@blamejs/exceptd-skills 0.16.16 → 0.16.18
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/AGENTS.md +3 -1
- package/CHANGELOG.md +8 -0
- package/README.md +5 -5
- package/bin/exceptd.js +3 -0
- package/data/_indexes/_meta.json +16 -14
- package/data/_indexes/activity-feed.json +17 -3
- package/data/_indexes/catalog-summaries.json +1 -1
- package/data/_indexes/chains.json +26271 -1538
- package/data/_indexes/currency.json +19 -1
- package/data/_indexes/frequency.json +154 -92
- package/data/_indexes/handoff-dag.json +9 -1
- package/data/_indexes/jurisdiction-map.json +9 -3
- package/data/_indexes/section-offsets.json +170 -0
- package/data/_indexes/stale-content.json +1 -1
- package/data/_indexes/summary-cards.json +80 -0
- package/data/_indexes/token-budget.json +103 -3
- package/data/_indexes/trigger-table.json +91 -0
- package/data/_indexes/xref.json +41 -3
- package/data/cwe-catalog.json +75 -3
- package/data/playbooks/audit-log-integrity.json +3 -0
- package/data/playbooks/crypto-codebase.json +31 -8
- package/data/playbooks/decompression-dos.json +626 -0
- package/data/playbooks/framework.json +2 -0
- package/data/playbooks/log-injection-telemetry.json +619 -0
- package/data/playbooks/secrets.json +1 -0
- package/manifest-snapshot.json +107 -2
- package/manifest-snapshot.sha256 +1 -1
- package/manifest.json +163 -50
- package/package.json +2 -2
- package/sbom.cdx.json +94 -34
- package/skills/decompression-dos/skill.md +83 -0
- package/skills/log-injection-telemetry/skill.md +80 -0
package/data/cwe-catalog.json
CHANGED
|
@@ -88,6 +88,7 @@
|
|
|
88
88
|
"skills_referencing": [
|
|
89
89
|
"api-security",
|
|
90
90
|
"attack-surface-pentest",
|
|
91
|
+
"decompression-dos",
|
|
91
92
|
"mail-server-hardening",
|
|
92
93
|
"mcp-agent-trust",
|
|
93
94
|
"webapp-security"
|
|
@@ -534,6 +535,7 @@
|
|
|
534
535
|
"api-security",
|
|
535
536
|
"cloud-security",
|
|
536
537
|
"dlp-gap-analysis",
|
|
538
|
+
"log-injection-telemetry",
|
|
537
539
|
"sector-healthcare",
|
|
538
540
|
"vc-wallet-trust",
|
|
539
541
|
"webapp-security"
|
|
@@ -1911,6 +1913,7 @@
|
|
|
1911
1913
|
"skills_referencing": [
|
|
1912
1914
|
"api-security",
|
|
1913
1915
|
"attack-surface-pentest",
|
|
1916
|
+
"log-injection-telemetry",
|
|
1914
1917
|
"mcp-agent-trust",
|
|
1915
1918
|
"network-trust",
|
|
1916
1919
|
"sector-telecom",
|
|
@@ -3071,6 +3074,7 @@
|
|
|
3071
3074
|
"_auto_imported": true,
|
|
3072
3075
|
"_intake_method": "v0.13.18-bulk-mitre-cwe-curated",
|
|
3073
3076
|
"skills_referencing": [
|
|
3077
|
+
"decompression-dos",
|
|
3074
3078
|
"mail-server-hardening",
|
|
3075
3079
|
"multitenancy-isolation"
|
|
3076
3080
|
]
|
|
@@ -3386,7 +3390,10 @@
|
|
|
3386
3390
|
"last_verified": "2026-05-19",
|
|
3387
3391
|
"notes": "Bulk-imported v0.13.18 from the canonical MITRE Top 25 + commonly-referenced-class expansion.",
