dd-trace 4.11.1 → 4.16.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (78) hide show
  1. package/LICENSE-3rdparty.csv +1 -0
  2. package/README.md +4 -9
  3. package/ext/tags.d.ts +1 -0
  4. package/ext/tags.js +1 -0
  5. package/index.d.ts +44 -0
  6. package/package.json +9 -6
  7. package/packages/datadog-esbuild/index.js +57 -32
  8. package/packages/datadog-instrumentations/src/body-parser.js +2 -2
  9. package/packages/datadog-instrumentations/src/cookie-parser.js +37 -0
  10. package/packages/datadog-instrumentations/src/cucumber.js +30 -11
  11. package/packages/datadog-instrumentations/src/express.js +1 -1
  12. package/packages/datadog-instrumentations/src/graphql.js +10 -4
  13. package/packages/datadog-instrumentations/src/helpers/hooks.js +3 -0
  14. package/packages/datadog-instrumentations/src/http/server.js +1 -1
  15. package/packages/datadog-instrumentations/src/jest.js +22 -11
  16. package/packages/datadog-instrumentations/src/kafkajs.js +3 -4
  17. package/packages/datadog-instrumentations/src/mocha.js +33 -8
  18. package/packages/datadog-instrumentations/src/mysql.js +39 -1
  19. package/packages/datadog-instrumentations/src/next.js +47 -19
  20. package/packages/datadog-instrumentations/src/openai.js +1 -1
  21. package/packages/datadog-instrumentations/src/pg.js +60 -15
  22. package/packages/datadog-instrumentations/src/playwright.js +15 -3
  23. package/packages/datadog-plugin-cucumber/src/index.js +14 -2
  24. package/packages/datadog-plugin-cypress/src/plugin.js +49 -13
  25. package/packages/datadog-plugin-graphql/src/index.js +3 -3
  26. package/packages/datadog-plugin-graphql/src/resolve.js +27 -2
  27. package/packages/datadog-plugin-jest/src/index.js +10 -2
  28. package/packages/datadog-plugin-jest/src/util.js +10 -4
  29. package/packages/datadog-plugin-mocha/src/index.js +14 -2
  30. package/packages/datadog-plugin-mongodb-core/src/index.js +6 -2
  31. package/packages/datadog-plugin-mysql/src/index.js +2 -2
  32. package/packages/datadog-plugin-next/src/index.js +22 -5
  33. package/packages/datadog-plugin-pg/src/index.js +2 -2
  34. package/packages/dd-trace/src/appsec/addresses.js +1 -0
  35. package/packages/dd-trace/src/appsec/channels.js +2 -0
  36. package/packages/dd-trace/src/appsec/iast/analyzers/ldap-injection-analyzer.js +7 -0
  37. package/packages/dd-trace/src/appsec/iast/analyzers/sql-injection-analyzer.js +29 -18
  38. package/packages/dd-trace/src/appsec/iast/analyzers/vulnerability-analyzer.js +19 -1
  39. package/packages/dd-trace/src/appsec/iast/path-line.js +1 -0
  40. package/packages/dd-trace/src/appsec/iast/taint-tracking/operations.js +1 -1
  41. package/packages/dd-trace/src/appsec/iast/taint-tracking/rewriter.js +48 -5
  42. package/packages/dd-trace/src/appsec/iast/telemetry/index.js +14 -5
  43. package/packages/dd-trace/src/appsec/iast/vulnerabilities-formatter/evidence-redaction/sensitive-handler.js +131 -10
  44. package/packages/dd-trace/src/appsec/iast/vulnerabilities-formatter/index.js +0 -1
  45. package/packages/dd-trace/src/appsec/index.js +42 -7
  46. package/packages/dd-trace/src/appsec/recommended.json +655 -31
  47. package/packages/dd-trace/src/appsec/remote_config/capabilities.js +2 -1
  48. package/packages/dd-trace/src/appsec/remote_config/index.js +2 -0
  49. package/packages/dd-trace/src/appsec/reporter.js +26 -0
  50. package/packages/dd-trace/src/appsec/telemetry.js +132 -0
  51. package/packages/dd-trace/src/appsec/waf/index.js +1 -1
  52. package/packages/dd-trace/src/appsec/waf/waf_context_wrapper.js +13 -5
  53. package/packages/dd-trace/src/appsec/waf/waf_manager.js +12 -14
  54. package/packages/dd-trace/src/ci-visibility/intelligent-test-runner/get-itr-configuration.js +1 -14
  55. package/packages/dd-trace/src/ci-visibility/intelligent-test-runner/get-skippable-suites.js +1 -13
  56. package/packages/dd-trace/src/datastreams/processor.js +6 -2
  57. package/packages/dd-trace/src/dogstatsd.js +108 -8
  58. package/packages/dd-trace/src/exporters/agent/writer.js +9 -9
  59. package/packages/dd-trace/src/exporters/common/request.js +13 -4
  60. package/packages/dd-trace/src/format.js +6 -1
  61. package/packages/dd-trace/src/opentracing/propagation/text_map.js +2 -2
  62. package/packages/dd-trace/src/opentracing/span.js +13 -13
  63. package/packages/dd-trace/src/opentracing/tracer.js +3 -5
  64. package/packages/dd-trace/src/plugin_manager.js +1 -2
  65. package/packages/dd-trace/src/plugins/ci_plugin.js +22 -1
  66. package/packages/dd-trace/src/plugins/database.js +14 -4
  67. package/packages/dd-trace/src/plugins/index.js +1 -0
  68. package/packages/dd-trace/src/plugins/outbound.js +4 -3
  69. package/packages/dd-trace/src/plugins/tracing.js +1 -1
  70. package/packages/dd-trace/src/plugins/util/test.js +20 -3
  71. package/packages/dd-trace/src/profiling/config.js +3 -1
  72. package/packages/dd-trace/src/profiling/profilers/wall.js +31 -7
  73. package/packages/dd-trace/src/proxy.js +13 -2
  74. package/packages/dd-trace/src/ritm.js +10 -2
  75. package/packages/dd-trace/src/{metrics.js → runtime_metrics.js} +1 -32
  76. package/packages/dd-trace/src/telemetry/dependencies.js +15 -0
  77. package/packages/dd-trace/src/telemetry/index.js +21 -2
  78. package/packages/dd-trace/src/util.js +1 -1
package/packages/dd-trace/src/appsec/recommended.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "version": "2.2",
3
3
  "metadata": {
4
- "rules_version": "1.7.1"
4
+ "rules_version": "1.8.0"
5
5
  },
6
6
  "rules": [
7
7
  {
@@ -62,6 +62,8 @@
62
62
  "crs_id": "913110",
63
63
  "category": "attack_attempt",
64
64
  "tool_name": "Acunetix",
65
+ "cwe": "200",
66
+ "capec": "1000/118/169",
65
67
  "confidence": "0"
66
68
  },
67
69
  "conditions": [
@@ -94,6 +96,8 @@
94
96
  "type": "security_scanner",
95
97
  "crs_id": "913120",
96
98
  "category": "attack_attempt",
99
+ "cwe": "200",
100
+ "capec": "1000/118/169",
97
101
  "confidence": "1"
98
102
  },
99
103
  "conditions": [
@@ -108,6 +112,12 @@
108
112
  },
109
113
  {
110
114
  "address": "server.request.path_params"
115
+ },
116
+ {
117
+ "address": "grpc.server.request.message"
118
+ },
119
+ {
120
+ "address": "graphql.server.all_resolvers"
111
121
  }
112
122
  ],
113
123
  "list": [
@@ -144,6 +154,8 @@
144
154
  "type": "http_protocol_violation",
145
155
  "crs_id": "920260",
146
156
  "category": "attack_attempt",
157
+ "cwe": "176",
158
+ "capec": "1000/255/153/267/71",
147
159
  "confidence": "0"
148
160
  },
149
161
  "conditions": [
@@ -171,7 +183,9 @@
171
183
  "tags": {
172
184
  "type": "http_protocol_violation",
173
185
  "crs_id": "921110",
174
- "category": "attack_attempt"
186
+ "category": "attack_attempt",
187
+ "cwe": "444",
188
+ "capec": "1000/210/272/220/33"
175
189
  },
176
190
  "conditions": [
177
191
  {
@@ -206,7 +220,9 @@
206
220
  "tags": {
207
221
  "type": "http_protocol_violation",
208
222
  "crs_id": "921160",
209
- "category": "attack_attempt"
223
+ "category": "attack_attempt",
224
+ "cwe": "113",
225
+ "capec": "1000/210/272/220/105"
210
226
  },
211
227
  "conditions": [
212
228
  {
@@ -239,6 +255,8 @@
239
255
  "type": "lfi",
240
256
  "crs_id": "930100",
241
257
  "category": "attack_attempt",
258
+ "cwe": "22",
259
+ "capec": "1000/255/153/126",
242
260
  "confidence": "1"
243
261
  },
244
262
  "conditions": [
@@ -271,6 +289,8 @@
271
289
  "type": "lfi",
272
290
  "crs_id": "930110",
273
291
  "category": "attack_attempt",
292
+ "cwe": "22",
293
+ "capec": "1000/255/153/126",
274
294
  "confidence": "1"
275
295
  },
276
296
  "conditions": [
@@ -304,6 +324,8 @@
304
324
  "type": "lfi",
305
325
  "crs_id": "930120",
306
326
  "category": "attack_attempt",
327
+ "cwe": "22",
328
+ "capec": "1000/255/153/126",
307
329
  "confidence": "1"
308
330
  },
309
331
  "conditions": [
@@ -321,6 +343,9 @@
321
343
  },
322
344
  {
323
345
  "address": "grpc.server.request.message"
346
+ },
347
+ {
348
+ "address": "graphql.server.all_resolvers"
324
349
  }
