@zerothreatai/vulnerability-registry 4.0.0 → 6.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (99) hide show
  1. package/dist/categories/authentication.js +17 -17
  2. package/dist/categories/configuration.js +80 -80
  3. package/dist/categories/injection.js +34 -34
  4. package/dist/categories/sensitive-paths.js +84 -84
  5. package/dist/categories/ssrf.js +11 -11
  6. package/dist/categories/xss.js +15 -15
  7. package/dist/compliance-codes.d.ts +207 -0
  8. package/dist/compliance-codes.js +213 -0
  9. package/dist/compliances/gdpr.d.ts +2 -0
  10. package/dist/compliances/gdpr.js +252 -0
  11. package/dist/compliances/helpers.d.ts +6 -0
  12. package/dist/compliances/helpers.js +11 -0
  13. package/dist/compliances/hipaa.d.ts +2 -0
  14. package/dist/compliances/hipaa.js +187 -0
  15. package/dist/compliances/index.d.ts +5 -0
  16. package/dist/compliances/index.js +5 -0
  17. package/dist/compliances/owasp.d.ts +2 -0
  18. package/dist/compliances/owasp.js +127 -0
  19. package/dist/compliances/pci-dss.d.ts +2 -0
  20. package/dist/compliances/pci-dss.js +260 -0
  21. package/dist/compliances/sans-top-25.d.ts +2 -0
  22. package/dist/compliances/sans-top-25.js +242 -0
  23. package/dist/index.d.ts +7 -1
  24. package/dist/index.js +7 -1
  25. package/dist/types.d.ts +33 -0
  26. package/dist/types.js +11 -1
  27. package/dist-cjs/categories/authentication.js +17 -17
  28. package/dist-cjs/categories/configuration.js +80 -80
  29. package/dist-cjs/categories/injection.js +34 -34
  30. package/dist-cjs/categories/sensitive-paths.js +84 -84
  31. package/dist-cjs/categories/ssrf.js +11 -11
  32. package/dist-cjs/categories/xss.js +15 -15
  33. package/dist-cjs/compliance-codes.js +216 -0
  34. package/dist-cjs/compliances/gdpr.js +255 -0
  35. package/dist-cjs/compliances/helpers.js +19 -0
  36. package/dist-cjs/compliances/hipaa.js +190 -0
  37. package/dist-cjs/compliances/index.js +13 -0
  38. package/dist-cjs/compliances/owasp.js +130 -0
  39. package/dist-cjs/compliances/pci-dss.js +263 -0
  40. package/dist-cjs/compliances/sans-top-25.js +245 -0
  41. package/dist-cjs/index.js +12 -1
  42. package/dist-cjs/types.js +12 -0
  43. package/package.json +40 -32
  44. package/scripts/assign-ids.ts +105 -0
  45. package/scripts/check-duplicate-ids.ts +45 -0
  46. package/src/categories/authentication.ts +17 -17
  47. package/src/categories/configuration.ts +80 -80
  48. package/src/categories/injection.ts +34 -34
  49. package/src/categories/sensitive-paths.ts +84 -84
  50. package/src/categories/ssrf.ts +11 -11
  51. package/src/categories/xss.ts +15 -15
  52. package/src/compliance-codes.ts +216 -0
  53. package/src/compliances/README.md +82 -0
  54. package/src/compliances/gdpr.ts +258 -0
  55. package/src/compliances/helpers.ts +29 -0
  56. package/src/compliances/hipaa.ts +193 -0
  57. package/src/compliances/index.ts +5 -0
  58. package/src/compliances/owasp.ts +133 -0
  59. package/src/compliances/pci-dss.ts +266 -0
  60. package/src/compliances/sans-top-25.ts +246 -0
  61. package/src/id-registry.json +1235 -0
  62. package/src/index.ts +12 -1
  63. package/src/types.ts +40 -4
  64. package/src/categories/authentication.d.ts +0 -8
  65. package/src/categories/authentication.d.ts.map +0 -1
  66. package/src/categories/authentication.js +0 -392
  67. package/src/categories/authentication.js.map +0 -1
  68. package/src/categories/configuration.d.ts +0 -8
  69. package/src/categories/configuration.d.ts.map +0 -1
  70. package/src/categories/configuration.js +0 -1782
  71. package/src/categories/configuration.js.map +0 -1
  72. package/src/categories/injection.d.ts +0 -8
  73. package/src/categories/injection.d.ts.map +0 -1
  74. package/src/categories/injection.js +0 -781
  75. package/src/categories/injection.js.map +0 -1
  76. package/src/categories/sensitive-paths.d.ts +0 -9
  77. package/src/categories/sensitive-paths.d.ts.map +0 -1
  78. package/src/categories/sensitive-paths.js +0 -1872
  79. package/src/categories/sensitive-paths.js.map +0 -1
  80. package/src/categories/ssrf.d.ts +0 -8
  81. package/src/categories/ssrf.d.ts.map +0 -1
  82. package/src/categories/ssrf.js +0 -258
  83. package/src/categories/ssrf.js.map +0 -1
  84. package/src/categories/xss.d.ts +0 -7
  85. package/src/categories/xss.d.ts.map +0 -1
  86. package/src/categories/xss.js +0 -340
  87. package/src/categories/xss.js.map +0 -1
  88. package/src/error-codes.d.ts +0 -280
  89. package/src/error-codes.d.ts.map +0 -1
  90. package/src/error-codes.js +0 -350
  91. package/src/error-codes.js.map +0 -1
  92. package/src/index.d.ts +0 -60
  93. package/src/index.d.ts.map +0 -1
  94. package/src/index.js +0 -92
  95. package/src/index.js.map +0 -1
  96. package/src/types.d.ts +0 -88
  97. package/src/types.d.ts.map +0 -1
  98. package/src/types.js +0 -6
  99. package/src/types.js.map +0 -1
package/dist-cjs/categories/configuration.js CHANGED
@@ -12,7 +12,7 @@ exports.CONFIG_VULNERABILITIES = {
12
12
  // SECURITY HEADERS
13
13
  // ========================================
14
14
  [error_codes_js_1.VulnerabilityCode.HEADER_MISSING_CSP]: {
15
- id: 69,
15
+ id: 200,
16
16
  code: error_codes_js_1.VulnerabilityCode.HEADER_MISSING_CSP,
17
17
  title: 'Missing Security Header - Content-Security-Policy',
18
18
  description: 'The application does not implement Content-Security-Policy header, leaving it vulnerable to cross-site scripting attacks that could be mitigated by restricting the sources from which scripts, styles, and other resources can be loaded into the page.',
@@ -34,7 +34,7 @@ exports.CONFIG_VULNERABILITIES = {
34
34
  remediation: 'Implement Content-Security-Policy header with strict directives. Start with default-src self and progressively add required sources. Use nonce-based CSP for inline scripts.',
35
35
  },
36
36
  [error_codes_js_1.VulnerabilityCode.HEADER_MISSING_HSTS]: {
37
- id: 70,
37
+ id: 201,
38
38
  code: error_codes_js_1.VulnerabilityCode.HEADER_MISSING_HSTS,
39
39
  title: 'Missing Security Header - Strict-Transport-Security',
40
40
  description: 'The application does not implement HSTS (HTTP Strict Transport Security) header, leaving users vulnerable to SSL stripping attacks and man-in-the-middle downgrades from HTTPS to HTTP connections on initial visits or after cookie expiration.',
@@ -56,7 +56,7 @@ exports.CONFIG_VULNERABILITIES = {
56
56
  remediation: 'Add Strict-Transport-Security header with max-age of at least 31536000 (1 year). Include includeSubDomains directive. Consider HSTS preloading for maximum protection.',
57
57
  },
58
58
  [error_codes_js_1.VulnerabilityCode.HEADER_HSTS_BAD_MAX_AGE]: {
59
- id: 1011,
59
+ id: 202,
60
60
  code: error_codes_js_1.VulnerabilityCode.HEADER_HSTS_BAD_MAX_AGE,
61
61
  title: 'HSTS Misconfiguration - Invalid Max-Age',
62
62
  description: 'The Strict-Transport-Security header uses an invalid or malformed max-age value, preventing reliable HTTPS enforcement.',
@@ -78,7 +78,7 @@ exports.CONFIG_VULNERABILITIES = {
78
78
  remediation: 'Set a valid numeric max-age on Strict-Transport-Security (at least 31536000).',
79
79
  },
80
80
