vrt 0.13.4 → 0.13.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (13) hide show
  1. checksums.yaml +4 -4
  2. data/lib/data/1.16/deprecated-node-mapping.json +332 -0
  3. data/lib/data/1.16/mappings/cvss_v3/cvss_v3.json +1335 -0
  4. data/lib/data/1.16/mappings/cvss_v3/cvss_v3.schema.json +59 -0
  5. data/lib/data/1.16/mappings/cwe/cwe.json +1167 -0
  6. data/lib/data/1.16/mappings/cwe/cwe.schema.json +63 -0
  7. data/lib/data/1.16/mappings/remediation_advice/remediation_advice.json +2101 -0
  8. data/lib/data/1.16/mappings/remediation_advice/remediation_advice.schema.json +75 -0
  9. data/lib/data/1.16/third-party-mappings/remediation_training/secure-code-warrior-links.json +520 -0
  10. data/lib/data/1.16/vrt.schema.json +63 -0
  11. data/lib/data/1.16/vulnerability-rating-taxonomy.json +3244 -0
  12. data/lib/vrt/version.rb +1 -1
  13. metadata +13 -3
data/lib/data/1.16/mappings/cwe/cwe.json ADDED
@@ -0,0 +1,1167 @@
1
+ {
2
+ "metadata": {
3
+ "default": null
4
+ },
5
+ "content": [
6
+ {
7
+ "id": "ai_application_security",
8
+ "cwe": null
9
+ },
10
+ {
11
+ "id": "algorithmic_biases",
12
+ "cwe": null,
13
+ "children": [
14
+ {
15
+ "id": "aggregation_bias",
16
+ "cwe": null
17
+ },
18
+ {
19
+ "id": "processing_bias",
20
+ "cwe": null
21
+ }
22
+ ]
23
+ },
24
+ {
25
+ "id": "application_level_denial_of_service_dos",
26
+ "cwe": [
27
+ "CWE-400"
28
+ ]
29
+ },
30
+ {
31
+ "id": "automotive_security_misconfiguration",
32
+ "cwe": null,
33
+ "children": [
34
+ {
35
+ "id": "abs",
36
+ "cwe": null
37
+ },
38
+ {
39
+ "id": "battery_management_system",
40
+ "cwe": null
41
+ },
42
+ {
43
+ "id": "can",
44
+ "cwe": null
45
+ },
46
+ {
47
+ "id": "gnss_gps",
48
+ "cwe": null
49
+ },
50
+ {
51
+ "id": "immobilizer",
52
+ "cwe": null
53
+ },
54
+ {
55
+ "id": "infotainment_radio_head_unit",
56
+ "cwe": null
57
+ },
58
+ {
59
+ "id": "rf_hub",
60
+ "cwe": null
61
+ },
62
+ {
63
+ "id": "rsu",
64
+ "cwe": null
65
+ }
66
+ ]
67
+ },
68
+ {
69
+ "id": "blockchain_infrastructure_misconfiguration",
70
+ "cwe": null
71
+ },
72
+ {
73
+ "id": "broken_access_control",
74
+ "cwe": [
75
+ "CWE-723"
76
+ ],
77
+ "children": [
78
+ {
79
+ "id": "exposed_sensitive_android_intent",
80
+ "cwe": [
81
+ "CWE-927"
82
+ ]
83
+ },
84
+ {
85
+ "id": "exposed_sensitive_ios_url_scheme",
86
+ "cwe": [
87
+ "CWE-939"
88
+ ]
89
+ },
90
+ {
91
+ "id": "idor",
92
+ "cwe": [
93
+ "CWE-932"
94
+ ]
95
+ },
96
+ {
97
+ "id": "privilege_escalation",
98
+ "cwe": [
99
+ "CWE-269"
100
+ ]
101