325
350
  ],
326
351
  "list": [
@@ -1743,7 +1768,10 @@
1743
1768
  "sys/hypervisor",
1744
1769
  "sys/kernel",
1745
1770
  "sys/module",
1746
- "sys/power"
1771
+ "sys/power",
1772
+ "windows\\win.ini",
1773
+ "default\\ntuser.dat",
1774
+ "/var/run/secrets/kubernetes.io/serviceaccount"
1747
1775
  ]
1748
1776
  },
1749
1777
  "operator": "phrase_match"
@@ -1761,6 +1789,8 @@
1761
1789
  "type": "rfi",
1762
1790
  "crs_id": "931110",
1763
1791
  "category": "attack_attempt",
1792
+ "cwe": "98",
1793
+ "capec": "1000/152/175/253/193",
1764
1794
  "confidence": "1"
1765
1795
  },
1766
1796
  "conditions": [
@@ -1787,7 +1817,9 @@
1787
1817
  "tags": {
1788
1818
  "type": "rfi",
1789
1819
  "crs_id": "931120",
1790
- "category": "attack_attempt"
1820
+ "category": "attack_attempt",
1821
+ "cwe": "98",
1822
+ "capec": "1000/152/175/253/193"
1791
1823
  },
1792
1824
  "conditions": [
1793
1825
  {
@@ -1801,6 +1833,12 @@
1801
1833
  },
1802
1834
  {
1803
1835
  "address": "server.request.path_params"
1836
+ },
1837
+ {
1838
+ "address": "grpc.server.request.message"
1839
+ },
1840
+ {
1841
+ "address": "graphql.server.all_resolvers"
1804
1842
  }
1805
1843
  ],
1806
1844
  "regex": "^(?i:file|ftps?)://.*?\\?+$",
@@ -1821,6 +1859,8 @@
1821
1859
  "type": "command_injection",
1822
1860
  "crs_id": "932160",
1823
1861
  "category": "attack_attempt",
1862
+ "cwe": "77",
1863
+ "capec": "1000/152/248/88",
1824
1864
  "confidence": "1"
1825
1865
  },
1826
1866
  "conditions": [
@@ -1838,6 +1878,9 @@
1838
1878
  },
1839
1879
  {
1840
1880
  "address": "grpc.server.request.message"
1881
+ },
1882
+ {
1883
+ "address": "graphql.server.all_resolvers"
1841
1884
  }
1842
1885
  ],
1843
1886
  "list": [
@@ -2312,7 +2355,8 @@
2312
2355
  }
2313
2356
  ],
2314
2357
  "transformers": [
2315
- "lowercase"
2358
+ "lowercase",
2359
+ "cmdLine"
2316
2360
  ]
2317
2361
  },
2318
2362
  {
@@ -2322,6 +2366,8 @@
2322
2366
  "type": "command_injection",
2323
2367
  "crs_id": "932171",
2324
2368
  "category": "attack_attempt",
2369
+ "cwe": "77",
2370
+ "capec": "1000/152/248/88",
2325
2371
  "confidence": "1"
2326
2372
  },
2327
2373
  "conditions": [
@@ -2342,6 +2388,9 @@
2342
2388
  },
2343
2389
  {
2344
2390
  "address": "grpc.server.request.message"
2391
+ },
2392
+ {
2393
+ "address": "graphql.server.all_resolvers"
2345
2394
  }
2346
2395
  ],
2347
2396
  "regex": "^\\(\\s*\\)\\s+{",
@@ -2362,6 +2411,8 @@
2362
2411
  "type": "command_injection",
2363
2412
  "crs_id": "932180",
2364
2413
  "category": "attack_attempt",
2414
+ "cwe": "706",
2415
+ "capec": "1000/225/122/17/177",
2365
2416
  "confidence": "1"
2366
2417
  },
2367
2418
  "conditions": [
@@ -2421,6 +2472,8 @@
2421
2472
  "type": "unrestricted_file_upload",
2422
2473
  "crs_id": "933111",
2423
2474
  "category": "attack_attempt",
2475
+ "cwe": "434",
2476
+ "capec": "1000/225/122/17/650",
2424
2477
  "confidence": "1"
2425
2478
  },
2426
2479
  "conditions": [
@@ -2472,6 +2525,8 @@
2472
2525
  "type": "php_code_injection",
2473
2526
  "crs_id": "933130",
2474
2527
  "category": "attack_attempt",
2528
+ "cwe": "94",
2529
+ "capec": "1000/225/122/17/650",
2475
2530
  "confidence": "1"
2476
2531
  },
2477
2532
  "conditions": [
@@ -2489,6 +2544,9 @@
2489
2544
  },
2490
2545
  {
2491
2546
  "address": "grpc.server.request.message"
2547
+ },
2548
+ {
2549
+ "address": "graphql.server.all_resolvers"
2492
2550
  }
2493
2551
  ],
2494
2552
  "list": [
@@ -2528,7 +2586,9 @@
2528
2586
  "tags": {
2529
2587
  "type": "php_code_injection",
2530
2588
  "crs_id": "933131",
2531
- "category": "attack_attempt"
2589
+ "category": "attack_attempt",
2590
+ "cwe": "94",
2591
+ "capec": "1000/225/122/17/650"
2532
2592
  },
2533
2593
  "conditions": [
2534
2594
  {
@@ -2545,6 +2605,9 @@
2545
2605
  },
2546
2606
  {
2547
2607
  "address": "grpc.server.request.message"
2608
+ },
2609
+ {
2610
+ "address": "graphql.server.all_resolvers"
2548
2611
  }
2549
2612
  ],
2550
2613
  "regex": "(?:HTTP_(?:ACCEPT(?:_(?:ENCODING|LANGUAGE|CHARSET))?|(?:X_FORWARDED_FO|REFERE)R|(?:USER_AGEN|HOS)T|CONNECTION|KEEP_ALIVE)|PATH_(?:TRANSLATED|INFO)|ORIG_PATH_INFO|QUERY_STRING|REQUEST_URI|AUTH_TYPE)",
@@ -2565,6 +2628,8 @@
2565
2628
  "type": "php_code_injection",
2566
2629
  "crs_id": "933140",
2567
2630
  "category": "attack_attempt",
2631
+ "cwe": "94",
2632
+ "capec": "1000/225/122/17/650",
2568
2633
  "confidence": "1"
2569
2634
  },
2570
2635
  "conditions": [
@@ -2582,6 +2647,9 @@
2582
2647
  },
2583
2648
  {
2584
2649
  "address": "grpc.server.request.message"
2650
+ },
2651
+ {
2652
+ "address": "graphql.server.all_resolvers"
2585
2653
  }
2586
2654
  ],
2587
2655
  "regex": "php://(?:std(?:in|out|err)|(?:in|out)put|fd|memory|temp|filter)",
@@ -2601,6 +2669,8 @@
2601
2669
  "type": "php_code_injection",
2602
2670
  "crs_id": "933150",
2603
2671
  "category": "attack_attempt",
2672
+ "cwe": "94",
2673
+ "capec": "1000/225/122/17/650",
2604
2674
  "confidence": "1"
2605
2675
  },
2606
2676
  "conditions": [
@@ -2618,6 +2688,9 @@
2618
2688
  },
2619
2689
  {
2620
2690
  "address": "grpc.server.request.message"
2691
+ },
2692
+ {
2693
+ "address": "graphql.server.all_resolvers"
2621
2694
  }
2622
2695
  ],
2623
2696
  "list": [
@@ -2680,7 +2753,9 @@
2680
2753
  "tags": {
2681
2754
  "type": "php_code_injection",
2682
2755
  "crs_id": "933160",
2683
- "category": "attack_attempt"
2756
+ "category": "attack_attempt",
2757
+ "cwe": "94",
2758
+ "capec": "1000/225/122/17/650"
2684
2759
  },
2685
2760
  "conditions": [
2686
2761
  {
@@ -2697,6 +2772,9 @@
2697
2772
  },
2698
2773
  {
2699
2774
  "address": "grpc.server.request.message"
2775
+ },
2776
+ {
2777
+ "address": "graphql.server.all_resolvers"
2700
2778
  }
2701
2779
  ],
2702
2780
  "regex": "\\b(?:s(?:e(?:t(?:_(?:e(?:xception|rror)_handler|magic_quotes_runtime|include_path)|defaultstub)|ssion_s(?:et_save_handler|tart))|qlite_(?:(?:(?:unbuffered|single|array)_)?query|create_(?:aggregate|function)|p?open|exec)|tr(?:eam_(?:context_create|socket_client)|ipc?slashes|rev)|implexml_load_(?:string|file)|ocket_c(?:onnect|reate)|h(?:ow_sourc|a1_fil)e|pl_autoload_register|ystem)|p(?:r(?:eg_(?:replace(?:_callback(?:_array)?)?|match(?:_all)?|split)|oc_(?:(?:terminat|clos|nic)e|get_status|open)|int_r)|o(?:six_(?:get(?:(?:e[gu]|g)id|login|pwnam)|mk(?:fifo|nod)|ttyname|kill)|pen)|hp(?:_(?:strip_whitespac|unam)e|version|info)|g_(?:(?:execut|prepar)e|connect|query)|a(?:rse_(?:ini_file|str)|ssthru)|utenv)|r(?:unkit_(?:function_(?:re(?:defin|nam)e|copy|add)|method_(?:re(?:defin|nam)e|copy|add)|constant_(?:redefine|add))|e(?:(?:gister_(?:shutdown|tick)|name)_function|ad(?:(?:gz)?file|_exif_data|dir))|awurl(?:de|en)code)|i(?:mage(?:createfrom(?:(?:jpe|pn)g|x[bp]m|wbmp|gif)|(?:jpe|pn)g|g(?:d2?|if)|2?wbmp|xbm)|s_(?:(?:(?:execut|write?|read)ab|fi)le|dir)|ni_(?:get(?:_all)?|set)|terator_apply|ptcembed)|g(?:et(?:_(?:c(?:urrent_use|fg_va)r|meta_tags)|my(?:[gpu]id|inode)|(?:lastmo|cw)d|imagesize|env)|z(?:(?:(?:defla|wri)t|encod|fil)e|compress|open|read)|lob)|a(?:rray_(?:u(?:intersect(?:_u?assoc)?|diff(?:_u?assoc)?)|intersect_u(?:assoc|key)|diff_u(?:assoc|key)|filter|reduce|map)|ssert(?:_options)?|tob)|h(?:tml(?:specialchars(?:_decode)?|_entity_decode|entities)|(?:ash(?:_(?:update|hmac))?|ighlight)_file|e(?:ader_register_callback|x2bin))|f(?:i(?:le(?:(?:[acm]tim|inod)e|(?:_exist|perm)s|group)?|nfo_open)|tp_(?:nb_(?:ge|pu)|connec|ge|pu)t|(?:unction_exis|pu)ts|write|open)|o(?:b_(?:get_(?:c(?:ontents|lean)|flush)|end_(?:clean|flush)|clean|flush|start)|dbc_(?:result(?:_all)?|exec(?:ute)?|connect)|pendir)|m(?:b_(?:ereg(?:_(?:replace(?:_callback)?|match)|i(?:_replace)?)?|parse_str)|(?:ove_uploaded|d5)_file|ethod_exists|ysql_query|kdir)|e(?:x(?:if_(?:t(?:humbnail|agname)|imagetype|read_data)|ec)|scapeshell(?:arg|cmd)|rror_reporting|val)|c(?:url_(?:file_create|exec|init)|onvert_uuencode|reate_function|hr)|u(?:n(?:serialize|pack)|rl(?:de|en)code|[ak]?sort)|b(?:(?:son_(?:de|en)|ase64_en)code|zopen|toa)|(?:json_(?:de|en)cod|debug_backtrac|tmpfil)e|var_dump)(?:\\s|/\\*.*\\*/|//.*|#.*|\\\"|')*\\((?:(?:\\s|/\\*.*\\*/|//.*|#.*)*(?:\\$\\w+|[A-Z\\d]\\w*|\\w+\\(.*\\)|\\\\?\"(?:[^\"]|\\\\\"|\"\"|\"\\+\")*\\\\?\"|\\\\?'(?:[^']|''|'\\+')*\\\\?')(?:\\s|/\\*.*\\*/|//.*|#.*)*(?:(?:::|\\.|->)(?:\\s|/\\*.*\\*/|//.*|#.*)*\\w+(?:\\(.*\\))?)?,)*(?:(?:\\s|/\\*.*\\*/|//.*|#.*)*(?:\\$\\w+|[A-Z\\d]\\w*|\\w+\\(.*\\)|\\\\?\"(?:[^\"]|\\\\\"|\"\"|\"\\+\")*\\\\?\"|\\\\?'(?:[^']|''|'\\+')*\\\\?')(?:\\s|/\\*.*\\*/|//.*|#.*)*(?:(?:::|\\.|->)(?:\\s|/\\*.*\\*/|//.*|#.*)*\\w+(?:\\(.*\\))?)?)?\\)",
