@zerothreatai/vulnerability-registry 4.0.0 → 6.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (99) hide show
  1. package/dist/categories/authentication.js +17 -17
  2. package/dist/categories/configuration.js +80 -80
  3. package/dist/categories/injection.js +34 -34
  4. package/dist/categories/sensitive-paths.js +84 -84
  5. package/dist/categories/ssrf.js +11 -11
  6. package/dist/categories/xss.js +15 -15
  7. package/dist/compliance-codes.d.ts +207 -0
  8. package/dist/compliance-codes.js +213 -0
  9. package/dist/compliances/gdpr.d.ts +2 -0
  10. package/dist/compliances/gdpr.js +252 -0
  11. package/dist/compliances/helpers.d.ts +6 -0
  12. package/dist/compliances/helpers.js +11 -0
  13. package/dist/compliances/hipaa.d.ts +2 -0
  14. package/dist/compliances/hipaa.js +187 -0
  15. package/dist/compliances/index.d.ts +5 -0
  16. package/dist/compliances/index.js +5 -0
  17. package/dist/compliances/owasp.d.ts +2 -0
  18. package/dist/compliances/owasp.js +127 -0
  19. package/dist/compliances/pci-dss.d.ts +2 -0
  20. package/dist/compliances/pci-dss.js +260 -0
  21. package/dist/compliances/sans-top-25.d.ts +2 -0
  22. package/dist/compliances/sans-top-25.js +242 -0
  23. package/dist/index.d.ts +7 -1
  24. package/dist/index.js +7 -1
  25. package/dist/types.d.ts +33 -0
  26. package/dist/types.js +11 -1
  27. package/dist-cjs/categories/authentication.js +17 -17
  28. package/dist-cjs/categories/configuration.js +80 -80
  29. package/dist-cjs/categories/injection.js +34 -34
  30. package/dist-cjs/categories/sensitive-paths.js +84 -84
  31. package/dist-cjs/categories/ssrf.js +11 -11
  32. package/dist-cjs/categories/xss.js +15 -15
  33. package/dist-cjs/compliance-codes.js +216 -0
  34. package/dist-cjs/compliances/gdpr.js +255 -0
  35. package/dist-cjs/compliances/helpers.js +19 -0
  36. package/dist-cjs/compliances/hipaa.js +190 -0
  37. package/dist-cjs/compliances/index.js +13 -0
  38. package/dist-cjs/compliances/owasp.js +130 -0
  39. package/dist-cjs/compliances/pci-dss.js +263 -0
  40. package/dist-cjs/compliances/sans-top-25.js +245 -0
  41. package/dist-cjs/index.js +12 -1
  42. package/dist-cjs/types.js +12 -0
  43. package/package.json +40 -32
  44. package/scripts/assign-ids.ts +105 -0
  45. package/scripts/check-duplicate-ids.ts +45 -0
  46. package/src/categories/authentication.ts +17 -17
  47. package/src/categories/configuration.ts +80 -80
  48. package/src/categories/injection.ts +34 -34
  49. package/src/categories/sensitive-paths.ts +84 -84
  50. package/src/categories/ssrf.ts +11 -11
  51. package/src/categories/xss.ts +15 -15
  52. package/src/compliance-codes.ts +216 -0
  53. package/src/compliances/README.md +82 -0
  54. package/src/compliances/gdpr.ts +258 -0
  55. package/src/compliances/helpers.ts +29 -0
  56. package/src/compliances/hipaa.ts +193 -0
  57. package/src/compliances/index.ts +5 -0
  58. package/src/compliances/owasp.ts +133 -0
  59. package/src/compliances/pci-dss.ts +266 -0
  60. package/src/compliances/sans-top-25.ts +246 -0
  61. package/src/id-registry.json +1235 -0
  62. package/src/index.ts +12 -1
  63. package/src/types.ts +40 -4
  64. package/src/categories/authentication.d.ts +0 -8
  65. package/src/categories/authentication.d.ts.map +0 -1
  66. package/src/categories/authentication.js +0 -392
  67. package/src/categories/authentication.js.map +0 -1
  68. package/src/categories/configuration.d.ts +0 -8
  69. package/src/categories/configuration.d.ts.map +0 -1
  70. package/src/categories/configuration.js +0 -1782
  71. package/src/categories/configuration.js.map +0 -1
  72. package/src/categories/injection.d.ts +0 -8
  73. package/src/categories/injection.d.ts.map +0 -1
  74. package/src/categories/injection.js +0 -781
  75. package/src/categories/injection.js.map +0 -1
  76. package/src/categories/sensitive-paths.d.ts +0 -9
  77. package/src/categories/sensitive-paths.d.ts.map +0 -1
  78. package/src/categories/sensitive-paths.js +0 -1872
