kiA ddZddggdddgddgdd gd d ggd gd gdgdgdgdd ZdZdZdS)zr Centralized suggestion/remediation mapping for security findings. Each finding keyword maps to helpful guidance. z+Add HSTS header to force HTTPS connections.zGExample: Strict-Transport-Security: max-age=31536000; includeSubDomains)z3Implement CSP to prevent XSS and injection attacks.z>Start with a restrictive policy and gradually relax as needed.zWExample: Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline'z4Set X-Frame-Options to prevent clickjacking attacks.z6Recommended value: X-Frame-Options: DENY or SAMEORIGINzBAdd X-Content-Type-Options: nosniff to prevent MIME type sniffing.z8This forces browsers to respect the Content-Type header.z@Set Referrer-Policy to control how much referrer info is shared.z=Recommended: Referrer-Policy: strict-origin-when-cross-originzUAdd X-Frame-Options header or Content-Security-Policy with frame-ancestors directive.zHThis prevents your site from being embedded in iframes on other domains.)z>Sanitize and validate all user input before rendering to HTML.zCUse context-aware output encoding (HTML, JavaScript, URL encoding).zReview robots.txt to ensure sensitive paths are not disclosed.z?Consider removing sensitive path hints (e.g., /admin, /backup).zCUse authentication and proper access controls instead of obscurity.)z>Remove hardcoded API keys, secrets, and credentials from code.z?Use environment variables or secure secret management services.zKScan code repositories regularly with tools like git-secrets or truffleHog.) z)Missing Header: Strict-Transport-Securityz'Missing Header: Content-Security-PolicyzMissing Header: X-Frame-Optionsz&Missing Header: X-Content-Type-OptionszMissing Header: Referrer-Policyz5VULNERABILITY: Site may be vulnerable to Clickjackingz"VULNERABILITY: Reflected XSS foundz%VULNERABILITY: DOM-based XSS detectedOUTDATEDzBroken Link FoundzHrobots.txt contains disallowed paths that may expose sensitive endpointszPotential sensitive data foundcTtD] \}}||vr|cSgS)zs Return a list of suggestions for a given finding. Searches for matching keywords in the finding text. ) SUGGESTIONSitems) finding_textkeywordsuggestions_lists //home/asher/public_html/security/suggestions.pyget_suggestionsr @sF &1%6%6%8%8$$!! l " "# # # # # Ict|}|r:tdt|dD]\}}td|d|dSdS)z= Print suggestions for a finding in a formatted way. u 📋 SUGGESTIONS:z z. N)r print enumerate)r suggestionsi suggestions r print_suggestionsrJs{",//K, #$$$&{A66 , ,MAz ***j** + + + +,, , ,r N)__doc__rr rr r rs 6Q2000 ?@( MB/ KG( `R>+++ ...   QQQ '''g88 t,,,,,r