vrt 0.11.0 → 0.12.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (17) hide show
  1. checksums.yaml +4 -4
  2. data/lib/data/1.11/deprecated-node-mapping.json +236 -0
  3. data/lib/data/1.11/mappings/cvss_v3/cvss_v3.json +1250 -0
  4. data/lib/data/1.11/mappings/cvss_v3/cvss_v3.schema.json +59 -0
  5. data/lib/data/1.11/mappings/cwe/cwe.json +664 -0
  6. data/lib/data/1.11/mappings/cwe/cwe.schema.json +63 -0
  7. data/lib/data/1.11/mappings/remediation_advice/remediation_advice.json +1811 -0
  8. data/lib/data/1.11/mappings/remediation_advice/remediation_advice.schema.json +75 -0
  9. data/lib/data/1.11/third-party-mappings/remediation_training/secure-code-warrior-links.json +392 -0
  10. data/lib/data/1.11/vrt.schema.json +63 -0
  11. data/lib/data/1.11/vulnerability-rating-taxonomy.json +2442 -0
  12. data/lib/vrt/mapping.rb +12 -6
  13. data/lib/vrt/node.rb +4 -0
  14. data/lib/vrt/third_party_links.rb +33 -0
  15. data/lib/vrt/version.rb +1 -1
  16. data/lib/vrt.rb +8 -0
  17. metadata +18 -7
data/lib/data/1.11/mappings/cwe/cwe.json ADDED
@@ -0,0 +1,664 @@
1
+ {
2
+ "metadata": {
3
+ "default": null
4
+ },
5
+ "content": [
6
+ {
7
+ "id": "server_security_misconfiguration",
8
+ "cwe": ["CWE-16"],
9
+ "children": [
10
+ {
11
+ "id": "server_side_request_forgery_ssrf",
12
+ "cwe": ["CWE-918", "CWE-441"]
13
+ },
14
+ {
15
+ "id": "unsafe_cross_origin_resource_sharing",
16
+ "cwe": ["CWE-942"]
17
+ },
18
+ {
19
+ "id": "request_smuggling",
20
+ "cwe": ["CWE-444"]
21
+ },
22
+ {
23
+ "id": "path_traversal",
24
+ "cwe": ["CWE-22", "CWE-73"]
25
+ },
26
+ {
27
+ "id": "directory_listing_enabled",
28
+ "cwe": ["CWE-548"]
29
+ },
30
+ {
31
+ "id": "ssl_attack_breach_poodle_etc",
32
+ "cwe": ["CWE-310"]
33
+ },
34
+ {
35
+ "id": "using_default_credentials",
36
+ "cwe": ["CWE-255", "CWE-521"]
37
+ },
38
+ {
39
+ "id": "misconfigured_dns",
40
+ "children": [
41
+ {
42
+ "id": "zone_transfer",
43
+ "cwe": ["CWE-669"]
44
+ }
45
+ ]
46
+ },
47
+ {
48
+ "id": "dbms_misconfiguration",
49
+ "children": [
50
+ {
51
+ "id": "excessively_privileged_user_dba",
52
+ "cwe": ["CWE-250"]
53
+ }
54
+ ]
55
+ },
56
+ {
57
+ "id": "lack_of_password_confirmation",
58
+ "children": [
59
+ {
60
+ "id": "change_password",
61
+ "cwe": ["CWE-620"]
62
+ }
63
+ ]
64
+ },
65
+ {
66
+ "id": "no_rate_limiting_on_form",
67
+ "cwe": ["CWE-799"],
68
+ "children": [
69
+ {
70
+ "id": "login",
71
+ "cwe": ["CWE-307"]
72
+ }
73
+ ]
74
+ },
75
+ {
76
+ "id": "unsafe_file_upload",
77
+ "children": [
78
+ {
79
+ "id": "file_extension_filter_bypass",
80
+ "cwe": ["CWE-434", "CWE-646"]
81
+ }
82
+ ]
83
+ },
84
+ {
85
+ "id": "missing_secure_or_httponly_cookie_flag",
86
+ "cwe": ["CWE-614", "CWE-1004"]
87
+ },
88
+ {
89
+ "id": "clickjacking",
90
+ "cwe": ["CWE-451"]
91
+ },
92
+ {
93
+ "id": "oauth_misconfiguration",
94
+ "cwe": ["CWE-303"],
95
