@blamejs/exceptd-skills 0.16.16 → 0.16.18

package/sbom.cdx.json

@@ -1,23 +1,23 @@
 {
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
-  "serialNumber": "urn:uuid:04e89773-5ab6-4db8-9c18-bb4abb56fd87",
+  "serialNumber": "urn:uuid:6c7238d3-3b76-45b0-a769-c339ae4e6bd7",
   "version": 1,
   "metadata": {
-    "timestamp": "2028-08-11T03:33:07.000Z",
+    "timestamp": "2083-08-28T03:49:39.000Z",
     "tools": [
       {
         "vendor": "blamejs",
         "name": "scripts/refresh-sbom.js",
-        "version": "0.16.16"
+        "version": "0.16.18"
       }
     ],
     "component": {
-      "bom-ref": "pkg:npm/@blamejs/exceptd-skills@0.16.16",
+      "bom-ref": "pkg:npm/@blamejs/exceptd-skills@0.16.18",
       "type": "application",
       "name": "@blamejs/exceptd-skills",
-      "version": "0.16.16",
-      "description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation. 48 skills, 11 catalogs (439 CVEs / 174 CWEs / 805 ATT&CK + ICS / 170 ATLAS / 468 D3FEND / 8888 RFCs), 35 jurisdictions, 10-class catalog gap detector + budget gate, real XML parser + canonical-form diff + content-pattern regression detection, Ed25519-signed.",
+      "version": "0.16.18",
+      "description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation. 50 skills, 11 catalogs (439 CVEs / 177 CWEs / 805 ATT&CK + ICS / 170 ATLAS / 468 D3FEND / 8888 RFCs), 35 jurisdictions, 10-class catalog gap detector + budget gate, real XML parser + canonical-form diff + content-pattern regression detection, Ed25519-signed.",
       "licenses": [
         {
           "license": {
@@ -25,17 +25,17 @@
           }
         }
       ],
-      "purl": "pkg:npm/%40blamejs/exceptd-skills@0.16.16",
+      "purl": "pkg:npm/%40blamejs/exceptd-skills@0.16.18",
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "19fd1d02fb02bcc9ce834018a04cb4499913fc116b9c3d1afe8e0553161e9b91"
+          "content": "0e20181565be6e9177ab95e6157883529660eb0b0542deb24b612fd270fe52f9"
         }
       ],
       "externalReferences": [
         {
           "type": "distribution",
-          "url": "https://www.npmjs.com/package/@blamejs/exceptd-skills/v/0.16.16"
+          "url": "https://www.npmjs.com/package/@blamejs/exceptd-skills/v/0.16.18"
         },
         {
           "type": "vcs",
@@ -54,7 +54,7 @@
       },
       {
         "name": "exceptd:skill:count",
-        "value": "48"
+        "value": "50"
       },
       {
         "name": "exceptd:integrity:method",
@@ -86,11 +86,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "c33b531131baa65065c83571c6b8e24509ebf8c996f3d4201c1455748a38504a"
+          "content": "8a446d298a41eacd959171a497d67f6f8f5902548cbf552b8840c14b3a3b37ba"
         },
         {
           "alg": "SHA3-512",
-          "content": "654f61a4cd4a95467903a2f2c5b1d1d5d14c16d4b098993fce89d35b51c0f9f3192e8789a5ad887eac75cd90044096b6c3a9341665f663306186bad4edfbe0fc"
+          "content": "69d82952344fadd98667fbf1680aa5696c79a7e79f69a833737ef4d8cc8076bddb09dacb62ffbe2c585ca6055259ce6a53868d38a8eeb3dbe1c008275e317245"
         }
       ]
     },