@@ -2717,6 +2795,8 @@
2717
2795
  "type": "php_code_injection",
2718
2796
  "crs_id": "933170",
2719
2797
  "category": "attack_attempt",
2798
+ "cwe": "502",
2799
+ "capec": "1000/152/586",
2720
2800
  "confidence": "1"
2721
2801
  },
2722
2802
  "conditions": [
@@ -2737,6 +2817,9 @@
2737
2817
  },
2738
2818
  {
2739
2819
  "address": "grpc.server.request.message"
2820
+ },
2821
+ {
2822
+ "address": "graphql.server.all_resolvers"
2740
2823
  }
2741
2824
  ],
2742
2825
  "regex": "[oOcC]:\\d+:\\\".+?\\\":\\d+:{[\\W\\w]*}",
@@ -2756,7 +2839,9 @@
2756
2839
  "tags": {
2757
2840
  "type": "php_code_injection",
2758
2841
  "crs_id": "933200",
2759
- "category": "attack_attempt"
2842
+ "category": "attack_attempt",
2843
+ "cwe": "502",
2844
+ "capec": "1000/152/586"
2760
2845
  },
2761
2846
  "conditions": [
2762
2847
  {
@@ -2773,6 +2858,9 @@
2773
2858
  },
2774
2859
  {
2775
2860
  "address": "grpc.server.request.message"
2861
+ },
2862
+ {
2863
+ "address": "graphql.server.all_resolvers"
2776
2864
  }
2777
2865
  ],
2778
2866
  "regex": "(?:(?:bzip|ssh)2|z(?:lib|ip)|(?:ph|r)ar|expect|glob|ogg)://",
@@ -2794,7 +2882,9 @@
2794
2882
  "tags": {
2795
2883
  "type": "js_code_injection",
2796
2884
  "crs_id": "934100",
2797
- "category": "attack_attempt"
2885
+ "category": "attack_attempt",
2886
+ "cwe": "94",
2887
+ "capec": "1000/152/242"
2798
2888
  },
2799
2889
  "conditions": [
2800
2890
  {
@@ -2811,6 +2901,9 @@
2811
2901
  },
2812
2902
  {
2813
2903
  "address": "grpc.server.request.message"
2904
+ },
2905
+ {
2906
+ "address": "graphql.server.all_resolvers"
2814
2907
  }
2815
2908
  ],
2816
2909
  "regex": "\\b(?:(?:l(?:(?:utimes|chmod)(?:Sync)?|(?:stat|ink)Sync)|w(?:rite(?:(?:File|v)(?:Sync)?|Sync)|atchFile)|u(?:n(?:watchFile|linkSync)|times(?:Sync)?)|s(?:(?:ymlink|tat)Sync|pawn(?:File|Sync))|ex(?:ec(?:File(?:Sync)?|Sync)|istsSync)|a(?:ppendFile|ccess)(?:Sync)?|(?:Caveat|Inode)s|open(?:dir)?Sync|new\\s+Function|Availability|\\beval)\\s*\\(|m(?:ain(?:Module\\s*(?:\\W*\\s*(?:constructor|require)|\\[)|\\s*(?:\\W*\\s*(?:constructor|require)|\\[))|kd(?:temp(?:Sync)?|irSync)\\s*\\(|odule\\.exports\\s*=)|c(?:(?:(?:h(?:mod|own)|lose)Sync|reate(?:Write|Read)Stream|p(?:Sync)?)\\s*\\(|o(?:nstructor\\s*(?:\\W*\\s*_load|\\[)|pyFile(?:Sync)?\\s*\\())|f(?:(?:(?:s(?:(?:yncS)?|tatS)|datas(?:yncS)?)ync|ch(?:mod|own)(?:Sync)?)\\s*\\(|u(?:nction\\s*\\(\\s*\\)\\s*{|times(?:Sync)?\\s*\\())|r(?:e(?:(?:ad(?:(?:File|link|dir)?Sync|v(?:Sync)?)|nameSync)\\s*\\(|quire\\s*(?:\\W*\\s*main|\\[))|m(?:Sync)?\\s*\\()|process\\s*(?:\\W*\\s*(?:mainModule|binding)|\\[)|t(?:his\\.constructor|runcateSync\\s*\\()|_(?:\\$\\$ND_FUNC\\$\\$_|_js_function)|global\\s*(?:\\W*\\s*process|\\[)|String\\s*\\.\\s*fromCharCode|binding\\s*\\[)",
@@ -2831,7 +2924,9 @@
2831
2924
  "type": "js_code_injection",
2832
2925
  "crs_id": "934101",
2833
2926
  "category": "attack_attempt",
2834
- "confidence": "1"
2927
+ "confidence": "1",
2928
+ "cwe": "94",
2929
+ "capec": "1000/152/242"
2835
2930
  },
2836
2931
  "conditions": [
2837
2932
  {
@@ -2848,6 +2943,9 @@
2848
2943
  },
2849
2944
  {
2850
2945
  "address": "grpc.server.request.message"
2946
+ },
2947
+ {
2948
+ "address": "graphql.server.all_resolvers"
2851
2949
  }
2852
2950
  ],
2853
2951
  "regex": "\\b(?:w(?:atch|rite)|(?:spaw|ope)n|exists|close|fork|read)\\s*\\(",
@@ -2868,6 +2966,8 @@
2868
2966
  "type": "xss",
2869
2967
  "crs_id": "941110",
2870
2968
  "category": "attack_attempt",
2969
+ "cwe": "80",
2970
+ "capec": "1000/152/242/63/591",
2871
2971
  "confidence": "1"
2872
2972
  },
2873
2973
  "conditions": [
@@ -2897,6 +2997,9 @@
2897
2997
  },
2898
2998
  {
2899
2999
  "address": "grpc.server.request.message"
3000
+ },
3001
+ {
3002
+ "address": "graphql.server.all_resolvers"
2900
3003
  }
2901
3004
  ],
2902
3005
  "regex": "<script[^>]*>[\\s\\S]*?",
@@ -2919,6 +3022,8 @@
2919
3022
  "type": "xss",
2920
3023
  "crs_id": "941120",
2921
3024
  "category": "attack_attempt",
3025
+ "cwe": "83",
3026
+ "capec": "1000/152/242/63/591/243",
2922
3027
  "confidence": "1"
2923
3028
  },
2924
3029
  "conditions": [
@@ -2948,9 +3053,12 @@
2948
3053
  },
2949
3054
  {
2950
3055
  "address": "grpc.server.request.message"
3056
+ },
3057
+ {
3058
+ "address": "graphql.server.all_resolvers"
2951
3059
  }
2952
3060
  ],
2953
- "regex": "[\\s\\\"'`;\\/0-9=\\x0B\\x09\\x0C\\x3B\\x2C\\x28\\x3B]on(?:d(?:r(?:ag(?:en(?:ter|d)|leave|start|over)?|op)|urationchange|blclick)|s(?:e(?:ek(?:ing|ed)|arch|lect)|u(?:spend|bmit)|talled|croll|how)|m(?:ouse(?:(?:lea|mo)ve|o(?:ver|ut)|enter|down|up)|essage)|p(?:a(?:ge(?:hide|show)|(?:st|us)e)|lay(?:ing)?|rogress)|c(?:anplay(?:through)?|o(?:ntextmenu|py)|hange|lick|ut)|a(?:nimation(?:iteration|start|end)|(?:fterprin|bor)t)|t(?:o(?:uch(?:cancel|start|move|end)|ggle)|imeupdate)|f(?:ullscreen(?:change|error)|ocus(?:out|in)?)|(?:(?:volume|hash)chang|o(?:ff|n)lin)e|b(?:efore(?:unload|print)|lur)|load(?:ed(?:meta)?data|start)?|r(?:es(?:ize|et)|atechange)|key(?:press|down|up)|w(?:aiting|heel)|in(?:valid|put)|e(?:nded|rror)|unload)[\\s\\x0B\\x09\\x0C\\x3B\\x2C\\x28\\x3B]*?=[^=]",
3061
+ "regex": "\\bon(?:d(?:r(?:ag(?:en(?:ter|d)|leave|start|over)?|op)|urationchange|blclick)|s(?:e(?:ek(?:ing|ed)|arch|lect)|u(?:spend|bmit)|talled|croll|how)|m(?:ouse(?:(?:lea|mo)ve|o(?:ver|ut)|enter|down|up)|essage)|p(?:a(?:ge(?:hide|show)|(?:st|us)e)|lay(?:ing)?|rogress|aste|ointer(?:cancel|down|enter|leave|move|out|over|rawupdate|up))|c(?:anplay(?:through)?|o(?:ntextmenu|py)|hange|lick|ut)|a(?:nimation(?:iteration|start|end)|(?:fterprin|bor)t|uxclick|fterscriptexecute)|t(?:o(?:uch(?:cancel|start|move|end)|ggle)|imeupdate)|f(?:ullscreen(?:change|error)|ocus(?:out|in)?|inish)|(?:(?:volume|hash)chang|o(?:ff|n)lin)e|b(?:efore(?:unload|print)|lur)|load(?:ed(?:meta)?data|start|end)?|r(?:es(?:ize|et)|atechange)|key(?:press|down|up)|w(?:aiting|heel)|in(?:valid|put)|e(?:nded|rror)|unload)[\\s\\x0B\\x09\\x0C\\x3B\\x2C\\x28\\x3B]*?=[^=]",
2954
3062
  "options": {
2955
3063
  "min_length": 8
2956
3064
  }
@@ -2970,6 +3078,8 @@
2970
3078
  "type": "xss",
2971
3079
  "crs_id": "941140",
2972
3080
  "category": "attack_attempt",
3081
+ "cwe": "84",
3082
+ "capec": "1000/152/242/63/591/244",
2973
3083
  "confidence": "1"
2974
3084
  },
2975
3085
  "conditions": [
@@ -2999,6 +3109,9 @@
2999
3109
  },
3000
3110
  {
3001
3111
  "address": "grpc.server.request.message"
3112
+ },
3113
+ {
3114
+ "address": "graphql.server.all_resolvers"
3002
3115
  }
3003
3116
  ],
3004
3117
  "regex": "[a-z]+=(?:[^:=]+:.+;)*?[^:=]+:url\\(javascript",
@@ -3021,6 +3134,8 @@
3021
3134
  "type": "xss",
3022
3135
  "crs_id": "941170",
3023
3136
  "category": "attack_attempt",
3137
+ "cwe": "83",
3138
+ "capec": "1000/152/242/63/591/243",
3024
3139
  "confidence": "1"
3025
3140
  },
3026
3141
  "conditions": [
@@ -3047,6 +3162,12 @@
3047
3162
  },
3048
3163
  {
3049
3164
  "address": "server.request.path_params"
3165
+ },
3166
+ {
3167
+ "address": "grpc.server.request.message"
3168
+ },
3169
+ {
3170
+ "address": "graphql.server.all_resolvers"
3050
3171
  }
3051
3172
  ],
3052
3173
  "regex": "(?:\\W|^)(?:javascript:(?:[\\s\\S]+[=\\x5c\\(\\[\\.<]|[\\s\\S]*?(?:\\bname\\b|\\x5c[ux]\\d)))|@\\W*?i\\W*?m\\W*?p\\W*?o\\W*?r\\W*?t\\W*?(?:/\\*[\\s\\S]*?)?(?:[\\\"']|\\W*?u\\W*?r\\W*?l[\\s\\S]*?\\()|[^-]*?-\\W*?m\\W*?o\\W*?z\\W*?-\\W*?b\\W*?i\\W*?n\\W*?d\\W*?i\\W*?n\\W*?g[^:]*?:\\W*?u\\W*?r\\W*?l[\\s\\S]*?\\(",
@@ -3068,7 +3189,9 @@
3068
3189
  "tags": {
3069
