@blamejs/exceptd-skills 0.16.17 → 0.16.19
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/AGENTS.md +3 -1
- package/CHANGELOG.md +8 -0
- package/README.md +5 -5
- package/bin/exceptd.js +3 -1
- package/data/_indexes/_meta.json +17 -15
- package/data/_indexes/activity-feed.json +17 -3
- package/data/_indexes/catalog-summaries.json +1 -1
- package/data/_indexes/chains.json +14784 -1833
- package/data/_indexes/currency.json +19 -1
- package/data/_indexes/frequency.json +138 -86
- package/data/_indexes/handoff-dag.json +9 -1
- package/data/_indexes/jurisdiction-map.json +9 -3
- package/data/_indexes/section-offsets.json +170 -0
- package/data/_indexes/stale-content.json +1 -1
- package/data/_indexes/summary-cards.json +77 -0
- package/data/_indexes/token-budget.json +103 -3
- package/data/_indexes/trigger-table.json +93 -0
- package/data/_indexes/xref.json +38 -7
- package/data/cwe-catalog.json +35 -4
- package/data/playbooks/audit-log-integrity.json +3 -0
- package/data/playbooks/framework.json +2 -0
- package/data/playbooks/log-injection-telemetry.json +619 -0
- package/data/playbooks/privacy-consent-ops.json +605 -0
- package/data/playbooks/secrets.json +1 -0
- package/manifest-snapshot.json +104 -2
- package/manifest-snapshot.sha256 +1 -1
- package/manifest.json +161 -51
- package/package.json +2 -2
- package/sbom.cdx.json +92 -32
- package/skills/log-injection-telemetry/skill.md +80 -0
- package/skills/privacy-consent-ops/skill.md +80 -0
package/sbom.cdx.json
CHANGED
|
@@ -1,23 +1,23 @@
|
|
|
1
1
|
{
|
|
2
2
|
"bomFormat": "CycloneDX",
|
|
3
3
|
"specVersion": "1.6",
|
|
4
|
-
"serialNumber": "urn:uuid:
|
|
4
|
+
"serialNumber": "urn:uuid:6bc84615-0603-46c8-a498-a0dc5a399034",
|
|
5
5
|
"version": 1,
|
|
6
6
|
"metadata": {
|
|
7
|
-
"timestamp": "
|
|
7
|
+
"timestamp": "2083-04-21T06:00:53.000Z",
|
|
8
8
|
"tools": [
|
|
9
9
|
{
|
|
10
10
|
"vendor": "blamejs",
|
|
11
11
|
"name": "scripts/refresh-sbom.js",
|
|
12
|
-
"version": "0.16.
|
|
12
|
+
"version": "0.16.19"
|
|
13
13
|
}
|
|
14
14
|
],
|
|
15
15
|
"component": {
|
|
16
|
-
"bom-ref": "pkg:npm/@blamejs/exceptd-skills@0.16.
|
|
16
|
+
"bom-ref": "pkg:npm/@blamejs/exceptd-skills@0.16.19",
|
|
17
17
|
"type": "application",
|
|
18
18
|
"name": "@blamejs/exceptd-skills",
|
|
19
|
-
"version": "0.16.
|
|
20
|
-
"description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation.
|
|
19
|
+
"version": "0.16.19",
|
|
20
|
+
"description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation. 51 skills, 11 catalogs (439 CVEs / 177 CWEs / 805 ATT&CK + ICS / 170 ATLAS / 468 D3FEND / 8888 RFCs), 35 jurisdictions, 10-class catalog gap detector + budget gate, real XML parser + canonical-form diff + content-pattern regression detection, Ed25519-signed.",
|
|
21
21
|
"licenses": [
|
|
22
22
|
{
|
|
23
23
|
"license": {
|
|
@@ -25,17 +25,17 @@
|
|
|
25
25
|
}
|
|
26
26
|
}
|
|
27
27
|
],
|
|
28
|
-
"purl": "pkg:npm/%40blamejs/exceptd-skills@0.16.
|
|
28
|
+
"purl": "pkg:npm/%40blamejs/exceptd-skills@0.16.19",
|
|
29
29
|
"hashes": [
|
|
30
30
|
{
|
|
31
31
|
"alg": "SHA-256",
|
|
32
|
-
"content": "
|
|
32
|
+
"content": "a3b2fa14f7bfa9c8fb46f2cde3b8d077ce5b31e87455aa938b788c7409e56def"
|
|
33
33
|
}
|
|
34
34
|
],
|
|
35
35
|
"externalReferences": [
|
|
36
36
|
{
|
|
37
37
|
"type": "distribution",
|
|
38
|
-
"url": "https://www.npmjs.com/package/@blamejs/exceptd-skills/v/0.16.
