vaspera 2.9.2 → 2.10.0

package/dist/__tests__/property-test-helpers.d.ts

@@ -0,0 +1,87 @@
+/**
+ * Property-Based Testing Helpers
+ *
+ * Shared generators and utilities for property-based tests using fast-check.
+ *
+ * @module __tests__/property-test-helpers
+ */
+import * as fc from "fast-check";
+/**
+ * Arbitrary generators for common security testing patterns
+ */
+export declare const arbitraries: {
+    /**
+     * Valid identifier characters for path parameters
+     * Matches common conventions: alphanumeric + underscore, starting with letter/underscore
+     */
+    paramName: fc.Arbitrary<string>;
+    /**
+     * Generate a valid file path segment (no special chars)
+     */
+    pathSegment: fc.Arbitrary<string>;
+    /**
+     * Generate a valid file extension
+     */
+    fileExtension: fc.Arbitrary<"ts" | "py" | "go" | "rb" | "java" | "tsx" | "js" | "jsx">;
+    /**
+     * Generate a plural noun for singularization testing
+     */
+    pluralNoun: fc.Arbitrary<"entries" | "data" | "categories" | "matches" | "users" | "products" | "orders" | "items" | "companies" | "stories" | "addresses" | "statuses" | "boxes" | "bushes" | "media" | "sheep" | "fish">;
+    /**
+     * Generate an API path prefix
+     */
+    apiPrefix: fc.Arbitrary<"" | "/api" | "/api/v1" | "/api/v2" | "/v1" | "/v2">;
+};
+/**
+ * Generate a path with Express-style parameters (:param)
+ */
+export declare function expressPath(paramNames: string[]): string;
+/**
+ * Generate a path with Next.js-style parameters ([param])
+ */
+export declare function nextjsPath(paramNames: string[]): string;
+/**
+ * Generate a path with Flask-style parameters (<param> or <param:type>)
+ */
+export declare function flaskPath(paramNames: string[], withTypes?: boolean): string;
+/**
+ * Generate a path with Spring-style parameters ({param})
+ */
+export declare function springPath(paramNames: string[]): string;
+/**
+ * Generate a test file path
+ */
+export declare function testFilePath(stem: string, extension: string): string;
+/**
+ * Generate a spec file path
+ */
+export declare function specFilePath(stem: string, extension: string): string;
+/**
+ * Generate a node_modules file path
+ */
+export declare function nodeModulesPath(pkg: string, file: string): string;
+/**
+ * Generate a generated code file path
+ */
+export declare function generatedFilePath(stem: string): string;
+/**
+ * Generate a type definition file path
+ */
+export declare function dtsFilePath(stem: string): string;
+/**
+ * Arbitrary for generating arrays of unique parameter names
+ */
+export declare const uniqueParamNames: fc.Arbitrary<string[]>;
+/**
+ * Arbitrary for generating a file path with random structure
+ */
+export declare const filePath: fc.Arbitrary<string>;
+/**
+ * Check if a string contains any of the given characters
+ */
+export declare function containsAny(str: string, chars: string[]): boolean;
+/**
+ * Path parameter delimiter characters that should never appear in extracted params
+ */
+export declare const PARAM_DELIMITERS: string[];
+//# sourceMappingURL=property-test-helpers.d.ts.map

package/dist/__tests__/property-test-helpers.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"property-test-helpers.d.ts","sourceRoot":"","sources":["../../src/__tests__/property-test-helpers.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,MAAM,YAAY,CAAC;AAEjC;;GAEG;AACH,eAAO,MAAM,WAAW;IACtB;;;OAGG;;IAGH;;OAEG;;IAGH;;OAEG;;IAGH;;OAEG;;IAyBH;;OAEG;;CAEJ,CAAC;AAEF;;GAEG;AACH,wBAAgB,WAAW,CAAC,UAAU,EAAE,MAAM,EAAE,GAAG,MAAM,CAGxD;AAED;;GAEG;AACH,wBAAgB,UAAU,CAAC,UAAU,EAAE,MAAM,EAAE,GAAG,MAAM,CAGvD;AAED;;GAEG;AACH,wBAAgB,SAAS,CACvB,UAAU,EAAE,MAAM,EAAE,EACpB,SAAS,GAAE,OAAe,GACzB,MAAM,CAcR;AAED;;GAEG;AACH,wBAAgB,UAAU,CAAC,UAAU,EAAE,MAAM,EAAE,GAAG,MAAM,CAGvD;AAED;;GAEG;AACH,wBAAgB,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,MAAM,CAEpE;AAED;;GAEG;AACH,wBAAgB,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,MAAM,CAEpE;AAED;;GAEG;AACH,wBAAgB,eAAe,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,MAAM,CAEjE;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAEtD;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAEhD;AAED;;GAEG;AACH,eAAO,MAAM,gBAAgB,wBAES,CAAC;AAEvC;;GAEG;AACH,eAAO,MAAM,QAAQ,sBAM4C,CAAC;AAElE;;GAEG;AACH,wBAAgB,WAAW,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,GAAG,OAAO,CAEjE;AAED;;GAEG;AACH,eAAO,MAAM,gBAAgB,UAAsC,CAAC"}

