@zerothreatai/vulnerability-registry 9.0.5 → 9.0.7

package/src/categories/injection.ts

@@ -791,11 +791,11 @@ export const INJECTION_VULNERABILITIES: Record<string, VulnerabilityDefinitionIn
         remediation: 'Use parameterized XPath queries and input validation. Normalize error and response behaviors to reduce side-channel differences. Apply rate limiting to limit inference attacks.',
     },
 
-    [VulnerabilityCode.XPATH_ERROR_BASED]: {
-        id: 333,
-        code: VulnerabilityCode.XPATH_ERROR_BASED,
-        title: 'XPath Injection Error Based',
-        description: 'XPath injection vulnerability where malformed input triggers verbose error messages that reveal query structure or XML data, enabling attackers to craft precise XPath exploits or extract sensitive information.',
+    [VulnerabilityCode.XPATH_ERROR_BASED]: {
+        id: 333,
+        code: VulnerabilityCode.XPATH_ERROR_BASED,
+        title: 'XPath Injection Error Based',
+        description: 'XPath injection vulnerability where malformed input triggers verbose error messages that reveal query structure or XML data, enabling attackers to craft precise XPath exploits or extract sensitive information.',
         severity: 'medium',
         levelId: 3,
         category: 'injection',
@@ -811,9 +811,60 @@ export const INJECTION_VULNERABILITIES: Record<string, VulnerabilityDefinitionIn
         owasp: [
             { id: 'A03:2021', name: 'Injection', url: 'https://owasp.org/Top10/A03_2021-Injection/' },
         ],
-        remediation: 'Suppress detailed XPath error messages in production. Use safe XPath APIs and validation to prevent injection. Implement centralized error handling with generic responses.',
-    },
-};
+        remediation: 'Suppress detailed XPath error messages in production. Use safe XPath APIs and validation to prevent injection. Implement centralized error handling with generic responses.',
+    },
+
+    // ========================================
+    // PATH PARAMETER INJECTION
+    // ========================================
+    [VulnerabilityCode.PATH_PARAMETER_INJECTION]: {
+        id: 334,
+        code: VulnerabilityCode.PATH_PARAMETER_INJECTION,
+        title: 'Path Parameter Injection',
+        description: 'Path parameter injection vulnerability detected where user-controlled path segments trigger server errors or internal detail leaks, indicating unsafe handling of dynamic path values that may enable injection or traversal behaviors.',
+        severity: 'medium',
+        levelId: 3,
+        category: 'injection',
+        scanner: 'model-state',
+        groupName: 'Injection',
+        cvss: {
+            score: 6.1,
+            vector: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N',
+            severity: 'MEDIUM',
+        },
+        cwe: [
+            { id: 'CWE-20', name: 'Improper Input Validation', url: 'https://cwe.mitre.org/data/definitions/20.html' },
+        ],
+        owasp: [
+            { id: 'A03:2021', name: 'Injection', url: 'https://owasp.org/Top10/A03_2021-Injection/' },
+        ],
+        remediation: 'Validate and constrain path parameters with allowlists or route constraints. Normalize and sanitize path inputs before use. Avoid passing raw path segments into file or query handlers.',
+    },
+
+    [VulnerabilityCode.HPP_DUPLICATE_PARAMETER]: {
+        id: 335,
+        code: VulnerabilityCode.HPP_DUPLICATE_PARAMETER,
+        title: 'HTTP Parameter Pollution',
+        description: 'HTTP parameter pollution vulnerability detected where duplicate query parameter keys trigger behavior distinct from both single-value control requests, indicating inconsistent duplicate-key handling that may enable logic bypasses or validation mismatches across components.',
+        severity: 'medium',
+        levelId: 3,
+        category: 'injection',
+        scanner: 'model-state',
+        groupName: 'HTTP Parameter Pollution',
+        cvss: {
+            score: 5.3,
+            vector: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N',
+            severity: 'MEDIUM',
+        },
+        cwe: [
+            { id: 'CWE-235', name: 'Improper Handling of Extra Parameters', url: 'https://cwe.mitre.org/data/definitions/235.html' },
+        ],
+        owasp: [
+            { id: 'A04:2021', name: 'Insecure Design', url: 'https://owasp.org/Top10/A04_2021-Insecure_Design/' },
+        ],
+        remediation: 'Reject unexpected duplicate parameters or canonicalize them consistently at the edge. Ensure upstream proxies, frameworks, and application code all apply the same duplicate-key handling rules. Prefer strict allowlists for security-sensitive parameters.',
+    },
+};
 
 export default INJECTION_VULNERABILITIES;
 

