RubyGems - vrt - Versions diffs - 0.5.1 → 0.6.0 - Mend

vrt 0.5.1 → 0.6.0

Files changed (13) hide show

checksums.yaml +4 -4
data/lib/data/1.5/deprecated-node-mapping.json +113 -0
data/lib/data/1.5/mappings/cvss_v3.json +817 -0
data/lib/data/1.5/mappings/cvss_v3.schema.json +59 -0
data/lib/data/1.5/mappings/cwe.json +423 -0
data/lib/data/1.5/mappings/cwe.schema.json +63 -0
data/lib/data/1.5/mappings/remediation_advice.json +1197 -0
data/lib/data/1.5/mappings/remediation_advice.schema.json +75 -0
data/lib/data/1.5/vrt.schema.json +63 -0
data/lib/data/1.5/vulnerability-rating-taxonomy.json +1783 -0
data/lib/vrt/mapping.rb +1 -1
data/lib/vrt/version.rb +1 -1
metadata +15 -6

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 642f88ca4984745ddceb7817ee6e71939f52c216
-  data.tar.gz: 1d58a3e55b2153dd8e1b71fec4007fc1204c0fb5
+  metadata.gz: 0bbf3f9665646c0a5684190da5d391a67876c9e8
+  data.tar.gz: cd55a28fa619b35f0408225183a176ab1ff89738
 SHA512:
-  metadata.gz: 3208e0f62cd08885342f8d48381522d0bc75d7379bfabbc90ba165a8d89864008bb36b46a120520dafae78353fccc561bf63bde2fe87339eceb20a5a95c9b5d6
-  data.tar.gz: 4af600357cd9d8f717e3fcf9e08fc57e735539ce06e58faae63fcd30de9bc09252b8f55ca44d4bdb9b1212b3b3abc5bda68248b3b5f27a40b78fc5c79eaef4ed
+  metadata.gz: 52d1c1178403a7970f12882511a4a989b4f7230ecd3946537371ef46a2f78075839a171f93c5e3709f60f80128275006f5c26b7690620661c16bba53b8de3651
+  data.tar.gz: a9f9f9fe94abba85cef0d214246f4c78b475c7f8c31f427a6be8556d2d83b39fdb04c291af11056c2bc409787c20d0fdce29e8580d3f49291d1d6fe09483f7c3

data/lib/data/1.5/deprecated-node-mapping.json ADDED

@@ -0,0 +1,113 @@
+{
+  "poor_physical_security": {
+    "1.1": "other"
+  },
+  "social_engineering": {
+    "1.1": "other"
+  },
+  "unvalidated_redirects_and_forwards.open_redirect.get_based_all_users": {
+    "1.2": "unvalidated_redirects_and_forwards.open_redirect.get_based"
+  },
+  "unvalidated_redirects_and_forwards.open_redirect.get_based_authenticated": {
+    "1.2": "unvalidated_redirects_and_forwards.open_redirect.get_based"
+  },
+  "unvalidated_redirects_and_forwards.open_redirect.get_based_unauthenticated": {
+    "1.2": "unvalidated_redirects_and_forwards.open_redirect.get_based"
+  },
+  "broken_authentication_and_session_management.session_token_in_url.over_https": {
+    "1.2": "sensitive_data_exposure.sensitive_token_in_url"
+  },
+  "broken_authentication_and_session_management.session_token_in_url.over_http": {
+    "1.2": "sensitive_data_exposure.sensitive_token_in_url"
+  },
+  "broken_authentication_and_session_management.session_token_in_url": {
+    "1.2": "sensitive_data_exposure.sensitive_token_in_url"
+  },
+  "insecure_data_transport": {
+    "1.2": "mobile_security_misconfiguration"
+  },
+  "insecure_data_transport.ssl_certificate_pinning": {
+    "1.2": "mobile_security_misconfiguration.ssl_certificate_pinning"
+  },
+  "insecure_data_transport.ssl_certificate_pinning.absent": {
+    "1.2": "mobile_security_misconfiguration.ssl_certificate_pinning.absent"
+  },
+  "insecure_data_transport.ssl_certificate_pinning.defeatable": {
+    "1.2": "mobile_security_misconfiguration.ssl_certificate_pinning.defeatable"
+  },
+  "insecure_data_storage.credentials_stored_unencrypted": {
+    "1.2": "insecure_data_storage.sensitive_application_data_stored_unencrypted"
+  },
+  "insecure_data_storage.credentials_stored_unencrypted.on_external_storage": {
+    "1.2": "insecure_data_storage.sensitive_application_data_stored_unencrypted.on_external_storage"
+  },
+  "insecure_data_storage.credentials_stored_unencrypted.on_internal_storage": {
+    "1.2": "insecure_data_storage.sensitive_application_data_stored_unencrypted.on_internal_storage"
+  },
+  "insufficient_security_configurability.weak_password_policy.complexity_both_length_and_char_type_not_enforced": {
+    "1.2": "insufficient_security_configurability.no_password_policy"
+  },
+  "missing_function_level_access_control": {
+    "1.3": "broken_access_control"
+  },
+  "missing_function_level_access_control.server_side_request_forgery_ssrf": {
+    "1.3": "broken_access_control.server_side_request_forgery_ssrf"
+  },
+  "missing_function_level_access_control.server_side_request_forgery_ssrf.internal": {
+    "1.3": "broken_access_control.server_side_request_forgery_ssrf.internal"
+  },
+  "missing_function_level_access_control.server_side_request_forgery_ssrf.external": {
+    "1.3": "broken_access_control.server_side_request_forgery_ssrf.external"
+  },
+  "missing_function_level_access_control.username_enumeration": {
+    "1.3": "broken_access_control.username_enumeration"
+  },
+  "missing_function_level_access_control.username_enumeration.data_leak": {
+    "1.3": "broken_access_control.username_enumeration.data_leak"
+  },
+  "missing_function_level_access_control.exposed_sensitive_android_intent": {
+    "1.3": "broken_access_control.exposed_sensitive_android_intent"
+  },
+  "missing_function_level_access_control.exposed_sensitive_ios_url_scheme": {
+    "1.3": "broken_access_control.exposed_sensitive_ios_url_scheme"
+  },
+  "insecure_direct_object_references_idor": {
+    "1.3": "broken_access_control.idor"
+  },
+  "broken_authentication_and_session_management.weak_login_function.over_http": {
+    "1.4": "broken_authentication_and_session_management.weak_login_function.https_not_available_or_http_by_default"
