vaspera 2.9.2 → 2.10.1

package/dist/scanners/dast/types.d.ts

@@ -0,0 +1,306 @@
+/**
+ * DAST Scanner Types
+ *
+ * Types for Dynamic Application Security Testing integrations
+ * with OWASP ZAP and Nuclei.
+ *
+ * @module scanners/dast/types
+ */
+import type { Severity } from "../../certification/types.js";
+/**
+ * DAST scanner types
+ */
+export type DASTScanner = "zap" | "nuclei";
+/**
+ * Authentication types for DAST scans
+ */
+export type AuthType = "none" | "basic" | "bearer" | "cookie" | "oauth2" | "api-key";
+/**
+ * Target for DAST scanning
+ */
+export interface DASTTarget {
+    /** Base URL to scan */
+    url: string;
+    /** Optional name for the target */
+    name?: string;
+    /** Authentication configuration */
+    authentication?: DASTAuthentication;
+    /** Custom headers to include */
+    headers?: Record<string, string>;
+    /** URL patterns to include in scan scope */
+    scope?: string[];
+    /** URL patterns to exclude from scan */
+    exclude?: string[];
+    /** OpenAPI/Swagger spec URL for API scanning */
+    openApiUrl?: string;
+    /** GraphQL endpoint for GraphQL scanning */
+    graphqlUrl?: string;
+}
+/**
+ * Authentication configuration
+ */
+export interface DASTAuthentication {
+    /** Authentication type */
+    type: AuthType;
+    /** Credentials based on auth type */
+    credentials: {
+        /** Username for basic auth */
+        username?: string;
+        /** Password for basic auth */
+        password?: string;
+        /** Bearer token */
+        token?: string;
+        /** Cookie string */
+        cookie?: string;
+        /** API key */
+        apiKey?: string;
+        /** API key header name */
+        apiKeyHeader?: string;
+        /** OAuth2 client ID */
+        clientId?: string;
+        /** OAuth2 client secret */
+        clientSecret?: string;
+        /** OAuth2 token URL */
+        tokenUrl?: string;
+    };
+}
+/**
+ * Scan policy/configuration
+ */
+export interface DASTPolicy {
+    /** Only run passive scans (no active attacks) */
+    passiveOnly?: boolean;
+    /** Risk threshold to report */
+    riskThreshold?: "high" | "medium" | "low" | "informational";
+    /** Maximum scan duration in seconds */
+    maxDuration?: number;
+    /** Specific Nuclei template paths or tags */
+    templates?: string[];
+    /** Nuclei template tags to include */
+    templateTags?: string[];
+    /** Nuclei template tags to exclude */
+    excludeTags?: string[];
+    /** ZAP scan policy name */
+    zapPolicy?: string;
+    /** Enable AJAX spider for JavaScript-heavy apps */
+    ajaxSpider?: boolean;
+    /** Maximum depth for spidering */
+    maxDepth?: number;
+    /** Maximum children per node for spidering */
+    maxChildren?: number;
+    /** Delay between requests in milliseconds */
+    requestDelay?: number;
+    /** Number of concurrent threads */
+    threads?: number;
+}
+/**
+ * Default DAST policy
+ */
+export declare const DEFAULT_DAST_POLICY: DASTPolicy;
+/**
+ * A finding from a DAST scanner
+ */
+export interface DASTFinding {
+    /** Which scanner found this */
+    scanner: DASTScanner;
+    /** Rule/template ID */
+    ruleId: string;
+    /** Human-readable name */
+    name: string;
+    /** Description of the vulnerability */
+    description: string;
+    /** Severity level */
+    severity: Severity;
+    /** Confidence level (0-100) */
+    confidence: number;
+    /** Affected URL */
+    url: string;
+    /** HTTP method */
+    method?: string;
+    /** Attack parameter/input */
+    parameter?: string;
+    /** Evidence/proof of vulnerability */
+    evidence?: string;
+    /** Attack payload used */
+    attack?: string;
+    /** CWE IDs */
+    cweIds?: string[];
+    /** CVE IDs */
+    cveIds?: string[];
+    /** Reference URLs */
+    references?: string[];
+    /** Suggested solution */
+    solution?: string;
+    /** Raw scanner output */
+    rawOutput?: Record<string, unknown>;
+    /** Tags/labels */
+    tags?: string[];
+    /** Timestamp when found */
+    timestamp: string;
+}
+/**
+ * Result from running a DAST scanner
+ */
+export interface DASTScanResult {
+    /** Scanner used */
