Share
## https://sploitus.com/exploit?id=F4BD4B0E-A60A-5F06-AC37-ACEA6493805B
# ๐Ÿ” Phoenix SCA Scanner - Universal - Version for CVE-2025-55182-CVE-2025-66478 React and Nexus Vulnerability 

A comprehensive, extensible vulnerability detection system for multiple package ecosystems with Phoenix Security platform integration.

## ๐ŸŽฏ Features

- โœ… **Multi-Ecosystem Support** - NPM (with extensibility for PyPI, Ruby Gems, etc.)
- โœ… **Intelligent Version Matching** - Semver parsing with range-based detection
- โœ… **React Server Components (RSC) Detection** - Specialized detection for RSC vulnerabilities
- โœ… **Lockfile Support** - Parses package-lock.json, yarn.lock, pnpm-lock.yaml
- โœ… **Phoenix Integration** - Upload findings to Phoenix Security platform
- โœ… **Comprehensive Testing** - Sample vulnerable packages for validation
- โœ… **JSON/Text Reports** - Flexible output formats
- โœ… **CLI Interface** - Easy-to-use command-line tool

## ๐Ÿ“ฆ Installation

```bash
# Install dependencies
pip install -r requirements.txt

# Run from project root
python -m universal_vulnerability_scanner.main --help
```

## ๐Ÿš€ Quick Start

### 1. Scan a Project

```bash
# Basic scan
python -m universal_vulnerability_scanner.main scan /path/to/project

# With JSON output
python -m universal_vulnerability_scanner.main scan /path/to/project --json --output results.json

# Quiet mode (only show summary)
python -m universal_vulnerability_scanner.main scan /path/to/project --quiet
```

### 2. Upload to Phoenix Security

```bash
# Create Phoenix configuration template
python -m universal_vulnerability_scanner.main create-config

# Edit .phoenix.config with your credentials
# Then scan and upload
python -m universal_vulnerability_scanner.main scan /path/to/project --upload-phoenix
```

### 3. Run Tests

```bash
# Test with included vulnerable samples
python -m universal_vulnerability_scanner.main test
```

## ๐Ÿ“‹ Vulnerability Database

The scanner uses a JSON-based vulnerability database located at:
```
universal_vulnerability_scanner/data/vulnerability_database.json
```

### Supported Vulnerabilities

#### React Server Components (RSC)
- **react-server-dom-webpack** - Versions: 19.0.0, 19.1.0, 19.1.1, 19.2.0
- **react-server-dom-parcel** - Versions: 19.0.0, 19.1.0, 19.1.1, 19.2.0
- **react-server-dom-turbopack** - Versions: 19.0.0, 19.1.0, 19.1.1, 19.2.0

#### React Core
- **react** - Vulnerable ranges: [19.0.0, 19.0.1), [19.1.0, 19.1.2), [19.2.0, 19.2.1)
- **react-dom** - Same vulnerable ranges as react

#### Next.js
- **next** - Vulnerable ranges: [15.0.0, 15.0.5), [16.0.0, 16.0.7)

### Database Format

```json
{
  "metadata": {
    "version": "1.0.0",
    "last_update": "2025-12-04",
    "ecosystems": ["npm"]
  },
  "vulnerabilities": {
    "npm": {
      "package-name": {
        "exact_versions": ["1.0.0", "1.0.1"],
        "vulnerable_ranges": [
          {"min": "1.0.0", "max": "1.0.2", "severity": "CRITICAL"}
        ],
        "safe_versions": ["1.0.2+"],
        "cve_ids": ["CVE-2025-XXXX"],
        "description": "Vulnerability description",
        "references": ["https://..."]
      }
    }
  }
}
```

## ๐Ÿ”ง Configuration

### Phoenix Security Integration

Create `.phoenix.config`:

```ini
[phoenix]
client_id = your_client_id_here
client_secret = your_client_secret_here
api_base_url = https://api.securityphoenix.cloud
assessment_name = Universal Vulnerability Scanner - RSC Detection
import_type = new
```

Or use environment variables:
```bash
export PHOENIX_CLIENT_ID="your_client_id"
export PHOENIX_CLIENT_SECRET="your_client_secret"
export PHOENIX_API_URL="https://api.securityphoenix.cloud"
```

## ๐Ÿ“Š Output Formats

### Text Report

```
================================================================================
UNIVERSAL VULNERABILITY SCANNER REPORT
================================================================================
Scan completed: 2025-12-04 10:30:00

SUMMARY:
----------------------------------------
Total findings: 12
  VULNERABLE:  3
  SAFE:        2
  CLEAN:       5
  REVIEW:      2

๐Ÿšจ VULNERABLE PACKAGES DETECTED
================================================================================

1. react-server-dom-webpack@19.0.0
   File: /path/to/project/package.json
   Reason: Exact match with known vulnerable version 19.0.0
   โœ… Safe version: 18.99.99
   CVE: CVE-2025-RSC-001
```

