secureCodeBox/secureCodeBox-v2-alpha

View on GitHub
scanners/nikto/parser/parser.js

Summary

Maintainability
B
6 hrs
Test Coverage
B
83%
const INFORMATIONAL = "INFORMATIONAL";
const LOW = "LOW";
const MEDIUM = "MEDIUM";
const HIGH = "HIGH";
/**
* Sorts Nikto findings into Categories
*
* @param {string} category
*/
Function `categorize` has a Cognitive Complexity of 14 (exceeds 5 allowed). Consider refactoring.
function categorize({ id }) {
if (id === 999957) {
return ["X-Frame-Options Header", LOW];
} else if (id === 999102) {
return ["X-XSS-Protection", LOW];
} else if (id === 999100) {
return ["Uncommon Header", INFORMATIONAL];
} else if (id === 999996) {
return ["robots.txt", INFORMATIONAL];
} else if (id === 740001) {
Avoid too many `return` statements within this function.
return ["Potential Backup File", INFORMATIONAL];
} else if (id === 999103) {
Avoid too many `return` statements within this function.
return ["X-Content-Type-Options Header", INFORMATIONAL];
} else if (id === 521000) {
Avoid too many `return` statements within this function.
return ["Path Traversal", HIGH];
} else if (id >= 600000 && id < 700000) {
Avoid too many `return` statements within this function.
return ["Outdated Software", MEDIUM];
} else if (id >= 800000 && id < 900000) {
Avoid too many `return` statements within this function.
return ["Identified Software", INFORMATIONAL];
} else if (id >= 0 && id < 100000) {
Avoid too many `return` statements within this function.
return ["Potential Vulnerability", HIGH];
} else if (id >= 500017 && id < 600000) {
Avoid too many `return` statements within this function.
return ["Identified Software", INFORMATIONAL];
} else if (id >= 300000 && id < 400000) {
Avoid too many `return` statements within this function.
return ["Embedded Device", INFORMATIONAL];
}
 
Avoid too many `return` statements within this function.
return ["Nikto Finding", INFORMATIONAL];
}
 
async function parse({ host, ip, port: portString, banner, vulnerabilities }) {
const port = parseInt(portString, 10);
 
return vulnerabilities.filter(Boolean).map(({ id, method, url, msg }) => {
const niktoId = parseInt(id, 10);
 
const [category, severity] = categorize({ id: niktoId });
 
// We can only guess at this point. Nikto doesn't tell use anymore :(
const protocol = port === 443 || port === 8443 ? "https" : "http";
 
return {
name: msg.trimRight(),
description: null,
category,
location: `${protocol}://${host}${url}`,
osi_layer: "NETWORK",
severity,
attributes: {
ip_address: ip,
hostname: host,
banner,
method,
port,
niktoId,
},
};
});
}
 
module.exports.parse = parse;