+    scanner: DASTScanner;
+    /** Target that was scanned */
+    target: DASTTarget;
+    /** Findings discovered */
+    findings: DASTFinding[];
+    /** Scan duration in milliseconds */
+    duration: number;
+    /** Whether scan completed successfully */
+    success: boolean;
+    /** Error message if failed */
+    error?: string;
+    /** Scan statistics */
+    stats: {
+        /** Total requests made */
+        requestCount: number;
+        /** URLs discovered */
+        urlsDiscovered: number;
+        /** Unique findings */
+        uniqueFindings: number;
+        /** Findings by severity */
+        bySeverity: Partial<Record<Severity, number>>;
+    };
+    /** Scanner version */
+    version?: string;
+    /** Scan start time */
+    startTime: string;
+    /** Scan end time */
+    endTime: string;
+    /** Policy used */
+    policy: DASTPolicy;
+}
+/**
+ * Aggregated results from multiple DAST scanners
+ */
+export interface AggregatedDASTResult {
+    /** Timestamp */
+    timestamp: string;
+    /** Target scanned */
+    target: DASTTarget;
+    /** Results from each scanner */
+    scanners: DASTScanResult[];
+    /** Total findings across all scanners */
+    totalFindings: number;
+    /** Deduplicated findings */
+    uniqueFindings: DASTFinding[];
+    /** Findings by severity */
+    bySeverity: Partial<Record<Severity, number>>;
+    /** Findings by scanner */
+    byScanner: Record<DASTScanner, number>;
+    /** Total scan duration */
+    totalDuration: number;
+    /** Whether all scanners succeeded */
+    allSucceeded: boolean;
+    /** Scanners that failed */
+    failedScanners: DASTScanner[];
+}
+/**
+ * DAST scanner availability status
+ */
+export interface DASTAvailability {
+    scanner: DASTScanner;
+    available: boolean;
+    version?: string;
+    path?: string;
+    error?: string;
+    features?: {
+        passiveScan: boolean;
+        activeScan: boolean;
+        apiScan: boolean;
+        authentication: boolean;
+    };
+}
+/**
+ * Options for running DAST scans
+ */
+export interface DASTScanOptions {
+    /** Scanners to run */
+    scanners?: DASTScanner[];
+    /** Scan policy */
+    policy?: DASTPolicy;
+    /** Output format */
+    outputFormat?: "json" | "sarif" | "html";
+    /** Save report to file */
+    reportPath?: string;
+    /** Verbose output */
+    verbose?: boolean;
+    /** Confirmation that scan is authorized */
+    authorized: boolean;
+}
+/**
+ * ZAP-specific alert structure
+ */
+export interface ZAPAlert {
+    sourceid: string;
+    other: string;
+    method: string;
+    evidence: string;
+    pluginId: string;
+    cweid: string;
+    confidence: string;
+    wascid: string;
+    description: string;
+    messageId: string;
+    inputVector: string;
+    url: string;
+    tags: Record<string, string>;
+    reference: string;
+    solution: string;
+    alert: string;
+    param: string;
+    attack: string;
+    name: string;
+    risk: string;
+    id: string;
+    alertRef: string;
+}
+/**
+ * Nuclei-specific result structure
+ */
+export interface NucleiResult {
+    template: string;
+    "template-url"?: string;
+    "template-id": string;
+    "template-path"?: string;
+    info: {
+        name: string;
+        author: string[];
+        tags: string[];
+        description?: string;
+        reference?: string[];
+        severity: string;
+        metadata?: Record<string, unknown>;
+        classification?: {
+            "cve-id"?: string[];
+            "cwe-id"?: string[];
+        };
+    };
+    type: string;
+    host: string;
+    matched: string;
+    "extracted-results"?: string[];
+    ip?: string;
+    timestamp: string;
+    matcher?: string;
+    "curl-command"?: string;
+    request?: string;
+    response?: string;
+}
+/**
+ * Map ZAP risk levels to severity
+ */
+export declare const ZAP_RISK_MAPPING: Record<string, Severity>;
+/**
+ * Map ZAP confidence levels to numeric values
+ */
+export declare const ZAP_CONFIDENCE_MAPPING: Record<string, number>;
+/**
+ * Map Nuclei severity to vaspera severity
+ */
+export declare const NUCLEI_SEVERITY_MAPPING: Record<string, Severity>;
+//# sourceMappingURL=types.d.ts.map

