vrt 0.12.5 → 0.12.6

Sign up to get free protection for your applications and to get access to all the features.
Files changed (13) hide show
  1. checksums.yaml +4 -4
  2. data/lib/data/1.13/deprecated-node-mapping.json +236 -0
  3. data/lib/data/1.13/mappings/cvss_v3/cvss_v3.json +1368 -0
  4. data/lib/data/1.13/mappings/cvss_v3/cvss_v3.schema.json +59 -0
  5. data/lib/data/1.13/mappings/cwe/cwe.json +756 -0
  6. data/lib/data/1.13/mappings/cwe/cwe.schema.json +63 -0
  7. data/lib/data/1.13/mappings/remediation_advice/remediation_advice.json +1938 -0
  8. data/lib/data/1.13/mappings/remediation_advice/remediation_advice.schema.json +75 -0
  9. data/lib/data/1.13/third-party-mappings/remediation_training/secure-code-warrior-links.json +421 -0
  10. data/lib/data/1.13/vrt.schema.json +63 -0
  11. data/lib/data/1.13/vulnerability-rating-taxonomy.json +2623 -0
  12. data/lib/vrt/version.rb +1 -1
  13. metadata +17 -7
data/lib/data/1.13/mappings/cwe/cwe.json ADDED
@@ -0,0 +1,756 @@
1
+ {
2
+ "metadata": {
3
+ "default": null
4
+ },
5
+ "content": [
6
+ {
7
+ "id": "server_security_misconfiguration",
8
+ "cwe": ["CWE-16"],
9
+ "children": [
10
+ {
11
+ "id": "server_side_request_forgery_ssrf",
12
+ "cwe": ["CWE-918", "CWE-441"]
13
+ },
14
+ {
15
+ "id": "unsafe_cross_origin_resource_sharing",
16
+ "cwe": ["CWE-942"]
17
+ },
18
+ {
19
+ "id": "request_smuggling",
20
+ "cwe": ["CWE-444"]
21
+ },
22
+ {
23
+ "id": "path_traversal",
24
+ "cwe": ["CWE-22", "CWE-73"]
25
+ },
26
+ {
27
+ "id": "directory_listing_enabled",
28
+ "cwe": ["CWE-548"]
29
+ },
30
+ {
31
+ "id": "ssl_attack_breach_poodle_etc",
32
+ "cwe": ["CWE-310"]
33
+ },
34
+ {
35
+ "id": "using_default_credentials",
36
+ "cwe": ["CWE-255", "CWE-521"]
37
+ },
38
+ {
39
+ "id": "misconfigured_dns",
40
+ "children": [
41
+ {
42
+ "id": "zone_transfer",
43
+ "cwe": ["CWE-669"]
44
+ }
45
+ ]
46
+ },
47
+ {
48
+ "id": "dbms_misconfiguration",
49
+ "children": [
50
+ {
51
+ "id": "excessively_privileged_user_dba",
52
+ "cwe": ["CWE-250"]
53
+ }
54
+ ]
55
+ },
56
+ {
57
+ "id": "lack_of_password_confirmation",
58
+ "children": [
59
+ {
60
+ "id": "change_password",
61
+ "cwe": ["CWE-620"]
62
+ }
63
+ ]
64
+ },
65
+ {
66
+ "id": "no_rate_limiting_on_form",
67
+ "cwe": ["CWE-799"],
68
+ "children": [
69
+ {
70
+ "id": "login",
71
+ "cwe": ["CWE-307"]
72
+ }
73
+ ]
74
+ },
75
+ {
76
+ "id": "unsafe_file_upload",
77
+ "children": [
78
+ {
79
+ "id": "file_extension_filter_bypass",
80
+ "cwe": ["CWE-434", "CWE-646"]
81
+ }
82
+ ]
83
+ },
84
+ {
85
+ "id": "missing_secure_or_httponly_cookie_flag",
86
+ "cwe": ["CWE-614", "CWE-1004"]
87
+ },
88
+ {
89
+ "id": "clickjacking",
90
+ "cwe": ["CWE-451"]
91
