Share
## https://sploitus.com/exploit?id=F4BD4B0E-A60A-5F06-AC37-ACEA6493805B
# ๐ Phoenix SCA Scanner - Universal - Version for CVE-2025-55182-CVE-2025-66478 React and Nexus Vulnerability
A comprehensive, extensible vulnerability detection system for multiple package ecosystems with Phoenix Security platform integration.
## ๐ฏ Features
- โ
**Multi-Ecosystem Support** - NPM (with extensibility for PyPI, Ruby Gems, etc.)
- โ
**Intelligent Version Matching** - Semver parsing with range-based detection
- โ
**React Server Components (RSC) Detection** - Specialized detection for RSC vulnerabilities
- โ
**Lockfile Support** - Parses package-lock.json, yarn.lock, pnpm-lock.yaml
- โ
**Phoenix Integration** - Upload findings to Phoenix Security platform
- โ
**Comprehensive Testing** - Sample vulnerable packages for validation
- โ
**JSON/Text Reports** - Flexible output formats
- โ
**CLI Interface** - Easy-to-use command-line tool
## ๐ฆ Installation
```bash
# Install dependencies
pip install -r requirements.txt
# Run from project root
python -m universal_vulnerability_scanner.main --help
```
## ๐ Quick Start
### 1. Scan a Project
```bash
# Basic scan
python -m universal_vulnerability_scanner.main scan /path/to/project
# With JSON output
python -m universal_vulnerability_scanner.main scan /path/to/project --json --output results.json
# Quiet mode (only show summary)
python -m universal_vulnerability_scanner.main scan /path/to/project --quiet
```
### 2. Upload to Phoenix Security
```bash
# Create Phoenix configuration template
python -m universal_vulnerability_scanner.main create-config
# Edit .phoenix.config with your credentials
# Then scan and upload
python -m universal_vulnerability_scanner.main scan /path/to/project --upload-phoenix
```
### 3. Run Tests
```bash
# Test with included vulnerable samples
python -m universal_vulnerability_scanner.main test
```
## ๐ Vulnerability Database
The scanner uses a JSON-based vulnerability database located at:
```
universal_vulnerability_scanner/data/vulnerability_database.json
```
### Supported Vulnerabilities
#### React Server Components (RSC)
- **react-server-dom-webpack** - Versions: 19.0.0, 19.1.0, 19.1.1, 19.2.0
- **react-server-dom-parcel** - Versions: 19.0.0, 19.1.0, 19.1.1, 19.2.0
- **react-server-dom-turbopack** - Versions: 19.0.0, 19.1.0, 19.1.1, 19.2.0
#### React Core
- **react** - Vulnerable ranges: [19.0.0, 19.0.1), [19.1.0, 19.1.2), [19.2.0, 19.2.1)
- **react-dom** - Same vulnerable ranges as react
#### Next.js
- **next** - Vulnerable ranges: [15.0.0, 15.0.5), [16.0.0, 16.0.7)
### Database Format
```json
{
"metadata": {
"version": "1.0.0",
"last_update": "2025-12-04",
"ecosystems": ["npm"]
},
"vulnerabilities": {
"npm": {
"package-name": {
"exact_versions": ["1.0.0", "1.0.1"],
"vulnerable_ranges": [
{"min": "1.0.0", "max": "1.0.2", "severity": "CRITICAL"}
],
"safe_versions": ["1.0.2+"],
"cve_ids": ["CVE-2025-XXXX"],
"description": "Vulnerability description",
"references": ["https://..."]
