codeslick-cli 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +458 -0
- package/__tests__/cli-reporter.test.ts +86 -0
- package/__tests__/config-loader.test.ts +247 -0
- package/__tests__/local-scanner.test.ts +245 -0
- package/bin/codeslick.cjs +153 -0
- package/dist/packages/cli/src/commands/auth.d.ts +36 -0
- package/dist/packages/cli/src/commands/auth.d.ts.map +1 -0
- package/dist/packages/cli/src/commands/auth.js +226 -0
- package/dist/packages/cli/src/commands/auth.js.map +1 -0
- package/dist/packages/cli/src/commands/config.d.ts +37 -0
- package/dist/packages/cli/src/commands/config.d.ts.map +1 -0
- package/dist/packages/cli/src/commands/config.js +196 -0
- package/dist/packages/cli/src/commands/config.js.map +1 -0
- package/dist/packages/cli/src/commands/init.d.ts +32 -0
- package/dist/packages/cli/src/commands/init.d.ts.map +1 -0
- package/dist/packages/cli/src/commands/init.js +171 -0
- package/dist/packages/cli/src/commands/init.js.map +1 -0
- package/dist/packages/cli/src/commands/scan.d.ts +40 -0
- package/dist/packages/cli/src/commands/scan.d.ts.map +1 -0
- package/dist/packages/cli/src/commands/scan.js +204 -0
- package/dist/packages/cli/src/commands/scan.js.map +1 -0
- package/dist/packages/cli/src/config/config-loader.d.ts +67 -0
- package/dist/packages/cli/src/config/config-loader.d.ts.map +1 -0
- package/dist/packages/cli/src/config/config-loader.js +146 -0
- package/dist/packages/cli/src/config/config-loader.js.map +1 -0
- package/dist/packages/cli/src/reporters/cli-reporter.d.ts +69 -0
- package/dist/packages/cli/src/reporters/cli-reporter.d.ts.map +1 -0
- package/dist/packages/cli/src/reporters/cli-reporter.js +244 -0
- package/dist/packages/cli/src/reporters/cli-reporter.js.map +1 -0
- package/dist/packages/cli/src/scanner/local-scanner.d.ts +92 -0
- package/dist/packages/cli/src/scanner/local-scanner.d.ts.map +1 -0
- package/dist/packages/cli/src/scanner/local-scanner.js +221 -0
- package/dist/packages/cli/src/scanner/local-scanner.js.map +1 -0
- package/dist/src/lib/analyzers/helpers/ai-code-detection-utils.d.ts +88 -0
- package/dist/src/lib/analyzers/helpers/ai-code-detection-utils.d.ts.map +1 -0
- package/dist/src/lib/analyzers/helpers/ai-code-detection-utils.js +371 -0
- package/dist/src/lib/analyzers/helpers/ai-code-detection-utils.js.map +1 -0
- package/dist/src/lib/analyzers/helpers/jsx-helpers.d.ts +63 -0
- package/dist/src/lib/analyzers/helpers/jsx-helpers.d.ts.map +1 -0
- package/dist/src/lib/analyzers/helpers/jsx-helpers.js +95 -0
- package/dist/src/lib/analyzers/helpers/jsx-helpers.js.map +1 -0
- package/dist/src/lib/analyzers/helpers/variable-tracker.d.ts +59 -0
- package/dist/src/lib/analyzers/helpers/variable-tracker.d.ts.map +1 -0
- package/dist/src/lib/analyzers/helpers/variable-tracker.js +231 -0
- package/dist/src/lib/analyzers/helpers/variable-tracker.js.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/access-control.d.ts +20 -0
- package/dist/src/lib/analyzers/java/security-checks/access-control.d.ts.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/access-control.js +129 -0
- package/dist/src/lib/analyzers/java/security-checks/access-control.js.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/ai-generated-code.d.ts +25 -0
- package/dist/src/lib/analyzers/java/security-checks/ai-generated-code.d.ts.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/ai-generated-code.js +221 -0
- package/dist/src/lib/analyzers/java/security-checks/ai-generated-code.js.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/code-quality.d.ts +18 -0
- package/dist/src/lib/analyzers/java/security-checks/code-quality.d.ts.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/code-quality.js +84 -0
- package/dist/src/lib/analyzers/java/security-checks/code-quality.js.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/crypto-validation.d.ts +18 -0
- package/dist/src/lib/analyzers/java/security-checks/crypto-validation.d.ts.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/crypto-validation.js +161 -0
- package/dist/src/lib/analyzers/java/security-checks/crypto-validation.js.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/deserialization-xxe.d.ts +20 -0
- package/dist/src/lib/analyzers/java/security-checks/deserialization-xxe.d.ts.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/deserialization-xxe.js +163 -0
- package/dist/src/lib/analyzers/java/security-checks/deserialization-xxe.js.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/enhanced-supply-chain.d.ts +24 -0
- package/dist/src/lib/analyzers/java/security-checks/enhanced-supply-chain.d.ts.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/enhanced-supply-chain.js +178 -0
- package/dist/src/lib/analyzers/java/security-checks/enhanced-supply-chain.js.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/exception-handling.d.ts +25 -0
- package/dist/src/lib/analyzers/java/security-checks/exception-handling.d.ts.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/exception-handling.js +179 -0
- package/dist/src/lib/analyzers/java/security-checks/exception-handling.js.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/file-operations.d.ts +17 -0
- package/dist/src/lib/analyzers/java/security-checks/file-operations.d.ts.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/file-operations.js +67 -0
- package/dist/src/lib/analyzers/java/security-checks/file-operations.js.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/framework-security.d.ts +25 -0
- package/dist/src/lib/analyzers/java/security-checks/framework-security.d.ts.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/framework-security.js +396 -0
- package/dist/src/lib/analyzers/java/security-checks/framework-security.js.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/hardcoded-credentials.d.ts +20 -0
- package/dist/src/lib/analyzers/java/security-checks/hardcoded-credentials.d.ts.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/hardcoded-credentials.js +123 -0
- package/dist/src/lib/analyzers/java/security-checks/hardcoded-credentials.js.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/injection-attacks.d.ts +23 -0
- package/dist/src/lib/analyzers/java/security-checks/injection-attacks.d.ts.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/injection-attacks.js +201 -0
- package/dist/src/lib/analyzers/java/security-checks/injection-attacks.js.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/insecure-design.d.ts +20 -0
- package/dist/src/lib/analyzers/java/security-checks/insecure-design.d.ts.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/insecure-design.js +121 -0
- package/dist/src/lib/analyzers/java/security-checks/insecure-design.js.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/logging-failures.d.ts +20 -0
- package/dist/src/lib/analyzers/java/security-checks/logging-failures.d.ts.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/logging-failures.js +89 -0
- package/dist/src/lib/analyzers/java/security-checks/logging-failures.js.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/security-misconfiguration.d.ts +26 -0
- package/dist/src/lib/analyzers/java/security-checks/security-misconfiguration.d.ts.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/security-misconfiguration.js +309 -0
- package/dist/src/lib/analyzers/java/security-checks/security-misconfiguration.js.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/unsafe-patterns.d.ts +18 -0
- package/dist/src/lib/analyzers/java/security-checks/unsafe-patterns.d.ts.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/unsafe-patterns.js +114 -0
- package/dist/src/lib/analyzers/java/security-checks/unsafe-patterns.js.map +1 -0
- package/dist/src/lib/analyzers/java/utils/createVulnerability.d.ts +58 -0
- package/dist/src/lib/analyzers/java/utils/createVulnerability.d.ts.map +1 -0
- package/dist/src/lib/analyzers/java/utils/createVulnerability.js +71 -0
- package/dist/src/lib/analyzers/java/utils/createVulnerability.js.map +1 -0
- package/dist/src/lib/analyzers/java-analyzer.d.ts +209 -0
- package/dist/src/lib/analyzers/java-analyzer.d.ts.map +1 -0
- package/dist/src/lib/analyzers/java-analyzer.js +1720 -0
- package/dist/src/lib/analyzers/java-analyzer.js.map +1 -0
- package/dist/src/lib/analyzers/javascript/quality-checks/ai-hallucinations.d.ts +27 -0
- package/dist/src/lib/analyzers/javascript/quality-checks/ai-hallucinations.d.ts.map +1 -0
- package/dist/src/lib/analyzers/javascript/quality-checks/ai-hallucinations.js +123 -0
- package/dist/src/lib/analyzers/javascript/quality-checks/ai-hallucinations.js.map +1 -0
- package/dist/src/lib/analyzers/javascript/quality-checks/async-patterns.d.ts +44 -0
- package/dist/src/lib/analyzers/javascript/quality-checks/async-patterns.d.ts.map +1 -0
- package/dist/src/lib/analyzers/javascript/quality-checks/async-patterns.js +224 -0
- package/dist/src/lib/analyzers/javascript/quality-checks/async-patterns.js.map +1 -0
- package/dist/src/lib/analyzers/javascript/quality-checks/code-patterns.d.ts +50 -0
- package/dist/src/lib/analyzers/javascript/quality-checks/code-patterns.d.ts.map +1 -0
- package/dist/src/lib/analyzers/javascript/quality-checks/code-patterns.js +284 -0
- package/dist/src/lib/analyzers/javascript/quality-checks/code-patterns.js.map +1 -0
- package/dist/src/lib/analyzers/javascript/quality-checks/comparison-issues.d.ts +27 -0
- package/dist/src/lib/analyzers/javascript/quality-checks/comparison-issues.d.ts.map +1 -0
- package/dist/src/lib/analyzers/javascript/quality-checks/comparison-issues.js +86 -0
- package/dist/src/lib/analyzers/javascript/quality-checks/comparison-issues.js.map +1 -0
- package/dist/src/lib/analyzers/javascript/quality-checks/reference-errors.d.ts +32 -0
- package/dist/src/lib/analyzers/javascript/quality-checks/reference-errors.d.ts.map +1 -0
- package/dist/src/lib/analyzers/javascript/quality-checks/reference-errors.js +44 -0
- package/dist/src/lib/analyzers/javascript/quality-checks/reference-errors.js.map +1 -0
- package/dist/src/lib/analyzers/javascript/security-checks/access-control.d.ts +22 -0
- package/dist/src/lib/analyzers/javascript/security-checks/access-control.d.ts.map +1 -0
- package/dist/src/lib/analyzers/javascript/security-checks/access-control.js +168 -0
