agentsqripts/lib/security-vulns/categoryRecommendationProvider.js

Comprehensive static code analysis toolkit for identifying technical debt, security vulnerabilities, performance issues, and code quality problems

/**
 * @file Vulnerability category-specific recommendation provider for targeted security guidance
 * @description Single responsibility: Provide specialized security recommendations tailored to specific vulnerability categories
 * 
 * This provider implements category-specific security guidance that recognizes different
 * vulnerability types require different remediation approaches, tools, and expertise. It
 * serves as a security knowledge base that translates vulnerability categories into
 * actionable, prioritized recommendations for development teams.
 * 
 * Design rationale:
 * - Category-specific recommendations provide targeted guidance for different vulnerability types
 * - Priority-based action items help teams focus remediation efforts effectively
 * - Structured recommendation format enables integration with development workflows
 * - Comprehensive coverage across major vulnerability categories ensures complete guidance
 * - Actionable descriptions provide practical implementation guidance beyond generic advice
 * 
 * Recommendation framework:
 * - Injection attacks: Input validation, parameterized queries, encoding strategies
 * - Authentication issues: Credential management, session security, access controls
 * - Cryptographic flaws: Algorithm upgrades, key management, secure implementation
 * - Logging vulnerabilities: Sensitive data protection, audit trail security
 * - Infrastructure issues: Configuration hardening, dependency management, monitoring
 */

/**
 * Gets recommendations for a specific vulnerability category
 * @param {string} category - Vulnerability category
 * @param {Array<Object>} vulnerabilities - Vulnerabilities in this category
 * @returns {Array<Object>} Category-specific recommendations
 */
function getCategoryRecommendations(category, vulnerabilities) {
  const categoryAdvice = {
    injection: [
      {
        priority: 'HIGH',
        action: 'Implement input validation and parameterized queries',
        description: 'Use prepared statements and validate all user input'
      }
    ],
    authentication: [
      {
        priority: 'HIGH',
        action: 'Remove hardcoded credentials',
        description: 'Store sensitive data in environment variables or secure vaults'
      }
    ],
    cryptography: [
      {
        priority: 'MEDIUM',
        action: 'Upgrade cryptographic algorithms',
        description: 'Use modern, secure algorithms like AES, SHA-256, or bcrypt'
      }
    ],
    logging: [
      {
        priority: 'MEDIUM',
        action: 'Review logging practices',
        description: 'Ensure sensitive data is not logged in plain text'
      }
    ]
  };
  
  return categoryAdvice[category] || [];
}

module.exports = {
  getCategoryRecommendations
};