package/src/categories/sensitive-data.ts

@@ -0,0 +1,117 @@
+/**
+ * Vulnerability Registry - Sensitive Data Exposure
+ *
+ * Definitions for high-confidence sensitive data exposures detected in content.
+ */
+
+import { VulnerabilityCode } from '../error-codes.js';
+import type { VulnerabilityDefinitionInput, Severity } from '../types.js';
+
+const CWE_EXPOSURE = [
+  { id: 'CWE-200', name: 'Exposure of Sensitive Information to an Unauthorized Actor', url: 'https://cwe.mitre.org/data/definitions/200.html' },
+];
+
+const OWASP_CRYPTO = [
+  { id: 'A02:2021', name: 'Cryptographic Failures', url: 'https://owasp.org/Top10/A02_2021-Cryptographic_Failures/' },
+];
+
+const CVSS_BY_SEVERITY: Record<Severity, { score: number; vector: string; severity: 'CRITICAL' | 'HIGH' | 'MEDIUM' | 'LOW' | 'NONE' }> = {
+  critical: { score: 9.1, vector: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N', severity: 'CRITICAL' },
+  high: { score: 7.5, vector: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N', severity: 'HIGH' },
+  medium: { score: 5.3, vector: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N', severity: 'MEDIUM' },
+  low: { score: 3.1, vector: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N', severity: 'LOW' },
+  info: { score: 0.0, vector: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N', severity: 'NONE' },
+};
+
+const LEVEL_BY_SEVERITY: Record<Severity, 1 | 2 | 3 | 4 | 5> = {
+  critical: 1,
+  high: 2,
+  medium: 3,
+  low: 4,
+  info: 5,
+};
+
+const REMEDIATION =
+  'Remove secrets from client-visible responses, rotate any exposed keys, and store secrets in a secure vault. Implement response redaction and ensure sensitive data is never returned to unauthenticated users.';
+
+type SensitiveDataDef = {
+  id: number;
+  code: VulnerabilityCode;
+  title: string;
+  description: string;
+  severity: Severity;
+};
+
+const SENSITIVE_DATA_DEFS: SensitiveDataDef[] = [
+  { id: 608, code: VulnerabilityCode.SENS_DATA_AWS_ACCESS_KEY_ID, title: 'AWS Access Key ID Exposed', description: 'Exposure of an AWS Access Key ID in response content may allow unauthorized access to AWS resources.', severity: 'critical' },
+  { id: 609, code: VulnerabilityCode.SENS_DATA_AWS_SECRET_ACCESS_KEY, title: 'AWS Secret Access Key Exposed', description: 'Exposure of an AWS Secret Access Key in response content may allow unauthorized access to AWS resources.', severity: 'critical' },
+  { id: 610, code: VulnerabilityCode.SENS_DATA_AWS_MWS_AUTH_TOKEN, title: 'Amazon MWS Auth Token Exposed', description: 'Exposure of an Amazon MWS auth token in response content may allow unauthorized access to merchant APIs.', severity: 'critical' },
+  { id: 611, code: VulnerabilityCode.SENS_DATA_GOOGLE_API_KEY, title: 'Google API Key Exposed', description: 'Exposure of a Google API key in response content may allow unauthorized access to Google APIs.', severity: 'high' },
+  { id: 612, code: VulnerabilityCode.SENS_DATA_GOOGLE_OAUTH_TOKEN, title: 'Google OAuth Token Exposed', description: 'Exposure of a Google OAuth token in response content may allow unauthorized access to Google user data.', severity: 'high' },
+  { id: 613, code: VulnerabilityCode.SENS_DATA_GOOGLE_CLOUD_PRIVATE_KEY_ID, title: 'Google Cloud Private Key ID Exposed', description: 'Exposure of a Google Cloud private key ID in response content may allow unauthorized access to GCP services.', severity: 'critical' },
+  { id: 614, code: VulnerabilityCode.SENS_DATA_GITHUB_PAT, title: 'GitHub Personal Access Token Exposed', description: 'Exposure of a GitHub personal access token in response content may allow unauthorized access to repositories and APIs.', severity: 'critical' },
+  { id: 615, code: VulnerabilityCode.SENS_DATA_GITHUB_OAUTH_TOKEN, title: 'GitHub OAuth Token Exposed', description: 'Exposure of a GitHub OAuth token in response content may allow unauthorized access to GitHub APIs.', severity: 'critical' },
+  { id: 616, code: VulnerabilityCode.SENS_DATA_GITHUB_APP_TOKEN, title: 'GitHub App Token Exposed', description: 'Exposure of a GitHub App token in response content may allow unauthorized access to GitHub APIs.', severity: 'critical' },
+  { id: 617, code: VulnerabilityCode.SENS_DATA_GITHUB_REFRESH_TOKEN, title: 'GitHub Refresh Token Exposed', description: 'Exposure of a GitHub refresh token in response content may allow long-term unauthorized access.', severity: 'critical' },
+  { id: 618, code: VulnerabilityCode.SENS_DATA_GITLAB_PAT, title: 'GitLab Personal Access Token Exposed', description: 'Exposure of a GitLab personal access token in response content may allow unauthorized access to GitLab APIs.', severity: 'critical' },
+  { id: 619, code: VulnerabilityCode.SENS_DATA_GITLAB_PIPELINE_TOKEN, title: 'GitLab Pipeline Token Exposed', description: 'Exposure of a GitLab pipeline trigger token in response content may allow unauthorized pipeline execution.', severity: 'critical' },
+  { id: 620, code: VulnerabilityCode.SENS_DATA_AZURE_STORAGE_ACCOUNT_KEY, title: 'Azure Storage Account Key Exposed', description: 'Exposure of an Azure Storage account key in response content may allow unauthorized access to storage resources.', severity: 'critical' },
+  { id: 621, code: VulnerabilityCode.SENS_DATA_STRIPE_SECRET_KEY, title: 'Stripe Secret Key Exposed', description: 'Exposure of a Stripe secret key in response content may allow unauthorized payment operations.', severity: 'critical' },
+  { id: 622, code: VulnerabilityCode.SENS_DATA_STRIPE_PUBLISHABLE_KEY, title: 'Stripe Publishable Key Exposed', description: 'Exposure of a Stripe publishable key in response content may allow public API usage and metadata exposure.', severity: 'medium' },
+  { id: 623, code: VulnerabilityCode.SENS_DATA_STRIPE_RESTRICTED_KEY, title: 'Stripe Restricted Key Exposed', description: 'Exposure of a Stripe restricted key in response content may allow unauthorized access to restricted Stripe APIs.', severity: 'critical' },
+  { id: 624, code: VulnerabilityCode.SENS_DATA_SLACK_TOKEN, title: 'Slack Token Exposed', description: 'Exposure of a Slack token in response content may allow unauthorized access to Slack workspaces.', severity: 'critical' },
+  { id: 625, code: VulnerabilityCode.SENS_DATA_SLACK_WEBHOOK, title: 'Slack Webhook Exposed', description: 'Exposure of a Slack webhook URL in response content may allow unauthorized message posting.', severity: 'high' },
+  { id: 626, code: VulnerabilityCode.SENS_DATA_DISCORD_BOT_TOKEN, title: 'Discord Bot Token Exposed', description: 'Exposure of a Discord bot token in response content may allow unauthorized bot control.', severity: 'critical' },
+  { id: 627, code: VulnerabilityCode.SENS_DATA_DISCORD_WEBHOOK, title: 'Discord Webhook Exposed', description: 'Exposure of a Discord webhook URL in response content may allow unauthorized message posting.', severity: 'high' },
+  { id: 628, code: VulnerabilityCode.SENS_DATA_TWILIO_ACCOUNT_SID, title: 'Twilio Account SID Exposed', description: 'Exposure of a Twilio Account SID in response content may allow account enumeration or targeted attacks.', severity: 'high' },