+ },
102
+ {
103
+ "id": "username_enumeration",
104
+ "cwe": [
105
+ "CWE-200"
106
+ ]
107
+ }
108
+ ]
109
+ },
110
+ {
111
+ "id": "broken_authentication_and_session_management",
112
+ "cwe": [
113
+ "CWE-930"
114
+ ],
115
+ "children": [
116
+ {
117
+ "id": "authentication_bypass",
118
+ "cwe": [
119
+ "CWE-287"
120
+ ]
121
+ },
122
+ {
123
+ "id": "cleartext_transmission_of_session_token",
124
+ "cwe": [
125
+ "CWE-319"
126
+ ]
127
+ },
128
+ {
129
+ "id": "concurrent_logins",
130
+ "cwe": [
131
+ "CWE-1018"
132
+ ]
133
+ },
134
+ {
135
+ "id": "failure_to_invalidate_session",
136
+ "cwe": [
137
+ "CWE-613"
138
+ ]
139
+ },
140
+ {
141
+ "id": "session_fixation",
142
+ "cwe": [
143
+ "CWE-384"
144
+ ]
145
+ },
146
+ {
147
+ "id": "two_fa_bypass",
148
+ "cwe": [
149
+ "CWE-304"
150
+ ]
151
+ },
152
+ {
153
+ "id": "weak_login_function",
154
+ "cwe": [
155
+ "CWE-523"
156
+ ]
157
+ },
158
+ {
159
+ "id": "weak_registration_implementation",
160
+ "children": [
161
+ {
162
+ "id": "over_http",
163
+ "cwe": [
164
+ "CWE-311"
165
+ ]
166
+ }
167
+ ]
168
+ }
169
+ ]
170
+ },
171
+ {
172
+ "id": "client_side_injection",
173
+ "cwe": [
174
+ "CWE-929"
175
+ ]
176
+ },
177
+ {
178
+ "id": "cross_site_request_forgery_csrf",
179
+ "cwe": [
180
+ "CWE-352"
181
+ ]
182
+ },
183
+ {
184
+ "id": "cross_site_scripting_xss",
185
+ "cwe": [
186
+ "CWE-79"
187
+ ]
188
+ },
189
+ {
190
+ "id": "cryptographic_weakness",
191
+ "cwe": [
192
+ "CWE-310",
193
+ "CWE-1205"
194
+ ],
195
+ "children": [
196
+ {
197
+ "id": "broken_cryptography",
198
+ "cwe": [
199
+ "CWE-327"
200
+ ],
201
+ "children": [
202
+ {
203
+ "id": "use_of_broken_cryptographic_primitive",
204
+ "cwe": [
205
+ "CWE-327"
206
+ ]
207
+ },
208
+ {
209
+ "id": "use_of_vulnerable_cryptographic_library",
210
+ "cwe": [
211
+ "CWE-327"
212
+ ]
213
+ }
214
+ ]
215
+ },
216
+ {
217
+ "id": "incomplete_cleanup_of_keying_material",
218
+ "cwe": [
219
+ "CWE-459"
220
+ ]
221
+ },
222
+ {
223
+ "id": "insecure_implementation",
224
+ "cwe": [
225
+ "CWE-573"
226
+ ],
227
+ "children": [
228
+ {
229
+ "id": "improper_following_of_specification",
230
+ "cwe": [
231
+ "CWE-358",
232
+ "CWE-573"
233
+ ]
234
+ },
235
+ {
236
+ "id": "missing_cryptographic_step",
237
+ "cwe": [
238
+ "CWE-325"
239
+ ]
240
+ }
241
+ ]
242
+ },
243
+ {
244
+ "id": "insecure_key_generation",
245
+ "cwe": null,
246
+ "children": [
247
+ {
248
+ "id": "improper_asymmetric_exponent_selection",
249
+ "cwe": [
250
+ "CWE-326",
251
+ "CWE-1240"
252
+ ]
