core

package
v0.0.0-...-d1533f9 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 28, 2025 License: MIT Imports: 14 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var BusinessLogicPatterns = []Pattern{
	{
		Name:        "Time-of-check Time-of-use (TOCTOU)",
		Description: "Race condition between validation and use",
		Category:    "Race Condition",
		Severity:    "HIGH",
		Test:        testTOCTOU,
	},
	{
		Name:        "Integer Overflow in Calculations",
		Description: "Integer overflow leading to unexpected behavior",
		Category:    "Value Manipulation",
		Severity:    "MEDIUM",
		Test:        testIntegerOverflow,
	},
	{
		Name:        "Race Condition in Resource Allocation",
		Description: "Concurrent access to limited resources",
		Category:    "Race Condition",
		Severity:    "HIGH",
		Test:        testResourceRace,
	},
	{
		Name:        "State Machine Manipulation",
		Description: "Unauthorized state transitions",
		Category:    "State Management",
		Severity:    "HIGH",
		Test:        testStateMachine,
	},
	{
		Name:        "Inconsistent State Validation",
		Description: "Different validation rules across states",
		Category:    "Validation",
		Severity:    "MEDIUM",
		Test:        testInconsistentValidation,
	},
	{
		Name:        "Privilege Escalation Through Workflow",
		Description: "Gaining higher privileges through workflow manipulation",
		Category:    "Authorization",
		Severity:    "CRITICAL",
		Test:        testWorkflowPrivilegeEscalation,
	},
	{
		Name:        "Business Logic Bypass",
		Description: "Bypassing business rules and constraints",
		Category:    "Business Logic",
		Severity:    "HIGH",
		Test:        testBusinessLogicBypass,
	},
}

Common business logic vulnerability patterns

View Source 
var HighValueLogicTests = []logic.TestCase{
	{
		Name:        "Password Reset Token Hijack",
		Description: "Account takeover via host header injection in password reset",
		Category:    logic.CategoryAuthentication,
		Severity:    logic.SeverityCritical,
		Impact:      "Complete account takeover",
		Method:      "POST",
		Expected:    "Host header injection leads to token hijack",
		Remediation: "Validate Host header and use absolute URLs",
	},
	{
		Name:        "Race Condition in Payment Processing",
		Description: "Purchase items for free or reduced price via race condition",
		Category:    logic.CategoryPayment,
		Severity:    logic.SeverityCritical,
		Impact:      "Financial loss due to free purchases",
		Method:      "POST",
		Expected:    "Concurrent requests bypass payment validation",
		Remediation: "Implement proper synchronization for payment processing",
	},
	{
		Name:        "MFA Bypass via Recovery Flow",
		Description: "Complete MFA bypass leading to account takeover",
		Category:    logic.CategoryAuthentication,
		Severity:    logic.SeverityCritical,
		Impact:      "Account takeover bypassing MFA protection",
		Method:      "POST",
		Expected:    "Recovery flow bypasses MFA requirement",
		Remediation: "Ensure MFA is required for all sensitive operations",
	},
	{
		Name:        "IDOR in Password Reset",
		Description: "Reset any user's password via insecure direct object reference",
		Category:    logic.CategoryAuthorization,
		Severity:    logic.SeverityCritical,
		Impact:      "Mass account takeover",
		Method:      "POST",
		Expected:    "Password reset tokens not bound to specific users",
		Remediation: "Bind reset tokens to specific user accounts",
	},
	{
		Name:        "Shopping Cart Price Manipulation",
		Description: "Purchase items at arbitrary prices via parameter manipulation",
		Category:    logic.CategoryPayment,
		Severity:    logic.SeverityHigh,
		Impact:      "Financial loss due to price manipulation",
		Method:      "POST",
		Expected:    "Price parameters can be manipulated client-side",
		Remediation: "Validate all pricing server-side",
	},
	{
		Name:        "Workflow State Bypass",
		Description: "Skip payment or verification steps in multi-step processes",
		Category:    logic.CategoryWorkflow,
		Severity:    logic.SeverityHigh,
		Impact:      "Bypass of critical business logic controls",
		Method:      "GET/POST",
		Expected:    "Direct access to final states without completing prerequisites",
		Remediation: "Implement proper state validation and flow control",
	},
	{
		Name:        "Negative Quantity Logic Flaw",
		Description: "Add negative quantities to cart for credit/refund",
		Category:    logic.CategoryBusinessLogic,
		Severity:    logic.SeverityHigh,
		Impact:      "Financial loss due to negative pricing",
		Method:      "POST",
		Expected:    "Negative quantities result in negative total prices",
		Remediation: "Validate quantity inputs to ensure positive values",
	},
	{
		Name:        "Coupon Stacking Vulnerability",
		Description: "Apply multiple coupons or discounts beyond intended limits",
		Category:    logic.CategoryPayment,
		Severity:    logic.SeverityMedium,
		Impact:      "Financial loss due to excessive discounts",
		Method:      "POST",
		Expected:    "Multiple discount codes can be applied simultaneously",
		Remediation: "Implement proper coupon validation and limits",
	},
	{
		Name:        "Time-based Logic Manipulation",
		Description: "Manipulate timestamps to bypass time-based restrictions",
		Category:    logic.CategoryTemporal,
		Severity:    logic.SeverityMedium,
		Impact:      "Bypass of time-based business rules",
		Method:      "POST",
		Expected:    "Client-provided timestamps are trusted without validation",
		Remediation: "Use server-side timestamps for all time-based logic",
	},
	{
		Name:        "Session Fixation in Workflow",
		Description: "Fix user session during privilege escalation workflows",
		Category:    logic.CategoryAuthentication,
		Severity:    logic.SeverityHigh,
		Impact:      "Account takeover via session fixation",
		Method:      "GET/POST",
		Expected:    "Session ID remains same across privilege changes",
		Remediation: "Regenerate session IDs during privilege escalation",
	},
}