  79. package/src/categories/sensitive-paths.js.map +0 -1
  80. package/src/categories/ssrf.d.ts +0 -8
  81. package/src/categories/ssrf.d.ts.map +0 -1
  82. package/src/categories/ssrf.js +0 -258
  83. package/src/categories/ssrf.js.map +0 -1
  84. package/src/categories/xss.d.ts +0 -7
  85. package/src/categories/xss.d.ts.map +0 -1
  86. package/src/categories/xss.js +0 -340
  87. package/src/categories/xss.js.map +0 -1
  88. package/src/error-codes.d.ts +0 -280
  89. package/src/error-codes.d.ts.map +0 -1
  90. package/src/error-codes.js +0 -350
  91. package/src/error-codes.js.map +0 -1
  92. package/src/index.d.ts +0 -60
  93. package/src/index.d.ts.map +0 -1
  94. package/src/index.js +0 -92
  95. package/src/index.js.map +0 -1
  96. package/src/types.d.ts +0 -88
  97. package/src/types.d.ts.map +0 -1
  98. package/src/types.js +0 -6
  99. package/src/types.js.map +0 -1
package/src/id-registry.json ADDED
@@ -0,0 +1,1235 @@
1
+ {
2
+ "ranges": {
3
+ "authentication": [
4
+ 100,
5
+ 199
6
+ ],
7
+ "configuration": [
8
+ 200,
9
+ 299
10
+ ],
11
+ "injection": [
12
+ 300,
13
+ 399
14
+ ],
15
+ "xss": [
16
+ 400,
17
+ 449
18
+ ],
19
+ "ssrf": [
20
+ 450,
21
+ 499
22
+ ],
23
+ "sensitive-paths": [
24
+ 500,
25
+ 699
26
+ ]
27
+ },
28
+ "entries": [
29
+ {
30
+ "code": "JWT_NONE_ALGORITHM",
31
+ "category": "authentication",
32
+ "id": 100
33
+ },
34
+ {
35
+ "code": "JWT_WEAK_SECRET",
36
+ "category": "authentication",
37
+ "id": 101
38
+ },
39
+ {
40
+ "code": "JWT_KEY_CONFUSION",
41
+ "category": "authentication",
42
+ "id": 102
43
+ },
44
+ {
45
+ "code": "BAC_ANONYMOUS_ACCESS",
46
+ "category": "authentication",
47
+ "id": 103
48
+ },
49
+ {
50
+ "code": "BAC_IDOR",
51
+ "category": "authentication",
52
+ "id": 104
53
+ },
54
+ {
55
+ "code": "BAC_VERTICAL_PRIVILEGE",
56
+ "category": "authentication",
57
+ "id": 105
58
+ },
59
+ {
60
+ "code": "MASSASSIGN_ROLE_ESCALATION",
61
+ "category": "authentication",
62
+ "id": 106
63
+ },
64
+ {
65
+ "code": "MASSASSIGN_PROTOTYPE_POLLUTION",
66
+ "category": "authentication",
67
+ "id": 107
68
+ },
69
+ {
70
+ "code": "JWT_EXPIRED_TOKEN",
71
+ "category": "authentication",
72
+ "id": 108
73
+ },
74
+ {
75
+ "code": "JWT_MISSING_CLAIMS",
76
+ "category": "authentication",
77
+ "id": 109
78
+ },
79
+ {
80
+ "code": "BAC_HORIZONTAL_PRIVILEGE",
81
+ "category": "authentication",
82
+ "id": 110
83
+ },
84
+ {
85
+ "code": "MASSASSIGN_HIDDEN_FIELD",
86
+ "category": "authentication",
87
+ "id": 111
88
+ },
89
+ {
90
+ "code": "JWT_CLAIM_TAMPERING",
91
+ "category": "authentication",
92
+ "id": 112
93
+ },
94
+ {
95
+ "code": "JWT_KID_INJECTION",
96
+ "category": "authentication",
97
+ "id": 113
98
+ },
99
+ {
100
+ "code": "JWT_JKU_INJECTION",
101
+ "category": "authentication",
102
+ "id": 114
103
+ },
104
+ {
105
+ "code": "JWT_EMBEDDED_JWK",
106
+ "category": "authentication",
107
+ "id": 115
108
+ },
109
+ {
110
+ "code": "JWT_X5C_INJECTION",
111
+ "category": "authentication",
112
+ "id": 116
113
+ },
114
+ {
115
+ "code": "HEADER_MISSING_CSP",
116
+ "category": "configuration",
117
+ "id": 200
118
+ },
119
+ {
120
+ "code": "HEADER_MISSING_HSTS",
121
+ "category": "configuration",
122
+ "id": 201
123
+ },
124
+ {
125
+ "code": "HEADER_HSTS_BAD_MAX_AGE",
126
+ "category": "configuration",
127
+ "id": 202
128
+ },
129
+ {
130
+ "code": "HEADER_HSTS_SHORT_MAX_AGE",
131
+ "category": "configuration",
132
+ "id": 203
133
+ },
134
+ {
135
+ "code": "HEADER_HSTS_NO_INCLUDESUBDOMAINS",
136
+ "category": "configuration",
137
+ "id": 204
138
+ },
139
+ {
140
+ "code": "HEADER_HSTS_PRELOAD_LOW_MAX_AGE",
141
+ "category": "configuration",
142
+ "id": 205
143
+ },
144
+ {
145
+ "code": "HEADER_MISSING_XFRAME",
146
+ "category": "configuration",
147
+ "id": 206
148
+ },
149
+ {
150
+ "code": "HEADER_WEAK_CSP",
151
+ "category": "configuration",
152
+ "id": 207
153
+ },
154
+ {
155
+ "code": "HEADER_CSP_REPORT_ONLY",
156