253
+ },
254
+ {
255
+ "id": "improper_asymmetric_prime_selection",
256
+ "cwe": [
257
+ "CWE-326",
258
+ "CWE-1240"
259
+ ]
260
+ },
261
+ {
262
+ "id": "insufficient_key_space",
263
+ "cwe": [
264
+ "CWE-326",
265
+ "CWE-331",
266
+ "CWE-1240"
267
+ ]
268
+ },
269
+ {
270
+ "id": "insufficient_key_stretching",
271
+ "cwe": [
272
+ "CWE-326",
273
+ "CWE-1240"
274
+ ]
275
+ },
276
+ {
277
+ "id": "key_exchange_without_entity_authentication",
278
+ "cwe": [
279
+ "CWE-322"
280
+ ]
281
+ }
282
+ ]
283
+ },
284
+ {
285
+ "id": "insufficient_entropy",
286
+ "cwe": [
287
+ "CWE-330",
288
+ "CWE-331"
289
+ ],
290
+ "children": [
291
+ {
292
+ "id": "initialization_vector_reuse",
293
+ "cwe": [
294
+ "CWE-1204"
295
+ ]
296
+ },
297
+ {
298
+ "id": "limited_rng_entropy_source",
299
+ "cwe": [
300
+ "CWE-338",
301
+ "CWE-332"
302
+ ]
303
+ },
304
+ {
305
+ "id": "predictable_initialization_vector",
306
+ "cwe": [
307
+ "CWE-340"
308
+ ]
309
+ },
310
+ {
311
+ "id": "predictable_prng_seed",
312
+ "cwe": [
313
+ "CWE-337"
314
+ ]
315
+ },
316
+ {
317
+ "id": "prng_seed_reuse",
318
+ "cwe": [
319
+ "CWE-336"
320
+ ]
321
+ },
322
+ {
323
+ "id": "small_seed_space_in_prng",
324
+ "cwe": [
325
+ "CWE-339",
326
+ "CWE-334"
327
+ ]
328
+ },
329
+ {
330
+ "id": "use_of_trng_for_nonsecurity_purpose",
331
+ "cwe": [
332
+ "CWE-333"
333
+ ]
334
+ }
335
+ ]
336
+ },
337
+ {
338
+ "id": "insufficient_verification_of_data_authenticity",
339
+ "cwe": [
340
+ "CWE-345"
341
+ ],
342
+ "children": [
343
+ {
344
+ "id": "cryptographic_signature",
345
+ "cwe": [
346
+ "CWE-347"
347
+ ]
348
+ },
349
+ {
350
+ "id": "identity_check_value",
351
+ "cwe": [
352
+ "CWE-353",
353
+ "CWE-354",
354
+ "CWE-924"
355
+ ]
356
+ }
357
+ ]
358
+ },
359
+ {
360
+ "id": "key_reuse",
361
+ "cwe": [
362
+ "CWE-323"
363
+ ],
364
+ "children": [
365
+ {
366
+ "id": "inter_environment",
367
+ "cwe": [
368
+ "CWE-323"
369
+ ]
370
+ },
371
+ {
372
+ "id": "intra_environment",
373
+ "cwe": [
374
+ "CWE-323"
375
+ ]
376
+ },
377
+ {
378
+ "id": "lack_of_perfect_forward_secrecy",
379
+ "cwe": [
380
+ "CWE-323"
381
+ ]
382
+ }
383
+ ]
384
+ },
385
+ {
386
+ "id": "side_channel_attack",
387
+ "cwe": [
388
+ "CWE-203",
389
+ "CWE-1300"
390
+ ],
391
+ "children": [
392
+ {
393
+ "id": "differential_fault_analysis",
394
+ "cwe": [
395
+ "CWE-204",
396
+ "CWE-205"
397
+ ]
398
+ },
399
+ {
400
+ "id": "emanations_attack",
401
+ "cwe": [
402
+ "CWE-1300"
403
+ ]
404
+ },
405
+ {
406
+ "id": "padding_oracle_attack",
407
