vrt 0.11.0 → 0.12.5

Sign up to get free protection for your applications and to get access to all the features.
Files changed (27) hide show
  1. checksums.yaml +4 -4
  2. data/lib/data/1.11/deprecated-node-mapping.json +236 -0
  3. data/lib/data/1.11/mappings/cvss_v3/cvss_v3.json +1250 -0
  4. data/lib/data/1.11/mappings/cvss_v3/cvss_v3.schema.json +59 -0
  5. data/lib/data/1.11/mappings/cwe/cwe.json +664 -0
  6. data/lib/data/1.11/mappings/cwe/cwe.schema.json +63 -0
  7. data/lib/data/1.11/mappings/remediation_advice/remediation_advice.json +1811 -0
  8. data/lib/data/1.11/mappings/remediation_advice/remediation_advice.schema.json +75 -0
  9. data/lib/data/1.11/third-party-mappings/remediation_training/secure-code-warrior-links.json +392 -0
  10. data/lib/data/1.11/vrt.schema.json +63 -0
  11. data/lib/data/1.11/vulnerability-rating-taxonomy.json +2442 -0
  12. data/lib/data/1.12/deprecated-node-mapping.json +236 -0
  13. data/lib/data/1.12/mappings/cvss_v3/cvss_v3.json +1280 -0
  14. data/lib/data/1.12/mappings/cvss_v3/cvss_v3.schema.json +59 -0
  15. data/lib/data/1.12/mappings/cwe/cwe.json +668 -0
  16. data/lib/data/1.12/mappings/cwe/cwe.schema.json +63 -0
  17. data/lib/data/1.12/mappings/remediation_advice/remediation_advice.json +1850 -0
  18. data/lib/data/1.12/mappings/remediation_advice/remediation_advice.schema.json +75 -0
  19. data/lib/data/1.12/third-party-mappings/remediation_training/secure-code-warrior-links.json +400 -0
  20. data/lib/data/1.12/vrt.schema.json +63 -0
  21. data/lib/data/1.12/vulnerability-rating-taxonomy.json +2493 -0
  22. data/lib/vrt/mapping.rb +12 -6
  23. data/lib/vrt/node.rb +4 -0
  24. data/lib/vrt/third_party_links.rb +33 -0
  25. data/lib/vrt/version.rb +1 -1
  26. data/lib/vrt.rb +8 -0
  27. metadata +28 -7
@@ -0,0 +1,668 @@
1
+ {
2
+ "metadata": {
3
+ "default": null
4
+ },
5
+ "content": [
6
+ {
7
+ "id": "server_security_misconfiguration",
8
+ "cwe": ["CWE-16"],
9
+ "children": [
10
+ {
11
+ "id": "server_side_request_forgery_ssrf",
12
+ "cwe": ["CWE-918", "CWE-441"]
13
+ },
14
+ {
15
+ "id": "unsafe_cross_origin_resource_sharing",
16
+ "cwe": ["CWE-942"]
17
+ },
18
+ {
19
+ "id": "request_smuggling",
20
+ "cwe": ["CWE-444"]
21
+ },
22
+ {
23
+ "id": "path_traversal",
24
+ "cwe": ["CWE-22", "CWE-73"]
25
+ },
26
+ {
27
+ "id": "directory_listing_enabled",
28
+ "cwe": ["CWE-548"]
29
+ },
30
+ {
31
+ "id": "ssl_attack_breach_poodle_etc",
32
+ "cwe": ["CWE-310"]
33
+ },
34
+ {
35
+ "id": "using_default_credentials",
36
+ "cwe": ["CWE-255", "CWE-521"]
37
+ },
38
+ {
39
+ "id": "misconfigured_dns",
40
+ "children": [
41
+ {
42
+ "id": "zone_transfer",
43
+ "cwe": ["CWE-669"]
44
+ }
45
+ ]
46
+ },
47
+ {
48
+ "id": "dbms_misconfiguration",
49
+ "children": [
50
+ {
51
+ "id": "excessively_privileged_user_dba",
52
+ "cwe": ["CWE-250"]
53
+ }
54
+ ]
55
+ },
56
+ {
57
+ "id": "lack_of_password_confirmation",
58
+ "children": [
59
+ {
60
+ "id": "change_password",
61
+ "cwe": ["CWE-620"]
62
+ }
63
+ ]
64
+ },
65
+ {
66