+ "category": "configuration",
157
+ "id": 208
158
+ },
159
+ {
160
+ "code": "HEADER_CSP_WEAK_DIRECTIVES",
161
+ "category": "configuration",
162
+ "id": 209
163
+ },
164
+ {
165
+ "code": "HEADER_CSP_DATA_URI_SCRIPT",
166
+ "category": "configuration",
167
+ "id": 210
168
+ },
169
+ {
170
+ "code": "HEADER_CSP_BLOB_URI_SCRIPT",
171
+ "category": "configuration",
172
+ "id": 211
173
+ },
174
+ {
175
+ "code": "HEADER_CSP_WILDCARD_DEFAULT",
176
+ "category": "configuration",
177
+ "id": 212
178
+ },
179
+ {
180
+ "code": "HEADER_CSP_NO_BASE_URI",
181
+ "category": "configuration",
182
+ "id": 213
183
+ },
184
+ {
185
+ "code": "HEADER_CSP_NO_OBJECT_SRC",
186
+ "category": "configuration",
187
+ "id": 214
188
+ },
189
+ {
190
+ "code": "HEADER_CSP_NO_FRAME_ANCESTORS",
191
+ "category": "configuration",
192
+ "id": 215
193
+ },
194
+ {
195
+ "code": "HEADER_CORS_MISCONFIGURED",
196
+ "category": "configuration",
197
+ "id": 216
198
+ },
199
+ {
200
+ "code": "HEADER_CORS_STAR_WITH_CREDENTIALS",
201
+ "category": "configuration",
202
+ "id": 217
203
+ },
204
+ {
205
+ "code": "HEADER_CORS_ORIGIN_REFLECT_NO_VARY",
206
+ "category": "configuration",
207
+ "id": 218
208
+ },
209
+ {
210
+ "code": "HEADER_CORS_NULL_ORIGIN",
211
+ "category": "configuration",
212
+ "id": 219
213
+ },
214
+ {
215
+ "code": "HEADER_CORS_WILDCARD_SUBDOMAIN",
216
+ "category": "configuration",
217
+ "id": 220
218
+ },
219
+ {
220
+ "code": "DIRBROWSE_GENERIC",
221
+ "category": "configuration",
222
+ "id": 221
223
+ },
224
+ {
225
+ "code": "DIRBROWSE_GENERIC_SENSITIVE",
226
+ "category": "configuration",
227
+ "id": 222
228
+ },
229
+ {
230
+ "code": "DIRBROWSE_APACHE",
231
+ "category": "configuration",
232
+ "id": 223
233
+ },
234
+ {
235
+ "code": "DIRBROWSE_APACHE_SENSITIVE",
236
+ "category": "configuration",
237
+ "id": 224
238
+ },
239
+ {
240
+ "code": "DIRBROWSE_NGINX",
241
+ "category": "configuration",
242
+ "id": 225
243
+ },
244
+ {
245
+ "code": "DIRBROWSE_NGINX_SENSITIVE",
246
+ "category": "configuration",
247
+ "id": 226
248
+ },
249
+ {
250
+ "code": "DIRBROWSE_IIS",
251
+ "category": "configuration",
252
+ "id": 227
253
+ },
254
+ {
255
+ "code": "DIRBROWSE_IIS_SENSITIVE",
256
+ "category": "configuration",
257
+ "id": 228
258
+ },
259
+ {
260
+ "code": "DIRBROWSE_TOMCAT",
261
+ "category": "configuration",
262
+ "id": 229
263
+ },
264
+ {
265
+ "code": "DIRBROWSE_TOMCAT_SENSITIVE",
266
+ "category": "configuration",
267
+ "id": 230
268
+ },
269
+ {
270
+ "code": "DIRBROWSE_CADDY",
271
+ "category": "configuration",
272
+ "id": 231
273
+ },
274
+ {
275
+ "code": "DIRBROWSE_CADDY_SENSITIVE",
276
+ "category": "configuration",
277
+ "id": 232
278
+ },
279
+ {
280
+ "code": "DIRBROWSE_WEBDAV",
281
+ "category": "configuration",
282
+ "id": 233
283
+ },
284
+ {
285
+ "code": "DIRBROWSE_WEBDAV_SENSITIVE",
286
+ "category": "configuration",
287
+ "id": 234
288
+ },
289
+ {
290
+ "code": "DIRBROWSE_S3",
291
+ "category": "configuration",
292
+ "id": 235
293
+ },
294
+ {
295
+ "code": "DIRBROWSE_S3_SENSITIVE",
296
+ "category": "configuration",
297
+ "id": 236
298
+ },
299
+ {
300
+ "code": "DIRBROWSE_GCS",
301
+ "category": "configuration",
302
+ "id": 237
303
+ },
304
+ {
305
+ "code": "DIRBROWSE_GCS_SENSITIVE",
306
+ "category": "configuration",
307
+ "id": 238
308
+ },
309
+ {
310
+ "code": "DIRBROWSE_AZURE_BLOB",
311
+ "category": "configuration",
312
+ "id": 239
313
+ },
314
+ {
315
+ "code": "DIRBROWSE_AZURE_BLOB_SENSITIVE",
316
+ "category": "configuration",
317
+ "id": 240
318
+ },
319
+ {
320
+ "code": "DIRBROWSE_ENABLED",
321
+ "category": "configuration",
322
+ "id": 241
323
+ },
324
+ {
325
+ "code": "DIRBROWSE_SENSITIVE",
326
+ "category": "configuration",
327
+ "id": 242
328
+ },
329
+ {
330
+ "code": "CLICK_FRAMEABLE",
331
+ "category": "configuration",
332
+ "id": 243
333
+ },
334
+ {
335
+ "code": "DESER_JAVA",
336
+ "category": "configuration",
337
+ "id": 244
338
+ },
339
+ {
340