- package/dist/src/lib/analyzers/javascript/security-checks/access-control.js.map +1 -0
- package/dist/src/lib/analyzers/javascript/security-checks/ai-generated-code.d.ts +25 -0
- package/dist/src/lib/analyzers/javascript/security-checks/ai-generated-code.d.ts.map +1 -0
- package/dist/src/lib/analyzers/javascript/security-checks/ai-generated-code.js +232 -0
- package/dist/src/lib/analyzers/javascript/security-checks/ai-generated-code.js.map +1 -0
- package/dist/src/lib/analyzers/javascript/security-checks/authentication-failures.d.ts +27 -0
- package/dist/src/lib/analyzers/javascript/security-checks/authentication-failures.d.ts.map +1 -0
- package/dist/src/lib/analyzers/javascript/security-checks/authentication-failures.js +222 -0
- package/dist/src/lib/analyzers/javascript/security-checks/authentication-failures.js.map +1 -0
- package/dist/src/lib/analyzers/javascript/security-checks/credential-crypto.d.ts +28 -0
- package/dist/src/lib/analyzers/javascript/security-checks/credential-crypto.d.ts.map +1 -0
- package/dist/src/lib/analyzers/javascript/security-checks/credential-crypto.js +176 -0
- package/dist/src/lib/analyzers/javascript/security-checks/credential-crypto.js.map +1 -0
- package/dist/src/lib/analyzers/javascript/security-checks/enhanced-supply-chain.d.ts +23 -0
- package/dist/src/lib/analyzers/javascript/security-checks/enhanced-supply-chain.d.ts.map +1 -0
- package/dist/src/lib/analyzers/javascript/security-checks/enhanced-supply-chain.js +113 -0
- package/dist/src/lib/analyzers/javascript/security-checks/enhanced-supply-chain.js.map +1 -0
- package/dist/src/lib/analyzers/javascript/security-checks/exception-handling.d.ts +28 -0
- package/dist/src/lib/analyzers/javascript/security-checks/exception-handling.d.ts.map +1 -0
- package/dist/src/lib/analyzers/javascript/security-checks/exception-handling.js +227 -0
- package/dist/src/lib/analyzers/javascript/security-checks/exception-handling.js.map +1 -0
- package/dist/src/lib/analyzers/javascript/security-checks/injection-attacks.d.ts +32 -0
- package/dist/src/lib/analyzers/javascript/security-checks/injection-attacks.d.ts.map +1 -0
- package/dist/src/lib/analyzers/javascript/security-checks/injection-attacks.js +260 -0
- package/dist/src/lib/analyzers/javascript/security-checks/injection-attacks.js.map +1 -0
- package/dist/src/lib/analyzers/javascript/security-checks/insecure-design.d.ts +26 -0
- package/dist/src/lib/analyzers/javascript/security-checks/insecure-design.d.ts.map +1 -0
- package/dist/src/lib/analyzers/javascript/security-checks/insecure-design.js +164 -0
- package/dist/src/lib/analyzers/javascript/security-checks/insecure-design.js.map +1 -0
- package/dist/src/lib/analyzers/javascript/security-checks/security-misconfiguration.d.ts +26 -0
- package/dist/src/lib/analyzers/javascript/security-checks/security-misconfiguration.d.ts.map +1 -0
- package/dist/src/lib/analyzers/javascript/security-checks/security-misconfiguration.js +775 -0
- package/dist/src/lib/analyzers/javascript/security-checks/security-misconfiguration.js.map +1 -0
- package/dist/src/lib/analyzers/javascript/security-checks/software-integrity.d.ts +25 -0
- package/dist/src/lib/analyzers/javascript/security-checks/software-integrity.d.ts.map +1 -0
- package/dist/src/lib/analyzers/javascript/security-checks/software-integrity.js +168 -0
- package/dist/src/lib/analyzers/javascript/security-checks/software-integrity.js.map +1 -0
- package/dist/src/lib/analyzers/javascript/security-checks/storage-security.d.ts +27 -0
- package/dist/src/lib/analyzers/javascript/security-checks/storage-security.d.ts.map +1 -0
- package/dist/src/lib/analyzers/javascript/security-checks/storage-security.js +108 -0
- package/dist/src/lib/analyzers/javascript/security-checks/storage-security.js.map +1 -0
- package/dist/src/lib/analyzers/javascript/security-checks/xss-dom-security.d.ts +28 -0
- package/dist/src/lib/analyzers/javascript/security-checks/xss-dom-security.d.ts.map +1 -0
- package/dist/src/lib/analyzers/javascript/security-checks/xss-dom-security.js +143 -0
- package/dist/src/lib/analyzers/javascript/security-checks/xss-dom-security.js.map +1 -0
- package/dist/src/lib/analyzers/javascript/syntax/syntax-helpers.d.ts +53 -0
- package/dist/src/lib/analyzers/javascript/syntax/syntax-helpers.d.ts.map +1 -0
- package/dist/src/lib/analyzers/javascript/syntax/syntax-helpers.js +144 -0
- package/dist/src/lib/analyzers/javascript/syntax/syntax-helpers.js.map +1 -0
- package/dist/src/lib/analyzers/javascript/syntax/typescript-syntax.d.ts +72 -0
- package/dist/src/lib/analyzers/javascript/syntax/typescript-syntax.d.ts.map +1 -0
- package/dist/src/lib/analyzers/javascript/syntax/typescript-syntax.js +314 -0
- package/dist/src/lib/analyzers/javascript/syntax/typescript-syntax.js.map +1 -0
- package/dist/src/lib/analyzers/javascript/utils/createVulnerability.d.ts +58 -0
- package/dist/src/lib/analyzers/javascript/utils/createVulnerability.d.ts.map +1 -0
- package/dist/src/lib/analyzers/javascript/utils/createVulnerability.js +71 -0
- package/dist/src/lib/analyzers/javascript/utils/createVulnerability.js.map +1 -0
- package/dist/src/lib/analyzers/javascript/utils/metrics-calculator.d.ts +36 -0
- package/dist/src/lib/analyzers/javascript/utils/metrics-calculator.d.ts.map +1 -0
- package/dist/src/lib/analyzers/javascript/utils/metrics-calculator.js +70 -0
- package/dist/src/lib/analyzers/javascript/utils/metrics-calculator.js.map +1 -0
- package/dist/src/lib/analyzers/javascript/utils/performance-analyzer.d.ts +29 -0
- package/dist/src/lib/analyzers/javascript/utils/performance-analyzer.d.ts.map +1 -0
- package/dist/src/lib/analyzers/javascript/utils/performance-analyzer.js +55 -0
- package/dist/src/lib/analyzers/javascript/utils/performance-analyzer.js.map +1 -0
- package/dist/src/lib/analyzers/javascript-analyzer.d.ts +95 -0
- package/dist/src/lib/analyzers/javascript-analyzer.d.ts.map +1 -0
- package/dist/src/lib/analyzers/javascript-analyzer.js +2141 -0
- package/dist/src/lib/analyzers/javascript-analyzer.js.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/access-control.d.ts +21 -0
- package/dist/src/lib/analyzers/python/security-checks/access-control.d.ts.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/access-control.js +305 -0
- package/dist/src/lib/analyzers/python/security-checks/access-control.js.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/ai-generated-code.d.ts +25 -0
- package/dist/src/lib/analyzers/python/security-checks/ai-generated-code.d.ts.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/ai-generated-code.js +242 -0
- package/dist/src/lib/analyzers/python/security-checks/ai-generated-code.js.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/authentication-flaws.d.ts +24 -0
- package/dist/src/lib/analyzers/python/security-checks/authentication-flaws.d.ts.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/authentication-flaws.js +207 -0
- package/dist/src/lib/analyzers/python/security-checks/authentication-flaws.js.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/code-quality.d.ts +27 -0
- package/dist/src/lib/analyzers/python/security-checks/code-quality.d.ts.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/code-quality.js +206 -0
- package/dist/src/lib/analyzers/python/security-checks/code-quality.js.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/credentials-crypto.d.ts +24 -0
- package/dist/src/lib/analyzers/python/security-checks/credentials-crypto.d.ts.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/credentials-crypto.js +113 -0
- package/dist/src/lib/analyzers/python/security-checks/credentials-crypto.js.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/crypto-failures.d.ts +20 -0
- package/dist/src/lib/analyzers/python/security-checks/crypto-failures.d.ts.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/crypto-failures.js +129 -0
- package/dist/src/lib/analyzers/python/security-checks/crypto-failures.js.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/data-integrity.d.ts +19 -0
- package/dist/src/lib/analyzers/python/security-checks/data-integrity.d.ts.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/data-integrity.js +90 -0
- package/dist/src/lib/analyzers/python/security-checks/data-integrity.js.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/deserialization.d.ts +20 -0
- package/dist/src/lib/analyzers/python/security-checks/deserialization.d.ts.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/deserialization.js +68 -0
- package/dist/src/lib/analyzers/python/security-checks/deserialization.js.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/django-security.d.ts +25 -0
- package/dist/src/lib/analyzers/python/security-checks/django-security.d.ts.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/django-security.js +180 -0
- package/dist/src/lib/analyzers/python/security-checks/django-security.js.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/enhanced-supply-chain.d.ts +23 -0
- package/dist/src/lib/analyzers/python/security-checks/enhanced-supply-chain.d.ts.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/enhanced-supply-chain.js +127 -0
- package/dist/src/lib/analyzers/python/security-checks/enhanced-supply-chain.js.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/exception-handling.d.ts +23 -0
- package/dist/src/lib/analyzers/python/security-checks/exception-handling.d.ts.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/exception-handling.js +120 -0
- package/dist/src/lib/analyzers/python/security-checks/exception-handling.js.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/flask-security.d.ts +24 -0
- package/dist/src/lib/analyzers/python/security-checks/flask-security.d.ts.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/flask-security.js +143 -0
- package/dist/src/lib/analyzers/python/security-checks/flask-security.js.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/injection-attacks.d.ts +28 -0
- package/dist/src/lib/analyzers/python/security-checks/injection-attacks.d.ts.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/injection-attacks.js +174 -0
- package/dist/src/lib/analyzers/python/security-checks/injection-attacks.js.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/insecure-design.d.ts +20 -0