+  },
+  "cross_site_scripting_xss.ie_only.older_version_ie_10_11": {
+    "1.4": "cross_site_scripting_xss.ie_only.ie11"
+  },
+  "cross_site_scripting_xss.ie_only.older_version_ie10": {
+    "1.4": "cross_site_scripting_xss.ie_only.older_version_ie11"
+  },
+  "broken_authentication_and_session_management.failure_to_invalidate_session.on_password_reset": {
+    "1.4": "broken_authentication_and_session_management.failure_to_invalidate_session.on_password_change"
+  },
+  "network_security_misconfiguration.telnet_enabled.credentials_required": {
+    "1.4": "broken_authentication_and_session_management.weak_login_function.other_plaintext_protocol_no_secure_alternative"
+  },
+  "server_security_misconfiguration.mail_server_misconfiguration.missing_spf_on_email_domain": {
+    "1.5": "server_security_misconfiguration.mail_server_misconfiguration.email_spoofing_on_email_domain"
+  },
+  "server_security_misconfiguration.mail_server_misconfiguration.email_spoofable_via_third_party_api_misconfiguration": {
+    "1.5": "server_security_misconfiguration.mail_server_misconfiguration.email_spoofing_on_email_domain"
+  },
+  "cross_site_scripting_xss.stored.admin_to_anyone": {
+    "1.5": "cross_site_scripting_xss.stored.privileged_user_to_privilege_elevation"
+  },
+  "server_security_misconfiguration.misconfigured_dns.subdomain_takeover": {
+    "1.5": "server_security_misconfiguration.misconfigured_dns.basic_subdomain_takeover"
+  },
+  "server_security_misconfiguration.captcha_bypass": {
+    "1.5": "server_security_misconfiguration.captcha"
+  },
+  "server_security_misconfiguration.captcha_bypass.implementation_vulnerability": {
+    "1.5": "server_security_misconfiguration.captcha.implementation_vulnerability"
+  },
+  "server_security_misconfiguration.captcha_bypass.brute_force": {
+    "1.5": "server_security_misconfiguration.captcha.brute_force"
+  }
+}

data/lib/data/1.5/mappings/cvss_v3.json ADDED

@@ -0,0 +1,817 @@
+{
+  "metadata": {
+    "default": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
+  },
+  "content": [
+    {
+      "id": "server_security_misconfiguration",
+      "children": [
+        {
+          "id": "unsafe_cross_origin_resource_sharing",
+          "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N"
+        },
+        {
+          "id": "path_traversal",
+          "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+        },
+        {
+          "id": "directory_listing_enabled",
+          "children": [
+            {
+              "id": "sensitive_data_exposure",
+              "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+            },
+            {
+              "id": "non_sensitive_data_exposure",
+              "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
+            }
+          ]
+        },
+        {
+          "id": "same_site_scripting",
+          "cvss_v3": "AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N"
+        },
+        {
+          "id": "ssl_attack_breach_poodle_etc",
+          "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"
+        },
+        {
+          "id": "using_default_credentials",
+          "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"
+        },
+        {
+          "id": "misconfigured_dns",
+          "children": [
+            {
+              "id": "basic_subdomain_takeover",
+              "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
+            },
+            {
+              "id": "high_impact_subdomain_takeover",
+              "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N"
+            },
+            {
+              "id": "zone_transfer",
+              "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
+            },
+            {
+              "id": "missing_caa_record",
+              "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N"
+            }
+          ]
+        },
+        {
+          "id": "mail_server_misconfiguration",
+          "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N",
+          "children": [
+            {
+              "id": "email_spoofing_on_email_domain",
+              "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"
+            }
+          ]
+        },
+        {
+          "id": "dbms_misconfiguration",
+          "children": [
+            {
+              "id": "excessively_privileged_user_dba",
+              "cvss_v3": "AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N"
+            }
+          ]
+        },
+        {
+          "id": "lack_of_password_confirmation",
+          "cvss_v3": "AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L",
+          "children": [
+            {
+              "id": "manage_two_fa",
+              "cvss_v3": "AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L"
+            }
+          ]
+        },
+        {
+          "id": "no_rate_limiting_on_form",
+          "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
+          "children": [
+            {
+              "id": "login",
+              "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
+            }
+          ]
+        },
+        {
+          "id": "unsafe_file_upload",
+          "children": [
+            {
+              "id": "no_antivirus",
+              "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N"
