@blamejs/exceptd-skills 0.16.15 → 0.16.17
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/AGENTS.md +3 -1
- package/CHANGELOG.md +8 -0
- package/README.md +5 -5
- package/bin/exceptd.js +4 -1
- package/data/_indexes/_meta.json +18 -16
- package/data/_indexes/activity-feed.json +17 -3
- package/data/_indexes/catalog-summaries.json +1 -1
- package/data/_indexes/chains.json +22854 -4010
- package/data/_indexes/currency.json +19 -1
- package/data/_indexes/frequency.json +158 -75
- package/data/_indexes/handoff-dag.json +9 -1
- package/data/_indexes/jurisdiction-map.json +9 -3
- package/data/_indexes/section-offsets.json +170 -0
- package/data/_indexes/stale-content.json +1 -1
- package/data/_indexes/summary-cards.json +81 -0
- package/data/_indexes/token-budget.json +103 -3
- package/data/_indexes/trigger-table.json +96 -1
- package/data/_indexes/xref.json +48 -1
- package/data/cwe-catalog.json +64 -6
- package/data/playbooks/cloud-iam-incident.json +26 -5
- package/data/playbooks/crypto-codebase.json +31 -8
- package/data/playbooks/decompression-dos.json +626 -0
- package/data/playbooks/framework.json +2 -0
- package/data/playbooks/multitenancy-isolation.json +660 -0
- package/manifest-snapshot.json +110 -2
- package/manifest-snapshot.sha256 +1 -1
- package/manifest.json +165 -49
- package/package.json +2 -2
- package/sbom.cdx.json +92 -32
- package/skills/decompression-dos/skill.md +83 -0
- package/skills/multitenancy-isolation/skill.md +83 -0
package/manifest-snapshot.json
CHANGED
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
{
|
|
2
2
|
"_comment": "Auto-generated by scripts/refresh-manifest-snapshot.js — do not hand-edit. Public skill surface used by check-manifest-snapshot.js to detect breaking removals.",
|
|
3
|
-
"_generated_at": "2026-06-
|
|
3
|
+
"_generated_at": "2026-06-02T19:04:29.598Z",
|
|
4
4
|
"atlas_version": "5.6.0",
|
|
5
|
-
"skill_count":
|
|
5
|
+
"skill_count": 49,
|
|
6
6
|
"skills": [
|
|
7
7
|
{
|
|
8
8
|
"name": "age-gates-child-safety",
|
|
@@ -655,6 +655,60 @@
|
|
|
655
655
|
"d3fend_refs": [],
|
|
656
656
|
"dlp_refs": []
|
|
657
657
|
},
|
|
658
|
+
{
|
|
659
|
+
"name": "decompression-dos",
|
|
660
|
+
"version": "1.0.0",
|
|
661
|
+
"triggers": [
|
|
662
|
+
"amplification attack",
|
|
663
|
+
"billion laughs",
|
|
664
|
+
"catastrophic backtracking",
|
|
665
|
+
"decompression bomb",
|
|
666
|
+
"input amplification",
|
|
667
|
+
"length field allocation",
|
|
668
|
+
"nested archive",
|
|
669
|
+
"parser dos",
|
|
670
|
+
"recursion depth",
|
|
671
|
+
"redos",
|
|
672
|
+
"regular expression denial of service",
|
|
673
|
+
"resource exhaustion",
|
|
674
|
+
"xml entity expansion",
|
|
675
|
+
"xxe",
|
|
676
|
+
"zip bomb",
|
|
677
|
+
"zip slip"
|
|
678
|
+
],
|
|
679
|
+
"data_deps": [
|
|
680
|
+
"atlas-ttps.json",
|
|
681
|
+
