Michael Schiemer
55a330b223
- Add DISCOVERY_LOG_LEVEL=debug - Add DISCOVERY_SHOW_PROGRESS=true - Temporary changes for debugging InitializerProcessor fixes on production
152 lines
3.6 KiB
PHP
152 lines
3.6 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace App\Framework\Waf;
|
|
|
|
/**
|
|
* Severity levels for WAF detections
|
|
* Based on OWASP and CVSS severity classifications
|
|
*/
|
|
enum DetectionSeverity: string
|
|
{
|
|
case INFO = 'info';
|
|
case LOW = 'low';
|
|
case MEDIUM = 'medium';
|
|
case HIGH = 'high';
|
|
case CRITICAL = 'critical';
|
|
|
|
/**
|
|
* Get numeric severity score (0-100)
|
|
*/
|
|
public function getScore(): int
|
|
{
|
|
return match ($this) {
|
|
self::INFO => 10,
|
|
self::LOW => 25,
|
|
self::MEDIUM => 50,
|
|
self::HIGH => 75,
|
|
self::CRITICAL => 100
|
|
};
|
|
}
|
|
|
|
/**
|
|
* Get CVSS-like severity score (0.0-10.0)
|
|
*/
|
|
public function getCvssScore(): float
|
|
{
|
|
return match ($this) {
|
|
self::INFO => 0.1,
|
|
self::LOW => 2.5,
|
|
self::MEDIUM => 5.0,
|
|
self::HIGH => 7.5,
|
|
self::CRITICAL => 10.0
|
|
};
|
|
}
|
|
|
|
/**
|
|
* Check if this severity is higher than another
|
|
*/
|
|
public function isHigherThan(self $other): bool
|
|
{
|
|
return $this->getScore() > $other->getScore();
|
|
}
|
|
|
|
/**
|
|
* Check if this severity is lower than another
|
|
*/
|
|
public function isLowerThan(self $other): bool
|
|
{
|
|
return $this->getScore() < $other->getScore();
|
|
}
|
|
|
|
/**
|
|
* Check if this severity requires immediate action
|
|
*/
|
|
public function requiresImmediateAction(): bool
|
|
{
|
|
return match ($this) {
|
|
self::HIGH, self::CRITICAL => true,
|
|
default => false
|
|
};
|
|
}
|
|
|
|
/**
|
|
* Check if this severity should trigger blocking
|
|
*/
|
|
public function shouldBlock(): bool
|
|
{
|
|
return match ($this) {
|
|
self::MEDIUM, self::HIGH, self::CRITICAL => true,
|
|
default => false
|
|
};
|
|
}
|
|
|
|
/**
|
|
* Check if this severity should trigger alerting
|
|
*/
|
|
public function shouldAlert(): bool
|
|
{
|
|
return match ($this) {
|
|
self::HIGH, self::CRITICAL => true,
|
|
default => false
|
|
};
|
|
}
|
|
|
|
/**
|
|
* Get human-readable description
|
|
*/
|
|
public function getDescription(): string
|
|
{
|
|
return match ($this) {
|
|
self::INFO => 'Informational - No immediate risk',
|
|
self::LOW => 'Low severity - Minimal risk',
|
|
self::MEDIUM => 'Medium severity - Moderate risk',
|
|
self::HIGH => 'High severity - Significant risk',
|
|
self::CRITICAL => 'Critical severity - Immediate risk'
|
|
};
|
|
}
|
|
|
|
/**
|
|
* Get recommended response action
|
|
*/
|
|
public function getRecommendedAction(): string
|
|
{
|
|
return match ($this) {
|
|
self::INFO => 'Log for monitoring',
|
|
self::LOW => 'Log and monitor',
|
|
self::MEDIUM => 'Block and log',
|
|
self::HIGH => 'Block, log, and alert',
|
|
self::CRITICAL => 'Block, log, alert, and ban IP'
|
|
};
|
|
}
|
|
|
|
/**
|
|
* Create from numeric score
|
|
*/
|
|
public static function fromScore(int $score): self
|
|
{
|
|
return match (true) {
|
|
$score >= 90 => self::CRITICAL,
|
|
$score >= 70 => self::HIGH,
|
|
$score >= 40 => self::MEDIUM,
|
|
$score >= 15 => self::LOW,
|
|
default => self::INFO
|
|
};
|
|
}
|
|
|
|
/**
|
|
* Create from CVSS score
|
|
*/
|
|
public static function fromCvss(float $score): self
|
|
{
|
|
return match (true) {
|
|
$score >= 9.0 => self::CRITICAL,
|
|
$score >= 7.0 => self::HIGH,
|
|
$score >= 4.0 => self::MEDIUM,
|
|
$score >= 1.0 => self::LOW,
|
|
default => self::INFO
|
|
};
|
|
}
|
|
}
|