}
}
}
}
```
## ๐ง Configuration
### Phoenix Security Integration
Create `.phoenix.config`:
```ini
[phoenix]
client_id = your_client_id_here
client_secret = your_client_secret_here
api_base_url = https://api.securityphoenix.cloud
assessment_name = Universal Vulnerability Scanner - RSC Detection
import_type = new
```
Or use environment variables:
```bash
export PHOENIX_CLIENT_ID="your_client_id"
export PHOENIX_CLIENT_SECRET="your_client_secret"
export PHOENIX_API_URL="https://api.securityphoenix.cloud"
```
## ๐ Output Formats
### Text Report
```
================================================================================
UNIVERSAL VULNERABILITY SCANNER REPORT
================================================================================
Scan completed: 2025-12-04 10:30:00
SUMMARY:
----------------------------------------
Total findings: 12
VULNERABLE: 3
SAFE: 2
CLEAN: 5
REVIEW: 2
๐จ VULNERABLE PACKAGES DETECTED
================================================================================
1. react-server-dom-webpack@19.0.0
File: /path/to/project/package.json
Reason: Exact match with known vulnerable version 19.0.0
โ
Safe version: 18.99.99
CVE: CVE-2025-RSC-001
```
### JSON Report
```json
[
{
"path": "/path/to/project/package.json",
"kind": "package.json",
"package": "react-server-dom-webpack",
"version": "19.0.0",
"verdict": "VULNERABLE",
"reason": "Exact match with known vulnerable version 19.0.0",
"severity": "CRITICAL",
"vulnerable_versions": ["19.0.0", "19.1.0", "19.1.1", "19.2.0"],
"safe_version": "18.99.99",
"cve_ids": ["CVE-2025-RSC-001"],
"timestamp": "2025-12-04T10:30:00"
}
]
```
## ๐งช Test Samples
The scanner includes comprehensive test samples in `test_samples/`:
| Test Case | Description | Expected Results |
|-----------|-------------|------------------|
| `rsc_vulnerable_exact/` | Exact vulnerable versions | 4 VULNERABLE |
| `rsc_vulnerable_range/` | Version ranges | 4 VULNERABLE |
| `rsc_safe_versions/` | Patched safe versions | 6 SAFE |
| `rsc_mixed/` | Mix of vulnerable/safe/clean | 2 VULNERABLE, 1 SAFE, 4 CLEAN |
| `rsc_with_lockfile/` | Lockfile parsing | 2 VULNERABLE, 1 CLEAN |
Run tests:
```bash
python -m universal_vulnerability_scanner.main test
```
## ๐๏ธ Architecture
```
universal_vulnerability_scanner/
โโโ core/
โ โโโ version_parser.py # Semver parsing & comparison
โโโ models/
โ โโโ finding.py # Finding data model
โ โโโ vulnerability.py # Vulnerability database model
โโโ scanners/
โ โโโ base_scanner.py # Abstract scanner interface
โ โโโ npm_scanner.py # NPM ecosystem scanner
โโโ integrations/
โ โโโ phoenix_uploader.py # Phoenix API client
โโโ data/
โ โโโ vulnerability_database.json # Vulnerability definitions
โโโ test_samples/ # Test cases
โโโ main.py # CLI entry point
```
## ๐ Security Considerations
1. **No False Negatives**: Scanner errs on the side of caution
2. **Version Normalization**: Handles NPM version specifiers (^, ~, =)
3. **Range Detection**: Detects vulnerabilities within version ranges
4. **Lockfile Priority**: Prefers resolved versions from lockfiles
5. **Safe Version Recommendations**: Suggests upgrade paths
## ๐ Extending the Scanner
### Adding New Ecosystems
1. Create new scanner in `scanners/` inheriting from `BaseScanner`
2. Implement ecosystem-specific parsing
3. Add vulnerabilities to database under new ecosystem key
Example:
```python
from .base_scanner import BaseScanner
class PyPIScanner(BaseScanner):
def _get_ecosystem(self) -> str:
return "pypi"
def scan_path(self, root: Path) -> List[Finding]:
# Implement PyPI scanning logic
pass
```
### Adding New Vulnerabilities
Edit `data/vulnerability_database.json`:
```json
{
"npm": {
"new-vulnerable-package": {
"exact_versions": ["1.0.0"],
"vulnerable_ranges": [{"min": "1.0.0", "max": "1.0.5", "severity": "HIGH"}],
"safe_versions": ["1.0.5+"],
"cve_ids": ["CVE-2025-XXXX"],
"description": "Vulnerability description"
}
}
}
```
## ๐ Exit Codes
- `0` - Scan successful, no vulnerabilities found
- `1` - Scan successful, vulnerabilities found
- `2` - Scan failed (invalid input, database error, etc.)
## ๐ค Integration with Existing Systems
### Phoenix Security Platform
Automatically uploads findings to Phoenix with:
- Asset creation per scanned repository
- Vulnerability findings with CVSS scoring
- Tags for categorization
- CVE references
### CI/CD Pipeline
```yaml
# Example GitHub Actions
- name: Vulnerability Scan
run: |
python -m universal_vulnerability_scanner.main scan . --json --output scan-results.json
- name: Upload to Phoenix
if: always()
run: |
python -m universal_vulnerability_scanner.main scan . --upload-phoenix
```
## ๐ Changelog
### v1.0.0 (2025-12-04)
- Initial release
- NPM scanner with lockfile support
- React Server Components vulnerability detection
- Phoenix Security integration
- Comprehensive test suite
## ๐ Acknowledgments
- Semver parsing adapted from `react/rsc_exposure_scanner.py`
- Phoenix integration adapted from `enhanced_npm_compromise_detector_phoenix.py`
- Built for comprehensive supply chain security
## ๐ License
Part of the Shai Halud security toolkit.
---
**๐ Stay secure! Report vulnerabilities responsibly.**