mschwager / route-detect

Find authentication (authn) and authorization (authz) security bugs in web application routes.
BSD 3-Clause "New" or "Revised" License
246 stars 16 forks source link

Add file export feature #13

Open Gby56 opened 1 year ago

Gby56 commented 1 year ago

(sorry for the many issues/ideas, love the tool!) It would be nice if we could export some filtered/boiled-down list of extracted APIs. The idea is to put the file in git to detect changes in APIs detected over time, flag new attack surfaces. The Semgrep JSON file is not quite great for that, since it will have variance from simple stuff (line numbers, col, offset of findings, even the lines)

Something like that:

filepath,function,returntype,method,path,authN,authZ
src/somecontroller.java,getUsers,Users,GET,/users,true,true
src/somecontroller.java,getUserById,getUserById,GET,/users/{id},true,false

That way, the file would only change for added/removed paths, or slight changes