sicua
Version:
A tool for analyzing project structure and dependencies
78 lines (77 loc) • 2.23 kB
TypeScript
/**
* Detector for missing security headers in Next.js configuration
*/
import { BaseDetector } from "./BaseDetector";
import { Vulnerability } from "../types/vulnerability.types";
import { AnalysisContext } from "../types/analysis.types";
import { ScanResult } from "../../../types";
export declare class SecurityHeaderDetector extends BaseDetector {
private static readonly SECURITY_HEADER_PATTERNS;
private static readonly REQUIRED_SECURITY_HEADERS;
constructor();
detect(scanResult: ScanResult, context: AnalysisContext): Promise<Vulnerability[]>;
/**
* Check if this is actually a Next.js project
*/
private isNextJsProject;
/**
* Check if security headers might be configured elsewhere (e.g., CDN, reverse proxy)
*/
private hasAlternativeSecurityConfig;
/**
* Analyze Next.js config file for security headers
*/
private analyzeNextConfigFile;
/**
* Find headers configuration in Next.js config
*/
private findHeadersConfiguration;
/**
* Find the main Next.js config object
*/
private findNextConfigObject;
/**
* Find a property in an object literal
*/
private findPropertyInObject;
/**
* Parse headers configuration
*/
private parseHeadersConfiguration;
/**
* Analyze headers function
*/
private analyzeHeadersFunction;
/**
* Analyze headers array
*/
private analyzeHeadersArray;
/**
* Analyze individual header object
*/
private analyzeHeaderObject;
/**
* Identify missing security headers
*/
private identifyMissingSecurityHeaders;
/**
* Fixed identifyInsecureHeaders function with proper type safety
*/
private identifyInsecureHeaders;
/**
* Check if header value is secure
*/
private isHeaderValueSecure;
/**
* Create vulnerability for missing Next.js config file
*/
private createMissingConfigVulnerability;
/**
* Create vulnerability for missing security header
*/
private createMissingHeaderVulnerability;
/**
* Create vulnerability for insecure security header
*/
private createInsecureHeaderVulnerability;
}