Security vulnerabilities and threat modeling in ApiShield.
This document covers the security audit findings for ApiShield, including identified vulnerabilities and their risk assessments.
| Risk Level | Issue | Description | Location |
|---|---|---|---|
| Medium | ReDoS | Glob-to-regex conversion for path ignoring can be exploited with malicious patterns | lib/config.js |
| Low/Info | SSRF | scanLiveURL fetches arbitrary user-provided URLs | lib/parsers/live.js |
| Low | Incomplete Auth Detection | Static parsers only look for standard headers like Authorization or X-API-Key | lib/parsers/har.js, postman.js |
Risk Level: Medium
The glob-to-regex conversion used for path ignoring can be exploited with carefully crafted malicious patterns. This could cause the scanner to hang when processing untrusted configuration input.
Mitigation: Replace manual regex generation with a robust library like minimatch.
Risk Level: Low/Info
The scanLiveURL function in lib/parsers/live.js fetches arbitrary user-provided URLs. In a hosted environment, this could be abused to probe internal networks.
Mitigation: Implement URL allowlisting and/or SSRF protection middleware for hosted deployments.
Risk Level: Low
Static parsers only detect standard authorization headers (Authorization, X-API-Key). Custom authentication schemes may be missed in the security analysis.
Mitigation: Allow user-configurable header patterns for auth detection.
ApiShield maps findings to the STRIDE threat model:
The threat model reporter also maps findings to the OWASP API Security Top 10, providing actionable security insights aligned with industry standards.