  [error_codes_js_1.VulnerabilityCode.HEADER_HSTS_SHORT_MAX_AGE]: {
81
- id: 1012,
81
+ id: 203,
82
82
  code: error_codes_js_1.VulnerabilityCode.HEADER_HSTS_SHORT_MAX_AGE,
83
83
  title: 'HSTS Misconfiguration - Max-Age Too Short',
84
84
  description: 'The Strict-Transport-Security header uses a short max-age value that weakens HTTPS enforcement and allows downgrade risk to return quickly.',
@@ -100,7 +100,7 @@ exports.CONFIG_VULNERABILITIES = {
100
100
  remediation: 'Increase max-age to at least 31536000 (1 year) to provide durable HTTPS enforcement.',
101
101
  },
102
102
  [error_codes_js_1.VulnerabilityCode.HEADER_HSTS_NO_INCLUDESUBDOMAINS]: {
103
- id: 1013,
103
+ id: 204,
104
104
  code: error_codes_js_1.VulnerabilityCode.HEADER_HSTS_NO_INCLUDESUBDOMAINS,
105
105
  title: 'HSTS Misconfiguration - Missing includeSubDomains',
106
106
  description: 'The Strict-Transport-Security header is missing includeSubDomains, leaving subdomains unprotected from downgrade and stripping attacks.',
@@ -122,7 +122,7 @@ exports.CONFIG_VULNERABILITIES = {
122
122
  remediation: 'Add includeSubDomains to the HSTS header to protect all subdomains.',
123
123
  },
124
124
  [error_codes_js_1.VulnerabilityCode.HEADER_HSTS_PRELOAD_LOW_MAX_AGE]: {
125
- id: 1018,
125
+ id: 205,
126
126
  code: error_codes_js_1.VulnerabilityCode.HEADER_HSTS_PRELOAD_LOW_MAX_AGE,
127
127
  title: 'HSTS Preload Requirements Not Met',
128
128
  description: 'The HSTS header indicates preload intent but does not meet preload requirements, such as a sufficiently long max-age or includeSubDomains, reducing preload effectiveness.',
@@ -144,7 +144,7 @@ exports.CONFIG_VULNERABILITIES = {
144
144
  remediation: 'Ensure HSTS max-age is at least 31536000, include includeSubDomains, and add preload before submitting to the preload list.',
145
145
  },
146
146
  [error_codes_js_1.VulnerabilityCode.HEADER_MISSING_XFRAME]: {
147
- id: 71,
147
+ id: 206,
148
148
  code: error_codes_js_1.VulnerabilityCode.HEADER_MISSING_XFRAME,
149
149
  title: 'Missing Security Header - X-Frame-Options',
150
150
  description: 'The application does not set X-Frame-Options header, making it vulnerable to clickjacking attacks where malicious websites can embed the application in invisible iframes and trick users into performing unintended actions through deceptive UI overlays.',
@@ -166,7 +166,7 @@ exports.CONFIG_VULNERABILITIES = {
166
166
  remediation: 'Set X-Frame-Options header to DENY or SAMEORIGIN. Use Content-Security-Policy frame-ancestors directive for more granular control. Both headers can be used together for compatibility.',
167
167
  },
168
168
  [error_codes_js_1.VulnerabilityCode.HEADER_WEAK_CSP]: {
169
- id: 72,
169
+ id: 207,
170
170
  code: error_codes_js_1.VulnerabilityCode.HEADER_WEAK_CSP,
171
171
  title: 'Weak Content-Security-Policy Configuration',
172
172
  description: 'The Content-Security-Policy header contains unsafe directives like unsafe-inline, unsafe-eval, or overly permissive source allowlists that significantly reduce its effectiveness as an XSS mitigation and may create false sense of security.',
@@ -188,7 +188,7 @@ exports.CONFIG_VULNERABILITIES = {
188
188
  remediation: 'Remove unsafe-inline and unsafe-eval directives. Use nonce-based or hash-based CSP for inline scripts. Restrict source allowlists to specific trusted domains rather than wildcards.',
189
189
  },
190
190
  [error_codes_js_1.VulnerabilityCode.HEADER_CSP_REPORT_ONLY]: {
191
- id: 1001,
191
+ id: 208,
192
192
  code: error_codes_js_1.VulnerabilityCode.HEADER_CSP_REPORT_ONLY,
193
193
  title: 'Content-Security-Policy Report-Only Enabled',
194
194
  description: 'The Content-Security-Policy header is deployed in report-only mode, which does not enforce protections and allows unsafe content to execute while only logging violations.',
@@ -210,7 +210,7 @@ exports.CONFIG_VULNERABILITIES = {
210
210
  remediation: 'Switch to enforcing Content-Security-Policy once violations are reviewed. Use report-only during rollout, then enforce with strict directives.',
211
211
  },
212
212
  [error_codes_js_1.VulnerabilityCode.HEADER_CSP_WEAK_DIRECTIVES]: {
213
- id: 1002,
213
+ id: 209,
214
214
  code: error_codes_js_1.VulnerabilityCode.HEADER_CSP_WEAK_DIRECTIVES,
215
215
  title: 'Content-Security-Policy Contains Unsafe Directives',
216
216
  description: 'The Content-Security-Policy header includes unsafe directives such as unsafe-inline or unsafe-eval that reduce XSS protection and allow risky script execution paths.',
@@ -232,7 +232,7 @@ exports.CONFIG_VULNERABILITIES = {
232
232
  remediation: 'Remove unsafe-inline and unsafe-eval directives. Replace inline scripts with nonces or hashes and restrict sources to trusted domains.',
233
233
  },
234
234
  [error_codes_js_1.VulnerabilityCode.HEADER_CSP_DATA_URI_SCRIPT]: {
235
- id: 1003,
235
+ id: 210,
236
236
  code: error_codes_js_1.VulnerabilityCode.HEADER_CSP_DATA_URI_SCRIPT,
237
237
  title: 'Content-Security-Policy Allows data: in script-src',
238
238
  description: 'The CSP allows data: URIs for script execution, which can enable script injection through crafted data URLs and weaken XSS protections.',
@@ -254,7 +254,7 @@ exports.CONFIG_VULNERABILITIES = {
254
254
  remediation: 'Remove data: from script-src. Use nonce or hash-based CSP for any required inline scripts.',
255
255
  },
256
256
  [error_codes_js_1.VulnerabilityCode.HEADER_CSP_BLOB_URI_SCRIPT]: {
257
- id: 1004,
257
+ id: 211,
258
258
  code: error_codes_js_1.VulnerabilityCode.HEADER_CSP_BLOB_URI_SCRIPT,
259
259
  title: 'Content-Security-Policy Allows blob: in script-src',
260
260
  description: 'The CSP allows blob: URIs for script execution, which can be abused to load attacker-controlled scripts in some contexts and weaken XSS mitigations.',
@@ -276,7 +276,7 @@ exports.CONFIG_VULNERABILITIES = {
276
276
  remediation: 'Remove blob: from script-src unless strictly required. Use a narrower allowlist or nonces for trusted scripts.',
277
277
  },
278
278
  [error_codes_js_1.VulnerabilityCode.HEADER_CSP_WILDCARD_DEFAULT]: {
279
- id: 1005,
279
+ id: 212,
280
280
  code: error_codes_js_1.VulnerabilityCode.HEADER_CSP_WILDCARD_DEFAULT,
281
281
  title: 'Content-Security-Policy default-src Uses Wildcard',
282
282
  description: 'The CSP default-src directive allows all origins, which effectively disables the protection and allows untrusted content to load.',
@@ -298,7 +298,7 @@ exports.CONFIG_VULNERABILITIES = {
298
298
  remediation: 'Replace wildcard default-src with explicit trusted origins and tighten resource-specific directives.',
299
299
  },
300
300
  [error_codes_js_1.VulnerabilityCode.HEADER_CSP_NO_BASE_URI]: {
301
- id: 1006,
301
+ id: 213,
302
302
  code: error_codes_js_1.VulnerabilityCode.HEADER_CSP_NO_BASE_URI,
303
303
  title: 'Content-Security-Policy Missing base-uri Directive',
304
304
  description: 'The CSP does not include a base-uri directive, allowing the base URL to be set by injected markup and enabling abuse of relative URL resolution.',
@@ -320,7 +320,7 @@ exports.CONFIG_VULNERABILITIES = {
320
320
  remediation: 'Add base-uri \'self\' (or a strict allowlist) to CSP to prevent base tag abuse.',