|
|
38
|
+
"url": "https://www.npmjs.com/package/@blamejs/exceptd-skills/v/0.16.19"
|
|
39
39
|
},
|
|
40
40
|
{
|
|
41
41
|
"type": "vcs",
|
|
@@ -54,7 +54,7 @@
|
|
|
54
54
|
},
|
|
55
55
|
{
|
|
56
56
|
"name": "exceptd:skill:count",
|
|
57
|
-
"value": "
|
|
57
|
+
"value": "51"
|
|
58
58
|
},
|
|
59
59
|
{
|
|
60
60
|
"name": "exceptd:integrity:method",
|
|
@@ -86,11 +86,11 @@
|
|
|
86
86
|
"hashes": [
|
|
87
87
|
{
|
|
88
88
|
"alg": "SHA-256",
|
|
89
|
-
"content": "
|
|
89
|
+
"content": "4740bf09effd467a73a8e83ecebab2b70ef6a3c1d67bcf8ec136acb7dcb5544c"
|
|
90
90
|
},
|
|
91
91
|
{
|
|
92
92
|
"alg": "SHA3-512",
|
|
93
|
-
"content": "
|
|
93
|
+
"content": "97916b726fca2bac91639fad98c8793298259cbb7a90cf4e7afcdd5a4f9fd12b48af6520e7e7d0021fb99705c213a02cf583555c4b0aa9f091c3f5d26d12da9e"
|
|
94
94
|
}
|
|
95
95
|
]
|
|
96
96
|
},
|
|
@@ -116,11 +116,11 @@
|
|
|
116
116
|
"hashes": [
|
|
117
117
|
{
|
|
118
118
|
"alg": "SHA-256",
|
|
119
|
-
"content": "
|
|
119
|
+
"content": "ca60373ee55644311ead97a32ed797b010b27bc0965c69107bac882bec7ee569"
|
|
120
120
|
},
|
|
121
121
|
{
|
|
122
122
|
"alg": "SHA3-512",
|
|
123
|
-
"content": "
|
|
123
|
+
"content": "c1afb76a548ea3a5fbc54866d15776b5501f1d04f47261491e7eeaced2945ce5e3d6977f2b3265897b3ee5bf306da2c2898e8670d0cc0f36bc0e2786dfd86139"
|
|
124
124
|
}
|
|
125
125
|
]
|
|
126
126
|
},
|
|
@@ -176,11 +176,11 @@
|
|
|
176
176
|
"hashes": [
|
|
177
177
|
{
|
|
178
178
|
"alg": "SHA-256",
|
|
179
|
-
"content": "
|
|
179
|
+
"content": "81ca9d3388220ac98069b35a594e915e6a6c95f047467f26d75d89d0c917684c"
|
|
180
180
|
},
|
|
181
181
|
{
|
|
182
182
|
"alg": "SHA3-512",
|
|
183
|
-
"content": "
|
|
183
|
+
"content": "cd0bed4f8dd100c272b20d7aecad64d09b9d65dc07551aec2f61ee20aae55978cf1c300ede8bac15d10ed9bbf8ea180aa48dfe3d951497527ee17440da1a696f"
|
|
184
184
|
}
|
|
185
185
|
]
|
|
186
186
|
},
|
|
@@ -281,11 +281,11 @@
|
|
|
281
281
|
"hashes": [
|
|
282
282
|
{
|
|
283
283
|
"alg": "SHA-256",
|
|
284
|
-
"content": "
|
|
284
|
+
"content": "9bcb27a03b259ed458da11b2d8396a1cada67c3c5b3d258945ee2eb031dd3069"
|
|
285
285
|
},
|
|
286
286
|
{
|
|
287
287
|
"alg": "SHA3-512",
|
|
288
|
-
"content": "
|
|
288
|
+
"content": "08c6edcbf777a74bf40f5907a279ebbbce8a886498dfaf37700749609cae23a120061a9f86b0f700f5218d046dfed318445997099f69771ed15b40c8009536e0"
|
|
289
289
|
}
|
|
290
290
|
]
|
|
291
291
|
},
|
|
@@ -341,11 +341,11 @@
|
|
|
341
341
|
"hashes": [
|
|
342
342
|
{
|
|
343
343
|
"alg": "SHA-256",
|
|
344
|
-
"content": "
|
|
344
|
+
"content": "feadd8497221c097d8237fb93d9557c4dbdd70434097da8debd6f5e50ede1b24"
|
|
345
345
|
},
|
|
346
346
|
{
|
|
347
347
|
"alg": "SHA3-512",
|
|
348
|
-
"content": "
|
|
348
|
+
"content": "97119842846c95f910bb1b9ef9ba9b36ebe5d9abe4461c22f9d2ccfda676082d606e2348535416da6e14841ffe4173a0b7399f64adbae9829a2e00eed32ec3c2"
|
|
349
349
|
}
|
|
350
350
|
]
|
|
351
351
|
},
|
|
@@ -461,11 +461,11 @@
|
|
|
461
461
|
"hashes": [
|
|
462
462