package/dist/scanners/dast/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/scanners/dast/types.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,8BAA8B,CAAC;AAE7D;;GAEG;AACH,MAAM,MAAM,WAAW,GAAG,KAAK,GAAG,QAAQ,CAAC;AAE3C;;GAEG;AACH,MAAM,MAAM,QAAQ,GAAG,MAAM,GAAG,OAAO,GAAG,QAAQ,GAAG,QAAQ,GAAG,QAAQ,GAAG,SAAS,CAAC;AAErF;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,uBAAuB;IACvB,GAAG,EAAE,MAAM,CAAC;IAEZ,mCAAmC;IACnC,IAAI,CAAC,EAAE,MAAM,CAAC;IAEd,mCAAmC;IACnC,cAAc,CAAC,EAAE,kBAAkB,CAAC;IAEpC,gCAAgC;IAChC,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAEjC,4CAA4C;IAC5C,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;IAEjB,wCAAwC;IACxC,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IAEnB,gDAAgD;IAChD,UAAU,CAAC,EAAE,MAAM,CAAC;IAEpB,4CAA4C;IAC5C,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,0BAA0B;IAC1B,IAAI,EAAE,QAAQ,CAAC;IAEf,qCAAqC;IACrC,WAAW,EAAE;QACX,8BAA8B;QAC9B,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,8BAA8B;QAC9B,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,mBAAmB;QACnB,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,oBAAoB;QACpB,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,cAAc;QACd,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,0BAA0B;QAC1B,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,uBAAuB;QACvB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,2BAA2B;QAC3B,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,uBAAuB;QACvB,QAAQ,CAAC,EAAE,MAAM,CAAC;KACnB,CAAC;CACH;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,iDAAiD;IACjD,WAAW,CAAC,EAAE,OAAO,CAAC;IAEtB,+BAA+B;IAC/B,aAAa,CAAC,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,GAAG,eAAe,CAAC;IAE5D,uCAAuC;IACvC,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB,6CAA6C;IAC7C,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;IAErB,sCAAsC;IACtC,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IAExB,sCAAsC;IACtC,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IAEvB,2BAA2B;IAC3B,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB,mDAAmD;IACnD,UAAU,CAAC,EAAE,OAAO,CAAC;IAErB,kCAAkC;IAClC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,8CAA8C;IAC9C,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB,6CAA6C;IAC7C,YAAY,CAAC,EAAE,MAAM,CAAC;IAEtB,mCAAmC;IACnC,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,eAAO,MAAM,mBAAmB,EAAE,UASjC,CAAC;AAEF;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,+BAA+B;IAC/B,OAAO,EAAE,WAAW,CAAC;IAErB,uBAAuB;IACvB,MAAM,EAAE,MAAM,CAAC;IAEf,0BAA0B;IAC1B,IAAI,EAAE,MAAM,CAAC;IAEb,uCAAuC;IACvC,WAAW,EAAE,MAAM,CAAC;IAEpB,qBAAqB;IACrB,QAAQ,EAAE,QAAQ,CAAC;IAEnB,+BAA+B;IAC/B,UAAU,EAAE,MAAM,CAAC;IAEnB,mBAAmB;IACnB,GAAG,EAAE,MAAM,CAAC;IAEZ,kBAAkB;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB,6BAA6B;IAC7B,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB,sCAAsC;IACtC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,0BAA0B;IAC1B,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB,cAAc;IACd,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAElB,cAAc;IACd,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAElB,qBAAqB;IACrB,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;IAEtB,yBAAyB;IACzB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,yBAAyB;IACzB,SAAS,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAEpC,kBAAkB;IAClB,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAEhB,2BAA2B;IAC3B,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,mBAAmB;IACnB,OAAO,EAAE,WAAW,CAAC;IAErB,8BAA8B;IAC9B,MAAM,EAAE,UAAU,CAAC;IAEnB,0BAA0B;IAC1B,QAAQ,EAAE,WAAW,EAAE,CAAC;IAExB,oCAAoC;IACpC,QAAQ,EAAE,MAAM,CAAC;IAEjB,0CAA0C;IAC1C,OAAO,EAAE,OAAO,CAAC;IAEjB,8BAA8B;IAC9B,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf,sBAAsB;IACtB,KAAK,EAAE;QACL,0BAA0B;QAC1B,YAAY,EAAE,MAAM,CAAC;QACrB,sBAAsB;QACtB,cAAc,EAAE,MAAM,CAAC;QACvB,sBAAsB;QACtB,cAAc,EAAE,MAAM,CAAC;QACvB,2BAA2B;QAC3B,UAAU,EAAE,OAAO,CAAC,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC,CAAC;KAC/C,CAAC;IAEF,sBAAsB;IACtB,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB,sBAAsB;IACtB,SAAS,EAAE,MAAM,CAAC;IAElB,oBAAoB;IACpB,OAAO,EAAE,MAAM,CAAC;IAEhB,kBAAkB;IAClB,MAAM,EAAE,UAAU,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,gBAAgB;IAChB,SAAS,EAAE,MAAM,CAAC;IAElB,qBAAqB;IACrB,MAAM,EAAE,UAAU,CAAC;IAEnB,gCAAgC;IAChC,QAAQ,EAAE,cAAc,EAAE,CAAC;IAE3B,yCAAyC;IACzC,aAAa,EAAE,MAAM,CAAC;IAEtB,4BAA4B;IAC5B,cAAc,EAAE,WAAW,EAAE,CAAC;IAE9B,2BAA2B;IAC3B,UAAU,EAAE,OAAO,CAAC,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC,CAAC;IAE9C,0BAA0B;IAC1B,SAAS,EAAE,MAAM,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;IAEvC,0BAA0B;IAC1B,aAAa,EAAE,MAAM,CAAC;IAEtB,qCAAqC;IACrC,YAAY,EAAE,OAAO,CAAC;IAEtB,2BAA2B;IAC3B,cAAc,EAAE,WAAW,EAAE,CAAC;CAC/B;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,OAAO,EAAE,WAAW,CAAC;IACrB,SAAS,EAAE,OAAO,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE;QACT,WAAW,EAAE,OAAO,CAAC;QACrB,UAAU,EAAE,OAAO,CAAC;QACpB,OAAO,EAAE,OAAO,CAAC;QACjB,cAAc,EAAE,OAAO,CAAC;KACzB,CAAC;CACH;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,sBAAsB;IACtB,QAAQ,CAAC,EAAE,WAAW,EAAE,CAAC;IAEzB,kBAAkB;IAClB,MAAM,CAAC,EAAE,UAAU,CAAC;IAEpB,oBAAoB;IACpB,YAAY,CAAC,EAAE,MAAM,GAAG,OAAO,GAAG,MAAM,CAAC;IAEzC,0BAA0B;IAC1B,UAAU,CAAC,EAAE,MAAM,CAAC;IAEpB,qBAAqB;IACrB,OAAO,CAAC,EAAE,OAAO,CAAC;IAElB,2CAA2C;IAC3C,UAAU,EAAE,OAAO,CAAC;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,QAAQ;IACvB,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;IACf,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC7B,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,QAAQ,EAAE,MAAM,CAAC;IACjB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,aAAa,EAAE,MAAM,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,IAAI,EAAE;QACJ,IAAI,EAAE,MAAM,CAAC;QACb,MAAM,EAAE,MAAM,EAAE,CAAC;QACjB,IAAI,EAAE,MAAM,EAAE,CAAC;QACf,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;QACrB,QAAQ,EAAE,MAAM,CAAC;QACjB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QACnC,cAAc,CAAC,EAAE;YACf,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;YACpB,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;SACrB,CAAC;KACH,CAAC;IACF,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC/B,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,eAAO,MAAM,gBAAgB,EAAE,MAAM,CAAC,MAAM,EAAE,QAAQ,CAKrD,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,sBAAsB,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAMzD,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,uBAAuB,EAAE,MAAM,CAAC,MAAM,EAAE,QAAQ,CAO5D,CAAC"}

