zhongwei/gh-jeremylongshore-claude-code-plugins-plus-plugins-api-development-api-security-scanner
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c2df1fb3c618caca8a991a37994c92a5b1b825ce
gh-jeremylongshore-claude-c…/skills/skill-adapter/assets/example_api_response.json
Zhongwei Li c2df1fb3c6 Initial commit
2025-11-29 18:52:40 +08:00

75 lines
5.5 KiB
JSON
Raw Blame History

{
"_comment": "Example API response from a security scan",
"scan_id": "api-scan-2024-10-27-123456",
"target_url": "https://example.com/api/v1",
"scan_start_time": "2024-10-27T14:00:00Z",
"scan_end_time": "2024-10-27T14:15:00Z",
"scan_status": "completed",
"vulnerabilities": [
{
"vulnerability_id": "API1:2023 Broken Object Level Authorization",
"name": "Broken Object Level Authorization",
"severity": "High",
"description": "API endpoints are vulnerable to broken object level authorization. Attackers can access objects belonging to other users by manipulating object IDs.",
"owasp_category": "OWASP API Security Top 10",
"cwe_id": "CWE-285",
"affected_endpoint": "/users/{user_id}",
"http_method": "GET",
"parameter": "user_id",
"payload": "12345",
"evidence": "Returned user data for user_id 98765 when authenticated as user_id 12345.",
"remediation": "Implement proper authorization checks to ensure users can only access objects they own or have permission to access. Use parameterized queries and avoid direct object references. Consider using a Role-Based Access Control (RBAC) system.",
"references": [
"https://owasp.org/API-Security/editions/2023/en/0xa1-broken-object-level-authorization/",
"https://cwe.mitre.org/data/definitions/285.html"
],
"status": "open"
},
{
"vulnerability_id": "API4:2023 Unrestricted Resource Consumption",
"name": "Unrestricted Resource Consumption",
"severity": "Medium",
"description": "API is vulnerable to unrestricted resource consumption. Attackers can exhaust server resources by sending a large number of requests or large payloads.",
"owasp_category": "OWASP API Security Top 10",
"cwe_id": "CWE-400",
"affected_endpoint": "/search",
"http_method": "POST",
"parameter": "query",
"payload": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
"evidence": "Server response time increased significantly after sending a large number of requests with large payloads.",
"remediation": "Implement rate limiting, pagination, and input validation to prevent resource exhaustion. Consider using a Content Delivery Network (CDN) to cache static content.",
"references": [
"https://owasp.org/API-Security/editions/2023/en/0xa4-unrestricted-access-to-sensitive-business-flows/",
"https://cwe.mitre.org/data/definitions/400.html"
],
"status": "open"
},
{
"_comment": "Example of a low severity issue",
"vulnerability_id": "API9:2023 Improper Assets Management",
"name": "Improper Assets Management",
"severity": "Low",
"description": "API lacks proper assets management. Debug endpoints are exposed in production.",
"owasp_category": "OWASP API Security Top 10",
"cwe_id": "CWE-1173",
"affected_endpoint": "/debug/healthcheck",
"http_method": "GET",
"parameter": null,
"payload": null,
"evidence": "Debug endpoint /debug/healthcheck is accessible without authentication in production.",
"remediation": "Disable or remove debug endpoints from production environment. Implement proper authentication and authorization for sensitive endpoints.",
"references": [
"https://owasp.org/API-Security/editions/2023/en/0xa9-improper-assets-management/",
"https://cwe.mitre.org/data/definitions/1173.html"
],
"status": "open"
}
],
"scan_summary": {
"total_vulnerabilities": 3,
"high_severity": 1,
"medium_severity": 1,
"low_severity": 1,
"info_severity": 0
}
}
Reference in New Issue View Git Blame Copy Permalink