report

package
v0.8.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 6, 2024 License: MIT Imports: 6 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var VulnerabilityReportStatuses = []VulnerabilityReportStatus{
	VulnerabilityReportStatusPassed,
	VulnerabilityReportStatusFailed,
	VulnerabilityReportStatusSkipped,
	VulnerabilityReportStatusNone,
}

Functions

This section is empty.

Types

type CAPEC added in v0.6.1 

type CAPEC string
const (
	CAPEC_31_Manipulating_HTTP_Cookies CAPEC = "CAPEC-31: Accessing/Intercepting/Modifying HTTP Cookies"
)

type CVSS added in v0.6.1 

type CVSS struct {
	Version float64 `json:"version" yaml:"version"`
	Vector  string  `json:"vector" yaml:"vector"`
	Score   float64 `json:"score" yaml:"score"`
}

type CWE added in v0.6.1 

type CWE string
const (
	CWE_16_Configuration CWE = "CWE-16: Configuration"

	CWE_345_Insufficient_Verification_Authenticity   CWE = "CWE-345: Insufficient Verification of Data Authenticity"
	CWE_489_Active_Debug_Code                        CWE = "CWE-489: Active Debug Code"
	CWE_613_Insufficient_Session_Expiration          CWE = "CWE-613: Insufficient Session Expiration"
	CWE_614_Sensitive_Cookie_Without_Secure_Flag     CWE = "CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute"
	CWE_942_Overly_Permissive_CORS_Policy            CWE = "CWE-942: Permissive Cross-domain Policy with Untrusted Domains"
	CWE_1004_Sensitive_Cookie_Without_Http_Only      CWE = "CWE-1004: Sensitive Cookie Without 'HttpOnly' Flag"
	CWE_1021_Improper_Restriction_Rendered_UI        CWE = "CWE-1021: Improper Restriction of Rendered UI Layers or Frames"
	CWE_1275_Sensitive_Cookie_With_Improper_SameSite CWE = "CWE-1275: Sensitive Cookie with Improper SameSite Attribute"
)

type Classifications added in v0.6.1 

type Classifications struct {
	OWASP OWASP `json:"owasp,omitempty" yaml:"owasp,omitempty"`
	CWE   CWE   `json:"cwe,omitempty" yaml:"cwe,omitempty"`
	CAPEC CAPEC `json:"capec,omitempty" yaml:"capec,omitempty"`
}

type Issue added in v0.6.1 

type Issue struct {
	ID   string `json:"id" yaml:"id"`
	Name string `json:"name" yaml:"name"`
	URL  string `json:"url" yaml:"url"`
	CVSS CVSS   `json:"cvss" yaml:"cvss"`

	Classifications *Classifications `json:"classifications,omitempty" yaml:"classifications,omitempty"`
}

type OWASP added in v0.6.1 

type OWASP string
const (
	OWASP_2023_BOLA                            OWASP = "API1:2023 Broken Object Level Authorization"
	OWASP_2023_BrokenAuthentication            OWASP = "API2:2023 Broken Authentication"
	OWASP_2023_BOPL                            OWASP = "API3:2023 Broken Object Property Level Authorization"
	OWASP_2023_UnrestrictedResourceConsumption OWASP = "API4:2023 Unrestricted Resource Consumption"
	OWASP_2023_BFLA                            OWASP = "API5:2023 Broken Function Level Authorization"
	OWASP_2023_UnrestrictedAccessBusiness      OWASP = "API6:2023 Unrestricted Access to Sensitive Business Flows"
	OWASP_2023_SSRF                            OWASP = "API7:2023 Server Side Request Forgery"
	OWASP_2023_SecurityMisconfiguration        OWASP = "API8:2023 Security Misconfiguration"
	OWASP_2023_ImproperInventory               OWASP = "API9:2023 Improper Inventory Management"
	OWASP_2023_UnsafeConsumption               OWASP = "API10:2023 Unsafe Consumption of APIs"
)

type Report added in v0.8.0 

type Report struct {
	ID        string    `json:"id" yaml:"id"`
	Name      string    `json:"name" yaml:"name"`
	StartTime time.Time `json:"startTime" yaml:"startTime"`
	EndTime   time.Time `json:"endTime,omitempty" yaml:"endTime,omitempty"`