Common high-value logic tests for bug bounties

Functions

This section is empty.

Types

type AllocationResult 

type AllocationResult struct {
	Success      bool   `json:"success"`
	AllocationID string `json:"allocation_id,omitempty"`
	ResourceID   string `json:"resource_id"`
	WorkerID     int    `json:"worker_id"`
}

type BusinessLogicTests 

type BusinessLogicTests struct {
	// State manipulation
	SkipSteps     bool `json:"skip_steps"`
	ReorderSteps  bool `json:"reorder_steps"`
	RepeatSteps   bool `json:"repeat_steps"`
	ParallelSteps bool `json:"parallel_steps"`

	// Value manipulation
	NegativeValues  bool `json:"negative_values"`
	ExtremeValues   bool `json:"extreme_values"`
	TypeConfusion   bool `json:"type_confusion"`
	IntegerOverflow bool `json:"integer_overflow"`

	// Time manipulation
	ExpiredActions    bool `json:"expired_actions"`
	FutureActions     bool `json:"future_actions"`
	TimezoneConfusion bool `json:"timezone_confusion"`

	// Authorization
	CrossUserActions      bool `json:"cross_user_actions"`
	PrivilegeEscalation   bool `json:"privilege_escalation"`
	DirectObjectReference bool `json:"direct_object_reference"`

	// Flow manipulation
	StateRevert         bool `json:"state_revert"`
	ConditionBypass     bool `json:"condition_bypass"`
	ValidationBypass    bool `json:"validation_bypass"`
	WorkflowTermination bool `json:"workflow_termination"`
}

BusinessLogicTests represents all possible business logic vulnerabilities

type CartContents 

type CartContents struct {
	ProductID string  `json:"product_id"`
	Quantity  int     `json:"quantity"`
	Price     float64 `json:"price"`
}

type CartResult 

type CartResult struct {
	Success   bool   `json:"success"`
	Operation string `json:"operation"`
	Quantity  int    `json:"quantity"`
	WorkerID  int    `json:"worker_id"`
}

type FormInfo 

type FormInfo struct {
	Action string            `json:"action"`
	Method string            `json:"method"`
	Fields map[string]string `json:"fields"`
}

type LimitTestResult 

type LimitTestResult struct {
	Success    bool          `json:"success"`
	StatusCode int           `json:"status_code"`
	Response   string        `json:"response"`
	Duration   time.Duration `json:"duration"`
	WorkerID   int           `json:"worker_id"`
}

type LogicTest 

type LogicTest struct {
	Name string
	Test func(target string) *logic.Vulnerability
}

LogicTest represents a business logic test

type LoginResult 

type LoginResult struct {
	Success      bool          `json:"success"`
	StatusCode   int           `json:"status_code"`
	ResponseTime time.Duration `json:"response_time"`
	SessionToken string        `json:"session_token,omitempty"`
	WorkerID     int           `json:"worker_id"`
}

type Pattern 

type Pattern struct {
	Name        string                                              `json:"name"`
	Description string                                              `json:"description"`
	Category    string                                              `json:"category"`
	Severity    string                                              `json:"severity"`
	Test        func(workflow *logic.Workflow) *logic.Vulnerability `json:"-"`
}