+ "children": [
96
+ {
97
+ "id": "missing_state_parameter",
98
+ "cwe": ["CWE-352"]
99
+ },
100
+ {
101
+ "id": "insecure_redirect_uri",
102
+ "cwe": ["CWE-601"]
103
+ }
104
+ ]
105
+ },
106
+ {
107
+ "id": "captcha",
108
+ "cwe": ["CWE-804"]
109
+ },
110
+ {
111
+ "id": "username_enumeration",
112
+ "cwe": ["CWE-204"]
113
+ },
114
+ {
115
+ "id": "insecure_ssl",
116
+ "children": [
117
+ {
118
+ "id": "insecure_cipher_suite",
119
+ "cwe": ["CWE-326"]
120
+ }
121
+ ]
122
+ },
123
+ {
124
+ "id": "lack_of_security_headers",
125
+ "children": [
126
+ {
127
+ "id": "cache_control_for_a_non_sensitive_page",
128
+ "cwe": ["CWE-525"]
129
+ },
130
+ {
131
+ "id": "cache_control_for_a_sensitive_page",
132
+ "cwe": ["CWE-525"]
133
+ }
134
+ ]
135
+ },
136
+ {
137
+ "id": "race_condition",
138
+ "cwe": ["CWE-362", "CWE-366", "CWE-368", "CWE-421"]
139
+ },
140
+ {
141
+ "id": "cache_poisoning",
142
+ "cwe": ["CWE-444"]
143
+ }
144
+ ]
145
+ },
146
+ {
147
+ "id": "server_side_injection",
148
+ "cwe": ["CWE-929"],
149
+ "children": [
150
+ {
151
+ "id": "ldap_injection",
152
+ "cwe": ["CWE-90"]
153
+ },
154
+ {
155
+ "id": "file_inclusion",
156
+ "cwe": ["CWE-73", "CWE-714"]
157
+ },
158
+ {
159
+ "id": "remote_code_execution_rce",
160
+ "cwe": ["CWE-77", "CWE-78", "CWE-94", "CWE-95"]
161
+ },
162
+ {
163
+ "id": "sql_injection",
164
+ "cwe": ["CWE-89"]
165
+ },
166
+ {
167
+ "id": "xml_external_entity_injection_xxe",
168
+ "cwe": ["CWE-611"]
169
+ },
170
+ {
171
+ "id": "http_response_manipulation",
172
+ "children": [
173
+ {
174
+ "id": "response_splitting_crlf",
175
+ "cwe": ["CWE-113"]
176
+ }
177
+ ]
178
+ },
179
+ {
180
+ "id": "content_spoofing",
181
+ "cwe": ["CWE-451"],
182
+ "children": [
183
+ {
184
+ "id": "homograph_idn_based",
185
+ "cwe": ["CWE-1007"]
186
+ }
187
+ ]
188
+ },
189
+ {
190
+ "id": "ssti",
191
+ "cwe": ["CWE-94"]
192
+ }
193
+ ]
194
+ },
195
+ {
196
+ "id": "broken_authentication_and_session_management",
197
+ "cwe": ["CWE-930"],
198
+ "children": [
199
+ {
200
+ "id": "authentication_bypass",
201
+ "cwe": ["CWE-287"]
202
+ },
203
+ {
204
+ "id": "two_fa_bypass",
205
+ "cwe": ["CWE-304"]
206
+ },
207
+ {
208
+ "id": "privilege_escalation",
209
+ "cwe": ["CWE-269"]
210
+ },
211
+ {
212
+ "id": "cleartext_transmission_of_session_token",
213
+ "cwe": ["CWE-319"]
214
+ },
215
+ {
216
+ "id": "weak_login_function",
217
+ "cwe": ["CWE-523"]
218
+ },
219
+ {
220
+ "id": "session_fixation",
221
+ "cwe": ["CWE-384"]
222
+ },
223
+ {
224
+ "id": "failure_to_invalidate_session",
225
+ "cwe": ["CWE-613"]
226
+ },
227
+ {
228
+ "id": "concurrent_logins",
229
+ "cwe": ["CWE-1018"]
230
+ },
231
+ {
232
+ "id": "weak_registration_implementation",
233
+ "children": [
234
+ {
235
+ "id": "over_http",
236
+ "cwe": ["CWE-311"]
237
+ }
238
+ ]
239
+ }
240
+ ]
241
+ },
242
+ {
243
+ "id": "sensitive_data_exposure",
