Skip to content

Framework reporting #39

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
GovindarajanL merged 4 commits into from
Mar 23, 2025
Merged

Framework reporting #39

GovindarajanL merged 4 commits into from
Mar 23, 2025

Conversation

@GovindarajanL
Copy link
Collaborator

@GovindarajanL GovindarajanL commented Mar 10, 2025

This commit introduces the following reporting classes:

  • Finding: Represents a security finding discovered during a scan.
  • ScanResult: Contains the complete results of a security scan.
  • Severity: Represents the severity level of a security finding.

@GovindarajanL
docs: Add comprehensive framework documentation for contributors and …
dd1fc4e 
…users

- Add FRAMEWORK_OVERVIEW.md explaining capabilities and architecture
- Add ARCHITECTURE.md detailing component design and interfaces

These documents provide clear guidance for new contributors on project
structure, implementation details, and future direction while helping
users understand how to effectively utilize the framework.
@GovindarajanL
docs: Add Apache License 2.0
e71f89b 
Add Apache License 2.0 to formalize the project's open source status.
This license allows users to freely use, modify, distribute, and
contribute to the OWASP API Security Testing Framework while requiring
attribution and providing basic liability protection.
@GovindarajanL
feat(core): Implement advanced configuration and discovery components
25703f3 
Add comprehensive framework components:
- ConfigLoader for flexible configuration from multiple sources
- EndpointDiscoveryService for automatic API endpoint discovery
- Enhanced HttpClient with advanced authentication and proxy support
- Expanded ScanConfig with complete configuration options
- Improved Scanner with optimized thread management

These components provide the foundation for robust API security testing
with support for various authentication methods, automatic endpoint
detection, and flexible configuration options.
@GovindarajanL
feat: Add reporting classes
d3dfbdd 
This commit introduces the following reporting classes:

- Finding: Represents a security finding discovered during a scan.
- ScanResult: Contains the complete results of a security scan.
- Severity: Represents the severity level of a security finding.
cybersreejith
cybersreejith reviewed Mar 23, 2025
View reviewed changes
src/main/java/org/owasp/astf/core/discovery/EndpointDiscoveryService.java

endpoints.add(new EndpointInfo(basePath + "/auth/login", "POST"));
endpoints.add(new EndpointInfo(basePath + "/auth/logout", "POST"));

Copy link
Collaborator

@cybersreejith cybersreejith Mar 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor one - Later, we may need to keep these endpoints ( /users / auth etc...)in property files

@GovindarajanL GovindarajanL merged commit 64136dd into OWASP:main Mar 23, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@cybersreejith cybersreejith cybersreejith approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@GovindarajanL @cybersreejith