package/dist/__tests__/property-test-helpers.js

@@ -0,0 +1,136 @@
+/**
+ * Property-Based Testing Helpers
+ *
+ * Shared generators and utilities for property-based tests using fast-check.
+ *
+ * @module __tests__/property-test-helpers
+ */
+import * as fc from "fast-check";
+/**
+ * Arbitrary generators for common security testing patterns
+ */
+export const arbitraries = {
+    /**
+     * Valid identifier characters for path parameters
+     * Matches common conventions: alphanumeric + underscore, starting with letter/underscore
+     */
+    paramName: fc.stringMatching(/^[a-zA-Z_][a-zA-Z0-9_]{0,15}$/),
+    /**
+     * Generate a valid file path segment (no special chars)
+     */
+    pathSegment: fc.stringMatching(/^[a-zA-Z0-9_-]{1,20}$/),
+    /**
+     * Generate a valid file extension
+     */
+    fileExtension: fc.constantFrom("ts", "js", "tsx", "jsx", "py", "go", "rb", "java"),
+    /**
+     * Generate a plural noun for singularization testing
+     */
+    pluralNoun: fc.oneof(
+    // Regular plurals (add 's')
+    fc.constant("users"), fc.constant("products"), fc.constant("orders"), fc.constant("items"), 
+    // -ies plurals (y -> ies)
+    fc.constant("categories"), fc.constant("companies"), fc.constant("stories"), fc.constant("entries"), 
+    // -es plurals
+    fc.constant("addresses"), fc.constant("statuses"), fc.constant("boxes"), fc.constant("matches"), fc.constant("bushes"), 
+    // Irregular or edge cases
+    fc.constant("data"), fc.constant("media"), fc.constant("sheep"), fc.constant("fish")),
+    /**
+     * Generate an API path prefix
+     */
+    apiPrefix: fc.constantFrom("/api", "/api/v1", "/api/v2", "/v1", "/v2", ""),
+};
+/**
+ * Generate a path with Express-style parameters (:param)
+ */
+export function expressPath(paramNames) {
+    if (paramNames.length === 0)
+        return "/api/resource";
+    return "/api/" + paramNames.map((p) => `:${p}`).join("/");
+}
+/**
+ * Generate a path with Next.js-style parameters ([param])
+ */
+export function nextjsPath(paramNames) {
+    if (paramNames.length === 0)
+        return "/api/resource";
+    return "/api/" + paramNames.map((p) => `[${p}]`).join("/");
+}
+/**
+ * Generate a path with Flask-style parameters (<param> or <param:type>)
+ */
+export function flaskPath(paramNames, withTypes = false) {
+    if (paramNames.length === 0)
+        return "/api/resource";
+    const types = ["int", "string", "path", "float"];
+    return ("/api/" +
+        paramNames
+            .map((p, i) => {
+            if (withTypes && i % 2 === 0) {
+                return `<${p}:${types[i % types.length]}>`;
+            }
+            return `<${p}>`;
+        })
+            .join("/"));
+}
+/**
+ * Generate a path with Spring-style parameters ({param})
+ */
+export function springPath(paramNames) {
+    if (paramNames.length === 0)
+        return "/api/resource";
+    return "/api/" + paramNames.map((p) => `{${p}}`).join("/");
+}
+/**
+ * Generate a test file path
+ */
+export function testFilePath(stem, extension) {
+    return `src/__tests__/${stem}.test.${extension}`;
+}
+/**
+ * Generate a spec file path
+ */
+export function specFilePath(stem, extension) {
+    return `src/${stem}.spec.${extension}`;
+}
+/**
+ * Generate a node_modules file path
+ */
+export function nodeModulesPath(pkg, file) {
+    return `node_modules/${pkg}/${file}`;
+}
+/**
+ * Generate a generated code file path
+ */
+export function generatedFilePath(stem) {
+    return `src/${stem}.generated.ts`;
+}
+/**
+ * Generate a type definition file path
+ */
+export function dtsFilePath(stem) {
+    return `src/${stem}.d.ts`;
+}
+/**
+ * Arbitrary for generating arrays of unique parameter names
+ */
+export const uniqueParamNames = fc
+    .array(arbitraries.paramName, { minLength: 1, maxLength: 5 })
+    .map((names) => [...new Set(names)]);
+/**
+ * Arbitrary for generating a file path with random structure
+ */
+export const filePath = fc
+    .tuple(fc.array(arbitraries.pathSegment, { minLength: 1, maxLength: 4 }), arbitraries.pathSegment, arbitraries.fileExtension)
+    .map(([dirs, name, ext]) => `${dirs.join("/")}/${name}.${ext}`);
+/**
+ * Check if a string contains any of the given characters
+ */
+export function containsAny(str, chars) {
+    return chars.some((c) => str.includes(c));
+}
+/**
+ * Path parameter delimiter characters that should never appear in extracted params
+ */
+export const PARAM_DELIMITERS = [":", "[", "]", "<", ">", "{", "}"];
+//# sourceMappingURL=property-test-helpers.js.map

