vrt 0.13.2 → 0.13.3

Sign up to get free protection for your applications and to get access to all the features.
Files changed (13) hide show
  1. checksums.yaml +4 -4
  2. data/lib/data/1.15/deprecated-node-mapping.json +257 -0
  3. data/lib/data/1.15/mappings/cvss_v3/cvss_v3.json +1461 -0
  4. data/lib/data/1.15/mappings/cvss_v3/cvss_v3.schema.json +59 -0
  5. data/lib/data/1.15/mappings/cwe/cwe.json +1161 -0
  6. data/lib/data/1.15/mappings/cwe/cwe.schema.json +63 -0
  7. data/lib/data/1.15/mappings/remediation_advice/remediation_advice.json +2115 -0
  8. data/lib/data/1.15/mappings/remediation_advice/remediation_advice.schema.json +75 -0
  9. data/lib/data/1.15/third-party-mappings/remediation_training/secure-code-warrior-links.json +490 -0
  10. data/lib/data/1.15/vrt.schema.json +63 -0
  11. data/lib/data/1.15/vulnerability-rating-taxonomy.json +3052 -0
  12. data/lib/vrt/version.rb +1 -1
  13. metadata +12 -2
data/lib/data/1.15/mappings/cwe/cwe.json ADDED
@@ -0,0 +1,1161 @@
1
+ {
2
+ "metadata": {
3
+ "default": null
4
+ },
5
+ "content": [
6
+ {
7
+ "id": "ai_application_security",
8
+ "cwe": null
9
+ },
10
+ {
11
+ "id": "algorithmic_biases",
12
+ "cwe": null,
13
+ "children": [
14
+ {
15
+ "id": "aggregation_bias",
16
+ "cwe": null
17
+ },
18
+ {
19
+ "id": "processing_bias",
20
+ "cwe": null
21
+ }
22
+ ]
23
+ },
24
+ {
25
+ "id": "application_level_denial_of_service_dos",
26
+ "cwe": [
27
+ "CWE-400"
28
+ ]
29
+ },
30
+ {
31
+ "id": "automotive_security_misconfiguration",
32
+ "cwe": null,
33
+ "children": [
34
+ {
35
+ "id": "abs",
36
+ "cwe": null
37
+ },
38
+ {
39
+ "id": "battery_management_system",
40
+ "cwe": null
41
+ },
42
+ {
43
+ "id": "can",
44
+ "cwe": null
45
+ },
46
+ {
47
+ "id": "gnss_gps",
48
+ "cwe": null
49
+ },
50
+ {
51
+ "id": "immobilizer",
52
+ "cwe": null
53
+ },
54
+ {
55
+ "id": "infotainment_radio_head_unit",
56
+ "cwe": null
57
+ },
58
+ {
59
+ "id": "rf_hub",
60
+ "cwe": null
61
+ },
62
+ {
63
+ "id": "rsu",
64
+ "cwe": null
65
+ }
66
+ ]
67
+ },
68
+ {
69
+ "id": "blockchain_infrastructure_misconfiguration",
70
+ "cwe": null
71
+ },
72
+ {
73
+ "id": "broken_access_control",
74
+ "cwe": [
75
+ "CWE-723"
76
+ ],
77
+ "children": [
78
+ {
79
+ "id": "exposed_sensitive_android_intent",
80
+ "cwe": [
81
+ "CWE-927"
82
+ ]
83
+ },
84
+ {
85
+ "id": "exposed_sensitive_ios_url_scheme",
86
+ "cwe": [
87
+ "CWE-939"
88
+ ]
89
+ },
90
+ {
91
+ "id": "idor",
92
+ "cwe": [
93
+ "CWE-932"
94
+ ]
95
+ },
96
+ {
97