321
321
  },
322
322
  [error_codes_js_1.VulnerabilityCode.HEADER_CSP_NO_OBJECT_SRC]: {
323
- id: 1007,
323
+ id: 214,
324
324
  code: error_codes_js_1.VulnerabilityCode.HEADER_CSP_NO_OBJECT_SRC,
325
325
  title: 'Content-Security-Policy Missing object-src Directive',
326
326
  description: 'The CSP does not include an object-src directive, allowing embedded objects to load from arbitrary origins and weakening defense-in-depth against plugin-based risks.',
@@ -342,7 +342,7 @@ exports.CONFIG_VULNERABILITIES = {
342
342
  remediation: 'Add object-src \'none\' (or a strict allowlist) to CSP to prevent plugin content loading.',
343
343
  },
344
344
  [error_codes_js_1.VulnerabilityCode.HEADER_CSP_NO_FRAME_ANCESTORS]: {
345
- id: 1008,
345
+ id: 215,
346
346
  code: error_codes_js_1.VulnerabilityCode.HEADER_CSP_NO_FRAME_ANCESTORS,
347
347
  title: 'Content-Security-Policy Missing frame-ancestors Directive',
348
348
  description: 'The CSP does not include a frame-ancestors directive, leaving pages potentially frameable and vulnerable to clickjacking attacks.',
@@ -364,7 +364,7 @@ exports.CONFIG_VULNERABILITIES = {
364
364
  remediation: 'Add frame-ancestors \'none\' or a strict allowlist to CSP to prevent clickjacking.',
365
365
  },
366
366
  [error_codes_js_1.VulnerabilityCode.HEADER_CORS_MISCONFIGURED]: {
367
- id: 73,
367
+ id: 216,
368
368
  code: error_codes_js_1.VulnerabilityCode.HEADER_CORS_MISCONFIGURED,
369
369
  title: 'CORS Misconfiguration',
370
370
  description: 'Cross-Origin Resource Sharing is misconfigured with overly permissive Access-Control-Allow-Origin headers including wildcard (*) with credentials, or dynamic reflection of Origin header without proper validation, enabling cross-origin data theft.',
@@ -386,7 +386,7 @@ exports.CONFIG_VULNERABILITIES = {
386
386
  remediation: 'Implement strict Origin validation with allowlist of trusted domains. Never reflect Origin header without validation. Do not use wildcard with Access-Control-Allow-Credentials.',
387
387
  },
388
388
  [error_codes_js_1.VulnerabilityCode.HEADER_CORS_STAR_WITH_CREDENTIALS]: {
389
- id: 1014,
389
+ id: 217,
390
390
  code: error_codes_js_1.VulnerabilityCode.HEADER_CORS_STAR_WITH_CREDENTIALS,
391
391
  title: 'CORS Wildcard With Credentials',
392
392
  description: 'Access-Control-Allow-Origin is set to * while Access-Control-Allow-Credentials is enabled, which browsers block but signals a dangerous CORS policy that can be misapplied in some environments.',
@@ -408,7 +408,7 @@ exports.CONFIG_VULNERABILITIES = {
408
408
  remediation: 'Never use wildcard origins with credentials. Replace * with an explicit allowlist and set Vary: Origin.',
409
409
  },
410
410
  [error_codes_js_1.VulnerabilityCode.HEADER_CORS_ORIGIN_REFLECT_NO_VARY]: {
411
- id: 1015,
411
+ id: 218,
412
412
  code: error_codes_js_1.VulnerabilityCode.HEADER_CORS_ORIGIN_REFLECT_NO_VARY,
413
413
  title: 'CORS Origin Reflection Without Vary',
414
414
  description: 'The Origin header is reflected in Access-Control-Allow-Origin without Vary: Origin, which can lead to cache poisoning and unintended cross-origin access.',
@@ -430,7 +430,7 @@ exports.CONFIG_VULNERABILITIES = {
430
430
  remediation: 'Validate origins against an allowlist and always include Vary: Origin when dynamically setting Access-Control-Allow-Origin.',
431
431
  },
432
432
  [error_codes_js_1.VulnerabilityCode.HEADER_CORS_NULL_ORIGIN]: {
433
- id: 1016,
433
+ id: 219,
434
434
  code: error_codes_js_1.VulnerabilityCode.HEADER_CORS_NULL_ORIGIN,
435
435
  title: 'CORS Allows Null Origin',
436
436
  description: 'Access-Control-Allow-Origin allows the null origin, enabling requests from opaque origins such as sandboxed iframes and file URLs that can be abused to access sensitive data.',
@@ -452,7 +452,7 @@ exports.CONFIG_VULNERABILITIES = {
452
452
  remediation: 'Remove null from allowed origins. Restrict CORS to explicit trusted domains only.',
453
453
  },
454
454
  [error_codes_js_1.VulnerabilityCode.HEADER_CORS_WILDCARD_SUBDOMAIN]: {
455
- id: 1017,
455
+ id: 220,
456
456
  code: error_codes_js_1.VulnerabilityCode.HEADER_CORS_WILDCARD_SUBDOMAIN,
457
457
  title: 'CORS Allows Wildcard Subdomains',
458
458
  description: 'CORS policies allow wildcard subdomains that can be abused if any subdomain is compromised or can be controlled by untrusted parties.',
@@ -477,7 +477,7 @@ exports.CONFIG_VULNERABILITIES = {
477
477
  // DIRECTORY BROWSING
478
478
  // ========================================
479
479
  [error_codes_js_1.VulnerabilityCode.DIRBROWSE_GENERIC]: {
480
- id: 2000,
480
+ id: 221,
481
481
  code: error_codes_js_1.VulnerabilityCode.DIRBROWSE_GENERIC,
482
482
  title: 'Directory Listing Enabled (Generic)',
483
483
  description: 'Directory listing is enabled and exposes directory contents to unauthenticated visitors, revealing application structure and file names.',
@@ -499,7 +499,7 @@ exports.CONFIG_VULNERABILITIES = {
499
499
  remediation: 'Disable directory listing in the web server configuration and ensure directories have index files.',
500
500
  },
501
501
  [error_codes_js_1.VulnerabilityCode.DIRBROWSE_GENERIC_SENSITIVE]: {
502
- id: 2001,
502
+ id: 222,
503
503
  code: error_codes_js_1.VulnerabilityCode.DIRBROWSE_GENERIC_SENSITIVE,
504
504
  title: 'Directory Listing Exposing Sensitive Content (Generic)',
505
505
  description: 'Directory listing is enabled on a directory containing sensitive files such as backups, credentials, or configuration artifacts.',
@@ -521,7 +521,7 @@ exports.CONFIG_VULNERABILITIES = {
521
521
  remediation: 'Disable directory listing and remove sensitive files from web-accessible directories.',
522
522
  },
523
523
  [error_codes_js_1.VulnerabilityCode.DIRBROWSE_APACHE]: {
524
- id: 2002,
524
+ id: 223,
525
525
  code: error_codes_js_1.VulnerabilityCode.DIRBROWSE_APACHE,
526
526
  title: 'Apache Autoindex Enabled',
527
527
  description: 'Apache autoindex is enabled, exposing directory contents to unauthenticated visitors.',
@@ -543,7 +543,7 @@ exports.CONFIG_VULNERABILITIES = {
543
543
  remediation: 'Disable autoindex in Apache (Options -Indexes) and add index files.',
544
544
  },
545
545
  [error_codes_js_1.VulnerabilityCode.DIRBROWSE_APACHE_SENSITIVE]: {
546
- id: 2003,
546
+ id: 224,
547
547
  code: error_codes_js_1.VulnerabilityCode.DIRBROWSE_APACHE_SENSITIVE,
548
548
  title: 'Apache Autoindex Exposing Sensitive Content',
549
549
  description: 'Apache autoindex is enabled on a directory containing sensitive files such as backups, credentials, or configuration artifacts.',
@@ -565,7 +565,7 @@ exports.CONFIG_VULNERABILITIES = {
565
565
  remediation: 'Disable autoindex and remove sensitive files from web-accessible directories.',
566
566
  },
567
567
  [error_codes_js_1.VulnerabilityCode.DIRBROWSE_NGINX]: {
568
- id: 2004,
568
+ id: 225,
569
569
  code: error_codes_js_1.VulnerabilityCode.DIRBROWSE_NGINX,
570
570
  title: 'Nginx Autoindex Enabled',
571
571
  description: 'Nginx autoindex is enabled, exposing directory contents to unauthenticated visitors.',
@@ -587,7 +587,7 @@ exports.CONFIG_VULNERABILITIES = {
587
587