- package/dist/src/lib/analyzers/python/security-checks/insecure-design.d.ts.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/insecure-design.js +160 -0
- package/dist/src/lib/analyzers/python/security-checks/insecure-design.js.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/logging-failures.d.ts +20 -0
- package/dist/src/lib/analyzers/python/security-checks/logging-failures.d.ts.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/logging-failures.js +121 -0
- package/dist/src/lib/analyzers/python/security-checks/logging-failures.js.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/nosql-injection.d.ts +26 -0
- package/dist/src/lib/analyzers/python/security-checks/nosql-injection.d.ts.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/nosql-injection.js +248 -0
- package/dist/src/lib/analyzers/python/security-checks/nosql-injection.js.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/security-misconfiguration.d.ts +26 -0
- package/dist/src/lib/analyzers/python/security-checks/security-misconfiguration.d.ts.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/security-misconfiguration.js +375 -0
- package/dist/src/lib/analyzers/python/security-checks/security-misconfiguration.js.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/ssrf-detection.d.ts +26 -0
- package/dist/src/lib/analyzers/python/security-checks/ssrf-detection.d.ts.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/ssrf-detection.js +160 -0
- package/dist/src/lib/analyzers/python/security-checks/ssrf-detection.js.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/web-security.d.ts +23 -0
- package/dist/src/lib/analyzers/python/security-checks/web-security.d.ts.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/web-security.js +117 -0
- package/dist/src/lib/analyzers/python/security-checks/web-security.js.map +1 -0
- package/dist/src/lib/analyzers/python/utils/createVulnerability.d.ts +58 -0
- package/dist/src/lib/analyzers/python/utils/createVulnerability.d.ts.map +1 -0
- package/dist/src/lib/analyzers/python/utils/createVulnerability.js +71 -0
- package/dist/src/lib/analyzers/python/utils/createVulnerability.js.map +1 -0
- package/dist/src/lib/analyzers/python-analyzer.d.ts +111 -0
- package/dist/src/lib/analyzers/python-analyzer.d.ts.map +1 -0
- package/dist/src/lib/analyzers/python-analyzer.js +1600 -0
- package/dist/src/lib/analyzers/python-analyzer.js.map +1 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/ai-providers.d.ts +14 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/ai-providers.d.ts.map +1 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/ai-providers.js +47 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/ai-providers.js.map +1 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/aws.d.ts +13 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/aws.d.ts.map +1 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/aws.js +36 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/aws.js.map +1 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/cloud-providers.d.ts +15 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/cloud-providers.d.ts.map +1 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/cloud-providers.js +68 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/cloud-providers.js.map +1 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/communication.d.ts +15 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/communication.d.ts.map +1 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/communication.js +68 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/communication.js.map +1 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/generic.d.ts +12 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/generic.d.ts.map +1 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/generic.js +45 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/generic.js.map +1 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/github.d.ts +14 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/github.d.ts.map +1 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/github.js +47 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/github.js.map +1 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/stripe.d.ts +13 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/stripe.d.ts.map +1 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/stripe.js +36 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/stripe.js.map +1 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys.d.ts +15 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys.d.ts.map +1 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys.js +32 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys.js.map +1 -0
- package/dist/src/lib/analyzers/secrets/patterns/credentials.d.ts +15 -0
- package/dist/src/lib/analyzers/secrets/patterns/credentials.d.ts.map +1 -0
- package/dist/src/lib/analyzers/secrets/patterns/credentials.js +68 -0
- package/dist/src/lib/analyzers/secrets/patterns/credentials.js.map +1 -0
- package/dist/src/lib/analyzers/secrets/patterns/private-keys.d.ts +16 -0
- package/dist/src/lib/analyzers/secrets/patterns/private-keys.d.ts.map +1 -0
- package/dist/src/lib/analyzers/secrets/patterns/private-keys.js +79 -0
- package/dist/src/lib/analyzers/secrets/patterns/private-keys.js.map +1 -0
- package/dist/src/lib/analyzers/secrets/patterns/tokens.d.ts +15 -0
- package/dist/src/lib/analyzers/secrets/patterns/tokens.d.ts.map +1 -0
- package/dist/src/lib/analyzers/secrets/patterns/tokens.js +58 -0
- package/dist/src/lib/analyzers/secrets/patterns/tokens.js.map +1 -0
- package/dist/src/lib/analyzers/secrets/secrets-analyzer.d.ts +88 -0
- package/dist/src/lib/analyzers/secrets/secrets-analyzer.d.ts.map +1 -0
- package/dist/src/lib/analyzers/secrets/secrets-analyzer.js +162 -0
- package/dist/src/lib/analyzers/secrets/secrets-analyzer.js.map +1 -0
- package/dist/src/lib/analyzers/secrets/validators/context-checker.d.ts +56 -0
- package/dist/src/lib/analyzers/secrets/validators/context-checker.d.ts.map +1 -0
- package/dist/src/lib/analyzers/secrets/validators/context-checker.js +199 -0
- package/dist/src/lib/analyzers/secrets/validators/context-checker.js.map +1 -0
- package/dist/src/lib/analyzers/secrets/validators/entropy-checker.d.ts +56 -0
- package/dist/src/lib/analyzers/secrets/validators/entropy-checker.d.ts.map +1 -0
- package/dist/src/lib/analyzers/secrets/validators/entropy-checker.js +102 -0
- package/dist/src/lib/analyzers/secrets/validators/entropy-checker.js.map +1 -0
- package/dist/src/lib/analyzers/security-checks/es6-security.d.ts +38 -0
- package/dist/src/lib/analyzers/security-checks/es6-security.d.ts.map +1 -0
- package/dist/src/lib/analyzers/security-checks/es6-security.js +125 -0
- package/dist/src/lib/analyzers/security-checks/es6-security.js.map +1 -0
- package/dist/src/lib/analyzers/security-checks/python-async-security.d.ts +46 -0
- package/dist/src/lib/analyzers/security-checks/python-async-security.d.ts.map +1 -0
- package/dist/src/lib/analyzers/security-checks/python-async-security.js +92 -0
- package/dist/src/lib/analyzers/security-checks/python-async-security.js.map +1 -0
- package/dist/src/lib/analyzers/security-checks/react-security.d.ts +49 -0
- package/dist/src/lib/analyzers/security-checks/react-security.d.ts.map +1 -0
- package/dist/src/lib/analyzers/security-checks/react-security.js +125 -0
- package/dist/src/lib/analyzers/security-checks/react-security.js.map +1 -0
- package/dist/src/lib/analyzers/types.d.ts +92 -0
- package/dist/src/lib/analyzers/types.d.ts.map +1 -0
- package/dist/src/lib/analyzers/types.js +3 -0
- package/dist/src/lib/analyzers/types.js.map +1 -0
- package/dist/src/lib/analyzers/typescript/security-checks/access-control.d.ts +19 -0
- package/dist/src/lib/analyzers/typescript/security-checks/access-control.d.ts.map +1 -0
- package/dist/src/lib/analyzers/typescript/security-checks/access-control.js +210 -0
- package/dist/src/lib/analyzers/typescript/security-checks/access-control.js.map +1 -0
- package/dist/src/lib/analyzers/typescript/security-checks/ai-generated-code.d.ts +25 -0
- package/dist/src/lib/analyzers/typescript/security-checks/ai-generated-code.d.ts.map +1 -0
- package/dist/src/lib/analyzers/typescript/security-checks/ai-generated-code.js +242 -0
- package/dist/src/lib/analyzers/typescript/security-checks/ai-generated-code.js.map +1 -0
- package/dist/src/lib/analyzers/typescript/security-checks/authentication.d.ts +28 -0
- package/dist/src/lib/analyzers/typescript/security-checks/authentication.d.ts.map +1 -0
- package/dist/src/lib/analyzers/typescript/security-checks/authentication.js +357 -0
- package/dist/src/lib/analyzers/typescript/security-checks/authentication.js.map +1 -0
- package/dist/src/lib/analyzers/typescript/security-checks/code-injection.d.ts +26 -0
- package/dist/src/lib/analyzers/typescript/security-checks/code-injection.d.ts.map +1 -0
- package/dist/src/lib/analyzers/typescript/security-checks/code-injection.js +380 -0
- package/dist/src/lib/analyzers/typescript/security-checks/code-injection.js.map +1 -0
- package/dist/src/lib/analyzers/typescript/security-checks/code-quality.d.ts +23 -0
- package/dist/src/lib/analyzers/typescript/security-checks/code-quality.d.ts.map +1 -0
- package/dist/src/lib/analyzers/typescript/security-checks/code-quality.js +109 -0
- package/dist/src/lib/analyzers/typescript/security-checks/code-quality.js.map +1 -0
- package/dist/src/lib/analyzers/typescript/security-checks/credentials-crypto.d.ts +21 -0
- package/dist/src/lib/analyzers/typescript/security-checks/credentials-crypto.d.ts.map +1 -0
- package/dist/src/lib/analyzers/typescript/security-checks/credentials-crypto.js +153 -0
- package/dist/src/lib/analyzers/typescript/security-checks/credentials-crypto.js.map +1 -0
- package/dist/src/lib/analyzers/typescript/security-checks/enhanced-supply-chain.d.ts +23 -0
- package/dist/src/lib/analyzers/typescript/security-checks/enhanced-supply-chain.d.ts.map +1 -0
- package/dist/src/lib/analyzers/typescript/security-checks/enhanced-supply-chain.js +146 -0
- package/dist/src/lib/analyzers/typescript/security-checks/enhanced-supply-chain.js.map +1 -0
- package/dist/src/lib/analyzers/typescript/security-checks/exception-handling.d.ts +23 -0