+ "cwe": [
408
+ "CWE-780"
409
+ ]
410
+ },
411
+ {
412
+ "id": "power_analysis_attack",
413
+ "cwe": [
414
+ "CWE-1300"
415
+ ]
416
+ },
417
+ {
418
+ "id": "timing_attack",
419
+ "cwe": [
420
+ "CWE-208"
421
+ ]
422
+ }
423
+ ]
424
+ },
425
+ {
426
+ "id": "use_of_expired_cryptographic_key_or_cert",
427
+ "cwe": [
428
+ "CWE-295",
429
+ "CWE-298",
430
+ "CWE-299",
431
+ "CWE-324"
432
+ ]
433
+ },
434
+ {
435
+ "id": "weak_hash",
436
+ "cwe": [
437
+ "CWE-328"
438
+ ],
439
+ "children": [
440
+ {
441
+ "id": "lack_of_salt",
442
+ "cwe": [
443
+ "CWE-759",
444
+ "CWE-916"
445
+ ]
446
+ },
447
+ {
448
+ "id": "predictable_hash_collision",
449
+ "cwe": [
450
+ "CWE-328"
451
+ ]
452
+ },
453
+ {
454
+ "id": "use_of_predictable_salt",
455
+ "cwe": [
456
+ "CWE-760"
457
+ ]
458
+ }
459
+ ]
460
+ }
461
+ ]
462
+ },
463
+ {
464
+ "id": "data_biases",
465
+ "cwe": null,
466
+ "children": [
467
+ {
468
+ "id": "pre_existing_bias",
469
+ "cwe": null
470
+ },
471
+ {
472
+ "id": "representation_bias",
473
+ "cwe": null
474
+ }
475
+ ]
476
+ },
477
+ {
478
+ "id": "decentralized_application_misconfiguration",
479
+ "cwe": null
480
+ },
481
+ {
482
+ "id": "developer_biases",
483
+ "cwe": null,
484
+ "children": [
485
+ {
486
+ "id": "implicit_bias",
487
+ "cwe": null
488
+ }
489
+ ]
490
+ },
491
+ {
492
+ "id": "external_behavior",
493
+ "cwe": null
494
+ },
495
+ {
496
+ "id": "indicators_of_compromise",
497
+ "cwe": null
498
+ },
499
+ {
500
+ "id": "insecure_data_storage",
501
+ "cwe": [
502
+ "CWE-729",
503
+ "CWE-922"
504
+ ],
505
+ "children": [
506
+ {
507
+ "id": "non_sensitive_application_data_stored_unencrypted",
508
+ "cwe": [
509
+ "CWE-312"
510
+ ]
511
+ },
512
+ {
513
+ "id": "sensitive_application_data_stored_unencrypted",
514
+ "cwe": [
515
+ "CWE-312"
516
+ ]
517
+ },
518
+ {
519
+ "id": "server_side_credentials_storage",
520
+ "cwe": [
521
+ "CWE-522"
522
+ ],
523
+ "children": [
524
+ {
525
+ "id": "plaintext",
526
+ "cwe": [
527
+ "CWE-256"
528
+ ]
529
+ }
530
+ ]
531
+ }
532
+ ]
533
+ },
534
+ {
535
+ "id": "insecure_data_transport",
536
+ "cwe": [
537
+ "CWE-311",
538
+ "CWE-319"
539
+ ],
540
+ "children": [
541
+ {
542
+ "id": "cleartext_transmission_of_sensitive_data",
543
+ "cwe": [
544
+ "CWE-319"
545
+ ]
546
+ },
547
+ {
548
+ "id": "executable_download",
549
+ "children": [
550
+ {
551
+ "id": "no_secure_integrity_check",
552
+ "cwe": [
553
+ "CWE-353",
554
+ "CWE-354",
555
+ "CWE-494"
556
+ ]
557
+ }
558
+ ]
559
+ }
560
+ ]
561
+ },
562
+ {
563