+ "code": "DESER_PHP",
341
+ "category": "configuration",
342
+ "id": 245
343
+ },
344
+ {
345
+ "code": "DESER_PYTHON",
346
+ "category": "configuration",
347
+ "id": 246
348
+ },
349
+ {
350
+ "code": "DESER_DOTNET",
351
+ "category": "configuration",
352
+ "id": 247
353
+ },
354
+ {
355
+ "code": "DESER_RUBY",
356
+ "category": "configuration",
357
+ "id": 248
358
+ },
359
+ {
360
+ "code": "DESER_NODE",
361
+ "category": "configuration",
362
+ "id": 249
363
+ },
364
+ {
365
+ "code": "CLICK_PARTIAL_PROTECTION",
366
+ "category": "configuration",
367
+ "id": 250
368
+ },
369
+ {
370
+ "code": "HEADER_MISSING_XCONTENT_TYPE",
371
+ "category": "configuration",
372
+ "id": 251
373
+ },
374
+ {
375
+ "code": "HEADER_XCONTENT_TYPE_INVALID",
376
+ "category": "configuration",
377
+ "id": 252
378
+ },
379
+ {
380
+ "code": "HEADER_MISSING_REFERRER_POLICY",
381
+ "category": "configuration",
382
+ "id": 253
383
+ },
384
+ {
385
+ "code": "HEADER_REFERRER_POLICY_UNSAFE",
386
+ "category": "configuration",
387
+ "id": 254
388
+ },
389
+ {
390
+ "code": "HEADER_MISSING_PERMISSIONS_POLICY",
391
+ "category": "configuration",
392
+ "id": 255
393
+ },
394
+ {
395
+ "code": "HEADER_MISSING_XSS_PROTECTION",
396
+ "category": "configuration",
397
+ "id": 256
398
+ },
399
+ {
400
+ "code": "HEADER_COEP_WITHOUT_COOP",
401
+ "category": "configuration",
402
+ "id": 257
403
+ },
404
+ {
405
+ "code": "HEADER_CORP_UNUSUAL",
406
+ "category": "configuration",
407
+ "id": 258
408
+ },
409
+ {
410
+ "code": "HEADER_EXPECT_CT_PRESENT",
411
+ "category": "configuration",
412
+ "id": 259
413
+ },
414
+ {
415
+ "code": "HEADER_SERVER_HEADER_PRESENT",
416
+ "category": "configuration",
417
+ "id": 260
418
+ },
419
+ {
420
+ "code": "HEADER_X_POWERED_BY_PRESENT",
421
+ "category": "configuration",
422
+ "id": 261
423
+ },
424
+ {
425
+ "code": "HEADER_X_XSS_PROTECTION_ENABLED",
426
+ "category": "configuration",
427
+ "id": 262
428
+ },
429
+ {
430
+ "code": "COOKIE_SAMESITE_NONE_WITHOUT_SECURE",
431
+ "category": "configuration",
432
+ "id": 263
433
+ },
434
+ {
435
+ "code": "COOKIE_SESSION_MISSING_SECURE",
436
+ "category": "configuration",
437
+ "id": 264
438
+ },
439
+ {
440
+ "code": "COOKIE_MISSING_SECURE",
441
+ "category": "configuration",
442
+ "id": 265
443
+ },
444
+ {
445
+ "code": "COOKIE_SESSION_MISSING_HTTPONLY",
446
+ "category": "configuration",
447
+ "id": 266
448
+ },
449
+ {
450
+ "code": "COOKIE_MISSING_HTTPONLY",
451
+ "category": "configuration",
452
+ "id": 267
453
+ },
454
+ {
455
+ "code": "COOKIE_MISSING_SAMESITE",
456
+ "category": "configuration",
457
+ "id": 268
458
+ },
459
+ {
460
+ "code": "COOKIE_HOST_PREFIX_INVALID",
461
+ "category": "configuration",
462
+ "id": 269
463
+ },
464
+ {
465
+ "code": "COOKIE_SECURE_PREFIX_INVALID",
466
+ "category": "configuration",
467
+ "id": 270
468
+ },
469
+ {
470
+ "code": "HEADER_DRIFT_CSP",
471
+ "category": "configuration",
472
+ "id": 271
473
+ },
474
+ {
475
+ "code": "HEADER_DRIFT_HSTS",
476
+ "category": "configuration",
477
+ "id": 272
478
+ },
479
+ {
480
+ "code": "HEADER_DRIFT_XCONTENT_TYPE",
481
+ "category": "configuration",
482
+ "id": 273
483
+ },
484
+ {
485
+ "code": "HEADER_DRIFT_REFERRER_POLICY",
486
+ "category": "configuration",
487
+ "id": 274
488
+ },
489
+ {
490
+ "code": "HEADER_DRIFT_XFRAME",
491
+ "category": "configuration",
492
+ "id": 275
493
+ },
494
+ {
495
+ "code": "HEADER_DRIFT_PERMISSIONS_POLICY",
496
+ "category": "configuration",
497
+ "id": 276
498
+ },
499
+ {
500
+ "code": "HEADER_DRIFT_COOP",
501
+ "category": "configuration",
502
+ "id": 277
503
+ },
504
+ {
505
+ "code": "HEADER_DRIFT_COEP",
506
+ "category": "configuration",
507
+ "id": 278
508
+ },
509
+ {
510
+ "code": "HEADER_DRIFT_CORP",
511
+ "category": "configuration",
512
+ "id": 279
513
+ },
514
+ {
515
+ "code": "SQLI_ERROR_BASED",
516
+ "category": "injection",
517
+ "id": 300
518
+ },
519
+ {
520
+ "code": "SQLI_BOOLEAN_BASED",
521