+ "id": "privilege_escalation",
98
+ "cwe": [
99
+ "CWE-269"
100
+ ]
101
+ },
102
+ {
103
+ "id": "username_enumeration",
104
+ "cwe": [
105
+ "CWE-200"
106
+ ]
107
+ }
108
+ ]
109
+ },
110
+ {
111
+ "id": "broken_authentication_and_session_management",
112
+ "cwe": [
113
+ "CWE-930"
114
+ ],
115
+ "children": [
116
+ {
117
+ "id": "authentication_bypass",
118
+ "cwe": [
119
+ "CWE-287"
120
+ ]
121
+ },
122
+ {
123
+ "id": "cleartext_transmission_of_session_token",
124
+ "cwe": [
125
+ "CWE-319"
126
+ ]
127
+ },
128
+ {
129
+ "id": "concurrent_logins",
130
+ "cwe": [
131
+ "CWE-1018"
132
+ ]
133
+ },
134
+ {
135
+ "id": "failure_to_invalidate_session",
136
+ "cwe": [
137
+ "CWE-613"
138
+ ]
139
+ },
140
+ {
141
+ "id": "session_fixation",
142
+ "cwe": [
143
+ "CWE-384"
144
+ ]
145
+ },
146
+ {
147
+ "id": "two_fa_bypass",
148
+ "cwe": [
149
+ "CWE-304"
150
+ ]
151
+ },
152
+ {
153
+ "id": "weak_login_function",
154
+ "cwe": [
155
+ "CWE-523"
156
+ ]
157
+ },
158
+ {
159
+ "id": "weak_registration_implementation",
160
+ "children": [
161
+ {
162
+ "id": "over_http",
163
+ "cwe": [
164
+ "CWE-311"
165
+ ]
166
+ }
167
+ ]
168
+ }
169
+ ]
170
+ },
171
+ {
172
+ "id": "client_side_injection",
173
+ "cwe": [
174
+ "CWE-929"
175
+ ]
176
+ },
177
+ {
178
+ "id": "cross_site_request_forgery_csrf",
179
+ "cwe": [
180
+ "CWE-352"
181
+ ]
182
+ },
183
+ {
184
+ "id": "cross_site_scripting_xss",
185
+ "cwe": [
186
+ "CWE-79"
187
+ ]
188
+ },
189
+ {
190
+ "id": "cryptographic_weakness",
191
+ "cwe": [
192
+ "CWE-310",
193
+ "CWE-1205"
194
+ ],
195
+ "children": [
196
+ {
197
+ "id": "broken_cryptography",
198
+ "cwe": [
199
+ "CWE-327"
200
+ ],
201
+ "children": [
202
+ {
203
+ "id": "use_of_broken_cryptographic_primitive",
204
+ "cwe": [
205
+ "CWE-327"
206
+ ]
207
+ },
208
+ {
209
+ "id": "use_of_vulnerable_cryptographic_library",
210
+ "cwe": [
211
+ "CWE-327"
212
+ ]
213
+ }
214
+ ]
215
+ },
216
+ {
217
+ "id": "incomplete_cleanup_of_keying_material",
218
+ "cwe": [
219
+ "CWE-459"
220
+ ]
221
+ },
222
+ {
223
+ "id": "insecure_implementation",
224
+ "cwe": [
225
+ "CWE-573"
226
+ ],
227
+ "children": [
228
+ {
229
+ "id": "improper_following_of_specification",
230
+ "cwe": [
231
+ "CWE-358",
232
+ "CWE-573"
233
+ ]
234
+ },
235
+ {
236
+ "id": "missing_cryptographic_step",
237
+ "cwe": [
238
+ "CWE-325"
239
+ ]
240
+ }
241
+ ]
242
+ },
243
+ {
244
+ "id": "insecure_key_generation",
245
+ "cwe": null,
246
+ "children": [
247
+ {
248
+ "id": "improper_asymmetric_exponent_selection",
