@casoon/auditmysite
Version:
A comprehensive command-line tool for automated accessibility, security, performance, and SEO testing using Playwright and pa11y, based on sitemap URLs
192 lines • 8.31 kB
JavaScript
;
Object.defineProperty(exports, "__esModule", { value: true });
exports.SecurityScanner = void 0;
const security_headers_test_1 = require("../tests/security/security-headers-test");
const https_test_1 = require("../tests/security/https-test");
const csp_test_1 = require("../tests/security/csp-test");
const vulnerability_test_1 = require("../tests/security/vulnerability-test");
class SecurityScanner {
constructor() {
this.securityHeadersTest = new security_headers_test_1.SecurityHeadersTest();
this.httpsTest = new https_test_1.HttpsTest();
this.cspTest = new csp_test_1.CspTest();
this.vulnerabilityTest = new vulnerability_test_1.VulnerabilityTest();
}
async scanPage(page, url, options = {}) {
const timestamp = new Date().toISOString();
const results = {
securityHeaders: null,
https: null,
csp: null,
vulnerability: null
};
try {
// Run Security Headers Test
console.log('🔒 Führe Security-Headers-Test aus...');
results.securityHeaders = await this.securityHeadersTest.run({ page, url, options: {} });
// Run HTTPS Test
console.log('🔐 Führe HTTPS-Compliance-Test aus...');
results.https = await this.httpsTest.run({ page, url, options: {} });
// Run CSP Test (optional für localhost)
const isLocalhost = url.includes('localhost') || url.includes('127.0.0.1');
if (isLocalhost) { // Automatisch für localhost überspringen
console.log(' ⚡ Localhost: CSP-Test übersprungen (nicht relevant für Entwicklung)');
results.csp = {
passed: true,
errors: [],
warnings: ['CSP-Test für localhost übersprungen - nicht relevant für Entwicklung'],
details: { cspScore: 100, skipped: true }
};
}
else {
console.log('🛡️ Führe Content Security Policy Test aus...');
results.csp = await this.cspTest.run({ page, url, options: {} });
}
// Run Vulnerability Test
console.log('🔍 Führe Vulnerability-Scan aus...');
results.vulnerability = await this.vulnerabilityTest.run({ page, url, options: {} });
}
catch (error) {
console.error('Security-Scan fehlgeschlagen:', error);
}
// Calculate overall score
const scores = [
results.securityHeaders?.details?.securityScore || 0,
results.https?.details?.httpsScore || 0,
results.csp?.details?.cspScore || 0,
results.vulnerability?.details?.vulnerabilityScore || 0
];
const overallScore = Math.round(scores.reduce((sum, score) => sum + score, 0) / scores.length);
// Generate summary
const summary = this.generateSummary(results);
// Generate recommendations
const recommendations = this.generateRecommendations(results, overallScore);
return {
url,
timestamp,
overallScore,
tests: results,
summary,
recommendations
};
}
generateSummary(results) {
let totalIssues = 0;
let totalWarnings = 0;
let criticalIssues = 0;
let highIssues = 0;
let mediumIssues = 0;
let lowIssues = 0;
Object.values(results).forEach((result) => {
if (result) {
totalIssues += result.errors?.length || 0;
totalWarnings += result.warnings?.length || 0;
// Categorize issues by priority
const issues = [...(result.errors || []), ...(result.warnings || [])];
issues.forEach((issue) => {
if (issue.includes('critical') || issue.includes('HTTPS') || issue.includes('CSP')) {
criticalIssues++;
}
else if (issue.includes('XSS') || issue.includes('injection') || issue.includes('vulnerability')) {
highIssues++;
}
else if (issue.includes('warning') || issue.includes('recommended')) {
mediumIssues++;
}
else {
lowIssues++;
}
});
}
});
return {
totalIssues,
totalWarnings,
criticalIssues,
highIssues,
mediumIssues,
lowIssues
};
}
generateRecommendations(results, overallScore) {
const recommendations = [];
// Overall score recommendations
if (overallScore < 50) {
recommendations.push('🔴 CRITICAL: Immediate security improvements required');
}
else if (overallScore < 70) {
recommendations.push('🟡 HIGH: Significant security improvements needed');
}
else if (overallScore < 90) {
recommendations.push('🟠 MEDIUM: Some security improvements recommended');
}
else {
recommendations.push('🟢 GOOD: Security posture is strong');
}
// Security Headers recommendations
if (results.securityHeaders) {
const sh = results.securityHeaders;
if (sh.errors?.length > 0) {
recommendations.push('🔒 Implement missing security headers (CSP, HSTS, X-Frame-Options)');
}
if (sh.details?.securityScore < 70) {
recommendations.push('🛡️ Strengthen security header configuration');
}
}
// HTTPS recommendations
if (results.https) {
const https = results.https;
if (https.errors?.length > 0) {
recommendations.push('🔐 Enable HTTPS and fix mixed content issues');
}
if (https.details?.httpsScore < 80) {
recommendations.push('🔒 Improve HTTPS configuration and cookie security');
}
}
// CSP recommendations
if (results.csp) {
const csp = results.csp;
if (csp.errors?.length > 0) {
recommendations.push('🛡️ Implement Content Security Policy');
}
if (csp.details?.cspScore < 80) {
recommendations.push('🔒 Strengthen CSP configuration and remove unsafe directives');
}
}
// Vulnerability recommendations
if (results.vulnerability) {
const vuln = results.vulnerability;
if (vuln.errors?.length > 0) {
recommendations.push('🔍 Address detected vulnerabilities (XSS, injection, etc.)');
}
if (vuln.details?.vulnerabilityScore < 80) {
recommendations.push('🛡️ Improve input validation and security controls');
}
}
// General recommendations
if (overallScore < 90) {
recommendations.push('📋 Conduct regular security audits and penetration testing');
recommendations.push('🔧 Keep all software components updated');
recommendations.push('📚 Implement security training for development team');
}
return recommendations;
}
getTestNames() {
return [
'Security Headers Test',
'HTTPS Compliance Test',
'Content Security Policy Test',
'Vulnerability Scan Test'
];
}
getTestDescriptions() {
return {
'Security Headers Test': 'Checks for essential security headers to protect against common web vulnerabilities',
'HTTPS Compliance Test': 'Checks HTTPS implementation, SSL/TLS configuration, and secure communication',
'Content Security Policy Test': 'Analyzes Content Security Policy implementation and configuration for XSS protection',
'Vulnerability Scan Test': 'Scans for common web vulnerabilities and security weaknesses'
};
}
}
exports.SecurityScanner = SecurityScanner;
//# sourceMappingURL=security-scanner.js.map