+ "category": "injection",
522
+ "id": 301
523
+ },
524
+ {
525
+ "code": "SQLI_TIME_BASED",
526
+ "category": "injection",
527
+ "id": 302
528
+ },
529
+ {
530
+ "code": "SQLI_STACK_BASED",
531
+ "category": "injection",
532
+ "id": 303
533
+ },
534
+ {
535
+ "code": "SQLI_UNION_BASED",
536
+ "category": "injection",
537
+ "id": 304
538
+ },
539
+ {
540
+ "code": "CMDI_OOB_CONFIRMED",
541
+ "category": "injection",
542
+ "id": 305
543
+ },
544
+ {
545
+ "code": "CMDI_REFLECTED",
546
+ "category": "injection",
547
+ "id": 306
548
+ },
549
+ {
550
+ "code": "CMDI_TIME_BASED",
551
+ "category": "injection",
552
+ "id": 307
553
+ },
554
+ {
555
+ "code": "CMDI_ERROR_BASED",
556
+ "category": "injection",
557
+ "id": 308
558
+ },
559
+ {
560
+ "code": "SSTI_JINJA2",
561
+ "category": "injection",
562
+ "id": 309
563
+ },
564
+ {
565
+ "code": "SSTI_TWIG",
566
+ "category": "injection",
567
+ "id": 310
568
+ },
569
+ {
570
+ "code": "SSTI_FREEMARKER",
571
+ "category": "injection",
572
+ "id": 311
573
+ },
574
+ {
575
+ "code": "SSTI_GENERIC",
576
+ "category": "injection",
577
+ "id": 312
578
+ },
579
+ {
580
+ "code": "SSTI_VELOCITY",
581
+ "category": "injection",
582
+ "id": 313
583
+ },
584
+ {
585
+ "code": "SSTI_THYMELEAF",
586
+ "category": "injection",
587
+ "id": 314
588
+ },
589
+ {
590
+ "code": "SSTI_ERB",
591
+ "category": "injection",
592
+ "id": 315
593
+ },
594
+ {
595
+ "code": "SSTI_EJS",
596
+ "category": "injection",
597
+ "id": 316
598
+ },
599
+ {
600
+ "code": "SSTI_PUG",
601
+ "category": "injection",
602
+ "id": 317
603
+ },
604
+ {
605
+ "code": "SSTI_SMARTY",
606
+ "category": "injection",
607
+ "id": 318
608
+ },
609
+ {
610
+ "code": "SSTI_MAKO",
611
+ "category": "injection",
612
+ "id": 319
613
+ },
614
+ {
615
+ "code": "XXE_ERROR_BASED",
616
+ "category": "injection",
617
+ "id": 320
618
+ },
619
+ {
620
+ "code": "XXE_PARAMETER_ENTITY",
621
+ "category": "injection",
622
+ "id": 321
623
+ },
624
+ {
625
+ "code": "LFI_FILTER_BYPASS",
626
+ "category": "injection",
627
+ "id": 322
628
+ },
629
+ {
630
+ "code": "LFI_PROC_DISCLOSURE",
631
+ "category": "injection",
632
+ "id": 323
633
+ },
634
+ {
635
+ "code": "XXE_CLASSIC",
636
+ "category": "injection",
637
+ "id": 324
638
+ },
639
+ {
640
+ "code": "XXE_BLIND",
641
+ "category": "injection",
642
+ "id": 325
643
+ },
644
+ {
645
+ "code": "XXE_OOB",
646
+ "category": "injection",
647
+ "id": 326
648
+ },
649
+ {
650
+ "code": "LFI_PATH_TRAVERSAL",
651
+ "category": "injection",
652
+ "id": 327
653
+ },
654
+ {
655
+ "code": "LFI_SOURCE_DISCLOSURE",
656
+ "category": "injection",
657
+ "id": 328
658
+ },
659
+ {
660
+ "code": "LFI_WRAPPER_PROTOCOL",
661
+ "category": "injection",
662
+ "id": 329
663
+ },
664
+ {
665
+ "code": "XPATH_AUTH_BYPASS",
666
+ "category": "injection",
667
+ "id": 330
668
+ },
669
+ {
670
+ "code": "XPATH_DATA_EXTRACTION",
671
+ "category": "injection",
672
+ "id": 331
673
+ },
674
+ {
675
+ "code": "XPATH_BLIND",
676
+ "category": "injection",
677
+ "id": 332
678
+ },
679
+ {
680
+ "code": "XPATH_ERROR_BASED",
681
+ "category": "injection",
682
+ "id": 333
683
+ },
684
+ {
685
+ "code": "XSS_REFLECTED",
686
+ "category": "xss",
687
+ "id": 400
688
+ },
689
+ {
690
+ "code": "XSS_STORED",
691
+ "category": "xss",
692
+ "id": 401
693
+ },
694
+ {
695
+ "code": "XSS_DOM_BASED",
696
+ "category": "xss",
697
+ "id": 402
698
+ },
699
+ {
700
+ "code": "XSS_SVG_INJECTION",
701
+ "category": "xss",
702
+ "id": 403
703
+ },
704
+ {
705
+ "code": "XSS_CSTI_ANGULAR",
706
+ "category": "xss",
707
+ "id": 404
708
+ },
709
+ {
710
+ "code": "XSS_CSP_BYPASS",
711
+ "category": "xss",
712
+ "id": 405
713
+ },
714
+ {
715
+ "code": "XSS_JS_CONTEXT",
716
+ "category": "xss",
717
+ "id": 406
718
+ },
719
+ {
720
+ "code": "XSS_EVENT_HANDLER",
721
+ "category": "xss",
722
+ "id": 407
723
+ },
724
+ {
725
+ "code": "XSS_SCRIPT_INJECTION",
726
+ "category": "xss",
727
+ "id": 408
728
+ },
729
+ {
730