package/dist/__tests__/property-test-helpers.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"property-test-helpers.js","sourceRoot":"","sources":["../../src/__tests__/property-test-helpers.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,MAAM,YAAY,CAAC;AAEjC;;GAEG;AACH,MAAM,CAAC,MAAM,WAAW,GAAG;IACzB;;;OAGG;IACH,SAAS,EAAE,EAAE,CAAC,cAAc,CAAC,+BAA+B,CAAC;IAE7D;;OAEG;IACH,WAAW,EAAE,EAAE,CAAC,cAAc,CAAC,uBAAuB,CAAC;IAEvD;;OAEG;IACH,aAAa,EAAE,EAAE,CAAC,YAAY,CAAC,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,CAAC;IAElF;;OAEG;IACH,UAAU,EAAE,EAAE,CAAC,KAAK;IAClB,4BAA4B;IAC5B,EAAE,CAAC,QAAQ,CAAC,OAAO,CAAC,EACpB,EAAE,CAAC,QAAQ,CAAC,UAAU,CAAC,EACvB,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,EACrB,EAAE,CAAC,QAAQ,CAAC,OAAO,CAAC;IACpB,0BAA0B;IAC1B,EAAE,CAAC,QAAQ,CAAC,YAAY,CAAC,EACzB,EAAE,CAAC,QAAQ,CAAC,WAAW,CAAC,EACxB,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC,EACtB,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC;IACtB,cAAc;IACd,EAAE,CAAC,QAAQ,CAAC,WAAW,CAAC,EACxB,EAAE,CAAC,QAAQ,CAAC,UAAU,CAAC,EACvB,EAAE,CAAC,QAAQ,CAAC,OAAO,CAAC,EACpB,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC,EACtB,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC;IACrB,0BAA0B;IAC1B,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,EACnB,EAAE,CAAC,QAAQ,CAAC,OAAO,CAAC,EACpB,EAAE,CAAC,QAAQ,CAAC,OAAO,CAAC,EACpB,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,CACpB;IAED;;OAEG;IACH,SAAS,EAAE,EAAE,CAAC,YAAY,CAAC,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE,CAAC;CAC3E,CAAC;AAEF;;GAEG;AACH,MAAM,UAAU,WAAW,CAAC,UAAoB;IAC9C,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,eAAe,CAAC;IACpD,OAAO,OAAO,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC5D,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,UAAU,CAAC,UAAoB;IAC7C,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,eAAe,CAAC;IACpD,OAAO,OAAO,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,SAAS,CACvB,UAAoB,EACpB,YAAqB,KAAK;IAE1B,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,eAAe,CAAC;IACpD,MAAM,KAAK,GAAG,CAAC,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;IACjD,OAAO,CACL,OAAO;QACP,UAAU;aACP,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;YACZ,IAAI,SAAS,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC7B,OAAO,IAAI,CAAC,IAAI,KAAK,CAAC,CAAC,GAAG,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC;YAC7C,CAAC;YACD,OAAO,IAAI,CAAC,GAAG,CAAC;QAClB,CAAC,CAAC;aACD,IAAI,CAAC,GAAG,CAAC,CACb,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,UAAU,CAAC,UAAoB;IAC7C,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,eAAe,CAAC;IACpD,OAAO,OAAO,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,YAAY,CAAC,IAAY,EAAE,SAAiB;IAC1D,OAAO,iBAAiB,IAAI,SAAS,SAAS,EAAE,CAAC;AACnD,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,YAAY,CAAC,IAAY,EAAE,SAAiB;IAC1D,OAAO,OAAO,IAAI,SAAS,SAAS,EAAE,CAAC;AACzC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,GAAW,EAAE,IAAY;IACvD,OAAO,gBAAgB,GAAG,IAAI,IAAI,EAAE,CAAC;AACvC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,IAAY;IAC5C,OAAO,OAAO,IAAI,eAAe,CAAC;AACpC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,WAAW,CAAC,IAAY;IACtC,OAAO,OAAO,IAAI,OAAO,CAAC;AAC5B,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAG,EAAE;KAC/B,KAAK,CAAC,WAAW,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,CAAC,EAAE,SAAS,EAAE,CAAC,EAAE,CAAC;KAC5D,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;AAEvC;;GAEG;AACH,MAAM,CAAC,MAAM,QAAQ,GAAG,EAAE;KACvB,KAAK,CACJ,EAAE,CAAC,KAAK,CAAC,WAAW,CAAC,WAAW,EAAE,EAAE,SAAS,EAAE,CAAC,EAAE,SAAS,EAAE,CAAC,EAAE,CAAC,EACjE,WAAW,CAAC,WAAW,EACvB,WAAW,CAAC,aAAa,CAC1B;KACA,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,GAAG,CAAC,EAAE,EAAE,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,IAAI,IAAI,GAAG,EAAE,CAAC,CAAC;AAElE;;GAEG;AACH,MAAM,UAAU,WAAW,CAAC,GAAW,EAAE,KAAe;IACtD,OAAO,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;AAC5C,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC"}

package/dist/__tests__/scanners/dast/index.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=index.test.d.ts.map

package/dist/__tests__/scanners/dast/index.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.test.d.ts","sourceRoot":"","sources":["../../../../src/__tests__/scanners/dast/index.test.ts"],"names":[],"mappings":""}

