@casoon/auditmysite
Version:
Professional website analysis suite with robust accessibility testing, Core Web Vitals performance monitoring, SEO analysis, and content optimization insights. Features isolated browser contexts, retry mechanisms, and comprehensive API endpoints for profe
189 lines • 8.01 kB
JavaScript
;
Object.defineProperty(exports, "__esModule", { value: true });
exports.SecurityScanner = void 0;
const security_1 = require("../tests/security");
class SecurityScanner {
constructor() {
this.securityHeadersTest = new security_1.SecurityHeadersTest();
this.httpsTest = new security_1.HttpsTest();
this.cspTest = new security_1.CspTest();
this.vulnerabilityTest = new security_1.VulnerabilityTest();
}
async scanPage(page, url, options = {}) {
const timestamp = new Date().toISOString();
const results = {
securityHeaders: null,
https: null,
csp: null,
vulnerability: null
};
try {
// Run Security Headers Test
console.log('🔒 Running Security Headers Test...');
results.securityHeaders = await this.securityHeadersTest.run({ page, url, options: {} });
// Run HTTPS Test
console.log('🔐 Running HTTPS Compliance Test...');
results.https = await this.httpsTest.run({ page, url, options: {} });
// Run CSP Test (optional for localhost)
const isLocalhost = url.includes('localhost') || url.includes('127.0.0.1');
if (isLocalhost) { // Automatically skip for localhost
console.log(' ⚡ Localhost: CSP test skipped (not relevant for development)');
results.csp = {
passed: true,
errors: [],
warnings: ['CSP test skipped for localhost - not relevant for development'],
details: { cspScore: 100, skipped: true }
};
}
else {
console.log('🛡️ Running Content Security Policy Test...');
results.csp = await this.cspTest.run({ page, url, options: {} });
}
// Run Vulnerability Test
console.log('🔍 Running Vulnerability Scan...');
results.vulnerability = await this.vulnerabilityTest.run({ page, url, options: {} });
}
catch (error) {
console.error('Security scan failed:', error);
}
// Calculate overall score
const scores = [
results.securityHeaders?.details?.securityScore || 0,
results.https?.details?.httpsScore || 0,
results.csp?.details?.cspScore || 0,
results.vulnerability?.details?.vulnerabilityScore || 0
];
const overallScore = Math.round(scores.reduce((sum, score) => sum + score, 0) / scores.length);
// Generate summary
const summary = this.generateSummary(results);
// Generate recommendations
const recommendations = this.generateRecommendations(results, overallScore);
return {
url,
timestamp,
overallScore,
tests: results,
summary,
recommendations
};
}
generateSummary(results) {
let totalIssues = 0;
let totalWarnings = 0;
let criticalIssues = 0;
let highIssues = 0;
let mediumIssues = 0;
let lowIssues = 0;
Object.values(results).forEach((result) => {
if (result) {
totalIssues += result.errors?.length || 0;
totalWarnings += result.warnings?.length || 0;
// Categorize issues by priority
const issues = [...(result.errors || []), ...(result.warnings || [])];
issues.forEach((issue) => {
if (issue.includes('critical') || issue.includes('HTTPS') || issue.includes('CSP')) {
criticalIssues++;
}
else if (issue.includes('XSS') || issue.includes('injection') || issue.includes('vulnerability')) {
highIssues++;
}
else if (issue.includes('warning') || issue.includes('recommended')) {
mediumIssues++;
}
else {
lowIssues++;
}
});
}
});
return {
totalIssues,
totalWarnings,
criticalIssues,
highIssues,
mediumIssues,
lowIssues
};
}
generateRecommendations(results, overallScore) {
const recommendations = [];
// Overall score recommendations
if (overallScore < 50) {
recommendations.push('🔴 CRITICAL: Immediate security improvements required');
}
else if (overallScore < 70) {
recommendations.push('🟡 HIGH: Significant security improvements needed');
}
else if (overallScore < 90) {
recommendations.push('🟠 MEDIUM: Some security improvements recommended');
}
else {
recommendations.push('🟢 GOOD: Security posture is strong');
}
// Security Headers recommendations
if (results.securityHeaders) {
const sh = results.securityHeaders;
if (sh.errors?.length > 0) {
recommendations.push('🔒 Implement missing security headers (CSP, HSTS, X-Frame-Options)');
}
if (sh.details?.securityScore < 70) {
recommendations.push('🛡️ Strengthen security header configuration');
}
}
// HTTPS recommendations
if (results.https) {
const https = results.https;
if (https.errors?.length > 0) {
recommendations.push('🔐 Enable HTTPS and fix mixed content issues');
}
if (https.details?.httpsScore < 80) {
recommendations.push('🔒 Improve HTTPS configuration and cookie security');
}
}
// CSP recommendations
if (results.csp) {
const csp = results.csp;
if (csp.errors?.length > 0) {
recommendations.push('🛡️ Implement Content Security Policy');
}
if (csp.details?.cspScore < 80) {
recommendations.push('🔒 Strengthen CSP configuration and remove unsafe directives');
}
}
// Vulnerability recommendations
if (results.vulnerability) {
const vuln = results.vulnerability;
if (vuln.errors?.length > 0) {
recommendations.push('🔍 Address detected vulnerabilities (XSS, injection, etc.)');
}
if (vuln.details?.vulnerabilityScore < 80) {
recommendations.push('🛡️ Improve input validation and security controls');
}
}
// General recommendations
if (overallScore < 90) {
recommendations.push('📋 Conduct regular security audits and penetration testing');
recommendations.push('🔧 Keep all software components updated');
recommendations.push('📚 Implement security training for development team');
}
return recommendations;
}
getTestNames() {
return [
'Security Headers Test',
'HTTPS Compliance Test',
'Content Security Policy Test',
'Vulnerability Scan Test'
];
}
getTestDescriptions() {
return {
'Security Headers Test': 'Checks for essential security headers to protect against common web vulnerabilities',
'HTTPS Compliance Test': 'Checks HTTPS implementation, SSL/TLS configuration, and secure communication',
'Content Security Policy Test': 'Analyzes Content Security Policy implementation and configuration for XSS protection',
'Vulnerability Scan Test': 'Scans for common web vulnerabilities and security weaknesses'
};
}
}
exports.SecurityScanner = SecurityScanner;
//# sourceMappingURL=security-scanner.js.map