+ "id": "insecure_os_firmware",
564
+ "children": [
565
+ {
566
+ "id": "command_injection",
567
+ "cwe": [
568
+ "CWE-77"
569
+ ]
570
+ },
571
+ {
572
+ "id": "data_not_encrypted_at_rest",
573
+ "children": [
574
+ {
575
+ "id": "non_sensitive",
576
+ "cwe": [
577
+ "CWE-311"
578
+ ]
579
+ },
580
+ {
581
+ "id": "sensitive",
582
+ "cwe": [
583
+ "CWE-311"
584
+ ]
585
+ }
586
+ ]
587
+ },
588
+ {
589
+ "id": "failure_to_remove_sensitive_artifacts_from_disk",
590
+ "cwe": [
591
+ "CWE-459"
592
+ ]
593
+ },
594
+ {
595
+ "id": "hardcoded_password",
596
+ "cwe": [
597
+ "CWE-259"
598
+ ]
599
+ },
600
+ {
601
+ "id": "kiosk_escape_or_breakout",
602
+ "cwe": [
603
+ "CWE-284"
604
+ ]
605
+ },
606
+ {
607
+ "id": "local_administrator_on_default_environment",
608
+ "cwe": [
609
+ "CWE-276"
610
+ ]
611
+ },
612
+ {
613
+ "id": "over_permissioned_credentials_on_storage",
614
+ "cwe": [
615
+ "CWE-250"
616
+ ]
617
+ },
618
+ {
619
+ "id": "poorly_configured_disk_encryption",
620
+ "cwe": [
621
+ "CWE-326"
622
+ ]
623
+ },
624
+ {
625
+ "id": "poorly_configured_operating_system_security",
626
+ "cwe": [
627
+ "CWE-16"
628
+ ]
629
+ },
630
+ {
631
+ "id": "recovery_of_disk_contains_sensitive_material",
632
+ "cwe": [
633
+ "CWE-522"
634
+ ]
635
+ },
636
+ {
637
+ "id": "shared_credentials_on_storage",
638
+ "cwe": [
639
+ "CWE-798"
640
+ ]
641
+ },
642
+ {
643
+ "id": "weakness_in_firmware_updates",
644
+ "children": [
645
+ {
646
+ "id": "firmware_cannot_be_updated",
647
+ "cwe": [
648
+ "CWE-434"
649
+ ]
650
+ },
651
+ {
652
+ "id": "firmware_does_not_validate_update_integrity",
653
+ "cwe": [
654
+ "CWE-434"
655
+ ]
656
+ },
657
+ {
658
+ "id": "firmware_is_not_encrypted",
659
+ "cwe": [
660
+ "CWE-434"
661
+ ]
662
+ }
663
+ ]
664
+ }
665
+ ]
666
+ },
667
+ {
668
+ "id": "insufficient_security_configurability",
669
+ "cwe": [
670
+ "CWE-16"
671
+ ],
672
+ "children": [
673
+ {
674
+ "id": "no_password_policy",
675
+ "cwe": [
676
+ "CWE-521"
677
+ ]
678
+ },
679
+ {
680
+ "id": "password_policy_bypass",
681
+ "cwe": [
682
+ "CWE-521"
683
+ ]
684
+ },
685
+ {
686
+ "id": "weak_password_policy",
687
+ "cwe": [
688
+ "CWE-521"
689
+ ]
690
+ },
691
+ {
692
+ "id": "weak_password_reset_implementation",
693
+ "cwe": [
694
+ "CWE-640"
695
+ ]
696
+ }
697
+ ]
698
+ },
699
+ {
700
+ "id": "lack_of_binary_hardening",
701
+ "cwe": [
702
+ "CWE-693"
703
+ ]
704
+ },
705
+ {
706
+ "id": "misinterpretation_biases",
707
+ "cwe": null,
708
+ "children": [
709
+ {
710
+ "id": "context_ignorance",