|
{
|
|
463
463
|
"alg": "SHA-256",
|
|
464
|
-
"content": "
|
|
464
|
+
"content": "add0916cbecb3c4e0481a544ab1fc6d6b03627f6b2014a4165d28c5e55910cf3"
|
|
465
465
|
},
|
|
466
466
|
{
|
|
467
467
|
"alg": "SHA3-512",
|
|
468
|
-
"content": "
|
|
468
|
+
"content": "a513e1065f7c644b99eb31d8d08aa15dc3dbfce38ce0171ea121c9b9c96ed5d9086be8d6d0b096a0add570e471462c9587b46298aa9db3c9fb33a81d0d531b3a"
|
|
469
469
|
}
|
|
470
470
|
]
|
|
471
471
|
},
|
|
@@ -596,11 +596,11 @@
|
|
|
596
596
|
"hashes": [
|
|
597
597
|
{
|
|
598
598
|
"alg": "SHA-256",
|
|
599
|
-
"content": "
|
|
599
|
+
"content": "6f74bc9a8b5dd04a18931644101d0860b968ba13512f7d5f6b36282b4119978d"
|
|
600
600
|
},
|
|
601
601
|
{
|
|
602
602
|
"alg": "SHA3-512",
|
|
603
|
-
"content": "
|
|
603
|
+
"content": "bed2d8d1e9f210afa4ec9b101a27d9e7b7d84f4e724194bad131ef83d231c0b158c5b0dc30fcbb7415062aadd7f8568e2390c204823b8b13b96044bb324c6654"
|
|
604
604
|
}
|
|
605
605
|
]
|
|
606
606
|
},
|
|
@@ -694,6 +694,21 @@
|
|
|
694
694
|
}
|
|
695
695
|
]
|
|
696
696
|
},
|
|
697
|
+
{
|
|
698
|
+
"bom-ref": "file:data/playbooks/log-injection-telemetry.json",
|
|
699
|
+
"type": "file",
|
|
700
|
+
"name": "data/playbooks/log-injection-telemetry.json",
|
|
701
|
+
"hashes": [
|
|
702
|
+
{
|
|
703
|
+
"alg": "SHA-256",
|
|
704
|
+
"content": "bf1e61d9bba54722e466d6e2d186137337379c148c82e06380dae24f24a1008b"
|
|
705
|
+
},
|
|
706
|
+
{
|
|
707
|
+
"alg": "SHA3-512",
|
|
708
|
+
"content": "09b0cc1faee50235b7d0d5d2f42f25dbbf288f1ed5310d3bb5660a2b2cefd3b868a506c30335e6b7ab3f2a4b1927b468d1c83c0388607f56aacef0639c70ea8d"
|
|
709
|
+
}
|
|
710
|
+
]
|
|
711
|
+
},
|
|
697
712
|
{
|
|
698
713
|
"bom-ref": "file:data/playbooks/mail-server-hardening.json",
|
|
699
714
|
"type": "file",
|
|
@@ -769,6 +784,21 @@
|
|
|
769
784
|
}
|
|
770
785
|
]
|
|
771
786
|
},
|
|
787
|
+
{
|
|
788
|
+
"bom-ref": "file:data/playbooks/privacy-consent-ops.json",
|
|
789
|
+
"type": "file",
|
|
790
|
+
"name": "data/playbooks/privacy-consent-ops.json",
|
|
791
|
+
"hashes": [
|
|
792
|
+
{
|
|
793
|
+
"alg": "SHA-256",
|
|
794
|
+
"content": "a1545f8028ffd100d8d2ab52099196a2d200d593f07916e71ba5e5a27b817a38"
|
|
795
|
+
},
|
|
796
|
+
{
|
|
797
|
+
"alg": "SHA3-512",
|
|
798
|
+
"content": "94431fca8e351cf2af3f409c4494358500087d7baade07896d4ab2b19b3c45b74ec6e50ab2e9a79bcd3a7ab54808811669dce6d6775b8eccbf4b010960e818e1"
|
|
799
|
+
}
|
|
800
|
+
]
|
|
801
|
+
},
|
|
772
802
|
{
|
|
773
803
|
"bom-ref": "file:data/playbooks/ransomware.json",
|
|
774
804
|
"type": "file",
|
|
@@ -821,11 +851,11 @@
|
|
|
821
851
|
"hashes": [
|
|
822
852
|
{
|
|
823
853
|
"alg": "SHA-256",
|
|
824
|
-
"content": "
|
|
854
|
+
"content": "468a961bf742b16acc2b0b33836d2c23cab00a137a24f52b6f3c38b10cb8e9de"
|
|
825
855
|
},
|
|
826
856
|
{
|
|
827
857
|
"alg": "SHA3-512",
|
|
828
|
-
"content": "
|
|
858
|
+
"content": "4ce105608fefd603bb493ad2d02c24279110c39011b5392cf2f218c2db2fbc22c86e3a3d1de24af3bc6319447599557df88be6c728cf8f81af86ad028458f58a"