+ "id": "no_rate_limiting_on_form",
67
+ "cwe": ["CWE-799"],
68
+ "children": [
69
+ {
70
+ "id": "login",
71
+ "cwe": ["CWE-307"]
72
+ }
73
+ ]
74
+ },
75
+ {
76
+ "id": "unsafe_file_upload",
77
+ "children": [
78
+ {
79
+ "id": "file_extension_filter_bypass",
80
+ "cwe": ["CWE-434", "CWE-646"]
81
+ }
82
+ ]
83
+ },
84
+ {
85
+ "id": "missing_secure_or_httponly_cookie_flag",
86
+ "cwe": ["CWE-614", "CWE-1004"]
87
+ },
88
+ {
89
+ "id": "clickjacking",
90
+ "cwe": ["CWE-451"]
91
+ },
92
+ {
93
+ "id": "oauth_misconfiguration",
94
+ "cwe": ["CWE-303"],
95
+ "children": [
96
+ {
97
+ "id": "missing_state_parameter",
98
+ "cwe": ["CWE-352"]
99
+ },
100
+ {
101
+ "id": "insecure_redirect_uri",
102
+ "cwe": ["CWE-601"]
103
+ }
104
+ ]
105
+ },
106
+ {
107
+ "id": "captcha",
108
+ "cwe": ["CWE-804"]
109
+ },
110
+ {
111
+ "id": "username_enumeration",
112
+ "cwe": ["CWE-204"]
113
+ },
114
+ {
115
+ "id": "insecure_ssl",
116
+ "children": [
117
+ {
118
+ "id": "insecure_cipher_suite",
119
+ "cwe": ["CWE-326"]
120
+ }
121
+ ]
122
+ },
123
+ {
124
+ "id": "lack_of_security_headers",
125
+ "children": [
126
+ {
127
+ "id": "cache_control_for_a_non_sensitive_page",
128
+ "cwe": ["CWE-525"]
129
+ },
130
+ {
131
+ "id": "cache_control_for_a_sensitive_page",
132
+ "cwe": ["CWE-525"]
133
+ }
134
+ ]
135
+ },
136
+ {
137
+ "id": "race_condition",
138
+ "cwe": ["CWE-362", "CWE-366", "CWE-368", "CWE-421"]
139
+ },
140
+ {
141
+ "id": "cache_poisoning",
142
+ "cwe": ["CWE-444"]
143
+ }
144
+ ]
145
+ },
146
+ {
147
+ "id": "server_side_injection",
148
+ "cwe": ["CWE-929"],
149
+ "children": [
150
+ {
151
+ "id": "ldap_injection",
152
+ "cwe": ["CWE-90"]
153
+ },
154
+ {
155
+ "id": "file_inclusion",
156
+ "cwe": ["CWE-73", "CWE-714"]
157
+ },
158
+ {
159
+ "id": "remote_code_execution_rce",
160
+ "cwe": ["CWE-77", "CWE-78", "CWE-94", "CWE-95"]
161
+ },
162
+ {
163
+ "id": "sql_injection",
164
+ "cwe": ["CWE-89"]
165
+ },
166
+ {
167
+ "id": "xml_external_entity_injection_xxe",
168
+ "cwe": ["CWE-611"]
169
+ },
170
+ {
171
+ "id": "http_response_manipulation",
172
+ "children": [
173
+ {
174
+ "id": "response_splitting_crlf",
175
+ "cwe": ["CWE-113"]
176
+ }
177
+ ]
178
+ },
179
+ {
180
+ "id": "content_spoofing",
181
+ "cwe": ["CWE-451"],
182
+ "children": [
183
+ {
184
+ "id": "homograph_idn_based",
185
+ "cwe": ["CWE-1007"]
186
+ }
187
+ ]
188
+ },
189
+ {
190
+ "id": "ssti",
191
+ "cwe": ["CWE-94"]
192
+ }
193
+ ]
194
+ },
195
+ {
196
+ "id": "broken_authentication_and_session_management",
197
+ "cwe": ["CWE-930"],
198
+ "children": [
199
+ {
200
+ "id": "authentication_bypass",
201
+ "cwe": ["CWE-287"]
202
+ },
203
+ {
204
+ "id": "two_fa_bypass",
205
+ "cwe": ["CWE-304"]
206
+ },
207
+ {
208
+ "id": "privilege_escalation",
209
+ "cwe": ["CWE-269"]
210
+ },
211
+ {
212
+ "id": "cleartext_transmission_of_session_token",
213
+ "cwe": ["CWE-319"]
214
+ },
215
+ {
216
+ "id": "weak_login_function",
217
+ "cwe": ["CWE-523"]
218
+ },
219
+ {
220
+ "id": "session_fixation",
221
+ "cwe": ["CWE-384"]