@@ -116,11 +116,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "3049953c76658c14f8e4b6f6cfc4eaa717d1ea872b90b46e0d32a0b7b6fab3b5"
+          "content": "9a3d7f16071119255f5bfc892af21e9357770d177a71df8aff3052e30ce543f0"
         },
         {
           "alg": "SHA3-512",
-          "content": "3e0978a7d16170cf31e425b9e945b48a8c8146aad38f246847a2d2deeff41013cc38193ff09afe849eda8b4cfb3bf889522f68b0115d5a5e2676f75d21912aac"
+          "content": "cfbb10e0c10ff6ec6ef73342d90dae4b9bf9e7abbb4858e41cdd9a9ec0ef8b1ba0594b2d082eba9e3a5ae7c930c995c0361abc0667498b573f0e934f5678f13c"
         }
       ]
     },
@@ -176,11 +176,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "d60ea592639a1c721162bdb8f72b5b12d624cefc90f36b606b7f116353e36b08"
+          "content": "ccad8930d48991c13579c7519033e58d333b2bff9787aed40636fe1a2aaad61a"
         },
         {
           "alg": "SHA3-512",
-          "content": "18a5b34d22cc5b4e43da00c891f30ecb1cc535876dc9de3983b5886bbd9492c3731c3f41688e0d2f6a5d1017331fef97fcfd780f7ef6d5b2a04ce8d61029970c"
+          "content": "cd4421111c438bf97815873a138d5e1dba1d181b7fad8992c3b81bfb3f46379b3034ff59b4a3200850f83042b1236aa648bfae18635fd740fdd4409bcedcace9"
         }
       ]
     },
@@ -281,11 +281,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "d3715b8a3a5fa54d7b5b0176bc6adac8f2ee0113f40b6b9ea96ca63d673b202f"
+          "content": "e0977976ace4e9ae498b2b7a4b3c943eb2fb2eedfb19983ae38d74e1eaf628d2"
         },
         {
           "alg": "SHA3-512",
-          "content": "bf130a643490db459df0adb4cca9b03e116c1524f2940746b13a916ba1d22b90342b5963b0650627669dd07ed12518a149c758afa02ffb7f7fe7962ce87fdb12"
+          "content": "fa48b90fb049a58fd21253b0d8ce1b82de21cb1e2a853a6e89b1ff68ac2a57f0c84738d9dc4a25edc2790890fd9b21f5a8af6f29de5169c480379496bcd32d58"
         }
       ]
     },
@@ -341,11 +341,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "11e035b62bf760eb7ea5e408b7364f737f3b3510612d6a65948c8d8ab1085587"
+          "content": "62d9e55c9f887047fd2781ba2e81ad98e3a08ab51e173d0cd3262aee3d5eb940"
         },
         {
           "alg": "SHA3-512",
-          "content": "ecf8f495282ad4302cf058f4a8846afeddfc2cc04ea879b883e995a3b5c9555e292b59dbc8e0679e40678c5212bf9b4c3737c0d8b1c5528fc7fa08c12d63a7b8"
+          "content": "20d9d6754c1967c017abea1e6f7c5d4c60acbb25bbfb9f80ae6b73aaf5d2d838cfb67df680ec9012867e04466ad56ba39e09375c1d0616c6e9b46d14b855d88a"
         }
       ]
     },
@@ -461,11 +461,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "0ed3f7e7eb38c7c6c21335de82fea68a7392de298d7d407fd2ce9f41cd94d87d"
+          "content": "add0916cbecb3c4e0481a544ab1fc6d6b03627f6b2014a4165d28c5e55910cf3"
         },
         {
           "alg": "SHA3-512",
-          "content": "2199f512f25067b732318e1aa8bb4418b50800e5bd8c7cd230da991733ca7ebd388429e1ad15a84708ed0e1b958cb0257fe0c44624b90b136ce4ab73ad787949"
+          "content": "a513e1065f7c644b99eb31d8d08aa15dc3dbfce38ce0171ea121c9b9c96ed5d9086be8d6d0b096a0add570e471462c9587b46298aa9db3c9fb33a81d0d531b3a"
         }
       ]
     },