+ "code": "XSS_HTML_INJECTION",
731
+ "category": "xss",
732
+ "id": 409
733
+ },
734
+ {
735
+ "code": "XSS_ATTRIBUTE_INJECTION",
736
+ "category": "xss",
737
+ "id": 410
738
+ },
739
+ {
740
+ "code": "XSS_CSS_INJECTION",
741
+ "category": "xss",
742
+ "id": 411
743
+ },
744
+ {
745
+ "code": "XSS_TEMPLATE_LITERAL",
746
+ "category": "xss",
747
+ "id": 412
748
+ },
749
+ {
750
+ "code": "XSS_MUTATION_BASED",
751
+ "category": "xss",
752
+ "id": 413
753
+ },
754
+ {
755
+ "code": "XSS_CSTI_VUE",
756
+ "category": "xss",
757
+ "id": 414
758
+ },
759
+ {
760
+ "code": "SSRF_CLOUD_METADATA",
761
+ "category": "ssrf",
762
+ "id": 450
763
+ },
764
+ {
765
+ "code": "SSRF_INTERNAL_SERVICE",
766
+ "category": "ssrf",
767
+ "id": 451
768
+ },
769
+ {
770
+ "code": "SSRF_PROTOCOL_SMUGGLING",
771
+ "category": "ssrf",
772
+ "id": 452
773
+ },
774
+ {
775
+ "code": "SSRF_BLIND_OOB",
776
+ "category": "ssrf",
777
+ "id": 453
778
+ },
779
+ {
780
+ "code": "REDIRECT_HEADER_INJECTION",
781
+ "category": "ssrf",
782
+ "id": 454
783
+ },
784
+ {
785
+ "code": "REDIRECT_JS_NAVIGATION",
786
+ "category": "ssrf",
787
+ "id": 455
788
+ },
789
+ {
790
+ "code": "HOST_CACHE_POISONING",
791
+ "category": "ssrf",
792
+ "id": 456
793
+ },
794
+ {
795
+ "code": "HOST_PASSWORD_RESET",
796
+ "category": "ssrf",
797
+ "id": 457
798
+ },
799
+ {
800
+ "code": "SSRF_FILTER_BYPASS",
801
+ "category": "ssrf",
802
+ "id": 458
803
+ },
804
+ {
805
+ "code": "REDIRECT_META_REFRESH",
806
+ "category": "ssrf",
807
+ "id": 459
808
+ },
809
+ {
810
+ "code": "HOST_REDIRECT",
811
+ "category": "ssrf",
812
+ "id": 460
813
+ },
814
+ {
815
+ "code": "SENS_CRIT_AWS_CREDENTIALS",
816
+ "category": "sensitive-paths",
817
+ "id": 500
818
+ },
819
+ {
820
+ "code": "SENS_CRIT_SSH_PRIVATE_KEY",
821
+ "category": "sensitive-paths",
822
+ "id": 501
823
+ },
824
+ {
825
+ "code": "SENS_CRIT_SSL_PRIVATE_KEY",
826
+ "category": "sensitive-paths",
827
+ "id": 502
828
+ },
829
+ {
830
+ "code": "SENS_CRIT_RAILS_MASTER_KEY",
831
+ "category": "sensitive-paths",
832
+ "id": 503
833
+ },
834
+ {
835
+ "code": "SENS_CRIT_TERRAFORM_STATE",
836
+ "category": "sensitive-paths",
837
+ "id": 504
838
+ },
839
+ {
840
+ "code": "SENS_CRIT_KUBE_CONFIG",
841
+ "category": "sensitive-paths",
842
+ "id": 505
843
+ },
844
+ {
845
+ "code": "SENS_CRIT_VAULT_SECRET",
846
+ "category": "sensitive-paths",
847
+ "id": 506
848
+ },
849
+ {
850
+ "code": "SENS_HIGH_GIT_EXPOSED",
851
+ "category": "sensitive-paths",
852
+ "id": 507
853
+ },
854
+ {
855
+ "code": "SENS_HIGH_ENV_FILE",
856
+ "category": "sensitive-paths",
857
+ "id": 508
858
+ },
859
+ {
860
+ "code": "SENS_HIGH_WORDPRESS_CONFIG",
861
+ "category": "sensitive-paths",
862
+ "id": 509
863
+ },
864
+ {
865
+ "code": "SENS_HIGH_SPRING_ACTUATOR",
866
+ "category": "sensitive-paths",
867
+ "id": 510
868
+ },
869
+ {
870
+ "code": "SENS_HIGH_SPRING_HEAPDUMP",
871
+ "category": "sensitive-paths",
872
+ "id": 511
873
+ },
874
+ {
875
+ "code": "SENS_HIGH_PHPINFO",
876
+ "category": "sensitive-paths",
877
+ "id": 512
878
+ },
879
+ {
880
+ "code": "SENS_HIGH_LARAVEL_DEBUG",
881
+ "category": "sensitive-paths",
882
+ "id": 513
883
+ },
884
+ {
885
+ "code": "SENS_HIGH_GRAPHQL_INTROSPECTION",
886
+ "category": "sensitive-paths",
887
+ "id": 514
888
+ },
889
+ {
890
+ "code": "SENS_HIGH_DATABASE_BACKUP",
891
+ "category": "sensitive-paths",
892
+ "id": 515
893
+ },
894
+ {
895
+ "code": "SENS_MED_SWAGGER_DOCS",
896
+ "category": "sensitive-paths",
897
+ "id": 516
898
+ },
899
+ {
900
+ "code": "SENS_MED_PROMETHEUS_METRICS",
901
+ "category": "sensitive-paths",
902
+ "id": 517
903
+ },
904
+ {
905
+ "code": "SENS_MED_ADMIN_PANEL",
906
+ "category": "sensitive-paths",
907
+ "id": 518
908
+ },
909
+ {
910
+ "code": "SENS_MED_SOURCE_MAP",
911
+ "category": "sensitive-paths",
912
+ "id": 519
913
+ },
914
+ {
915
+ "code": "SENS_MED_UN_PROTECTED_CONFIG_JSON",
916
+ "category": "sensitive-paths",
917
+ "id": 520
918
