UNPKG

bugnitor-security-scanner

Version:

AI-Era Security Scanner: Intelligent automated security review agent specializing in AI-generated vulnerability patterns

github.com/ZunoBotics/bugnitor

ZunoBotics/bugnitor

246 lines 10.8 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.SecurityGrader = void 0; class SecurityGrader { calculateSecurityGrade(findings, totalFiles) { const categoryFindings = this.categorizeFindingsByType(findings); const categoryGrades = this.calculateCategoryGrades(categoryFindings, totalFiles); const overallScore = this.calculateOverallScore(categoryGrades); const overallGrade = this.scoreToGrade(overallScore); const recommendations = this.generateRecommendations(findings, categoryGrades); return { overall: overallGrade, categories: { injection: categoryGrades.injection, access_control: categoryGrades.access_control, sensitive_data: categoryGrades.sensitive_data, cryptography: categoryGrades.cryptography, dependencies: categoryGrades.dependencies, configuration: categoryGrades.configuration }, score: overallScore, recommendations }; } categorizeFindingsByType(findings) { const categories = { injection: [], access_control: [], sensitive_data: [], cryptography: [], dependencies: [], configuration: [] }; for (const finding of findings) { switch (finding.type) { case 'injection': case 'deserialization': categories.injection.push(finding); break; case 'broken_access': categories.access_control.push(finding); break; case 'sensitive_data': categories.sensitive_data.push(finding); break; case 'cryptography': categories.cryptography.push(finding); break; case 'dependency': categories.dependencies.push(finding); break; case 'config': case 'cicd': case 'file_path': case 'memory': categories.configuration.push(finding); break; } } return categories; } calculateCategoryGrades(categoryFindings, totalFiles) { const grades = {}; for (const [category, findings] of Object.entries(categoryFindings)) { const score = this.calculateCategoryScore(findings, totalFiles); grades[category] = this.scoreToGrade(score); } return grades; } calculateCategoryScore(findings, totalFiles) { if (findings.length === 0) return 100; // Weight findings by severity const severityWeights = { critical: 20, high: 10, medium: 5, low: 1 }; let totalWeight = 0; let maxPossibleWeight = 0; for (const finding of findings) { const weight = severityWeights[finding.severity]; totalWeight += weight * finding.confidence; } // Calculate max possible weight based on file count // Assume each file could have at most 1 critical issue maxPossibleWeight = totalFiles * severityWeights.critical; // Calculate penalty percentage const penaltyPercentage = Math.min((totalWeight / maxPossibleWeight) * 100, 100); return Math.max(0, 100 - penaltyPercentage); } calculateOverallScore(categoryGrades) { const gradeValues = { A: 90, B: 80, C: 70, D: 60, F: 50 }; const categoryWeights = { injection: 0.25, // 25% - Most critical access_control: 0.20, // 20% - Very important sensitive_data: 0.20, // 20% - Very important cryptography: 0.15, // 15% - Important dependencies: 0.10, // 10% - Moderate configuration: 0.10 // 10% - Moderate }; let weightedSum = 0; let totalWeight = 0; for (const [category, grade] of Object.entries(categoryGrades)) { if (categoryWeights[category]) { const weight = categoryWeights[category]; const value = gradeValues[grade]; weightedSum += value * weight; totalWeight += weight; } } return Math.round(weightedSum / totalWeight); } scoreToGrade(score) { if (score >= 90) return 'A'; if (score >= 80) return 'B'; if (score >= 70) return 'C'; if (score >= 60) return 'D'; return 'F'; } generateRecommendations(findings, categoryGrades) { const recommendations = []; // Priority recommendations based on critical and high severity issues const criticalFindings = findings.filter(f => f.severity === 'critical'); const highFindings = findings.filter(f => f.severity === 'high'); if (criticalFindings.length > 0) { recommendations.push(`🚨 URGENT: Address ${criticalFindings.length} critical security issues immediately`); // Group critical findings by category const criticalByCategory = this.groupByCategory(criticalFindings); for (const [category, count] of Object.entries(criticalByCategory)) { if (count > 