|
|
3388
3392
|
"_auto_imported": true,
|
|
3389
|
-
"_intake_method": "v0.13.18-bulk-mitre-cwe-curated"
|
|
3393
|
+
"_intake_method": "v0.13.18-bulk-mitre-cwe-curated",
|
|
3394
|
+
"skills_referencing": [
|
|
3395
|
+
"log-injection-telemetry"
|
|
3396
|
+
]
|
|
3390
3397
|
},
|
|
3391
3398
|
"CWE-539": {
|
|
3392
3399
|
"id": "CWE-539",
|
|
@@ -3780,6 +3787,7 @@
|
|
|
3780
3787
|
"_auto_imported": true,
|
|
3781
3788
|
"_intake_method": "v0.13.18-bulk-mitre-cwe-curated",
|
|
3782
3789
|
"skills_referencing": [
|
|
3790
|
+
"decompression-dos",
|
|
3783
3791
|
"multitenancy-isolation"
|
|
3784
3792
|
]
|
|
3785
3793
|
},
|
|
@@ -3819,7 +3827,10 @@
|
|
|
3819
3827
|
"last_verified": "2026-05-19",
|
|
3820
3828
|
"notes": "Bulk-imported v0.13.18 from the canonical MITRE Top 25 + commonly-referenced-class expansion.",
|
|
3821
3829
|
"_auto_imported": true,
|
|
3822
|
-
"_intake_method": "v0.13.18-bulk-mitre-cwe-curated"
|
|
3830
|
+
"_intake_method": "v0.13.18-bulk-mitre-cwe-curated",
|
|
3831
|
+
"skills_referencing": [
|
|
3832
|
+
"decompression-dos"
|
|
3833
|
+
]
|
|
3823
3834
|
},
|
|
3824
3835
|
"CWE-778": {
|
|
3825
3836
|
"id": "CWE-778",
|
|
@@ -3879,7 +3890,10 @@
|
|
|
3879
3890
|
"last_verified": "2026-05-19",
|
|
3880
3891
|
"notes": "Bulk-imported v0.13.18 from the canonical MITRE Top 25 + commonly-referenced-class expansion.",
|
|
3881
3892
|
"_auto_imported": true,
|
|
3882
|
-
"_intake_method": "v0.13.18-bulk-mitre-cwe-curated"
|
|
3893
|
+
"_intake_method": "v0.13.18-bulk-mitre-cwe-curated",
|
|
3894
|
+
"skills_referencing": [
|
|
3895
|
+
"decompression-dos"
|
|
3896
|
+
]
|
|
3883
3897
|
},
|
|
3884
3898
|
"CWE-835": {
|
|
3885
3899
|
"id": "CWE-835",
|
|
@@ -4554,5 +4568,63 @@
|
|
|
4554
4568
|
"CVE-2023-51765",
|
|
4555
4569
|
"CVE-2023-51766"
|
|
4556
4570
|
]
|
|
4571
|
+
},
|
|
4572
|
+
"CWE-409": {
|
|
4573
|
+
"id": "CWE-409",
|
|
4574
|
+
"name": "Improper Handling of Highly Compressed Data (Data Amplification)",
|
|
4575
|
+
"abstraction": "Base",
|
|
4576
|
+
"category": "Resource Management",
|
|
4577
|
+
"description": "The product does not handle or incorrectly handles a compressed input with a very high compression ratio that produces a large output. MITRE-canonical; full text at https://cwe.mitre.org/data/definitions/409.html. Backs the decompression-bomb / zip-bomb / nested-archive class (no decompressed-size or ratio cap).",
|
|
4578
|
+
"top_25_rank_2024": null,
|
|
4579
|
+
"top_25_rank_2025": null,
|
|
4580
|
+
"view_memberships": [
|
|
4581
|
+
"CWE-1000"
|
|
4582
|
+
],
|
|
4583
|
+
"related_attack_patterns_capec": [
|
|
4584
|
+
"CAPEC-197"
|
|
4585
|
+
],
|
|
4586
|
+
"skills_referencing": [
|
|
4587
|
+
"decompression-dos"
|
|
4588
|
+
],
|
|
4589
|
+
"evidence_cves": []
|
|
4590
|
+
},
|
|
4591
|
+