222
+ },
223
+ {
224
+ "id": "failure_to_invalidate_session",
225
+ "cwe": ["CWE-613"]
226
+ },
227
+ {
228
+ "id": "concurrent_logins",
229
+ "cwe": ["CWE-1018"]
230
+ },
231
+ {
232
+ "id": "weak_registration_implementation",
233
+ "children": [
234
+ {
235
+ "id": "over_http",
236
+ "cwe": ["CWE-311"]
237
+ }
238
+ ]
239
+ }
240
+ ]
241
+ },
242
+ {
243
+ "id": "sensitive_data_exposure",
244
+ "cwe": ["CWE-934"],
245
+ "children": [
246
+ {
247
+ "id": "disclosure_of_secrets",
248
+ "children": [
249
+ {
250
+ "id": "pii_leakage_exposure",
251
+ "cwe": ["CWE-200"]
252
+ }
253
+ ]
254
+ },
255
+ {
256
+ "id": "exif_geolocation_data_not_stripped_from_uploaded_images",
257
+ "cwe": ["CWE-200"]
258
+ },
259
+ {
260
+ "id": "visible_detailed_error_page",
261
+ "cwe": ["CWE-209", "CWE-215"]
262
+ },
263
+ {
264
+ "id": "disclosure_of_known_public_information",
265
+ "cwe": ["CWE-200"]
266
+ },
267
+ {
268
+ "id": "token_leakage_via_referer",
269
+ "cwe": ["CWE-200"]
270
+ },
271
+ {
272
+ "id": "sensitive_token_in_url",
273
+ "cwe": ["CWE-200"]
274
+ },
275
+ {
276
+ "id": "non_sensitive_token_in_url",
277
+ "cwe": ["CWE-200"]
278
+ },
279
+ {
280
+ "id": "weak_password_reset_implementation",
281
+ "cwe": ["CWE-640"]
282
+ },
283
+ {
284
+ "id": "via_localstorage_sessionstorage",
285
+ "cwe": ["CWE-922"]
286
+ }
287
+ ]
288
+ },
289
+ {
290
+ "id": "cross_site_scripting_xss",
291
+ "cwe": ["CWE-79"]
292
+ },
293
+ {
294
+ "id": "broken_access_control",
295
+ "cwe": ["CWE-723"],
296
+ "children": [
297
+ {
298
+ "id": "idor",
299
+ "cwe": ["CWE-932"]
300
+ },
301
+ {
302
+ "id": "username_enumeration",
303
+ "cwe": ["CWE-200"]
304
+ },
305
+ {
306
+ "id": "exposed_sensitive_android_intent",
307
+ "cwe": ["CWE-927"]
308
+ },
309
+ {
310
+ "id": "exposed_sensitive_ios_url_scheme",
311
+ "cwe": ["CWE-939"]
312
+ }
313
+ ]
314
+ },
315
+ {
316
+ "id": "cross_site_request_forgery_csrf",
317
+ "cwe": ["CWE-352"]
318
+ },
319
+ {
320
+ "id": "application_level_denial_of_service_dos",
321
+ "cwe": ["CWE-400"]
322
+ },
323
+ {
324
+ "id": "unvalidated_redirects_and_forwards",
325
+ "cwe": ["CWE-601"],
326
+ "children": [
327
+ {
328
+ "id": "open_redirect",
329
+ "cwe": ["CWE-601"]
330
+ },
331
+ {
332
+ "id": "tabnabbing",
333
+ "cwe": ["CWE-1022"]
334
+ }
335
+ ]
336
+ },
337
+ {
338
+ "id": "external_behavior",
339
+ "cwe": null
340
+ },
341
+ {
342
+ "id": "insufficient_security_configurability",
343
+ "cwe": ["CWE-16"],
344
+ "children": [
345
+ {
346
+ "id": "weak_password_policy",
347
+ "cwe": ["CWE-521"]
348
+ },
349
+ {
350
+ "id": "no_password_policy",
351
+ "cwe": ["CWE-521"]
352
+ },
353
+ {
354
+ "id": "password_policy_bypass",
355
+ "cwe": ["CWE-521"]
356
+ },
357
+ {
358
+ "id": "weak_password_reset_implementation",
359
+ "cwe": ["CWE-640"]
360
+ }
361
+ ]
362
+ },
363
+ {
364
+ "id": "using_components_with_known_vulnerabilities",
365
+ "cwe": ["CWE-937"]
366
+ },
367
+ {
368
+ "id": "insecure_data_storage",
369
+ "cwe": ["CWE-729", "CWE-922"],
370