249
+ "cwe": [
250
+ "CWE-326",
251
+ "CWE-1240"
252
+ ]
253
+ },
254
+ {
255
+ "id": "improper_asymmetric_prime_selection",
256
+ "cwe": [
257
+ "CWE-326",
258
+ "CWE-1240"
259
+ ]
260
+ },
261
+ {
262
+ "id": "insufficient_key_space",
263
+ "cwe": [
264
+ "CWE-326",
265
+ "CWE-331",
266
+ "CWE-1240"
267
+ ]
268
+ },
269
+ {
270
+ "id": "insufficient_key_stretching",
271
+ "cwe": [
272
+ "CWE-326",
273
+ "CWE-1240"
274
+ ]
275
+ },
276
+ {
277
+ "id": "key_exchange_without_entity_authentication",
278
+ "cwe": [
279
+ "CWE-322"
280
+ ]
281
+ }
282
+ ]
283
+ },
284
+ {
285
+ "id": "insufficient_entropy",
286
+ "cwe": [
287
+ "CWE-330",
288
+ "CWE-331"
289
+ ],
290
+ "children": [
291
+ {
292
+ "id": "initialization_vector_reuse",
293
+ "cwe": [
294
+ "CWE-1204"
295
+ ]
296
+ },
297
+ {
298
+ "id": "limited_rng_entropy_source",
299
+ "cwe": [
300
+ "CWE-338",
301
+ "CWE-332"
302
+ ]
303
+ },
304
+ {
305
+ "id": "predictable_initialization_vector",
306
+ "cwe": [
307
+ "CWE-340"
308
+ ]
309
+ },
310
+ {
311
+ "id": "predictable_prng_seed",
312
+ "cwe": [
313
+ "CWE-337"
314
+ ]
315
+ },
316
+ {
317
+ "id": "prng_seed_reuse",
318
+ "cwe": [
319
+ "CWE-336"
320
+ ]
321
+ },
322
+ {
323
+ "id": "small_seed_space_in_prng",
324
+ "cwe": [
325
+ "CWE-339",
326
+ "CWE-334"
327
+ ]
328
+ },
329
+ {
330
+ "id": "use_of_trng_for_nonsecurity_purpose",
331
+ "cwe": [
332
+ "CWE-333"
333
+ ]
334
+ }
335
+ ]
336
+ },
337
+ {
338
+ "id": "insufficient_verification_of_data_authenticity",
339
+ "cwe": [
340
+ "CWE-345"
341
+ ],
342
+ "children": [
343
+ {
344
+ "id": "cryptographic_signature",
345
+ "cwe": [
346
+ "CWE-347"
347
+ ]
348
+ },
349
+ {
350
+ "id": "identity_check_value",
351
+ "cwe": [
352
+ "CWE-353",
353
+ "CWE-354",
354
+ "CWE-924"
355
+ ]
356
+ }
357
+ ]
358
+ },
359
+ {
360
+ "id": "key_reuse",
361
+ "cwe": [
362
+ "CWE-323"
363
+ ],
364
+ "children": [
365
+ {
366
+ "id": "inter_environment",
367
+ "cwe": [
368
+ "CWE-323"
369
+ ]
370
+ },
371
+ {
372
+ "id": "intra_environment",
373
+ "cwe": [
374
+ "CWE-323"
375
+ ]
376
+ },
377
+ {
378
+ "id": "lack_of_perfect_forward_secrecy",
379
+ "cwe": [
380
+ "CWE-323"
381
+ ]
382
+ }
383
+ ]
384
+ },
385
+ {
386
+ "id": "side_channel_attack",
387
+ "cwe": [
388
+ "CWE-203",
389
+ "CWE-1300"
390
+ ],
391
+ "children": [
392
+ {
393
+ "id": "differential_fault_analysis",
394
+ "cwe": [
395
+ "CWE-204",
396
+ "CWE-205"
397
+ ]
398
+ },
399
+ {
400
+ "id": "emanations_attack",
401
+ "cwe": [
402
+ "CWE-1300"