- package/dist/src/lib/analyzers/typescript/security-checks/exception-handling.d.ts.map +1 -0
- package/dist/src/lib/analyzers/typescript/security-checks/exception-handling.js +187 -0
- package/dist/src/lib/analyzers/typescript/security-checks/exception-handling.js.map +1 -0
- package/dist/src/lib/analyzers/typescript/security-checks/information-disclosure.d.ts +19 -0
- package/dist/src/lib/analyzers/typescript/security-checks/information-disclosure.d.ts.map +1 -0
- package/dist/src/lib/analyzers/typescript/security-checks/information-disclosure.js +97 -0
- package/dist/src/lib/analyzers/typescript/security-checks/information-disclosure.js.map +1 -0
- package/dist/src/lib/analyzers/typescript/security-checks/injection-attacks.d.ts +29 -0
- package/dist/src/lib/analyzers/typescript/security-checks/injection-attacks.d.ts.map +1 -0
- package/dist/src/lib/analyzers/typescript/security-checks/injection-attacks.js +319 -0
- package/dist/src/lib/analyzers/typescript/security-checks/injection-attacks.js.map +1 -0
- package/dist/src/lib/analyzers/typescript/security-checks/logging-failures.d.ts +21 -0
- package/dist/src/lib/analyzers/typescript/security-checks/logging-failures.d.ts.map +1 -0
- package/dist/src/lib/analyzers/typescript/security-checks/logging-failures.js +121 -0
- package/dist/src/lib/analyzers/typescript/security-checks/logging-failures.js.map +1 -0
- package/dist/src/lib/analyzers/typescript/security-checks/security-misconfiguration.d.ts +27 -0
- package/dist/src/lib/analyzers/typescript/security-checks/security-misconfiguration.d.ts.map +1 -0
- package/dist/src/lib/analyzers/typescript/security-checks/security-misconfiguration.js +213 -0
- package/dist/src/lib/analyzers/typescript/security-checks/security-misconfiguration.js.map +1 -0
- package/dist/src/lib/analyzers/typescript/security-checks/type-security.d.ts +19 -0
- package/dist/src/lib/analyzers/typescript/security-checks/type-security.d.ts.map +1 -0
- package/dist/src/lib/analyzers/typescript/security-checks/type-security.js +59 -0
- package/dist/src/lib/analyzers/typescript/security-checks/type-security.js.map +1 -0
- package/dist/src/lib/analyzers/typescript/type-checker.d.ts +17 -0
- package/dist/src/lib/analyzers/typescript/type-checker.d.ts.map +1 -0
- package/dist/src/lib/analyzers/typescript/type-checker.js +515 -0
- package/dist/src/lib/analyzers/typescript/type-checker.js.map +1 -0
- package/dist/src/lib/analyzers/typescript/utils/createVulnerability.d.ts +58 -0
- package/dist/src/lib/analyzers/typescript/utils/createVulnerability.d.ts.map +1 -0
- package/dist/src/lib/analyzers/typescript/utils/createVulnerability.js +71 -0
- package/dist/src/lib/analyzers/typescript/utils/createVulnerability.js.map +1 -0
- package/dist/src/lib/analyzers/typescript-analyzer.d.ts +116 -0
- package/dist/src/lib/analyzers/typescript-analyzer.d.ts.map +1 -0
- package/dist/src/lib/analyzers/typescript-analyzer.js +1660 -0
- package/dist/src/lib/analyzers/typescript-analyzer.js.map +1 -0
- package/dist/src/lib/security/compliance-mapping.d.ts +29 -0
- package/dist/src/lib/security/compliance-mapping.d.ts.map +1 -0
- package/dist/src/lib/security/compliance-mapping.js +1342 -0
- package/dist/src/lib/security/compliance-mapping.js.map +1 -0
- package/dist/src/lib/security/severity-scoring.d.ts +47 -0
- package/dist/src/lib/security/severity-scoring.d.ts.map +1 -0
- package/dist/src/lib/security/severity-scoring.js +965 -0
- package/dist/src/lib/security/severity-scoring.js.map +1 -0
- package/dist/src/lib/standards/references.d.ts +16 -0
- package/dist/src/lib/standards/references.d.ts.map +1 -0
- package/dist/src/lib/standards/references.js +1161 -0
- package/dist/src/lib/standards/references.js.map +1 -0
- package/dist/src/lib/types/index.d.ts +167 -0
- package/dist/src/lib/types/index.d.ts.map +1 -0
- package/dist/src/lib/types/index.js +3 -0
- package/dist/src/lib/types/index.js.map +1 -0
- package/dist/src/lib/utils/code-cleaner.d.ts +59 -0
- package/dist/src/lib/utils/code-cleaner.d.ts.map +1 -0
- package/dist/src/lib/utils/code-cleaner.js +283 -0
- package/dist/src/lib/utils/code-cleaner.js.map +1 -0
- package/package.json +51 -0
- package/src/commands/auth.ts +308 -0
- package/src/commands/config.ts +226 -0
- package/src/commands/init.ts +202 -0
- package/src/commands/scan.ts +238 -0
- package/src/config/config-loader.ts +175 -0
- package/src/reporters/cli-reporter.ts +282 -0
- package/src/scanner/local-scanner.ts +250 -0
- package/tsconfig.json +24 -0
- package/tsconfig.tsbuildinfo +1 -0
|
@@ -0,0 +1,1342 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* Compliance Mapping Database
|
|
4
|
+
*
|
|
5
|
+
* Maps security vulnerabilities to compliance frameworks:
|
|
6
|
+
* - OWASP Top 10 2021
|
|
7
|
+
* - CWE (Common Weakness Enumeration)
|
|
8
|
+
* - PCI-DSS (Payment Card Industry Data Security Standard)
|
|
9
|
+
*/
|
|
10
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
11
|
+
exports.getComplianceMapping = getComplianceMapping;
|
|
12
|
+
exports.getOwaspCoverage = getOwaspCoverage;
|
|
13
|
+
/**
|
|
14
|
+
* Get compliance mapping for a vulnerability type
|
|
15
|
+
*/
|
|
16
|
+
function getComplianceMapping(vulnerabilityType) {
|
|
17
|
+
const mappings = {
|
|
18
|
+
'sql-injection': {
|
|
19
|
+
owasp: 'A03:2025 - Injection',
|
|
20
|
+
cwe: 'CWE-89',
|
|
21
|
+
pciDss: '6.5.1',
|
|
22
|
+
references: [
|
|
23
|
+
{
|
|
24
|
+
title: 'OWASP SQL Injection',
|
|
25
|
+
url: 'https://owasp.org/www-community/attacks/SQL_Injection',
|
|
26
|
+
},
|
|
27
|
+
{
|
|
28
|
+
title: 'CWE-89: SQL Injection',
|
|
29
|
+
url: 'https://cwe.mitre.org/data/definitions/89.html',
|
|
30
|
+
},
|
|
31
|
+
{
|
|
32
|
+
title: 'PCI-DSS Requirement 6.5.1',
|
|
33
|
+
url: 'https://www.pcisecuritystandards.org/',
|
|
34
|
+
},
|
|
35
|
+
],
|
|
36
|
+
},
|
|
37
|
+
'nosql-injection': {
|
|
38
|
+
owasp: 'A03:2025 - Injection',
|
|
39
|
+
cwe: 'CWE-943',
|
|
40
|
+
pciDss: '6.5.1',
|
|
41
|
+
references: [
|
|
42
|
+
{
|
|
43
|
+
title: 'OWASP NoSQL Injection',
|
|
44
|
+
url: 'https://owasp.org/www-community/attacks/NoSQL_Injection',
|
|
45
|
+
},
|
|
46
|
+
{
|
|
47
|
+
title: 'CWE-943: NoSQL Injection',
|
|
48
|
+
url: 'https://cwe.mitre.org/data/definitions/943.html',
|
|
49
|
+
},
|
|
50
|
+
{
|
|
51
|
+
title: 'PCI-DSS Requirement 6.5.1',
|
|
52
|
+
url: 'https://www.pcisecuritystandards.org/',
|
|
53
|
+
},
|
|
54
|
+
],
|
|
55
|
+
},
|
|
56
|
+
'ssrf': {
|
|
57
|
+
owasp: 'A10:2025 - Server-Side Request Forgery',
|
|
58
|
+
cwe: 'CWE-918',
|
|
59
|
+
pciDss: '6.5.10',
|
|
60
|
+
references: [
|
|
61
|
+
{
|
|
62
|
+
title: 'OWASP SSRF',
|
|
63
|
+
url: 'https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_%28SSRF%29/',
|
|
64
|
+
},
|
|
65
|
+
{
|
|
66
|
+
title: 'CWE-918: Server-Side Request Forgery (SSRF)',
|
|
67
|
+
url: 'https://cwe.mitre.org/data/definitions/918.html',
|
|
68
|
+
},
|
|
69
|
+
{
|
|
70
|
+
title: 'PortSwigger SSRF',
|
|
71
|
+
url: 'https://portswigger.net/web-security/ssrf',
|
|
72
|
+
},
|
|
73
|
+
],
|
|
74
|
+
},
|
|
75
|
+
'xss': {
|
|
76
|
+
owasp: 'A03:2025 - Injection',
|
|
77
|
+
cwe: 'CWE-79',
|
|
78
|
+
pciDss: '6.5.7',
|
|
79
|
+
references: [
|
|
80
|
+
{
|
|
81
|
+
title: 'OWASP XSS',
|
|
82
|
+
url: 'https://owasp.org/www-community/attacks/xss/',
|
|
83
|
+
},
|
|
84
|
+
{
|
|
85
|
+
title: 'CWE-79: Cross-site Scripting',
|
|
86
|
+
url: 'https://cwe.mitre.org/data/definitions/79.html',
|
|
87
|
+
},
|
|
88
|
+
],
|
|
89
|
+
},
|
|
90
|
+
'command-injection': {
|
|
91
|
+
owasp: 'A03:2025 - Injection',
|
|
92
|
+
cwe: 'CWE-78',
|
|
93
|
+
pciDss: '6.5.1',
|
|
94
|
+
references: [
|
|
95
|
+
{
|
|
96
|
+
title: 'OWASP Command Injection',
|
|
97
|
+
url: 'https://owasp.org/www-community/attacks/Command_Injection',
|
|
98
|
+
},
|
|
99
|
+
{
|
|
100
|
+
title: 'CWE-78: OS Command Injection',
|
|
101
|
+
url: 'https://cwe.mitre.org/data/definitions/78.html',
|
|
102
|
+
},
|
|
103
|
+
],
|
|
104
|
+
},
|
|
105
|
+
'path-traversal': {
|
|
106
|
+
owasp: 'A01:2025 - Broken Access Control',
|
|
107
|
+
cwe: 'CWE-22',
|
|
108
|
+
pciDss: '6.5.8',
|
|
109
|
+
references: [
|
|
110
|
+
{
|
|
111
|
+
title: 'OWASP Path Traversal',
|
|
112
|
+
url: 'https://owasp.org/www-community/attacks/Path_Traversal',
|
|
113
|
+
},
|
|
114
|
+
{
|
|
115
|
+
title: 'CWE-22: Path Traversal',
|
|
116
|
+
url: 'https://cwe.mitre.org/data/definitions/22.html',
|
|
117
|
+
},
|
|
118
|
+
],
|
|
119
|
+
},
|
|
120
|
+
'eval-usage': {
|
|
121
|
+
owasp: 'A03:2025 - Injection',
|
|
122
|
+
cwe: 'CWE-95',
|
|
123
|
+
pciDss: '6.5.1',
|
|
124
|
+
references: [
|
|
125
|
+
{
|
|
126
|
+
title: 'CWE-95: Code Injection',
|
|
127
|
+
url: 'https://cwe.mitre.org/data/definitions/95.html',
|
|
128
|
+
},
|
|
129
|
+
],
|
|
130
|
+
},
|
|
131
|
+
'deserialization': {
|
|
132
|
+
owasp: 'A08:2025 - Software and Data Integrity Failures',
|
|
133
|
+
cwe: 'CWE-502',
|
|
134
|
+
pciDss: '6.5.8',
|
|
135
|
+
references: [
|
|
136
|
+
{
|
|
137
|
+
title: 'OWASP Deserialization',
|
|
138
|
+
url: 'https://owasp.org/www-community/vulnerabilities/Deserialization_of_untrusted_data',
|
|
139
|
+
},
|
|
140
|
+
{
|
|
141
|
+
title: 'CWE-502: Deserialization of Untrusted Data',
|
|
142
|
+
url: 'https://cwe.mitre.org/data/definitions/502.html',
|
|
143
|
+
},
|
|
144
|
+
],
|
|
145
|
+
},
|
|
146
|
+
'xxe': {
|
|
147
|
+
owasp: 'A05:2025 - Security Misconfiguration',
|
|
148
|
+
cwe: 'CWE-611',
|
|
149
|
+
pciDss: '6.5.1',
|
|
150
|
+
references: [
|
|
151
|
+
{
|
|
152
|
+
title: 'OWASP XXE',
|
|
153
|
+
url: 'https://owasp.org/www-community/vulnerabilities/XML_External_Entity_(XXE)_Processing',
|
|
154
|
+
},
|
|
155
|
+
{
|
|
156
|
+
title: 'CWE-611: XML External Entity',
|
|
157
|
+
url: 'https://cwe.mitre.org/data/definitions/611.html',
|
|
158
|
+
},
|
|
159
|
+
],
|
|
160
|
+
},
|
|
161
|
+
'hardcoded-credentials': {
|
|
162
|
+
owasp: 'A07:2025 - Identification and Authentication Failures',
|
|
163
|
+
cwe: 'CWE-798',
|
|
164
|
+
pciDss: '8.2.1',
|
|
165
|
+
references: [
|
|
166
|
+
{
|
|
167
|
+
title: 'CWE-798: Hardcoded Credentials',
|
|
168
|
+
url: 'https://cwe.mitre.org/data/definitions/798.html',
|
|
169
|
+
},
|
|
170
|
+
{
|
|
171
|
+
title: 'OWASP Authentication Failures',
|
|
172
|
+