  remediation: 'Disable autoindex in nginx (autoindex off) and add index files.',
588
588
  },
589
589
  [error_codes_js_1.VulnerabilityCode.DIRBROWSE_NGINX_SENSITIVE]: {
590
- id: 2005,
590
+ id: 226,
591
591
  code: error_codes_js_1.VulnerabilityCode.DIRBROWSE_NGINX_SENSITIVE,
592
592
  title: 'Nginx Autoindex Exposing Sensitive Content',
593
593
  description: 'Nginx autoindex is enabled on a directory containing sensitive files such as backups, credentials, or configuration artifacts.',
@@ -609,7 +609,7 @@ exports.CONFIG_VULNERABILITIES = {
609
609
  remediation: 'Disable autoindex and remove sensitive files from web-accessible directories.',
610
610
  },
611
611
  [error_codes_js_1.VulnerabilityCode.DIRBROWSE_IIS]: {
612
- id: 2006,
612
+ id: 227,
613
613
  code: error_codes_js_1.VulnerabilityCode.DIRBROWSE_IIS,
614
614
  title: 'IIS Directory Browsing Enabled',
615
615
  description: 'IIS directory browsing is enabled, exposing directory contents to unauthenticated visitors.',
@@ -631,7 +631,7 @@ exports.CONFIG_VULNERABILITIES = {
631
631
  remediation: 'Disable directory browsing in IIS and ensure directories have index files.',
632
632
  },
633
633
  [error_codes_js_1.VulnerabilityCode.DIRBROWSE_IIS_SENSITIVE]: {
634
- id: 2007,
634
+ id: 228,
635
635
  code: error_codes_js_1.VulnerabilityCode.DIRBROWSE_IIS_SENSITIVE,
636
636
  title: 'IIS Directory Browsing Exposing Sensitive Content',
637
637
  description: 'IIS directory browsing is enabled on a directory containing sensitive files such as backups, credentials, or configuration artifacts.',
@@ -653,7 +653,7 @@ exports.CONFIG_VULNERABILITIES = {
653
653
  remediation: 'Disable directory browsing and remove sensitive files from web-accessible directories.',
654
654
  },
655
655
  [error_codes_js_1.VulnerabilityCode.DIRBROWSE_TOMCAT]: {
656
- id: 2008,
656
+ id: 229,
657
657
  code: error_codes_js_1.VulnerabilityCode.DIRBROWSE_TOMCAT,
658
658
  title: 'Tomcat Directory Listing Enabled',
659
659
  description: 'Tomcat directory listing is enabled, exposing directory contents to unauthenticated visitors.',
@@ -675,7 +675,7 @@ exports.CONFIG_VULNERABILITIES = {
675
675
  remediation: 'Disable directory listings in Tomcat and add index files to web directories.',
676
676
  },
677
677
  [error_codes_js_1.VulnerabilityCode.DIRBROWSE_TOMCAT_SENSITIVE]: {
678
- id: 2009,
678
+ id: 230,
679
679
  code: error_codes_js_1.VulnerabilityCode.DIRBROWSE_TOMCAT_SENSITIVE,
680
680
  title: 'Tomcat Directory Listing Exposing Sensitive Content',
681
681
  description: 'Tomcat directory listing is enabled on a directory containing sensitive files such as backups, credentials, or configuration artifacts.',
@@ -697,7 +697,7 @@ exports.CONFIG_VULNERABILITIES = {
697
697
  remediation: 'Disable directory listings and remove sensitive files from web-accessible directories.',
698
698
  },
699
699
  [error_codes_js_1.VulnerabilityCode.DIRBROWSE_CADDY]: {
700
- id: 2010,
700
+ id: 231,
701
701
  code: error_codes_js_1.VulnerabilityCode.DIRBROWSE_CADDY,
702
702
  title: 'Caddy File Server Browsing Enabled',
703
703
  description: 'Caddy file server browsing is enabled, exposing directory contents to unauthenticated visitors.',
@@ -719,7 +719,7 @@ exports.CONFIG_VULNERABILITIES = {
719
719
  remediation: 'Disable file_server browse in Caddy or restrict browsing to trusted users.',
720
720
  },
721
721
  [error_codes_js_1.VulnerabilityCode.DIRBROWSE_CADDY_SENSITIVE]: {
722
- id: 2011,
722
+ id: 232,
723
723
  code: error_codes_js_1.VulnerabilityCode.DIRBROWSE_CADDY_SENSITIVE,
724
724
  title: 'Caddy File Server Browsing Exposing Sensitive Content',
725
725
  description: 'Caddy file server browsing is enabled on a directory containing sensitive files such as backups, credentials, or configuration artifacts.',
@@ -741,7 +741,7 @@ exports.CONFIG_VULNERABILITIES = {
741
741
  remediation: 'Disable file_server browse and remove sensitive files from web-accessible directories.',
742
742
  },
743
743
  [error_codes_js_1.VulnerabilityCode.DIRBROWSE_WEBDAV]: {
744
- id: 2012,
744
+ id: 233,
745
745
  code: error_codes_js_1.VulnerabilityCode.DIRBROWSE_WEBDAV,
746
746
  title: 'WebDAV Directory Listing Enabled',
747
747
  description: 'WebDAV responses expose directory contents, allowing unauthenticated browsing of files and folders.',
@@ -763,7 +763,7 @@ exports.CONFIG_VULNERABILITIES = {
763
763
  remediation: 'Disable unauthenticated WebDAV browsing or restrict access with authentication and authorization.',
764
764
  },
765
765
  [error_codes_js_1.VulnerabilityCode.DIRBROWSE_WEBDAV_SENSITIVE]: {
766
- id: 2013,
766
+ id: 234,
767
767
  code: error_codes_js_1.VulnerabilityCode.DIRBROWSE_WEBDAV_SENSITIVE,
768
768
  title: 'WebDAV Directory Listing Exposing Sensitive Content',
769
769
  description: 'WebDAV responses expose directories containing sensitive files such as backups, credentials, or configuration artifacts.',
@@ -785,7 +785,7 @@ exports.CONFIG_VULNERABILITIES = {
785
785
  remediation: 'Disable unauthenticated WebDAV browsing and remove sensitive files from exposed directories.',
786
786
  },
787
787
  [error_codes_js_1.VulnerabilityCode.DIRBROWSE_S3]: {
788
- id: 2014,
788
+ id: 235,
789
789
  code: error_codes_js_1.VulnerabilityCode.DIRBROWSE_S3,
790
790
  title: 'S3 Bucket Listing Enabled',
791
791
  description: 'An S3 bucket listing is exposed, allowing unauthenticated enumeration of object keys.',
@@ -807,7 +807,7 @@ exports.CONFIG_VULNERABILITIES = {
807
807
  remediation: 'Disable public ListBucket access and restrict bucket policies to authorized principals.',
808
808
  },
809
809
  [error_codes_js_1.VulnerabilityCode.DIRBROWSE_S3_SENSITIVE]: {
810
- id: 2015,
810
+ id: 236,
811
811
  code: error_codes_js_1.VulnerabilityCode.DIRBROWSE_S3_SENSITIVE,
812
812
  title: 'S3 Bucket Listing Exposing Sensitive Content',
813
813
  description: 'An S3 bucket listing is exposed and includes sensitive objects such as backups, credentials, or configuration artifacts.',
@@ -829,7 +829,7 @@ exports.CONFIG_VULNERABILITIES = {
829
829
  remediation: 'Remove public ListBucket access and rotate any exposed credentials or secrets.',
830
830
  },
831
831
  [error_codes_js_1.VulnerabilityCode.DIRBROWSE_GCS]: {
832
- id: 2016,
832
+ id: 237,
833
833
  code: error_codes_js_1.VulnerabilityCode.DIRBROWSE_GCS,
834
834
  title: 'GCS Bucket Listing Enabled',
835
835
  description: 'A Google Cloud Storage bucket listing is exposed, allowing unauthenticated enumeration of object keys.',
@@ -851,7 +851,7 @@ exports.CONFIG_VULNERABILITIES = {
851
851
  remediation: 'Restrict bucket IAM policies to authorized principals and disable anonymous listing.',
852
852
  },
853
853
  [error_codes_js_1.VulnerabilityCode.DIRBROWSE_GCS_SENSITIVE]: {
854
- id: 2017,
854
+ id: 238,
855
855
  code: error_codes_js_1.VulnerabilityCode.DIRBROWSE_GCS_SENSITIVE,
856
856
  title: 'GCS Bucket Listing Exposing Sensitive Content',
857
857
  description: 'A Google Cloud Storage bucket listing is exposed and includes sensitive objects such as backups, credentials, or configuration artifacts.',
@@ -873,7 +873,7 @@ exports.CONFIG_VULNERABILITIES = {