|
|
829
859
|
}
|
|
830
860
|
]
|
|
831
861
|
},
|
|
@@ -1826,11 +1856,11 @@
|
|
|
1826
1856
|
"hashes": [
|
|
1827
1857
|
{
|
|
1828
1858
|
"alg": "SHA-256",
|
|
1829
|
-
"content": "
|
|
1859
|
+
"content": "faa01f939b1473c436cd81d614612593e92034e1119518e4e44f61e37b35de8b"
|
|
1830
1860
|
},
|
|
1831
1861
|
{
|
|
1832
1862
|
"alg": "SHA3-512",
|
|
1833
|
-
"content": "
|
|
1863
|
+
"content": "5b84120225b544abcbfd2e87555b71293105c843fe2595c7b0fc4f92c78e3a39291e6a92600d1bbf0fd3ce09de9968799686a8a23555ceb63d17dd56d0162f58"
|
|
1834
1864
|
}
|
|
1835
1865
|
]
|
|
1836
1866
|
},
|
|
@@ -1841,11 +1871,11 @@
|
|
|
1841
1871
|
"hashes": [
|
|
1842
1872
|
{
|
|
1843
1873
|
"alg": "SHA-256",
|
|
1844
|
-
"content": "
|
|
1874
|
+
"content": "99279ed5a5a7ddb3f00e639b956a83bb2df492288db176f4c3d55dc498949c17"
|
|
1845
1875
|
},
|
|
1846
1876
|
{
|
|
1847
1877
|
"alg": "SHA3-512",
|
|
1848
|
-
"content": "
|
|
1878
|
+
"content": "3bb717a033303c961161784e1fd4da815da62106baaf62863c3f6e950b600cd36fb3faba663e49add7853f13137789ccad7884034a7638d11a15706548ec03a5"
|
|
1849
1879
|
}
|
|
1850
1880
|
]
|
|
1851
1881
|
},
|
|
@@ -1856,11 +1886,11 @@
|
|
|
1856
1886
|
"hashes": [
|
|
1857
1887
|
{
|
|
1858
1888
|
"alg": "SHA-256",
|
|
1859
|
-
"content": "
|
|
1889
|
+
"content": "7b4d7758ddd3db55f2abb0b09a2985fb7f8e99e34f5bf1c90f3e4c044aa3dfab"
|
|
1860
1890
|
},
|
|
1861
1891
|
{
|
|
1862
1892
|
"alg": "SHA3-512",
|
|
1863
|
-
"content": "
|
|
1893
|
+
"content": "2546ddb0470d1f13208d983cd7b16aafa1c28da6837200abc9abd3116200f393b03fc7fa075519235a12f0132e65530a713a908f00e922f48a9187e816839431"
|
|
1864
1894
|
}
|
|
1865
1895
|
]
|
|
1866
1896
|
},
|
|
@@ -3019,6 +3049,21 @@
|
|
|
3019
3049
|
}
|
|
3020
3050
|
]
|
|
3021
3051
|
},
|
|
3052
|
+
{
|
|
3053
|
+
"bom-ref": "file:skills/log-injection-telemetry/skill.md",
|
|
3054
|
+
"type": "file",
|
|
3055
|
+
"name": "skills/log-injection-telemetry/skill.md",
|
|
3056
|
+
"hashes": [
|
|
3057
|
+
{
|
|
3058
|
+
"alg": "SHA-256",
|
|
3059
|
+
"content": "69c4e65c6f78703b923c2455a5ecf5a6d79fcc28d56fff57acb2605639231104"
|
|
3060
|
+
},
|
|
3061
|
+
{
|
|
3062
|
+
"alg": "SHA3-512",
|
|
3063
|
+
"content": "5bc5fb49f8c899647a1dea53c657f96a712b7c1e2dc20416152a3a28a9573fd46201310514f4c64c0495519bf24247477fff59083e7f920dfe7ea77bfa2ff8d6"
|
|
3064
|
+
}
|
|
3065
|
+
]
|
|
3066
|
+
},
|
|
3022
3067
|
{
|
|
3023
3068
|
"bom-ref": "file:skills/mail-server-hardening/skill.md",
|
|
3024
3069
|
"type": "file",
|
|
@@ -3139,6 +3184,21 @@
|
|
|
3139
3184
|
}
|
|
3140
3185
|
]
|
|
3141
3186
|
},
|
|
3187
|
+
{
|
|
3188
|
+
"bom-ref": "file:skills/privacy-consent-ops/skill.md",
|
|
3189
|
+
"type": "file",
|
|
3190
|
+
"name": "skills/privacy-consent-ops/skill.md",
|
|
3191
|
+
"hashes": [
|
|
3192
|
+
{
|
|
3193
|
+
"alg": "SHA-256",
|
|
3194
|
+
"content": "6c14052577178f0cffc943c2d7f1ac2aca6704cca912ce7492d9eac88a1c6d88"
|
|
3195
|
+
},
|
|
3196
|
+
{
|