244
+ "cwe": ["CWE-934"],
245
+ "children": [
246
+ {
247
+ "id": "disclosure_of_secrets",
248
+ "children": [
249
+ {
250
+ "id": "pii_leakage_exposure",
251
+ "cwe": ["CWE-200"]
252
+ }
253
+ ]
254
+ },
255
+ {
256
+ "id": "exif_geolocation_data_not_stripped_from_uploaded_images",
257
+ "cwe": ["CWE-200"]
258
+ },
259
+ {
260
+ "id": "visible_detailed_error_page",
261
+ "cwe": ["CWE-209", "CWE-215"]
262
+ },
263
+ {
264
+ "id": "disclosure_of_known_public_information",
265
+ "cwe": ["CWE-200"]
266
+ },
267
+ {
268
+ "id": "token_leakage_via_referer",
269
+ "cwe": ["CWE-200"]
270
+ },
271
+ {
272
+ "id": "sensitive_token_in_url",
273
+ "cwe": ["CWE-200"]
274
+ },
275
+ {
276
+ "id": "non_sensitive_token_in_url",
277
+ "cwe": ["CWE-200"]
278
+ },
279
+ {
280
+ "id": "weak_password_reset_implementation",
281
+ "cwe": ["CWE-640"]
282
+ },
283
+ {
284
+ "id": "via_localstorage_sessionstorage",
285
+ "cwe": ["CWE-922"]
286
+ }
287
+ ]
288
+ },
289
+ {
290
+ "id": "cross_site_scripting_xss",
291
+ "cwe": ["CWE-79"]
292
+ },
293
+ {
294
+ "id": "broken_access_control",
295
+ "cwe": ["CWE-723"],
296
+ "children": [
297
+ {
298
+ "id": "idor",
299
+ "cwe": ["CWE-932"]
300
+ },
301
+ {
302
+ "id": "username_enumeration",
303
+ "cwe": ["CWE-200"]
304
+ },
305
+ {
306
+ "id": "exposed_sensitive_android_intent",
307
+ "cwe": ["CWE-927"]
308
+ },
309
+ {
310
+ "id": "exposed_sensitive_ios_url_scheme",
311
+ "cwe": ["CWE-939"]
312
+ }
313
+ ]
314
+ },
315
+ {
316
+ "id": "cross_site_request_forgery_csrf",
317
+ "cwe": ["CWE-352"]
318
+ },
319
+ {
320
+ "id": "application_level_denial_of_service_dos",
321
+ "cwe": ["CWE-400"]
322
+ },
323
+ {
324
+ "id": "unvalidated_redirects_and_forwards",
325
+ "cwe": ["CWE-601"],
326
+ "children": [
327
+ {
328
+ "id": "open_redirect",
329
+ "cwe": ["CWE-601"]
330
+ },
331
+ {
332
+ "id": "tabnabbing",
333
+ "cwe": ["CWE-1022"]
334
+ }
335
+ ]
336
+ },
337
+ {
338
+ "id": "external_behavior",
339
+ "cwe": null
340
+ },
341
+ {
342
+ "id": "insufficient_security_configurability",
343
+ "cwe": ["CWE-16"],
344
+ "children": [
345
+ {
346
+ "id": "weak_password_policy",
347
+ "cwe": ["CWE-521"]
348
+ },
349
+ {
350
+ "id": "no_password_policy",
351
+ "cwe": ["CWE-521"]
352
+ },
353
+ {
354
+ "id": "password_policy_bypass",
355
+ "cwe": ["CWE-521"]
356
+ },
357
+ {
358
+ "id": "weak_password_reset_implementation",
359
+ "cwe": ["CWE-640"]
360
+ }
361
+ ]
362
+ },
363
+ {
364
+ "id": "using_components_with_known_vulnerabilities",
365
+ "cwe": ["CWE-937"]
366
+ },
367
+ {
368
+ "id": "insecure_data_storage",
369
+ "cwe": ["CWE-729", "CWE-922"],
370
+ "children": [
371
+ {
372
+ "id": "sensitive_application_data_stored_unencrypted",
373
+ "cwe": ["CWE-312"]
374
+ },
375
+ {
376
+ "id": "server_side_credentials_storage",
377
+ "cwe": ["CWE-522"],
378
+ "children": [
379
+ {
380
+ "id": "plaintext",