"CWE-1333": {
|
|
4592
|
+
"id": "CWE-1333",
|
|
4593
|
+
"name": "Inefficient Regular Expression Complexity",
|
|
4594
|
+
"abstraction": "Base",
|
|
4595
|
+
"category": "Resource Management",
|
|
4596
|
+
"description": "The product uses a regular expression with inefficient, possibly exponential worst-case complexity on a value that can be controlled by an actor, enabling catastrophic backtracking (ReDoS). MITRE-canonical; full text at https://cwe.mitre.org/data/definitions/1333.html.",
|
|
4597
|
+
"top_25_rank_2024": null,
|
|
4598
|
+
"top_25_rank_2025": null,
|
|
4599
|
+
"view_memberships": [
|
|
4600
|
+
"CWE-1000"
|
|
4601
|
+
],
|
|
4602
|
+
"related_attack_patterns_capec": [
|
|
4603
|
+
"CAPEC-492"
|
|
4604
|
+
],
|
|
4605
|
+
"skills_referencing": [
|
|
4606
|
+
"decompression-dos"
|
|
4607
|
+
],
|
|
4608
|
+
"evidence_cves": []
|
|
4609
|
+
},
|
|
4610
|
+
"CWE-117": {
|
|
4611
|
+
"id": "CWE-117",
|
|
4612
|
+
"name": "Improper Output Neutralization for Logs",
|
|
4613
|
+
"abstraction": "Base",
|
|
4614
|
+
"category": "Injection",
|
|
4615
|
+
"description": "The product does not neutralize or incorrectly neutralizes output that is written to logs. MITRE-canonical; full text at https://cwe.mitre.org/data/definitions/117.html. Backs the CRLF log-injection / log-forging class on telemetry sinks (forged or split log entries via un-sanitized control characters).",
|
|
4616
|
+
"top_25_rank_2024": null,
|
|
4617
|
+
"top_25_rank_2025": null,
|
|
4618
|
+
"view_memberships": [
|
|
4619
|
+
"CWE-1000"
|
|
4620
|
+
],
|
|
4621
|
+
"related_attack_patterns_capec": [
|
|
4622
|
+
"CAPEC-93",
|
|
4623
|
+
"CAPEC-268"
|
|
4624
|
+
],
|
|
4625
|
+
"skills_referencing": [
|
|
4626
|
+
"log-injection-telemetry"
|
|
4627
|
+
],
|
|
4628
|
+
"evidence_cves": []
|
|
4557
4629
|
}
|
|
4558
4630
|
}
|
|
@@ -57,6 +57,9 @@
|
|
|
57
57
|
"playbook_id": "secrets",
|
|
58
58
|
"condition": "analyze.classification == 'detected'"
|
|
59
59
|
}
|
|
60
|
+
],
|
|
61
|
+
"fed_by": [
|
|
62
|
+
"decompression-dos"
|
|
60
63
|
]
|
|
61
64
|
},
|
|
62
65
|
"domain": {
|
|
@@ -959,7 +962,11 @@
|
|
|
959
962
|
"api_stability_promise_permits_default_change == true OR major_version_bump_planned == true"
|
|
960
963
|
],
|
|
961
964
|
"priority": 1,
|
|
962
|
-
"for_signals": [
|
|
965
|
+
"for_signals": [
|
|
966
|
+
"no-ml-kem-implementation",
|
|
967
|
+
"rsa-1024-anywhere",
|
|
968
|
+
"tls-old-protocol"
|
|
969
|
+
],
|
|
963
970
|
"compensating_controls": [
|
|
964
971
|
"config_flag_for_classical_only_fallback_with_deprecation_warning",
|
|
965
972
|
"downstream_consumer_migration_guide_published"
|
|
@@ -974,7 +981,9 @@
|
|
|
974
981
|
"downstream_consumer_compat_path_planned == true"
|
|
975
982
|
],
|
|
976
983
|
"priority": 2,
|
|
977
|
-
"for_signals": [
|
|
984
|
+
"for_signals": [
|
|