403
+ ]
404
+ },
405
+ {
406
+ "id": "padding_oracle_attack",
407
+ "cwe": [
408
+ "CWE-780"
409
+ ]
410
+ },
411
+ {
412
+ "id": "power_analysis_attack",
413
+ "cwe": [
414
+ "CWE-1300"
415
+ ]
416
+ },
417
+ {
418
+ "id": "timing_attack",
419
+ "cwe": [
420
+ "CWE-208"
421
+ ]
422
+ }
423
+ ]
424
+ },
425
+ {
426
+ "id": "use_of_expired_cryptographic_key_or_cert",
427
+ "cwe": [
428
+ "CWE-295",
429
+ "CWE-298",
430
+ "CWE-299",
431
+ "CWE-324"
432
+ ]
433
+ },
434
+ {
435
+ "id": "weak_hash",
436
+ "cwe": [
437
+ "CWE-328"
438
+ ],
439
+ "children": [
440
+ {
441
+ "id": "lack_of_salt",
442
+ "cwe": [
443
+ "CWE-759",
444
+ "CWE-916"
445
+ ]
446
+ },
447
+ {
448
+ "id": "predictable_hash_collision",
449
+ "cwe": [
450
+ "CWE-328"
451
+ ]
452
+ },
453
+ {
454
+ "id": "use_of_predictable_salt",
455
+ "cwe": [
456
+ "CWE-760"
457
+ ]
458
+ }
459
+ ]
460
+ }
461
+ ]
462
+ },
463
+ {
464
+ "id": "data_biases",
465
+ "cwe": null,
466
+ "children": [
467
+ {
468
+ "id": "pre_existing_bias",
469
+ "cwe": null
470
+ },
471
+ {
472
+ "id": "representation_bias",
473
+ "cwe": null
474
+ }
475
+ ]
476
+ },
477
+ {
478
+ "id": "decentralized_application_misconfiguration",
479
+ "cwe": null
480
+ },
481
+ {
482
+ "id": "developer_biases",
483
+ "cwe": null,
484
+ "children": [
485
+ {
486
+ "id": "implicit_bias",
487
+ "cwe": null
488
+ }
489
+ ]
490
+ },
491
+ {
492
+ "id": "external_behavior",
493
+ "cwe": null
494
+ },
495
+ {
496
+ "id": "indicators_of_compromise",
497
+ "cwe": null
498
+ },
499
+ {
500
+ "id": "insecure_data_storage",
501
+ "cwe": [
502
+ "CWE-729",
503
+ "CWE-922"
504
+ ],
505
+ "children": [
506
+ {
507
+ "id": "non_sensitive_application_data_stored_unencrypted",
508
+ "cwe": [
509
+ "CWE-312"
510
+ ]
511
+ },
512
+ {
513
+ "id": "sensitive_application_data_stored_unencrypted",
514
+ "cwe": [
515
+ "CWE-312"
516
+ ]
517
+ },
518
+ {
519
+ "id": "server_side_credentials_storage",
520
+ "cwe": [
521
+ "CWE-522"
522
+ ],
523
+ "children": [
524
+ {
525
+ "id": "plaintext",
526
+ "cwe": [
527
+ "CWE-256"
528
+ ]
529
+ }
530
+ ]
531
+ }
532
+ ]
533
+ },
534
+ {
535
+ "id": "insecure_data_transport",
536
+ "cwe": [
537
+ "CWE-311",
538
+ "CWE-319"
539
+ ],
540
+ "children": [
541
+ {
542
+ "id": "cleartext_transmission_of_sensitive_data",
543
+ "cwe": [
544
+ "CWE-319"
545
+ ]
546
+ },
547
+ {
548
+ "id": "executable_download",
549
+ "children": [
550
+ {
551
+ "id": "no_secure_integrity_check",
552
+ "cwe": [
553
+ "CWE-353",
554
+ "CWE-354",
