spec

package

v1.0.0 Latest Latest Go to latest Published: Apr 12, 2026 License: MIT Imports: 7 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/RevoltSecurities/apistrike

Links

Open Source Insights

Documentation ¶

Index ¶

func CategoryInfo(cat OWASPCategory) (name, severity, description string)
type ClassifiedEndpoint
- func Classify(endpoints []Endpoint, cfg *config.Config) []ClassifiedEndpoint
type Endpoint
type LoadedSpec
- func Load(pathOrURL string) (*LoadedSpec, error)
type OWASPCategory
type Param

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func CategoryInfo ¶

func CategoryInfo(cat OWASPCategory) (name, severity, description string)

CategoryInfo returns human-readable name, default severity, and description for an OWASP category.

Types ¶

type ClassifiedEndpoint ¶

type ClassifiedEndpoint struct {
	Endpoint
	Categories []OWASPCategory
}

ClassifiedEndpoint is an endpoint with its OWASP risk categories

func Classify ¶

func Classify(endpoints []Endpoint, cfg *config.Config) []ClassifiedEndpoint

Classify assigns OWASP API Top 10 categories to every endpoint.

type Endpoint ¶

type Endpoint struct {
	Path           string
	Method         string
	OperationID    string
	Summary        string
	RequiresAuth   bool
	PathParams     []Param
	QueryParams    []Param
	BodyParams     []Param
	ResponseFields []string
	Tags           []string
}

Endpoint represents a single API endpoint parsed from OpenAPI spec

func (*Endpoint) AllParams ¶

func (self *Endpoint) AllParams() []Param

AllParams returns all injectable params across all locations

func (*Endpoint) HasPathID ¶

func (self *Endpoint) HasPathID() bool

HasPathID returns true if endpoint has at least one path parameter

func (*Endpoint) IsAdminPath ¶

func (self *Endpoint) IsAdminPath(patterns []string) bool

IsAdminPath checks if path matches admin glob patterns

func (*Endpoint) IsWriteOperation ¶

func (self *Endpoint) IsWriteOperation() bool

IsWriteOperation returns true for state-changing methods (POST/PUT/PATCH/DELETE)

type LoadedSpec ¶

type LoadedSpec struct {
	Doc       *openapi3.T
	Endpoints []Endpoint
	BaseURL   string
}

LoadedSpec holds the parsed OpenAPI document and extracted endpoints.

func Load ¶

func Load(pathOrURL string) (*LoadedSpec, error)

Load parses an OpenAPI spec from a file path or URL.

type OWASPCategory ¶

type OWASPCategory string

OWASPCategory represents an OWASP API Security Top 10 category

const (
	API1_BOLA        OWASPCategory = "api1-bola"
	API2_BROKEN_AUTH OWASPCategory = "api2-broken-auth"
	API3_BROKEN_OPL  OWASPCategory = "api3-broken-object-property"
	API4_RATE_LIMIT  OWASPCategory = "api4-rate-limit"
	API5_BFLA        OWASPCategory = "api5-bfla"
	API6_MASS_ASSIGN OWASPCategory = "api6-mass-assignment"
	API7_MISCONFIG   OWASPCategory = "api7-misconfig"
	API8_INJECTION   OWASPCategory = "api8-injection"
	API9_SSRF        OWASPCategory = "api9-ssrf"
)

type Param ¶

type Param struct {
	Name     string
	Type     string // string|integer|number|boolean|object|array
	Required bool
	In       string // path|query|header|cookie|body
	Example  string
}

Param represents a single parameter (path, query, or body field)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL