René's URL Explorer Experiment

{"@context":"https://schema.org","@type":"DiscussionForumPosting","headline":"Add a typo3 security vulnerability scanner","articleBody":"## 🚓  New Scanner implementation request\r\n\u003c!--\r\nThank you for contributing to our project 🙌\r\n\r\nBefore opening a new issue, please make sure that we do not have any duplicates already open. You can ensure this by searching the issue list for this repository. If there is a duplicate, please close your issue and add a comment to the existing issue instead. Also, please, have a look at our FAQs and existing questions before opening a new question.\r\n--\u003e\r\n\r\n### Is your feature request related to a problem\r\n\u003c!-- Please describe a clear and concise description of what the problem is. \r\n     Use commmon user story patterns like https://en.wikipedia.org/wiki/User_story:\r\n      - As a \u003crole\u003e I can \u003ccapability\u003e, so that \u003creceive benefit\u003e\r\n      - In order to \u003creceive benefit\u003e as a \u003crole\u003e, I can \u003cgoal/desire\u003e\r\n      - As \u003cwho\u003e \u003cwhen\u003e \u003cwhere\u003e, I \u003cwant\u003e because \u003cwhy\u003e\r\n     For example... As a secureCodeBox user i'm always frustrated when [...] --\u003e\r\nAs a security analyst i would like to use the secureCodeBox to check my external attack surface. Especially CMS systems like Wordpress or Typo3 are common systems that may introduce new vulnerabilites on a regular basis. \r\n\r\nThe BlogPost of @JavanXD https://javan.de/securing-typo3-cms-new-security-scanner/ also motivates this topic.\r\n\r\n### Describe the solution you'd like\r\n\u003c!-- A clear and concise description of what you want to happen. --\u003e\r\nSince the secureCodeBox already supports the Wordpress scanner WPScan it would be great to also add at least one Typo3 scanner. There are two candidates (referring to the blog post):\r\n- https://github.com/JavanXD/Typo3AccessChecker – Check if Typo3 security guidelines are followed.\r\n- https://github.com/whoot/Typo3Scan – Typo3 Enumerator: Enumerates extensions to gain information about outdated and \r\n\r\n### Describe alternatives you've considered\r\n\u003c!-- A clear and concise description of any alternative solutions or features you've considered. --\u003e\r\n\r\n### Additional context\r\n\u003c!-- Add any other context or screenshots about the feature request here. --\u003e\r\n- https://javan.de/securing-typo3-cms-new-security-scanner/\r\n- https://github.com/JavanXD/Typo3AccessChecker – Check if Typo3 security guidelines are followed.\r\n- https://github.com/whoot/Typo3Scan – Typo3 Enumerator: Enumerates extensions to gain information about outdated and vulnerable extensions.\r\n\r\n## Steps to implement a new scanner\r\nHint: A general guide how to implement a new SCB scanner is documented [here](https://docs.securecodebox.io/docs/contributing/integrating-a-scanner)\r\n\r\n- [x] Create a new folder with the name of the [scanner here](https://github.com/secureCodeBox/secureCodeBox/tree/master/scanners)\r\n- [x] Add a `README.gotmpl` and give a [brief overview](https://docs.securecodebox.io/docs/contributing/integrating-a-scanner/readme) of the scanner and its configuration options.\r\n- [x] Add a HelmChart and document all configuration options.\r\n- [x] Implement a new scanner specific `scan-type.yaml`\r\n- [x] Implement a new scanner specific `parse-definition.yaml`\r\n- [x] Add (optional) some `cascading-rules.yaml` like documented [here](https://docs.securecodebox.io/docs/api/crds/cascading-rule)\r\n- [x] Add (optional) a `Dockerfile` for the scanner if there is no existing one publicly available on dockerHub\r\n- [x] Use the [parser-SDK](https://github.com/secureCodeBox/secureCodeBox/tree/master/parser-sdk) to implement a new findings parser (currently based on NodeJS)\r\n- [x] Add unit tests with at minimum 80% test coverage\r\n- [x] Add some example `scan.yaml` and `finding.yaml` files in the [example folder](https://docs.securecodebox.io/docs/contributing/integrating-a-scanner/examples-dir)\r\n- [x] Implement a [new integration or E2E test](https://docs.securecodebox.io/docs/contributing/integrating-a-scanner/integration-tests) for the hook [here](https://github.com/secureCodeBox/secureCodeBox/tree/master/tests/integration)\r\n","author":{"url":"https://github.com/rfelber","@type":"Person","name":"rfelber"},"datePublished":"2021-07-30T11:06:36.000Z","interactionStatistic":{"@type":"InteractionCounter","interactionType":"https://schema.org/CommentAction","userInteractionCount":1},"url":"https://github.com/568/secureCodeBox/issues/568"}