0) { recommendations.push(` • Fix ${count} critical ${this.getCategoryDisplayName(category)} issues`); } } } if (highFindings.length > 0) { recommendations.push(`⚠️ HIGH PRIORITY: Resolve ${highFindings.length} high-severity vulnerabilities`); } // Category-specific recommendations if (categoryGrades.injection === 'F') { recommendations.push('🛡️ Implement input validation and parameterized queries to prevent injection attacks'); } if (categoryGrades.sensitive_data === 'F') { recommendations.push('🔐 Remove hardcoded secrets and implement proper secret management'); } if (categoryGrades.access_control === 'F') { recommendations.push('🔒 Add authorization checks to all sensitive operations'); } if (categoryGrades.cryptography === 'F') { recommendations.push('🔑 Update to strong cryptographic algorithms and secure configurations'); } if (categoryGrades.dependencies === 'F') { recommendations.push('📦 Update vulnerable dependencies and implement dependency scanning'); } if (categoryGrades.configuration === 'F') { recommendations.push('⚙️ Review and secure configuration files and CI/CD pipelines'); } // General recommendations const totalIssues = findings.length; if (totalIssues > 50) { recommendations.push('🔧 Consider implementing automated security testing in CI/CD pipeline'); } if (totalIssues > 20) { recommendations.push('📋 Conduct security code review process for all changes'); } if (findings.some(f => f.confidence < 0.7)) { recommendations.push('🔍 Manual security review recommended for low-confidence findings'); } // Best practices recommendations if (categoryGrades.overall !== 'A') { recommendations.push('📚 Implement security training for development team'); recommendations.push('🔐 Set up regular security scanning and monitoring'); } return recommendations.slice(0, 10); // Limit to top 10 recommendations } groupByCategory(findings) { const counts = {}; for (const finding of findings) { const category = finding.type; counts[category] = (counts[category] || 0) + 1; } return counts; } getCategoryDisplayName(category) { const displayNames = { injection: 'injection', broken_access: 'access control', sensitive_data: 'sensitive data', deserialization: 'deserialization', file_path: 'file/path', memory: 'memory safety', cryptography: 'cryptography', dependency: 'dependency', cicd: 'CI/CD', config: 'configuration' }; return displayNames[category] || category; } generateNextSteps(findings, grade) { const nextSteps = []; // Immediate actions for critical issues const criticalCount = findings.filter(f => f.severity === 'critical').length; const highCount = findings.filter(f => f.severity === 'high').length; if (criticalCount > 0) { nextSteps.push('🚨 IMMEDIATE: Fix all critical vulnerabilities before deployment'); nextSteps.push('🔒 Rotate any exposed secrets or credentials'); nextSteps.push('🛡️ Implement emergency patches for critical security flaws'); } if (highCount > 0) { nextSteps.push('⚠️ HIGH PRIORITY: Schedule remediation of high-severity issues within 1 week'); } // Grade-based recommendations if (grade.overall === 'F') { nextSteps.push('📋 Conduct comprehensive security audit'); nextSteps.push('🔧 Implement security-first development practices'); nextSteps.push('👥 Consider hiring security consultant'); } else if (grade.overall === 'D') { nextSteps.push('📈 Develop security improvement roadmap'); nextSteps.push('🎯 Focus on top 3 vulnerability categories'); } // Automation recommendations if (findings.length > 10) { nextSteps.push('🤖 Set up automated security testing in CI/CD pipeline'); nextSteps.push('📊 Implement security metrics and monitoring'); } // Process improvements nextSteps.push('📚 Train development team on secure coding practices'); nextSteps.push('🔍 Establish regular security code review process'); nextSteps.push('📅 Schedule follow-up security scan in 30 days'); // Dependency management const depFindings = findings.filter(f => f.type === 'dependency'); if (depFindings.length > 0) { nextSteps.push('📦 Set up automated dependency vulnerability scanning'); nextSteps.push('🔄 Establish regular dependency update schedule'); } return nextSteps.slice(0, 8); // Limit to top 8 next steps } } exports.SecurityGrader = SecurityGrader; //# sourceMappingURL=security-grader.js.map