+  { id: 629, code: VulnerabilityCode.SENS_DATA_SENDGRID_API_KEY, title: 'SendGrid API Key Exposed', description: 'Exposure of a SendGrid API key in response content may allow unauthorized email sending.', severity: 'critical' },
+  { id: 630, code: VulnerabilityCode.SENS_DATA_MAILGUN_API_KEY, title: 'Mailgun API Key Exposed', description: 'Exposure of a Mailgun API key in response content may allow unauthorized email sending.', severity: 'critical' },
+  { id: 631, code: VulnerabilityCode.SENS_DATA_MAILCHIMP_API_KEY, title: 'Mailchimp API Key Exposed', description: 'Exposure of a Mailchimp API key in response content may allow unauthorized access to marketing data.', severity: 'critical' },
+  { id: 632, code: VulnerabilityCode.SENS_DATA_NPM_TOKEN, title: 'NPM Token Exposed', description: 'Exposure of an NPM access token in response content may allow unauthorized package publication or access.', severity: 'critical' },
+  { id: 633, code: VulnerabilityCode.SENS_DATA_PYPI_TOKEN, title: 'PyPI Token Exposed', description: 'Exposure of a PyPI API token in response content may allow unauthorized package publication or access.', severity: 'critical' },
+  { id: 634, code: VulnerabilityCode.SENS_DATA_RSA_PRIVATE_KEY, title: 'RSA Private Key Exposed', description: 'Exposure of an RSA private key in response content may allow unauthorized decryption or authentication.', severity: 'critical' },
+  { id: 635, code: VulnerabilityCode.SENS_DATA_OPENSSH_PRIVATE_KEY, title: 'OpenSSH Private Key Exposed', description: 'Exposure of an OpenSSH private key in response content may allow unauthorized server access.', severity: 'critical' },
+  { id: 636, code: VulnerabilityCode.SENS_DATA_DSA_PRIVATE_KEY, title: 'DSA Private Key Exposed', description: 'Exposure of a DSA private key in response content may allow unauthorized decryption or authentication.', severity: 'critical' },
+  { id: 637, code: VulnerabilityCode.SENS_DATA_EC_PRIVATE_KEY, title: 'EC Private Key Exposed', description: 'Exposure of an EC private key in response content may allow unauthorized decryption or authentication.', severity: 'critical' },
+  { id: 638, code: VulnerabilityCode.SENS_DATA_PGP_PRIVATE_KEY, title: 'PGP Private Key Exposed', description: 'Exposure of a PGP private key in response content may allow unauthorized decryption or signing.', severity: 'critical' },
+  { id: 639, code: VulnerabilityCode.SENS_DATA_ENCRYPTED_PRIVATE_KEY, title: 'Encrypted Private Key Exposed', description: 'Exposure of an encrypted private key in response content may allow offline brute force and key recovery.', severity: 'critical' },
+  { id: 640, code: VulnerabilityCode.SENS_DATA_MONGODB_URI, title: 'MongoDB Connection String Exposed', description: 'Exposure of a MongoDB connection string in response content may allow unauthorized database access.', severity: 'critical' },
+  { id: 641, code: VulnerabilityCode.SENS_DATA_POSTGRESQL_URI, title: 'PostgreSQL Connection String Exposed', description: 'Exposure of a PostgreSQL connection string in response content may allow unauthorized database access.', severity: 'critical' },
+  { id: 642, code: VulnerabilityCode.SENS_DATA_MYSQL_URI, title: 'MySQL Connection String Exposed', description: 'Exposure of a MySQL connection string in response content may allow unauthorized database access.', severity: 'critical' },
+  { id: 643, code: VulnerabilityCode.SENS_DATA_REDIS_URI, title: 'Redis Connection String Exposed', description: 'Exposure of a Redis connection string in response content may allow unauthorized database access.', severity: 'critical' },
+  { id: 644, code: VulnerabilityCode.SENS_DATA_MSSQL_URI, title: 'MSSQL Connection String Exposed', description: 'Exposure of a Microsoft SQL Server connection string in response content may allow unauthorized database access.', severity: 'critical' },
+  { id: 645, code: VulnerabilityCode.SENS_DATA_DIGITALOCEAN_TOKEN, title: 'DigitalOcean Token Exposed', description: 'Exposure of a DigitalOcean token in response content may allow unauthorized access to cloud resources.', severity: 'critical' },
+  { id: 646, code: VulnerabilityCode.SENS_DATA_ALIBABA_CLOUD_ACCESS_KEY, title: 'Alibaba Cloud Access Key Exposed', description: 'Exposure of an Alibaba Cloud access key in response content may allow unauthorized access to cloud resources.', severity: 'critical' },
+  { id: 647, code: VulnerabilityCode.SENS_DATA_SQUARE_ACCESS_TOKEN, title: 'Square Access Token Exposed', description: 'Exposure of a Square access token in response content may allow unauthorized payment operations.', severity: 'critical' },
+  { id: 648, code: VulnerabilityCode.SENS_DATA_SQUARE_OAUTH_SECRET, title: 'Square OAuth Secret Exposed', description: 'Exposure of a Square OAuth secret in response content may allow unauthorized access to Square APIs.', severity: 'critical' },
+  { id: 649, code: VulnerabilityCode.SENS_DATA_SHOPIFY_ACCESS_TOKEN, title: 'Shopify Access Token Exposed', description: 'Exposure of a Shopify access token in response content may allow unauthorized access to Shopify APIs.', severity: 'critical' },
+  { id: 650, code: VulnerabilityCode.SENS_DATA_SHOPIFY_CUSTOM_APP_TOKEN, title: 'Shopify Custom App Token Exposed', description: 'Exposure of a Shopify custom app token in response content may allow unauthorized access to Shopify APIs.', severity: 'critical' },
+  { id: 651, code: VulnerabilityCode.SENS_DATA_SHOPIFY_PRIVATE_APP_TOKEN, title: 'Shopify Private App Token Exposed', description: 'Exposure of a Shopify private app token in response content may allow unauthorized access to Shopify APIs.', severity: 'critical' },
+  { id: 652, code: VulnerabilityCode.SENS_DATA_SHOPIFY_SHARED_SECRET, title: 'Shopify Shared Secret Exposed', description: 'Exposure of a Shopify shared secret in response content may allow unauthorized access to Shopify integrations.', severity: 'critical' },
+  { id: 653, code: VulnerabilityCode.SENS_DATA_TELEGRAM_BOT_TOKEN, title: 'Telegram Bot Token Exposed', description: 'Exposure of a Telegram bot token in response content may allow unauthorized bot control.', severity: 'critical' },
+  { id: 654, code: VulnerabilityCode.SENS_DATA_OPENAI_API_KEY, title: 'OpenAI API Key Exposed', description: 'Exposure of an OpenAI API key in response content may allow unauthorized API usage.', severity: 'critical' },
+  { id: 655, code: VulnerabilityCode.SENS_DATA_SENTRY_DSN, title: 'Sentry DSN Exposed', description: 'Exposure of a Sentry DSN in response content may allow unauthorized event submission.', severity: 'high' },
+];
+
+export const SENSITIVE_DATA_VULNERABILITIES: Record<string, VulnerabilityDefinitionInput> = Object.fromEntries(
+  SENSITIVE_DATA_DEFS.map((def) => ([
+    def.code,
+    {
+      id: def.id,
+      code: def.code,
+      title: def.title,
+      description: def.description,
+      severity: def.severity,
+      levelId: LEVEL_BY_SEVERITY[def.severity],
+      category: 'information_disclosure',
+      scanner: 'sensitive-data',
+      groupName: 'Sensitive Data',
+      cvss: CVSS_BY_SEVERITY[def.severity],
+      cwe: CWE_EXPOSURE,
+      owasp: OWASP_CRYPTO,
+      remediation: REMEDIATION,
+    },
+  ]))
+);
+
+export default SENSITIVE_DATA_VULNERABILITIES;