@@ -551,11 +551,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "042966f4865e4c661f2fb026500e2be880222e6af9183bac89d538e4b05161a0"
+          "content": "d89790d5c22f8c07fa5179431ff843ccffba1a4fc41a1b4f9d6e1b4beb9b3c0d"
         },
         {
           "alg": "SHA3-512",
-          "content": "15ec0e91efdb75874da1e10096c1cb6b0a975ad3a1c9f22dfc82168e9930d44bcca1aae944b3442bcbaf80130d8a8497c0fabf29b7be5e2e98fbb24490f9329e"
+          "content": "0ead245a65ac5305fd611a6d5aeee12a3e0435254c76d5bbe2a62db9128c44c76337774d41ceeaa5c3b619eadfc86dc645ee33a7255515e24feecbf349c48a59"
         }
       ]
     },
@@ -574,6 +574,21 @@
         }
       ]
     },
+    {
+      "bom-ref": "file:data/playbooks/decompression-dos.json",
+      "type": "file",
+      "name": "data/playbooks/decompression-dos.json",
+      "hashes": [
+        {
+          "alg": "SHA-256",
+          "content": "8ddb14a525bed58fcbacd10c0ccfab096fd11772d77078dadfd4e43f6055dda7"
+        },
+        {
+          "alg": "SHA3-512",
+          "content": "068092f64dcd34576b0fb7ec3ebc1cedae8f98c991bb1190fea5fc1fa34c1de3d7e230b016a509fce30c4e53dda34c798cfd2b4f511a1a6d484e1ab29f1e3ebf"
+        }
+      ]
+    },
     {
       "bom-ref": "file:data/playbooks/framework.json",
       "type": "file",
@@ -581,11 +596,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "81dcd98aca801cccdeb81063af985cc2e87015cc750a42f3f557b35968d7730d"
+          "content": "eae787bda27ade8c99e41de10181ffc8ef917661115066bb199cecc5b4a5dbf3"
         },
         {
           "alg": "SHA3-512",
-          "content": "c27c06699191eb8b08d39a6a2fe02b547f7bb95dca79d07d9e5b02b8a5ccfc5396f20c0d89cc45be3404829baceb505794dc20efda2a3787e52d3a51f036fe30"
+          "content": "0fbcbb7d77022fa4b7d57fdcc747d50d36d1c5403f7db18cfdb65fc491b5330c02a37e78ede6d61d37618b24ad72920e8fa7757cd3c321616503c366cb19b098"
         }
       ]
     },
@@ -679,6 +694,21 @@
         }
       ]
     },
+    {
+      "bom-ref": "file:data/playbooks/log-injection-telemetry.json",
+      "type": "file",
+      "name": "data/playbooks/log-injection-telemetry.json",
+      "hashes": [
+        {
+          "alg": "SHA-256",
+          "content": "bf1e61d9bba54722e466d6e2d186137337379c148c82e06380dae24f24a1008b"
+        },
+        {
+          "alg": "SHA3-512",
+          "content": "09b0cc1faee50235b7d0d5d2f42f25dbbf288f1ed5310d3bb5660a2b2cefd3b868a506c30335e6b7ab3f2a4b1927b468d1c83c0388607f56aacef0639c70ea8d"
+        }
+      ]
+    },
     {
       "bom-ref": "file:data/playbooks/mail-server-hardening.json",
       "type": "file",
@@ -806,11 +836,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "1bca35c4d562eb32bf3893b3e978396fad102bdb9e2a2b28189f8940ff3e7a56"
+          "content": "468a961bf742b16acc2b0b33836d2c23cab00a137a24f52b6f3c38b10cb8e9de"
         },
         {
           "alg": "SHA3-512",
-          "content": "239148333b803245899425506b76255cfd0327bda7e0339905c62d599f59ede8cfacc37e4f75cecf5c0a8dc9f3122ce010d4bc1b409928bc1198e7e634ba545d"
+          "content": "4ce105608fefd603bb493ad2d02c24279110c39011b5392cf2f218c2db2fbc22c86e3a3d1de24af3bc6319447599557df88be6c728cf8f81af86ad028458f58a"