3190
  "type": "xss",
3070
3191
  "crs_id": "941180",
3071
- "category": "attack_attempt"
3192
+ "category": "attack_attempt",
3193
+ "cwe": "79",
3194
+ "capec": "1000/152/242/63/591"
3072
3195
  },
3073
3196
  "conditions": [
3074
3197
  {
@@ -3085,6 +3208,9 @@
3085
3208
  },
3086
3209
  {
3087
3210
  "address": "grpc.server.request.message"
3211
+ },
3212
+ {
3213
+ "address": "graphql.server.all_resolvers"
3088
3214
  }
3089
3215
  ],
3090
3216
  "list": [
@@ -3111,6 +3237,8 @@
3111
3237
  "type": "xss",
3112
3238
  "crs_id": "941200",
3113
3239
  "category": "attack_attempt",
3240
+ "cwe": "80",
3241
+ "capec": "1000/152/242/63/591",
3114
3242
  "confidence": "1"
3115
3243
  },
3116
3244
  "conditions": [
@@ -3128,6 +3256,9 @@
3128
3256
  },
3129
3257
  {
3130
3258
  "address": "grpc.server.request.message"
3259
+ },
3260
+ {
3261
+ "address": "graphql.server.all_resolvers"
3131
3262
  }
3132
3263
  ],
3133
3264
  "regex": "(?i:<.*[:]?vmlframe.*?[\\s/+]*?src[\\s/+]*=)",
@@ -3150,6 +3281,8 @@
3150
3281
  "type": "xss",
3151
3282
  "crs_id": "941210",
3152
3283
  "category": "attack_attempt",
3284
+ "cwe": "80",
3285
+ "capec": "1000/152/242/63/591",
3153
3286
  "confidence": "1"
3154
3287
  },
3155
3288
  "conditions": [
@@ -3167,6 +3300,9 @@
3167
3300
  },
3168
3301
  {
3169
3302
  "address": "grpc.server.request.message"
3303
+ },
3304
+ {
3305
+ "address": "graphql.server.all_resolvers"
3170
3306
  }
3171
3307
  ],
3172
3308
  "regex": "(?i:(?:j|&#x?0*(?:74|4A|106|6A);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:a|&#x?0*(?:65|41|97|61);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:v|&#x?0*(?:86|56|118|76);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:a|&#x?0*(?:65|41|97|61);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:s|&#x?0*(?:83|53|115|73);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:c|&#x?0*(?:67|43|99|63);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:r|&#x?0*(?:82|52|114|72);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:i|&#x?0*(?:73|49|105|69);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:p|&#x?0*(?:80|50|112|70);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:t|&#x?0*(?:84|54|116|74);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?::|&(?:#x?0*(?:58|3A);?|colon;)).)",
@@ -3189,6 +3325,8 @@
3189
3325
  "type": "xss",
3190
3326
  "crs_id": "941220",
3191
3327
  "category": "attack_attempt",
3328
+ "cwe": "80",
3329
+ "capec": "1000/152/242/63/591",
3192
3330
  "confidence": "1"
3193
3331
  },
3194
3332
  "conditions": [
@@ -3206,6 +3344,9 @@
3206
3344
  },
3207
3345
  {
3208
3346
  "address": "grpc.server.request.message"
3347
+ },
3348
+ {
3349
+ "address": "graphql.server.all_resolvers"
3209
3350
  }
3210
3351
  ],
3211
3352
  "regex": "(?i:(?:v|&#x?0*(?:86|56|118|76);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:b|&#x?0*(?:66|42|98|62);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:s|&#x?0*(?:83|53|115|73);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:c|&#x?0*(?:67|43|99|63);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:r|&#x?0*(?:82|52|114|72);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:i|&#x?0*(?:73|49|105|69);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:p|&#x?0*(?:80|50|112|70);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:t|&#x?0*(?:84|54|116|74);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?::|&(?:#x?0*(?:58|3A);?|colon;)).)",
@@ -3228,6 +3369,8 @@
3228
3369
  "type": "xss",
3229
3370
  "crs_id": "941230",
3230
3371
  "category": "attack_attempt",
3372
+ "cwe": "83",
3373
+ "capec": "1000/152/242/63/591/243",
3231
3374
  "confidence": "1"
3232
3375
  },
3233
3376
  "conditions": [
@@ -3245,6 +3388,9 @@
3245
3388
  },
3246
3389
  {
3247
3390
  "address": "grpc.server.request.message"
3391
+ },
3392
+ {
3393
+ "address": "graphql.server.all_resolvers"
3248
3394
  }
3249
3395
  ],
3250
3396
  "regex": "<EMBED[\\s/+].*?(?:src|type).*?=",
@@ -3266,6 +3412,8 @@
3266
3412
  "type": "xss",
3267
3413
  "crs_id": "941240",
3268
3414
  "category": "attack_attempt",
3415
+ "cwe": "83",
3416
+ "capec": "1000/152/242/63/591/243",
3269
3417
  "confidence": "1"
3270
3418
  },
3271
3419
  "conditions": [
@@ -3283,6 +3431,9 @@
3283
3431
  },
3284
3432
  {
3285
3433
  "address": "grpc.server.request.message"
3434
+ },
3435
+ {
3436
+ "address": "graphql.server.all_resolvers"
3286
3437
  }
3287
3438
  ],
3288
3439
  "regex": "<[?]?import[\\s/+\\S]*?implementation[\\s/+]*?=",
@@ -3305,7 +3456,9 @@
3305
3456
  "tags": {
3306
3457
  "type": "xss",
3307
3458
  "crs_id": "941270",
3308
- "category": "attack_attempt"
3459
+ "category": "attack_attempt",
3460
+ "cwe": "83",
3461
+ "capec": "1000/152/242/63/591/243"
3309
3462
  },
3310
3463
  "conditions": [
3311
3464
  {
@@ -3322,6 +3475,9 @@
3322
3475
  },
3323
3476
  {
3324
3477
  "address": "grpc.server.request.message"
3478
+ },
3479
+ {
3480
+ "address": "graphql.server.all_resolvers"
3325
3481
  }
3326
3482
  ],
3327
3483
  "regex": "<LINK[\\s/+].*?href[\\s/+]*=",
@@ -3343,6 +3499,8 @@
3343
3499
  "type": "xss",
3344
3500
  "crs_id": "941280",
3345
3501
  "category": "attack_attempt",
3502
+ "cwe": "83",
3503
+ "capec": "1000/152/242/63/591/243",
3346
3504
  "confidence": "1"
3347
3505
  },
3348
3506
  "conditions": [
@@ -3360,6 +3518,9 @@
3360
3518
  },
3361
3519
  {
3362
3520
  "address": "grpc.server.request.message"
3521
+ },
3522
+ {
3523
+ "address": "graphql.server.all_resolvers"
3363
3524
  }
3364
3525
  ],
3365
3526
  "regex": "<BASE[\\s/+].*?href[\\s/+]*=",
@@ -3381,6 +3542,8 @@
3381
3542
  "type": "xss",
3382
3543
  "crs_id": "941290",
3383
3544
  "category": "attack_attempt",
3545
+ "cwe": "83",
3546
+ "capec": "1000/152/242/63/591/243",
3384
3547
  "confidence": "1"
3385
3548
  },
3386
3549
  "conditions": [
@@ -3398,6 +3561,9 @@
3398
3561
  },
3399
3562
  {
3400
3563
  "address": "grpc.server.request.message"
3564
+ },
3565
+ {
3566
+ "address": "graphql.server.all_resolvers"
3401
3567
  }
3402
3568
  ],
3403
3569
  "regex": "<APPLET[\\s/+>]",
@@ -3419,6 +3585,8 @@
3419
3585
  "type": "xss",
3420
3586
  "crs_id": "941300",
3421
3587
  "category": "attack_attempt",
3588
+ "cwe": "83",
3589
+ "capec": "1000/152/242/63/591/243",
3422
3590
  "confidence": "1"
3423
3591
  },
3424
3592
  "conditions": [
@@ -3436,6 +3604,9 @@
3436
3604
  },
3437
3605
  {
3438
3606
  "address": "grpc.server.request.message"
3607
+ },
3608
+ {
3609
+ "address": "graphql.server.all_resolvers"
3439
3610
  }
3440
3611
  ],
3441
3612
  "regex": "<OBJECT[\\s/+].*?(?:type|codetype|classid|code|data)[\\s/+]*=",
@@ -3457,6 +3628,8 @@
3457
3628
  "type": "xss",
3458
3629
  "crs_id": "941350",
3459
3630
  "category": "attack_attempt",
3631
+ "cwe": "87",
3632
+ "capec": "1000/152/242/63/591/199",
3460
3633
  "confidence": "1"
3461
3634
  },
3462
3635
  "conditions": [
@@ -3474,6 +3647,9 @@
3474
3647
  },
3475
3648
  {
3476
3649
  "address": "grpc.server.request.message"
3650
+ },
3651
+ {
3652
+ "address": "graphql.server.all_resolvers"
3477
3653
  }
3478
3654
  ],
3479
3655
  "regex": "\\+ADw-.*(?:\\+AD4-|>)|<.*\\+AD4-",
@@ -3493,7 +3669,9 @@
3493
3669
  "tags": {
3494
3670
  "type": "xss",
3495
3671
  "crs_id": "941360",
3496
- "category": "attack_attempt"
3672
+ "category": "attack_attempt",
3673
+ "cwe": "87",
3674
+ "capec": "1000/152/242/63/591/199"
3497
3675
  },
3498
3676
  "conditions": [
3499
3677
  {
@@ -3510,6 +3688,9 @@
3510
3688
  },
3511
3689
  {
3512
3690
  "address": "grpc.server.request.message"
3691
+ },
3692
+ {
3693
+ "address": "graphql.server.all_resolvers"
3513
3694
  }
3514
3695
  ],
3515
3696
  "regex": "![!+ ]\\[\\]",
@@ -3530,7 +3711,9 @@
3530
3711
  "type": "xss",
3531
3712
  "crs_id": "941390",
3532
3713
  "category": "attack_attempt",
3533
- "confidence": "1"
3714
+ "confidence": "1",
3715
+ "cwe": "79",
3716
+ "capec": "1000/152/242/63/591"
3534
3717
  },
3535
3718
  "conditions": [
3536
3719
  {
@@ -3547,6 +3730,9 @@
3547
3730
  },
3548