+            },
+            {
+              "id": "no_size_limit",
+              "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
+            },
+            {
+              "id": "file_extension_filter_bypass",
+              "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
+            }
+          ]
+        },
+        {
+          "id": "cookie_scoped_to_parent_domain",
+          "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
+        },
+        {
+          "id": "missing_secure_or_httponly_cookie_flag",
+          "children": [
+            {
+              "id": "session_token",
+              "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
+            },
+            {
+              "id": "non_session_cookie",
+              "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
+            }
+          ]
+        },
+        {
+          "id": "clickjacking",
+          "children": [
+            {
+              "id": "sensitive_action",
+              "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
+            },
+            {
+              "id": "form_input",
+              "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"
+            },
+            {
+              "id": "non_sensitive_action",
+              "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N"
+            }
+          ]
+        },
+        {
+          "id": "oauth_misconfiguration",
+          "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
+          "children": [
+            {
+              "id": "account_takeover",
+              "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
+            }
+          ]
+        },
+        {
+          "id": "captcha",
+          "children": [
+            {
+              "id": "implementation_vulnerability",
+              "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
+            },
+            {
+              "id": "brute_force",
+              "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N"
+            },
+            {
+              "id": "missing",
+              "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
+            }
+          ]
+        },
+        {
+          "id": "exposed_admin_portal",
+          "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
+        },
+        {
+          "id": "missing_dnssec",
+          "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N"
+        },
+        {
+          "id": "fingerprinting_banner_disclosure",
+          "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
+        },
+        {
+          "id": "username_enumeration",
+          "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
+        },
+        {
+          "id": "potentially_unsafe_http_method_enabled",
+          "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
+        },
+        {
+          "id": "insecure_ssl",
+          "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N"
+        },
+        {
+          "id": "rfd",
+          "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N"
+        },
+        {
+          "id": "lack_of_security_headers",
+          "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N",
+          "children": [
+            {
+              "id": "cache_control_for_a_sensitive_page",
+              "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
+            }
+          ]
+        },
+        {
+          "id": "waf_bypass",
+          "children": [
+            {
+              "id": "direct_server_access",
+              "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
+            }
+          ]
+        },
+        {
+          "id": "bitsquatting",
+          "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
+        }
+      ]
+    },
+    {
+      "id": "server_side_injection",
+      "children": [
+        {
+          "id": "file_inclusion",
+          "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"
+        },
+        {
+          "id": "parameter_pollution",
+          "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
+        },
+        {
+          "id": "remote_code_execution_rce",
+          "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+        },
+        {
+          "id": "sql_injection",
+          "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"
+        },
+        {
+          "id": "xml_external_entity_injection_xxe",
+          "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"
+        },
+        {
+          "id": "http_response_manipulation",
+          "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"
+        },
+        {
+          "id": "content_spoofing",
+          "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N",
+          "children": [
+            {
+              "id": "iframe_injection",
+              "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N"
+            },
+            {
+              "id": "external_authentication_injection",
+              "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"
+            },
+            {
+              "id": "flash_based_external_authentication_injection",
+              "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"
+            },
+            {