package/dist/__tests__/scanners/dast/index.test.js

@@ -0,0 +1,183 @@
+import { describe, it, expect } from "vitest";
+import { formatDASTFindings, convertToSARIF, getDASTInstallInstructions, } from "../../../scanners/dast/index.js";
+describe("dast index", () => {
+    describe("formatDASTFindings", () => {
+        it("returns message for empty findings", () => {
+            const result = formatDASTFindings([]);
+            expect(result).toBe("No vulnerabilities found.");
+        });
+        it("formats findings grouped by severity", () => {
+            const findings = [
+                createMockFinding({ severity: "critical", name: "SQL Injection" }),
+                createMockFinding({ severity: "high", name: "XSS" }),
+                createMockFinding({ severity: "medium", name: "CSRF" }),
+            ];
+            const result = formatDASTFindings(findings);
+            expect(result).toContain("## DAST Scan Results");
+            expect(result).toContain("Found 3 unique vulnerabilities");
+            expect(result).toContain("### 🔴 CRITICAL (1)");
+            expect(result).toContain("### 🟠 HIGH (1)");
+            expect(result).toContain("### 🟡 MEDIUM (1)");
+            expect(result).toContain("SQL Injection");
+            expect(result).toContain("XSS");
+            expect(result).toContain("CSRF");
+        });
+        it("includes CWE IDs when present", () => {
+            const findings = [
+                createMockFinding({ cweIds: ["CWE-89", "CWE-564"] }),
+            ];
+            const result = formatDASTFindings(findings);
+            expect(result).toContain("CWE: CWE-89, CWE-564");
+        });
+        it("includes truncated solution when present", () => {
+            const longSolution = "A".repeat(300);
+            const findings = [
+                createMockFinding({ solution: longSolution }),
+            ];
+            const result = formatDASTFindings(findings);
+            expect(result).toContain("Fix:");
+            expect(result).toContain("...");
+            expect(result.length).toBeLessThan(longSolution.length + 500);
+        });
+        it("shows scanner name for each finding", () => {
+            const findings = [
+                createMockFinding({ scanner: "zap", name: "From ZAP" }),
+                createMockFinding({ scanner: "nuclei", name: "From Nuclei" }),
+            ];
+            const result = formatDASTFindings(findings);
+            expect(result).toContain("(zap)");
+            expect(result).toContain("(nuclei)");
+        });
+    });
+    describe("convertToSARIF", () => {
+        it("generates valid SARIF structure", () => {
+            const result = createMockAggregatedResult();
+            const sarif = convertToSARIF(result);
+            expect(sarif.$schema).toContain("sarif-schema-2.1.0");
+            expect(sarif.version).toBe("2.1.0");
+            expect(sarif.runs).toHaveLength(1);
+            expect(sarif.runs[0].tool.driver.name).toBe("Vaspera DAST");
+        });
+        it("includes rules for each unique finding", () => {
+            const result = createMockAggregatedResult([
+                createMockFinding({ ruleId: "zap-40012", name: "XSS" }),
+                createMockFinding({ ruleId: "nuclei-CVE-2021-44228", name: "Log4j" }),
+            ]);
+            const sarif = convertToSARIF(result);
+            const rules = sarif.runs[0].tool.driver.rules;
+            expect(rules).toHaveLength(2);
+            expect(rules.map((r) => r.id)).toContain("zap-40012");
+            expect(rules.map((r) => r.id)).toContain("nuclei-CVE-2021-44228");
+        });
+        it("deduplicates rules", () => {
+            const result = createMockAggregatedResult([
+                createMockFinding({ ruleId: "zap-40012", url: "https://a.com" }),
+                createMockFinding({ ruleId: "zap-40012", url: "https://b.com" }),
+            ]);
+            const sarif = convertToSARIF(result);
+            expect(sarif.runs[0].tool.driver.rules).toHaveLength(1);
+            expect(sarif.runs[0].results).toHaveLength(2);
+        });
+        it("maps severity to SARIF levels", () => {
+            const result = createMockAggregatedResult([
+                createMockFinding({ severity: "critical", ruleId: "rule-1" }),
+                createMockFinding({ severity: "high", ruleId: "rule-2" }),
+                createMockFinding({ severity: "medium", ruleId: "rule-3" }),
+                createMockFinding({ severity: "low", ruleId: "rule-4" }),
+            ]);
+            const sarif = convertToSARIF(result);
+            const results = sarif.runs[0].results;
+            const findLevel = (ruleId) => results.find((r) => r.ruleId === ruleId)?.level;
+            expect(findLevel("rule-1")).toBe("error");
+            expect(findLevel("rule-2")).toBe("error");
+            expect(findLevel("rule-3")).toBe("warning");
+            expect(findLevel("rule-4")).toBe("note");
+        });
+        it("includes finding properties", () => {
+            const result = createMockAggregatedResult([
+                createMockFinding({
+                    scanner: "zap",
+                    confidence: 90,
+                    cweIds: ["CWE-79"],
+                    cveIds: ["CVE-2021-12345"],
+                    evidence: "test evidence",
+                }),
+            ]);
+            const sarif = convertToSARIF(result);
+            const props = sarif.runs[0].results[0].properties;
+            expect(props.scanner).toBe("zap");
+            expect(props.confidence).toBe(90);
+            expect(props.cweIds).toContain("CWE-79");
+            expect(props.cveIds).toContain("CVE-2021-12345");
+            expect(props.evidence).toBe("test evidence");
+        });
+    });
+    describe("getDASTInstallInstructions", () => {
+        it("returns success message when all tools available", () => {
+            const availability = [
+                { scanner: "zap", available: true, version: "2.14.0" },
+                { scanner: "nuclei", available: true, version: "3.1.0" },
+            ];
+            const result = getDASTInstallInstructions(availability);
+            expect(result).toBe("All DAST tools are installed and available.");
+        });
+        it("returns ZAP instructions when ZAP unavailable", () => {
+            const availability = [
+                { scanner: "zap", available: false, error: "Not found" },
+                { scanner: "nuclei", available: true, version: "3.1.0" },
+            ];
+            const result = getDASTInstallInstructions(availability);
+            expect(result).toContain("OWASP ZAP");
+            expect(result).toContain("docker pull owasp/zap2docker-stable");
+        });
+        it("returns Nuclei instructions when Nuclei unavailable", () => {
+            const availability = [
+                { scanner: "zap", available: true, version: "2.14.0" },
+                { scanner: "nuclei", available: false, error: "Not found" },
+            ];
+            const result = getDASTInstallInstructions(availability);
+            expect(result).toContain("Nuclei");
+            expect(result).toContain("go install");
+        });
+        it("returns both instructions when both unavailable", () => {
+            const availability = [
+                { scanner: "zap", available: false, error: "Not found" },
+                { scanner: "nuclei", available: false, error: "Not found" },
+            ];
+            const result = getDASTInstallInstructions(availability);
+            expect(result).toContain("OWASP ZAP");
+            expect(result).toContain("Nuclei");
+            expect(result).toContain("docker pull owasp/zap2docker-stable");
+            expect(result).toContain("go install");
+        });
+    });
+});
+function createMockFinding(overrides = {}) {
+    return {
+        scanner: "zap",
+        ruleId: "zap-test",
+        name: "Test Finding",
+        description: "Test description",
+        severity: "medium",
+        confidence: 80,
+        url: "https://example.com/test",
+        timestamp: new Date().toISOString(),
+        ...overrides,
+    };
+}
+function createMockAggregatedResult(findings = [createMockFinding()]) {
+    const target = { url: "https://example.com" };
+    return {
+        timestamp: new Date().toISOString(),
+        target,
+        scanners: [],
+        totalFindings: findings.length,
+        uniqueFindings: findings,
+        bySeverity: {},
+        byScanner: { zap: 0, nuclei: 0 },
+        totalDuration: 1000,
+        allSucceeded: true,
+        failedScanners: [],
+    };
+}
+//# sourceMappingURL=index.test.js.map

package/dist/__tests__/scanners/dast/index.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.test.js","sourceRoot":"","sources":["../../../../src/__tests__/scanners/dast/index.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EACL,kBAAkB,EAClB,cAAc,EACd,0BAA0B,GAC3B,MAAM,iCAAiC,CAAC;AAQzC,QAAQ,CAAC,YAAY,EAAE,GAAG,EAAE;IAC1B,QAAQ,CAAC,oBAAoB,EAAE,GAAG,EAAE;QAClC,EAAE,CAAC,oCAAoC,EAAE,GAAG,EAAE;YAC5C,MAAM,MAAM,GAAG,kBAAkB,CAAC,EAAE,CAAC,CAAC;YACtC,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC;QACnD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,sCAAsC,EAAE,GAAG,EAAE;YAC9C,MAAM,QAAQ,GAAkB;gBAC9B,iBAAiB,CAAC,EAAE,QAAQ,EAAE,UAAU,EAAE,IAAI,EAAE,eAAe,EAAE,CAAC;gBAClE,iBAAiB,CAAC,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;gBACpD,iBAAiB,CAAC,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;aACxD,CAAC;YAEF,MAAM,MAAM,GAAG,kBAAkB,CAAC,QAAQ,CAAC,CAAC;YAE5C,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,sBAAsB,CAAC,CAAC;YACjD,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,gCAAgC,CAAC,CAAC;YAC3D,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,qBAAqB,CAAC,CAAC;YAChD,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,iBAAiB,CAAC,CAAC;YAC5C,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,mBAAmB,CAAC,CAAC;YAC9C,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,CAAC;YAC1C,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;YAChC,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;QACnC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,+BAA+B,EAAE,GAAG,EAAE;YACvC,MAAM,QAAQ,GAAkB;gBAC9B,iBAAiB,CAAC,EAAE,MAAM,EAAE,CAAC,QAAQ,EAAE,SAAS,CAAC,EAAE,CAAC;aACrD,CAAC;YAEF,MAAM,MAAM,GAAG,kBAAkB,CAAC,QAAQ,CAAC,CAAC;YAE5C,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,sBAAsB,CAAC,CAAC;QACnD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,0CAA0C,EAAE,GAAG,EAAE;YAClD,MAAM,YAAY,GAAG,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACrC,MAAM,QAAQ,GAAkB;gBAC9B,iBAAiB,CAAC,EAAE,QAAQ,EAAE,YAAY,EAAE,CAAC;aAC9C,CAAC;YAEF,MAAM,MAAM,GAAG,kBAAkB,CAAC,QAAQ,CAAC,CAAC;YAE5C,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;YACjC,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;YAChC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,YAAY,CAAC,YAAY,CAAC,MAAM,GAAG,GAAG,CAAC,CAAC;QAChE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,qCAAqC,EAAE,GAAG,EAAE;YAC7C,MAAM,QAAQ,GAAkB;gBAC9B,iBAAiB,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC;gBACvD,iBAAiB,CAAC,EAAE,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,aAAa,EAAE,CAAC;aAC9D,CAAC;YAEF,MAAM,MAAM,GAAG,kBAAkB,CAAC,QAAQ,CAAC,CAAC;YAE5C,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;YAClC,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;QACvC,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,gBAAgB,EAAE,GAAG,EAAE;QAC9B,EAAE,CAAC,iCAAiC,EAAE,GAAG,EAAE;YACzC,MAAM,MAAM,GAAG,0BAA0B,EAAE,CAAC;YAC5C,MAAM,KAAK,GAAG,cAAc,CAAC,MAAM,CAOlC,CAAC;YAEF,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,SAAS,CAAC,oBAAoB,CAAC,CAAC;YACtD,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACpC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;YACnC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QAC9D,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,wCAAwC,EAAE,GAAG,EAAE;YAChD,MAAM,MAAM,GAAG,0BAA0B,CAAC;gBACxC,iBAAiB,CAAC,EAAE,MAAM,EAAE,WAAW,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;gBACvD,iBAAiB,CAAC,EAAE,MAAM,EAAE,uBAAuB,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;aACtE,CAAC,CAAC;YAEH,MAAM,KAAK,GAAG,cAAc,CAAC,MAAM,CAElC,CAAC;YACF,MAAM,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC;YAE9C,MAAM,CAAC,KAAK,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;YAC9B,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;YACtD,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,uBAAuB,CAAC,CAAC;QACpE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,oBAAoB,EAAE,GAAG,EAAE;YAC5B,MAAM,MAAM,GAAG,0BAA0B,CAAC;gBACxC,iBAAiB,CAAC,EAAE,MAAM,EAAE,WAAW,EAAE,GAAG,EAAE,eAAe,EAAE,CAAC;gBAChE,iBAAiB,CAAC,EAAE,MAAM,EAAE,WAAW,EAAE,GAAG,EAAE,eAAe,EAAE,CAAC;aACjE,CAAC,CAAC;YAEH,MAAM,KAAK,GAAG,cAAc,CAAC,MAAM,CAKlC,CAAC;YAEF,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;YACxD,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QAChD