         }
       ]
     },
@@ -1811,11 +1841,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "58d5adcb2f75841236338793c49b71adbd5662743fbd444b16c349dd26edbd21"
+          "content": "0a7aeedea3de4627ed5e602ad12f7ca954c29dffed57a4d7ba57f0af72410fba"
         },
         {
           "alg": "SHA3-512",
-          "content": "bfbca81d382983435fd8994cb4bed554d56d01008dd5ae6f581c61d00d88a2791087e56cd405ad1e9e7e0255a1ee454562ba6c6276446077a53f97df606e52c8"
+          "content": "12838d29a8aac5fa30d23b143815362bb8852e8f3621252bf15d0eaf774f37edd4c6616f6400e66c719330605cf36e48ee5c3e7ff7960b04b7ddae70f7596983"
         }
       ]
     },
@@ -1826,11 +1856,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "643d612268e8a98f27a0d53e2f749bc81d217ae3c37b47d90075c81d676db09f"
+          "content": "26beb1496ee222282f6c864e802848d8c9d5b4090488ee62f5f7aa2890840494"
         },
         {
           "alg": "SHA3-512",
-          "content": "273e5881d3832a17c574cf1f933219f7f1209593cd5c6cf9e821899594af3f55bf6f4168f1217b8beca2f11483516cfbba46d8d292d10df19761fa512a14201f"
+          "content": "67abe106be4853460aa184d0a19821438db687b80a774bda7b4dfb6d4c0392192c75b59593c1d09930629512b52c475d85297f0571b2e2614fc2af5211b1d957"
         }
       ]
     },
@@ -1841,11 +1871,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "9156c60052b185a8d265bbb53d586ed6be9b1387b2aa2cdb77186bed997d5fbd"
+          "content": "2833faf5965d078166553874a1bf42b944e2ff4d1738eddf50806eaba56e1eb7"
         },
         {
           "alg": "SHA3-512",
-          "content": "3f1fefe1ff7236635e00a4e92886980f747fe546827fa134ac122cf276cf09420778d051b6f736ced0c5d9592300a41c7aeced7ddf584ec6f1f47c662307cff5"
+          "content": "e548f6dc97746b9f842e0e3a5567b5eb42bd19cf6eae31b4817029514b0e842047c84c6c5d62d5667e80a03757230ce0e10778980bd9a1ec991e9dc9444a264d"
         }
       ]
     },
@@ -2824,6 +2854,21 @@
         }
       ]
     },
+    {
+      "bom-ref": "file:skills/decompression-dos/skill.md",
+      "type": "file",
+      "name": "skills/decompression-dos/skill.md",
+      "hashes": [
+        {
+          "alg": "SHA-256",
+          "content": "53fd0a90ccc0e7ac6056e9c9fd40f3ab3342d30739399079b5e644eef6405d88"
+        },
+        {
+          "alg": "SHA3-512",
+          "content": "f8f1a70fc4ee809300c1b5da98548463d732f7a27b0e49d0776f197f4aefaf7d6106da411259c5bdea6a17d76c6b52579b58677bad05b312c622e7e83cf7b6ab"
+        }
+      ]
+    },
     {
       "bom-ref": "file:skills/defensive-countermeasure-mapping/skill.md",
       "type": "file",
@@ -2989,6 +3034,21 @@
         }
       ]
     },
+    {
+      "bom-ref": "file:skills/log-injection-telemetry/skill.md",
+      "type": "file",
+      "name": "skills/log-injection-telemetry/skill.md",
+      "hashes": [
+        {
+          "alg": "SHA-256",
+          "content": "69c4e65c6f78703b923c2455a5ecf5a6d79fcc28d56fff57acb2605639231104"
+        },
+        {
+          "alg": "SHA3-512",
+          "content": "5bc5fb49f8c899647a1dea53c657f96a712b7c1e2dc20416152a3a28a9573fd46201310514f4c64c0495519bf24247477fff59083e7f920dfe7ea77bfa2ff8d6"