+ "children": [
371
+ {
372
+ "id": "sensitive_application_data_stored_unencrypted",
373
+ "cwe": ["CWE-312"]
374
+ },
375
+ {
376
+ "id": "server_side_credentials_storage",
377
+ "cwe": ["CWE-522"],
378
+ "children": [
379
+ {
380
+ "id": "plaintext",
381
+ "cwe": ["CWE-256"]
382
+ }
383
+ ]
384
+ },
385
+ {
386
+ "id": "non_sensitive_application_data_stored_unencrypted",
387
+ "cwe": ["CWE-312"]
388
+ }
389
+ ]
390
+ },
391
+ {
392
+ "id": "ai_application_security",
393
+ "cwe": null
394
+ },
395
+ {
396
+ "id": "lack_of_binary_hardening",
397
+ "cwe": ["CWE-693"]
398
+ },
399
+ {
400
+ "id": "insecure_data_transport",
401
+ "cwe": ["CWE-311", "CWE-319"],
402
+ "children": [
403
+ {
404
+ "id": "cleartext_transmission_of_sensitive_data",
405
+ "cwe": ["CWE-319"]
406
+ },
407
+ {
408
+ "id": "executable_download",
409
+ "children": [
410
+ {
411
+ "id": "no_secure_integrity_check",
412
+ "cwe": ["CWE-353", "CWE-354", "CWE-494"]
413
+ }
414
+ ]
415
+ }
416
+ ]
417
+ },
418
+ {
419
+ "id": "insecure_os_firmware",
420
+ "children": [
421
+ {
422
+ "id": "command_injection",
423
+ "cwe": ["CWE-77"]
424
+ },
425
+ {
426
+ "id": "hardcoded_password",
427
+ "cwe": ["CWE-259"]
428
+ }
429
+ ]
430
+ },
431
+ {
432
+ "id": "cryptographic_weakness",
433
+ "cwe": ["CWE-310", "CWE-1205"],
434
+ "children": [
435
+ {
436
+ "id": "insufficient_entropy",
437
+ "cwe": ["CWE-330", "CWE-331"],
438
+ "children": [
439
+ {
440
+ "id": "limited_rng_entropy_source",
441
+ "cwe": ["CWE-338", "CWE-332"]
442
+ },
443
+ {
444
+ "id": "use_of_trng_for_nonsecurity_purpose",
445
+ "cwe": ["CWE-333"]
446
+ },
447
+ {
448
+ "id": "prng_seed_reuse",
449
+ "cwe": ["CWE-336"]
450
+ },
451
+ {
452
+ "id": "predictable_prng_seed",
453
+ "cwe": ["CWE-337"]
454
+ },
455
+ {
456
+ "id": "small_seed_space_in_prng",
457
+ "cwe": ["CWE-339", "CWE-334"]
458
+ },
459
+ {
460
+ "id": "initialization_vector_reuse",
461
+ "cwe": ["CWE-1204"]
462
+ },
463
+ {
464
+ "id": "predictable_initialization_vector",
465
+ "cwe": ["CWE-340"]
466
+ }
467
+ ]
468
+ },
469
+ {
470
+ "id": "insecure_implementation",
471
+ "cwe": ["CWE-573"],
472
+ "children": [
473
+ {
474
+ "id": "missing_cryptographic_step",
475
+ "cwe": ["CWE-325"]
476
+ },
477
+ {
478
+ "id": "improper_following_of_specification",
479
+ "cwe": ["CWE-358", "CWE-573"]
480
+ }
481
+ ]
482
+ },
483
+ {
484
+ "id": "weak_hash",
485
+ "cwe": ["CWE-328"],
486
+ "children": [
487
+ {
488
+ "id": "lack_of_salt",
489
+ "cwe": ["CWE-759", "CWE-916"]
490
+ },
491
+ {
492
+ "id": "use_of_predictable_salt",
493
+ "cwe": ["CWE-760"]
494
+ },
495
+ {
496
+ "id": "predictable_hash_collision",
497
+ "cwe": ["CWE-328"]
498
+ }
499
+ ]
500
+ },
501
+ {
502
+ "id": "insufficient_verification_of_data_authenticity",
503
+ "cwe": ["CWE-345"],
504
+ "children": [
505
+ {
506
+ "id": "identity_check_value",
507
+ "cwe": ["CWE-353", "CWE-354", "CWE-924"]
508
+ },
509
+ {
510
+ "id": "cryptographic_signature",
511
+ "cwe": ["CWE-347"]
512
+ }
513
+ ]
514
+ },
515
+ {
516
