Documentation
¶
Index ¶
- Constants
- func AlgNoneJwtScanHandler(operation *request.Operation, ss auth.SecurityScheme) (*report.ScanReport, error)
- func BlankSecretScanHandler(operation *request.Operation, ss auth.SecurityScheme) (*report.ScanReport, error)
- func NotVerifiedScanHandler(operation *request.Operation, ss auth.SecurityScheme) (*report.ScanReport, error)
- func NullSignatureScanHandler(operation *request.Operation, ss auth.SecurityScheme) (*report.ScanReport, error)
- func ShouldBeScanned(securitySheme auth.SecurityScheme) bool
- func WeakHMACSecretScanHandler(o *request.Operation, ss auth.SecurityScheme) (*report.ScanReport, error)
Constants ¶
View Source
const ( AlgNoneJwtScanID = "jwt.alg_none" AlgNoneJwtScanName = "JWT None Algorithm" AlgNoneVulnerabilitySeverityLevel = 9 AlgNoneVulnerabilityOWASP2023Category = report.OWASP2023BrokenAuthCategory AlgNoneVulnerabilityID = "broken_authentication.jwt_alg_none" AlgNoneVulnerabilityName = "JWT None Algorithm" AlgNoneVulnerabilityURL = "https://vulnapi.cerberauth.com/docs/vulnerabilities/broken-authentication/jwt-alg-none/?utm_source=vulnapi" )
View Source
const ( BlankSecretVulnerabilityScanID = "jwt.blank_secret" BlankSecretVulnerabilityScanName = "JWT Blank Secret" BlankSecretVulnerabilitySeverityLevel = 9 BlankSecretVulnerabilityOWASP2023Category = report.OWASP2023BrokenAuthCategory BlankSecretVulnerabilityID = "broken_authentication.jwt_blank_secret" BlankSecretVulnerabilityName = "JWT Blank Secret" BlankSecretVulnerabilityURL = "https://vulnapi.cerberauth.com/docs/vulnerabilities/broken-authentication/jwt-blank-secret/?utm_source=vulnapi" )
View Source
const ( NotVerifiedJwtScanID = "jwt.not_verified" NotVerifiedJwtScanName = "JWT Not Verified" NotVerifiedVulnerabilitySeverityLevel = 9 NotVerifiedVulnerabilityOWASP2023Category = report.OWASP2023BrokenAuthCategory NotVerifiedVulnerabilityID = "broken_authentication.jwt_not_verified" NotVerifiedVulnerabilityName = "JWT Not Verified" NotVerifiedVulnerabilityURL = "" )
View Source
const ( NullSignatureScanID = "jwt.null_signature" NullSignatureScanName = "JWT Null Signature" NullSigVulnerabilitySeverityLevel = 9 NullSigVulnerabilityOWASP2023Category = report.OWASP2023BrokenAuthCategory NullSigVulnerabilityID = "broken_authentication.jwt_null_signature" NullSigVulnerabilityName = "JWT Null Signature" NullSigVulnerabilityURL = "" )
View Source
const ( WeakSecretVulnerabilityScanID = "jwt.weak_secret" WeakSecretVulnerabilityScanName = "JWT Weak Secret" WeakSecretVulnerabilitySeverityLevel = 9 WeakSecretVulnerabilityOWASP2023Category = report.OWASP2023BrokenAuthCategory WeakSecretVulnerabilityID = "broken_authentication.jwt_weak_secret" WeakSecretVulnerabilityName = "JWT Weak Secret" WeakSecretVulnerabilityURL = "" )
Variables ¶
This section is empty.
Functions ¶
func AlgNoneJwtScanHandler ¶
func AlgNoneJwtScanHandler(operation *request.Operation, ss auth.SecurityScheme) (*report.ScanReport, error)
func BlankSecretScanHandler ¶
func BlankSecretScanHandler(operation *request.Operation, ss auth.SecurityScheme) (*report.ScanReport, error)
func NotVerifiedScanHandler ¶
func NotVerifiedScanHandler(operation *request.Operation, ss auth.SecurityScheme) (*report.ScanReport, error)
func NullSignatureScanHandler ¶
func NullSignatureScanHandler(operation *request.Operation, ss auth.SecurityScheme) (*report.ScanReport, error)
func ShouldBeScanned ¶ added in v0.4.2
func ShouldBeScanned(securitySheme auth.SecurityScheme) bool
func WeakHMACSecretScanHandler ¶ added in v0.4.3
func WeakHMACSecretScanHandler(o *request.Operation, ss auth.SecurityScheme) (*report.ScanReport, error)
Types ¶
This section is empty.
Source Files
Click to show internal directories.
Click to hide internal directories.