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,+BAA+B,EAAE,GAAG,EAAE;YACvC,MAAM,MAAM,GAAG,0BAA0B,CAAC;gBACxC,iBAAiB,CAAC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC;gBAC7D,iBAAiB,CAAC,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC;gBACzD,iBAAiB,CAAC,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC;gBAC3D,iBAAiB,CAAC,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC;aACzD,CAAC,CAAC;YAEH,MAAM,KAAK,GAAG,cAAc,CAAC,MAAM,CAElC,CAAC;YACF,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;YAEtC,MAAM,SAAS,GAAG,CAAC,MAAc,EAAE,EAAE,CACnC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC,EAAE,KAAK,CAAC;YAElD,MAAM,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAC1C,MAAM,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAC1C,MAAM,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAC5C,MAAM,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC3C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,6BAA6B,EAAE,GAAG,EAAE;YACrC,MAAM,MAAM,GAAG,0BAA0B,CAAC;gBACxC,iBAAiB,CAAC;oBAChB,OAAO,EAAE,KAAK;oBACd,UAAU,EAAE,EAAE;oBACd,MAAM,EAAE,CAAC,QAAQ,CAAC;oBAClB,MAAM,EAAE,CAAC,gBAAgB,CAAC;oBAC1B,QAAQ,EAAE,eAAe;iBAC1B,CAAC;aACH,CAAC,CAAC;YAEH,MAAM,KAAK,GAAG,cAAc,CAAC,MAAM,CAYlC,CAAC;YACF,MAAM,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC;YAElD,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAClC,MAAM,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAClC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;YACzC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,gBAAgB,CAAC,CAAC;YACjD,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QAC/C,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,4BAA4B,EAAE,GAAG,EAAE;QAC1C,EAAE,CAAC,kDAAkD,EAAE,GAAG,EAAE;YAC1D,MAAM,YAAY,GAAuB;gBACvC,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE;gBACtD,EAAE,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE;aACzD,CAAC;YAEF,MAAM,MAAM,GAAG,0BAA0B,CAAC,YAAY,CAAC,CAAC;YAExD,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,6CAA6C,CAAC,CAAC;QACrE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,+CAA+C,EAAE,GAAG,EAAE;YACvD,MAAM,YAAY,GAAuB;gBACvC,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,KAAK,EAAE,KAAK,EAAE,WAAW,EAAE;gBACxD,EAAE,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE;aACzD,CAAC;YAEF,MAAM,MAAM,GAAG,0BAA0B,CAAC,YAAY,CAAC,CAAC;YAExD,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;YACtC,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,qCAAqC,CAAC,CAAC;QAClE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,qDAAqD,EAAE,GAAG,EAAE;YAC7D,MAAM,YAAY,GAAuB;gBACvC,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE;gBACtD,EAAE,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,KAAK,EAAE,KAAK,EAAE,WAAW,EAAE;aAC5D,CAAC;YAEF,MAAM,MAAM,GAAG,0BAA0B,CAAC,YAAY,CAAC,CAAC;YAExD,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;YACnC,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;QACzC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,iDAAiD,EAAE,GAAG,EAAE;YACzD,MAAM,YAAY,GAAuB;gBACvC,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,KAAK,EAAE,KAAK,EAAE,WAAW,EAAE;gBACxD,EAAE,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,KAAK,EAAE,KAAK,EAAE,WAAW,EAAE;aAC5D,CAAC;YAEF,MAAM,MAAM,GAAG,0BAA0B,CAAC,YAAY,CAAC,CAAC;YAExD,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;YACtC,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;YACnC,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,qCAAqC,CAAC,CAAC;YAChE,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;QACzC,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,SAAS,iBAAiB,CAAC,YAAkC,EAAE;IAC7D,OAAO;QACL,OAAO,EAAE,KAAK;QACd,MAAM,EAAE,UAAU;QAClB,IAAI,EAAE,cAAc;QACpB,WAAW,EAAE,kBAAkB;QAC/B,QAAQ,EAAE,QAAQ;QAClB,UAAU,EAAE,EAAE;QACd,GAAG,EAAE,0BAA0B;QAC/B,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,GAAG,SAAS;KACb,CAAC;AACJ,CAAC;AAED,SAAS,0BAA0B,CACjC,WAA0B,CAAC,iBAAiB,EAAE,CAAC;IAE/C,MAAM,MAAM,GAAe,EAAE,GAAG,EAAE,qBAAqB,EAAE,CAAC;IAE1D,OAAO;QACL,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,MAAM;QACN,QAAQ,EAAE,EAAE;QACZ,aAAa,EAAE,QAAQ,CAAC,MAAM;QAC9B,cAAc,EAAE,QAAQ;QACxB,UAAU,EAAE,EAAE;QACd,SAAS,EAAE,EAAE,GAAG,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE;QAChC,aAAa,EAAE,IAAI;QACnB,YAAY,EAAE,IAAI;QAClB,cAAc,EAAE,EAAE;KACnB,CAAC;AACJ,CAAC"}