873
873
  remediation: 'Remove public listing access and rotate any exposed credentials or secrets.',
874
874
  },
875
875
  [error_codes_js_1.VulnerabilityCode.DIRBROWSE_AZURE_BLOB]: {
876
- id: 2018,
876
+ id: 239,
877
877
  code: error_codes_js_1.VulnerabilityCode.DIRBROWSE_AZURE_BLOB,
878
878
  title: 'Azure Blob Container Listing Enabled',
879
879
  description: 'An Azure Blob container listing is exposed, allowing unauthenticated enumeration of blob names.',
@@ -895,7 +895,7 @@ exports.CONFIG_VULNERABILITIES = {
895
895
  remediation: 'Disable public container listing and restrict access via SAS tokens or RBAC.',
896
896
  },
897
897
  [error_codes_js_1.VulnerabilityCode.DIRBROWSE_AZURE_BLOB_SENSITIVE]: {
898
- id: 2019,
898
+ id: 240,
899
899
  code: error_codes_js_1.VulnerabilityCode.DIRBROWSE_AZURE_BLOB_SENSITIVE,
900
900
  title: 'Azure Blob Container Listing Exposing Sensitive Content',
901
901
  description: 'An Azure Blob container listing is exposed and includes sensitive blobs such as backups, credentials, or configuration artifacts.',
@@ -918,7 +918,7 @@ exports.CONFIG_VULNERABILITIES = {
918
918
  },
919
919
  // Legacy generic codes (keep for backward compatibility)
920
920
  [error_codes_js_1.VulnerabilityCode.DIRBROWSE_ENABLED]: {
921
- id: 74,
921
+ id: 241,
922
922
  code: error_codes_js_1.VulnerabilityCode.DIRBROWSE_ENABLED,
923
923
  title: 'Directory Listing Enabled',
924
924
  description: 'Web server directory listing is enabled, exposing the contents of directories to anyone who browses to them without an index file. This reveals application structure, backup files, configuration files, and potentially sensitive data to attackers.',
@@ -940,7 +940,7 @@ exports.CONFIG_VULNERABILITIES = {
940
940
  remediation: 'Disable directory listing in web server configuration (Options -Indexes in Apache, autoindex off in nginx). Ensure all directories have proper index files.',
941
941
  },
942
942
  [error_codes_js_1.VulnerabilityCode.DIRBROWSE_SENSITIVE]: {
943
- id: 75,
943
+ id: 242,
944
944
  code: error_codes_js_1.VulnerabilityCode.DIRBROWSE_SENSITIVE,
945
945
  title: 'Directory Listing Exposing Sensitive Content',
946
946
  description: 'Directory listing is enabled on a directory containing sensitive files like backups, configuration files, source code, or credentials. This elevates the risk significantly as attackers can directly access sensitive information without guessing filenames.',
@@ -965,7 +965,7 @@ exports.CONFIG_VULNERABILITIES = {
965
965
  // CLICKJACKING
966
966
  // ========================================
967
967
  [error_codes_js_1.VulnerabilityCode.CLICK_FRAMEABLE]: {
968
- id: 76,
968
+ id: 243,
969
969
  code: error_codes_js_1.VulnerabilityCode.CLICK_FRAMEABLE,
970
970
  title: 'Clickjacking - Page Frameable',
971
971
  description: 'The application pages can be embedded in iframes on malicious websites, enabling clickjacking attacks where attackers overlay transparent frames over deceptive UI elements to trick users into clicking hidden buttons or links that perform unintended actions.',
@@ -990,7 +990,7 @@ exports.CONFIG_VULNERABILITIES = {
990
990
  // DESERIALIZATION
991
991
  // ========================================
992
992
  [error_codes_js_1.VulnerabilityCode.DESER_JAVA]: {
993
- id: 77,
993
+ id: 244,
994
994
  code: error_codes_js_1.VulnerabilityCode.DESER_JAVA,
995
995
  title: 'Insecure Deserialization - Java',
996
996
  description: 'Critical Java deserialization vulnerability where untrusted serialized objects are processed, allowing attackers to achieve remote code execution through gadget chains in common libraries like Apache Commons Collections, Spring Framework, or other classpath dependencies.',
@@ -1012,7 +1012,7 @@ exports.CONFIG_VULNERABILITIES = {
1012
1012
  remediation: 'Do not deserialize untrusted data. Use JSON or XML instead of Java serialization. Implement ObjectInputFilter (JEP 290) to restrict deserializable classes. Remove vulnerable gadget libraries.',
1013
1013
  },
1014
1014
  [error_codes_js_1.VulnerabilityCode.DESER_PHP]: {
1015
- id: 78,
1015
+ id: 245,
1016
1016
  code: error_codes_js_1.VulnerabilityCode.DESER_PHP,
1017
1017
  title: 'Insecure Deserialization - PHP',
1018
1018
  description: 'Critical PHP deserialization vulnerability where unserialize() processes attacker-controlled data, enabling object injection attacks through magic methods like __wakeup(), __destruct(), or __toString() in application or framework classes for remote code execution.',
@@ -1034,7 +1034,7 @@ exports.CONFIG_VULNERABILITIES = {
1034
1034
  remediation: 'Never pass user input to unserialize(). Use json_decode() instead. If serialization is required, use allowed_classes option with explicit allowlist. Audit code for pop chains.',
1035
1035
  },
1036
1036
  [error_codes_js_1.VulnerabilityCode.DESER_PYTHON]: {
1037
- id: 79,
1037
+ id: 246,
1038
1038
  code: error_codes_js_1.VulnerabilityCode.DESER_PYTHON,
1039
1039
  title: 'Insecure Deserialization - Python',
1040
1040
  description: 'Critical Python deserialization vulnerability through pickle/cPickle processing of untrusted data, enabling remote code execution via __reduce__ method exploitation. Python pickle is inherently unsafe and should never process untrusted input.',
@@ -1056,7 +1056,7 @@ exports.CONFIG_VULNERABILITIES = {
1056
1056
  remediation: 'Never pickle untrusted data. Use JSON or other safe formats. If pickle is required, use cryptographic signatures to verify data integrity before deserialization.',
1057
1057
  },
1058
1058
  [error_codes_js_1.VulnerabilityCode.DESER_DOTNET]: {
1059
- id: 80,
1059
+ id: 247,
1060
1060
  code: error_codes_js_1.VulnerabilityCode.DESER_DOTNET,
1061
1061
  title: 'Insecure Deserialization - .NET',
1062
1062
  description: 'Critical .NET deserialization vulnerability through BinaryFormatter, ObjectStateFormatter, LosFormatter, or other dangerous formatters processing untrusted data, enabling remote code execution through gadget chains in the .NET runtime or third-party libraries.',
@@ -1078,7 +1078,7 @@ exports.CONFIG_VULNERABILITIES = {
1078
1078
  remediation: 'Avoid BinaryFormatter for untrusted data. Use System.Text.Json or XmlSerializer with known types. For legacy code, implement SerializationBinder to restrict deserializable types.',
1079
1079
  },
1080
1080
  [error_codes_js_1.VulnerabilityCode.DESER_RUBY]: {
1081
- id: 81,
1081
+ id: 248,
1082
1082
  code: error_codes_js_1.VulnerabilityCode.DESER_RUBY,
1083
1083
  title: 'Insecure Deserialization - Ruby',
1084
1084
  description: 'Critical Ruby deserialization vulnerability through Marshal.load or YAML.load processing untrusted data, enabling remote code execution through Ruby object instantiation gadgets that execute arbitrary code during object reconstruction.',
@@ -1100,7 +1100,7 @@ exports.CONFIG_VULNERABILITIES = {
1100
1100
  remediation: 'Never Marshal.load untrusted data. Use JSON.parse instead. For YAML, use YAML.safe_load with permitted_classes option. Sign serialized data with HMAC for integrity.',
1101
1101
  },
1102
1102
  [error_codes_js_1.VulnerabilityCode.DESER_NODE]: {
1103