555
+ "CWE-494"
556
+ ]
557
+ }
558
+ ]
559
+ }
560
+ ]
561
+ },
562
+ {
563
+ "id": "insecure_os_firmware",
564
+ "children": [
565
+ {
566
+ "id": "command_injection",
567
+ "cwe": [
568
+ "CWE-77"
569
+ ]
570
+ },
571
+ {
572
+ "id": "data_not_encrypted_at_rest",
573
+ "children": [
574
+ {
575
+ "id": "non_sensitive",
576
+ "cwe": [
577
+ "CWE-311"
578
+ ]
579
+ },
580
+ {
581
+ "id": "sensitive",
582
+ "cwe": [
583
+ "CWE-311"
584
+ ]
585
+ }
586
+ ]
587
+ },
588
+ {
589
+ "id": "failure_to_remove_sensitive_artifacts_from_disk",
590
+ "cwe": [
591
+ "CWE-459"
592
+ ]
593
+ },
594
+ {
595
+ "id": "hardcoded_password",
596
+ "cwe": [
597
+ "CWE-259"
598
+ ]
599
+ },
600
+ {
601
+ "id": "kiosk_escape_or_breakout",
602
+ "cwe": [
603
+ "CWE-284"
604
+ ]
605
+ },
606
+ {
607
+ "id": "local_administrator_on_default_environment",
608
+ "cwe": [
609
+ "CWE-276"
610
+ ]
611
+ },
612
+ {
613
+ "id": "over_permissioned_credentials_on_storage",
614
+ "cwe": [
615
+ "CWE-250"
616
+ ]
617
+ },
618
+ {
619
+ "id": "poorly_configured_disk_encryption",
620
+ "cwe": [
621
+ "CWE-326"
622
+ ]
623
+ },
624
+ {
625
+ "id": "poorly_configured_operating_system_security",
626
+ "cwe": [
627
+ "CWE-16"
628
+ ]
629
+ },
630
+ {
631
+ "id": "recovery_of_disk_contains_sensitive_material",
632
+ "cwe": [
633
+ "CWE-522"
634
+ ]
635
+ },
636
+ {
637
+ "id": "shared_credentials_on_storage",
638
+ "cwe": [
639
+ "CWE-798"
640
+ ]
641
+ },
642
+ {
643
+ "id": "weakness_in_firmware_updates",
644
+ "children": [
645
+ {
646
+ "id": "firmware_cannot_be_updated",
647
+ "cwe": [
648
+ "CWE-434"
649
+ ]
650
+ },
651
+ {
652
+ "id": "firmware_does_not_validate_update_integrity",
653
+ "cwe": [
654
+ "CWE-434"
655
+ ]
656
+ },
657
+ {
658
+ "id": "firmware_is_not_encrypted",
659
+ "cwe": [
660
+ "CWE-434"
661
+ ]
662
+ }
663
+ ]
664
+ }
665
+ ]
666
+ },
667
+ {
668
+ "id": "insufficient_security_configurability",
669
+ "cwe": [
670
+ "CWE-16"
671
+ ],
672
+ "children": [
673
+ {
674
+ "id": "no_password_policy",
675
+ "cwe": [
676
+ "CWE-521"
677
+ ]
678
+ },
679
+ {
680
+ "id": "password_policy_bypass",
681
+ "cwe": [
682
+ "CWE-521"
683
+ ]
684
+ },
685
+ {
686
+ "id": "weak_password_policy",
687
+ "cwe": [
688
+ "CWE-521"
689
+ ]
690
+ },
691
+ {
692
+ "id": "weak_password_reset_implementation",
693
+ "cwe": [
694
+ "CWE-640"
695
+ ]
696
+ }
697
+ ]
698
+ },
699
+ {
700
+ "id": "lack_of_binary_hardening",
701
+ "cwe": [
702
+ "CWE-693"
703
+ ]
704
+ },
705
+ {
706