+              "id": "email_html_injection",
+              "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "id": "broken_authentication_and_session_management",
+      "children": [
+        {
+          "id": "authentication_bypass",
+          "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"
+        },
+        {
+          "id": "two_fa_bypass",
+          "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
+        },
+        {
+          "id": "privilege_escalation",
+          "cvss_v3": "AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"
+        },
+        {
+          "id": "cleartext_transmission_of_session_token",
+          "cvss_v3": "AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
+        },
+        {
+          "id": "weak_login_function",
+          "children": [
+            {
+              "id": "not_operational",
+              "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
+            },
+            {
+              "id": "other_plaintext_protocol_no_secure_alternative",
+              "cvss_v3": "AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"
+            },
+            {
+              "id": "lan_only",
+              "cvss_v3": "AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
+            },
+            {
+              "id": "http_and_https_available",
+              "cvss_v3": "AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"
+            },
+            {
+              "id": "https_not_available_or_http_by_default",
+              "cvss_v3": "AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
+            }
+          ]
+        },
+        {
+          "id": "session_fixation",
+          "children": [
+            {
+              "id": "remote_attack_vector",
+              "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N"
+            },
+            {
+              "id": "local_attack_vector",
+              "cvss_v3": "AV:P/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"
+            }
+          ]
+        },
+        {
+          "id": "failure_to_invalidate_session",
+          "children": [
+            {
+              "id": "on_logout",
+              "cvss_v3": "AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"
+            },
+            {
+              "id": "on_logout_server_side_only",
+              "cvss_v3": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:N"
+            },
+            {
+              "id": "on_password_change",
+              "cvss_v3": "AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"
+            },
+            {
+              "id": "all_sessions",
+              "cvss_v3": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:N"
+            },
+            {
+              "id": "on_email_change",
+              "cvss_v3": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:N"
+            },
+            {
+              "id": "long_timeout",
+              "cvss_v3": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:N"
+            }
+          ]
+        },
+        {
+          "id": "concurrent_logins",
+          "cvss_v3": "AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:N"
+        },
+        {
+          "id": "weak_registration_implementation",
+          "cvss_v3": "AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"
+        }
+      ]
+    },
+    {
+      "id": "sensitive_data_exposure",
+      "children": [
+        {
+          "id": "critically_sensitive_data",
+          "children": [
+            {
+              "id": "password_disclosure",
+              "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"
+            },
+            {
+              "id": "private_api_keys",
+              "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"
+            }
+          ]
+        },
+        {
+          "id": "exif_geolocation_data_not_stripped_from_uploaded_images",
+          "children": [
+            {
+              "id": "automatic_user_enumeration",
+              "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
+            },
+            {
+              "id": "manual_user_enumeration",
+              "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
+            }
+          ]
+        },
+        {
+          "id": "visible_detailed_error_page",
+          "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N",
+          "children": [
+            {
+              "id": "detailed_server_configuration",
+              "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
+            }
+          ]
+        },
+        {
+          "id": "disclosure_of_known_public_information",
+          "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
+        },
+        {
+          "id": "token_leakage_via_referer",
+          "children": [
+            {
+              "id": "trusted_3rd_party",
+              "cvss_v3": "AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:N"
+            },
+            {
+              "id": "untrusted_3rd_party",
+              "cvss_v3": "AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N"
+            },
+            {
+              "id": "over_http",
+              "cvss_v3": "AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"
+            }
+          ]
+        },