- id: 82,
1103
+ id: 249,
1104
1104
  code: error_codes_js_1.VulnerabilityCode.DESER_NODE,
1105
1105
  title: 'Insecure Deserialization - Node.js',
1106
1106
  description: 'Critical Node.js deserialization vulnerability through node-serialize, funcster, or similar libraries that execute JavaScript during deserialization, enabling remote code execution when attacker-controlled serialized data containing functions or IIFE is processed.',
@@ -1122,7 +1122,7 @@ exports.CONFIG_VULNERABILITIES = {
1122
1122
  remediation: 'Never use serialization libraries that can deserialize functions. Use JSON.parse() for data interchange. Avoid node-serialize and similar libraries. Implement input validation.',
1123
1123
  },
1124
1124
  [error_codes_js_1.VulnerabilityCode.CLICK_PARTIAL_PROTECTION]: {
1125
- id: 83,
1125
+ id: 250,
1126
1126
  code: error_codes_js_1.VulnerabilityCode.CLICK_PARTIAL_PROTECTION,
1127
1127
  title: 'Clickjacking - Partial Protection',
1128
1128
  description: 'Incomplete clickjacking protection where X-Frame-Options or frame-ancestors CSP is only applied on some pages, uses weak values like ALLOW-FROM with bypassable origins, or has inconsistent implementation allowing certain pages to be framed.',
@@ -1144,7 +1144,7 @@ exports.CONFIG_VULNERABILITIES = {
1144
1144
  remediation: 'Apply consistent frame protection across all pages. Use DENY or SAMEORIGIN rather than ALLOW-FROM. Audit all endpoints for missing protection. Use CSP frame-ancestors instead of X-Frame-Options.',
1145
1145
  },
1146
1146
  [error_codes_js_1.VulnerabilityCode.HEADER_MISSING_XCONTENT_TYPE]: {
1147
- id: 84,
1147
+ id: 251,
1148
1148
  code: error_codes_js_1.VulnerabilityCode.HEADER_MISSING_XCONTENT_TYPE,
1149
1149
  title: 'Missing Security Header - X-Content-Type-Options',
1150
1150
  description: 'The application does not set X-Content-Type-Options: nosniff header, allowing browsers to perform MIME-type sniffing that can lead to XSS attacks when user-uploaded content is served with incorrect Content-Type and browsers execute it as script.',
@@ -1166,7 +1166,7 @@ exports.CONFIG_VULNERABILITIES = {
1166
1166
  remediation: 'Add X-Content-Type-Options: nosniff header to all responses. Ensure correct Content-Type headers are set for all resources. Validate file types before serving user uploads.',
1167
1167
  },
1168
1168
  [error_codes_js_1.VulnerabilityCode.HEADER_XCONTENT_TYPE_INVALID]: {
1169
- id: 1009,
1169
+ id: 252,
1170
1170
  code: error_codes_js_1.VulnerabilityCode.HEADER_XCONTENT_TYPE_INVALID,
1171
1171
  title: 'Invalid Security Header - X-Content-Type-Options',
1172
1172
  description: 'The X-Content-Type-Options header is present but misconfigured (not set to nosniff), which can allow MIME sniffing and reduce protection against content-type confusion.',
@@ -1188,7 +1188,7 @@ exports.CONFIG_VULNERABILITIES = {
1188
1188
  remediation: 'Set X-Content-Type-Options to nosniff on all responses to prevent MIME sniffing.',
1189
1189
  },
1190
1190
  [error_codes_js_1.VulnerabilityCode.HEADER_MISSING_REFERRER_POLICY]: {
1191
- id: 85,
1191
+ id: 253,
1192
1192
  code: error_codes_js_1.VulnerabilityCode.HEADER_MISSING_REFERRER_POLICY,
1193
1193
  title: 'Missing Security Header - Referrer-Policy',
1194
1194
  description: 'The application does not implement Referrer-Policy header, potentially leaking sensitive URL information including session tokens, user IDs, or query parameters to external sites when users click links or resources are loaded from third-party domains.',
@@ -1210,7 +1210,7 @@ exports.CONFIG_VULNERABILITIES = {
1210
1210
  remediation: 'Implement Referrer-Policy header with strict-origin-when-cross-origin or no-referrer policy. Avoid passing sensitive data in URLs. Use POST requests for sensitive operations.',
1211
1211
  },
1212
1212
  [error_codes_js_1.VulnerabilityCode.HEADER_REFERRER_POLICY_UNSAFE]: {
1213
- id: 1010,
1213
+ id: 254,
1214
1214
  code: error_codes_js_1.VulnerabilityCode.HEADER_REFERRER_POLICY_UNSAFE,
1215
1215
  title: 'Unsafe Referrer-Policy Configuration',
1216
1216
  description: 'The Referrer-Policy header is set to a permissive value that can leak full URLs and sensitive query parameters to external origins.',
@@ -1232,7 +1232,7 @@ exports.CONFIG_VULNERABILITIES = {
1232
1232
  remediation: 'Use strict-origin-when-cross-origin or no-referrer to minimize leakage of sensitive URL data.',
1233
1233
  },
1234
1234
  [error_codes_js_1.VulnerabilityCode.HEADER_MISSING_PERMISSIONS_POLICY]: {
1235
- id: 86,
1235
+ id: 255,
1236
1236
  code: error_codes_js_1.VulnerabilityCode.HEADER_MISSING_PERMISSIONS_POLICY,
1237
1237
  title: 'Missing Security Header - Permissions-Policy',
1238
1238
  description: 'The application does not implement Permissions-Policy (formerly Feature-Policy) header, allowing embedded frames or malicious scripts to access sensitive browser features like camera, microphone, geolocation, or payment APIs without explicit permission.',
@@ -1254,7 +1254,7 @@ exports.CONFIG_VULNERABILITIES = {
1254
1254
  remediation: 'Add Permissions-Policy header restricting access to sensitive features. Disable features not needed by the application. Use () syntax to disallow features for all origins.',
1255
1255
  },
1256
1256
  [error_codes_js_1.VulnerabilityCode.HEADER_MISSING_XSS_PROTECTION]: {
1257
- id: 87,
1257
+ id: 256,
1258
1258
  code: error_codes_js_1.VulnerabilityCode.HEADER_MISSING_XSS_PROTECTION,
1259
1259
  title: 'Missing Security Header - X-XSS-Protection',
1260
1260
  description: 'The legacy X-XSS-Protection header is not set. While deprecated in modern browsers, it can provide defense-in-depth for older browsers that still honor this header for their built-in XSS auditor feature.',
@@ -1276,7 +1276,7 @@ exports.CONFIG_VULNERABILITIES = {
1276
1276
  remediation: 'Set X-XSS-Protection: 0 to disable (recommended per OWASP) or use CSP instead. The XSS auditor has been removed from modern browsers due to security issues with block mode.',
1277
1277
  },
1278
1278
  [error_codes_js_1.VulnerabilityCode.HEADER_COEP_WITHOUT_COOP]: {
1279
- id: 108,
1279
+ id: 257,
1280
1280
  code: error_codes_js_1.VulnerabilityCode.HEADER_COEP_WITHOUT_COOP,
1281
1281
  title: 'Header Misconfiguration - COEP Without COOP',
1282
1282
  description: 'Cross-Origin-Embedder-Policy (COEP) is set without Cross-Origin-Opener-Policy (COOP), which can create inconsistent cross-origin isolation behavior and indicate incomplete or misapplied security header strategy for isolation-sensitive applications.',
@@ -1298,7 +1298,7 @@ exports.CONFIG_VULNERABILITIES = {
1298
1298
  remediation: 'If cross-origin isolation is required, deploy COEP together with COOP and validate the intended policy combination. Otherwise remove COEP to avoid confusing or inconsistent isolation posture.',
1299
1299
  },
1300
1300
  [error_codes_js_1.VulnerabilityCode.HEADER_CORP_UNUSUAL]: {
1301
- id: 109,
1301
+ id: 258,
1302
1302
  code: error_codes_js_1.VulnerabilityCode.HEADER_CORP_UNUSUAL,
1303
1303
  title: 'Header Misconfiguration - Unusual CORP Value',
1304
1304