+ },
919
+ {
920
+ "code": "SENS_HIGH_WEB_SERVER_CONFIGURATION_FILE_DETECTED",
921
+ "category": "sensitive-paths",
922
+ "id": 521
923
+ },
924
+ {
925
+ "code": "SENS_HIGH_APPSETTINGS_JSON_EXPOSED",
926
+ "category": "sensitive-paths",
927
+ "id": 522
928
+ },
929
+ {
930
+ "code": "SENS_HIGH_SPRING_CONFIG_EXPOSED",
931
+ "category": "sensitive-paths",
932
+ "id": 523
933
+ },
934
+ {
935
+ "code": "SENS_HIGH_NPMRC_EXPOSED",
936
+ "category": "sensitive-paths",
937
+ "id": 524
938
+ },
939
+ {
940
+ "code": "SENS_LOW_TOML_PROJECT_FILE_EXPOSED",
941
+ "category": "sensitive-paths",
942
+ "id": 525
943
+ },
944
+ {
945
+ "code": "SENS_HIGH_RAILS_DATABASE_YML_EXPOSED",
946
+ "category": "sensitive-paths",
947
+ "id": 526
948
+ },
949
+ {
950
+ "code": "SENS_HIGH_DRUPAL_SETTINGS_PHP_EXPOSED",
951
+ "category": "sensitive-paths",
952
+ "id": 527
953
+ },
954
+ {
955
+ "code": "SENS_HIGH_MAGENTO_ENV_PHP_EXPOSED",
956
+ "category": "sensitive-paths",
957
+ "id": 528
958
+ },
959
+ {
960
+ "code": "SENS_HIGH_JOLOKIA_EXPOSED",
961
+ "category": "sensitive-paths",
962
+ "id": 529
963
+ },
964
+ {
965
+ "code": "SENS_HIGH_SVN_WORKING_COPY_DATABASE_EXPOSED",
966
+ "category": "sensitive-paths",
967
+ "id": 530
968
+ },
969
+ {
970
+ "code": "SENS_HIGH_SUBVERSION_REPOSITORY_DETECTED",
971
+ "category": "sensitive-paths",
972
+ "id": 531
973
+ },
974
+ {
975
+ "code": "SENS_MED_MERCURIAL_REPOSITORY_FOUND",
976
+ "category": "sensitive-paths",
977
+ "id": 532
978
+ },
979
+ {
980
+ "code": "SENS_MED_MERCURIAL_HGRC_EXPOSED",
981
+ "category": "sensitive-paths",
982
+ "id": 533
983
+ },
984
+ {
985
+ "code": "SENS_MED_CVS_ROOT_EXPOSED",
986
+ "category": "sensitive-paths",
987
+ "id": 534
988
+ },
989
+ {
990
+ "code": "SENS_MED_CVS_ENTRIES_EXPOSED",
991
+ "category": "sensitive-paths",
992
+ "id": 535
993
+ },
994
+ {
995
+ "code": "SENS_MED_BAZAAR_REPO_EXPOSED",
996
+ "category": "sensitive-paths",
997
+ "id": 536
998
+ },
999
+ {
1000
+ "code": "SENS_HIGH_SPRING_BOOT_THREAD_DUMP_EXPOSED",
1001
+ "category": "sensitive-paths",
1002
+ "id": 537
1003
+ },
1004
+ {
1005
+ "code": "SENS_HIGH_REDIS_RDB_DUMP_DETECTED",
1006
+ "category": "sensitive-paths",
1007
+ "id": 538
1008
+ },
1009
+ {
1010
+ "code": "SENS_LOW_ATLASSIAN_BITBUCKET_PIPELINES_CONFIGURATION_DETECTED",
1011
+ "category": "sensitive-paths",
1012
+ "id": 539
1013
+ },
1014
+ {
1015
+ "code": "SENS_LOW_AZURE_PIPELINES_CONFIGURATION_DETECTED",
1016
+ "category": "sensitive-paths",
1017
+ "id": 540
1018
+ },
1019
+ {
1020
+ "code": "SENS_LOW_AWS_CODE_BUILD_BUILDSPEC_DETECTED",
1021
+ "category": "sensitive-paths",
1022
+ "id": 541
1023
+ },
1024
+ {
1025
+ "code": "SENS_LOW_GITHUB_ACTIONS_WORKFLOW_DETECTED",
1026
+ "category": "sensitive-paths",
1027
+ "id": 542
1028
+ },
1029
+ {
1030
+ "code": "SENS_MED_DOCKER_COMPOSE_CONFIGURATION_DETECTED",
1031
+ "category": "sensitive-paths",
1032
+ "id": 543
1033
+ },
1034
+ {
1035
+ "code": "SENS_HIGH_TRACE_AXD",
1036
+ "category": "sensitive-paths",
1037
+ "id": 544
1038
+ },
1039
+ {
1040
+ "code": "SENS_HIGH_ELMAH_AXD_EXPOSED",
1041
+ "category": "sensitive-paths",
1042
+ "id": 545
1043
+ },
1044
+ {
1045
+ "code": "SENS_MED_LARAVEL_LOG_VIEWER_ENABLED",
1046
+ "category": "sensitive-paths",
1047
+ "id": 546
1048
+ },
1049
+ {
1050
+ "code": "SENS_MED_APACHE_HTACCESS_FILE_DETECTED",
1051
+ "category": "sensitive-paths",
1052
+ "id": 547
1053
+ },
1054
+ {
1055
+ "code": "SENS_MED_APACHE_SERVER_INFO_EXPOSED",
1056
+ "category": "sensitive-paths",
1057
+ "id": 548
1058
+ },
1059
+ {
1060
+ "code": "SENS_HIGH_SQLITE_DATABASE_DETECTED",
1061
+ "category": "sensitive-paths",
1062
+ "id": 549
1063
+ },
1064
+ {
1065
+ "code": "SENS_MED_PACKAGE_DEPENDENCIES_DETECTED",
1066
+ "category": "sensitive-paths",
1067
+ "id": 550
1068
+ },
1069
+ {
1070
+ "code": "SENS_MED_PHP_COMPOSER_DEPENDENCIES_DETECTED",
1071
+ "category": "sensitive-paths",
1072
+ "id": 551
1073
+ },
1074
+ {
1075