package/dist/__tests__/scanners/dast/nuclei.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=nuclei.test.d.ts.map

package/dist/__tests__/scanners/dast/nuclei.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"nuclei.test.d.ts","sourceRoot":"","sources":["../../../../src/__tests__/scanners/dast/nuclei.test.ts"],"names":[],"mappings":""}

package/dist/__tests__/scanners/dast/nuclei.test.js

@@ -0,0 +1,166 @@
+import { describe, it, expect } from "vitest";
+import { parseNucleiResult } from "../../../scanners/dast/nuclei.js";
+describe("nuclei scanner", () => {
+    describe("parseNucleiResult", () => {
+        it("parses Nuclei result to DASTFinding", () => {
+            const result = {
+                template: "cves/2021/CVE-2021-44228.yaml",
+                "template-url": "https://github.com/projectdiscovery/nuclei-templates/blob/main/cves/2021/CVE-2021-44228.yaml",
+                "template-id": "CVE-2021-44228",
+                "template-path": "/path/to/templates/cves/2021/CVE-2021-44228.yaml",
+                info: {
+                    name: "Apache Log4j RCE",
+                    author: ["pdteam"],
+                    tags: ["cve", "cve2021", "rce", "log4j", "apache"],
+                    description: "Apache Log4j2 <=2.14.1 JNDI features...",
+                    reference: [
+                        "https://nvd.nist.gov/vuln/detail/CVE-2021-44228",
+                        "https://logging.apache.org/log4j/2.x/security.html",
+                    ],
+                    severity: "critical",
+                    metadata: { "max-request": 1 },
+                    classification: {
+                        "cve-id": ["CVE-2021-44228"],
+                        "cwe-id": ["CWE-502", "CWE-400"],
+                    },
+                },
+                type: "http",
+                host: "https://vulnerable-app.com",
+                matched: "https://vulnerable-app.com/api/log",
+                "extracted-results": ["${jndi:ldap://...}"],
+                ip: "192.168.1.1",
+                timestamp: "2024-01-15T10:30:00Z",
+                matcher: "regex",
+                "curl-command": "curl -X POST ...",
+                request: "POST /api/log HTTP/1.1\n...",
+                response: "HTTP/1.1 200 OK\n...",
+            };
+            const finding = parseNucleiResult(result);
+            expect(finding.scanner).toBe("nuclei");
+            expect(finding.ruleId).toBe("nuclei-CVE-2021-44228");
+            expect(finding.name).toBe("Apache Log4j RCE");
+            expect(finding.severity).toBe("critical");
+            expect(finding.confidence).toBe(95);
+            expect(finding.url).toBe("https://vulnerable-app.com/api/log");
+            expect(finding.cweIds).toContain("CWE-502");
+            expect(finding.cweIds).toContain("CWE-400");
+            expect(finding.cveIds).toContain("CVE-2021-44228");
+            expect(finding.tags).toContain("cve");
+            expect(finding.tags).toContain("log4j");
+            expect(finding.evidence).toBe("${jndi:ldap://...}");
+            expect(finding.references).toContain("https://nvd.nist.gov/vuln/detail/CVE-2021-44228");
+            expect(finding.references).toContain("https://github.com/projectdiscovery/nuclei-templates/blob/main/cves/2021/CVE-2021-44228.yaml");
+        });
+        it("maps Nuclei severity levels correctly", () => {
+            const severities = ["critical", "high", "medium", "low", "info", "unknown"];
+            const expected = ["critical", "high", "medium", "low", "info", "info"];
+            for (let i = 0; i < severities.length; i++) {
+                const result = createMockNucleiResult({ severity: severities[i] });
+                const finding = parseNucleiResult(result);
+                expect(finding.severity).toBe(expected[i]);
+            }
+        });
+        it("assigns confidence based on severity", () => {
+            const testCases = [
+                { severity: "critical", expectedConfidence: 95 },
+                { severity: "high", expectedConfidence: 90 },
+                { severity: "medium", expectedConfidence: 80 },
+                { severity: "low", expectedConfidence: 70 },
+                { severity: "info", expectedConfidence: 60 },
+            ];
+            for (const { severity, expectedConfidence } of testCases) {
+                const result = createMockNucleiResult({ severity });
+                const finding = parseNucleiResult(result);
+                expect(finding.confidence).toBe(expectedConfidence);
+            }
+        });
+        it("handles results without optional fields", () => {
+            const result = {
+                template: "http/misconfiguration/debug-enabled.yaml",
+                "template-id": "debug-enabled",
+                info: {
+                    name: "Debug Mode Enabled",
+                    author: ["tester"],
+                    tags: ["misconfiguration"],
+                    severity: "medium",
+                },
+                type: "http",
+                host: "https://example.com",
+                matched: "https://example.com/debug",
+                timestamp: "2024-01-15T10:30:00Z",
+            };
+            const finding = parseNucleiResult(result);
+            expect(finding.scanner).toBe("nuclei");
+            expect(finding.ruleId).toBe("nuclei-debug-enabled");
+            expect(finding.description).toBe("Debug Mode Enabled detected");
+            expect(finding.cweIds).toBeUndefined();
+            expect(finding.cveIds).toBeUndefined();
+            expect(finding.evidence).toBeUndefined();
+        });
+        it("extracts HTTP method from request", () => {
+            const postResult = createMockNucleiResult({ request: "POST /api/data HTTP/1.1\nHost: example.com" });
+            const getResult = createMockNucleiResult({ request: "GET /api/data HTTP/1.1\nHost: example.com" });
+            const putResult = createMockNucleiResult({ request: "PUT /api/data HTTP/1.1\nHost: example.com" });
+            expect(parseNucleiResult(postResult).method).toBe("POST");
+            expect(parseNucleiResult(getResult).method).toBe("GET");
+            expect(parseNucleiResult(putResult).method).toBe("PUT");
+        });
+        it("uses host as url fallback when matched is not present", () => {
+            const result = {
+                template: "test.yaml",
+                "template-id": "test",
+                info: {
+                    name: "Test",
+                    author: ["tester"],
+                    tags: [],
+                    severity: "info",
+                },
+                type: "http",
+                host: "https://example.com",
+                matched: "",
+                timestamp: "2024-01-15T10:30:00Z",
+            };
+            const finding = parseNucleiResult(result);
+            expect(finding.url).toBe("https://example.com");
+        });
+        it("formats CWE IDs with prefix", () => {
+            const result = createMockNucleiResult({
+                classification: {
+                    "cwe-id": ["79", "CWE-89"],
+                },
+            });
+            const finding = parseNucleiResult(result);
+            expect(finding.cweIds).toContain("CWE-79");
+            expect(finding.cweIds).toContain("CWE-89");
+        });
+        it("joins multiple extracted results as evidence", () => {
+            const result = createMockNucleiResult({
+                "extracted-results": ["result1", "result2", "result3"],
+            });
+            const finding = parseNucleiResult(result);
+            expect(finding.evidence).toBe("result1\nresult2\nresult3");
+        });
+    });
+});
+function createMockNucleiResult(overrides = {}) {
+    const { severity, classification, request, "extracted-results": extractedResults, ...rest } = overrides;
+    return {
+        template: "test/template.yaml",
+        "template-id": "test-template",
+        info: {
+            name: "Test Template",
+            author: ["tester"],
+            tags: ["test"],
+            severity: severity || "medium",
+            classification: classification,
+        },
+        type: "http",
+        host: "https://test.example.com",
+        matched: "https://test.example.com/path",
+        timestamp: "2024-01-15T10:30:00Z",
+        request: request,
+        "extracted-results": extractedResults,
+        ...rest,
+    };
+}
+//# sourceMappingURL=nuclei.test.js.map