381
+ "cwe": ["CWE-256"]
382
+ }
383
+ ]
384
+ },
385
+ {
386
+ "id": "non_sensitive_application_data_stored_unencrypted",
387
+ "cwe": ["CWE-312"]
388
+ }
389
+ ]
390
+ },
391
+ {
392
+ "id": "lack_of_binary_hardening",
393
+ "cwe": ["CWE-693"]
394
+ },
395
+ {
396
+ "id": "insecure_data_transport",
397
+ "cwe": ["CWE-311", "CWE-319"],
398
+ "children": [
399
+ {
400
+ "id": "cleartext_transmission_of_sensitive_data",
401
+ "cwe": ["CWE-319"]
402
+ },
403
+ {
404
+ "id": "executable_download",
405
+ "children": [
406
+ {
407
+ "id": "no_secure_integrity_check",
408
+ "cwe": ["CWE-353", "CWE-354", "CWE-494"]
409
+ }
410
+ ]
411
+ }
412
+ ]
413
+ },
414
+ {
415
+ "id": "insecure_os_firmware",
416
+ "children": [
417
+ {
418
+ "id": "command_injection",
419
+ "cwe": ["CWE-77"]
420
+ },
421
+ {
422
+ "id": "hardcoded_password",
423
+ "cwe": ["CWE-259"]
424
+ }
425
+ ]
426
+ },
427
+ {
428
+ "id": "cryptographic_weakness",
429
+ "cwe": ["CWE-310", "CWE-1205"],
430
+ "children": [
431
+ {
432
+ "id": "insufficient_entropy",
433
+ "cwe": ["CWE-330", "CWE-331"],
434
+ "children": [
435
+ {
436
+ "id": "limited_rng_entropy_source",
437
+ "cwe": ["CWE-338", "CWE-332"]
438
+ },
439
+ {
440
+ "id": "use_of_trng_for_nonsecurity_purpose",
441
+ "cwe": ["CWE-333"]
442
+ },
443
+ {
444
+ "id": "prng_seed_reuse",
445
+ "cwe": ["CWE-336"]
446
+ },
447
+ {
448
+ "id": "predictable_prng_seed",
449
+ "cwe": ["CWE-337"]
450
+ },
451
+ {
452
+ "id": "small_seed_space_in_prng",
453
+ "cwe": ["CWE-339", "CWE-334"]
454
+ },
455
+ {
456
+ "id": "initialization_vector_reuse",
457
+ "cwe": ["CWE-1204"]
458
+ },
459
+ {
460
+ "id": "predictable_initialization_vector",
461
+ "cwe": ["CWE-340"]
462
+ }
463
+ ]
464
+ },
465
+ {
466
+ "id": "insecure_implementation",
467
+ "cwe": ["CWE-573"],
468
+ "children": [
469
+ {
470
+ "id": "missing_cryptographic_step",
471
+ "cwe": ["CWE-325"]
472
+ },
473
+ {
474
+ "id": "improper_following_of_specification",
475
+ "cwe": ["CWE-358", "CWE-573"]
476
+ }
477
+ ]
478
+ },
479
+ {
480
+ "id": "weak_hash",
481
+ "cwe": ["CWE-328"],
482
+ "children": [
483
+ {
484
+ "id": "lack_of_salt",
485
+ "cwe": ["CWE-759", "CWE-916"]
486
+ },
487
+ {
488
+ "id": "use_of_predictable_salt",
489
+ "cwe": ["CWE-760"]
490
+ },
491
+ {
492
+ "id": "predictable_hash_collision",
493
+ "cwe": ["CWE-328"]
494
+ }
495
+ ]
496
+ },
497
+ {
498
+ "id": "insufficient_verification_of_data_authenticity",
499
+ "cwe": ["CWE-345"],
500
+ "children": [
501
+ {
502
+ "id": "identity_check_value",
503
+ "cwe": ["CWE-353", "CWE-354", "CWE-924"]
504
+ },
505
+ {
506
+ "id": "cryptographic_signature",
507
+ "cwe": ["CWE-347"]
508
+ }
509
+ ]
510
+ },
511
+ {
512
+ "id": "insecure_key_generation",
513
+ "cwe": null,
514
+ "children": [
515
+ {
516
+ "id": "improper_asymmetric_prime_selection",
517
+ "cwe": ["CWE-326", "CWE-1240"]