|
3197
|
+
"alg": "SHA3-512",
|
|
3198
|
+
"content": "8f39f408d80a2ee83d874c50308facb8722f57c8be26b01255e032949f7e40d41ce2464dd48f1b9b99adad9006c22c0254338faf6a41ee17c4fa054dee60a304"
|
|
3199
|
+
}
|
|
3200
|
+
]
|
|
3201
|
+
},
|
|
3142
3202
|
{
|
|
3143
3203
|
"bom-ref": "file:skills/rag-pipeline-security/skill.md",
|
|
3144
3204
|
"type": "file",
|
|
@@ -0,0 +1,80 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: log-injection-telemetry
|
|
3
|
+
version: "1.0.0"
|
|
4
|
+
description: Telemetry-pipeline integrity for mid-2026 — CR/LF log-injection neutralization across every sink, secret/PII redaction before shipping, authenticated metrics endpoints, and exporter destination allowlisting, secret-store credentials, verified TLS, and webhook SSRF guarding
|
|
5
|
+
triggers:
|
|
6
|
+
- log injection
|
|
7
|
+
- crlf injection
|
|
8
|
+
- log forging
|
|
9
|
+
- telemetry integrity
|
|
10
|
+
- secrets in logs
|
|
11
|
+
- log redaction
|
|
12
|
+
- metrics endpoint exposure
|
|
13
|
+
- prometheus exposure
|
|
14
|
+
- otlp exporter
|
|
15
|
+
- cloudwatch
|
|
16
|
+
- webhook sink
|
|
17
|
+
- exporter ssrf
|
|
18
|
+
- observability security
|
|
19
|
+
- log sink
|
|
20
|
+
- telemetry exfiltration
|
|
21
|
+
discovery_mode: standalone
|
|
22
|
+
data_deps:
|
|
23
|
+
- cve-catalog.json
|
|
24
|
+
- atlas-ttps.json
|
|
25
|
+
- attack-techniques.json
|
|
26
|
+
- framework-control-gaps.json
|
|
27
|
+
- cwe-catalog.json
|
|
28
|
+
- rfc-references.json
|
|
29
|
+
atlas_refs: []
|
|
30
|
+
attack_refs:
|
|
31
|
+
- T1565.001
|
|
32
|
+
- T1530
|
|
33
|
+
- T1213
|
|
34
|
+
framework_gaps:
|
|
35
|
+
- NIST-800-53-SI-2
|
|
36
|
+
- ISO-27001-2022-A.8.15
|
|
37
|
+
- NIS2-Art21-network-security
|
|
38
|
+
- UK-CAF-B4
|
|
39
|
+
- AU-ISM-1556
|
|
40
|
+
cwe_refs:
|
|
41
|
+
- CWE-117
|
|
42
|
+
- CWE-532
|
|
43
|
+
- CWE-918
|
|
44
|
+
- CWE-200
|
|
45
|
+
last_threat_review: "2026-06-02"
|
|
46
|
+
---
|
|
47
|
+
|
|
48
|
+
# Telemetry-Pipeline Integrity (Log Injection + Sink Confidentiality)
|
|
49
|
+
|
|
50
|
+
## Threat Context (mid-2026)
|
|
51
|
+
|
|
52
|
+
The telemetry pipeline is both an integrity target and a confidentiality leak that "we centralize all logs" does not address. Integrity: un-sanitized CR/LF in interpolated log values lets an attacker forge or split log entries — injecting fake lines, breaking the log parser, or hiding their own actions — corrupting the observability record incident response depends on. Confidentiality: secrets and PII logged without a redaction pass persist in every downstream sink (SIEM, cloud log service); an unauthenticated /metrics or debug endpoint leaks internal topology and operational state; exporters (OTLP, CloudWatch, webhook) that ship to un-inventoried or input-derived destinations become exfiltration and SSRF channels; embedded sink credentials and plaintext export widen the exposure. These are pipeline-posture gaps, not log-volume gaps.