url: 'https://owasp.org/Top10/2025/-Identification_and_Authentication_Failures/',
|
|
173
|
+
},
|
|
174
|
+
],
|
|
175
|
+
},
|
|
176
|
+
'weak-random': {
|
|
177
|
+
owasp: 'A02:2025 - Cryptographic Failures',
|
|
178
|
+
cwe: 'CWE-338',
|
|
179
|
+
pciDss: '6.5.3',
|
|
180
|
+
references: [
|
|
181
|
+
{
|
|
182
|
+
title: 'CWE-338: Weak PRNG',
|
|
183
|
+
url: 'https://cwe.mitre.org/data/definitions/338.html',
|
|
184
|
+
},
|
|
185
|
+
],
|
|
186
|
+
},
|
|
187
|
+
'weak-hash-md5': {
|
|
188
|
+
owasp: 'A02:2025 - Cryptographic Failures',
|
|
189
|
+
cwe: 'CWE-327',
|
|
190
|
+
pciDss: '6.5.3',
|
|
191
|
+
references: [
|
|
192
|
+
{
|
|
193
|
+
title: 'CWE-327: Broken Crypto',
|
|
194
|
+
url: 'https://cwe.mitre.org/data/definitions/327.html',
|
|
195
|
+
},
|
|
196
|
+
],
|
|
197
|
+
},
|
|
198
|
+
'weak-hash-sha1': {
|
|
199
|
+
owasp: 'A02:2025 - Cryptographic Failures',
|
|
200
|
+
cwe: 'CWE-327',
|
|
201
|
+
pciDss: '6.5.3',
|
|
202
|
+
references: [
|
|
203
|
+
{
|
|
204
|
+
title: 'CWE-327: Broken Crypto',
|
|
205
|
+
url: 'https://cwe.mitre.org/data/definitions/327.html',
|
|
206
|
+
},
|
|
207
|
+
],
|
|
208
|
+
},
|
|
209
|
+
'ecb-mode-encryption': {
|
|
210
|
+
owasp: 'A02:2025 - Cryptographic Failures',
|
|
211
|
+
cwe: 'CWE-327',
|
|
212
|
+
pciDss: '6.5.3',
|
|
213
|
+
references: [
|
|
214
|
+
{
|
|
215
|
+
title: 'CWE-327: Broken Crypto',
|
|
216
|
+
url: 'https://cwe.mitre.org/data/definitions/327.html',
|
|
217
|
+
},
|
|
218
|
+
],
|
|
219
|
+
},
|
|
220
|
+
'prototype-pollution': {
|
|
221
|
+
owasp: 'A08:2025 - Software and Data Integrity Failures',
|
|
222
|
+
cwe: 'CWE-1321',
|
|
223
|
+
references: [
|
|
224
|
+
{
|
|
225
|
+
title: 'CWE-1321: Prototype Pollution',
|
|
226
|
+
url: 'https://cwe.mitre.org/data/definitions/1321.html',
|
|
227
|
+
},
|
|
228
|
+
],
|
|
229
|
+
},
|
|
230
|
+
'ldap-injection': {
|
|
231
|
+
owasp: 'A03:2025 - Injection',
|
|
232
|
+
cwe: 'CWE-90',
|
|
233
|
+
pciDss: '6.5.1',
|
|
234
|
+
references: [
|
|
235
|
+
{
|
|
236
|
+
title: 'CWE-90: LDAP Injection',
|
|
237
|
+
url: 'https://cwe.mitre.org/data/definitions/90.html',
|
|
238
|
+
},
|
|
239
|
+
],
|
|
240
|
+
},
|
|
241
|
+
'xpath-injection': {
|
|
242
|
+
owasp: 'A03:2025 - Injection',
|
|
243
|
+
cwe: 'CWE-643',
|
|
244
|
+
pciDss: '6.5.1',
|
|
245
|
+
references: [
|
|
246
|
+
{
|
|
247
|
+
title: 'CWE-643: XPath Injection',
|
|
248
|
+
url: 'https://cwe.mitre.org/data/definitions/643.html',
|
|
249
|
+
},
|
|
250
|
+
],
|
|
251
|
+
},
|
|
252
|
+
'unsafe-yaml-load': {
|
|
253
|
+
owasp: 'A08:2025 - Software and Data Integrity Failures',
|
|
254
|
+
cwe: 'CWE-502',
|
|
255
|
+
pciDss: '6.5.8',
|
|
256
|
+
references: [
|
|
257
|
+
{
|
|
258
|
+
title: 'CWE-502: Deserialization',
|
|
259
|
+
url: 'https://cwe.mitre.org/data/definitions/502.html',
|
|
260
|
+
},
|
|
261
|
+
],
|
|
262
|
+
},
|
|
263
|
+
'unsafe-pickle': {
|
|
264
|
+
owasp: 'A08:2025 - Software and Data Integrity Failures',
|
|
265
|
+
cwe: 'CWE-502',
|
|
266
|
+
pciDss: '6.5.8',
|
|
267
|
+
references: [
|
|
268
|
+
{
|
|
269
|
+
title: 'CWE-502: Deserialization',
|
|
270
|
+
url: 'https://cwe.mitre.org/data/definitions/502.html',
|
|
271
|
+
},
|
|
272
|
+
],
|
|
273
|
+
},
|
|
274
|
+
'regex-dos': {
|
|
275
|
+
owasp: 'A06:2025 - Vulnerable and Outdated Components',
|
|
276
|
+
cwe: 'CWE-1333',
|
|
277
|
+
references: [
|
|
278
|
+
{
|
|
279
|
+
title: 'CWE-1333: ReDoS',
|
|
280
|
+
url: 'https://cwe.mitre.org/data/definitions/1333.html',
|
|
281
|
+
},
|
|
282
|
+
],
|
|
283
|
+
},
|
|
284
|
+
'insecure-storage': {
|
|
285
|
+
owasp: 'A02:2025 - Cryptographic Failures',
|
|
286
|
+
cwe: 'CWE-312',
|
|
287
|
+
pciDss: '3.4',
|
|
288
|
+
references: [
|
|
289
|
+
{
|
|
290
|
+
title: 'CWE-312: Cleartext Storage',
|
|
291
|
+
url: 'https://cwe.mitre.org/data/definitions/312.html',
|
|
292
|
+
},
|
|
293
|
+
],
|
|
294
|
+
},
|
|
295
|
+
'file-upload-no-validation': {
|
|
296
|
+
owasp: 'A01:2025 - Broken Access Control',
|
|
297
|
+
cwe: 'CWE-434',
|
|
298
|
+
pciDss: '6.5.8',
|
|
299
|
+
references: [
|
|
300
|
+
{
|
|
301
|
+
title: 'CWE-434: Unrestricted Upload',
|
|
302
|
+
url: 'https://cwe.mitre.org/data/definitions/434.html',
|
|
303
|
+
},
|
|
304
|
+
],
|
|
305
|
+
},
|
|
306
|
+
'unsafe-reflection': {
|
|
307
|
+
owasp: 'A03:2025 - Injection',
|
|
308
|
+
cwe: 'CWE-470',
|
|
309
|
+
pciDss: '6.5.1',
|
|
310
|
+
references: [
|
|
311
|
+
{
|
|
312
|
+
title: 'CWE-470: Unsafe Reflection',
|
|
313
|
+
url: 'https://cwe.mitre.org/data/definitions/470.html',
|
|
314
|
+
},
|
|
315
|
+
],
|
|
316
|
+
},
|
|
317
|
+
'console-log': {
|
|
318
|
+
owasp: 'A09:2025 - Security Logging and Monitoring Failures',
|
|
319
|
+
cwe: 'CWE-532',
|
|
320
|
+
references: [
|
|
321
|
+
{
|
|
322
|
+
title: 'CWE-532: Information Exposure Through Log Files',
|
|
323
|
+
url: 'https://cwe.mitre.org/data/definitions/532.html',
|
|
324
|
+
},
|
|
325
|
+
],
|
|
326
|
+
},
|
|
327
|
+
'print-statement': {
|
|
328
|
+
owasp: 'A09:2025 - Security Logging and Monitoring Failures',
|
|
329
|
+
cwe: 'CWE-532',
|
|
330
|
+
references: [
|
|
331
|
+
{
|
|
332
|
+
title: 'CWE-532: Information Exposure',
|
|
333
|
+
url: 'https://cwe.mitre.org/data/definitions/532.html',
|
|
334
|
+
},
|
|
335
|
+
],
|
|
336
|
+
},
|
|
337
|
+
'printstacktrace': {
|
|
338
|
+
owasp: 'A09:2025 - Security Logging and Monitoring Failures',
|
|
339
|
+
cwe: 'CWE-209',
|
|
340
|
+
references: [
|
|
341
|
+
{
|
|
342
|
+
title: 'CWE-209: Information Exposure',
|
|
343
|
+
url: 'https://cwe.mitre.org/data/definitions/209.html',
|
|
344
|
+
},
|
|
345
|
+
],
|
|
346
|
+
},
|
|
347
|
+
'empty-except': {
|
|
348
|
+
owasp: 'A09:2025 - Security Logging and Monitoring Failures',
|
|
349
|
+
cwe: 'CWE-391',
|
|
350
|
+
references: [
|
|
351
|
+
{
|
|
352
|
+
title: 'CWE-391: Unchecked Error',
|
|
353
|
+
url: 'https://cwe.mitre.org/data/definitions/391.html',
|
|
354
|
+
},
|
|
355
|
+
],
|
|
356
|
+
},
|
|
357
|
+
'missing-error-handling': {
|
|
358
|
+
owasp: 'A09:2025 - Security Logging and Monitoring Failures',
|
|
359
|
+
cwe: 'CWE-391',
|
|
360
|
+
references: [
|
|
361
|
+
{
|
|
362
|
+
title: 'CWE-391: Unchecked Error',
|
|
363
|
+
url: 'https://cwe.mitre.org/data/definitions/391.html',
|
|
364
|
+
},
|
|
365
|
+
],
|
|
366
|
+
},
|
|
367
|
+
// DEC 16, 2025 (Phase 11): Code Quality Issues (Not Security Vulnerabilities)
|
|
368
|
+
'any-type-usage': {
|
|
369
|
+
owasp: 'N/A',
|
|
370
|
+
cwe: 'N/A',
|
|
371
|
+
references: [
|
|
372
|
+
{
|
|
373
|
+
title: 'TypeScript Handbook: Type Safety',
|
|
374
|
+
url: 'https://www.typescriptlang.org/docs/handbook/2/everyday-types.html#any',
|
|
375
|
+
},
|
|
376
|
+
],
|
|
377
|
+
},
|
|
378
|
+
// DEC 16, 2025: TypeScript Security Checks (Check #85, #86, #87)
|
|
379
|
+
'idor-no-authorization': {
|
|
380
|
+
owasp: 'A01:2025 - Broken Access Control',
|
|
381
|
+
cwe: 'CWE-639',
|
|
382
|
+
pciDss: '6.5.10',
|
|
383
|
+
references: [
|
|
384
|
+
{
|
|
385
|
+
title: 'OWASP Broken Access Control',
|
|
386
|
+
url: 'https://owasp.org/Top10/2025/-Broken_Access_Control/',
|
|
387
|
+
},
|
|
388
|
+
{
|
|
389
|
+
title: 'CWE-639: Authorization Bypass Through User-Controlled Key',
|
|
390
|
+
url: 'https://cwe.mitre.org/data/definitions/639.html',
|
|
391
|
+
},
|
|
392
|
+
],
|
|
393
|
+
},
|
|
394
|
+
'stack-trace-exposure': {
|
|
395
|
+
owasp: 'A05:2025 - Security Misconfiguration',
|
|
396
|
+
cwe: 'CWE-209',
|
|
397
|
+
pciDss: '6.5.5',
|
|
398
|
+
references: [
|
|
399
|
+
{
|
|
400
|
+
title: 'OWASP Security Misconfiguration',
|
|
401
|
+
url: 'https://owasp.org/Top10/2025/-Security_Misconfiguration/',
|
|
402
|
+
},
|
|
403
|
+
{
|
|
404
|
+
title: 'CWE-209: Information Exposure Through Error Message',
|
|
405
|
+
url: 'https://cwe.mitre.org/data/definitions/209.html',
|
|
406
|
+
},
|
|
407
|
+
],
|
|
408
|
+
},
|
|
409
|
+
'direct-stack-exposure': {
|
|
410
|
+
owasp: 'A05:2025 - Security Misconfiguration',
|
|
411
|
+
cwe: 'CWE-209',
|
|
412
|
+
pciDss: '6.5.5',
|
|
413
|
+
references: [
|
|
414
|
+
{
|
|
415
|
+
title: 'OWASP Security Misconfiguration',
|
|
416
|
+
url: 'https://owasp.org/Top10/2025/-Security_Misconfiguration/',
|
|
417
|
+
},
|
|
418
|
+
{
|
|
419
|
+
title: 'CWE-209: Information Exposure Through Error Message',
|
|
420
|
+
url: 'https://cwe.mitre.org/data/definitions/209.html',
|
|
421
|
+
},
|
|
422
|
+
],
|
|
423
|
+
},
|
|
424
|
+
'dynamic-require-env-var': {
|
|
425
|
+
owasp: 'A06:2025 - Vulnerable and Outdated Components',
|
|
426
|
+
cwe: 'CWE-94',
|
|
427
|
+
pciDss: '6.5.1',
|
|
428
|
+
references: [
|
|
429
|
+
{
|
|
430
|
+
title: 'OWASP Vulnerable and Outdated Components',
|
|
431
|
+
url: 'https://owasp.org/Top10/2025/-Vulnerable_and_Outdated_Components/',
|
|
432
|
+
},
|
|
433
|
+
{
|
|
434
|
+
title: 'CWE-94: Improper Control of Generation of Code',
|
|
435
|
+
url: 'https://cwe.mitre.org/data/definitions/94.html',
|
|
436
|
+
},
|
|
437
|
+
],
|
|
438
|
+
},
|
|
439
|
+
// DEC 16, 2025 (Phase 11): Authentication Failures (Checks #88, #89, #90, #91)
|
|
440
|
+
'plaintext-password-comparison': {
|
|
441
|
+
owasp: 'A07:2025 - Identification and Authentication Failures',
|
|
442
|
+
cwe: 'CWE-256',
|
|
443
|
+
pciDss: '8.2.1',
|
|
444
|
+
references: [
|
|
445
|
+
{
|
|
446
|
+
title: 'OWASP Authentication Failures',
|
|
447
|
+
url: 'https://owasp.org/Top10/2025/-Identification_and_Authentication_Failures/',
|
|
448
|
+
},
|
|
449
|
+
{
|
|
450
|
+
title: 'CWE-256: Plaintext Storage of a Password',
|
|
451
|
+
url: 'https://cwe.mitre.org/data/definitions/256.html',
|
|
452
|
+
},
|
|
453
|
+
],
|
|
454
|
+
},
|
|
455
|
+
'weak-token-generation': {
|
|
456
|
+
owasp: 'A07:2025 - Identification and Authentication Failures',
|
|
457
|
+
cwe: 'CWE-330',
|
|
458
|
+
pciDss: '8.2.1',
|
|
459
|
+
references: [
|
|
460
|
+
{
|
|
461
|
+
title: 'OWASP Authentication Failures',
|
|
462
|
+
url: 'https://owasp.org/Top10/2025/-Identification_and_Authentication_Failures/',
|
|
463
|
+
},
|
|
464
|
+
{
|
|
465
|
+
title: 'CWE-330: Use of Insufficiently Random Values',
|
|
466
|
+
url: 'https://cwe.mitre.org/data/definitions/330.html',
|
|
467
|
+
},
|
|
468
|
+
],
|
|
469
|
+
},
|
|
470
|
+
'master-password-backdoor': {
|
|
471
|
+
owasp: 'A07:2025 - Identification and Authentication Failures',