"attack-techniques.json",
|
|
682
|
+
"cve-catalog.json",
|
|
683
|
+
"cwe-catalog.json",
|
|
684
|
+
"framework-control-gaps.json",
|
|
685
|
+
"rfc-references.json"
|
|
686
|
+
],
|
|
687
|
+
"atlas_refs": [],
|
|
688
|
+
"attack_refs": [
|
|
689
|
+
"T1059",
|
|
690
|
+
"T1499",
|
|
691
|
+
"T1499.001"
|
|
692
|
+
],
|
|
693
|
+
"framework_gaps": [
|
|
694
|
+
"AU-ISM-1556",
|
|
695
|
+
"NIS2-Art21-network-security",
|
|
696
|
+
"NIST-800-53-SI-2",
|
|
697
|
+
"UK-CAF-B4"
|
|
698
|
+
],
|
|
699
|
+
"rfc_refs": [],
|
|
700
|
+
"cwe_refs": [
|
|
701
|
+
"CWE-1333",
|
|
702
|
+
"CWE-22",
|
|
703
|
+
"CWE-400",
|
|
704
|
+
"CWE-409",
|
|
705
|
+
"CWE-770",
|
|
706
|
+
"CWE-776",
|
|
707
|
+
"CWE-834"
|
|
708
|
+
],
|
|
709
|
+
"d3fend_refs": [],
|
|
710
|
+
"dlp_refs": []
|
|
711
|
+
},
|
|
658
712
|
{
|
|
659
713
|
"name": "defensive-countermeasure-mapping",
|
|
660
714
|
"version": "1.0.0",
|
|
@@ -1378,6 +1432,60 @@
|
|
|
1378
1432
|
"d3fend_refs": [],
|
|
1379
1433
|
"dlp_refs": []
|
|
1380
1434
|
},
|
|
1435
|
+
{
|
|
1436
|
+
"name": "multitenancy-isolation",
|
|
1437
|
+
"version": "1.0.0",
|
|
1438
|
+
"triggers": [
|
|
1439
|
+
"bola",
|
|
1440
|
+
"broken object level authorization",
|
|
1441
|
+
"circuit breaker",
|
|
1442
|
+
"cross tenant",
|
|
1443
|
+
"denial of service",
|
|
1444
|
+
"distributed lock fencing",
|
|
1445
|
+
"idor",
|
|
1446
|
+
"multi tenant",
|
|
1447
|
+
"multitenancy isolation",
|
|
1448
|
+
"noisy neighbour",
|
|
1449
|
+
"per tenant quota",
|
|
1450
|
+
"rapid reset",
|
|
1451
|
+
"rate limit",
|
|
1452
|
+
"resource exhaustion",
|
|
1453
|
+
"rls",
|
|
1454
|
+
"row level security",
|
|
1455
|
+
"tenant isolation"
|
|
1456
|
+
],
|
|
1457
|
+
"data_deps": [
|
|
1458
|
+
"atlas-ttps.json",
|
|
1459
|
+
"attack-techniques.json",
|
|
1460
|
+
"cve-catalog.json",
|
|
1461
|
+
"cwe-catalog.json",
|
|
1462
|
+
"framework-control-gaps.json",
|
|
1463
|
+
"rfc-references.json"
|
|
1464
|
+
],
|
|
1465
|
+
"atlas_refs": [],
|
|
1466
|
+
"attack_refs": [
|
|
1467
|
+
"T1078",
|
|
1468
|
+
"T1499",
|
|
1469
|
+
"T1499.001",
|
|
1470
|
+
"T1530"
|
|
1471
|
+
],
|
|
1472
|
+
"framework_gaps": [
|
|
1473
|
+
"AU-ISM-1556",
|
|
1474
|
+
"NIS2-Art21-network-security",
|
|
1475
|
+
"NIST-800-53-AC-3",
|
|
1476
|
+
"UK-CAF-B4"
|
|
1477
|
+
],
|
|
1478
|
+
"rfc_refs": [],
|
|
1479
|
+
"cwe_refs": [
|
|
1480
|
+
"CWE-400",
|
|
1481
|
+
"CWE-639",
|
|
1482
|
+
"CWE-668",
|
|
1483
|
+
"CWE-770",
|
|
1484
|
+
"CWE-863"
|
|
1485
|
+
],
|
|
1486
|
+
"d3fend_refs": [],
|
|
1487
|
+
"dlp_refs": []
|
|
1488
|
+
},
|
|
1381
1489
|
{
|
|
1382
1490
|
"name": "network-trust",
|
|
1383
1491
|
"version": "1.0.0",
|
package/manifest-snapshot.sha256
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
|
|
1
|
+
af6f9c0b8f1276ef1cd33ce3eebef3154e945505b287d896c703dfa2c1af6396 manifest-snapshot.json
|