Pattern represents a business logic vulnerability pattern

type PaymentResult 

type PaymentResult struct {
	Success       bool    `json:"success"`
	Amount        float64 `json:"amount"`
	TransactionID string  `json:"transaction_id,omitempty"`
	StatusCode    int     `json:"status_code"`
	WorkerID      int     `json:"worker_id"`
}

type RaceConditionTester 

type RaceConditionTester struct {
	// contains filtered or unexported fields
}

RaceConditionTester provides comprehensive race condition testing

func NewRaceConditionTester 

func NewRaceConditionTester(config *logic.TestConfig) *RaceConditionTester

NewRaceConditionTester creates a new race condition tester

func (*RaceConditionTester) TestAllEndpoints 

func (r *RaceConditionTester) TestAllEndpoints(target string) []logic.RaceConditionTest

TestAllEndpoints tests all discovered endpoints for race conditions

type RaceTestFunc 

type RaceTestFunc func(endpoint string, tester *RaceConditionTester) *logic.Vulnerability

RaceTestFunc represents a race condition test function

type SequenceAnalyzer 

type SequenceAnalyzer struct {
	// contains filtered or unexported fields
}

SequenceAnalyzer analyzes workflow sequences for patterns

func NewSequenceAnalyzer 

func NewSequenceAnalyzer() *SequenceAnalyzer

NewSequenceAnalyzer creates a new sequence analyzer

func (*SequenceAnalyzer) AnalyzeSequence 

func (s *SequenceAnalyzer) AnalyzeSequence(states []string) *SequencePattern

AnalyzeSequence analyzes a sequence of states

type SequencePattern 

type SequencePattern struct {
	ID           string    `json:"id"`
	States       []string  `json:"states"`
	Frequency    int       `json:"frequency"`
	LastSeen     time.Time `json:"last_seen"`
	IsValid      bool      `json:"is_valid"`
	IsSuspicious bool      `json:"is_suspicious"`
}

SequencePattern represents a workflow sequence pattern

type StateTracker 

type StateTracker struct {
	// contains filtered or unexported fields
}

StateTracker tracks workflow state transitions

func NewStateTracker 

func NewStateTracker() *StateTracker

NewStateTracker creates a new state tracker

func (*StateTracker) GetAllTransitions 

func (s *StateTracker) GetAllTransitions() []*StateTransition

GetAllTransitions returns all recorded transitions

func (*StateTracker) GetTransition 

func (s *StateTracker) GetTransition(fromState, toState string) *StateTransition

GetTransition gets a recorded transition

func (*StateTracker) RecordTransition 

func (s *StateTracker) RecordTransition(transition *StateTransition)

RecordTransition records a state transition

type StateTransition 

type StateTransition struct {
	FromState   string                 `json:"from_state"`
	ToState     string                 `json:"to_state"`
	Timestamp   time.Time              `json:"timestamp"`
	Parameters  map[string]interface{} `json:"parameters"`
	UserID      string                 `json:"user_id,omitempty"`
	SessionID   string                 `json:"session_id,omitempty"`
	Success     bool                   `json:"success"`
	ErrorReason string                 `json:"error_reason,omitempty"`
}

StateTransition represents a state transition

type WorkflowAnalysis 

type WorkflowAnalysis struct {
	Workflow        *logic.Workflow        `json:"workflow"`
	States          []logic.WorkflowState  `json:"states"`
	Vulnerabilities []logic.Vulnerability  `json:"vulnerabilities"`
	BusinessLogic   BusinessLogicTests     `json:"business_logic"`
	Diagram         string                 `json:"diagram"`
	Summary         string                 `json:"summary"`
	SecurityScore   int                    `json:"security_score"`
	TestDuration    time.Duration          `json:"test_duration"`
	Recommendations []logic.Recommendation `json:"recommendations"`
}

WorkflowAnalysis represents the complete workflow analysis

type WorkflowAnalyzer 

type WorkflowAnalyzer struct {
	// contains filtered or unexported fields
}

WorkflowAnalyzer analyzes multi-step business workflows for vulnerabilities

func NewWorkflowAnalyzer 

func NewWorkflowAnalyzer(config *logic.TestConfig) *WorkflowAnalyzer

NewWorkflowAnalyzer creates a new workflow analyzer

func (*WorkflowAnalyzer) AnalyzeWorkflow 

func (w *WorkflowAnalyzer) AnalyzeWorkflow(startURL string) *WorkflowAnalysis

AnalyzeWorkflow performs comprehensive workflow analysis

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.