|
|
472
|
+
cwe: 'CWE-798',
|
|
473
|
+
pciDss: '8.2.1',
|
|
474
|
+
references: [
|
|
475
|
+
{
|
|
476
|
+
title: 'OWASP Authentication Failures',
|
|
477
|
+
url: 'https://owasp.org/Top10/2025/-Identification_and_Authentication_Failures/',
|
|
478
|
+
},
|
|
479
|
+
{
|
|
480
|
+
title: 'CWE-798: Use of Hard-coded Credentials',
|
|
481
|
+
url: 'https://cwe.mitre.org/data/definitions/798.html',
|
|
482
|
+
},
|
|
483
|
+
],
|
|
484
|
+
},
|
|
485
|
+
'fail-open-authorization': {
|
|
486
|
+
owasp: 'A01:2025 - Broken Access Control',
|
|
487
|
+
cwe: 'CWE-636',
|
|
488
|
+
pciDss: '6.5.10',
|
|
489
|
+
references: [
|
|
490
|
+
{
|
|
491
|
+
title: 'OWASP Broken Access Control',
|
|
492
|
+
url: 'https://owasp.org/Top10/2025/-Broken_Access_Control/',
|
|
493
|
+
},
|
|
494
|
+
{
|
|
495
|
+
title: 'CWE-636: Not Failing Securely',
|
|
496
|
+
url: 'https://cwe.mitre.org/data/definitions/636.html',
|
|
497
|
+
},
|
|
498
|
+
],
|
|
499
|
+
},
|
|
500
|
+
'fail-open-authentication': {
|
|
501
|
+
owasp: 'A01:2025 - Broken Access Control',
|
|
502
|
+
cwe: 'CWE-636',
|
|
503
|
+
pciDss: '6.5.10',
|
|
504
|
+
references: [
|
|
505
|
+
{
|
|
506
|
+
title: 'OWASP Broken Access Control',
|
|
507
|
+
url: 'https://owasp.org/Top10/2025/-Broken_Access_Control/',
|
|
508
|
+
},
|
|
509
|
+
{
|
|
510
|
+
title: 'CWE-636: Not Failing Securely',
|
|
511
|
+
url: 'https://cwe.mitre.org/data/definitions/636.html',
|
|
512
|
+
},
|
|
513
|
+
],
|
|
514
|
+
},
|
|
515
|
+
// DEC 23, 2025: OWASP 2025 Top 10 Mappings - A03:2025 Software Supply Chain Failures
|
|
516
|
+
'dynamic-import-no-integrity': {
|
|
517
|
+
owasp: 'A03:2025',
|
|
518
|
+
cwe: 'CWE-494',
|
|
519
|
+
pciDss: '6.2',
|
|
520
|
+
references: [
|
|
521
|
+
{
|
|
522
|
+
title: 'CWE-494: Download of Code Without Integrity Check',
|
|
523
|
+
url: 'https://cwe.mitre.org/data/definitions/494.html',
|
|
524
|
+
},
|
|
525
|
+
],
|
|
526
|
+
},
|
|
527
|
+
'runtime-dependency-loading': {
|
|
528
|
+
owasp: 'A03:2025',
|
|
529
|
+
cwe: 'CWE-494',
|
|
530
|
+
pciDss: '6.2',
|
|
531
|
+
references: [
|
|
532
|
+
{
|
|
533
|
+
title: 'CWE-494: Download of Code Without Integrity Check',
|
|
534
|
+
url: 'https://cwe.mitre.org/data/definitions/494.html',
|
|
535
|
+
},
|
|
536
|
+
],
|
|
537
|
+
},
|
|
538
|
+
'unrestricted-cdn-usage': {
|
|
539
|
+
owasp: 'A03:2025',
|
|
540
|
+
cwe: 'CWE-494',
|
|
541
|
+
pciDss: '6.2',
|
|
542
|
+
references: [
|
|
543
|
+
{
|
|
544
|
+
title: 'CWE-494: Download of Code Without Integrity Check',
|
|
545
|
+
url: 'https://cwe.mitre.org/data/definitions/494.html',
|
|
546
|
+
},
|
|
547
|
+
],
|
|
548
|
+
},
|
|
549
|
+
// DEC 23, 2025: OWASP 2025 Top 10 Mappings - A10:2025 Mishandling of Exceptional Conditions
|
|
550
|
+
'empty-catch-block': {
|
|
551
|
+
owasp: 'A10:2025',
|
|
552
|
+
cwe: 'CWE-391',
|
|
553
|
+
pciDss: '6.5.5',
|
|
554
|
+
references: [
|
|
555
|
+
{
|
|
556
|
+
title: 'CWE-391: Unchecked Error Condition',
|
|
557
|
+
url: 'https://cwe.mitre.org/data/definitions/391.html',
|
|
558
|
+
},
|
|
559
|
+
],
|
|
560
|
+
},
|
|
561
|
+
'ignored-exception': {
|
|
562
|
+
owasp: 'A10:2025',
|
|
563
|
+
cwe: 'CWE-391',
|
|
564
|
+
pciDss: '6.5.5',
|
|
565
|
+
references: [
|
|
566
|
+
{
|
|
567
|
+
title: 'CWE-391: Unchecked Error Condition',
|
|
568
|
+
url: 'https://cwe.mitre.org/data/definitions/391.html',
|
|
569
|
+
},
|
|
570
|
+
],
|
|
571
|
+
},
|
|
572
|
+
'error-object-exposure': {
|
|
573
|
+
owasp: 'A10:2025',
|
|
574
|
+
cwe: 'CWE-209',
|
|
575
|
+
pciDss: '6.5.5',
|
|
576
|
+
references: [
|
|
577
|
+
{
|
|
578
|
+
title: 'CWE-209: Information Exposure Through Error Message',
|
|
579
|
+
url: 'https://cwe.mitre.org/data/definitions/209.html',
|
|
580
|
+
},
|
|
581
|
+
],
|
|
582
|
+
},
|
|
583
|
+
'missing-resource-cleanup': {
|
|
584
|
+
owasp: 'A10:2025',
|
|
585
|
+
cwe: 'CWE-404',
|
|
586
|
+
pciDss: '6.5.5',
|
|
587
|
+
references: [
|
|
588
|
+
{
|
|
589
|
+
title: 'CWE-404: Improper Resource Shutdown',
|
|
590
|
+
url: 'https://cwe.mitre.org/data/definitions/404.html',
|
|
591
|
+
},
|
|
592
|
+
],
|
|
593
|
+
},
|
|
594
|
+
'resource-leak-on-exception': {
|
|
595
|
+
owasp: 'A10:2025',
|
|
596
|
+
cwe: 'CWE-772',
|
|
597
|
+
pciDss: '6.5.5',
|
|
598
|
+
references: [
|
|
599
|
+
{
|
|
600
|
+
title: 'CWE-772: Missing Release of Resource',
|
|
601
|
+
url: 'https://cwe.mitre.org/data/definitions/772.html',
|
|
602
|
+
},
|
|
603
|
+
],
|
|
604
|
+
},
|
|
605
|
+
'python-exception-traceback': {
|
|
606
|
+
owasp: 'A10:2025',
|
|
607
|
+
cwe: 'CWE-209',
|
|
608
|
+
pciDss: '6.5.5',
|
|
609
|
+
references: [
|
|
610
|
+
{
|
|
611
|
+
title: 'CWE-209: Information Exposure Through Error Message',
|
|
612
|
+
url: 'https://cwe.mitre.org/data/definitions/209.html',
|
|
613
|
+
},
|
|
614
|
+
],
|
|
615
|
+
},
|
|
616
|
+
// Python A10:2025 - Exception Handling (4 new mappings)
|
|
617
|
+
'bare-except-clause': {
|
|
618
|
+
owasp: 'A10:2025',
|
|
619
|
+
cwe: 'CWE-396',
|
|
620
|
+
pciDss: '6.5.5',
|
|
621
|
+
references: [
|
|
622
|
+
{
|
|
623
|
+
title: 'CWE-396: Declaration of Catch for Generic Exception',
|
|
624
|
+
url: 'https://cwe.mitre.org/data/definitions/396.html',
|
|
625
|
+
},
|
|
626
|
+
{
|
|
627
|
+
title: 'OWASP A10:2025 - Mishandling of Exceptional Conditions',
|
|
628
|
+
url: 'https://owasp.org/Top10/2025/',
|
|
629
|
+
},
|
|
630
|
+
],
|
|
631
|
+
},
|
|
632
|
+
'exception-details-exposed': {
|
|
633
|
+
owasp: 'A10:2025',
|
|
634
|
+
cwe: 'CWE-209',
|
|
635
|
+
pciDss: '6.5.5',
|
|
636
|
+
references: [
|
|
637
|
+
{
|
|
638
|
+
title: 'CWE-209: Information Exposure Through Error Message',
|
|
639
|
+
url: 'https://cwe.mitre.org/data/definitions/209.html',
|
|
640
|
+
},
|
|
641
|
+
{
|
|
642
|
+
title: 'OWASP A10:2025 - Mishandling of Exceptional Conditions',
|
|
643
|
+
url: 'https://owasp.org/Top10/2025/',
|
|
644
|
+
},
|
|
645
|
+
],
|
|
646
|
+
},
|
|
647
|
+
'silent-exception-suppression': {
|
|
648
|
+
owasp: 'A10:2025',
|
|
649
|
+
cwe: 'CWE-391',
|
|
650
|
+
pciDss: '6.5.5',
|
|
651
|
+
references: [
|
|
652
|
+
{
|
|
653
|
+
title: 'CWE-391: Unchecked Error Condition',
|
|
654
|
+
url: 'https://cwe.mitre.org/data/definitions/391.html',
|
|
655
|
+
},
|
|
656
|
+
{
|
|
657
|
+
title: 'OWASP A10:2025 - Mishandling of Exceptional Conditions',
|
|
658
|
+
url: 'https://owasp.org/Top10/2025/',
|
|
659
|
+
},
|
|
660
|
+
],
|
|
661
|
+
},
|
|
662
|
+
'incorrect-exception-pattern': {
|
|
663
|
+
owasp: 'A10:2025',
|
|
664
|
+
cwe: 'CWE-705',
|
|
665
|
+
pciDss: '6.5.5',
|
|
666
|
+
references: [
|
|
667
|
+
{
|
|
668
|
+
title: 'CWE-705: Incorrect Control Flow Scoping',
|
|
669
|
+
url: 'https://cwe.mitre.org/data/definitions/705.html',
|
|
670
|
+
},
|
|
671
|
+
{
|
|
672
|
+
title: 'OWASP A10:2025 - Mishandling of Exceptional Conditions',
|
|
673
|
+
url: 'https://owasp.org/Top10/2025/',
|
|
674
|
+
},
|
|
675
|
+
],
|
|
676
|
+
},
|
|
677
|
+
// Java A10:2025 - Exception Handling (NEW - Phase 7B Day 6 - DEC 25, 2025)
|
|
678
|
+
'broad-exception-catching': {
|
|
679
|
+
owasp: 'A10:2025',
|
|
680
|
+
cwe: 'CWE-396',
|
|
681
|
+
pciDss: '6.5.5',
|
|
682
|
+
references: [
|
|
683
|
+
{
|
|
684
|
+
title: 'CWE-396: Declaration of Catch for Generic Exception',
|
|
685
|
+
url: 'https://cwe.mitre.org/data/definitions/396.html',
|
|
686
|
+
},
|
|
687
|
+
{
|
|
688
|
+
title: 'OWASP A10:2025 - Mishandling of Exceptional Conditions',
|
|
689
|
+
url: 'https://owasp.org/Top10/2025/',
|
|
690
|
+
},
|
|
691
|
+
],
|
|
692
|
+
},
|
|
693
|
+
'improper-exception-propagation': {
|
|
694
|
+
owasp: 'A10:2025',
|
|
695
|
+
cwe: 'CWE-397',
|
|
696
|
+
pciDss: '6.5.5',
|
|
697
|
+
references: [
|
|
698
|
+
{
|
|
699
|
+
title: 'CWE-397: Declaration of Throws for Generic Exception',
|
|
700
|
+
url: 'https://cwe.mitre.org/data/definitions/397.html',
|
|
701
|
+
},
|
|
702
|
+
{
|
|
703
|
+
title: 'OWASP A10:2025 - Mishandling of Exceptional Conditions',
|
|
704
|
+
url: 'https://owasp.org/Top10/2025/',
|
|
705
|
+
},
|
|
706
|
+
],
|
|
707
|
+
},
|
|
708
|
+
'resource-leak-exception': {
|
|
709
|
+
owasp: 'A10:2025',
|
|
710
|
+
cwe: 'CWE-404',
|
|
711
|
+
pciDss: '6.5.6',
|
|
712
|
+
references: [
|
|
713
|
+
{
|
|
714
|
+
title: 'CWE-404: Improper Resource Shutdown or Release',
|
|
715
|
+
url: 'https://cwe.mitre.org/data/definitions/404.html',
|
|
716
|
+
},
|
|
717
|
+
{
|
|
718
|
+
title: 'OWASP A10:2025 - Mishandling of Exceptional Conditions',
|
|
719
|
+
url: 'https://owasp.org/Top10/2025/',
|
|
720
|
+
},
|
|
721
|
+
],
|
|
722
|
+
},
|
|
723
|
+
'printstacktrace-usage': {
|
|
724
|
+
owasp: 'A10:2025',
|
|
725
|
+
cwe: 'CWE-489',
|
|
726
|
+
pciDss: '6.5.5',
|
|
727
|
+
references: [
|
|
728
|
+
{
|
|
729
|
+
title: 'CWE-489: Active Debug Code',
|
|
730
|
+
url: 'https://cwe.mitre.org/data/definitions/489.html',
|
|
731
|
+
},
|
|
732
|
+
{
|
|
733
|
+
title: 'OWASP A10:2025 - Mishandling of Exceptional Conditions',
|
|
734
|
+
url: 'https://owasp.org/Top10/2025/',
|
|
735
|
+
},
|
|
736
|
+
],
|
|
737
|
+
},
|
|
738
|
+
'swallowed-interrupted-exception': {
|
|
739
|
+
owasp: 'A10:2025',
|
|
740
|
+
cwe: 'CWE-391',
|
|
741
|
+
pciDss: '6.5.5',
|
|
742
|
+
references: [
|
|
743
|
+
{
|
|
744
|
+
title: 'CWE-391: Unchecked Error Condition',
|
|
745
|
+
url: 'https://cwe.mitre.org/data/definitions/391.html',
|
|
746
|
+
},
|
|
747
|
+
{
|
|
748
|
+
title: 'OWASP A10:2025 - Mishandling of Exceptional Conditions',
|
|
749
|
+
url: 'https://owasp.org/Top10/2025/',
|
|
750
|
+
},
|
|
751
|
+
],
|
|
752
|
+
},
|
|
753
|
+
// DEC 25, 2025: Java A03:2025 - Supply Chain Security (Phase 7B Day 7)
|
|
754
|
+
'dynamic-class-loading': {
|
|
755
|
+
owasp: 'A03:2025',
|
|
756
|
+
cwe: 'CWE-470',
|
|
757
|
+
pciDss: '6.5.3',
|
|
758
|
+
references: [
|
|
759
|
+
{
|
|
760
|
+
title: 'CWE-470: Use of Externally-Controlled Input to Select Classes or Code',
|
|
761
|
+
url: 'https://cwe.mitre.org/data/definitions/470.html',
|
|
762
|
+
},
|
|
763
|
+
{
|
|
764
|
+
title: 'OWASP A03:2025 - Software and Supply Chain Security',
|
|
765
|
+
url: 'https://owasp.org/Top10/2025/',
|
|
766
|
+
},
|
|
767
|
+
],
|
|
768
|
+
},
|
|
769
|
+
'insecure-maven-repository': {
|
|
770
|
+
owasp: 'A03:2025',
|
|
771
|
+
cwe: 'CWE-494',
|
|
772
|
+
pciDss: '6.5.3',
|
|