518
+ },
519
+ {
520
+ "id": "improper_asymmetric_exponent_selection",
521
+ "cwe": ["CWE-326", "CWE-1240"]
522
+ },
523
+ {
524
+ "id": "insufficient_key_stretching",
525
+ "cwe": ["CWE-326", "CWE-1240"]
526
+ },
527
+ {
528
+ "id": "insufficient_key_space",
529
+ "cwe": ["CWE-326", "CWE-331", "CWE-1240"]
530
+ },
531
+ {
532
+ "id": "key_exchange_without_entity_authentication",
533
+ "cwe": ["CWE-322"]
534
+ }
535
+ ]
536
+ },
537
+ {
538
+ "id": "key_reuse",
539
+ "cwe": ["CWE-323"],
540
+ "children": [
541
+ {
542
+ "id": "lack_of_perfect_forward_secrecy",
543
+ "cwe": ["CWE-323"]
544
+ },
545
+ {
546
+ "id": "intra_environment",
547
+ "cwe": ["CWE-323"]
548
+ },
549
+ {
550
+ "id": "inter_environment",
551
+ "cwe": ["CWE-323"]
552
+ }
553
+ ]
554
+ },
555
+ {
556
+ "id": "broken_cryptography",
557
+ "cwe": ["CWE-327"],
558
+ "children": [
559
+ {
560
+ "id": "use_of_broken_cryptographic_primitive",
561
+ "cwe": ["CWE-327"]
562
+ },
563
+ {
564
+ "id": "use_of_vulnerable_cryptographic_library",
565
+ "cwe": ["CWE-327"]
566
+ }
567
+ ]
568
+ },
569
+ {
570
+ "id": "side_channel_attack",
571
+ "cwe": ["CWE-203", "CWE-1300"],
572
+ "children": [
573
+ {
574
+ "id": "padding_oracle_attack",
575
+ "cwe": ["CWE-780"]
576
+ },
577
+ {
578
+ "id": "timing_attack",
579
+ "cwe": ["CWE-208"]
580
+ },
581
+ {
582
+ "id": "power_analysis_attack",
583
+ "cwe": ["CWE-1300"]
584
+ },
585
+ {
586
+ "id": "emanations_attack",
587
+ "cwe": ["CWE-1300"]
588
+ },
589
+ {
590
+ "id": "differential_fault_analysis",
591
+ "cwe": ["CWE-204", "CWE-205"]
592
+ }
593
+ ]
594
+ },
595
+ {
596
+ "id": "use_of_expired_cryptographic_key_or_cert",
597
+ "cwe": ["CWE-295", "CWE-298", "CWE-299", "CWE-324"]
598
+ },
599
+ {
600
+ "id": "incomplete_cleanup_of_keying_material",
601
+ "cwe": ["CWE-459"]
602
+ }
603
+ ]
604
+ },
605
+ {
606
+ "id": "privacy_concerns",
607
+ "cwe": ["CWE-359"]
608
+ },
609
+ {
610
+ "id": "network_security_misconfiguration",
611
+ "cwe": ["CWE-16"]
612
+ },
613
+ {
614
+ "id": "mobile_security_misconfiguration",
615
+ "cwe": ["CWE-919"]
616
+ },
617
+ {
618
+ "id": "client_side_injection",
619
+ "cwe": ["CWE-929"]
620
+ },
621
+ {
622
+ "id": "automotive_security_misconfiguration",
623
+ "cwe": null,
624
+ "children": [
625
+ {
626
+ "id": "infotainment_radio_head_unit",
627
+ "cwe": null
628
+ },
629
+ {
630
+ "id": "rf_hub",
631
+ "cwe": null
632
+ },
633
+ {
634
+ "id": "can",
635
+ "cwe": null
636
+ },
637
+ {
638
+ "id": "battery_management_system",
639
+ "cwe": null
640
+ },
641
+ {
642
+ "id": "gnss_gps",
643
+ "cwe": null
644
+ },
645
+ {
646
+ "id": "immobilizer",
647
+ "cwe": null
648
+ },
649
+ {
650
+ "id": "abs",
651
+ "cwe": null
652
+ },
653
+ {
654
+ "id": "rsu",
655
+ "cwe": null
656
+ }
657
+ ]
658
+ },
659
+ {
660
+ "id": "indicators_of_compromise",
661
+ "cwe": null
662
+ }
663
+ ]
664
+ }