711
+ "cwe": null
712
+ }
713
+ ]
714
+ },
715
+ {
716
+ "id": "mobile_security_misconfiguration",
717
+ "cwe": [
718
+ "CWE-919"
719
+ ]
720
+ },
721
+ {
722
+ "id": "network_security_misconfiguration",
723
+ "cwe": [
724
+ "CWE-16"
725
+ ]
726
+ },
727
+ {
728
+ "id": "physical_security_issues",
729
+ "children": [
730
+ {
731
+ "id": "bypass_of_physical_access_control",
732
+ "cwe": [
733
+ "CWE-1300"
734
+ ]
735
+ },
736
+ {
737
+ "id": "weakness_in_physical_access_control",
738
+ "children": [
739
+ {
740
+ "id": "cloneable_key",
741
+ "cwe": [
742
+ "CWE-1300"
743
+ ]
744
+ },
745
+ {
746
+ "id": "commonly_keyed_system",
747
+ "cwe": [
748
+ "CWE-284"
749
+ ]
750
+ },
751
+ {
752
+ "id": "master_key_identification",
753
+ "cwe": [
754
+ "CWE-284"
755
+ ]
756
+ }
757
+ ]
758
+ }
759
+ ]
760
+ },
761
+ {
762
+ "id": "privacy_concerns",
763
+ "cwe": [
764
+ "CWE-359"
765
+ ]
766
+ },
767
+ {
768
+ "id": "protocol_specific_misconfiguration",
769
+ "cwe": null
770
+ },
771
+ {
772
+ "id": "sensitive_data_exposure",
773
+ "cwe": [
774
+ "CWE-934"
775
+ ],
776
+ "children": [
777
+ {
778
+ "id": "disclosure_of_known_public_information",
779
+ "cwe": [
780
+ "CWE-200"
781
+ ]
782
+ },
783
+ {
784
+ "id": "disclosure_of_secrets",
785
+ "children": [
786
+ {
787
+ "id": "pii_leakage_exposure",
788
+ "cwe": [
789
+ "CWE-200"
790
+ ]
791
+ }
792
+ ]
793
+ },
794
+ {
795
+ "id": "exif_geolocation_data_not_stripped_from_uploaded_images",
796
+ "cwe": [
797
+ "CWE-200"
798
+ ]
799
+ },
800
+ {
801
+ "id": "graphql_introspection_enabled",
802
+ "cwe": [
803
+ "CWE-200"
804
+ ]
805
+ },
806
+ {
807
+ "id": "non_sensitive_token_in_url",
808
+ "cwe": [
809
+ "CWE-200"
810
+ ]
811
+ },
812
+ {
813
+ "id": "sensitive_token_in_url",
814
+ "cwe": [
815
+ "CWE-200"
816
+ ]
817
+ },
818
+ {
819
+ "id": "token_leakage_via_referer",
820
+ "cwe": [
821
+ "CWE-200"
822
+ ]
823
+ },
824
+ {
825
+ "id": "via_localstorage_sessionstorage",
826
+ "cwe": [
827
+ "CWE-922"
828
+ ]
829
+ },
830
+ {
831
+ "id": "visible_detailed_error_page",
832
+ "cwe": [
833
+ "CWE-209",
834
+ "CWE-215"
835
+ ]
836
+ },
837
+ {
838
+ "id": "weak_password_reset_implementation",
839
+ "cwe": [
840
+ "CWE-640"
841
+ ]
842
+ }
843
+ ]
844
+ },
845
+ {
846
+ "id": "server_security_misconfiguration",
847
+ "cwe": [
848
+ "CWE-16"
849
+ ],
850
+ "children": [
851
+ {
852
+ "id": "cache_poisoning",
853
+ "cwe": [
854
+ "CWE-444"
855
+ ]
856
+ },
857
+ {
858
+ "id": "captcha",
859
+ "cwe": [
860