|
|
53
|
+
|
|
54
|
+
## Framework Lag Declaration
|
|
55
|
+
|
|
56
|
+
Organisational logging controls require events be recorded, centralized, and access-controlled. NIST 800-53 AU-9 (protection of audit information) is attested by access controls on the log store and does not address CR/LF log injection that forges entries before they reach the store. SI-11 (error handling / output neutralization) is named generally but not operationalised as per-sink CR/LF neutralization or secret redaction. ISO 27001 A.8.15 is met with "we log and protect logs." None address telemetry-exporter egress, SSRF, or unauthenticated metrics. A clean "we centralize logs to a SIEM with access controls" audit is therefore NON-EVIDENCE for telemetry-pipeline integrity; it confirms log presence and store ACLs, not neutralization, redaction, metrics auth, or exporter posture.
|
|
57
|
+
|
|
58
|
+
## TTP Mapping
|
|
59
|
+
|
|
60
|
+
The telemetry-pipeline failures map to MITRE ATT&CK: **T1565.001 (Stored Data Manipulation)** for CR/LF log forging that rewrites or splits the audit record; **T1530 (Data from Cloud Storage / shipped telemetry)** for secrets/PII leaking through logs, exporter exfiltration, and webhook-sink SSRF reaching internal services; and **T1213 (Data from Information Repositories)** for an unauthenticated metrics/debug endpoint disclosing internal state. The weakness classes are CWE-117 (improper output neutralization for logs — log injection), CWE-532 (insertion of sensitive information into log files), CWE-918 (server-side request forgery — exporter/webhook egress), and CWE-200 (exposure of sensitive information — unauthenticated metrics).
|
|
61
|
+
|
|
62
|
+
## Exploit Availability Matrix
|
|
63
|
+
|
|
64
|
+
These are pipeline-posture gaps, so the exploit is the absent control. CR/LF log injection requires only a request field that reaches a line-oriented sink un-neutralized — trivially reproduced. Secrets in logs are harvested wherever the logs land. An unauthenticated /metrics is a single unauthenticated GET. A webhook sink pointed at the cloud metadata endpoint is an SSRF with commodity payloads. The real-world priority is set by whether secrets/PII leak across every downstream sink (credential/PII breach), whether the audit record can be forged (defeating incident response), or whether the telemetry process can be turned into an SSRF channel to the internal network or metadata service.
|
|
65
|
+
|
|
66
|
+
## Analysis Procedure
|
|
67
|
+
|
|
68
|
+
1. Enumerate every log/trace/metric sink and exporter, and every metrics/debug endpoint. 2. Confirm each sink neutralizes CR/LF + control characters in interpolated values (or uses a structured format that cannot be line-split) — note any sink other than syslog that does not. 3. Confirm a redaction pass strips secrets/PII before values reach any sink. 4. Confirm metrics/debug endpoints require authentication or are bound to a private scrape network. 5. Confirm exporter destinations are an inventoried allowlist (not input-derived), credentials come from a secret store, and export uses verified TLS. 6. Confirm webhook sinks allowlist their URL and refuse private/link-local/metadata addresses. Run the `log-injection-telemetry` playbook to execute these as detect indicators with false-positive checks, then score by leakage breadth, audit-record corruptibility, and SSRF reach.
|
|
69
|
+
|
|
70
|
+
## Output Format
|
|
71
|
+
|
|
72
|
+
Report per sink/exporter/endpoint, marking each control enforced / missing / inconclusive (visibility gap). For every missing control, state whether it leaks secrets/PII across sinks, allows forging the audit record, or enables exfil/SSRF from the telemetry process, and whether the surface is internet-reachable. Distinguish a control enforced at a lower layer (a sanitizing collector/sidecar, a private scrape network) from an absent one. Provide the prioritised remediation (neutralize CR/LF + redact per sink, authenticate/private metrics, allowlist exporters with secret-store credentials over verified TLS, SSRF-guard webhook sinks) and the negative validation tests (CR/LF neutralized, secret redacted, metrics requires auth, webhook SSRF blocked) plus a functional test that legitimate telemetry still flows.
|
|
73
|
+
|
|
74
|
+
## Compliance Theater Check
|
|
75
|
+
|
|
76
|
+
The recurring theater is "we centralize all logs to a SIEM, so logging is handled," "the log store has access controls, so logs are protected," and "our metrics are internal-only." Centralization is not integrity or confidentiality; store ACLs do not stop injection at write time; an "internal" /metrics is often reachable via a default all-interfaces bind or an exposed ingress. The distinguishing test: inject CR/LF into a logged value and check for a forged line; log a secret and check redaction; reach /metrics unauthenticated; inspect exporter destinations, credentials, and TLS. If forging, secret leakage, or exfil/SSRF succeeds, centralization did not protect the pipeline and the assurance is paper.