+ "code": "SENS_LOW_PYTHON_REQUIREMENTS_DETECTED",
1076
+ "category": "sensitive-paths",
1077
+ "id": 552
1078
+ },
1079
+ {
1080
+ "code": "SENS_HIGH_AWS_CONFIG_EXPOSED",
1081
+ "category": "sensitive-paths",
1082
+ "id": 553
1083
+ },
1084
+ {
1085
+ "code": "SENS_HIGH_AZURE_CREDENTIALS_EXPOSED",
1086
+ "category": "sensitive-paths",
1087
+ "id": 554
1088
+ },
1089
+ {
1090
+ "code": "SENS_HIGH_HELM_VALUES_EXPOSED",
1091
+ "category": "sensitive-paths",
1092
+ "id": 555
1093
+ },
1094
+ {
1095
+ "code": "SENS_MED_SSH_PUBLIC_KEY_EXPOSED",
1096
+ "category": "sensitive-paths",
1097
+ "id": 556
1098
+ },
1099
+ {
1100
+ "code": "SENS_MED_SSL_CERTIFICATE_EXPOSED",
1101
+ "category": "sensitive-paths",
1102
+ "id": 557
1103
+ },
1104
+ {
1105
+ "code": "SENS_MED_GRAPH_QL_ENDPOINT_EXPOSED",
1106
+ "category": "sensitive-paths",
1107
+ "id": 558
1108
+ },
1109
+ {
1110
+ "code": "SENS_MED_GRAPHI_QL_EXPOSED",
1111
+ "category": "sensitive-paths",
1112
+ "id": 559
1113
+ },
1114
+ {
1115
+ "code": "SENS_MED_TERRAFORM_LOCK_EXPOSED",
1116
+ "category": "sensitive-paths",
1117
+ "id": 560
1118
+ },
1119
+ {
1120
+ "code": "SENS_HIGH_TERRAFORM_VARS_EXPOSED",
1121
+ "category": "sensitive-paths",
1122
+ "id": 561
1123
+ },
1124
+ {
1125
+ "code": "SENS_MED_ERROR_LOG_EXPOSED",
1126
+ "category": "sensitive-paths",
1127
+ "id": 562
1128
+ },
1129
+ {
1130
+ "code": "SENS_MED_ACCESS_LOG_EXPOSED",
1131
+ "category": "sensitive-paths",
1132
+ "id": 563
1133
+ },
1134
+ {
1135
+ "code": "SENS_MED_DEBUG_LOG_EXPOSED",
1136
+ "category": "sensitive-paths",
1137
+ "id": 564
1138
+ },
1139
+ {
1140
+ "code": "SENS_MED_APPLICATION_LOG_EXPOSED",
1141
+ "category": "sensitive-paths",
1142
+ "id": 565
1143
+ },
1144
+ {
1145
+ "code": "SENS_HIGH_LARAVEL_LOG_EXPOSED",
1146
+ "category": "sensitive-paths",
1147
+ "id": 566
1148
+ },
1149
+ {
1150
+ "code": "SENS_HIGH_WORD_PRESS_DEBUG_LOG_EXPOSED",
1151
+ "category": "sensitive-paths",
1152
+ "id": 567
1153
+ },
1154
+ {
1155
+ "code": "SENS_HIGH_ADMINER_EXPOSED",
1156
+ "category": "sensitive-paths",
1157
+ "id": 568
1158
+ },
1159
+ {
1160
+ "code": "SENS_MED_WSDL_EXPOSED",
1161
+ "category": "sensitive-paths",
1162
+ "id": 569
1163
+ },
1164
+ {
1165
+ "code": "SENS_HIGH_DEBUG_ENDPOINT_EXPOSED",
1166
+ "category": "sensitive-paths",
1167
+ "id": 570
1168
+ },
1169
+ {
1170
+ "code": "SENS_HIGH_GO_DEBUG_VARS_EXPOSED",
1171
+ "category": "sensitive-paths",
1172
+ "id": 571
1173
+ },
1174
+ {
1175
+ "code": "SENS_HIGH_GO_PPROF_EXPOSED",
1176
+ "category": "sensitive-paths",
1177
+ "id": 572
1178
+ },
1179
+ {
1180
+ "code": "SENS_MED_WORD_PRESS_XML_RPC_EXPOSED",
1181
+ "category": "sensitive-paths",
1182
+ "id": 573
1183
+ },
1184
+ {
1185
+ "code": "SENS_LOW_TEST_ENDPOINT_EXPOSED",
1186
+ "category": "sensitive-paths",
1187
+ "id": 574
1188
+ },
1189
+ {
1190
+ "code": "SENS_LOW_STAGING_ENDPOINT_EXPOSED",
1191
+ "category": "sensitive-paths",
1192
+ "id": 575
1193
+ },
1194
+ {
1195
+ "code": "SENS_LOW_EDITOR_BACKUP_FILE_DETECTED",
1196
+ "category": "sensitive-paths",
1197
+ "id": 576
1198
+ },
1199
+ {
1200
+ "code": "SENS_LOW_VIM_SWAP_FILE_DETECTED",
1201
+ "category": "sensitive-paths",
1202
+ "id": 577
1203
+ },
1204
+ {
1205
+ "code": "SENS_LOW_DIRECTORY_LISTING_ENABLED",
1206
+ "category": "sensitive-paths",
1207
+ "id": 578
1208
+ },
1209
+ {
1210
+ "code": "SENS_HIGH_AZURE_STORAGE_CONFIG_EXPOSED",
1211
+ "category": "sensitive-paths",
1212
+ "id": 579
1213
+ },
1214
+ {
1215
+ "code": "SENS_HIGH_MONGO_RC_EXPOSED",
1216
+ "category": "sensitive-paths",
1217
+ "id": 580
1218
+ },
1219
+ {
1220
+ "code": "SENS_LOW_AWSSAM_TEMPLATE_EXPOSED",
1221
+ "category": "sensitive-paths",
1222
+ "id": 581
1223
+ },
1224
+ {
1225
+ "code": "SENS_LOW_SERVERLESS_CONFIG_EXPOSED",
1226
+ "category": "sensitive-paths",
1227
+ "id": 582
1228
+ },
1229
+ {
1230
+ "code": "SENS_LOW_CLOUD_FORMATION_TEMPLATE_EXPOSED",
1231
+ "category": "sensitive-paths",
1232
+ "id": 583
1233
+ }
1234
+ ]
1235
+ }