package/src/categories/xss.ts

@@ -354,4 +354,27 @@ export const XSS_VULNERABILITIES: Record<string, VulnerabilityDefinitionInput> =
         ],
         remediation: 'Use v-text instead of v-html for user content. Never compile user input as Vue templates. Use vue-runtime-only build that does not include template compiler. Sanitize mustache syntax.',
     },
+
+    [VulnerabilityCode.XSS_INSUFFICIENT_OUTPUT_ENCODING]: {
+        id: 415,
+        code: VulnerabilityCode.XSS_INSUFFICIENT_OUTPUT_ENCODING,
+        title: 'Insufficient Output Encoding',
+        description: 'Special characters are reflected without proper encoding in the response. While no direct XSS exploitation was confirmed, the incomplete encoding of characters like quotes, ampersands, or parentheses indicates potential encoding gaps that could lead to vulnerabilities in different contexts.',
+        severity: 'info',
+        levelId: 5,
+        category: 'xss',
+        scanner: 'xss',
+        cvss: {
+            score: 2.6,
+            vector: 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N',
+            severity: 'LOW',
+        },
+        cwe: [
+            { id: 'CWE-116', name: 'Improper Encoding or Escaping of Output', url: 'https://cwe.mitre.org/data/definitions/116.html' },
+        ],
+        owasp: [
+            { id: 'A03:2021', name: 'Injection', url: 'https://owasp.org/Top10/A03_2021-Injection/' },
+        ],
+        remediation: 'Implement comprehensive output encoding for all special characters including <, >, ", \', &, (, ), /, and \\. Use context-aware encoding based on the output location (HTML body, attributes, JavaScript, URL, CSS).',
+    },
 };

package/src/compliances/compliance-by-vulnerabilities.ts

@@ -4,35 +4,39 @@ import {owaspA1Ids,owaspA2Ids,owaspA3Ids,owaspA5Ids,owaspA7Ids,owaspA8Ids} from
 import {allAppSecIds as pciAllAppSecIds,misconfigIds as pciMisconfigIds,accessControlIds as pciAccessControlIds,cryptoIds as pciCryptoIds,injectionAndXssIds as pciInjectionAndXssIds,authAndCookieIds as pciAuthAndCookieIds} from './pci-dss.js'
 import { authIds as sauthIds,accessControlIds as saccessControlIds,cmdiIds as scmdiIds,deserializationIds as sdeserializationIds,disclosureIds as sdisclosureIds,injectionIds as sinjectionIds,lfiIds as slfiIds,sqliIds,ssrfIds as ssrfids ,sstiIds as ssstiIds,xssIds as sxssIds} from './sans-top-25.js'
 import { isoAccessControlIds, isoCryptoIds, isoOpsSecurityIds, isoCommunicationsSecurityIds, isoSecureDevelopmentIds, isoComplianceIds } from './iso27001.js'
+import { idsByCodes } from './helpers.js'
+
+const pathInjectionIds = idsByCodes(['PATH_PARAMETER_INJECTION'])
+const uniqueIds = (ids: number[]) => Array.from(new Set(ids))
 export const COMPLIANCE_BY_VULNERABILITIES = [
     {
         id:3,
         title:'GDPR',
-        vulnerabilities:[...accessRestrictionIds,...allAppSecIds,...authAndCookieIds,...cryptoPolicyIds,...infoLeakageIds,...inputValidationIds,...outputValidationIds]
-    },
-    {
-        id:2,
-        title:'HIPAA',
-        vulnerabilities:[accessControlIds,...hallAppSecIds,...hauthAnCookieIds,...cryptoIds,...integrityIds]
-    },
-    {
-        id:1,
-        title:'OWASP',
-        vulnerabilities:[...owaspA1Ids,...owaspA2Ids,...owaspA3Ids,...owaspA5Ids,...owaspA7Ids,...owaspA8Ids]
-    },
-    {
-        id:4,
-        title:'PCI-DSS',
-        vulnerabilities:[...pciAllAppSecIds,...pciMisconfigIds,...pciAccessControlIds,...pciCryptoIds,...pciInjectionAndXssIds,...pciAuthAndCookieIds]
-    },
+        vulnerabilities: uniqueIds([...accessRestrictionIds,...allAppSecIds,...authAndCookieIds,...cryptoPolicyIds,...infoLeakageIds,...inputValidationIds,...outputValidationIds, ...pathInjectionIds])
+    },
+    {
+        id:2,
+        title:'HIPAA',
+        vulnerabilities: uniqueIds([...accessControlIds,...hallAppSecIds,...hauthAnCookieIds,...cryptoIds,...integrityIds, ...pathInjectionIds])
+    },
+    {
+        id:1,
+        title:'OWASP',
+        vulnerabilities: uniqueIds([...owaspA1Ids,...owaspA2Ids,...owaspA3Ids,...owaspA5Ids,...owaspA7Ids,...owaspA8Ids, ...pathInjectionIds])
+    },
+    {
+        id:4,
+        title:'PCI-DSS',
+        vulnerabilities: uniqueIds([...pciAllAppSecIds,...pciMisconfigIds,...pciAccessControlIds,...pciCryptoIds,...pciInjectionAndXssIds,...pciAuthAndCookieIds, ...pathInjectionIds])
+    },
     {
         id:6,
         title:'SANS Top 25',
-        vulnerabilities:[...sauthIds,...saccessControlIds,...scmdiIds,...sdeserializationIds,...sdisclosureIds,...sinjectionIds,...slfiIds,...sqliIds,...ssrfids,...ssstiIds,...sxssIds]
+        vulnerabilities: uniqueIds([...sauthIds,...saccessControlIds,...scmdiIds,...sdeserializationIds,...sdisclosureIds,...sinjectionIds,...slfiIds,...sqliIds,...ssrfids,...ssstiIds,...sxssIds, ...pathInjectionIds])
     },
     {
         id:5,
         title:'ISO 27001',
-        vulnerabilities:[...isoAccessControlIds,...isoCryptoIds,...isoOpsSecurityIds,...isoCommunicationsSecurityIds,...isoSecureDevelopmentIds,...isoComplianceIds]
+        vulnerabilities: uniqueIds([...isoAccessControlIds,...isoCryptoIds,...isoOpsSecurityIds,...isoCommunicationsSecurityIds,...isoSecureDevelopmentIds,...isoComplianceIds, ...pathInjectionIds])
     }
 ];

package/src/compliances/gdpr.ts

@@ -3,7 +3,8 @@ import { ComplianceCategory, ComplianceRegistry } from '../types.js';
 import { idsByCategory, idsByCodes, idsByCodePrefix, mergeIds } from './helpers.js';
 
 const authIds = idsByCategory('authentication');
-const injectionIds = idsByCategory('injection');
+const pathInjectionIds = idsByCodes(['PATH_PARAMETER_INJECTION']);
+const injectionIds = mergeIds(idsByCategory('injection'), pathInjectionIds);
 const xssIds = idsByCategory('xss');
 const ssrfIds = idsByCategory('ssrf');
 const configIds = idsByCategory('configuration');