+        {
+          "id": "sensitive_token_in_url",
+          "cvss_v3": "AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
+        },
+        {
+          "id": "non_sensitive_token_in_url",
+          "cvss_v3": "AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
+        },
+        {
+          "id": "weak_password_reset_implementation",
+          "cvss_v3": "AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N"
+        },
+        {
+          "id": "mixed_content",
+          "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:N"
+        },
+        {
+          "id": "sensitive_data_hardcoded",
+          "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
+        },
+        {
+          "id": "internal_ip_disclosure",
+          "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
+        },
+        {
+          "id": "xssi",
+          "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N"
+        },
+        {
+          "id": "json_hijacking",
+          "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N"
+        }
+      ]
+    },
+    {
+      "id": "cross_site_scripting_xss",
+      "children": [
+        {
+          "id": "stored",
+          "children": [
+            {
+              "id": "non_admin_to_anyone",
+              "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N"
+            },
+            {
+              "id": "privileged_user_to_privilege_elevation",
+              "cvss_v3": "AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N"
+            },
+            {
+              "id": "privileged_user_to_no_privilege_elevation",
+              "cvss_v3": "AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"
+            },
+            {
+              "id": "url_based",
+              "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
+            },
+            {
+              "id": "self",
+              "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
+            }
+          ]
+        },
+        {
+          "id": "reflected",
+          "children": [
+            {
+              "id": "non_self",
+              "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
+            },
+            {
+              "id": "self",
+              "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
+            }
+          ]
+        },
+        {
+          "id": "flash_based",
+          "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N"
+        },
+        {
+          "id": "cookie_based",
+          "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:N"
+        },
+        {
+          "id": "ie_only",
+          "children": [
+            {
+              "id": "ie11",
+              "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N"
+            },
+            {
+              "id": "xss_filter_disabled",
+              "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
+            },
+            {
+              "id": "older_version_ie11",
+              "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:N"
+            }
+          ]
+        },
+        {
+          "id": "referer",
+          "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N"
+        },
+        {
+          "id": "trace_method",
+          "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
+        },
+        {
+          "id": "universal_uxss",
+          "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N"
+        },
+        {
+          "id": "off_domain",
+          "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N"
+        }
+      ]
+    },
+    {
+      "id": "broken_access_control",
+      "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+      "children": [
+        {
+          "id": "server_side_request_forgery_ssrf",
+          "children": [
+            {
+              "id": "internal",
+              "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
+            },
+            {
+              "id": "external",
+              "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L"
+            }
+          ]
+        },
+        {
+          "id": "username_enumeration",
+          "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
+        }
+      ]
+    },
+    {
+      "id": "cross_site_request_forgery_csrf",
+      "children": [
+        {
+          "id": "application_wide",
+          "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L"
+        },
+        {
+          "id": "action_specific",
+          "children": [
+            {
+              "id": "authenticated_action",
+              "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N"
+            },
+            {
+              "id": "unauthenticated_action",
+              "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
+            },
+            {
+              "id": "logout",
+              "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N"
+            }
+          ]
+        },
+        {
+          "id": "csrf_token_not_unique_per_request",
+          "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N"
+        }
+      ]
+    },
+    {
+      "id": "application_level_denial_of_service_dos",
+      "children": [
+        {
+          "id": "critical_impact_and_or_easy_difficulty",
