mockforge_bench/owasp_api/mod.rs
1//! OWASP API Security Top 10 (2023) Testing Module
2//!
3//! This module provides automated security testing based on the
4//! OWASP API Security Top 10 (2023) categories:
5//!
6//! - **API1**: Broken Object Level Authorization (BOLA)
7//! - **API2**: Broken Authentication
8//! - **API3**: Broken Object Property Level Authorization
9//! - **API4**: Unrestricted Resource Consumption
10//! - **API5**: Broken Function Level Authorization
11//! - **API6**: Unrestricted Access to Sensitive Business Flows
12//! - **API7**: Server Side Request Forgery (SSRF)
13//! - **API8**: Security Misconfiguration
14//! - **API9**: Improper Inventory Management
15//! - **API10**: Unsafe Consumption of APIs
16//!
17//! # Usage
18//!
19//! ```bash
20//! # Full OWASP API Top 10 scan
21//! mockforge bench --spec api.yaml --target https://api.example.com \
22//! --owasp-api-top10 \
23//! --owasp-auth-header "Authorization"
24//!
25//! # Specific categories only
26//! mockforge bench --spec api.yaml --target https://api.example.com \
27//! --owasp-api-top10 \
28//! --owasp-categories "api1,api2,api7"
29//! ```
30//!
31//! # Example
32//!
33//! ```ignore
34//! use mockforge_bench::owasp_api::{OwaspApiConfig, OwaspCategory};
35//!
36//! let config = OwaspApiConfig::new()
37//! .with_categories([OwaspCategory::Api1Bola, OwaspCategory::Api7Ssrf])
38//! .with_auth_header("X-Auth-Token")
39//! .with_valid_auth_token("Bearer secret123");
40//!
41//! // Generate k6 test script
42//! let generator = OwaspApiGenerator::new(config, &spec);
43//! let script = generator.generate()?;
44//! ```
45
46pub mod categories;
47pub mod config;
48pub mod generator;
49pub mod payloads;
50pub mod report;
51pub mod validators;
52
53// Re-export commonly used types
54pub use categories::{OwaspCategory, Severity};
55pub use config::{
56 AuthToken, DiscoveryConfig, OwaspApiConfig, RateLimitConfig, ReportFormat, SsrfConfig,
57};
58pub use generator::OwaspApiGenerator;
59pub use payloads::{OwaspPayload, OwaspPayloadGenerator};
60pub use report::{OwaspFinding, OwaspReport, OwaspScanInfo, OwaspSummary};
61pub use validators::{OwaspValidator, ValidationResult};