package/dist/__tests__/scanners/dast/nuclei.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"nuclei.test.js","sourceRoot":"","sources":["../../../../src/__tests__/scanners/dast/nuclei.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EAAE,iBAAiB,EAAE,MAAM,kCAAkC,CAAC;AAGrE,QAAQ,CAAC,gBAAgB,EAAE,GAAG,EAAE;IAC9B,QAAQ,CAAC,mBAAmB,EAAE,GAAG,EAAE;QACjC,EAAE,CAAC,qCAAqC,EAAE,GAAG,EAAE;YAC7C,MAAM,MAAM,GAAiB;gBAC3B,QAAQ,EAAE,+BAA+B;gBACzC,cAAc,EAAE,8FAA8F;gBAC9G,aAAa,EAAE,gBAAgB;gBAC/B,eAAe,EAAE,kDAAkD;gBACnE,IAAI,EAAE;oBACJ,IAAI,EAAE,kBAAkB;oBACxB,MAAM,EAAE,CAAC,QAAQ,CAAC;oBAClB,IAAI,EAAE,CAAC,KAAK,EAAE,SAAS,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,CAAC;oBAClD,WAAW,EAAE,yCAAyC;oBACtD,SAAS,EAAE;wBACT,iDAAiD;wBACjD,oDAAoD;qBACrD;oBACD,QAAQ,EAAE,UAAU;oBACpB,QAAQ,EAAE,EAAE,aAAa,EAAE,CAAC,EAAE;oBAC9B,cAAc,EAAE;wBACd,QAAQ,EAAE,CAAC,gBAAgB,CAAC;wBAC5B,QAAQ,EAAE,CAAC,SAAS,EAAE,SAAS,CAAC;qBACjC;iBACF;gBACD,IAAI,EAAE,MAAM;gBACZ,IAAI,EAAE,4BAA4B;gBAClC,OAAO,EAAE,oCAAoC;gBAC7C,mBAAmB,EAAE,CAAC,oBAAoB,CAAC;gBAC3C,EAAE,EAAE,aAAa;gBACjB,SAAS,EAAE,sBAAsB;gBACjC,OAAO,EAAE,OAAO;gBAChB,cAAc,EAAE,kBAAkB;gBAClC,OAAO,EAAE,6BAA6B;gBACtC,QAAQ,EAAE,sBAAsB;aACjC,CAAC;YAEF,MAAM,OAAO,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC;YAE1C,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACvC,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;YACrD,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;YAC9C,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YAC1C,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACpC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,oCAAoC,CAAC,CAAC;YAC/D,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;YAC5C,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;YAC5C,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,gBAAgB,CAAC,CAAC;YACnD,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;YACtC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;YACxC,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;YACpD,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,SAAS,CAAC,iDAAiD,CAAC,CAAC;YACxF,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,SAAS,CAAC,8FAA8F,CAAC,CAAC;QACvI,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,uCAAuC,EAAE,GAAG,EAAE;YAC/C,MAAM,UAAU,GAAG,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC;YAC5E,MAAM,QAAQ,GAAG,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;YAEvE,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,UAAU,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC3C,MAAM,MAAM,GAAG,sBAAsB,CAAC,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;gBACnE,MAAM,OAAO,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC;gBAC1C,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;YAC7C,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,sCAAsC,EAAE,GAAG,EAAE;YAC9C,MAAM,SAAS,GAAG;gBAChB,EAAE,QAAQ,EAAE,UAAU,EAAE,kBAAkB,EAAE,EAAE,EAAE;gBAChD,EAAE,QAAQ,EAAE,MAAM,EAAE,kBAAkB,EAAE,EAAE,EAAE;gBAC5C,EAAE,QAAQ,EAAE,QAAQ,EAAE,kBAAkB,EAAE,EAAE,EAAE;gBAC9C,EAAE,QAAQ,EAAE,KAAK,EAAE,kBAAkB,EAAE,EAAE,EAAE;gBAC3C,EAAE,QAAQ,EAAE,MAAM,EAAE,kBAAkB,EAAE,EAAE,EAAE;aAC7C,CAAC;YAEF,KAAK,MAAM,EAAE,QAAQ,EAAE,kBAAkB,EAAE,IAAI,SAAS,EAAE,CAAC;gBACzD,MAAM,MAAM,GAAG,sBAAsB,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC;gBACpD,MAAM,OAAO,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC;gBAC1C,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;YACtD,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,yCAAyC,EAAE,GAAG,EAAE;YACjD,MAAM,MAAM,GAAiB;gBAC3B,QAAQ,EAAE,0CAA0C;gBACpD,aAAa,EAAE,eAAe;gBAC9B,IAAI,EAAE;oBACJ,IAAI,EAAE,oBAAoB;oBAC1B,MAAM,EAAE,CAAC,QAAQ,CAAC;oBAClB,IAAI,EAAE,CAAC,kBAAkB,CAAC;oBAC1B,QAAQ,EAAE,QAAQ;iBACnB;gBACD,IAAI,EAAE,MAAM;gBACZ,IAAI,EAAE,qBAAqB;gBAC3B,OAAO,EAAE,2BAA2B;gBACpC,SAAS,EAAE,sBAAsB;aAClC,CAAC;YAEF,MAAM,OAAO,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC;YAE1C,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACvC,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;YACpD,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC;YAChE,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,aAAa,EAAE,CAAC;YACvC,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,aAAa,EAAE,CAAC;YACvC,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,aAAa,EAAE,CAAC;QAC3C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,mCAAmC,EAAE,GAAG,EAAE;YAC3C,MAAM,UAAU,GAAG,sBAAsB,CAAC,EAAE,OAAO,EAAE,4CAA4C,EAAE,CAAC,CAAC;YACrG,MAAM,SAAS,GAAG,sBAAsB,CAAC,EAAE,OAAO,EAAE,2CAA2C,EAAE,CAAC,CAAC;YACnG,MAAM,SAAS,GAAG,sBAAsB,CAAC,EAAE,OAAO,EAAE,2CAA2C,EAAE,CAAC,CAAC;YAEnG,MAAM,CAAC,iBAAiB,CAAC,UAAU,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YAC1D,MAAM,CAAC,iBAAiB,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACxD,MAAM,CAAC,iBAAiB,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC1D,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,uDAAuD,EAAE,GAAG,EAAE;YAC/D,MAAM,MAAM,GAAiB;gBAC3B,QAAQ,EAAE,WAAW;gBACrB,aAAa,EAAE,MAAM;gBACrB,IAAI,EAAE;oBACJ,IAAI,EAAE,MAAM;oBACZ,MAAM,EAAE,CAAC,QAAQ,CAAC;oBAClB,IAAI,EAAE,EAAE;oBACR,QAAQ,EAAE,MAAM;iBACjB;gBACD,IAAI,EAAE,MAAM;gBACZ,IAAI,EAAE,qBAAqB;gBAC3B,OAAO,EAAE,EAAE;gBACX,SAAS,EAAE,sBAAsB;aAClC,CAAC;YAEF,MAAM,OAAO,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC;YAC1C,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC;QAClD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,6BAA6B,EAAE,GAAG,EAAE;YACrC,MAAM,MAAM,GAAG,sBAAsB,CAAC;gBACpC,cAAc,EAAE;oBACd,QAAQ,EAAE,CAAC,IAAI,EAAE,QAAQ,CAAC;iBAC3B;aACF,CAAC,CAAC;YAEH,MAAM,OAAO,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC;YAE1C,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;YAC3C,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;QAC7C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,8CAA8C,EAAE,GAAG,EAAE;YACtD,MAAM,MAAM,GAAG,sBAAsB,CAAC;gBACpC,mBAAmB,EAAE,CAAC,SAAS,EAAE,SAAS,EAAE,SAAS,CAAC;aACvD,CAAC,CAAC;YAEH,MAAM,OAAO,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC;YAE1C,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC;QAC7D,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,SAAS,sBAAsB,CAAC,YAK5B,EAAE;IACJ,MAAM,EAAE,QAAQ,EAAE,cAAc,EAAE,OAAO,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,GAAG,IAAI,EAAE,GAAG,SAAS,CAAC;IAExG,OAAO;QACL,QAAQ,EAAE,oBAAoB;QAC9B,aAAa,EAAE,eAAe;QAC9B,IAAI,EAAE;YACJ,IAAI,EAAE,eAAe;YACrB,MAAM,EAAE,CAAC,QAAQ,CAAC;YAClB,IAAI,EAAE,CAAC,MAAM,CAAC;YACd,QAAQ,EAAE,QAAQ,IAAI,QAAQ;YAC9B,cAAc,EAAE,cAAc;SAC/B;QACD,IAAI,EAAE,MAAM;QACZ,IAAI,EAAE,0BAA0B;QAChC,OAAO,EAAE,+BAA+B;QACxC,SAAS,EAAE,sBAAsB;QACjC,OAAO,EAAE,OAAO;QAChB,mBAAmB,EAAE,gBAAgB;QACrC,GAAG,IAAI;KACR,CAAC;AACJ,CAAC"}

package/dist/__tests__/scanners/dast/zap.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=zap.test.d.ts.map

package/dist/__tests__/scanners/dast/zap.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"zap.test.d.ts","sourceRoot":"","sources":["../../../../src/__tests__/scanners/dast/zap.test.ts"],"names":[],"mappings":""}