985
|
+
"ecdsa-without-pqc-roadmap"
|
|
986
|
+
],
|
|
978
987
|
"compensating_controls": [
|
|
979
988
|
"dual_signature_envelope_during_migration",
|
|
980
989
|
"explicit_algorithm_identifier_in_signed_payload"
|
|
@@ -988,7 +997,10 @@
|
|
|
988
997
|
"weak_hash_call_sites_inventoried == true"
|
|
989
998
|
],
|
|
990
999
|
"priority": 3,
|
|
991
|
-
"for_signals": [
|
|
1000
|
+
"for_signals": [
|
|
1001
|
+
"weak-hash-import",
|
|
1002
|
+
"weak-cipher-mode"
|
|
1003
|
+
],
|
|
992
1004
|
"compensating_controls": [
|
|
993
1005
|
"deprecation_warning_emitted_when_legacy_hash_method_invoked",
|
|
994
1006
|
"telemetry_to_track_legacy_method_consumer_usage"
|
|
@@ -1003,7 +1015,10 @@
|
|
|
1003
1015
|
"performance_regression_acceptable_in_current_release == true"
|
|
1004
1016
|
],
|
|
1005
1017
|
"priority": 4,
|
|
1006
|
-
"for_signals": [
|
|
1018
|
+
"for_signals": [
|
|
1019
|
+
"pbkdf2-under-iterated",
|
|
1020
|
+
"bcrypt-cost-low"
|
|
1021
|
+
],
|
|
1007
1022
|
"compensating_controls": [
|
|
1008
1023
|
"kdf_parameter_floor_enforced_at_runtime_not_just_default",
|
|
1009
1024
|
"consumer_documentation_about_password_rehash_on_login_for_legacy_storage"
|
|
@@ -1017,7 +1032,9 @@
|
|
|
1017
1032
|
"rng_call_sites_inventoried == true"
|
|
1018
1033
|
],
|
|
1019
1034
|
"priority": 5,
|
|
1020
|
-
"for_signals": [
|
|
1035
|
+
"for_signals": [
|
|
1036
|
+
"math-random-in-security-path"
|
|
1037
|
+
],
|
|
1021
1038
|
"compensating_controls": [
|
|
1022
1039
|
"linter_rule_added_to_ci",
|
|
1023
1040
|
"data_flow_analysis_for_residual_paths"
|
|
@@ -1031,7 +1048,9 @@
|
|
|
1031
1048
|
"fips_provider_available_in_target_dep == true"
|
|
1032
1049
|
],
|
|
1033
1050
|
"priority": 6,
|
|
1034
|
-
"for_signals": [
|
|
1051
|
+
"for_signals": [
|
|
1052
|
+
"fips-claim-without-runtime-activation"
|
|
1053
|
+
],
|
|
1035
1054
|
"compensating_controls": [
|
|
1036
1055
|
"fips_runtime_assertion_in_init_path",
|
|
1037
1056
|
"ci_job_running_against_fips_provider_config"
|
|
@@ -1045,7 +1064,9 @@
|
|
|
1045
1064
|
"vendored_crypto_inventoried == true"
|
|
1046
1065
|
],
|
|
1047
1066
|
"priority": 7,
|
|
1048
|
-
"for_signals": [
|
|
1067
|
+
"for_signals": [
|
|
1068
|
+
"vendored-pqc-no-provenance"
|
|
1069
|
+
],
|
|
1049
1070
|
"compensating_controls": [
|
|
1050
1071
|
"vendored_copy_pinned_to_release_tag_not_branch",
|
|
1051
1072
|
"automated_upstream_security_advisory_subscription"
|
|
@@ -1059,7 +1080,9 @@
|
|
|
1059
1080
|
"api_change_acceptable_in_next_major == true"
|
|
1060
1081
|
],
|
|
1061
1082
|
"priority": 8,
|
|
1062
|
-
"for_signals": [
|
|
1083
|
+
"for_signals": [
|
|
1084
|
+
"no-crypto-agility-abstraction"
|
|
1085
|
+
],
|
|
1063
1086
|
"compensating_controls": [
|
|
1064
1087
|
"deprecation_path_for_old_api",
|
|
1065
1088
|
"migration_guide_published"
|