+        }
+      ]
+    },
     {
       "bom-ref": "file:skills/mail-server-hardening/skill.md",
       "type": "file",

package/skills/decompression-dos/skill.md

@@ -0,0 +1,83 @@
+---
+name: decompression-dos
+version: "1.0.0"
+description: Decompression-bomb, parser-DoS, and ReDoS resistance for mid-2026 — decompression size/ratio caps, Zip Slip path confinement, XML entity-expansion disabling, linear-time regex on untrusted input, parse-depth limits, and length-field allocation bounds against single-input amplification denial of service
+triggers:
+  - decompression bomb
+  - zip bomb
+  - zip slip
+  - redos
+  - regular expression denial of service
+  - catastrophic backtracking
+  - billion laughs
+  - xml entity expansion
+  - xxe
+  - parser dos
+  - resource exhaustion
+  - amplification attack
+  - nested archive
+  - recursion depth
+  - length field allocation
+  - input amplification
+discovery_mode: standalone
+data_deps:
+  - cve-catalog.json
+  - atlas-ttps.json
+  - attack-techniques.json
+  - framework-control-gaps.json
+  - cwe-catalog.json
+  - rfc-references.json
+atlas_refs: []
+attack_refs:
+  - T1499
+  - T1499.001
+  - T1059
+framework_gaps:
+  - NIST-800-53-SI-2
+  - NIS2-Art21-network-security
+  - UK-CAF-B4
+  - AU-ISM-1556
+cwe_refs:
+  - CWE-409
+  - CWE-1333
+  - CWE-400
+  - CWE-776
+  - CWE-22
+  - CWE-834
+  - CWE-770
+last_threat_review: "2026-06-02"
+---
+
+# Decompression-Bomb / Parser-DoS / ReDoS Resistance
+
+## Threat Context (mid-2026)
+
+Amplification denial of service turns a tiny, structurally-valid input into ruinous server work. A 42 KB zip bomb expands to petabytes; a few lines of nested XML entities expand to gigabytes (the billion-laughs attack); a crafted string pins a CPU core for seconds-to-minutes on a backtracking regular expression (ReDoS); a binary parser that reads a declared 2 GB length field allocates a 2 GB buffer from a 10-byte message. A Zip Slip archive entry named `../../x` escapes the extraction directory to overwrite a binary on the execution path. Input-format validation passes all of these because each input is valid — the amplification lives in how it is processed, not in its shape. The defence is a resource bound at the parser, not validation or autoscaling.
+
+## Framework Lag Declaration
+
+Organisational controls treat "we validate all input" and "the cloud autoscales" as denial-of-service protection. NIST 800-53 SI-10 (information input validation) is satisfied by validating format and does not require bounding decompression ratio, entity expansion, or regex complexity. SC-5 (denial-of-service protection) is framed at the network tier and is not operationalised for single-request, asymmetric application-layer DoS. A clean "we validate input / have a WAF / autoscale" audit is therefore NON-EVIDENCE for amplification-DoS resistance; it confirms format validation and elastic infra, not the decompression caps, entity disabling, regex-complexity bounds, parse-depth limits, and length-field allocation bounds that actually stop a single crafted input from exhausting the instance.