+ "CWE-804"
861
+ ]
862
+ },
863
+ {
864
+ "id": "clickjacking",
865
+ "cwe": [
866
+ "CWE-451"
867
+ ]
868
+ },
869
+ {
870
+ "id": "dbms_misconfiguration",
871
+ "children": [
872
+ {
873
+ "id": "excessively_privileged_user_dba",
874
+ "cwe": [
875
+ "CWE-250"
876
+ ]
877
+ }
878
+ ]
879
+ },
880
+ {
881
+ "id": "directory_listing_enabled",
882
+ "cwe": [
883
+ "CWE-548"
884
+ ]
885
+ },
886
+ {
887
+ "id": "insecure_ssl",
888
+ "children": [
889
+ {
890
+ "id": "insecure_cipher_suite",
891
+ "cwe": [
892
+ "CWE-326"
893
+ ]
894
+ }
895
+ ]
896
+ },
897
+ {
898
+ "id": "lack_of_password_confirmation",
899
+ "children": [
900
+ {
901
+ "id": "change_password",
902
+ "cwe": [
903
+ "CWE-620"
904
+ ]
905
+ }
906
+ ]
907
+ },
908
+ {
909
+ "id": "lack_of_security_headers",
910
+ "children": [
911
+ {
912
+ "id": "cache_control_for_a_non_sensitive_page",
913
+ "cwe": [
914
+ "CWE-525"
915
+ ]
916
+ },
917
+ {
918
+ "id": "cache_control_for_a_sensitive_page",
919
+ "cwe": [
920
+ "CWE-525"
921
+ ]
922
+ }
923
+ ]
924
+ },
925
+ {
926
+ "id": "misconfigured_dns",
927
+ "children": [
928
+ {
929
+ "id": "zone_transfer",
930
+ "cwe": [
931
+ "CWE-669"
932
+ ]
933
+ }
934
+ ]
935
+ },
936
+ {
937
+ "id": "missing_secure_or_httponly_cookie_flag",
938
+ "cwe": [
939
+ "CWE-614",
940
+ "CWE-1004"
941
+ ]
942
+ },
943
+ {
944
+ "id": "no_rate_limiting_on_form",
945
+ "cwe": [
946
+ "CWE-799"
947
+ ],
948
+ "children": [
949
+ {
950
+ "id": "login",
951
+ "cwe": [
952
+ "CWE-307"
953
+ ]
954
+ }
955
+ ]
956
+ },
957
+ {
958
+ "id": "oauth_misconfiguration",
959
+ "cwe": [
960
+ "CWE-303"
961
+ ],
962
+ "children": [
963
+ {
964
+ "id": "insecure_redirect_uri",
965
+ "cwe": [
966
+ "CWE-601"
967
+ ]
968
+ },
969
+ {
970
+ "id": "missing_state_parameter",
971
+ "cwe": [
972
+ "CWE-352"
973
+ ]
974
+ }
975
+ ]
976
+ },
977
+ {
978
+ "id": "path_traversal",
979
+ "cwe": [
980
+ "CWE-22",
981
+ "CWE-73"
982
+ ]
983
+ },
984
+ {
985
+ "id": "race_condition",
986
+ "cwe": [
987
+ "CWE-362",
988
+ "CWE-366",
989
+ "CWE-368",
990
+ "CWE-421"
991
+ ]
992
+ },
993
+ {
994
+ "id": "request_smuggling",
995
+ "cwe": [
996
+ "CWE-444"
997
+ ]
998
+ },
999
+ {
1000
+ "id": "server_side_request_forgery_ssrf",
1001
+ "cwe": [
1002
+ "CWE-918",
1003
+ "CWE-441"
1004
+ ]
1005
+ },
1006
+ {
1007
+ "id": "ssl_attack_breach_poodle_etc",
1008
+ "cwe": [
1009
+ "CWE-310"
1010
+ ]
1011
+ },
1012
+ {
1013
+ "id": "unsafe_cross_origin_resource_sharing",
1014
+ "cwe": [
1015
+ "CWE-942"
1016
+ ]
1017
+ },