+ },
92
+ {
93
+ "id": "oauth_misconfiguration",
94
+ "cwe": ["CWE-303"],
95
+ "children": [
96
+ {
97
+ "id": "missing_state_parameter",
98
+ "cwe": ["CWE-352"]
99
+ },
100
+ {
101
+ "id": "insecure_redirect_uri",
102
+ "cwe": ["CWE-601"]
103
+ }
104
+ ]
105
+ },
106
+ {
107
+ "id": "captcha",
108
+ "cwe": ["CWE-804"]
109
+ },
110
+ {
111
+ "id": "username_enumeration",
112
+ "cwe": ["CWE-204"]
113
+ },
114
+ {
115
+ "id": "insecure_ssl",
116
+ "children": [
117
+ {
118
+ "id": "insecure_cipher_suite",
119
+ "cwe": ["CWE-326"]
120
+ }
121
+ ]
122
+ },
123
+ {
124
+ "id": "lack_of_security_headers",
125
+ "children": [
126
+ {
127
+ "id": "cache_control_for_a_non_sensitive_page",
128
+ "cwe": ["CWE-525"]
129
+ },
130
+ {
131
+ "id": "cache_control_for_a_sensitive_page",
132
+ "cwe": ["CWE-525"]
133
+ }
134
+ ]
135
+ },
136
+ {
137
+ "id": "race_condition",
138
+ "cwe": ["CWE-362", "CWE-366", "CWE-368", "CWE-421"]
139
+ },
140
+ {
141
+ "id": "cache_poisoning",
142
+ "cwe": ["CWE-444"]
143
+ }
144
+ ]
145
+ },
146
+ {
147
+ "id": "server_side_injection",
148
+ "cwe": ["CWE-929"],
149
+ "children": [
150
+ {
151
+ "id": "ldap_injection",
152
+ "cwe": ["CWE-90"]
153
+ },
154
+ {
155
+ "id": "file_inclusion",
156
+ "cwe": ["CWE-73", "CWE-714"]
157
+ },
158
+ {
159
+ "id": "remote_code_execution_rce",
160
+ "cwe": ["CWE-77", "CWE-78", "CWE-94", "CWE-95"]
161
+ },
162
+ {
163
+ "id": "sql_injection",
164
+ "cwe": ["CWE-89"]
165
+ },
166
+ {
167
+ "id": "xml_external_entity_injection_xxe",
168
+ "cwe": ["CWE-611"]
169
+ },
170
+ {
171
+ "id": "http_response_manipulation",
172
+ "children": [
173
+ {
174
+ "id": "response_splitting_crlf",
175
+ "cwe": ["CWE-113"]
176
+ }
177
+ ]
178
+ },
179
+ {
180
+ "id": "content_spoofing",
181
+ "cwe": ["CWE-451"],
182
+ "children": [
183
+ {
184
+ "id": "homograph_idn_based",
185
+ "cwe": ["CWE-1007"]
186
+ }
187
+ ]
188
+ },
189
+ {
190
+ "id": "ssti",
191
+ "cwe": ["CWE-94"]
192
+ }
193
+ ]
194
+ },
195
+ {
196
+ "id": "broken_authentication_and_session_management",
197
+ "cwe": ["CWE-930"],
198
+ "children": [
199
+ {
200
+ "id": "authentication_bypass",
201
+ "cwe": ["CWE-287"]
202
+ },
203
+ {
204
+ "id": "two_fa_bypass",
205
+ "cwe": ["CWE-304"]
206
+ },
207
+ {
208
+ "id": "privilege_escalation",
209
+ "cwe": ["CWE-269"]
210
+ },
211
+ {
212
+ "id": "cleartext_transmission_of_session_token",
213
+ "cwe": ["CWE-319"]
214
+ },
215
+ {
216
+ "id": "weak_login_function",
217
+ "cwe": ["CWE-523"]
218
+ },
219
+ {
220
+ "id": "session_fixation",
221
+ "cwe": ["CWE-384"]
222
+ },
223
+ {
224
+ "id": "failure_to_invalidate_session",
225
+ "cwe": ["CWE-613"]
226
+ },
227
+ {
228
+ "id": "concurrent_logins",
229