+
+## TTP Mapping
+
+The amplification-DoS failures map to MITRE ATT&CK: **T1499 (Endpoint Denial of Service)** for ReDoS and circuit-style resource exhaustion; **T1499.001 (OS Exhaustion Flood)** for decompression bombs, billion-laughs entity expansion, deep-recursion parsing, and length-field over-allocation that exhaust memory/CPU from a single input; and **T1059 (Command/Execution)** for Zip Slip path traversal that overwrites an executable or config to gain code execution. The weakness classes are CWE-409 (improper handling of highly compressed data), CWE-1333 (inefficient regular expression complexity / ReDoS), CWE-776 (XML entity expansion), CWE-834 (excessive iteration / unbounded recursion), CWE-22 (path traversal — Zip Slip), CWE-400 (uncontrolled resource consumption), and CWE-770 (allocation without limits).
+
+## Exploit Availability Matrix
+
+These are processing-bound gaps exploited by a single small input, so the exploit is the absent bound, not a published CVE. Zip bombs (42.zip), billion-laughs XML, and ReDoS strings are public, well-documented, and trivially reproduced; Zip Slip has public proof-of-concept archives. None require a network position beyond an endpoint that accepts an upload or a string. The real-world priority is set by whether the ingest is internet-facing and whether a single crafted input can exhaust the whole instance (one-shot DoS) or, for Zip Slip, write outside the extraction target — the latter escalating from DoS to arbitrary file write and code execution.
+
+## Analysis Procedure
+
+1. Enumerate every code path that decompresses an archive, parses XML/JSON/CBOR/protobuf/ASN.1/MIME, or applies a regex to attacker-suppliable input. 2. Confirm decompression caps total output size and per-entry ratio, and caps cumulative output + recursion depth for nested archives. 3. Confirm archive extraction normalises and confines each entry path within the target (Zip Slip). 4. Confirm the XML parser disables DTDs and external/general entities. 5. Confirm regexes on untrusted input are linear-time (RE2) or length-capped with no catastrophic-backtracking patterns. 6. Confirm structured parsers enforce a maximum nesting depth and validate declared length/count fields against remaining input before allocating. Run the `decompression-dos` playbook to execute these as detect indicators with false-positive checks, then score by internet-reachability and one-shot-exhaustion potential.
+
+## Output Format
+
+Report per parser/decompression path, marking each resource bound enforced / missing / inconclusive (visibility gap). For every missing bound, state whether the ingest is internet-facing and whether a single crafted input could exhaust the instance (or, for Zip Slip, write outside the target). Distinguish a bound enforced at a lower layer (streaming runtime, RE2 engine, size-limited proxy) from an absent one, and a path that ingests only trusted fixed-size input from one that ingests attacker input. Provide the prioritised remediation (cap decompression size/ratio/nesting, confine extraction paths, disable XML entities, bound regex complexity, limit parse depth + length-field allocation) and the negative validation tests (zip bomb rejected, Zip Slip rejected, billion-laughs rejected, ReDoS bounded) plus a functional test that legitimate inputs still parse.
+
+## Compliance Theater Check
+
+The recurring theater is "we validate all input, so malformed data is handled," "our WAF blocks malicious uploads," and "the service autoscales, so resource exhaustion is handled." Format validation does not bound amplification; a zip bomb and a ReDoS string are structurally valid and small, so a WAF rarely catches them; autoscaling pays for the amplification without stopping it. The distinguishing test: feed a zip bomb, a billion-laughs XML, and a ReDoS string. If any expands unbounded, pins a CPU, or allocates from a declared length, validation, the WAF, and autoscaling did not bound the amplification, and the assurance is paper.
+
+## Defensive Countermeasure Mapping
+
+Map findings to MITRE D3FEND: decompression size/ratio caps and length-field bounds realise Resource Consumption Limiting and Input-Size Restriction (countering T1499.001); XML entity disabling realises Document Parser Hardening (countering billion-laughs / XXE); linear-time regex realises Algorithmic-Complexity Limiting (countering ReDoS / T1499); extraction path confinement realises Path-Traversal Prevention (countering Zip Slip / T1059); parse-depth limits realise Recursion Bounding. Pair the static bounds with continuous coverage-guided fuzzing (the fuzz-testing-strategy skill) as the regression control for novel amplification inputs. The residual risk after bounding the known classes is an unforeseen pathological input, caught by the fuzzer rather than the caps, accepted at the CISO level.

