UNPKG

@casoon/auditmysite

Version:

Professional website analysis suite with robust accessibility testing, Core Web Vitals performance monitoring, SEO analysis, and content optimization insights. Features isolated browser contexts, retry mechanisms, and comprehensive API endpoints for profe

github.com/casoon/AuditMySite

casoon/AuditMySite

127 lines • 5.19 kB

JavaScript

"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.SecurityIssueCollector = void 0; class SecurityIssueCollector { static collectAll(scanResult) { if (!scanResult || typeof scanResult !== 'object' || !scanResult.tests) return []; const issues = []; const pageUrl = scanResult.url; const pageTitle = undefined; // Security-Scan hat meist keinen Titel const reportType = 'security'; const source = 'security-scan'; const timestamp = scanResult.timestamp; // Hilfsfunktion für Score function getScore(details, key) { if (details && typeof details[key] === 'number') return details[key]; return undefined; } // Für jeden Test (Headers, HTTPS, CSP, Vulnerability) for (const [testKey, testResult] of Object.entries(scanResult.tests)) { if (!testResult) continue; const testName = testKey; const details = testResult.details || {}; const score = getScore(details, `${testKey}Score`) || getScore(details, 'securityScore') || getScore(details, 'httpsScore') || getScore(details, 'cspScore') || getScore(details, 'vulnerabilityScore'); // Fehler (Critical) if (Array.isArray(testResult.errors)) { for (const msg of testResult.errors) { issues.push({ reportType, pageUrl, pageTitle, type: testName, severity: 'error', message: msg, resource: extractResourceFromMessage(msg), score, source, code: undefined, recommendation: undefined, metric: undefined, context: undefined, htmlSnippet: undefined, lineNumber: undefined }); } } // Warnungen if (Array.isArray(testResult.warnings)) { for (const msg of testResult.warnings) { issues.push({ reportType, pageUrl, pageTitle, type: testName, severity: 'warning', message: msg, resource: extractResourceFromMessage(msg), score, source, code: undefined, recommendation: undefined, metric: undefined, context: undefined, htmlSnippet: undefined, lineNumber: undefined }); } } // Infos (z.B. Details, falls keine Fehler/Warnungen) if ((!testResult.errors || testResult.errors.length === 0) && (!testResult.warnings || testResult.warnings.length === 0)) { issues.push({ reportType, pageUrl, pageTitle, type: testName, severity: 'info', message: 'No issues found', resource: undefined, score, source, code: undefined, recommendation: undefined, metric: undefined, context: undefined, htmlSnippet: undefined, lineNumber: undefined }); } } return issues; } } exports.SecurityIssueCollector = SecurityIssueCollector; function extractResourceFromMessage(msg) { // Versuche Header oder Policy aus der Fehlermeldung zu extrahieren const headerMatch = msg.match(/([A-Z][A-Za-z\-]+) header/); if (headerMatch) return headerMatch[1]; if (msg.includes('CSP')) return 'Content Security Policy'; if (msg.includes('HSTS')) return 'Strict-Transport-Security'; if (msg.includes('X-Frame-Options')) return 'X-Frame-Options'; if (msg.includes('X-Content-Type-Options')) return 'X-Content-Type-Options'; if (msg.includes('X-XSS-Protection')) return 'X-XSS-Protection'; if (msg.includes('Referrer Policy')) return 'Referrer-Policy'; if (msg.includes('Permissions Policy')) return 'Permissions-Policy'; if (msg.includes('Cross-Origin Resource Policy')) return 'Cross-Origin-Resource-Policy'; if (msg.includes('Cross-Origin Embedder Policy')) return 'Cross-Origin-Embedder-Policy'; if (msg.includes('Cross-Origin Opener Policy')) return 'Cross-Origin-Opener-Policy'; if (msg.includes('HTTPS')) return 'HTTPS'; if (msg.includes('vulnerability')) return 'Vulnerability'; return undefined; } //# sourceMappingURL=security-issue-collector.js.map