package/src/compliances/hipaa.ts

@@ -3,7 +3,8 @@ import { ComplianceCategory, ComplianceRegistry } from '../types.js';
 import { idsByCategory, idsByCodes, idsByCodePrefix, mergeIds } from './helpers.js';
 
 const authIds = idsByCategory('authentication');
-const injectionIds = idsByCategory('injection');
+const pathInjectionIds = idsByCodes(['PATH_PARAMETER_INJECTION']);
+const injectionIds = mergeIds(idsByCategory('injection'), pathInjectionIds);
 const xssIds = idsByCategory('xss');
 const ssrfIds = idsByCategory('ssrf');
 const configIds = idsByCategory('configuration');

package/src/compliances/iso27001.ts

@@ -3,7 +3,8 @@ import { ComplianceCategory, ComplianceRegistry } from '../types.js';
 import { idsByCategory, idsByCodePrefix, idsByCodes, mergeIds } from './helpers.js';
 
 const authIds = idsByCategory('authentication');
-const injectionIds = idsByCategory('injection');
+const pathInjectionIds = idsByCodes(['PATH_PARAMETER_INJECTION']);
+const injectionIds = mergeIds(idsByCategory('injection'), pathInjectionIds);
 const xssIds = idsByCategory('xss');
 const ssrfIds = idsByCategory('ssrf');
 const configIds = idsByCategory('configuration');

package/src/compliances/owasp.ts

@@ -3,7 +3,8 @@ import { ComplianceCategory, ComplianceRegistry } from '../types.js';
 import { idsByCategory, idsByCodes, idsByCodePrefix, mergeIds } from './helpers.js';
 
 const authIds = idsByCategory('authentication');
-const injectionIds = idsByCategory('injection');
+const pathInjectionIds = idsByCodes(['PATH_PARAMETER_INJECTION']);
+const injectionIds = mergeIds(idsByCategory('injection'), pathInjectionIds);
 const xssIds = idsByCategory('xss');
 const ssrfIds = idsByCategory('ssrf');
 const configIds = idsByCategory('configuration');

package/src/compliances/pci-dss.ts

@@ -3,7 +3,8 @@ import { ComplianceCategory, ComplianceRegistry } from '../types.js';
 import { idsByCategory, idsByCodes, idsByCodePrefix, mergeIds } from './helpers.js';
 
 const authIds = idsByCategory('authentication');
-const injectionIds = idsByCategory('injection');
+const pathInjectionIds = idsByCodes(['PATH_PARAMETER_INJECTION']);
+const injectionIds = mergeIds(idsByCategory('injection'), pathInjectionIds);
 const xssIds = idsByCategory('xss');
 const ssrfIds = idsByCategory('ssrf');
 const configIds = idsByCategory('configuration');

package/src/compliances/sans-top-25.ts

@@ -3,7 +3,10 @@ import { ComplianceCategory, ComplianceRegistry } from '../types.js';
 import { idsByCategory, idsByCodePrefix, mergeIds } from './helpers.js';
 
 export const authIds = idsByCategory('authentication');
-export const injectionIds = idsByCategory('injection');
+export const injectionIds = mergeIds(
+  idsByCategory('injection'),
+  idsByCodePrefix(['PATH_PARAMETER_INJECTION'])
+);
 export const xssIds = idsByCategory('xss');
 export const ssrfIds = idsByCategory('ssrf');
 export const disclosureIds = idsByCategory('information_disclosure');

package/src/error-codes.ts

@@ -15,6 +15,11 @@ export enum VulnerabilityCode {
     SQLI_STACK_BASED = 'SQLI_STACK_BASED',
     SQLI_UNION_BASED = 'SQLI_UNION_BASED',
 
+    // ========================================
+    // PATH INJECTION (PATH_*)
+    // ========================================
+    PATH_PARAMETER_INJECTION = 'PATH_PARAMETER_INJECTION',
+
     // ========================================
     // CROSS-SITE SCRIPTING (XSS_*)
     // ========================================
@@ -33,6 +38,7 @@ export enum VulnerabilityCode {
     XSS_CSP_BYPASS = 'XSS_CSP_BYPASS',
     XSS_TEMPLATE_LITERAL = 'XSS_TEMPLATE_LITERAL',
     XSS_MUTATION_BASED = 'XSS_MUTATION_BASED',
+    XSS_INSUFFICIENT_OUTPUT_ENCODING = 'XSS_INSUFFICIENT_OUTPUT_ENCODING',
 