package/skills/log-injection-telemetry/skill.md

@@ -0,0 +1,80 @@
+---
+name: log-injection-telemetry
+version: "1.0.0"
+description: Telemetry-pipeline integrity for mid-2026 — CR/LF log-injection neutralization across every sink, secret/PII redaction before shipping, authenticated metrics endpoints, and exporter destination allowlisting, secret-store credentials, verified TLS, and webhook SSRF guarding
+triggers:
+  - log injection
+  - crlf injection
+  - log forging
+  - telemetry integrity
+  - secrets in logs
+  - log redaction
+  - metrics endpoint exposure
+  - prometheus exposure
+  - otlp exporter
+  - cloudwatch
+  - webhook sink
+  - exporter ssrf
+  - observability security
+  - log sink
+  - telemetry exfiltration
+discovery_mode: standalone
+data_deps:
+  - cve-catalog.json
+  - atlas-ttps.json
+  - attack-techniques.json
+  - framework-control-gaps.json
+  - cwe-catalog.json
+  - rfc-references.json
+atlas_refs: []
+attack_refs:
+  - T1565.001
+  - T1530
+  - T1213
+framework_gaps:
+  - NIST-800-53-SI-2
+  - ISO-27001-2022-A.8.15
+  - NIS2-Art21-network-security
+  - UK-CAF-B4
+  - AU-ISM-1556
+cwe_refs:
+  - CWE-117
+  - CWE-532
+  - CWE-918
+  - CWE-200
+last_threat_review: "2026-06-02"
+---
+
+# Telemetry-Pipeline Integrity (Log Injection + Sink Confidentiality)
+
+## Threat Context (mid-2026)
+
+The telemetry pipeline is both an integrity target and a confidentiality leak that "we centralize all logs" does not address. Integrity: un-sanitized CR/LF in interpolated log values lets an attacker forge or split log entries — injecting fake lines, breaking the log parser, or hiding their own actions — corrupting the observability record incident response depends on. Confidentiality: secrets and PII logged without a redaction pass persist in every downstream sink (SIEM, cloud log service); an unauthenticated /metrics or debug endpoint leaks internal topology and operational state; exporters (OTLP, CloudWatch, webhook) that ship to un-inventoried or input-derived destinations become exfiltration and SSRF channels; embedded sink credentials and plaintext export widen the exposure. These are pipeline-posture gaps, not log-volume gaps.
+
+## Framework Lag Declaration
+
+Organisational logging controls require events be recorded, centralized, and access-controlled. NIST 800-53 AU-9 (protection of audit information) is attested by access controls on the log store and does not address CR/LF log injection that forges entries before they reach the store. SI-11 (error handling / output neutralization) is named generally but not operationalised as per-sink CR/LF neutralization or secret redaction. ISO 27001 A.8.15 is met with "we log and protect logs." None address telemetry-exporter egress, SSRF, or unauthenticated metrics. A clean "we centralize logs to a SIEM with access controls" audit is therefore NON-EVIDENCE for telemetry-pipeline integrity; it confirms log presence and store ACLs, not neutralization, redaction, metrics auth, or exporter posture.
+
+## TTP Mapping
+
+The telemetry-pipeline failures map to MITRE ATT&CK: **T1565.001 (Stored Data Manipulation)** for CR/LF log forging that rewrites or splits the audit record; **T1530 (Data from Cloud Storage / shipped telemetry)** for secrets/PII leaking through logs, exporter exfiltration, and webhook-sink SSRF reaching internal services; and **T1213 (Data from Information Repositories)** for an unauthenticated metrics/debug endpoint disclosing internal state. The weakness classes are CWE-117 (improper output neutralization for logs — log injection), CWE-532 (insertion of sensitive information into log files), CWE-918 (server-side request forgery — exporter/webhook egress), and CWE-200 (exposure of sensitive information — unauthenticated metrics).