### JSON Report

```json
[
  {
    "path": "/path/to/project/package.json",
    "kind": "package.json",
    "package": "react-server-dom-webpack",
    "version": "19.0.0",
    "verdict": "VULNERABLE",
    "reason": "Exact match with known vulnerable version 19.0.0",
    "severity": "CRITICAL",
    "vulnerable_versions": ["19.0.0", "19.1.0", "19.1.1", "19.2.0"],
    "safe_version": "18.99.99",
    "cve_ids": ["CVE-2025-RSC-001"],
    "timestamp": "2025-12-04T10:30:00"
  }
]
```

## ๐Ÿงช Test Samples

The scanner includes comprehensive test samples in `test_samples/`:

| Test Case | Description | Expected Results |
|-----------|-------------|------------------|
| `rsc_vulnerable_exact/` | Exact vulnerable versions | 4 VULNERABLE |
| `rsc_vulnerable_range/` | Version ranges | 4 VULNERABLE |
| `rsc_safe_versions/` | Patched safe versions | 6 SAFE |
| `rsc_mixed/` | Mix of vulnerable/safe/clean | 2 VULNERABLE, 1 SAFE, 4 CLEAN |
| `rsc_with_lockfile/` | Lockfile parsing | 2 VULNERABLE, 1 CLEAN |

Run tests:
```bash
python -m universal_vulnerability_scanner.main test
```

## ๐Ÿ—๏ธ Architecture

```
universal_vulnerability_scanner/
โ”œโ”€โ”€ core/
โ”‚   โ””โ”€โ”€ version_parser.py       # Semver parsing & comparison
โ”œโ”€โ”€ models/
โ”‚   โ”œโ”€โ”€ finding.py              # Finding data model
โ”‚   โ””โ”€โ”€ vulnerability.py        # Vulnerability database model
โ”œโ”€โ”€ scanners/
โ”‚   โ”œโ”€โ”€ base_scanner.py         # Abstract scanner interface
โ”‚   โ””โ”€โ”€ npm_scanner.py          # NPM ecosystem scanner
โ”œโ”€โ”€ integrations/
โ”‚   โ””โ”€โ”€ phoenix_uploader.py     # Phoenix API client
โ”œโ”€โ”€ data/
โ”‚   โ””โ”€โ”€ vulnerability_database.json  # Vulnerability definitions
โ”œโ”€โ”€ test_samples/               # Test cases
โ””โ”€โ”€ main.py                     # CLI entry point
```

## ๐Ÿ” Security Considerations

1. **No False Negatives**: Scanner errs on the side of caution
2. **Version Normalization**: Handles NPM version specifiers (^, ~, =)
3. **Range Detection**: Detects vulnerabilities within version ranges
4. **Lockfile Priority**: Prefers resolved versions from lockfiles
5. **Safe Version Recommendations**: Suggests upgrade paths

## ๐Ÿš€ Extending the Scanner

### Adding New Ecosystems

1. Create new scanner in `scanners/` inheriting from `BaseScanner`
2. Implement ecosystem-specific parsing
3. Add vulnerabilities to database under new ecosystem key

Example:
```python
from .base_scanner import BaseScanner

class PyPIScanner(BaseScanner):
    def _get_ecosystem(self) -> str:
        return "pypi"
    
    def scan_path(self, root: Path) -> List[Finding]:
        # Implement PyPI scanning logic
        pass
```

### Adding New Vulnerabilities

Edit `data/vulnerability_database.json`:
```json
{
  "npm": {
    "new-vulnerable-package": {
      "exact_versions": ["1.0.0"],
      "vulnerable_ranges": [{"min": "1.0.0", "max": "1.0.5", "severity": "HIGH"}],
      "safe_versions": ["1.0.5+"],
      "cve_ids": ["CVE-2025-XXXX"],
      "description": "Vulnerability description"
    }
  }
}
```

## ๐Ÿ“ˆ Exit Codes

- `0` - Scan successful, no vulnerabilities found
- `1` - Scan successful, vulnerabilities found
- `2` - Scan failed (invalid input, database error, etc.)

## ๐Ÿค Integration with Existing Systems

### Phoenix Security Platform

Automatically uploads findings to Phoenix with:
- Asset creation per scanned repository
- Vulnerability findings with CVSS scoring
- Tags for categorization
- CVE references

### CI/CD Pipeline

```yaml
# Example GitHub Actions
- name: Vulnerability Scan
  run: |
    python -m universal_vulnerability_scanner.main scan . --json --output scan-results.json
    
- name: Upload to Phoenix
  if: always()
  run: |
    python -m universal_vulnerability_scanner.main scan . --upload-phoenix
```

## ๐Ÿ“ Changelog

### v1.0.0 (2025-12-04)
- Initial release
- NPM scanner with lockfile support
- React Server Components vulnerability detection
- Phoenix Security integration
- Comprehensive test suite

## ๐Ÿ™ Acknowledgments

- Semver parsing adapted from `react/rsc_exposure_scanner.py`
- Phoenix integration adapted from `enhanced_npm_compromise_detector_phoenix.py`
- Built for comprehensive supply chain security

## ๐Ÿ“„ License

Part of the Shai Halud security toolkit.

---

**๐Ÿ” Stay secure! Report vulnerabilities responsibly.**