+ "cwe": ["CWE-1018"]
230
+ },
231
+ {
232
+ "id": "weak_registration_implementation",
233
+ "children": [
234
+ {
235
+ "id": "over_http",
236
+ "cwe": ["CWE-311"]
237
+ }
238
+ ]
239
+ }
240
+ ]
241
+ },
242
+ {
243
+ "id": "sensitive_data_exposure",
244
+ "cwe": ["CWE-934"],
245
+ "children": [
246
+ {
247
+ "id": "disclosure_of_secrets",
248
+ "children": [
249
+ {
250
+ "id": "pii_leakage_exposure",
251
+ "cwe": ["CWE-200"]
252
+ }
253
+ ]
254
+ },
255
+ {
256
+ "id": "exif_geolocation_data_not_stripped_from_uploaded_images",
257
+ "cwe": ["CWE-200"]
258
+ },
259
+ {
260
+ "id": "visible_detailed_error_page",
261
+ "cwe": ["CWE-209", "CWE-215"]
262
+ },
263
+ {
264
+ "id": "disclosure_of_known_public_information",
265
+ "cwe": ["CWE-200"]
266
+ },
267
+ {
268
+ "id": "token_leakage_via_referer",
269
+ "cwe": ["CWE-200"]
270
+ },
271
+ {
272
+ "id": "sensitive_token_in_url",
273
+ "cwe": ["CWE-200"]
274
+ },
275
+ {
276
+ "id": "non_sensitive_token_in_url",
277
+ "cwe": ["CWE-200"]
278
+ },
279
+ {
280
+ "id": "weak_password_reset_implementation",
281
+ "cwe": ["CWE-640"]
282
+ },
283
+ {
284
+ "id": "via_localstorage_sessionstorage",
285
+ "cwe": ["CWE-922"]
286
+ }
287
+ ]
288
+ },
289
+ {
290
+ "id": "cross_site_scripting_xss",
291
+ "cwe": ["CWE-79"]
292
+ },
293
+ {
294
+ "id": "broken_access_control",
295
+ "cwe": ["CWE-723"],
296
+ "children": [
297
+ {
298
+ "id": "idor",
299
+ "cwe": ["CWE-932"]
300
+ },
301
+ {
302
+ "id": "username_enumeration",
303
+ "cwe": ["CWE-200"]
304
+ },
305
+ {
306
+ "id": "exposed_sensitive_android_intent",
307
+ "cwe": ["CWE-927"]
308
+ },
309
+ {
310
+ "id": "exposed_sensitive_ios_url_scheme",
311
+ "cwe": ["CWE-939"]
312
+ }
313
+ ]
314
+ },
315
+ {
316
+ "id": "cross_site_request_forgery_csrf",
317
+ "cwe": ["CWE-352"]
318
+ },
319
+ {
320
+ "id": "application_level_denial_of_service_dos",
321
+ "cwe": ["CWE-400"]
322
+ },
323
+ {
324
+ "id": "unvalidated_redirects_and_forwards",
325
+ "cwe": ["CWE-601"],
326
+ "children": [
327
+ {
328
+ "id": "open_redirect",
329
+ "cwe": ["CWE-601"]
330
+ },
331
+ {
332
+ "id": "tabnabbing",
333
+ "cwe": ["CWE-1022"]
334
+ }
335
+ ]
336
+ },
337
+ {
338
+ "id": "external_behavior",
339
+ "cwe": null
340
+ },
341
+ {
342
+ "id": "insufficient_security_configurability",
343
+ "cwe": ["CWE-16"],
344
+ "children": [
345
+ {
346
+ "id": "weak_password_policy",
347
+ "cwe": ["CWE-521"]
348
+ },
349
+ {
350
+ "id": "no_password_policy",
351
+ "cwe": ["CWE-521"]
352
+ },
353
+ {
354
+ "id": "password_policy_bypass",
355
+ "cwe": ["CWE-521"]
356
+ },
357
+ {
358
+ "id": "weak_password_reset_implementation",
359
+ "cwe": ["CWE-640"]
360
+ }
361
+ ]
362
+ },
363
+ {