  description: 'Cross-Origin-Resource-Policy (CORP) is set to a non-standard value, which may indicate a misconfiguration that provides no effective protection or creates unpredictable resource loading behavior across origins.',
@@ -1320,7 +1320,7 @@ exports.CONFIG_VULNERABILITIES = {
1320
1320
  remediation: 'Use valid CORP values (same-origin, same-site, or cross-origin) and confirm the chosen policy aligns with the resource sharing model of the application.',
1321
1321
  },
1322
1322
  [error_codes_js_1.VulnerabilityCode.HEADER_EXPECT_CT_PRESENT]: {
1323
- id: 110,
1323
+ id: 259,
1324
1324
  code: error_codes_js_1.VulnerabilityCode.HEADER_EXPECT_CT_PRESENT,
1325
1325
  title: 'Deprecated Header - Expect-CT Present',
1326
1326
  description: 'The Expect-CT header is present even though the feature is deprecated and no longer enforced by major browsers, adding unnecessary configuration surface without meaningful security benefit.',
@@ -1342,7 +1342,7 @@ exports.CONFIG_VULNERABILITIES = {
1342
1342
  remediation: 'Remove Expect-CT unless you have a legacy operational requirement, and focus on TLS configuration and certificate transparency monitoring via modern tooling.',
1343
1343
  },
1344
1344
  [error_codes_js_1.VulnerabilityCode.HEADER_SERVER_HEADER_PRESENT]: {
1345
- id: 111,
1345
+ id: 260,
1346
1346
  code: error_codes_js_1.VulnerabilityCode.HEADER_SERVER_HEADER_PRESENT,
1347
1347
  title: 'Information Exposure - Server Header Present',
1348
1348
  description: 'The Server header reveals technology or version details that can assist attackers with fingerprinting and targeted exploitation, increasing the likelihood of tailored attacks against known software weaknesses.',
@@ -1364,7 +1364,7 @@ exports.CONFIG_VULNERABILITIES = {
1364
1364
  remediation: 'Configure the web server or reverse proxy to minimize or remove Server header details and avoid exposing version strings in responses.',
1365
1365
  },
1366
1366
  [error_codes_js_1.VulnerabilityCode.HEADER_X_POWERED_BY_PRESENT]: {
1367
- id: 112,
1367
+ id: 261,
1368
1368
  code: error_codes_js_1.VulnerabilityCode.HEADER_X_POWERED_BY_PRESENT,
1369
1369
  title: 'Information Exposure - X-Powered-By Present',
1370
1370
  description: 'The X-Powered-By header discloses framework or runtime information that can be used to fingerprint the application stack and target known vulnerabilities in specific platforms or versions.',
@@ -1386,7 +1386,7 @@ exports.CONFIG_VULNERABILITIES = {
1386
1386
  remediation: 'Disable X-Powered-By headers in application frameworks or reverse proxies to reduce stack fingerprinting exposure.',
1387
1387
  },
1388
1388
  [error_codes_js_1.VulnerabilityCode.HEADER_X_XSS_PROTECTION_ENABLED]: {
1389
- id: 113,
1389
+ id: 262,
1390
1390
  code: error_codes_js_1.VulnerabilityCode.HEADER_X_XSS_PROTECTION_ENABLED,
1391
1391
  title: 'Deprecated Header - X-XSS-Protection Enabled',
1392
1392
  description: 'The X-XSS-Protection header is enabled, which is deprecated and can introduce security risks or inconsistent behavior in legacy browsers due to the removed XSS auditor feature.',
@@ -1408,7 +1408,7 @@ exports.CONFIG_VULNERABILITIES = {
1408
1408
  remediation: 'Prefer modern CSP protections and set X-XSS-Protection: 0 or remove the header to avoid relying on deprecated behavior.',
1409
1409
  },
1410
1410
  [error_codes_js_1.VulnerabilityCode.COOKIE_SAMESITE_NONE_WITHOUT_SECURE]: {
1411
- id: 114,
1411
+ id: 263,
1412
1412
  code: error_codes_js_1.VulnerabilityCode.COOKIE_SAMESITE_NONE_WITHOUT_SECURE,
1413
1413
  title: 'Cookie Misconfiguration - SameSite=None Without Secure',
1414
1414
  description: 'A cookie is configured with SameSite=None but lacks the Secure attribute, enabling cross-site transmission over unencrypted connections and undermining cookie integrity and confidentiality controls.',
@@ -1430,7 +1430,7 @@ exports.CONFIG_VULNERABILITIES = {
1430
1430
  remediation: 'Set Secure when SameSite=None is used and ensure the application is served exclusively over HTTPS.',
1431
1431
  },
1432
1432
  [error_codes_js_1.VulnerabilityCode.COOKIE_SESSION_MISSING_SECURE]: {
1433
- id: 115,
1433
+ id: 264,
1434
1434
  code: error_codes_js_1.VulnerabilityCode.COOKIE_SESSION_MISSING_SECURE,
1435
1435
  title: 'Cookie Misconfiguration - Session Cookie Missing Secure',
1436
1436
  description: 'Session or authentication cookies are missing the Secure attribute, allowing them to be transmitted over unencrypted connections and increasing the risk of session hijacking or credential theft.',
@@ -1452,7 +1452,7 @@ exports.CONFIG_VULNERABILITIES = {
1452
1452
  remediation: 'Apply the Secure attribute to all session cookies and enforce HTTPS with HSTS to prevent downgrade to plaintext.',
1453
1453
  },
1454
1454
  [error_codes_js_1.VulnerabilityCode.COOKIE_MISSING_SECURE]: {
1455
- id: 116,
1455
+ id: 265,
1456
1456
  code: error_codes_js_1.VulnerabilityCode.COOKIE_MISSING_SECURE,
1457
1457
  title: 'Cookie Misconfiguration - Missing Secure Attribute',
1458
1458
  description: 'Cookies are set without the Secure attribute, permitting transmission over plaintext HTTP and exposing cookie contents to network interception or manipulation.',
@@ -1474,7 +1474,7 @@ exports.CONFIG_VULNERABILITIES = {
1474
1474
  remediation: 'Set the Secure attribute on cookies that should only be transmitted over HTTPS.',
1475
1475
  },
1476
1476
  [error_codes_js_1.VulnerabilityCode.COOKIE_SESSION_MISSING_HTTPONLY]: {
1477
- id: 117,
1477
+ id: 266,
1478
1478
  code: error_codes_js_1.VulnerabilityCode.COOKIE_SESSION_MISSING_HTTPONLY,
1479
1479
  title: 'Cookie Misconfiguration - Session Cookie Missing HttpOnly',
1480
1480
  description: 'Session or authentication cookies are missing the HttpOnly attribute, allowing client-side scripts to access sensitive cookie values and increasing the impact of XSS attacks.',
@@ -1496,7 +1496,7 @@ exports.CONFIG_VULNERABILITIES = {
1496
1496
  remediation: 'Set HttpOnly on session cookies to reduce access from client-side scripts and pair with CSP to mitigate XSS risk.',
1497
1497
  },
1498
1498
  [error_codes_js_1.VulnerabilityCode.COOKIE_MISSING_HTTPONLY]: {
1499
- id: 118,
1499
+ id: 267,
1500
1500
  code: error_codes_js_1.VulnerabilityCode.COOKIE_MISSING_HTTPONLY,
1501
1501
  title: 'Cookie Misconfiguration - Missing HttpOnly Attribute',
1502
1502
  description: 'Cookies are missing the HttpOnly attribute, allowing JavaScript access to cookie values and increasing the potential impact of client-side script injection.',
@@ -1518,7 +1518,7 @@ exports.CONFIG_VULNERABILITIES = {
1518
1518
  remediation: 'Add HttpOnly to cookies that should not be accessed by JavaScript to reduce the impact of XSS.',
1519
1519
  },
1520
1520
  [error_codes_js_1.VulnerabilityCode.COOKIE_MISSING_SAMESITE]: {
1521
- id: 119,
1521
+ id: 268,
1522
1522
  code: error_codes_js_1.VulnerabilityCode.COOKIE_MISSING_SAMESITE,
1523
1523
  title: 'Cookie Misconfiguration - Missing SameSite Attribute',
1524
1524
  description: 'Cookies do not specify SameSite, which can allow cross-site requests to include cookies by default and increase exposure to CSRF-style attacks or cross-site leakage.',
@@ -1540,7 +1540,7 @@ exports.CONFIG_VULNERABILITIES = {