3731
  {
3549
3732
  "address": "grpc.server.request.message"
3733
+ },
3734
+ {
3735
+ "address": "graphql.server.all_resolvers"
3550
3736
  }
3551
3737
  ],
3552
3738
  "regex": "\\b(?i:eval|settimeout|setinterval|new\\s+Function|alert|prompt)[\\s+]*\\([^\\)]",
@@ -3566,7 +3752,9 @@
3566
3752
  "tags": {
3567
3753
  "type": "sql_injection",
3568
3754
  "crs_id": "942100",
3569
- "category": "attack_attempt"
3755
+ "category": "attack_attempt",
3756
+ "cwe": "89",
3757
+ "capec": "1000/152/248/66"
3570
3758
  },
3571
3759
  "conditions": [
3572
3760
  {
@@ -3583,6 +3771,9 @@
3583
3771
  },
3584
3772
  {
3585
3773
  "address": "grpc.server.request.message"
3774
+ },
3775
+ {
3776
+ "address": "graphql.server.all_resolvers"
3586
3777
  }
3587
3778
  ]
3588
3779
  },
@@ -3600,6 +3791,8 @@
3600
3791
  "type": "sql_injection",
3601
3792
  "crs_id": "942160",
3602
3793
  "category": "attack_attempt",
3794
+ "cwe": "89",
3795
+ "capec": "1000/152/248/66/7",
3603
3796
  "confidence": "1"
3604
3797
  },
3605
3798
  "conditions": [
@@ -3617,6 +3810,9 @@
3617
3810
  },
3618
3811
  {
3619
3812
  "address": "grpc.server.request.message"
3813
+ },
3814
+ {
3815
+ "address": "graphql.server.all_resolvers"
3620
3816
  }
3621
3817
  ],
3622
3818
  "regex": "(?i:sleep\\(\\s*?\\d*?\\s*?\\)|benchmark\\(.*?\\,.*?\\))",
@@ -3637,6 +3833,8 @@
3637
3833
  "type": "sql_injection",
3638
3834
  "crs_id": "942240",
3639
3835
  "category": "attack_attempt",
3836
+ "cwe": "89",
3837
+ "capec": "1000/152/248/66/7",
3640
3838
  "confidence": "1"
3641
3839
  },
3642
3840
  "conditions": [
@@ -3654,6 +3852,9 @@
3654
3852
  },
3655
3853
  {
3656
3854
  "address": "grpc.server.request.message"
3855
+ },
3856
+ {
3857
+ "address": "graphql.server.all_resolvers"
3657
3858
  }
3658
3859
  ],
3659
3860
  "regex": "(?:[\\\"'`](?:;*?\\s*?waitfor\\s+(?:delay|time)\\s+[\\\"'`]|;.*?:\\s*?goto)|alter\\s*?\\w+.*?cha(?:racte)?r\\s+set\\s+\\w+)",
@@ -3672,7 +3873,9 @@
3672
3873
  "tags": {
3673
3874
  "type": "sql_injection",
3674
3875
  "crs_id": "942250",
3675
- "category": "attack_attempt"
3876
+ "category": "attack_attempt",
3877
+ "cwe": "89",
3878
+ "capec": "1000/152/248/66"
3676
3879
  },
3677
3880
  "conditions": [
3678
3881
  {
@@ -3689,6 +3892,9 @@
3689
3892
  },
3690
3893
  {
3691
3894
  "address": "grpc.server.request.message"
3895
+ },
3896
+ {
3897
+ "address": "graphql.server.all_resolvers"
3692
3898
  }
3693
3899
  ],
3694
3900
  "regex": "(?i:merge.*?using\\s*?\\(|execute\\s*?immediate\\s*?[\\\"'`]|match\\s*?[\\w(?:),+-]+\\s*?against\\s*?\\()",
@@ -3708,7 +3914,9 @@
3708
3914
  "tags": {
3709
3915
  "type": "sql_injection",
3710
3916
  "crs_id": "942270",
3711
- "category": "attack_attempt"
3917
+ "category": "attack_attempt",
3918
+ "cwe": "89",
3919
+ "capec": "1000/152/248/66"
3712
3920
  },
3713
3921
  "conditions": [
3714
3922
  {
@@ -3725,6 +3933,9 @@
3725
3933
  },
3726
3934
  {
3727
3935
  "address": "grpc.server.request.message"
3936
+ },
3937
+ {
3938
+ "address": "graphql.server.all_resolvers"
3728
3939
  }
3729
3940
  ],
3730
3941
  "regex": "union.*?select.*?from",
@@ -3744,6 +3955,8 @@
3744
3955
  "type": "sql_injection",
3745
3956
  "crs_id": "942280",
3746
3957
  "category": "attack_attempt",
3958
+ "cwe": "89",
3959
+ "capec": "1000/152/248/66/7",
3747
3960
  "confidence": "1"
3748
3961
  },
3749
3962
  "conditions": [
@@ -3761,6 +3974,9 @@
3761
3974
  },
3762
3975
  {
3763
3976
  "address": "grpc.server.request.message"
3977
+ },
3978
+ {
3979
+ "address": "graphql.server.all_resolvers"
3764
3980
  }
3765
3981
  ],
3766
3982
  "regex": "(?:;\\s*?shutdown\\s*?(?:[#;{]|\\/\\*|--)|waitfor\\s*?delay\\s?[\\\"'`]+\\s?\\d|select\\s*?pg_sleep)",
@@ -3779,7 +3995,9 @@
3779
3995
  "tags": {
3780
3996
  "type": "nosql_injection",
3781
3997
  "crs_id": "942290",
3782
- "category": "attack_attempt"
3998
+ "category": "attack_attempt",
3999
+ "cwe": "943",
4000
+ "capec": "1000/152/248/676"
3783
4001
  },
3784
4002
  "conditions": [
3785
4003
  {
@@ -3796,6 +4014,9 @@
3796
4014
  },
3797
4015
  {
3798
4016
  "address": "grpc.server.request.message"
4017
+ },
4018
+ {
4019
+ "address": "graphql.server.all_resolvers"
3799
4020
  }
3800
4021
  ],
3801
4022
  "regex": "(?i:(?:\\[?\\$(?:(?:s(?:lic|iz)|wher)e|e(?:lemMatch|xists|q)|n(?:o[rt]|in?|e)|l(?:ike|te?)|t(?:ext|ype)|a(?:ll|nd)|jsonSchema|between|regex|x?or|div|mod)\\]?)\\b)",
@@ -3817,7 +4038,9 @@
3817
4038
  "tags": {
3818
4039
  "type": "sql_injection",
3819
4040
  "crs_id": "942360",
3820
- "category": "attack_attempt"
4041
+ "category": "attack_attempt",
4042
+ "cwe": "89",
4043
+ "capec": "1000/152/248/66/470"
3821
4044
  },
3822
4045
  "conditions": [
3823
4046
  {
@@ -3834,6 +4057,9 @@
3834
4057
  },
3835
4058
  {
3836
4059
  "address": "grpc.server.request.message"
4060
+ },
4061
+ {
4062
+ "address": "graphql.server.all_resolvers"
3837
4063
  }
3838
4064
  ],
3839
4065
  "regex": "(?:^[\\W\\d]+\\s*?(?:alter\\s*(?:a(?:(?:pplication\\s*rol|ggregat)e|s(?:ymmetric\\s*ke|sembl)y|u(?:thorization|dit)|vailability\\s*group)|c(?:r(?:yptographic\\s*provider|edential)|o(?:l(?:latio|um)|nversio)n|ertificate|luster)|s(?:e(?:rv(?:ice|er)|curity|quence|ssion|arch)|y(?:mmetric\\s*key|nonym)|togroup|chema)|m(?:a(?:s(?:ter\\s*key|k)|terialized)|e(?:ssage\\s*type|thod)|odule)|l(?:o(?:g(?:file\\s*group|in)|ckdown)|a(?:ngua|r)ge|ibrary)|t(?:(?:abl(?:espac)?|yp)e|r(?:igger|usted)|hreshold|ext)|p(?:a(?:rtition|ckage)|ro(?:cedur|fil)e|ermission)|d(?:i(?:mension|skgroup)|atabase|efault|omain)|r(?:o(?:l(?:lback|e)|ute)|e(?:sourc|mot)e)|f(?:u(?:lltext|nction)|lashback|oreign)|e(?:xte(?:nsion|rnal)|(?:ndpoi|ve)nt)|in(?:dex(?:type)?|memory|stance)|b(?:roker\\s*priority|ufferpool)|x(?:ml\\s*schema|srobject)|w(?:ork(?:load)?|rapper)|hi(?:erarchy|stogram)|o(?:perator|utline)|(?:nicknam|queu)e|us(?:age|er)|group|java|view)|union\\s*(?:(?:distin|sele)ct|all))\\b|\\b(?:(?:(?:trunc|cre|upd)at|renam)e|(?:inser|selec)t|de(?:lete|sc)|alter|load)\\s+(?:group_concat|load_file|char)\\b\\s*\\(?|[\\s(]load_file\\s*?\\(|[\\\"'`]\\s+regexp\\W)",
@@ -3852,7 +4078,9 @@
3852
4078
  "tags": {
3853
4079
  "type": "sql_injection",
3854
4080
  "crs_id": "942500",
3855
- "category": "attack_attempt"
4081
+ "category": "attack_attempt",
4082
+ "cwe": "89",
4083
+ "capec": "1000/152/248/66"
3856
4084
  },
3857
4085
  "conditions": [
3858
4086
  {
@@ -3869,6 +4097,9 @@
3869
4097
  },
3870
4098
  {
3871
4099
  "address": "grpc.server.request.message"
4100
+ },
4101
+ {
4102
+ "address": "graphql.server.all_resolvers"
3872
4103
  }
3873
4104
  ],
3874
4105
  "regex": "(?i:/\\*[!+](?:[\\w\\s=_\\-(?:)]+)?\\*/)",
@@ -3889,6 +4120,8 @@
3889
4120
  "type": "http_protocol_violation",
3890
4121
  "crs_id": "943100",
3891
4122
  "category": "attack_attempt",
4123
+ "cwe": "384",
4124
+ "capec": "1000/225/21/593/61",
3892
4125
  "confidence": "1"
3893
4126
  },
3894
4127
  "conditions": [
@@ -3903,6 +4136,12 @@
3903
4136
  },
3904
4137
  {
3905
4138
  "address": "server.request.path_params"
4139
+ },
4140
+ {
4141
+ "address": "grpc.server.request.message"
4142
+ },
4143
+ {
4144
+ "address": "graphql.server.all_resolvers"
3906
4145
  }
3907
4146
  ],
3908
4147
  "regex": "(?i:\\.cookie\\b.*?;\\W*?(?:expires|domain)\\W*?=|\\bhttp-equiv\\W+set-cookie\\b)",
@@ -3923,6 +4162,8 @@
3923
4162
  "type": "java_code_injection",
3924
4163
  "crs_id": "944100",
3925
4164
  "category": "attack_attempt",
4165
+ "cwe": "94",
4166
+ "capec": "1000/152/242",
3926
4167
  "confidence": "1"
3927
4168
  },
3928
4169
  "conditions": [
@@ -3943,6 +4184,9 @@
3943
4184
  },
3944
4185
  {
3945
4186
  "address": "grpc.server.request.message"
4187
+ },
4188
+ {
4189
+ "address": "graphql.server.all_resolvers"
3946
4190
  }
3947
4191
  ],
3948
4192
  "regex": "java\\.lang\\.(?:runtime|processbuilder)",
@@ -3964,7 +4208,9 @@
3964
4208
  "tags": {
3965
4209
  "type": "java_code_injection",
3966
4210
  "crs_id": "944110",
3967
- "category": "attack_attempt"
4211
+ "category": "attack_attempt",
4212