	Operation ReportOperation `json:"operation" yaml:"operation"`

	Data  interface{}            `json:"data,omitempty" yaml:"data,omitempty"`
	Scans []ReportScan           `json:"scans" yaml:"scans"`
	Vulns []*VulnerabilityReport `json:"vulnerabilities" yaml:"vulnerabilities"`
}

func NewScanReport 

func NewScanReport(id string, name string, operation *request.Operation) *Report

func (*Report) AddScanAttempt added in v0.8.0 

func (r *Report) AddScanAttempt(a *scan.VulnerabilityScanAttempt) *Report

func (*Report) AddVulnerabilityReport added in v0.8.0 

func (r *Report) AddVulnerabilityReport(vr *VulnerabilityReport) *Report

func (*Report) End added in v0.8.0 

func (r *Report) End() *Report

func (*Report) GetData added in v0.8.0 

func (r *Report) GetData() interface{}

func (*Report) GetErrors added in v0.8.0 

func (r *Report) GetErrors() []error

func (*Report) GetFailedVulnerabilityReports added in v0.8.0 

func (r *Report) GetFailedVulnerabilityReports() []*VulnerabilityReport

func (*Report) GetScanAttempts added in v0.8.0 

func (r *Report) GetScanAttempts() []ReportScan

func (*Report) GetVulnerabilityReports added in v0.8.0 

func (r *Report) GetVulnerabilityReports() []*VulnerabilityReport

func (*Report) HasData added in v0.8.0 

func (r *Report) HasData() bool

func (*Report) HasFailedVulnerabilityReport added in v0.8.0 

func (r *Report) HasFailedVulnerabilityReport() bool

func (*Report) Start added in v0.8.0 

func (r *Report) Start() *Report

func (*Report) WithData added in v0.8.0 

func (r *Report) WithData(data interface{}) *Report

type ReportOperation added in v0.8.0 

type ReportOperation struct {
	ID   string   `json:"id" yaml:"id"`
	Tags []string `json:"tags" yaml:"tags"`

	Method  string         `json:"method" yaml:"method"`
	URL     string         `json:"url" yaml:"url"`
	Cookies []*http.Cookie `json:"cookies,omitempty" yaml:"cookies,omitempty"`
	Header  http.Header    `json:"headers,omitempty" yaml:"headers,omitempty"`

	SecuritySchemes []ReportOperationSecurityScheme `json:"securitySchemes" yaml:"securitySchemes"`
}

type ReportOperationSecurityScheme added in v0.8.0 

type ReportOperationSecurityScheme struct {
	Type   auth.Type       `json:"type" yaml:"type"`
	Scheme auth.SchemeName `json:"scheme" yaml:"scheme"`
	In     *auth.SchemeIn  `json:"in,omitempty" yaml:"in,omitempty"`
	Name   string          `json:"name" yaml:"name"`
}

type ReportRequest added in v0.8.0 

type ReportRequest struct {
	Method  string         `json:"method" yaml:"method"`
	URL     string         `json:"url" yaml:"url"`
	Body    *string        `json:"body,omitempty" yaml:"body,omitempty"`
	Cookies []*http.Cookie `json:"cookies,omitempty" yaml:"cookies,omitempty"`
	Header  http.Header    `json:"headers,omitempty" yaml:"headers,omitempty"`
}

type ReportResponse added in v0.8.0 

type ReportResponse struct {
	StatusCode int            `json:"statusCode" yaml:"statusCode"`
	Body       string         `json:"body" yaml:"body"`
	Cookies    []*http.Cookie `json:"cookies,omitempty" yaml:"cookies,omitempty"`
	Header     http.Header    `json:"headers,omitempty" yaml:"headers,omitempty"`
}

type ReportScan added in v0.8.0 

type ReportScan struct {
	Request  *ReportRequest  `json:"request,omitempty" yaml:"request,omitempty"`
	Response *ReportResponse `json:"response,omitempty" yaml:"response,omitempty"`
	Err      error           `json:"error,omitempty" yaml:"error,omitempty"`
}

type Reporter 

type Reporter struct {
	Reports []*Report `json:"reports"`
}

func NewReporter 

func NewReporter() *Reporter

func (*Reporter) AddReport 

func (rr *Reporter) AddReport(r *Report)

func (*Reporter) GetErrors added in v0.6.1 

func (rr *Reporter) GetErrors() []error

func (*Reporter) GetFailedVulnerabilityReports added in v0.6.1 

func (rr *Reporter) GetFailedVulnerabilityReports() []*VulnerabilityReport

func (*Reporter) GetReportByID added in v0.6.1 

func (rr *Reporter) GetReportByID(id string) *Report

func (*Reporter) GetReports 

func (rr *Reporter) GetReports() []*Report

func (*Reporter) GetReportsByVulnerabilityStatus added in v0.8.1 

func (rr *Reporter) GetReportsByVulnerabilityStatus(status VulnerabilityReportStatus) []*Report