|
|
77
|
+
|
|
78
|
+
## Defensive Countermeasure Mapping
|
|
79
|
+
|
|
80
|
+
Map findings to MITRE D3FEND: per-sink CR/LF neutralization realises Message Encoding / Output Neutralization (countering T1565.001 log forging); secret/PII redaction realises Sensitive-Data Scrubbing (countering T1530 leakage); metrics-endpoint authentication realises Network Traffic Filtering and Authentication Enforcement (countering T1213 disclosure); exporter destination allowlisting, secret-store credentials, verified TLS, and webhook SSRF guards realise Outbound Traffic Filtering and Resolution-Trust (countering T1530 exfil / SSRF). Pair the redaction pass with the dlp-gap-analysis skill for the broader data-egress picture, without duplicating its LLM/RAG focus. The residual risk is the inherent sensitivity of telemetry held in a legitimate access-controlled store, accepted at the CISO level.
|
|
@@ -0,0 +1,80 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: privacy-consent-ops
|
|
3
|
+
version: "1.0.0"
|
|
4
|
+
description: Privacy, consent, and sanctions operational integrity for mid-2026 — confusable/homoglyph normalization before sanctions screening, integrity-bound and re-validated consent records, evidence-gated and downstream-propagated DSR erasure, and ROPA reconciliation against actual processing
|
|
5
|
+
triggers:
|
|
6
|
+
- privacy operations
|
|
7
|
+
- consent integrity
|
|
8
|
+
- sanctions screening
|
|
9
|
+
- ofac screening
|
|
10
|
+
- homoglyph evasion
|
|
11
|
+
- confusable normalization
|
|
12
|
+
- iab tcf
|
|
13
|
+
- mspa
|
|
14
|
+
- consent string
|
|
15
|
+
- dsr
|
|
16
|
+
- right to erasure
|
|
17
|
+
- right to be forgotten
|
|
18
|
+
- gdpr article 17
|
|
19
|
+
- ropa
|
|
20
|
+
- record of processing
|
|
21
|
+
- data subject request
|
|
22
|
+
discovery_mode: standalone
|
|
23
|
+
data_deps:
|
|
24
|
+
- cve-catalog.json
|
|
25
|
+
- atlas-ttps.json
|
|
26
|
+
- attack-techniques.json
|
|
27
|
+
- framework-control-gaps.json
|
|
28
|
+
- cwe-catalog.json
|
|
29
|
+
- rfc-references.json
|
|
30
|
+
atlas_refs: []
|
|
31
|
+
attack_refs:
|
|
32
|
+
- T1036
|
|
33
|
+
- T1565.001
|
|
34
|
+
- T1070
|
|
35
|
+
framework_gaps:
|
|
36
|
+
- NIST-800-53-SI-2
|
|
37
|
+
- NIS2-Art21-network-security
|
|
38
|
+
- UK-CAF-B4
|
|
39
|
+
- AU-ISM-1556
|
|
40
|
+
cwe_refs:
|
|
41
|
+
- CWE-807
|
|
42
|
+
- CWE-345
|
|
43
|
+
- CWE-778
|
|
44
|
+
- CWE-672
|
|
45
|
+
last_threat_review: "2026-06-02"
|
|
46
|
+
---
|
|
47
|
+
|
|
48
|
+
# Privacy / Consent / Sanctions Operational Integrity
|
|
49
|
+
|
|
50
|
+
## Threat Context (mid-2026)
|
|
51
|
+
|
|
52
|
+
Privacy and sanctions controls fail operationally even when they exist on paper. A sanctions screen that compares raw strings is evaded by a listed name spelled with confusable Unicode (Cyrillic/Latin lookalikes, combining marks, zero-width characters) — or simply by an alias or transliteration the screen does not cover. A consent signal (IAB TCF / MSPA or first-party) trusted from the client with no integrity binding to a server-side consent_log is forgeable and stale-by-default, and continuing to process on a cached signal after withdrawal is unlawful. A data-subject erasure marked "completed" without per-store proof, and not propagated to backups, indexes, warehouses, and processors, leaves live personal data behind while the organisation asserts compliance. A ROPA that drifts from actual processing hides flows that escape the consent/retention/DSR analysis entirely.
|
|
53
|
+
|
|
54
|
+
## Framework Lag Declaration
|
|
55
|
+
|
|
56
|
+
Organisational privacy and sanctions controls are attested by having the process — a screening vendor, a consent banner, a DSR queue, a ROPA document. NIST 800-53 SI-10 (input validation) does not require Unicode confusable normalization before a sanctions-screening decision. ISO 27001 A.5.34 (privacy / PII) is met by having consent and DSR processes and does not require the consent signal be integrity-bound or the erasure be evidence-backed and propagated. A clean "we screen against OFAC, capture consent, complete DSRs, and maintain a ROPA" audit is therefore NON-EVIDENCE for operational integrity; it confirms the processes exist, not that screening normalizes confusables, consent is server-bound and re-validated, erasure is evidence-gated and propagated, and the ROPA matches reality.