+ "cwe": "94",
4213
+ "capec": "1000/152/242"
3968
4214
  },
3969
4215
  "conditions": [
3970
4216
  {
@@ -3984,6 +4230,9 @@
3984
4230
  },
3985
4231
  {
3986
4232
  "address": "grpc.server.request.message"
4233
+ },
4234
+ {
4235
+ "address": "graphql.server.all_resolvers"
3987
4236
  }
3988
4237
  ],
3989
4238
  "regex": "(?:runtime|processbuilder)",
@@ -4011,6 +4260,9 @@
4011
4260
  },
4012
4261
  {
4013
4262
  "address": "grpc.server.request.message"
4263
+ },
4264
+ {
4265
+ "address": "graphql.server.all_resolvers"
4014
4266
  }
4015
4267
  ],
4016
4268
  "regex": "(?:unmarshaller|base64data|java\\.)",
@@ -4032,7 +4284,9 @@
4032
4284
  "tags": {
4033
4285
  "type": "java_code_injection",
4034
4286
  "crs_id": "944130",
4035
- "category": "attack_attempt"
4287
+ "category": "attack_attempt",
4288
+ "cwe": "94",
4289
+ "capec": "1000/152/242"
4036
4290
  },
4037
4291
  "conditions": [
4038
4292
  {
@@ -4052,6 +4306,9 @@
4052
4306
  },
4053
4307
  {
4054
4308
  "address": "grpc.server.request.message"
4309
+ },
4310
+ {
4311
+ "address": "graphql.server.all_resolvers"
4055
4312
  }
4056
4313
  ],
4057
4314
  "list": [
@@ -4112,6 +4369,8 @@
4112
4369
  "type": "java_code_injection",
4113
4370
  "crs_id": "944260",
4114
4371
  "category": "attack_attempt",
4372
+ "cwe": "94",
4373
+ "capec": "1000/152/242",
4115
4374
  "confidence": "1"
4116
4375
  },
4117
4376
  "conditions": [
@@ -4132,6 +4391,9 @@
4132
4391
  },
4133
4392
  {
4134
4393
  "address": "grpc.server.request.message"
4394
+ },
4395
+ {
4396
+ "address": "graphql.server.all_resolvers"
4135
4397
  }
4136
4398
  ],
4137
4399
  "regex": "(?:class\\.module\\.classLoader\\.resources\\.context\\.parent\\.pipeline|springframework\\.context\\.support\\.FileSystemXmlApplicationContext)",
@@ -4150,7 +4412,9 @@
4150
4412
  "name": "Look for Cassandra injections",
4151
4413
  "tags": {
4152
4414
  "type": "nosql_injection",
4153
- "category": "attack_attempt"
4415
+ "category": "attack_attempt",
4416
+ "cwe": "943",
4417
+ "capec": "1000/152/248/676"
4154
4418
  },
4155
4419
  "conditions": [
4156
4420
  {
@@ -4165,6 +4429,12 @@
4165
4429
  {
4166
4430
  "address": "server.request.path_params"
4167
4431
  },
4432
+ {
4433
+ "address": "grpc.server.request.message"
4434
+ },
4435
+ {
4436
+ "address": "graphql.server.all_resolvers"
4437
+ },
4168
4438
  {
4169
4439
  "address": "server.request.headers.no_cookies"
4170
4440
  }
@@ -4183,7 +4453,9 @@
4183
4453
  "name": "OGNL - Look for formatting injection patterns",
4184
4454
  "tags": {
4185
4455
  "type": "java_code_injection",
4186
- "category": "attack_attempt"
4456
+ "category": "attack_attempt",
4457
+ "cwe": "94",
4458
+ "capec": "1000/152/242"
4187
4459
  },
4188
4460
  "conditions": [
4189
4461
  {
@@ -4204,6 +4476,9 @@
4204
4476
  },
4205
4477
  {
4206
4478
  "address": "grpc.server.request.message"
4479
+ },
4480
+ {
4481
+ "address": "graphql.server.all_resolvers"
4207
4482
  }
4208
4483
  ],
4209
4484
  "regex": "[#%$]{(?:[^}]+[^\\w\\s}\\-_][^}]+|\\d+-\\d+)}",
@@ -4221,6 +4496,8 @@
4221
4496
  "tags": {
4222
4497
  "type": "java_code_injection",
4223
4498
  "category": "attack_attempt",
4499
+ "cwe": "94",
4500
+ "capec": "1000/152/242",
4224
4501
  "confidence": "1"
4225
4502
  },
4226
4503
  "conditions": [
@@ -4242,6 +4519,9 @@
4242
4519
  },
4243
4520
  {
4244
4521
  "address": "grpc.server.request.message"
4522
+ },
4523
+ {
4524
+ "address": "graphql.server.all_resolvers"
4245
4525
  }
4246
4526
  ],
4247
4527
  "regex": "[@#]ognl",
@@ -4259,6 +4539,8 @@
4259
4539
  "tags": {
4260
4540
  "type": "exploit_detection",
4261
4541
  "category": "attack_attempt",
4542
+ "cwe": "94",
4543
+ "capec": "1000/152/242",
4262
4544
  "confidence": "1"
4263
4545
  },
4264
4546
  "conditions": [
@@ -4287,6 +4569,8 @@
4287
4569
  "tags": {
4288
4570
  "type": "js_code_injection",
4289
4571
  "category": "attack_attempt",
4572
+ "cwe": "1321",
4573
+ "capec": "1000/152/242",
4290
4574
  "confidence": "1"
4291
4575
  },
4292
4576
  "conditions": [
@@ -4315,6 +4599,8 @@
4315
4599
  "tags": {
4316
4600
  "type": "js_code_injection",
4317
4601
  "category": "attack_attempt",
4602
+ "cwe": "1321",
4603
+ "capec": "1000/152/242",
4318
4604
  "confidence": "1"
4319
4605
  },
4320
4606
  "conditions": [
@@ -4357,6 +4643,8 @@
4357
4643
  "tags": {
4358
4644
  "type": "java_code_injection",
4359
4645
  "category": "attack_attempt",
4646
+ "cwe": "1336",
4647
+ "capec": "1000/152/242/19",
4360
4648
  "confidence": "1"
4361
4649
  },
4362
4650
  "conditions": [
@@ -4377,6 +4665,9 @@
4377
4665
  },
4378
4666
  {
4379
4667
  "address": "grpc.server.request.message"
4668
+ },
4669
+ {
4670
+ "address": "graphql.server.all_resolvers"
4380
4671
  }
4381
4672
  ],
4382
4673
  "regex": "#(?:set|foreach|macro|parse|if)\\(.*\\)|<#assign.*>"
@@ -4393,6 +4684,8 @@
4393
4684
  "type": "attack_tool",
4394
4685
  "category": "attack_attempt",
4395
4686
  "tool_name": "BurpCollaborator",
4687
+ "cwe": "200",
4688
+ "capec": "1000/118/169",
4396
4689
  "confidence": "1"
4397
4690
  },
4398
4691
  "conditions": [
@@ -4413,6 +4706,9 @@
4413
4706
  },
4414
4707
  {
4415
4708
  "address": "grpc.server.request.message"
4709
+ },
4710
+ {
4711
+ "address": "graphql.server.all_resolvers"
4416
4712
  }
4417
4713
  ],
4418
4714
  "regex": "\\b(?:burpcollaborator\\.net|oastify\\.com)\\b"
@@ -4429,6 +4725,8 @@
4429
4725
  "type": "commercial_scanner",
4430
4726
  "category": "attack_attempt",
4431
4727
  "tool_name": "Qualys",
4728
+ "cwe": "200",
4729
+ "capec": "1000/118/169",
4432
4730
  "confidence": "0"
4433
4731
  },
4434
4732
  "conditions": [
@@ -4449,6 +4747,9 @@
4449
4747
  },
4450
4748
  {
4451
4749
  "address": "grpc.server.request.message"
4750
+ },
4751
+ {
4752
+ "address": "graphql.server.all_resolvers"
4452
4753
  }
4453
4754
  ],
4454
4755
  "regex": "\\bqualysperiscope\\.com\\b"
@@ -4465,6 +4766,8 @@
4465
4766
  "type": "commercial_scanner",
4466
4767
  "category": "attack_attempt",
4467
4768
  "tool_name": "Probely",
4769
+ "cwe": "200",
4770
+ "capec": "1000/118/169",
4468
4771
  "confidence": "0"
4469
4772
  },
4470
4773
  "conditions": [
@@ -4485,6 +4788,9 @@
4485
4788
  },
4486
4789
  {
4487
4790
  "address": "grpc.server.request.message"
4791
+ },
4792
+ {
4793
+ "address": "graphql.server.all_resolvers"
4488
4794
  }
4489
4795
  ],
4490
4796
  "regex": "\\bprbly\\.win\\b"
@@ -4500,6 +4806,8 @@
4500
4806
  "tags": {
4501
4807
  "type": "security_scanner",
4502
4808
  "category": "attack_attempt",
4809
+ "cwe": "200",
4810
+ "capec": "1000/118/169",
4503
4811
  "confidence": "1"
4504
4812
  },
4505
4813
  "conditions": [
@@ -4520,6 +4828,9 @@
4520
4828
  },
4521
4829
  {
4522
4830
  "address": "grpc.server.request.message"
4831
+ },
4832
+ {
4833
+ "address": "graphql.server.all_resolvers"
4523
4834
  }
4524
4835
  ],
4525
4836
  "regex": "\\b(?:webhook\\.site|\\.canarytokens\\.com|vii\\.one|act1on3\\.ru|gdsburp\\.com)\\b"
@@ -4535,6 +4846,8 @@
4535
4846
  "tags": {
4536
4847
  "type": "security_scanner",
4537
4848
  "category": "attack_attempt",
4849
+ "cwe": "200",
4850
+ "capec": "1000/118/169",
4538
4851
  "confidence": "0"
4539
4852
  },
4540
4853
  "conditions": [
@@ -4555,6 +4868,9 @@
4555
4868
  },
4556
4869
  {
4557
4870
  "address": "grpc.server.request.message"
4871
+ },
4872
+ {
4873
+ "address": "graphql.server.all_resolvers"
4558
4874
  }
4559
4875
  ],
4560
4876
  "regex": "\\b(?:\\.ngrok\\.io|requestbin\\.com|requestbin\\.net)\\b"
@@ -4571,6 +4887,8 @@
4571
4887
  "type": "commercial_scanner",
4572
4888
  "category": "attack_attempt",
4573
4889
  "tool_name": "Rapid7",
4890
+ "cwe": "200",
4891
+ "capec": "1000/118/169",
4574
4892
  "confidence": "0"
4575
4893
  },
4576
4894
  "conditions": [
@@ -4591,6 +4909,9 @@
4591
4909
  },
4592
4910
  {
4593
4911
  "address": "grpc.server.request.message"
4912
+ },
4913
+ {
4914
+ "address": "graphql.server.all_resolvers"
4594
4915
  }
4595
4916
  ],
4596
4917
  "regex": "\\bappspidered\\.rapid7\\."
