/** * @fileoverview Vulnerability type definitions * @module @nahisaho/musubix-security/types/vulnerability * @trace REQ-SEC-SCAN-001, REQ-SEC-SCAN-002, REQ-SEC-SCAN-003 */ /** * OWASP Top 10 (2021) vulnerability categories */ export type OWASPCategory = 'A01:2021' | 'A02:2021' | 'A03:2021' | 'A04:2021' | 'A05:2021' | 'A06:2021' | 'A07:2021' | 'A08:2021' | 'A09:2021' | 'A10:2021' | 'A00:Unknown'; /** * Vulnerability type classification */ export type VulnerabilityType = 'injection' | 'xss' | 'broken-access' | 'broken-auth' | 'sensitive-exposure' | 'xxe' | 'misconfig' | 'insecure-deser' | 'insecure-deserialization' | 'vuln-components' | 'insufficient-logging' | 'ssrf' | 'path-traversal' | 'command-injection' | 'code-injection' | 'open-redirect' | 'prototype-pollution' | 'ldap-injection' | 'redos' | 'race-condition' | 'prompt-injection' | 'dependency' | 'configuration' | 'zero-day' | 'data-flow'; /** * Severity levels for vulnerabilities */ export type Severity = 'critical' | 'high' | 'medium' | 'low' | 'info'; /** * Source code location * @trace DES-SEC-SCAN-001 */ export interface SourceLocation { /** Absolute file path */ file: string; /** Start line number (1-based) */ startLine: number; /** End line number (1-based) */ endLine: number; /** Start column number (0-based) */ startColumn: number; /** End column number (0-based) */ endColumn: number; } /** * Detected vulnerability * @trace REQ-SEC-SCAN-001 */ export interface Vulnerability { /** Unique vulnerability ID (e.g., "VULN-2026-001") */ id: string; /** Vulnerability type classification */ type: VulnerabilityType; /** Severity level */ severity: Severity; /** Related CWE identifiers */ cwes: string[]; /** Related OWASP categories */ owasp?: OWASPCategory[]; /** Source code location */ location: SourceLocation; /** Human-readable description */ description: string; /** Recommended fix */ recommendation: string; /** Detection confidence (0.0 - 1.0) */ confidence: number; /** Rule ID that detected this vulnerability */ ruleId: string; /** Original vulnerable code snippet */ codeSnippet?: string; /** Detection timestamp */ detectedAt: Date; } /** * Scan options * @trace REQ-SEC-SCAN-004 */ export interface ScanOptions { /** Filter by severity levels */ severityFilter?: Severity[]; /** Rulesets to use */ rulesets?: ('owasp-top-10' | 'cwe-top-25' | 'custom')[]; /** File patterns to exclude */ excludePatterns?: string[]; /** Maximum file size in bytes */ maxFileSize?: number; /** Enable incremental scanning */ incremental?: boolean; /** Custom rules directory */ customRulesDir?: string; } /** * Scan result * @trace REQ-SEC-SCAN-001 */ export interface ScanResult { /** Detected vulnerabilities */ vulnerabilities: Vulnerability[]; /** Number of files scanned */ scannedFiles: number; /** Number of files skipped */ skippedFiles: number; /** Scan duration in milliseconds */ duration: number; /** Scan timestamp */ timestamp: Date; /** Scan options used */ options: ScanOptions; /** Summary by severity */ summary: { critical: number; high: number; medium: number; low: number; info: number; total: number; }; } /** * Security rule definition */ export interface SecurityRule { /** Unique rule ID */ id: string; /** Rule name */ name: string; /** Rule description */ description: string; /** Vulnerability type this rule detects */ type: VulnerabilityType; /** Default severity */ severity: Severity; /** Related CWEs */ cwes: string[]; /** Related OWASP categories */ owasp?: OWASPCategory[]; /** AST pattern to match (simplified) */ pattern?: string; /** Detection function name */ detector?: string; /** Whether rule is enabled by default */ enabled: boolean; /** Rule metadata */ metadata?: Record; } //# sourceMappingURL=vulnerability.d.ts.map