1540
1540
  remediation: 'Set SameSite=Lax for general cookies or SameSite=Strict where appropriate to reduce cross-site cookie inclusion.',
1541
1541
  },
1542
1542
  [error_codes_js_1.VulnerabilityCode.COOKIE_HOST_PREFIX_INVALID]: {
1543
- id: 120,
1543
+ id: 269,
1544
1544
  code: error_codes_js_1.VulnerabilityCode.COOKIE_HOST_PREFIX_INVALID,
1545
1545
  title: 'Cookie Misconfiguration - __Host- Prefix Violations',
1546
1546
  description: 'Cookies with the __Host- prefix do not meet required attributes (Secure, Path=/, no Domain), weakening the protections provided by host-only cookie semantics.',
@@ -1562,7 +1562,7 @@ exports.CONFIG_VULNERABILITIES = {
1562
1562
  remediation: 'Ensure __Host- cookies include Secure, Path=/, and omit the Domain attribute to preserve host-only guarantees.',
1563
1563
  },
1564
1564
  [error_codes_js_1.VulnerabilityCode.COOKIE_SECURE_PREFIX_INVALID]: {
1565
- id: 121,
1565
+ id: 270,
1566
1566
  code: error_codes_js_1.VulnerabilityCode.COOKIE_SECURE_PREFIX_INVALID,
1567
1567
  title: 'Cookie Misconfiguration - __Secure- Prefix Violations',
1568
1568
  description: 'Cookies with the __Secure- prefix are missing the Secure attribute, which defeats the prefix requirement and weakens transport security protections.',
@@ -1584,7 +1584,7 @@ exports.CONFIG_VULNERABILITIES = {
1584
1584
  remediation: 'Set the Secure attribute for all __Secure- cookies and ensure HTTPS is enforced across the application.',
1585
1585
  },
1586
1586
  [error_codes_js_1.VulnerabilityCode.HEADER_DRIFT_CSP]: {
1587
- id: 122,
1587
+ id: 271,
1588
1588
  code: error_codes_js_1.VulnerabilityCode.HEADER_DRIFT_CSP,
1589
1589
  title: 'Header Drift - Content-Security-Policy Inconsistent',
1590
1590
  description: 'Content-Security-Policy is present on some paths but missing on others, creating uneven defenses and potentially exposing unprotected routes to script injection or content loading risks.',
@@ -1606,7 +1606,7 @@ exports.CONFIG_VULNERABILITIES = {
1606
1606
  remediation: 'Apply CSP consistently across relevant responses, including error and authentication pages, to avoid gaps in policy coverage.',
1607
1607
  },
1608
1608
  [error_codes_js_1.VulnerabilityCode.HEADER_DRIFT_HSTS]: {
1609
- id: 123,
1609
+ id: 272,
1610
1610
  code: error_codes_js_1.VulnerabilityCode.HEADER_DRIFT_HSTS,
1611
1611
  title: 'Header Drift - Strict-Transport-Security Inconsistent',
1612
1612
  description: 'Strict-Transport-Security is present on some paths but missing on others, reducing the effectiveness of HTTPS enforcement and creating mixed transport behavior across the site.',
@@ -1628,7 +1628,7 @@ exports.CONFIG_VULNERABILITIES = {
1628
1628
  remediation: 'Ensure HSTS is set uniformly on HTTPS responses so the browser can enforce strict transport for the entire origin.',
1629
1629
  },
1630
1630
  [error_codes_js_1.VulnerabilityCode.HEADER_DRIFT_XCONTENT_TYPE]: {
1631
- id: 124,
1631
+ id: 273,
1632
1632
  code: error_codes_js_1.VulnerabilityCode.HEADER_DRIFT_XCONTENT_TYPE,
1633
1633
  title: 'Header Drift - X-Content-Type-Options Inconsistent',
1634
1634
  description: 'X-Content-Type-Options is present on some paths but missing on others, allowing inconsistent MIME sniffing behavior that could expose unprotected routes to content-type confusion.',
@@ -1650,7 +1650,7 @@ exports.CONFIG_VULNERABILITIES = {
1650
1650
  remediation: 'Apply X-Content-Type-Options: nosniff across all relevant responses to avoid inconsistent browser behavior.',
1651
1651
  },
1652
1652
  [error_codes_js_1.VulnerabilityCode.HEADER_DRIFT_REFERRER_POLICY]: {
1653
- id: 125,
1653
+ id: 274,
1654
1654
  code: error_codes_js_1.VulnerabilityCode.HEADER_DRIFT_REFERRER_POLICY,
1655
1655
  title: 'Header Drift - Referrer-Policy Inconsistent',
1656
1656
  description: 'Referrer-Policy is present on some paths but missing on others, leading to inconsistent referrer leakage controls and potential exposure of sensitive URL data.',
@@ -1672,7 +1672,7 @@ exports.CONFIG_VULNERABILITIES = {
1672
1672
  remediation: 'Set a consistent Referrer-Policy across responses to standardize referrer leakage controls.',
1673
1673
  },
1674
1674
  [error_codes_js_1.VulnerabilityCode.HEADER_DRIFT_XFRAME]: {
1675
- id: 126,
1675
+ id: 275,
1676
1676
  code: error_codes_js_1.VulnerabilityCode.HEADER_DRIFT_XFRAME,
1677
1677
  title: 'Header Drift - X-Frame-Options Inconsistent',
1678
1678
  description: 'X-Frame-Options or equivalent framing controls are present on some paths but missing on others, creating uneven clickjacking protection across the site.',
@@ -1694,7 +1694,7 @@ exports.CONFIG_VULNERABILITIES = {
1694
1694
  remediation: 'Apply X-Frame-Options or CSP frame-ancestors consistently to avoid unprotected pages.',
1695
1695
  },
1696
1696
  [error_codes_js_1.VulnerabilityCode.HEADER_DRIFT_PERMISSIONS_POLICY]: {
1697
- id: 127,
1697
+ id: 276,
1698
1698
  code: error_codes_js_1.VulnerabilityCode.HEADER_DRIFT_PERMISSIONS_POLICY,
1699
1699
  title: 'Header Drift - Permissions-Policy Inconsistent',
1700
1700
  description: 'Permissions-Policy is present on some paths but missing on others, leading to inconsistent controls over browser features such as geolocation, camera, or microphone.',
@@ -1716,7 +1716,7 @@ exports.CONFIG_VULNERABILITIES = {
1716
1716
  remediation: 'Apply Permissions-Policy consistently for pages that should restrict access to sensitive browser features.',
1717
1717
  },
1718
1718
  [error_codes_js_1.VulnerabilityCode.HEADER_DRIFT_COOP]: {
1719
- id: 128,
1719
+ id: 277,
1720
1720
  code: error_codes_js_1.VulnerabilityCode.HEADER_DRIFT_COOP,
1721
1721
  title: 'Header Drift - COOP Inconsistent',
1722
1722
  description: 'Cross-Origin-Opener-Policy is present on some paths but missing on others, which can lead to uneven cross-origin isolation guarantees and inconsistent window isolation behavior.',
@@ -1738,7 +1738,7 @@ exports.CONFIG_VULNERABILITIES = {
1738
1738
  remediation: 'Apply COOP consistently where cross-origin isolation is required and validate the policy across all relevant routes.',
1739
1739
  },
1740
1740
  [error_codes_js_1.VulnerabilityCode.HEADER_DRIFT_COEP]: {
1741
- id: 129,
1741
+ id: 278,
1742
1742
  code: error_codes_js_1.VulnerabilityCode.HEADER_DRIFT_COEP,
1743
1743
  title: 'Header Drift - COEP Inconsistent',
1744
1744
  description: 'Cross-Origin-Embedder-Policy is present on some paths but missing on others, resulting in inconsistent embedding restrictions and cross-origin isolation posture.',
@@ -1760,7 +1760,7 @@ exports.CONFIG_VULNERABILITIES = {
1760
1760
  remediation: 'Apply COEP consistently on routes that are intended to enforce cross-origin embedding controls.',
1761
1761
  },
1762
1762
  [error_codes_js_1.VulnerabilityCode.HEADER_DRIFT_CORP]: {
1763
- id: 130,
1763
+ id: 279,
1764
1764
  code: error_codes_js_1.VulnerabilityCode.HEADER_DRIFT_CORP,
1765
1765
  title: 'Header Drift - CORP Inconsistent',
1766
1766
  description: 'Cross-Origin-Resource-Policy is present on some paths but missing on others, which can leave inconsistent controls on resource sharing and embedding across the application.',