     // ========================================
     // COMMAND INJECTION (CMDI_*)
@@ -101,13 +107,14 @@ export enum VulnerabilityCode {
     JWT_EXPIRED_TOKEN = 'JWT_EXPIRED_TOKEN',
     JWT_MISSING_CLAIMS = 'JWT_MISSING_CLAIMS',
     JWT_CLAIM_TAMPERING = 'JWT_CLAIM_TAMPERING',
-    JWT_KID_INJECTION = 'JWT_KID_INJECTION',
-    JWT_JKU_INJECTION = 'JWT_JKU_INJECTION',
-    JWT_EMBEDDED_JWK = 'JWT_EMBEDDED_JWK',
-    JWT_X5C_INJECTION = 'JWT_X5C_INJECTION',
-
-    // ========================================
-    // OPEN REDIRECT (REDIRECT_*)
+    JWT_KID_INJECTION = 'JWT_KID_INJECTION',
+    JWT_JKU_INJECTION = 'JWT_JKU_INJECTION',
+    JWT_EMBEDDED_JWK = 'JWT_EMBEDDED_JWK',
+    JWT_X5C_INJECTION = 'JWT_X5C_INJECTION',
+    AUTH_SESSION_NOT_INVALIDATED_ON_LOGOUT = 'AUTH_SESSION_NOT_INVALIDATED_ON_LOGOUT',
+
+    // ========================================
+    // OPEN REDIRECT (REDIRECT_*)
     // ========================================
     REDIRECT_HEADER_INJECTION = 'REDIRECT_HEADER_INJECTION',
     REDIRECT_META_REFRESH = 'REDIRECT_META_REFRESH',
@@ -128,36 +135,36 @@ export enum VulnerabilityCode {
     HEADER_MISSING_HSTS = 'HEADER_MISSING_HSTS',
     HEADER_MISSING_XFRAME = 'HEADER_MISSING_XFRAME',
     HEADER_MISSING_XCONTENT_TYPE = 'HEADER_MISSING_XCONTENT_TYPE',
-    HEADER_MISSING_XSS_PROTECTION = 'HEADER_MISSING_XSS_PROTECTION',
-    HEADER_MISSING_REFERRER_POLICY = 'HEADER_MISSING_REFERRER_POLICY',
-    HEADER_MISSING_PERMISSIONS_POLICY = 'HEADER_MISSING_PERMISSIONS_POLICY',
-    HEADER_WEAK_CSP = 'HEADER_WEAK_CSP',
-    HEADER_CSP_REPORT_ONLY = 'HEADER_CSP_REPORT_ONLY',
-    HEADER_CSP_WEAK_DIRECTIVES = 'HEADER_CSP_WEAK_DIRECTIVES',
-    HEADER_CSP_DATA_URI_SCRIPT = 'HEADER_CSP_DATA_URI_SCRIPT',
-    HEADER_CSP_BLOB_URI_SCRIPT = 'HEADER_CSP_BLOB_URI_SCRIPT',
-    HEADER_CSP_WILDCARD_DEFAULT = 'HEADER_CSP_WILDCARD_DEFAULT',
-    HEADER_CSP_NO_BASE_URI = 'HEADER_CSP_NO_BASE_URI',
-    HEADER_CSP_NO_OBJECT_SRC = 'HEADER_CSP_NO_OBJECT_SRC',
-    HEADER_CSP_NO_FRAME_ANCESTORS = 'HEADER_CSP_NO_FRAME_ANCESTORS',
-    HEADER_CORS_MISCONFIGURED = 'HEADER_CORS_MISCONFIGURED',
-    HEADER_CORS_STAR_WITH_CREDENTIALS = 'HEADER_CORS_STAR_WITH_CREDENTIALS',
-    HEADER_CORS_ORIGIN_REFLECT_NO_VARY = 'HEADER_CORS_ORIGIN_REFLECT_NO_VARY',
-    HEADER_CORS_NULL_ORIGIN = 'HEADER_CORS_NULL_ORIGIN',
-    HEADER_CORS_WILDCARD_SUBDOMAIN = 'HEADER_CORS_WILDCARD_SUBDOMAIN',
-    HEADER_COEP_WITHOUT_COOP = 'HEADER_COEP_WITHOUT_COOP',
-    HEADER_CORP_UNUSUAL = 'HEADER_CORP_UNUSUAL',
-    HEADER_EXPECT_CT_PRESENT = 'HEADER_EXPECT_CT_PRESENT',
-    HEADER_SERVER_HEADER_PRESENT = 'HEADER_SERVER_HEADER_PRESENT',
-    HEADER_X_POWERED_BY_PRESENT = 'HEADER_X_POWERED_BY_PRESENT',
-    HEADER_X_XSS_PROTECTION_ENABLED = 'HEADER_X_XSS_PROTECTION_ENABLED',
-    HEADER_XCONTENT_TYPE_INVALID = 'HEADER_XCONTENT_TYPE_INVALID',
-    HEADER_REFERRER_POLICY_UNSAFE = 'HEADER_REFERRER_POLICY_UNSAFE',
-    HEADER_HSTS_BAD_MAX_AGE = 'HEADER_HSTS_BAD_MAX_AGE',
-    HEADER_HSTS_SHORT_MAX_AGE = 'HEADER_HSTS_SHORT_MAX_AGE',
-    HEADER_HSTS_NO_INCLUDESUBDOMAINS = 'HEADER_HSTS_NO_INCLUDESUBDOMAINS',
-    HEADER_HSTS_PRELOAD_LOW_MAX_AGE = 'HEADER_HSTS_PRELOAD_LOW_MAX_AGE',
-    COOKIE_SAMESITE_NONE_WITHOUT_SECURE = 'COOKIE_SAMESITE_NONE_WITHOUT_SECURE',
+    HEADER_MISSING_XSS_PROTECTION = 'HEADER_MISSING_XSS_PROTECTION',
+    HEADER_MISSING_REFERRER_POLICY = 'HEADER_MISSING_REFERRER_POLICY',
+    HEADER_MISSING_PERMISSIONS_POLICY = 'HEADER_MISSING_PERMISSIONS_POLICY',
+    HEADER_WEAK_CSP = 'HEADER_WEAK_CSP',
+    HEADER_CSP_REPORT_ONLY = 'HEADER_CSP_REPORT_ONLY',
+    HEADER_CSP_WEAK_DIRECTIVES = 'HEADER_CSP_WEAK_DIRECTIVES',
+    HEADER_CSP_DATA_URI_SCRIPT = 'HEADER_CSP_DATA_URI_SCRIPT',
+    HEADER_CSP_BLOB_URI_SCRIPT = 'HEADER_CSP_BLOB_URI_SCRIPT',
+    HEADER_CSP_WILDCARD_DEFAULT = 'HEADER_CSP_WILDCARD_DEFAULT',
+    HEADER_CSP_NO_BASE_URI = 'HEADER_CSP_NO_BASE_URI',
+    HEADER_CSP_NO_OBJECT_SRC = 'HEADER_CSP_NO_OBJECT_SRC',
+    HEADER_CSP_NO_FRAME_ANCESTORS = 'HEADER_CSP_NO_FRAME_ANCESTORS',
+    HEADER_CORS_MISCONFIGURED = 'HEADER_CORS_MISCONFIGURED',
+    HEADER_CORS_STAR_WITH_CREDENTIALS = 'HEADER_CORS_STAR_WITH_CREDENTIALS',
+    HEADER_CORS_ORIGIN_REFLECT_NO_VARY = 'HEADER_CORS_ORIGIN_REFLECT_NO_VARY',
+    HEADER_CORS_NULL_ORIGIN = 'HEADER_CORS_NULL_ORIGIN',
+    HEADER_CORS_WILDCARD_SUBDOMAIN = 'HEADER_CORS_WILDCARD_SUBDOMAIN',
+    HEADER_COEP_WITHOUT_COOP = 'HEADER_COEP_WITHOUT_COOP',
+    HEADER_CORP_UNUSUAL = 'HEADER_CORP_UNUSUAL',
+    HEADER_EXPECT_CT_PRESENT = 'HEADER_EXPECT_CT_PRESENT',
+    HEADER_SERVER_HEADER_PRESENT = 'HEADER_SERVER_HEADER_PRESENT',
+    HEADER_X_POWERED_BY_PRESENT = 'HEADER_X_POWERED_BY_PRESENT',
+    HEADER_X_XSS_PROTECTION_ENABLED = 'HEADER_X_XSS_PROTECTION_ENABLED',
+    HEADER_XCONTENT_TYPE_INVALID = 'HEADER_XCONTENT_TYPE_INVALID',
+    HEADER_REFERRER_POLICY_UNSAFE = 'HEADER_REFERRER_POLICY_UNSAFE',
+    HEADER_HSTS_BAD_MAX_AGE = 'HEADER_HSTS_BAD_MAX_AGE',
+    HEADER_HSTS_SHORT_MAX_AGE = 'HEADER_HSTS_SHORT_MAX_AGE',
+    HEADER_HSTS_NO_INCLUDESUBDOMAINS = 'HEADER_HSTS_NO_INCLUDESUBDOMAINS',
+    HEADER_HSTS_PRELOAD_LOW_MAX_AGE = 'HEADER_HSTS_PRELOAD_LOW_MAX_AGE',
+    COOKIE_SAMESITE_NONE_WITHOUT_SECURE = 'COOKIE_SAMESITE_NONE_WITHOUT_SECURE',
     COOKIE_SESSION_MISSING_SECURE = 'COOKIE_SESSION_MISSING_SECURE',
     COOKIE_MISSING_SECURE = 'COOKIE_MISSING_SECURE',
     COOKIE_SESSION_MISSING_HTTPONLY = 'COOKIE_SESSION_MISSING_HTTPONLY',
@@ -182,41 +189,42 @@ export enum VulnerabilityCode {
     HOST_PASSWORD_RESET = 'HOST_PASSWORD_RESET',
     HOST_REDIRECT = 'HOST_REDIRECT',
 