package/dist/scanners/dast/types.js

@@ -0,0 +1,52 @@
+/**
+ * DAST Scanner Types
+ *
+ * Types for Dynamic Application Security Testing integrations
+ * with OWASP ZAP and Nuclei.
+ *
+ * @module scanners/dast/types
+ */
+/**
+ * Default DAST policy
+ */
+export const DEFAULT_DAST_POLICY = {
+    passiveOnly: true,
+    riskThreshold: "medium",
+    maxDuration: 300,
+    ajaxSpider: false,
+    maxDepth: 5,
+    maxChildren: 10,
+    requestDelay: 0,
+    threads: 10,
+};
+/**
+ * Map ZAP risk levels to severity
+ */
+export const ZAP_RISK_MAPPING = {
+    "High": "high",
+    "Medium": "medium",
+    "Low": "low",
+    "Informational": "info",
+};
+/**
+ * Map ZAP confidence levels to numeric values
+ */
+export const ZAP_CONFIDENCE_MAPPING = {
+    "High": 90,
+    "Medium": 70,
+    "Low": 50,
+    "User Confirmed": 100,
+    "Confirmed": 100,
+};
+/**
+ * Map Nuclei severity to vaspera severity
+ */
+export const NUCLEI_SEVERITY_MAPPING = {
+    "critical": "critical",
+    "high": "high",
+    "medium": "medium",
+    "low": "low",
+    "info": "info",
+    "unknown": "info",
+};
+//# sourceMappingURL=types.js.map

package/dist/scanners/dast/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../src/scanners/dast/types.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAkHH;;GAEG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAe;IAC7C,WAAW,EAAE,IAAI;IACjB,aAAa,EAAE,QAAQ;IACvB,WAAW,EAAE,GAAG;IAChB,UAAU,EAAE,KAAK;IACjB,QAAQ,EAAE,CAAC;IACX,WAAW,EAAE,EAAE;IACf,YAAY,EAAE,CAAC;IACf,OAAO,EAAE,EAAE;CACZ,CAAC;AAoPF;;GAEG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAA6B;IACxD,MAAM,EAAE,MAAM;IACd,QAAQ,EAAE,QAAQ;IAClB,KAAK,EAAE,KAAK;IACZ,eAAe,EAAE,MAAM;CACxB,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,sBAAsB,GAA2B;IAC5D,MAAM,EAAE,EAAE;IACV,QAAQ,EAAE,EAAE;IACZ,KAAK,EAAE,EAAE;IACT,gBAAgB,EAAE,GAAG;IACrB,WAAW,EAAE,GAAG;CACjB,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,uBAAuB,GAA6B;IAC/D,UAAU,EAAE,UAAU;IACtB,MAAM,EAAE,MAAM;IACd,QAAQ,EAAE,QAAQ;IAClB,KAAK,EAAE,KAAK;IACZ,MAAM,EAAE,MAAM;IACd,SAAS,EAAE,MAAM;CAClB,CAAC"}

package/dist/scanners/dast/zap.d.ts

@@ -0,0 +1,26 @@
+/**
+ * OWASP ZAP Scanner Integration
+ *
+ * Integrates with OWASP ZAP (Zed Attack Proxy) for dynamic
+ * application security testing.
+ *
+ * @module scanners/dast/zap
+ */
+import type { DASTTarget, DASTPolicy, DASTScanResult, DASTFinding, DASTAvailability, ZAPAlert } from "./types.js";
+/**
+ * Check if ZAP is available
+ */
+export declare function checkZapAvailable(): Promise<DASTAvailability>;
+/**
+ * Parse ZAP JSON output to DASTFinding
+ */
+export declare function parseZapAlerts(alerts: ZAPAlert[]): DASTFinding[];
+/**
+ * Run ZAP scan
+ */
+export declare function runZap(target: DASTTarget, policy?: DASTPolicy): Promise<DASTScanResult>;
+/**
+ * Get ZAP installation instructions
+ */
+export declare function getZapInstallInstructions(): string;
+//# sourceMappingURL=zap.d.ts.map

package/dist/scanners/dast/zap.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"zap.d.ts","sourceRoot":"","sources":["../../../src/scanners/dast/zap.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAIH,OAAO,KAAK,EACV,UAAU,EACV,UAAU,EACV,cAAc,EACd,WAAW,EACX,gBAAgB,EAChB,QAAQ,EAET,MAAM,YAAY,CAAC;AAYpB;;GAEG;AACH,wBAAsB,iBAAiB,IAAI,OAAO,CAAC,gBAAgB,CAAC,CA8InE;AA+LD;;GAEG;AACH,wBAAgB,cAAc,CAAC,MAAM,EAAE,QAAQ,EAAE,GAAG,WAAW,EAAE,CAoBhE;AAED;;GAEG;AACH,wBAAsB,MAAM,CAC1B,MAAM,EAAE,UAAU,EAClB,MAAM,GAAE,UAAe,GACtB,OAAO,CAAC,cAAc,CAAC,CAyGzB;AAED;;GAEG;AACH,wBAAgB,yBAAyB,IAAI,MAAM,CA6BlD"}