+ "id": "misinterpretation_biases",
707
+ "cwe": null,
708
+ "children": [
709
+ {
710
+ "id": "context_ignorance",
711
+ "cwe": null
712
+ }
713
+ ]
714
+ },
715
+ {
716
+ "id": "mobile_security_misconfiguration",
717
+ "cwe": [
718
+ "CWE-919"
719
+ ]
720
+ },
721
+ {
722
+ "id": "network_security_misconfiguration",
723
+ "cwe": [
724
+ "CWE-16"
725
+ ]
726
+ },
727
+ {
728
+ "id": "physical_security_issues",
729
+ "children": [
730
+ {
731
+ "id": "bypass_of_physical_access_control",
732
+ "cwe": [
733
+ "CWE-1300"
734
+ ]
735
+ },
736
+ {
737
+ "id": "weakness_in_physical_access_control",
738
+ "children": [
739
+ {
740
+ "id": "cloneable_key",
741
+ "cwe": [
742
+ "CWE-1300"
743
+ ]
744
+ },
745
+ {
746
+ "id": "commonly_keyed_system",
747
+ "cwe": [
748
+ "CWE-284"
749
+ ]
750
+ },
751
+ {
752
+ "id": "master_key_identification",
753
+ "cwe": [
754
+ "CWE-284"
755
+ ]
756
+ }
757
+ ]
758
+ }
759
+ ]
760
+ },
761
+ {
762
+ "id": "privacy_concerns",
763
+ "cwe": [
764
+ "CWE-359"
765
+ ]
766
+ },
767
+ {
768
+ "id": "protocol_specific_misconfiguration",
769
+ "cwe": null
770
+ },
771
+ {
772
+ "id": "sensitive_data_exposure",
773
+ "cwe": [
774
+ "CWE-934"
775
+ ],
776
+ "children": [
777
+ {
778
+ "id": "disclosure_of_known_public_information",
779
+ "cwe": [
780
+ "CWE-200"
781
+ ]
782
+ },
783
+ {
784
+ "id": "disclosure_of_secrets",
785
+ "children": [
786
+ {
787
+ "id": "pii_leakage_exposure",
788
+ "cwe": [
789
+ "CWE-200"
790
+ ]
791
+ }
792
+ ]
793
+ },
794
+ {
795
+ "id": "exif_geolocation_data_not_stripped_from_uploaded_images",
796
+ "cwe": [
797
+ "CWE-200"
798
+ ]
799
+ },
800
+ {
801
+ "id": "non_sensitive_token_in_url",
802
+ "cwe": [
803
+ "CWE-200"
804
+ ]
805
+ },
806
+ {
807
+ "id": "sensitive_token_in_url",
808
+ "cwe": [
809
+ "CWE-200"
810
+ ]
811
+ },
812
+ {
813
+ "id": "token_leakage_via_referer",
814
+ "cwe": [
815
+ "CWE-200"
816
+ ]
817
+ },
818
+ {
819
+ "id": "via_localstorage_sessionstorage",
820
+ "cwe": [
821
+ "CWE-922"
822
+ ]
823
+ },
824
+ {
825
+ "id": "visible_detailed_error_page",
826
+ "cwe": [
827
+ "CWE-209",
828
+ "CWE-215"
829
+ ]
830
+ },
831
+ {
832
+ "id": "weak_password_reset_implementation",
833
+ "cwe": [
834
+ "CWE-640"
835
+ ]
836
+ }
837
+ ]
838
+ },
839
+ {
840
+ "id": "server_security_misconfiguration",
841
+ "cwe": [
842
+ "CWE-16"
843
+ ],
844
+ "children": [
845
+ {
846
+ "id": "cache_poisoning",
847
+ "cwe": [
848
+ "CWE-444"
849
+ ]
850
+ },
851
+ {
852
+ "id": "captcha",
853
+ "cwe": [
854
+ "CWE-804"