|
|
57
|
+
|
|
58
|
+
## TTP Mapping
|
|
59
|
+
|
|
60
|
+
The privacy/sanctions failures map to MITRE ATT&CK: **T1036 (Masquerading)** for a prohibited party spelling a sanctioned name with homoglyphs or an uncovered alias to evade screening; **T1565.001 (Stored Data Manipulation)** for forging or replaying a consent signal with no authoritative record, and for an erasure status falsely marked "completed"; and **T1070 (Indicator Removal)** for claiming erasure that removes the compliance indicator while live copies survive downstream. The weakness classes are CWE-807 (reliance on untrusted inputs in a security decision — unnormalized screening input), CWE-345 (insufficient verification of data authenticity — unbound consent), CWE-778 (insufficient logging — unevidenced erasure / drifted ROPA), and CWE-672 (operation on a resource after expiration — processing on withdrawn/expired consent).
|
|
61
|
+
|
|
62
|
+
## Exploit Availability Matrix
|
|
63
|
+
|
|
64
|
+
These are operational-integrity gaps, so the exploit is the absent control, reproduced with trivial means. A homoglyph-spelled sanctioned name is a copy-paste with lookalike code points; an alias variant is in the sanction list's own alias data. A forged consent string is a crafted request when no server record reconciles it. A falsely-completed erasure needs no attacker at all — it surfaces on audit or a re-request. The real-world priority is set by whether a prohibited party can clear screening on a live onboarding/payment path (regulatory + legal exposure) or whether personal data is systemically unlawfully processed or un-erased across the data estate (false compliance at scale).
|
|
65
|
+
|
|
66
|
+
## Analysis Procedure
|
|
67
|
+
|
|
68
|
+
1. Inspect the sanctions screen: does it normalize to a confusable-folded skeleton (NFKC + Unicode confusable folding) and apply the list's aliases + transliteration + bounded fuzzy match before deciding? 2. Inspect consent: is the signal integrity-bound to a server-side consent_log and re-validated (purpose, expiry, withdrawal) at processing time, not just capture? 3. Inspect DSR erasure: is "completed" gated on per-store deletion evidence, and is erasure propagated to every downstream copy and processor on a maintained data-map? 4. Inspect the ROPA: is it reconciled against actual data flows / processors on a cadence? Run the `privacy-consent-ops` playbook to execute these as detect indicators with false-positive checks, then score by prohibited-party admission risk and the breadth of unlawful / un-erased processing.
|
|
69
|
+
|
|
70
|
+
## Output Format
|
|
71
|
+
|
|
72
|
+
Report per control (sanctions screening, consent, DSR erasure, ROPA), marking each enforced / missing / inconclusive (visibility gap). For every missing control, state whether a prohibited party could clear screening, whether personal data is unlawfully processed or un-erased, and the affected population. Distinguish a control enforced by a dedicated layer (a confusable-folding screen, a consent platform, an evidence-gated workflow) from an absent one. Provide the prioritised remediation (normalize + alias/fuzzy screen, server-bind + re-validate consent, evidence-gate + propagate erasure, reconcile ROPA) and the negative validation tests (homoglyph name screened, forged consent rejected, erasure-completion gated) plus a functional test that legitimate parties, consents, and erasures proceed.
|
|
73
|
+
|
|
74
|
+
## Compliance Theater Check
|
|
75
|
+
|
|
76
|
+
The recurring theater is "we screen all parties against OFAC," "we capture user consent," and "erasure requests are completed." The distinguishing tests: submit a Cyrillic-lookalike spelling of a listed name (if it passes, the screen compares raw strings without confusable normalization); ask whether the consent signal is server-bound and re-validated (a client-presented string with no record is forgeable and stale); ask for the per-store erasure evidence and the downstream-propagation map (a "completed" flag with no proof leaves records live in indexes, backups, and processors). If any control reports success while the obligation is unmet, the process is paper and the verdict is theater.
|
|
77
|
+
|
|
78
|
+
## Defensive Countermeasure Mapping
|
|
79
|
+
|
|
80
|
+
Map findings to MITRE D3FEND: confusable-folding + alias/fuzzy screening realises Input Normalization and Identifier Reputation Analysis (countering T1036 evasion); server-bound + re-validated consent realises Authentication-Token Verification and Stored-Record Integrity (countering T1565.001 forged/stale consent); evidence-gated + propagated erasure realises Verifiable Deletion and Data-Inventory Mapping (countering T1070 false-erasure claims); ROPA reconciliation realises Asset/Processing Inventory accuracy. The sanctions-normalization control reuses the vendored Unicode confusable / codepoint-class tooling. The residual risk is a novel transliteration the alias list does not cover and a processor retaining data outside the data-map, accepted at the CISO level with periodic re-reconciliation.
|