773
|
+
references: [
|
|
774
|
+
{
|
|
775
|
+
title: 'CWE-494: Download of Code Without Integrity Check',
|
|
776
|
+
url: 'https://cwe.mitre.org/data/definitions/494.html',
|
|
777
|
+
},
|
|
778
|
+
{
|
|
779
|
+
title: 'OWASP A03:2025 - Software and Supply Chain Security',
|
|
780
|
+
url: 'https://owasp.org/Top10/2025/',
|
|
781
|
+
},
|
|
782
|
+
],
|
|
783
|
+
},
|
|
784
|
+
'package-typosquatting': {
|
|
785
|
+
owasp: 'A03:2025',
|
|
786
|
+
cwe: 'CWE-829',
|
|
787
|
+
pciDss: '6.5.3',
|
|
788
|
+
references: [
|
|
789
|
+
{
|
|
790
|
+
title: 'CWE-829: Inclusion of Functionality from Untrusted Control Sphere',
|
|
791
|
+
url: 'https://cwe.mitre.org/data/definitions/829.html',
|
|
792
|
+
},
|
|
793
|
+
{
|
|
794
|
+
title: 'OWASP A03:2025 - Software and Supply Chain Security',
|
|
795
|
+
url: 'https://owasp.org/Top10/2025/',
|
|
796
|
+
},
|
|
797
|
+
],
|
|
798
|
+
},
|
|
799
|
+
'unsigned-jar-usage': {
|
|
800
|
+
owasp: 'A03:2025',
|
|
801
|
+
cwe: 'CWE-494',
|
|
802
|
+
pciDss: '6.5.3',
|
|
803
|
+
references: [
|
|
804
|
+
{
|
|
805
|
+
title: 'CWE-494: Download of Code Without Integrity Check',
|
|
806
|
+
url: 'https://cwe.mitre.org/data/definitions/494.html',
|
|
807
|
+
},
|
|
808
|
+
{
|
|
809
|
+
title: 'OWASP A03:2025 - Software and Supply Chain Security',
|
|
810
|
+
url: 'https://owasp.org/Top10/2025/',
|
|
811
|
+
},
|
|
812
|
+
],
|
|
813
|
+
},
|
|
814
|
+
'dependency-confusion': {
|
|
815
|
+
owasp: 'A03:2025',
|
|
816
|
+
cwe: 'CWE-427',
|
|
817
|
+
pciDss: '6.5.3',
|
|
818
|
+
references: [
|
|
819
|
+
{
|
|
820
|
+
title: 'CWE-427: Uncontrolled Search Path Element',
|
|
821
|
+
url: 'https://cwe.mitre.org/data/definitions/427.html',
|
|
822
|
+
},
|
|
823
|
+
{
|
|
824
|
+
title: 'OWASP A03:2025 - Software and Supply Chain Security',
|
|
825
|
+
url: 'https://owasp.org/Top10/2025/',
|
|
826
|
+
},
|
|
827
|
+
],
|
|
828
|
+
},
|
|
829
|
+
'runtime-bytecode-loading': {
|
|
830
|
+
owasp: 'A03:2025',
|
|
831
|
+
cwe: 'CWE-94',
|
|
832
|
+
pciDss: '6.5.3',
|
|
833
|
+
references: [
|
|
834
|
+
{
|
|
835
|
+
title: 'CWE-94: Improper Control of Generation of Code',
|
|
836
|
+
url: 'https://cwe.mitre.org/data/definitions/94.html',
|
|
837
|
+
},
|
|
838
|
+
{
|
|
839
|
+
title: 'OWASP A03:2025 - Software and Supply Chain Security',
|
|
840
|
+
url: 'https://owasp.org/Top10/2025/',
|
|
841
|
+
},
|
|
842
|
+
],
|
|
843
|
+
},
|
|
844
|
+
// DEC 25, 2025: Java A01:2025 - Access Control (Phase 7B Day 8)
|
|
845
|
+
'missing-authorization': {
|
|
846
|
+
owasp: 'A01:2025',
|
|
847
|
+
cwe: 'CWE-862',
|
|
848
|
+
pciDss: '6.5.8',
|
|
849
|
+
references: [
|
|
850
|
+
{
|
|
851
|
+
title: 'CWE-862: Missing Authorization',
|
|
852
|
+
url: 'https://cwe.mitre.org/data/definitions/862.html',
|
|
853
|
+
},
|
|
854
|
+
{
|
|
855
|
+
title: 'OWASP A01:2025 - Broken Access Control',
|
|
856
|
+
url: 'https://owasp.org/Top10/2025/',
|
|
857
|
+
},
|
|
858
|
+
],
|
|
859
|
+
},
|
|
860
|
+
'hardcoded-roles': {
|
|
861
|
+
owasp: 'A01:2025',
|
|
862
|
+
cwe: 'CWE-547',
|
|
863
|
+
pciDss: '6.5.8',
|
|
864
|
+
references: [
|
|
865
|
+
{
|
|
866
|
+
title: 'CWE-547: Use of Hard-coded, Security-relevant Constants',
|
|
867
|
+
url: 'https://cwe.mitre.org/data/definitions/547.html',
|
|
868
|
+
},
|
|
869
|
+
{
|
|
870
|
+
title: 'OWASP A01:2025 - Broken Access Control',
|
|
871
|
+
url: 'https://owasp.org/Top10/2025/',
|
|
872
|
+
},
|
|
873
|
+
],
|
|
874
|
+
},
|
|
875
|
+
// DEC 25, 2025: JavaScript/TypeScript A01:2025 - Access Control (Phase 7B Day 11)
|
|
876
|
+
'missing-authentication-middleware': {
|
|
877
|
+
owasp: 'A01:2025',
|
|
878
|
+
cwe: 'CWE-306',
|
|
879
|
+
pciDss: '6.5.10',
|
|
880
|
+
references: [
|
|
881
|
+
{
|
|
882
|
+
title: 'CWE-306: Missing Authentication for Critical Function',
|
|
883
|
+
url: 'https://cwe.mitre.org/data/definitions/306.html',
|
|
884
|
+
},
|
|
885
|
+
{
|
|
886
|
+
title: 'OWASP A01:2025 - Broken Access Control',
|
|
887
|
+
url: 'https://owasp.org/Top10/2025/',
|
|
888
|
+
},
|
|
889
|
+
],
|
|
890
|
+
},
|
|
891
|
+
'client-side-authorization': {
|
|
892
|
+
owasp: 'A01:2025',
|
|
893
|
+
cwe: 'CWE-602',
|
|
894
|
+
pciDss: '6.5.10',
|
|
895
|
+
references: [
|
|
896
|
+
{
|
|
897
|
+
title: 'CWE-602: Client-Side Enforcement of Server-Side Security',
|
|
898
|
+
url: 'https://cwe.mitre.org/data/definitions/602.html',
|
|
899
|
+
},
|
|
900
|
+
{
|
|
901
|
+
title: 'OWASP A01:2025 - Broken Access Control',
|
|
902
|
+
url: 'https://owasp.org/Top10/2025/',
|
|
903
|
+
},
|
|
904
|
+
],
|
|
905
|
+
},
|
|
906
|
+
// DEC 25, 2025: JavaScript/TypeScript A07:2025 - Authentication Failures (Phase 7B Day 11)
|
|
907
|
+
'missing-mfa': {
|
|
908
|
+
owasp: 'A07:2025',
|
|
909
|
+
cwe: 'CWE-308',
|
|
910
|
+
pciDss: '8.3',
|
|
911
|
+
references: [
|
|
912
|
+
{
|
|
913
|
+
title: 'CWE-308: Use of Single-factor Authentication',
|
|
914
|
+
url: 'https://cwe.mitre.org/data/definitions/308.html',
|
|
915
|
+
},
|
|
916
|
+
{
|
|
917
|
+
title: 'OWASP A07:2025 - Identification and Authentication Failures',
|
|
918
|
+
url: 'https://owasp.org/Top10/2025/',
|
|
919
|
+
},
|
|
920
|
+
],
|
|
921
|
+
},
|
|
922
|
+
'no-rate-limiting': {
|
|
923
|
+
owasp: 'A07:2025',
|
|
924
|
+
cwe: 'CWE-307',
|
|
925
|
+
pciDss: '6.5.10',
|
|
926
|
+
references: [
|
|
927
|
+
{
|
|
928
|
+
title: 'CWE-307: Improper Restriction of Excessive Authentication Attempts',
|
|
929
|
+
url: 'https://cwe.mitre.org/data/definitions/307.html',
|
|
930
|
+
},
|
|
931
|
+
{
|
|
932
|
+
title: 'OWASP A07:2025 - Identification and Authentication Failures',
|
|
933
|
+
url: 'https://owasp.org/Top10/2025/',
|
|
934
|
+
},
|
|
935
|
+
],
|
|
936
|
+
},
|
|
937
|
+
// DEC 25, 2025: Java A04:2025 - Cryptographic Failures (Phase 7B Day 8)
|
|
938
|
+
'weak-cipher-rc4': {
|
|
939
|
+
owasp: 'A04:2025',
|
|
940
|
+
cwe: 'CWE-327',
|
|
941
|
+
pciDss: '6.5.3',
|
|
942
|
+
references: [
|
|
943
|
+
{
|
|
944
|
+
title: 'CWE-327: Use of a Broken or Risky Cryptographic Algorithm',
|
|
945
|
+
url: 'https://cwe.mitre.org/data/definitions/327.html',
|
|
946
|
+
},
|
|
947
|
+
{
|
|
948
|
+
title: 'OWASP A04:2025 - Cryptographic Failures',
|
|
949
|
+
url: 'https://owasp.org/Top10/2025/',
|
|
950
|
+
},
|
|
951
|
+
],
|
|
952
|
+
},
|
|
953
|
+
// DEC 25, 2025: Java A06:2025 - Insecure Design (Phase 7B Day 9)
|
|
954
|
+
'missing-input-validation': {
|
|
955
|
+
owasp: 'A06:2025',
|
|
956
|
+
cwe: 'CWE-20',
|
|
957
|
+
pciDss: '6.5.1',
|
|
958
|
+
references: [
|
|
959
|
+
{
|
|
960
|
+
title: 'CWE-20: Improper Input Validation',
|
|
961
|
+
url: 'https://cwe.mitre.org/data/definitions/20.html',
|
|
962
|
+
},
|
|
963
|
+
{
|
|
964
|
+
title: 'OWASP A06:2025 - Insecure Design',
|
|
965
|
+
url: 'https://owasp.org/Top10/2025/',
|
|
966
|
+
},
|
|
967
|
+
],
|
|
968
|
+
},
|
|
969
|
+
'direct-database-query': {
|
|
970
|
+
owasp: 'A06:2025',
|
|
971
|
+
cwe: 'CWE-1021',
|
|
972
|
+
pciDss: '6.5.8',
|
|
973
|
+
references: [
|
|
974
|
+
{
|
|
975
|
+
title: 'CWE-1021: Improper Restriction of Rendered UI Layers or Frames',
|
|
976
|
+
url: 'https://cwe.mitre.org/data/definitions/1021.html',
|
|
977
|
+
},
|
|
978
|
+
{
|
|
979
|
+
title: 'OWASP A06:2025 - Insecure Design',
|
|
980
|
+
url: 'https://owasp.org/Top10/2025/',
|
|
981
|
+
},
|
|
982
|
+
],
|
|
983
|
+
},
|
|
984
|
+
// DEC 25, 2025: Java A09:2025 - Logging Failures (Phase 7B Day 9)
|
|
985
|
+
'missing-security-logging': {
|
|
986
|
+
owasp: 'A09:2025',
|
|
987
|
+
cwe: 'CWE-778',
|
|
988
|
+
pciDss: '10.2',
|
|
989
|
+
references: [
|
|
990
|
+
{
|
|
991
|
+
title: 'CWE-778: Insufficient Logging',
|
|
992
|
+
url: 'https://cwe.mitre.org/data/definitions/778.html',
|
|
993
|
+
},
|
|
994
|
+
{
|
|
995
|
+
title: 'OWASP A09:2025 - Security Logging and Monitoring Failures',
|
|
996
|
+
url: 'https://owasp.org/Top10/2025/',
|
|
997
|
+
},
|
|
998
|
+
],
|
|
999
|
+
},
|
|
1000
|
+
'system-out-println': {
|
|
1001
|
+
owasp: 'A09:2025',
|
|
1002
|
+
cwe: 'CWE-778',
|
|
1003
|
+
pciDss: '10.2',
|
|
1004
|
+
references: [
|
|
1005
|
+
{
|
|
1006
|
+
title: 'CWE-778: Insufficient Logging',
|
|
1007
|
+
url: 'https://cwe.mitre.org/data/definitions/778.html',
|
|
1008
|
+
},
|
|
1009
|
+
{
|
|
1010
|
+
title: 'OWASP A09:2025 - Security Logging and Monitoring Failures',
|
|
1011
|
+
url: 'https://owasp.org/Top10/2025/',
|
|
1012
|
+
},
|
|
1013
|
+
],
|
|
1014
|
+
},
|
|
1015
|
+
// DEC 25, 2025: TypeScript A10:2025 - Exception Handling (Phase 7B Day 9)
|
|
1016
|
+
'async-without-try-catch': {
|
|
1017
|
+
owasp: 'A10:2025',
|
|
1018
|
+
cwe: 'CWE-755',
|
|
1019
|
+
pciDss: '6.5.5',
|
|
1020
|
+
references: [
|
|
1021
|
+
{
|
|
1022
|
+
title: 'CWE-755: Improper Handling of Exceptional Conditions',
|
|
1023
|
+
url: 'https://cwe.mitre.org/data/definitions/755.html',
|
|
1024
|
+
},
|
|
1025
|
+
{
|
|
1026
|
+
title: 'OWASP A10:2025 - Mishandling of Exceptional Conditions',
|
|
1027
|
+
url: 'https://owasp.org/Top10/2025/',
|
|
1028
|
+
},
|
|
1029
|
+
],
|
|
1030
|
+
},
|
|
1031
|
+
'unhandled-promise-rejection': {
|
|
1032
|
+
owasp: 'A10:2025',
|
|
1033
|
+
cwe: 'CWE-755',
|
|
1034
|
+
pciDss: '6.5.5',
|
|
1035
|
+
references: [
|
|
1036
|
+
{
|
|
1037
|
+
title: 'CWE-755: Improper Handling of Exceptional Conditions',
|
|
1038
|
+
url: 'https://cwe.mitre.org/data/definitions/755.html',
|
|
1039
|
+
},
|
|
1040
|
+
{
|
|
1041
|
+
title: 'OWASP A10:2025 - Mishandling of Exceptional Conditions',
|
|
1042
|
+
url: 'https://owasp.org/Top10/2025/',
|
|
1043
|
+
},
|
|
1044
|
+
],
|
|
1045
|
+
},
|
|
1046
|
+
'error-details-exposed': {
|
|
1047
|
+
owasp: 'A10:2025',
|
|
1048
|
+
cwe: 'CWE-209',
|
|
1049
|
+
pciDss: '6.5.5',
|
|
1050
|
+
references: [
|
|
1051
|
+
{
|
|
1052
|
+
title: 'CWE-209: Generation of Error Message Containing Sensitive Information',
|
|
1053
|
+
url: 'https://cwe.mitre.org/data/definitions/209.html',
|
|
1054
|
+
},
|
|
1055
|
+
{
|
|
1056
|
+
title: 'OWASP A10:2025 - Mishandling of Exceptional Conditions',
|
|
1057
|
+
url: 'https://owasp.org/Top10/2025/',
|
|
1058
|
+
},
|
|
1059
|
+
],
|
|
1060
|
+
},
|
|
1061
|
+
// Python A03:2025 - Supply Chain Failures (5 new mappings)
|
|
1062
|
+
'dynamic-import-no-validation': {
|
|
1063
|
+
owasp: 'A03:2025',
|
|
1064
|
+
cwe: 'CWE-494',
|
|
1065
|
+