+ "id": "insecure_key_generation",
517
+ "cwe": null,
518
+ "children": [
519
+ {
520
+ "id": "improper_asymmetric_prime_selection",
521
+ "cwe": ["CWE-326", "CWE-1240"]
522
+ },
523
+ {
524
+ "id": "improper_asymmetric_exponent_selection",
525
+ "cwe": ["CWE-326", "CWE-1240"]
526
+ },
527
+ {
528
+ "id": "insufficient_key_stretching",
529
+ "cwe": ["CWE-326", "CWE-1240"]
530
+ },
531
+ {
532
+ "id": "insufficient_key_space",
533
+ "cwe": ["CWE-326", "CWE-331", "CWE-1240"]
534
+ },
535
+ {
536
+ "id": "key_exchange_without_entity_authentication",
537
+ "cwe": ["CWE-322"]
538
+ }
539
+ ]
540
+ },
541
+ {
542
+ "id": "key_reuse",
543
+ "cwe": ["CWE-323"],
544
+ "children": [
545
+ {
546
+ "id": "lack_of_perfect_forward_secrecy",
547
+ "cwe": ["CWE-323"]
548
+ },
549
+ {
550
+ "id": "intra_environment",
551
+ "cwe": ["CWE-323"]
552
+ },
553
+ {
554
+ "id": "inter_environment",
555
+ "cwe": ["CWE-323"]
556
+ }
557
+ ]
558
+ },
559
+ {
560
+ "id": "broken_cryptography",
561
+ "cwe": ["CWE-327"],
562
+ "children": [
563
+ {
564
+ "id": "use_of_broken_cryptographic_primitive",
565
+ "cwe": ["CWE-327"]
566
+ },
567
+ {
568
+ "id": "use_of_vulnerable_cryptographic_library",
569
+ "cwe": ["CWE-327"]
570
+ }
571
+ ]
572
+ },
573
+ {
574
+ "id": "side_channel_attack",
575
+ "cwe": ["CWE-203", "CWE-1300"],
576
+ "children": [
577
+ {
578
+ "id": "padding_oracle_attack",
579
+ "cwe": ["CWE-780"]
580
+ },
581
+ {
582
+ "id": "timing_attack",
583
+ "cwe": ["CWE-208"]
584
+ },
585
+ {
586
+ "id": "power_analysis_attack",
587
+ "cwe": ["CWE-1300"]
588
+ },
589
+ {
590
+ "id": "emanations_attack",
591
+ "cwe": ["CWE-1300"]
592
+ },
593
+ {
594
+ "id": "differential_fault_analysis",
595
+ "cwe": ["CWE-204", "CWE-205"]
596
+ }
597
+ ]
598
+ },
599
+ {
600
+ "id": "use_of_expired_cryptographic_key_or_cert",
601
+ "cwe": ["CWE-295", "CWE-298", "CWE-299", "CWE-324"]
602
+ },
603
+ {
604
+ "id": "incomplete_cleanup_of_keying_material",
605
+ "cwe": ["CWE-459"]
606
+ }
607
+ ]
608
+ },
609
+ {
610
+ "id": "privacy_concerns",
611
+ "cwe": ["CWE-359"]
612
+ },
613
+ {
614
+ "id": "network_security_misconfiguration",
615
+ "cwe": ["CWE-16"]
616
+ },
617
+ {
618
+ "id": "mobile_security_misconfiguration",
619
+ "cwe": ["CWE-919"]
620
+ },
621
+ {
622
+ "id": "client_side_injection",
623
+ "cwe": ["CWE-929"]
624
+ },
625
+ {
626
+ "id": "automotive_security_misconfiguration",
627
+ "cwe": null,
628
+ "children": [
629
+ {
630
+ "id": "infotainment_radio_head_unit",
631
+ "cwe": null
632
+ },
633
+ {
634
+ "id": "rf_hub",
635
+ "cwe": null
636
+ },
637
+ {
638
+ "id": "can",
639
+ "cwe": null
640
+ },
641
+ {
642
+ "id": "battery_management_system",
643
+ "cwe": null
644
+ },
645
+ {
646
+ "id": "gnss_gps",
647
+ "cwe": null
648
+ },
649
+ {
650
+ "id": "immobilizer",
651
+ "cwe": null
652
+ },
653
+ {
654
+ "id": "abs",
655
+ "cwe": null
656
+ },
657
+ {
658
+ "id": "rsu",
659
+ "cwe": null
660
+ }
661
+ ]
662
+ },
663
+ {
664
+ "id": "indicators_of_compromise",
665
+ "cwe": null
666
+ }
667
+ ]
668
+ }