855
+ ]
856
+ },
857
+ {
858
+ "id": "clickjacking",
859
+ "cwe": [
860
+ "CWE-451"
861
+ ]
862
+ },
863
+ {
864
+ "id": "dbms_misconfiguration",
865
+ "children": [
866
+ {
867
+ "id": "excessively_privileged_user_dba",
868
+ "cwe": [
869
+ "CWE-250"
870
+ ]
871
+ }
872
+ ]
873
+ },
874
+ {
875
+ "id": "directory_listing_enabled",
876
+ "cwe": [
877
+ "CWE-548"
878
+ ]
879
+ },
880
+ {
881
+ "id": "insecure_ssl",
882
+ "children": [
883
+ {
884
+ "id": "insecure_cipher_suite",
885
+ "cwe": [
886
+ "CWE-326"
887
+ ]
888
+ }
889
+ ]
890
+ },
891
+ {
892
+ "id": "lack_of_password_confirmation",
893
+ "children": [
894
+ {
895
+ "id": "change_password",
896
+ "cwe": [
897
+ "CWE-620"
898
+ ]
899
+ }
900
+ ]
901
+ },
902
+ {
903
+ "id": "lack_of_security_headers",
904
+ "children": [
905
+ {
906
+ "id": "cache_control_for_a_non_sensitive_page",
907
+ "cwe": [
908
+ "CWE-525"
909
+ ]
910
+ },
911
+ {
912
+ "id": "cache_control_for_a_sensitive_page",
913
+ "cwe": [
914
+ "CWE-525"
915
+ ]
916
+ }
917
+ ]
918
+ },
919
+ {
920
+ "id": "misconfigured_dns",
921
+ "children": [
922
+ {
923
+ "id": "zone_transfer",
924
+ "cwe": [
925
+ "CWE-669"
926
+ ]
927
+ }
928
+ ]
929
+ },
930
+ {
931
+ "id": "missing_secure_or_httponly_cookie_flag",
932
+ "cwe": [
933
+ "CWE-614",
934
+ "CWE-1004"
935
+ ]
936
+ },
937
+ {
938
+ "id": "no_rate_limiting_on_form",
939
+ "cwe": [
940
+ "CWE-799"
941
+ ],
942
+ "children": [
943
+ {
944
+ "id": "login",
945
+ "cwe": [
946
+ "CWE-307"
947
+ ]
948
+ }
949
+ ]
950
+ },
951
+ {
952
+ "id": "oauth_misconfiguration",
953
+ "cwe": [
954
+ "CWE-303"
955
+ ],
956
+ "children": [
957
+ {
958
+ "id": "insecure_redirect_uri",
959
+ "cwe": [
960
+ "CWE-601"
961
+ ]
962
+ },
963
+ {
964
+ "id": "missing_state_parameter",
965
+ "cwe": [
966
+ "CWE-352"
967
+ ]
968
+ }
969
+ ]
970
+ },
971
+ {
972
+ "id": "path_traversal",
973
+ "cwe": [
974
+ "CWE-22",
975
+ "CWE-73"
976
+ ]
977
+ },
978
+ {
979
+ "id": "race_condition",
980
+ "cwe": [
981
+ "CWE-362",
982
+ "CWE-366",
983
+ "CWE-368",
984
+ "CWE-421"
985
+ ]
986
+ },
987
+ {
988
+ "id": "request_smuggling",
989
+ "cwe": [
990
+ "CWE-444"
991
+ ]
992
+ },
993
+ {
994
+ "id": "server_side_request_forgery_ssrf",
995
+ "cwe": [
996
+ "CWE-918",
997
+ "CWE-441"
998
+ ]
999
+ },
1000
+ {
1001
+ "id": "ssl_attack_breach_poodle_etc",
1002
+ "cwe": [
1003
+ "CWE-310"
1004
+ ]
1005
+ },
1006
+ {
1007
+ "id": "unsafe_cross_origin_resource_sharing",
1008
+ "cwe": [
1009
+ "CWE-942"
1010
+ ]
1011
+ },
1012