364
+ "id": "using_components_with_known_vulnerabilities",
365
+ "cwe": ["CWE-937"]
366
+ },
367
+ {
368
+ "id": "insecure_data_storage",
369
+ "cwe": ["CWE-729", "CWE-922"],
370
+ "children": [
371
+ {
372
+ "id": "sensitive_application_data_stored_unencrypted",
373
+ "cwe": ["CWE-312"]
374
+ },
375
+ {
376
+ "id": "server_side_credentials_storage",
377
+ "cwe": ["CWE-522"],
378
+ "children": [
379
+ {
380
+ "id": "plaintext",
381
+ "cwe": ["CWE-256"]
382
+ }
383
+ ]
384
+ },
385
+ {
386
+ "id": "non_sensitive_application_data_stored_unencrypted",
387
+ "cwe": ["CWE-312"]
388
+ }
389
+ ]
390
+ },
391
+ {
392
+ "id": "ai_application_security",
393
+ "cwe": null
394
+ },
395
+ {
396
+ "id": "lack_of_binary_hardening",
397
+ "cwe": ["CWE-693"]
398
+ },
399
+ {
400
+ "id": "insecure_data_transport",
401
+ "cwe": ["CWE-311", "CWE-319"],
402
+ "children": [
403
+ {
404
+ "id": "cleartext_transmission_of_sensitive_data",
405
+ "cwe": ["CWE-319"]
406
+ },
407
+ {
408
+ "id": "executable_download",
409
+ "children": [
410
+ {
411
+ "id": "no_secure_integrity_check",
412
+ "cwe": ["CWE-353", "CWE-354", "CWE-494"]
413
+ }
414
+ ]
415
+ }
416
+ ]
417
+ },
418
+ {
419
+ "id": "physical_security_issues",
420
+ "children": [
421
+ {
422
+ "id": "bypass_of_physical_access_control",
423
+ "cwe": ["CWE-1300"]
424
+ },
425
+ {
426
+ "id": "weakness_in_physical_access_control",
427
+ "children": [
428
+ {
429
+ "id": "cloneable_key",
430
+ "cwe": ["CWE-1300"]
431
+ },
432
+ {
433
+ "id": "master_key_identification",
434
+ "cwe": ["CWE-284"]
435
+ },
436
+ {
437
+ "id": "commonly_keyed_system",
438
+ "cwe": ["CWE-284"]
439
+ }
440
+ ]
441
+ }
442
+ ]
443
+ },
444
+ {
445
+ "id": "insecure_os_firmware",
446
+ "children": [
447
+ {
448
+ "id": "command_injection",
449
+ "cwe": ["CWE-77"]
450
+ },
451
+ {
452
+ "id": "hardcoded_password",
453
+ "cwe": ["CWE-259"]
454
+ },
455
+ {
456
+ "id": "weakness_in_firmware_updates",
457
+ "children": [
458
+ {
459
+ "id": "firmware_cannot_be_updated",
460
+ "cwe": ["CWE-434"]
461
+ },
462
+ {
463
+ "id": "firmware_does_not_validate_update_integrity",
464
+ "cwe": ["CWE-434"]
465
+ },
466
+ {
467
+ "id": "firmware_is_not_encrypted",
468
+ "cwe": ["CWE-434"]
469
+ }
470
+ ]
471
+ },
472
+ {
473
+ "id": "kiosk_escape_or_breakout",
474
+ "cwe": ["CWE-284"]
475
+ },
476
+ {
477
+ "id": "poorly_configured_disk_encryption",
478
+ "cwe": ["CWE-326"]
479
+ },
480
+ {
481
+ "id": "shared_credentials_on_storage",
482
+ "cwe": ["CWE-798"]
483
+ },
484
+ {
485
+ "id": "over_permissioned_credentials_on_storage",
486
+ "cwe": ["CWE-250"]
487
+ },
488
+ {
489
+ "id": "local_administrator_on_default_environment",
490
+ "cwe": ["CWE-276"]