pciDss: '6.5.3',
|
|
1066
|
+
references: [
|
|
1067
|
+
{
|
|
1068
|
+
title: 'CWE-494: Download of Code Without Integrity Check',
|
|
1069
|
+
url: 'https://cwe.mitre.org/data/definitions/494.html',
|
|
1070
|
+
},
|
|
1071
|
+
{
|
|
1072
|
+
title: 'OWASP A03:2025 - Software Supply Chain Failures',
|
|
1073
|
+
url: 'https://owasp.org/Top10/2025/',
|
|
1074
|
+
},
|
|
1075
|
+
],
|
|
1076
|
+
},
|
|
1077
|
+
'runtime-package-installation': {
|
|
1078
|
+
owasp: 'A03:2025',
|
|
1079
|
+
cwe: 'CWE-494',
|
|
1080
|
+
pciDss: '6.5.3',
|
|
1081
|
+
references: [
|
|
1082
|
+
{
|
|
1083
|
+
title: 'CWE-494: Download of Code Without Integrity Check',
|
|
1084
|
+
url: 'https://cwe.mitre.org/data/definitions/494.html',
|
|
1085
|
+
},
|
|
1086
|
+
{
|
|
1087
|
+
title: 'OWASP A03:2025 - Software Supply Chain Failures',
|
|
1088
|
+
url: 'https://owasp.org/Top10/2025/',
|
|
1089
|
+
},
|
|
1090
|
+
],
|
|
1091
|
+
},
|
|
1092
|
+
'suspicious-package-pattern': {
|
|
1093
|
+
owasp: 'A03:2025',
|
|
1094
|
+
cwe: 'CWE-1357',
|
|
1095
|
+
pciDss: '6.5.3',
|
|
1096
|
+
references: [
|
|
1097
|
+
{
|
|
1098
|
+
title: 'CWE-1357: Reliance on Insufficiently Trustworthy Component',
|
|
1099
|
+
url: 'https://cwe.mitre.org/data/definitions/1357.html',
|
|
1100
|
+
},
|
|
1101
|
+
{
|
|
1102
|
+
title: 'OWASP A03:2025 - Software Supply Chain Failures',
|
|
1103
|
+
url: 'https://owasp.org/Top10/2025/',
|
|
1104
|
+
},
|
|
1105
|
+
],
|
|
1106
|
+
},
|
|
1107
|
+
'untrusted-package-source': {
|
|
1108
|
+
owasp: 'A03:2025',
|
|
1109
|
+
cwe: 'CWE-494',
|
|
1110
|
+
pciDss: '6.5.3',
|
|
1111
|
+
references: [
|
|
1112
|
+
{
|
|
1113
|
+
title: 'CWE-494: Download of Code Without Integrity Check',
|
|
1114
|
+
url: 'https://cwe.mitre.org/data/definitions/494.html',
|
|
1115
|
+
},
|
|
1116
|
+
{
|
|
1117
|
+
title: 'OWASP A03:2025 - Software Supply Chain Failures',
|
|
1118
|
+
url: 'https://owasp.org/Top10/2025/',
|
|
1119
|
+
},
|
|
1120
|
+
],
|
|
1121
|
+
},
|
|
1122
|
+
'package-typosquatting-pattern': {
|
|
1123
|
+
owasp: 'A03:2025',
|
|
1124
|
+
cwe: 'CWE-1357',
|
|
1125
|
+
pciDss: '6.5.3',
|
|
1126
|
+
references: [
|
|
1127
|
+
{
|
|
1128
|
+
title: 'CWE-1357: Reliance on Insufficiently Trustworthy Component',
|
|
1129
|
+
url: 'https://cwe.mitre.org/data/definitions/1357.html',
|
|
1130
|
+
},
|
|
1131
|
+
{
|
|
1132
|
+
title: 'OWASP A03:2025 - Software Supply Chain Failures',
|
|
1133
|
+
url: 'https://owasp.org/Top10/2025/',
|
|
1134
|
+
},
|
|
1135
|
+
],
|
|
1136
|
+
},
|
|
1137
|
+
// Python A01:2025 - Broken Access Control (DEC 24, 2025)
|
|
1138
|
+
'missing-authentication-decorator': {
|
|
1139
|
+
owasp: 'A01:2025',
|
|
1140
|
+
cwe: 'CWE-306',
|
|
1141
|
+
pciDss: '6.5.10',
|
|
1142
|
+
references: [
|
|
1143
|
+
{
|
|
1144
|
+
title: 'CWE-306: Missing Authentication for Critical Function',
|
|
1145
|
+
url: 'https://cwe.mitre.org/data/definitions/306.html',
|
|
1146
|
+
},
|
|
1147
|
+
{
|
|
1148
|
+
title: 'OWASP A01:2025 - Broken Access Control',
|
|
1149
|
+
url: 'https://owasp.org/Top10/2025/',
|
|
1150
|
+
},
|
|
1151
|
+
],
|
|
1152
|
+
},
|
|
1153
|
+
'insecure-direct-object-reference': {
|
|
1154
|
+
owasp: 'A01:2025',
|
|
1155
|
+
cwe: 'CWE-639',
|
|
1156
|
+
pciDss: '6.5.10',
|
|
1157
|
+
references: [
|
|
1158
|
+
{
|
|
1159
|
+
title: 'CWE-639: Authorization Bypass Through User-Controlled Key',
|
|
1160
|
+
url: 'https://cwe.mitre.org/data/definitions/639.html',
|
|
1161
|
+
},
|
|
1162
|
+
{
|
|
1163
|
+
title: 'OWASP A01:2025 - Broken Access Control',
|
|
1164
|
+
url: 'https://owasp.org/Top10/2025/',
|
|
1165
|
+
},
|
|
1166
|
+
],
|
|
1167
|
+
},
|
|
1168
|
+
// Python A04:2025 - Cryptographic Failures (DEC 24, 2025)
|
|
1169
|
+
'weak-crypto-algorithm': {
|
|
1170
|
+
owasp: 'A04:2025',
|
|
1171
|
+
cwe: 'CWE-327',
|
|
1172
|
+
pciDss: '6.5.3',
|
|
1173
|
+
references: [
|
|
1174
|
+
{
|
|
1175
|
+
title: 'CWE-327: Use of a Broken or Risky Cryptographic Algorithm',
|
|
1176
|
+
url: 'https://cwe.mitre.org/data/definitions/327.html',
|
|
1177
|
+
},
|
|
1178
|
+
{
|
|
1179
|
+
title: 'OWASP A04:2025 - Cryptographic Failures',
|
|
1180
|
+
url: 'https://owasp.org/Top10/2025/',
|
|
1181
|
+
},
|
|
1182
|
+
],
|
|
1183
|
+
},
|
|
1184
|
+
'insecure-random': {
|
|
1185
|
+
owasp: 'A04:2025',
|
|
1186
|
+
cwe: 'CWE-338',
|
|
1187
|
+
pciDss: '6.5.3',
|
|
1188
|
+
references: [
|
|
1189
|
+
{
|
|
1190
|
+
title: 'CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator',
|
|
1191
|
+
url: 'https://cwe.mitre.org/data/definitions/338.html',
|
|
1192
|
+
},
|
|
1193
|
+
{
|
|
1194
|
+
title: 'OWASP A04:2025 - Cryptographic Failures',
|
|
1195
|
+
url: 'https://owasp.org/Top10/2025/',
|
|
1196
|
+
},
|
|
1197
|
+
],
|
|
1198
|
+
},
|
|
1199
|
+
// Python A06:2025 - Insecure Design (DEC 24, 2025)
|
|
1200
|
+
'missing-rate-limiting': {
|
|
1201
|
+
owasp: 'A06:2025',
|
|
1202
|
+
cwe: 'CWE-307',
|
|
1203
|
+
pciDss: '6.5.10',
|
|
1204
|
+
references: [
|
|
1205
|
+
{
|
|
1206
|
+
title: 'CWE-307: Improper Restriction of Excessive Authentication Attempts',
|
|
1207
|
+
url: 'https://cwe.mitre.org/data/definitions/307.html',
|
|
1208
|
+
},
|
|
1209
|
+
{
|
|
1210
|
+
title: 'OWASP A06:2025 - Insecure Design',
|
|
1211
|
+
url: 'https://owasp.org/Top10/2025/',
|
|
1212
|
+
},
|
|
1213
|
+
],
|
|
1214
|
+
},
|
|
1215
|
+
'mass-assignment': {
|
|
1216
|
+
owasp: 'A06:2025',
|
|
1217
|
+
cwe: 'CWE-915',
|
|
1218
|
+
pciDss: '6.5.10',
|
|
1219
|
+
references: [
|
|
1220
|
+
{
|
|
1221
|
+
title: 'CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes',
|
|
1222
|
+
url: 'https://cwe.mitre.org/data/definitions/915.html',
|
|
1223
|
+
},
|
|
1224
|
+
{
|
|
1225
|
+
title: 'OWASP A06:2025 - Insecure Design',
|
|
1226
|
+
url: 'https://owasp.org/Top10/2025/',
|
|
1227
|
+
},
|
|
1228
|
+
],
|
|
1229
|
+
},
|
|
1230
|
+
// Python A09:2025 - Logging Failures (DEC 24, 2025)
|
|
1231
|
+
'sensitive-data-logging': {
|
|
1232
|
+
owasp: 'A09:2025',
|
|
1233
|
+
cwe: 'CWE-532',
|
|
1234
|
+
pciDss: '10.3.1',
|
|
1235
|
+
references: [
|
|
1236
|
+
{
|
|
1237
|
+
title: 'CWE-532: Insertion of Sensitive Information into Log File',
|
|
1238
|
+
url: 'https://cwe.mitre.org/data/definitions/532.html',
|
|
1239
|
+
},
|
|
1240
|
+
{
|
|
1241
|
+
title: 'OWASP A09:2025 - Security Logging and Monitoring Failures',
|
|
1242
|
+
url: 'https://owasp.org/Top10/2025/',
|
|
1243
|
+
},
|
|
1244
|
+
],
|
|
1245
|
+
},
|
|
1246
|
+
// Python A08:2025 - Software and Data Integrity Failures (DEC 24, 2025)
|
|
1247
|
+
'insecure-deserialization': {
|
|
1248
|
+
owasp: 'A08:2025',
|
|
1249
|
+
cwe: 'CWE-502',
|
|
1250
|
+
pciDss: '6.5.8',
|
|
1251
|
+
references: [
|
|
1252
|
+
{
|
|
1253
|
+
title: 'CWE-502: Deserialization of Untrusted Data',
|
|
1254
|
+
url: 'https://cwe.mitre.org/data/definitions/502.html',
|
|
1255
|
+
},
|
|
1256
|
+
{
|
|
1257
|
+
title: 'OWASP A08:2025 - Software and Data Integrity Failures',
|
|
1258
|
+
url: 'https://owasp.org/Top10/2025/',
|
|
1259
|
+
},
|
|
1260
|
+
],
|
|
1261
|
+
},
|
|
1262
|
+
// AI-Generated Code Detection (Phase 1.5 Week 5-7)
|
|
1263
|
+
'ai-generated-code-high': {
|
|
1264
|
+
owasp: 'A04:2025 - Insecure Design',
|
|
1265
|
+
cwe: 'CWE-1120, CWE-758',
|
|
1266
|
+
pciDss: '6.5',
|
|
1267
|
+
references: [
|
|
1268
|
+
{
|
|
1269
|
+
title: 'OWASP Insecure Design',
|
|
1270
|
+
url: 'https://owasp.org/Top10/A04_2021-Insecure_Design/',
|
|
1271
|
+
},
|
|
1272
|
+
{
|
|
1273
|
+
title: 'CWE-1120: Excessive Code Complexity',
|
|
1274
|
+
url: 'https://cwe.mitre.org/data/definitions/1120.html',
|
|
1275
|
+
},
|
|
1276
|
+
{
|
|
1277
|
+
title: 'CWE-758: Reliance on Undefined Behavior',
|
|
1278
|
+
url: 'https://cwe.mitre.org/data/definitions/758.html',
|
|
1279
|
+
},
|
|
1280
|
+
],
|
|
1281
|
+
},
|
|
1282
|
+
'ai-generated-code-medium': {
|
|
1283
|
+
owasp: 'A04:2025 - Insecure Design',
|
|
1284
|
+
cwe: 'CWE-1120, CWE-758',
|
|
1285
|
+
pciDss: '6.5',
|
|
1286
|
+
references: [
|
|
1287
|
+
{
|
|
1288
|
+
title: 'OWASP Insecure Design',
|
|
1289
|
+
url: 'https://owasp.org/Top10/A04_2021-Insecure_Design/',
|
|
1290
|
+
},
|
|
1291
|
+
{
|
|
1292
|
+
title: 'CWE-1120: Excessive Code Complexity',
|
|
1293
|
+
url: 'https://cwe.mitre.org/data/definitions/1120.html',
|
|
1294
|
+
},
|
|
1295
|
+
{
|
|
1296
|
+
title: 'CWE-758: Reliance on Undefined Behavior',
|
|
1297
|
+
url: 'https://cwe.mitre.org/data/definitions/758.html',
|
|
1298
|
+
},
|
|
1299
|
+
],
|
|
1300
|
+
},
|
|
1301
|
+
'ai-generated-code-low': {
|
|
1302
|
+
owasp: 'A04:2025 - Insecure Design',
|
|
1303
|
+
cwe: 'CWE-1120',
|
|
1304
|
+
pciDss: '6.5',
|
|
1305
|
+
references: [
|
|
1306
|
+
{
|
|
1307
|
+
title: 'OWASP Insecure Design',
|
|
1308
|
+
url: 'https://owasp.org/Top10/A04_2021-Insecure_Design/',
|
|
1309
|
+
},
|
|
1310
|
+
{
|
|
1311
|
+
title: 'CWE-1120: Excessive Code Complexity',
|
|
1312
|
+
url: 'https://cwe.mitre.org/data/definitions/1120.html',
|
|
1313
|
+
},
|
|
1314
|
+
],
|
|
1315
|
+
},
|
|
1316
|
+
};
|
|
1317
|
+
// Default mapping if not found
|
|
1318
|
+
return mappings[vulnerabilityType] || {
|
|
1319
|
+
owasp: 'N/A',
|
|
1320
|
+
cwe: 'N/A',
|
|
1321
|
+
references: [],
|
|
1322
|
+
};
|
|
1323
|
+
}
|
|
1324
|
+
/**
|
|
1325
|
+
* Get all OWASP Top 10 2021 & 2025 categories covered
|
|
1326
|
+
*/
|
|
1327
|
+
function getOwaspCoverage() {
|
|
1328
|
+
return [
|
|
1329
|
+
// OWASP Top 10 2021
|
|
1330
|
+
{ category: 'A01:2025 - Broken Access Control', count: 3 },
|
|
1331
|
+
{ category: 'A02:2025 - Cryptographic Failures', count: 5 },
|
|
1332
|
+
{ category: 'A03:2025 - Injection', count: 10 },
|
|
1333
|
+
{ category: 'A05:2025 - Security Misconfiguration', count: 1 },
|
|
1334
|
+
{ category: 'A07:2025 - Identification and Authentication Failures', count: 1 },
|
|
1335
|
+
{ category: 'A08:2025 - Software and Data Integrity Failures', count: 4 },
|
|
1336
|
+
{ category: 'A09:2025 - Security Logging and Monitoring Failures', count: 6 },
|
|
1337
|
+
// OWASP Top 10 2025 (NEW)
|
|
1338
|
+
{ category: 'A03:2025 - Software Supply Chain Failures', count: 5 },
|
|
1339
|
+
{ category: 'A10:2025 - Mishandling of Exceptional Conditions', count: 7 },
|
|
1340
|
+
];
|
|
1341
|
+
}
|
|
1342
|
+
//# sourceMappingURL=compliance-mapping.js.map
|