@@ -4607,6 +4928,8 @@
4607
4928
  "type": "attack_tool",
4608
4929
  "category": "attack_attempt",
4609
4930
  "tool_name": "interact.sh",
4931
+ "cwe": "200",
4932
+ "capec": "1000/118/169",
4610
4933
  "confidence": "1"
4611
4934
  },
4612
4935
  "conditions": [
@@ -4627,6 +4950,9 @@
4627
4950
  },
4628
4951
  {
4629
4952
  "address": "grpc.server.request.message"
4953
+ },
4954
+ {
4955
+ "address": "graphql.server.all_resolvers"
4630
4956
  }
4631
4957
  ],
4632
4958
  "regex": "\\b(?:interact\\.sh|oast\\.(?:pro|live|site|online|fun|me))\\b"
@@ -4636,12 +4962,59 @@
4636
4962
  ],
4637
4963
  "transformers": []
4638
4964
  },
4965
+ {
4966
+ "id": "dog-913-008",
4967
+ "name": "Netsparker OOB domain",
4968
+ "tags": {
4969
+ "type": "commercial_scanner",
4970
+ "category": "attack_attempt",
4971
+ "tool_name": "Netsparker",
4972
+ "cwe": "200",
4973
+ "capec": "1000/118/169",
4974
+ "confidence": "0"
4975
+ },
4976
+ "conditions": [
4977
+ {
4978
+ "parameters": {
4979
+ "inputs": [
4980
+ {
4981
+ "address": "server.request.query"
4982
+ },
4983
+ {
4984
+ "address": "server.request.body"
4985
+ },
4986
+ {
4987
+ "address": "server.request.path_params"
4988
+ },
4989
+ {
4990
+ "address": "server.request.headers.no_cookies"
4991
+ },
4992
+ {
4993
+ "address": "grpc.server.request.message"
4994
+ },
4995
+ {
4996
+ "address": "graphql.server.all_resolvers"
4997
+ }
4998
+ ],
4999
+ "regex": "\\b(?:\\.|(?:\\\\|&#)(?:0*46|x0*2e);)r87(?:\\.|(?:\\\\|&#)(?:0*46|x0*2e);)(?:me|com)\\b",
5000
+ "options": {
5001
+ "case_sensitive": false,
5002
+ "min_length": 7
5003
+ }
5004
+ },
5005
+ "operator": "match_regex"
5006
+ }
5007
+ ],
5008
+ "transformers": []
5009
+ },
4639
5010
  {
4640
5011
  "id": "dog-931-001",
4641
5012
  "name": "RFI: URL Payload to well known RFI target",
4642
5013
  "tags": {
4643
5014
  "type": "rfi",
4644
5015
  "category": "attack_attempt",
5016
+ "cwe": "98",
5017
+ "capec": "1000/152/175/253/193",
4645
5018
  "confidence": "1"
4646
5019
  },
4647
5020
  "conditions": [
@@ -4656,6 +5029,12 @@
4656
5029
  },
4657
5030
  {
4658
5031
  "address": "server.request.path_params"
5032
+ },
5033
+ {
5034
+ "address": "grpc.server.request.message"
5035
+ },
5036
+ {
5037
+ "address": "graphql.server.all_resolvers"
4659
5038
  }
4660
5039
  ],
4661
5040
  "regex": "^(?i:file|ftps?|https?).*/rfiinc\\.txt\\?+$",
@@ -4675,6 +5054,8 @@
4675
5054
  "tags": {
4676
5055
  "type": "xxe",
4677
5056
  "category": "attack_attempt",
5057
+ "cwe": "91",
5058
+ "capec": "1000/152/248/250",
4678
5059
  "confidence": "0"
4679
5060
  },
4680
5061
  "conditions": [
@@ -4686,6 +5067,9 @@
4686
5067
  },
4687
5068
  {
4688
5069
  "address": "grpc.server.request.message"
5070
+ },
5071
+ {
5072
+ "address": "graphql.server.all_resolvers"
4689
5073
  }
4690
5074
  ],
4691
5075
  "regex": "(?:<\\?xml[^>]*>.*)<!ENTITY[^>]+SYSTEM\\s+[^>]+>",
@@ -4699,12 +5083,69 @@
4699
5083
  ],
4700
5084
  "transformers": []
4701
5085
  },
5086
+ {
5087
+ "id": "dog-941-001",
5088
+ "name": "XSS in source property",
5089
+ "tags": {
5090
+ "type": "xss",
5091
+ "category": "attack_attempt",
5092
+ "cwe": "83",
5093
+ "capec": "1000/152/242/63/591/243",
5094
+ "confidence": "0"
5095
+ },
5096
+ "conditions": [
5097
+ {
5098
+ "parameters": {
5099
+ "inputs": [
5100
+ {
5101
+ "address": "server.request.headers.no_cookies",
5102
+ "key_path": [
5103
+ "user-agent"
5104
+ ]
5105
+ },
5106
+ {
5107
+ "address": "server.request.headers.no_cookies",
5108
+ "key_path": [
5109
+ "referer"
5110
+ ]
5111
+ },
5112
+ {
5113
+ "address": "server.request.query"
5114
+ },
5115
+ {
5116
+ "address": "server.request.body"
5117
+ },
5118
+ {
5119
+ "address": "server.request.path_params"
5120
+ },
5121
+ {
5122
+ "address": "grpc.server.request.message"
5123
+ },
5124
+ {
5125
+ "address": "graphql.server.all_resolvers"
5126
+ }
5127
+ ],
5128
+ "regex": "<(?:iframe|esi:include)(?:(?:\\s|/)*\\w+=[\"'\\w]+)*(?:\\s|/)*src(?:doc)?=[\"']?(?:data:|javascript:|http:|//)[^\\s'\"]+['\"]?",
5129
+ "options": {
5130
+ "min_length": 14
5131
+ }
5132
+ },
5133
+ "operator": "match_regex"
5134
+ }
5135
+ ],
5136
+ "transformers": [
5137
+ "removeNulls",
5138
+ "urlDecodeUni"
5139
+ ]
5140
+ },
4702
5141
  {
4703
5142
  "id": "dog-942-001",
4704
5143
  "name": "Blind XSS callback domains",
4705
5144
  "tags": {
4706
5145
  "type": "xss",
4707
5146
  "category": "attack_attempt",
5147
+ "cwe": "83",
5148
+ "capec": "1000/152/242/63/591/243",
4708
5149
  "confidence": "1"
4709
5150
  },
4710
5151
  "conditions": [
@@ -4725,6 +5166,9 @@
4725
5166
  },
4726
5167
  {
4727
5168
  "address": "grpc.server.request.message"
5169
+ },
5170
+ {
5171
+ "address": "graphql.server.all_resolvers"
4728
5172
  }
4729
5173
  ],
4730
5174
  "regex": "https?:\\/\\/(?:.*\\.)?(?:bxss\\.in|xss\\.ht|js\\.rip)",
@@ -4743,6 +5187,8 @@
4743
5187
  "tags": {
4744
5188
  "type": "security_scanner",
4745
5189
  "category": "attack_attempt",
5190
+ "cwe": "200",
5191
+ "capec": "1000/118/169",
4746
5192
  "confidence": "1"
4747
5193
  },
4748
5194
  "conditions": [
@@ -4978,6 +5424,8 @@
4978
5424
  "tags": {
4979
5425
  "type": "security_scanner",
4980
5426
  "category": "attack_attempt",
5427
+ "cwe": "200",
5428
+ "capec": "1000/118/169",
4981
5429
  "confidence": "1"
4982
5430
  },
4983
5431
  "conditions": [
@@ -5018,6 +5466,8 @@
5018
5466
  "tags": {
5019
5467
  "type": "security_scanner",
5020
5468
  "category": "attack_attempt",
5469
+ "cwe": "200",
5470
+ "capec": "1000/118/169",
5021
5471
  "confidence": "1"
5022
5472
  },
5023
5473
  "conditions": [
@@ -5058,6 +5508,8 @@
5058
5508
  "tags": {
5059
5509
  "type": "security_scanner",
5060
5510
  "category": "attack_attempt",
5511
+ "cwe": "200",
5512
+ "capec": "1000/118/169",
5061
5513
  "confidence": "1"
5062
5514
  },
5063
5515
  "conditions": [
@@ -5098,6 +5550,8 @@
5098
5550
  "tags": {
5099
5551
  "type": "security_scanner",
5100
5552
  "category": "attack_attempt",
5553
+ "cwe": "200",
5554
+ "capec": "1000/118/169",
5101
5555
  "confidence": "1"
5102
5556
  },
5103
5557
  "conditions": [
@@ -5138,6 +5592,8 @@
5138
5592
  "tags": {
5139
5593
  "type": "security_scanner",
5140
5594
  "category": "attack_attempt",
5595
+ "cwe": "200",
5596
+ "capec": "1000/118/169",
5141
5597
  "confidence": "1"
5142
5598
  },
5143
5599
  "conditions": [
@@ -5178,6 +5634,8 @@
5178
5634
  "tags": {
5179
5635
  "type": "security_scanner",
5180
5636
  "category": "attack_attempt",
5637
+ "cwe": "200",
5638
+ "capec": "1000/118/169",
5181
5639
  "confidence": "1"
5182
5640
  },
5183
5641
  "conditions": [
@@ -5218,6 +5676,8 @@
5218
5676
  "tags": {
5219
5677
  "type": "security_scanner",
5220
5678
  "category": "attack_attempt",
5679
+ "cwe": "200",
5680
+ "capec": "1000/118/169",
5221
5681
  "confidence": "1"
5222
5682
  },
5223
5683
  "conditions": [
@@ -5258,6 +5718,8 @@
5258
5718
  "tags": {
5259
5719
  "type": "security_scanner",
5260
5720
  "category": "attack_attempt",
5721
+ "cwe": "200",
5722
+ "capec": "1000/118/169",
5261
5723
  "confidence": "1"
5262
5724
  },
5263
5725
  "conditions": [
@@ -5298,6 +5760,8 @@
5298
5760
  "tags": {
5299
5761
  "type": "ssrf",
5300
5762
  "category": "attack_attempt",
5763
+ "cwe": "918",
5764
+ "capec": "1000/225/115/664",
5301
5765
  "confidence": "1"
5302
5766
  },
5303
5767
  "conditions": [
@@ -5315,6 +5779,9 @@
5315
5779
  },
5316
5780
  {
5317
5781
  "address": "grpc.server.request.message"
5782
+ },
5783
+ {
5784
+ "address": "graphql.server.all_resolvers"
5318
5785
  }
5319
5786
  ],
5320
5787
  "regex": "(?i)^\\W*((http|ftp)s?://)?\\W*((::f{4}:)?(169|(0x)?0*a9|0+251)\\.?(254|(0x)?0*fe|0+376)[0-9a-fx\\.:]+|metadata\\.google\\.internal|metadata\\.goog)\\W*/",
@@ -5334,7 +5801,9 @@
5334
5801
