/** * Security Testing Framework * * Provides comprehensive security testing utilities, penetration * testing helpers, and automated security regression tests for * the qtests testing framework. */ /** * Security test case interface */ export interface SecurityTestCase { name: string; description: string; category: 'input_validation' | 'injection' | 'authentication' | 'authorization' | 'cryptography' | 'configuration' | 'session' | 'xss' | 'csrf'; severity: 'low' | 'medium' | 'high' | 'critical'; test: () => SecurityTestResult; } /** * Security test result interface */ export interface SecurityTestResult { passed: boolean; description: string; details: string; vulnerabilities: string[]; recommendations: string[]; executionTime: number; } /** * Penetration testing utilities */ export declare class PenetrationTester { private readonly payloads; /** * Test XSS vulnerabilities. * @param input - A string template containing {{payload}} where each XSS payload will be * substituted, OR a callback function that receives the raw payload and returns the * processed/sanitized output to be checked. * @param sanitize - When using string template mode, run the built-in sanitizer before checking. */ testXSS(input: string | ((payload: string) => string), sanitize?: boolean): SecurityTestResult; /** * Test SQL injection vulnerabilities. * @param query - A string template containing {{param}} where each SQL payload will be * substituted, OR a callback function that receives the raw payload and returns the * processed output to be checked. * @param parametrize - When using string template mode, suppress keyword detection (simulates * parameterized queries). Set to false to detect unparameterized vulnerabilities. */ testSQLInjection(query: string | ((payload: string) => string), parametrize?: boolean): SecurityTestResult; /** * Test path traversal vulnerabilities. * @param path - A string template containing {{path}} where each traversal payload will be * substituted, OR a callback function that receives the raw payload and returns the * processed output to be checked. * @param validate - When using string template mode, run the built-in path validator first. */ testPathTraversal(path: string | ((payload: string) => string), validate?: boolean): SecurityTestResult; /** * Test command injection vulnerabilities. * @param command - A string template containing {{arg}} where each injection payload will be * substituted, OR a callback function that receives the raw payload and returns the * processed output to be checked. * @param validate - When using string template mode, run the built-in command validator first. */ testCommandInjection(command: string | ((payload: string) => string), validate?: boolean): SecurityTestResult; /** * Run comprehensive penetration test */ runPenetrationTest(target: { inputEndpoint?: string; queryEndpoint?: string; pathEndpoint?: string; commandEndpoint?: string; }): SecurityTestResult[]; } /** * Automated security regression test suite */ export declare class SecurityRegressionTester { private readonly testCases; /** * Run all security regression tests */ runAllTests(): SecurityTestResult[]; /** * Run tests by category */ runTestsByCategory(category: string): SecurityTestResult[]; /** * Generate security test report */ generateReport(results: SecurityTestResult[]): string; /** * Generate consolidated recommendations */ private generateRecommendations; } export declare const penetrationTester: PenetrationTester; export declare const securityRegressionTester: SecurityRegressionTester; /** * Convenience function to run full security test suite */ export declare function runFullSecurityTest(): SecurityTestResult[]; /** * Convenience function to generate security test report */ export declare function generateSecurityTestReport(results?: SecurityTestResult[]): string; //# sourceMappingURL=SecurityTestingFramework.d.ts.map