func (*Reporter) GetVulnerabilityReports 

func (rr *Reporter) GetVulnerabilityReports() []*VulnerabilityReport

func (*Reporter) HasHighRiskOrHigherSeverityVulnerability added in v0.6.1 

func (rr *Reporter) HasHighRiskOrHigherSeverityVulnerability() bool

func (*Reporter) HasHigherThanSeverityThresholdVulnerability added in v0.8.0 

func (rr *Reporter) HasHigherThanSeverityThresholdVulnerability(threshold float64) bool

func (*Reporter) HasVulnerability 

func (rr *Reporter) HasVulnerability() bool

type VulnerabilityReport 

type VulnerabilityReport struct {
	Issue  `json:",inline" yaml:",inline"`
	Status VulnerabilityReportStatus `json:"status" yaml:"status"`

	Operation      *request.Operation  `json:"-" yaml:"-"`
	SecurityScheme auth.SecurityScheme `json:"-" yaml:"-"`
}

func NewVulnerabilityReport added in v0.6.1 

func NewVulnerabilityReport(issue Issue) *VulnerabilityReport

func (*VulnerabilityReport) Clone added in v0.6.1 

func (vr *VulnerabilityReport) Clone() *VulnerabilityReport

func (*VulnerabilityReport) Fail added in v0.6.1 

func (vr *VulnerabilityReport) Fail() *VulnerabilityReport

func (*VulnerabilityReport) HasBeenSkipped added in v0.6.1 

func (vr *VulnerabilityReport) HasBeenSkipped() bool

func (*VulnerabilityReport) HasFailed added in v0.6.1 

func (vr *VulnerabilityReport) HasFailed() bool

func (*VulnerabilityReport) HasPassed added in v0.6.1 

func (vr *VulnerabilityReport) HasPassed() bool

func (*VulnerabilityReport) IsCriticalRiskSeverity added in v0.6.1 

func (vr *VulnerabilityReport) IsCriticalRiskSeverity() bool

func (*VulnerabilityReport) IsHighRiskSeverity 

func (vr *VulnerabilityReport) IsHighRiskSeverity() bool

func (*VulnerabilityReport) IsInfoRiskSeverity added in v0.4.2 

func (vr *VulnerabilityReport) IsInfoRiskSeverity() bool

func (*VulnerabilityReport) IsLowRiskSeverity 

func (vr *VulnerabilityReport) IsLowRiskSeverity() bool

func (*VulnerabilityReport) IsMediumRiskSeverity 

func (vr *VulnerabilityReport) IsMediumRiskSeverity() bool

func (*VulnerabilityReport) Pass added in v0.6.1 

func (vr *VulnerabilityReport) Pass() *VulnerabilityReport

func (*VulnerabilityReport) SeverityLevelString added in v0.3.1 

func (vr *VulnerabilityReport) SeverityLevelString() string

func (*VulnerabilityReport) Skip added in v0.6.1 

func (vr *VulnerabilityReport) Skip() *VulnerabilityReport

func (*VulnerabilityReport) String 

func (vr *VulnerabilityReport) String() string

func (*VulnerabilityReport) WithBooleanStatus added in v0.6.1 

func (vr *VulnerabilityReport) WithBooleanStatus(status bool) *VulnerabilityReport

func (*VulnerabilityReport) WithOperation added in v0.4.2 

func (vr *VulnerabilityReport) WithOperation(operation *request.Operation) *VulnerabilityReport

func (*VulnerabilityReport) WithSecurityScheme added in v0.6.1 

func (vr *VulnerabilityReport) WithSecurityScheme(ss auth.SecurityScheme) *VulnerabilityReport

func (*VulnerabilityReport) WithStatus added in v0.6.1 

func (vr *VulnerabilityReport) WithStatus(status VulnerabilityReportStatus) *VulnerabilityReport

type VulnerabilityReportStatus added in v0.6.1 

type VulnerabilityReportStatus string
const (
	VulnerabilityReportStatusPassed  VulnerabilityReportStatus = "passed"
	VulnerabilityReportStatusFailed  VulnerabilityReportStatus = "failed"
	VulnerabilityReportStatusSkipped VulnerabilityReportStatus = "skipped"
	VulnerabilityReportStatusNone    VulnerabilityReportStatus = "none"
)

func (VulnerabilityReportStatus) String added in v0.8.1 

func (vrs VulnerabilityReportStatus) String() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.