491
+ },
492
+ {
493
+ "id": "poorly_configured_operating_system_security",
494
+ "cwe": ["CWE-16"]
495
+ },
496
+ {
497
+ "id": "recovery_of_disk_contains_sensitive_material",
498
+ "cwe": ["CWE-522"]
499
+ },
500
+ {
501
+ "id": "failure_to_remove_sensitive_artifacts_from_disk",
502
+ "cwe": ["CWE-459"]
503
+ },
504
+ {
505
+ "id": "data_not_encrypted_at_rest",
506
+ "children": [
507
+ {
508
+ "id": "sensitive",
509
+ "cwe": ["CWE-311"]
510
+ },
511
+ {
512
+ "id": "non_sensitive",
513
+ "cwe": ["CWE-311"]
514
+ }
515
+ ]
516
+ }
517
+ ]
518
+ },
519
+ {
520
+ "id": "cryptographic_weakness",
521
+ "cwe": ["CWE-310", "CWE-1205"],
522
+ "children": [
523
+ {
524
+ "id": "insufficient_entropy",
525
+ "cwe": ["CWE-330", "CWE-331"],
526
+ "children": [
527
+ {
528
+ "id": "limited_rng_entropy_source",
529
+ "cwe": ["CWE-338", "CWE-332"]
530
+ },
531
+ {
532
+ "id": "use_of_trng_for_nonsecurity_purpose",
533
+ "cwe": ["CWE-333"]
534
+ },
535
+ {
536
+ "id": "prng_seed_reuse",
537
+ "cwe": ["CWE-336"]
538
+ },
539
+ {
540
+ "id": "predictable_prng_seed",
541
+ "cwe": ["CWE-337"]
542
+ },
543
+ {
544
+ "id": "small_seed_space_in_prng",
545
+ "cwe": ["CWE-339", "CWE-334"]
546
+ },
547
+ {
548
+ "id": "initialization_vector_reuse",
549
+ "cwe": ["CWE-1204"]
550
+ },
551
+ {
552
+ "id": "predictable_initialization_vector",
553
+ "cwe": ["CWE-340"]
554
+ }
555
+ ]
556
+ },
557
+ {
558
+ "id": "insecure_implementation",
559
+ "cwe": ["CWE-573"],
560
+ "children": [
561
+ {
562
+ "id": "missing_cryptographic_step",
563
+ "cwe": ["CWE-325"]
564
+ },
565
+ {
566
+ "id": "improper_following_of_specification",
567
+ "cwe": ["CWE-358", "CWE-573"]
568
+ }
569
+ ]
570
+ },
571
+ {
572
+ "id": "weak_hash",
573
+ "cwe": ["CWE-328"],
574
+ "children": [
575
+ {
576
+ "id": "lack_of_salt",
577
+ "cwe": ["CWE-759", "CWE-916"]
578
+ },
579
+ {
580
+ "id": "use_of_predictable_salt",
581
+ "cwe": ["CWE-760"]
582
+ },
583
+ {
584
+ "id": "predictable_hash_collision",
585
+ "cwe": ["CWE-328"]
586
+ }
587
+ ]
588
+ },
589
+ {
590
+ "id": "insufficient_verification_of_data_authenticity",
591
+ "cwe": ["CWE-345"],
592
+ "children": [
593
+ {
594
+ "id": "identity_check_value",
595
+ "cwe": ["CWE-353", "CWE-354", "CWE-924"]
596
+ },
597
+ {
598
+ "id": "cryptographic_signature",
599
+ "cwe": ["CWE-347"]
600
+ }
601
+ ]
602
+ },
603
+ {
604
+ "id": "insecure_key_generation",
605
+ "cwe": null,
606
+ "children": [
607
+ {
608
+ "id": "improper_asymmetric_prime_selection",
609
+ "cwe": ["CWE-326", "CWE-1240"]
610
+ },
611
+ {
612
+ "id": "improper_asymmetric_exponent_selection",
613
+ "cwe": ["CWE-326", "CWE-1240"]
614
+ },
615
+ {
616
+ "id": "insufficient_key_stretching",
