC;AAaF;;GAEG;AACH,MAAM,UAAU,WAAW,CAAC,OAAoB,EAAE,MAAc,EAAE,KAAa;IAC7E,MAAM,MAAM,GAAgC;QAC1C,OAAO,EAAE,KAAK;QACd,WAAW,EAAE,KAAK;QAClB,QAAQ,EAAE,KAAK;QACf,GAAG,EAAE,IAAI;QACT,MAAM,EAAE,MAAM;QACd,MAAM,EAAE,IAAI;QACZ,KAAK,EAAE,IAAI;QACX,QAAQ,EAAE,IAAI;QACd,KAAK,EAAE,KAAK;QACZ,iBAAiB,EAAE,KAAK;QACxB,eAAe,EAAE,KAAK;QACtB,gBAAgB,EAAE,KAAK;QACvB,UAAU,EAAE,IAAI;QAChB,MAAM,EAAE,KAAK;KACd,CAAC;IAEF,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,IAAI,MAAM,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC;AACpE,CAAC"}
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/scanners/types.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAiNH;;GAEG;AACH,MAAM,CAAC,MAAM,uBAAuB,GAA8E;IAChH,OAAO,EAAE,IAAI;IACb,YAAY,EAAE,IAAI;IAClB,OAAO,EAAE,IAAI;IACb,UAAU,EAAE,IAAI;IAChB,MAAM,EAAE,KAAK,EAAU,mCAAmC;IAC1D,MAAM,EAAE,KAAK,EAAU,kCAAkC;IACzD,KAAK,EAAE,KAAK,EAAW,8BAA8B;IACrD,QAAQ,EAAE,KAAK,EAAQ,gCAAgC;IACvD,KAAK,EAAE,KAAK,EAAW,kCAAkC;IACzD,cAAc,EAAE,IAAI,EAAG,6CAA6C;IACpE,YAAY,EAAE,KAAK,EAAI,sCAAsC;IAC7D,aAAa,EAAE,IAAI,EAAI,qBAAqB;IAC5C,OAAO,EAAE,MAAM,EAAQ,wBAAwB;CAChD,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAAG;IAC/B,0BAA0B;IAC1B,GAAG,EAAE;QACH,QAAQ,EAAE,UAAsB;QAChC,IAAI,EAAE,MAAkB;QACxB,QAAQ,EAAE,QAAoB;QAC9B,GAAG,EAAE,KAAiB;QACtB,IAAI,EAAE,MAAkB;KACzB;IAED,UAAU;IACV,OAAO,EAAE;QACP,KAAK,EAAE,MAAkB;QACzB,OAAO,EAAE,QAAoB;QAC7B,IAAI,EAAE,KAAiB;KACxB;IAED,sCAAsC;IACtC,QAAQ,EAAE;QACR,OAAO,EAAE,UAAsB;KAChC;IAED,sBAAsB;IACtB,UAAU,EAAE;QACV,KAAK,EAAE,MAAkB;QACzB,OAAO,EAAE,QAAoB;QAC7B,UAAU,EAAE,KAAiB;QAC7B,OAAO,EAAE,MAAkB;KAC5B;IAED,kBAAkB;IAClB,MAAM,EAAE;QACN,IAAI,EAAE,MAAkB;QACxB,MAAM,EAAE,QAAoB;QAC5B,GAAG,EAAE,KAAiB;KACvB;IAED,aAAa;IACb,KAAK,EAAE;QACL,IAAI,EAAE,MAAkB;QACxB,MAAM,EAAE,QAAoB;QAC5B,GAAG,EAAE,KAAiB;KACvB;IAED,kBAAkB;IAClB,QAAQ,EAAE;QACR,IAAI,EAAE,MAAkB;QACxB,MAAM,EAAE,QAAoB;QAC5B,IAAI,EAAE,KAAiB;KACxB;IAED,QAAQ;IACR,KAAK,EAAE;QACL,QAAQ,EAAE,UAAsB;QAChC,IAAI,EAAE,MAAkB;QACxB,MAAM,EAAE,QAAoB;QAC5B,GAAG,EAAE,KAAiB;QACtB,OAAO,EAAE,MAAkB;KAC5B;CACF,CAAC;AAaF;;GAEG;AACH,MAAM,UAAU,WAAW,CAAC,OAAoB,EAAE,MAAc,EAAE,KAAa;IAC7E,MAAM,MAAM,GAAgC;QAC1C,OAAO,EAAE,KAAK;QACd,WAAW,EAAE,KAAK;QAClB,QAAQ,EAAE,KAAK;QACf,GAAG,EAAE,IAAI;QACT,MAAM,EAAE,MAAM;QACd,MAAM,EAAE,IAAI;QACZ,KAAK,EAAE,IAAI;QACX,QAAQ,EAAE,IAAI;QACd,KAAK,EAAE,KAAK;QACZ,iBAAiB,EAAE,KAAK;QACxB,eAAe,EAAE,KAAK;QACtB,gBAAgB,EAAE,KAAK;QACvB,UAAU,EAAE,IAAI;QAChB,KAAK,EAAE,KAAK;QACZ,IAAI,EAAE,KAAK;QACX,GAAG,EAAE,KAAK;QACV,MAAM,EAAE,KAAK;QACb,MAAM,EAAE,KAAK;KACd,CAAC;IAEF,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,IAAI,MAAM,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC;AACpE,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "vaspera",
-  "version": "2.9.2",
+  "version": "2.10.0",
   "packageManager": "npm@10.2.4",
   "files": [
     "dist",
@@ -58,8 +58,8 @@
     "release": "npm run build && npm test && changeset publish"
   },
   "dependencies": {
-    "@actions/core": "^1.10.1",
-    "@actions/github": "^6.0.0",
+    "@actions/core": "~3.0.1",
+    "@actions/github": "~9.1.1",
     "@anthropic-ai/sdk": "~0.91.1",
     "@modelcontextprotocol/sdk": "^1.12.1",
     "@sigstore/bundle": "~4.0.0",
@@ -68,6 +68,7 @@
     "glob": "^11.0.0",
     "proper-lockfile": "~4.1.2",
     "typescript": "^5.7.0",
+    "yaml": "~2.9.0",
     "zod": "^3.24.0"
   },
   "devDependencies": {
@@ -78,6 +79,7 @@
     "@types/proper-lockfile": "~4.1.4",
     "@vitest/coverage-v8": "~4.1.4",
     "concurrently": "^9.1.2",
+    "fast-check": "~4.8.0",
     "turbo": "~2.9.6",
     "vitest": "~4.1.4"
   }