+
+## Exploit Availability Matrix
+
+These are pipeline-posture gaps, so the exploit is the absent control. CR/LF log injection requires only a request field that reaches a line-oriented sink un-neutralized — trivially reproduced. Secrets in logs are harvested wherever the logs land. An unauthenticated /metrics is a single unauthenticated GET. A webhook sink pointed at the cloud metadata endpoint is an SSRF with commodity payloads. The real-world priority is set by whether secrets/PII leak across every downstream sink (credential/PII breach), whether the audit record can be forged (defeating incident response), or whether the telemetry process can be turned into an SSRF channel to the internal network or metadata service.
+
+## Analysis Procedure
+
+1. Enumerate every log/trace/metric sink and exporter, and every metrics/debug endpoint. 2. Confirm each sink neutralizes CR/LF + control characters in interpolated values (or uses a structured format that cannot be line-split) — note any sink other than syslog that does not. 3. Confirm a redaction pass strips secrets/PII before values reach any sink. 4. Confirm metrics/debug endpoints require authentication or are bound to a private scrape network. 5. Confirm exporter destinations are an inventoried allowlist (not input-derived), credentials come from a secret store, and export uses verified TLS. 6. Confirm webhook sinks allowlist their URL and refuse private/link-local/metadata addresses. Run the `log-injection-telemetry` playbook to execute these as detect indicators with false-positive checks, then score by leakage breadth, audit-record corruptibility, and SSRF reach.
+
+## Output Format
+
+Report per sink/exporter/endpoint, marking each control enforced / missing / inconclusive (visibility gap). For every missing control, state whether it leaks secrets/PII across sinks, allows forging the audit record, or enables exfil/SSRF from the telemetry process, and whether the surface is internet-reachable. Distinguish a control enforced at a lower layer (a sanitizing collector/sidecar, a private scrape network) from an absent one. Provide the prioritised remediation (neutralize CR/LF + redact per sink, authenticate/private metrics, allowlist exporters with secret-store credentials over verified TLS, SSRF-guard webhook sinks) and the negative validation tests (CR/LF neutralized, secret redacted, metrics requires auth, webhook SSRF blocked) plus a functional test that legitimate telemetry still flows.
+
+## Compliance Theater Check
+
+The recurring theater is "we centralize all logs to a SIEM, so logging is handled," "the log store has access controls, so logs are protected," and "our metrics are internal-only." Centralization is not integrity or confidentiality; store ACLs do not stop injection at write time; an "internal" /metrics is often reachable via a default all-interfaces bind or an exposed ingress. The distinguishing test: inject CR/LF into a logged value and check for a forged line; log a secret and check redaction; reach /metrics unauthenticated; inspect exporter destinations, credentials, and TLS. If forging, secret leakage, or exfil/SSRF succeeds, centralization did not protect the pipeline and the assurance is paper.
+
+## Defensive Countermeasure Mapping
+
+Map findings to MITRE D3FEND: per-sink CR/LF neutralization realises Message Encoding / Output Neutralization (countering T1565.001 log forging); secret/PII redaction realises Sensitive-Data Scrubbing (countering T1530 leakage); metrics-endpoint authentication realises Network Traffic Filtering and Authentication Enforcement (countering T1213 disclosure); exporter destination allowlisting, secret-store credentials, verified TLS, and webhook SSRF guards realise Outbound Traffic Filtering and Resolution-Trust (countering T1530 exfil / SSRF). Pair the redaction pass with the dlp-gap-analysis skill for the broader data-egress picture, without duplicating its LLM/RAG focus. The residual risk is the inherent sensitivity of telemetry held in a legitimate access-controlled store, accepted at the CISO level.