-    // ========================================
-    // DIRECTORY BROWSING (DIRBROWSE_*)
-    // ========================================
-    DIRBROWSE_GENERIC = 'DIRBROWSE_GENERIC',
-    DIRBROWSE_GENERIC_SENSITIVE = 'DIRBROWSE_GENERIC_SENSITIVE',
-    DIRBROWSE_APACHE = 'DIRBROWSE_APACHE',
-    DIRBROWSE_APACHE_SENSITIVE = 'DIRBROWSE_APACHE_SENSITIVE',
-    DIRBROWSE_NGINX = 'DIRBROWSE_NGINX',
-    DIRBROWSE_NGINX_SENSITIVE = 'DIRBROWSE_NGINX_SENSITIVE',
-    DIRBROWSE_IIS = 'DIRBROWSE_IIS',
-    DIRBROWSE_IIS_SENSITIVE = 'DIRBROWSE_IIS_SENSITIVE',
-    DIRBROWSE_TOMCAT = 'DIRBROWSE_TOMCAT',
-    DIRBROWSE_TOMCAT_SENSITIVE = 'DIRBROWSE_TOMCAT_SENSITIVE',
-    DIRBROWSE_CADDY = 'DIRBROWSE_CADDY',
-    DIRBROWSE_CADDY_SENSITIVE = 'DIRBROWSE_CADDY_SENSITIVE',
-    DIRBROWSE_WEBDAV = 'DIRBROWSE_WEBDAV',
-    DIRBROWSE_WEBDAV_SENSITIVE = 'DIRBROWSE_WEBDAV_SENSITIVE',
-    DIRBROWSE_S3 = 'DIRBROWSE_S3',
-    DIRBROWSE_S3_SENSITIVE = 'DIRBROWSE_S3_SENSITIVE',
-    DIRBROWSE_GCS = 'DIRBROWSE_GCS',
-    DIRBROWSE_GCS_SENSITIVE = 'DIRBROWSE_GCS_SENSITIVE',
-    DIRBROWSE_AZURE_BLOB = 'DIRBROWSE_AZURE_BLOB',
-    DIRBROWSE_AZURE_BLOB_SENSITIVE = 'DIRBROWSE_AZURE_BLOB_SENSITIVE',
-    DIRBROWSE_ENABLED = 'DIRBROWSE_ENABLED',
-    DIRBROWSE_SENSITIVE = 'DIRBROWSE_SENSITIVE',
-
-    // ========================================
-    // MASS ASSIGNMENT (MASSASSIGN_*)
     // ========================================
-    MASSASSIGN_PROTOTYPE_POLLUTION = 'MASSASSIGN_PROTOTYPE_POLLUTION',
-    MASSASSIGN_ROLE_ESCALATION = 'MASSASSIGN_ROLE_ESCALATION',
-    MASSASSIGN_HIDDEN_FIELD = 'MASSASSIGN_HIDDEN_FIELD',
+    // DIRECTORY BROWSING (DIRBROWSE_*)
+    // ========================================
+    DIRBROWSE_GENERIC = 'DIRBROWSE_GENERIC',
+    DIRBROWSE_GENERIC_SENSITIVE = 'DIRBROWSE_GENERIC_SENSITIVE',
+    DIRBROWSE_APACHE = 'DIRBROWSE_APACHE',
+    DIRBROWSE_APACHE_SENSITIVE = 'DIRBROWSE_APACHE_SENSITIVE',
+    DIRBROWSE_NGINX = 'DIRBROWSE_NGINX',
+    DIRBROWSE_NGINX_SENSITIVE = 'DIRBROWSE_NGINX_SENSITIVE',
+    DIRBROWSE_IIS = 'DIRBROWSE_IIS',
+    DIRBROWSE_IIS_SENSITIVE = 'DIRBROWSE_IIS_SENSITIVE',
+    DIRBROWSE_TOMCAT = 'DIRBROWSE_TOMCAT',
+    DIRBROWSE_TOMCAT_SENSITIVE = 'DIRBROWSE_TOMCAT_SENSITIVE',
+    DIRBROWSE_CADDY = 'DIRBROWSE_CADDY',
+    DIRBROWSE_CADDY_SENSITIVE = 'DIRBROWSE_CADDY_SENSITIVE',
+    DIRBROWSE_WEBDAV = 'DIRBROWSE_WEBDAV',
+    DIRBROWSE_WEBDAV_SENSITIVE = 'DIRBROWSE_WEBDAV_SENSITIVE',
+    DIRBROWSE_S3 = 'DIRBROWSE_S3',
+    DIRBROWSE_S3_SENSITIVE = 'DIRBROWSE_S3_SENSITIVE',
+    DIRBROWSE_GCS = 'DIRBROWSE_GCS',
+    DIRBROWSE_GCS_SENSITIVE = 'DIRBROWSE_GCS_SENSITIVE',
+    DIRBROWSE_AZURE_BLOB = 'DIRBROWSE_AZURE_BLOB',
+    DIRBROWSE_AZURE_BLOB_SENSITIVE = 'DIRBROWSE_AZURE_BLOB_SENSITIVE',
+    DIRBROWSE_ENABLED = 'DIRBROWSE_ENABLED',
+    DIRBROWSE_SENSITIVE = 'DIRBROWSE_SENSITIVE',
 
-    // ========================================
-    // DESERIALIZATION (DESER_*)
+    // ========================================
+    // MASS ASSIGNMENT (MASSASSIGN_*)
+    // ========================================
+    MASSASSIGN_PROTOTYPE_POLLUTION = 'MASSASSIGN_PROTOTYPE_POLLUTION',
+    MASSASSIGN_ROLE_ESCALATION = 'MASSASSIGN_ROLE_ESCALATION',
+    MASSASSIGN_HIDDEN_FIELD = 'MASSASSIGN_HIDDEN_FIELD',
+    HPP_DUPLICATE_PARAMETER = 'HPP_DUPLICATE_PARAMETER',
+
+    // ========================================
+    // DESERIALIZATION (DESER_*)
     // ========================================
     DESER_JAVA = 'DESER_JAVA',
     DESER_PHP = 'DESER_PHP',
@@ -362,6 +370,58 @@ export enum VulnerabilityCode {
     SENS_LOW_SERVERLESS_CONFIG_EXPOSED = 'SENS_LOW_SERVERLESS_CONFIG_EXPOSED',
     SENS_LOW_CLOUD_FORMATION_TEMPLATE_EXPOSED = 'SENS_LOW_CLOUD_FORMATION_TEMPLATE_EXPOSED',
 