1018
+ {
1019
+ "id": "unsafe_file_upload",
1020
+ "children": [
1021
+ {
1022
+ "id": "file_extension_filter_bypass",
1023
+ "cwe": [
1024
+ "CWE-434",
1025
+ "CWE-646"
1026
+ ]
1027
+ }
1028
+ ]
1029
+ },
1030
+ {
1031
+ "id": "username_enumeration",
1032
+ "cwe": [
1033
+ "CWE-204"
1034
+ ]
1035
+ },
1036
+ {
1037
+ "id": "using_default_credentials",
1038
+ "cwe": [
1039
+ "CWE-255",
1040
+ "CWE-521"
1041
+ ]
1042
+ }
1043
+ ]
1044
+ },
1045
+ {
1046
+ "id": "server_side_injection",
1047
+ "cwe": [
1048
+ "CWE-929"
1049
+ ],
1050
+ "children": [
1051
+ {
1052
+ "id": "content_spoofing",
1053
+ "cwe": [
1054
+ "CWE-451"
1055
+ ],
1056
+ "children": [
1057
+ {
1058
+ "id": "homograph_idn_based",
1059
+ "cwe": [
1060
+ "CWE-1007"
1061
+ ]
1062
+ }
1063
+ ]
1064
+ },
1065
+ {
1066
+ "id": "file_inclusion",
1067
+ "cwe": [
1068
+ "CWE-73",
1069
+ "CWE-714"
1070
+ ]
1071
+ },
1072
+ {
1073
+ "id": "http_response_manipulation",
1074
+ "children": [
1075
+ {
1076
+ "id": "response_splitting_crlf",
1077
+ "cwe": [
1078
+ "CWE-113"
1079
+ ]
1080
+ }
1081
+ ]
1082
+ },
1083
+ {
1084
+ "id": "ldap_injection",
1085
+ "cwe": [
1086
+ "CWE-90"
1087
+ ]
1088
+ },
1089
+ {
1090
+ "id": "remote_code_execution_rce",
1091
+ "cwe": [
1092
+ "CWE-77",
1093
+ "CWE-78",
1094
+ "CWE-94",
1095
+ "CWE-95"
1096
+ ]
1097
+ },
1098
+ {
1099
+ "id": "sql_injection",
1100
+ "cwe": [
1101
+ "CWE-89"
1102
+ ]
1103
+ },
1104
+ {
1105
+ "id": "ssti",
1106
+ "cwe": [
1107
+ "CWE-94"
1108
+ ]
1109
+ },
1110
+ {
1111
+ "id": "xml_external_entity_injection_xxe",
1112
+ "cwe": [
1113
+ "CWE-611"
1114
+ ]
1115
+ }
1116
+ ]
1117
+ },
1118
+ {
1119
+ "id": "smart_contract_misconfiguration",
1120
+ "cwe": null
1121
+ },
1122
+ {
1123
+ "id": "societal_biases",
1124
+ "cwe": null,
1125
+ "children": [
1126
+ {
1127
+ "id": "confirmation_bias",
1128
+ "cwe": null
1129
+ },
1130
+ {
1131
+ "id": "systemic_bias",
1132
+ "cwe": null
1133
+ }
1134
+ ]
1135
+ },
1136
+ {
1137
+ "id": "unvalidated_redirects_and_forwards",
1138
+ "cwe": [
1139
+ "CWE-601"
1140
+ ],
1141
+ "children": [
1142
+ {
1143
+ "id": "open_redirect",
1144
+ "cwe": [
1145
+ "CWE-601"
1146
+ ]
1147
+ },
1148
+ {
1149
+ "id": "tabnabbing",
1150
+ "cwe": [
1151
+ "CWE-1022"
1152
+ ]
1153
+ }
1154
+ ]
1155
+ },
1156
+ {
1157
+ "id": "using_components_with_known_vulnerabilities",
1158
+ "cwe": [
1159
+ "CWE-937"
1160
+ ]
1161
+ },
1162
+ {
1163
+ "id": "zero_knowledge_security_misconfiguration",
1164
+ "cwe": null
1165
+ }
1166
+ ]
1167
+ }