+ {
1013
+ "id": "unsafe_file_upload",
1014
+ "children": [
1015
+ {
1016
+ "id": "file_extension_filter_bypass",
1017
+ "cwe": [
1018
+ "CWE-434",
1019
+ "CWE-646"
1020
+ ]
1021
+ }
1022
+ ]
1023
+ },
1024
+ {
1025
+ "id": "username_enumeration",
1026
+ "cwe": [
1027
+ "CWE-204"
1028
+ ]
1029
+ },
1030
+ {
1031
+ "id": "using_default_credentials",
1032
+ "cwe": [
1033
+ "CWE-255",
1034
+ "CWE-521"
1035
+ ]
1036
+ }
1037
+ ]
1038
+ },
1039
+ {
1040
+ "id": "server_side_injection",
1041
+ "cwe": [
1042
+ "CWE-929"
1043
+ ],
1044
+ "children": [
1045
+ {
1046
+ "id": "content_spoofing",
1047
+ "cwe": [
1048
+ "CWE-451"
1049
+ ],
1050
+ "children": [
1051
+ {
1052
+ "id": "homograph_idn_based",
1053
+ "cwe": [
1054
+ "CWE-1007"
1055
+ ]
1056
+ }
1057
+ ]
1058
+ },
1059
+ {
1060
+ "id": "file_inclusion",
1061
+ "cwe": [
1062
+ "CWE-73",
1063
+ "CWE-714"
1064
+ ]
1065
+ },
1066
+ {
1067
+ "id": "http_response_manipulation",
1068
+ "children": [
1069
+ {
1070
+ "id": "response_splitting_crlf",
1071
+ "cwe": [
1072
+ "CWE-113"
1073
+ ]
1074
+ }
1075
+ ]
1076
+ },
1077
+ {
1078
+ "id": "ldap_injection",
1079
+ "cwe": [
1080
+ "CWE-90"
1081
+ ]
1082
+ },
1083
+ {
1084
+ "id": "remote_code_execution_rce",
1085
+ "cwe": [
1086
+ "CWE-77",
1087
+ "CWE-78",
1088
+ "CWE-94",
1089
+ "CWE-95"
1090
+ ]
1091
+ },
1092
+ {
1093
+ "id": "sql_injection",
1094
+ "cwe": [
1095
+ "CWE-89"
1096
+ ]
1097
+ },
1098
+ {
1099
+ "id": "ssti",
1100
+ "cwe": [
1101
+ "CWE-94"
1102
+ ]
1103
+ },
1104
+ {
1105
+ "id": "xml_external_entity_injection_xxe",
1106
+ "cwe": [
1107
+ "CWE-611"
1108
+ ]
1109
+ }
1110
+ ]
1111
+ },
1112
+ {
1113
+ "id": "smart_contract_misconfiguration",
1114
+ "cwe": null
1115
+ },
1116
+ {
1117
+ "id": "societal_biases",
1118
+ "cwe": null,
1119
+ "children": [
1120
+ {
1121
+ "id": "confirmation_bias",
1122
+ "cwe": null
1123
+ },
1124
+ {
1125
+ "id": "systemic_bias",
1126
+ "cwe": null
1127
+ }
1128
+ ]
1129
+ },
1130
+ {
1131
+ "id": "unvalidated_redirects_and_forwards",
1132
+ "cwe": [
1133
+ "CWE-601"
1134
+ ],
1135
+ "children": [
1136
+ {
1137
+ "id": "open_redirect",
1138
+ "cwe": [
1139
+ "CWE-601"
1140
+ ]
1141
+ },
1142
+ {
1143
+ "id": "tabnabbing",
1144
+ "cwe": [
1145
+ "CWE-1022"
1146
+ ]
1147
+ }
1148
+ ]
1149
+ },
1150
+ {
1151
+ "id": "using_components_with_known_vulnerabilities",
1152
+ "cwe": [
1153
+ "CWE-937"
1154
+ ]
1155
+ },
1156
+ {
1157
+ "id": "zero_knowledge_security_misconfiguration",
1158
+ "cwe": null
1159
+ }
1160
+ ]
1161
+ }