+          "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+        },
+        {
+          "id": "high_impact_and_or_medium_difficulty",
+          "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
+        },
+        {
+          "id": "app_crash",
+          "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
+        }
+      ]
+    },
+    {
+      "id": "unvalidated_redirects_and_forwards",
+      "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N",
+      "children": [
+        {
+          "id": "open_redirect",
+          "children": [
+            {
+              "id": "get_based",
+              "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "id": "external_behavior",
+      "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
+    },
+    {
+      "id": "insufficient_security_configurability",
+      "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N",
+      "children": [
+        {
+          "id": "no_password_policy",
+          "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N"
+        },
+        {
+          "id": "weak_password_reset_implementation",
+          "children": [
+            {
+              "id": "token_is_not_invalidated_after_use",
+              "cvss_v3": "AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "id": "using_components_with_known_vulnerabilities",
+      "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N",
+      "children": [
+        {
+          "id": "rosetta_flash",
+          "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N"
+        }
+      ]
+    },
+    {
+      "id": "insecure_data_storage",
+      "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N",
+      "children": [
+        {
+          "id": "sensitive_application_data_stored_unencrypted",
+          "children": [
+            {
+              "id": "on_external_storage",
+              "cvss_v3": "AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"
+            }
+          ]
+        },
+        {
+          "id": "server_side_credentials_storage",
+          "children": [
+            {
+              "id": "plaintext",
+              "cvss_v3": "AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:N"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "id": "lack_of_binary_hardening",
+      "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
+    },
+    {
+      "id": "insecure_data_transport",
+      "children": [
+        {
+          "id": "cleartext_transmission_of_sensitive_data",
+          "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
+        },
+        {
+          "id": "executable_download",
+          "children": [
+            {
+              "id": "no_secure_integrity_check",
+              "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N"
+            },
+            {
+              "id": "secure_integrity_check",
+              "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:N"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "id": "insecure_os_firmware",
+      "children": [
+        {
+          "id": "command_injection",
+          "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"
+        },
+        {
+          "id": "hardcoded_password",
+          "children": [
+            {
+              "id": "privileged_user",
+              "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"
+            },
+            {
+              "id": "non_privileged_user",
+              "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "id": "broken_cryptography",
+      "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"
+    },
+    {
+      "id": "privacy_concerns",
+      "children": [
+        {
+          "id": "unnecessary_data_collection",
+          "children": [
+            {
+              "id": "wifi_ssid_password",
+              "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "id": "network_security_misconfiguration",
+      "children": [
+        {
+          "id": "telnet_enabled",
+          "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
+        }
+      ]
+    },
+    {
+      "id": "mobile_security_misconfiguration",
+      "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N",
+      "children": [
+        {
+          "id": "clipboard_enabled",
+          "children": [
+            {
+              "id": "on_sensitive_content",
+              "cvss_v3": "AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N"
+            },
+            {
+              "id": "on_non_sensitive_content",
+              "cvss_v3": "AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:N"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "id": "client_side_injection",
+      "children": [
+        {
+          "id": "binary_planting",
+          "children": [
+            {
+              "id": "privilege_escalation",
+              "cvss_v3": "AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
+            },
+            {
+              "id": "non_default_folder_privilege_escalation",
+              "cvss_v3": "AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"
+            },
+            {
+              "id": "no_privilege_escalation",
+              "cvss_v3": "AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:N"
+            }
+          ]
+        }
+      ]
+    }
+  ]
+}