+    // ========================================
+    // SENSITIVE DATA EXPOSURE (SENS_DATA_*)
+    // ========================================
+    SENS_DATA_AWS_ACCESS_KEY_ID = 'SENS_DATA_AWS_ACCESS_KEY_ID',
+    SENS_DATA_AWS_SECRET_ACCESS_KEY = 'SENS_DATA_AWS_SECRET_ACCESS_KEY',
+    SENS_DATA_AWS_MWS_AUTH_TOKEN = 'SENS_DATA_AWS_MWS_AUTH_TOKEN',
+    SENS_DATA_GOOGLE_API_KEY = 'SENS_DATA_GOOGLE_API_KEY',
+    SENS_DATA_GOOGLE_OAUTH_TOKEN = 'SENS_DATA_GOOGLE_OAUTH_TOKEN',
+    SENS_DATA_GOOGLE_CLOUD_PRIVATE_KEY_ID = 'SENS_DATA_GOOGLE_CLOUD_PRIVATE_KEY_ID',
+    SENS_DATA_GITHUB_PAT = 'SENS_DATA_GITHUB_PAT',
+    SENS_DATA_GITHUB_OAUTH_TOKEN = 'SENS_DATA_GITHUB_OAUTH_TOKEN',
+    SENS_DATA_GITHUB_APP_TOKEN = 'SENS_DATA_GITHUB_APP_TOKEN',
+    SENS_DATA_GITHUB_REFRESH_TOKEN = 'SENS_DATA_GITHUB_REFRESH_TOKEN',
+    SENS_DATA_GITLAB_PAT = 'SENS_DATA_GITLAB_PAT',
+    SENS_DATA_GITLAB_PIPELINE_TOKEN = 'SENS_DATA_GITLAB_PIPELINE_TOKEN',
+    SENS_DATA_AZURE_STORAGE_ACCOUNT_KEY = 'SENS_DATA_AZURE_STORAGE_ACCOUNT_KEY',
+    SENS_DATA_STRIPE_SECRET_KEY = 'SENS_DATA_STRIPE_SECRET_KEY',
+    SENS_DATA_STRIPE_PUBLISHABLE_KEY = 'SENS_DATA_STRIPE_PUBLISHABLE_KEY',
+    SENS_DATA_STRIPE_RESTRICTED_KEY = 'SENS_DATA_STRIPE_RESTRICTED_KEY',
+    SENS_DATA_SLACK_TOKEN = 'SENS_DATA_SLACK_TOKEN',
+    SENS_DATA_SLACK_WEBHOOK = 'SENS_DATA_SLACK_WEBHOOK',
+    SENS_DATA_DISCORD_BOT_TOKEN = 'SENS_DATA_DISCORD_BOT_TOKEN',
+    SENS_DATA_DISCORD_WEBHOOK = 'SENS_DATA_DISCORD_WEBHOOK',
+    SENS_DATA_TWILIO_ACCOUNT_SID = 'SENS_DATA_TWILIO_ACCOUNT_SID',
+    SENS_DATA_SENDGRID_API_KEY = 'SENS_DATA_SENDGRID_API_KEY',
+    SENS_DATA_MAILGUN_API_KEY = 'SENS_DATA_MAILGUN_API_KEY',
+    SENS_DATA_MAILCHIMP_API_KEY = 'SENS_DATA_MAILCHIMP_API_KEY',
+    SENS_DATA_NPM_TOKEN = 'SENS_DATA_NPM_TOKEN',
+    SENS_DATA_PYPI_TOKEN = 'SENS_DATA_PYPI_TOKEN',
+    SENS_DATA_RSA_PRIVATE_KEY = 'SENS_DATA_RSA_PRIVATE_KEY',
+    SENS_DATA_OPENSSH_PRIVATE_KEY = 'SENS_DATA_OPENSSH_PRIVATE_KEY',
+    SENS_DATA_DSA_PRIVATE_KEY = 'SENS_DATA_DSA_PRIVATE_KEY',
+    SENS_DATA_EC_PRIVATE_KEY = 'SENS_DATA_EC_PRIVATE_KEY',
+    SENS_DATA_PGP_PRIVATE_KEY = 'SENS_DATA_PGP_PRIVATE_KEY',
+    SENS_DATA_ENCRYPTED_PRIVATE_KEY = 'SENS_DATA_ENCRYPTED_PRIVATE_KEY',
+    SENS_DATA_MONGODB_URI = 'SENS_DATA_MONGODB_URI',
+    SENS_DATA_POSTGRESQL_URI = 'SENS_DATA_POSTGRESQL_URI',
+    SENS_DATA_MYSQL_URI = 'SENS_DATA_MYSQL_URI',
+    SENS_DATA_REDIS_URI = 'SENS_DATA_REDIS_URI',
+    SENS_DATA_MSSQL_URI = 'SENS_DATA_MSSQL_URI',
+    SENS_DATA_DIGITALOCEAN_TOKEN = 'SENS_DATA_DIGITALOCEAN_TOKEN',
+    SENS_DATA_ALIBABA_CLOUD_ACCESS_KEY = 'SENS_DATA_ALIBABA_CLOUD_ACCESS_KEY',
+    SENS_DATA_SQUARE_ACCESS_TOKEN = 'SENS_DATA_SQUARE_ACCESS_TOKEN',
+    SENS_DATA_SQUARE_OAUTH_SECRET = 'SENS_DATA_SQUARE_OAUTH_SECRET',
+    SENS_DATA_SHOPIFY_ACCESS_TOKEN = 'SENS_DATA_SHOPIFY_ACCESS_TOKEN',
+    SENS_DATA_SHOPIFY_CUSTOM_APP_TOKEN = 'SENS_DATA_SHOPIFY_CUSTOM_APP_TOKEN',
+    SENS_DATA_SHOPIFY_PRIVATE_APP_TOKEN = 'SENS_DATA_SHOPIFY_PRIVATE_APP_TOKEN',
+    SENS_DATA_SHOPIFY_SHARED_SECRET = 'SENS_DATA_SHOPIFY_SHARED_SECRET',
+    SENS_DATA_TELEGRAM_BOT_TOKEN = 'SENS_DATA_TELEGRAM_BOT_TOKEN',
+    SENS_DATA_OPENAI_API_KEY = 'SENS_DATA_OPENAI_API_KEY',
+    SENS_DATA_SENTRY_DSN = 'SENS_DATA_SENTRY_DSN',
+
     // ========================================
     // CLICKJACKING (CLICK_*)
     // ========================================