617
+ "cwe": ["CWE-326", "CWE-1240"]
618
+ },
619
+ {
620
+ "id": "insufficient_key_space",
621
+ "cwe": ["CWE-326", "CWE-331", "CWE-1240"]
622
+ },
623
+ {
624
+ "id": "key_exchange_without_entity_authentication",
625
+ "cwe": ["CWE-322"]
626
+ }
627
+ ]
628
+ },
629
+ {
630
+ "id": "key_reuse",
631
+ "cwe": ["CWE-323"],
632
+ "children": [
633
+ {
634
+ "id": "lack_of_perfect_forward_secrecy",
635
+ "cwe": ["CWE-323"]
636
+ },
637
+ {
638
+ "id": "intra_environment",
639
+ "cwe": ["CWE-323"]
640
+ },
641
+ {
642
+ "id": "inter_environment",
643
+ "cwe": ["CWE-323"]
644
+ }
645
+ ]
646
+ },
647
+ {
648
+ "id": "broken_cryptography",
649
+ "cwe": ["CWE-327"],
650
+ "children": [
651
+ {
652
+ "id": "use_of_broken_cryptographic_primitive",
653
+ "cwe": ["CWE-327"]
654
+ },
655
+ {
656
+ "id": "use_of_vulnerable_cryptographic_library",
657
+ "cwe": ["CWE-327"]
658
+ }
659
+ ]
660
+ },
661
+ {
662
+ "id": "side_channel_attack",
663
+ "cwe": ["CWE-203", "CWE-1300"],
664
+ "children": [
665
+ {
666
+ "id": "padding_oracle_attack",
667
+ "cwe": ["CWE-780"]
668
+ },
669
+ {
670
+ "id": "timing_attack",
671
+ "cwe": ["CWE-208"]
672
+ },
673
+ {
674
+ "id": "power_analysis_attack",
675
+ "cwe": ["CWE-1300"]
676
+ },
677
+ {
678
+ "id": "emanations_attack",
679
+ "cwe": ["CWE-1300"]
680
+ },
681
+ {
682
+ "id": "differential_fault_analysis",
683
+ "cwe": ["CWE-204", "CWE-205"]
684
+ }
685
+ ]
686
+ },
687
+ {
688
+ "id": "use_of_expired_cryptographic_key_or_cert",
689
+ "cwe": ["CWE-295", "CWE-298", "CWE-299", "CWE-324"]
690
+ },
691
+ {
692
+ "id": "incomplete_cleanup_of_keying_material",
693
+ "cwe": ["CWE-459"]
694
+ }
695
+ ]
696
+ },
697
+ {
698
+ "id": "privacy_concerns",
699
+ "cwe": ["CWE-359"]
700
+ },
701
+ {
702
+ "id": "network_security_misconfiguration",
703
+ "cwe": ["CWE-16"]
704
+ },
705
+ {
706
+ "id": "mobile_security_misconfiguration",
707
+ "cwe": ["CWE-919"]
708
+ },
709
+ {
710
+ "id": "client_side_injection",
711
+ "cwe": ["CWE-929"]
712
+ },
713
+ {
714
+ "id": "automotive_security_misconfiguration",
715
+ "cwe": null,
716
+ "children": [
717
+ {
718
+ "id": "infotainment_radio_head_unit",
719
+ "cwe": null
720
+ },
721
+ {
722
+ "id": "rf_hub",
723
+ "cwe": null
724
+ },
725
+ {
726
+ "id": "can",
727
+ "cwe": null
728
+ },
729
+ {
730
+ "id": "battery_management_system",
731
+ "cwe": null
732
+ },
733
+ {
734
+ "id": "gnss_gps",
735
+ "cwe": null
736
+ },
737
+ {
738
+ "id": "immobilizer",
739
+ "cwe": null
740
+ },
741
+ {
742
+ "id": "abs",
743
+ "cwe": null
744
+ },
745
+ {
746
+ "id": "rsu",
747
+ "cwe": null
748
+ }
749
+ ]
750
+ },
751
+ {
752
+ "id": "indicators_of_compromise",
753
+ "cwe": null
754
+ }
755
+ ]
756
+ }