  "name": "Server-side Javascript injection: Try to detect obvious JS injection",
5335
5802
  "tags": {
5336
5803
  "type": "js_code_injection",
5337
- "category": "attack_attempt"
5804
+ "category": "attack_attempt",
5805
+ "cwe": "94",
5806
+ "capec": "1000/152/242"
5338
5807
  },
5339
5808
  "conditions": [
5340
5809
  {
@@ -5351,6 +5820,9 @@
5351
5820
  },
5352
5821
  {
5353
5822
  "address": "grpc.server.request.message"
5823
+ },
5824
+ {
5825
+ "address": "graphql.server.all_resolvers"
5354
5826
  }
5355
5827
  ],
5356
5828
  "regex": "require\\(['\"][\\w\\.]+['\"]\\)|process\\.\\w+\\([\\w\\.]*\\)|\\.toString\\(\\)",
@@ -5371,6 +5843,8 @@
5371
5843
  "tags": {
5372
5844
  "type": "command_injection",
5373
5845
  "category": "attack_attempt",
5846
+ "cwe": "78",
5847
+ "capec": "1000/152/248/88",
5374
5848
  "confidence": "1"
5375
5849
  },
5376
5850
  "conditions": [
@@ -5391,6 +5865,9 @@
5391
5865
  },
5392
5866
  {
5393
5867
  "address": "grpc.server.request.message"
5868
+ },
5869
+ {
5870
+ "address": "graphql.server.all_resolvers"
5394
5871
  }
5395
5872
  ],
5396
5873
  "regex": "(?i)[&|]\\s*type\\s+%\\w+%\\\\+\\w+\\.ini\\s*[&|]"
@@ -5406,6 +5883,8 @@
5406
5883
  "tags": {
5407
5884
  "type": "command_injection",
5408
5885
  "category": "attack_attempt",
5886
+ "cwe": "78",
5887
+ "capec": "1000/152/248/88",
5409
5888
  "confidence": "1"
5410
5889
  },
5411
5890
  "conditions": [
@@ -5426,14 +5905,19 @@
5426
5905
  },
5427
5906
  {
5428
5907
  "address": "grpc.server.request.message"
5908
+ },
5909
+ {
5910
+ "address": "graphql.server.all_resolvers"
5429
5911
  }
5430
5912
  ],
5431
- "regex": "(?i)[&|]\\s*cat\\s+\\/etc\\/[\\w\\.\\/]*passwd\\s*[&|]"
5913
+ "regex": "(?i)[&|]\\s*cat\\s*\\/etc\\/[\\w\\.\\/]*passwd\\s*[&|]"
5432
5914
  },
5433
5915
  "operator": "match_regex"
5434
5916
  }
5435
5917
  ],
5436
- "transformers": []
5918
+ "transformers": [
5919
+ "cmdLine"
5920
+ ]
5437
5921
  },
5438
5922
  {
5439
5923
  "id": "sqr-000-010",
@@ -5441,6 +5925,8 @@
5441
5925
  "tags": {
5442
5926
  "type": "command_injection",
5443
5927
  "category": "attack_attempt",
5928
+ "cwe": "78",
5929
+ "capec": "1000/152/248/88",
5444
5930
  "confidence": "1"
5445
5931
  },
5446
5932
  "conditions": [
@@ -5461,6 +5947,9 @@
5461
5947
  },
5462
5948
  {
5463
5949
  "address": "grpc.server.request.message"
5950
+ },
5951
+ {
5952
+ "address": "graphql.server.all_resolvers"
5464
5953
  }
5465
5954
  ],
5466
5955
  "regex": "(?i)[&|]\\s*timeout\\s+/t\\s+\\d+\\s*[&|]"
@@ -5476,6 +5965,8 @@
5476
5965
  "tags": {
5477
5966
  "type": "ssrf",
5478
5967
  "category": "attack_attempt",
5968
+ "cwe": "918",
5969
+ "capec": "1000/225/115/664",
5479
5970
  "confidence": "1"
5480
5971
  },
5481
5972
  "conditions": [
@@ -5493,6 +5984,9 @@
5493
5984
  },
5494
5985
  {
5495
5986
  "address": "grpc.server.request.message"
5987
+ },
5988
+ {
5989
+ "address": "graphql.server.all_resolvers"
5496
5990
  }
5497
5991
  ],
5498
5992
  "regex": "http(s?):\\/\\/([A-Za-z0-9\\.\\-\\_]+|\\[[A-Fa-f0-9\\:]+\\]|):5986\\/wsman",
@@ -5511,6 +6005,8 @@
5511
6005
  "tags": {
5512
6006
  "type": "ssrf",
5513
6007
  "category": "attack_attempt",
6008
+ "cwe": "918",
6009
+ "capec": "1000/225/115/664",
5514
6010
  "confidence": "0"
5515
6011
  },
5516
6012
  "conditions": [
@@ -5528,6 +6024,9 @@
5528
6024
  },
5529
6025
  {
5530
6026
  "address": "grpc.server.request.message"
6027
+ },
6028
+ {
6029
+ "address": "graphql.server.all_resolvers"
5531
6030
  }
5532
6031
  ],
5533
6032
  "regex": "^(jar:)?(http|https):\\/\\/([0-9oq]{1,5}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}|[0-9]{1,10})(:[0-9]{1,5})?(\\/[^:@]*)?$"
@@ -5545,6 +6044,8 @@
5545
6044
  "tags": {
5546
6045
  "type": "ssrf",
5547
6046
  "category": "attack_attempt",
6047
+ "cwe": "918",
6048
+ "capec": "1000/225/115/664",
5548
6049
  "confidence": "0"
5549
6050
  },
5550
6051
  "conditions": [
@@ -5562,6 +6063,9 @@
5562
6063
  },
5563
6064
  {
5564
6065
  "address": "grpc.server.request.message"
6066
+ },
6067
+ {
6068
+ "address": "graphql.server.all_resolvers"
5565
6069
  }
5566
6070
  ],
5567
6071
  "regex": "^(jar:)?(http|https):\\/\\/((\\[)?[:0-9a-f\\.x]{2,}(\\])?)(:[0-9]{1,5})?(\\/[^:@]*)?$"
@@ -5579,6 +6083,8 @@
5579
6083
  "tags": {
5580
6084
  "type": "ssrf",
5581
6085
  "category": "attack_attempt",
6086
+ "cwe": "918",
6087
+ "capec": "1000/225/115/664",
5582
6088
  "confidence": "1"
5583
6089
  },
5584
6090
  "conditions": [
@@ -5599,6 +6105,9 @@
5599
6105
  },
5600
6106
  {
5601
6107
  "address": "grpc.server.request.message"
6108
+ },
6109
+ {
6110
+ "address": "graphql.server.all_resolvers"
5602
6111
  }
5603
6112
  ],
5604
6113
  "regex": "(http|https):\\/\\/(?:.*\\.)?(?:burpcollaborator\\.net|localtest\\.me|mail\\.ebc\\.apple\\.com|bugbounty\\.dod\\.network|.*\\.[nx]ip\\.io|oastify\\.com|oast\\.(?:pro|live|site|online|fun|me)|sslip\\.io|requestbin\\.com|requestbin\\.net|hookbin\\.com|webhook\\.site|canarytokens\\.com|interact\\.sh|ngrok\\.io|bugbounty\\.click|prbly\\.win|qualysperiscope\\.com|vii.one|act1on3.ru)"
@@ -5614,6 +6123,8 @@
5614
6123
  "tags": {
5615
6124
  "type": "ssrf",
5616
6125
  "category": "attack_attempt",
6126
+ "cwe": "918",
6127
+ "capec": "1000/225/115/664",
5617
6128
  "confidence": "0"
5618
6129
  },
5619
6130
  "conditions": [
@@ -5634,6 +6145,9 @@
5634
6145
  },
5635
6146
  {
5636
6147
  "address": "grpc.server.request.message"
6148
+ },
6149
+ {
6150
+ "address": "graphql.server.all_resolvers"
5637
6151
  }
5638
6152
  ],
5639
6153
  "regex": "^(jar:)?((file|netdoc):\\/\\/[\\\\\\/]+|(dict|gopher|ldap|sftp|tftp):\\/\\/.*:[0-9]{1,5})"
@@ -5651,6 +6165,8 @@
5651
6165
  "tags": {
5652
6166
  "type": "exploit_detection",
5653
6167
  "category": "attack_attempt",
6168
+ "cwe": "94",
6169
+ "capec": "1000/152/242",
5654
6170
  "confidence": "1"
5655
6171
  },
5656
6172
  "conditions": [
@@ -5674,6 +6190,9 @@
5674
6190
  },
5675
6191
  {
5676
6192
  "address": "grpc.server.request.message"
6193
+ },
6194
+ {
6195
+ "address": "graphql.server.all_resolvers"
5677
6196
  }
5678
6197
  ],
5679
6198
  "regex": "\\${[^j]*j[^n]*n[^d]*d[^i]*i[^:]*:[^}]*}"
@@ -5691,6 +6210,8 @@
5691
6210
  "tags": {
5692
6211
  "type": "attack_tool",
5693
6212
  "category": "attack_attempt",
6213
+ "cwe": "200",
6214
+ "capec": "1000/118/169",
5694
6215
  "tool_name": "Joomla exploitation tool",
5695
6216
  "confidence": "1"
5696
6217
  },
@@ -5718,6 +6239,8 @@
5718
6239
  "tags": {
5719
6240
  "type": "attack_tool",
5720
6241
  "category": "attack_attempt",
6242
+ "cwe": "200",
6243
+ "capec": "1000/118/169",
5721
6244
  "tool_name": "Nessus",
5722
6245
  "confidence": "1"
5723
6246
  },
@@ -5745,6 +6268,8 @@
5745
6268
  "tags": {
5746
6269
  "type": "attack_tool",
5747
6270
  "category": "attack_attempt",
6271
+ "cwe": "200",
6272
+ "capec": "1000/118/169",
5748
6273
  "tool_name": "Arachni",
5749
6274
  "confidence": "1"
5750
6275
  },
@@ -5772,6 +6297,8 @@
5772
6297
  "tags": {
5773
6298
  "type": "attack_tool",
5774
6299
  "category": "attack_attempt",
6300
+ "cwe": "200",
6301
+ "capec": "1000/118/169",
5775
6302
  "tool_name": "Jorgee",
5776
6303
  "confidence": "1"
5777
6304
  },
@@ -5799,6 +6326,8 @@
5799
6326
  "tags": {
5800
6327
  "type": "commercial_scanner",
5801
6328
  "category": "attack_attempt",
6329
+ "cwe": "200",
6330
+ "capec": "1000/118/169",
5802
6331
  "tool_name": "Probely",
5803
6332
  "confidence": "0"
5804
6333
  },
@@ -5826,6 +6355,8 @@
5826
6355
  "tags": {
5827
6356
  "type": "attack_tool",
5828
6357
  "category": "attack_attempt",
6358
+ "cwe": "200",
6359
+ "capec": "1000/118/169",
5829
6360
  "tool_name": "Metis",
5830
6361
  "confidence": "1"
5831
6362
  },
@@ -5853,6 +6384,8 @@
5853
6384
  "tags": {
5854
6385
  "type": "attack_tool",
5855
6386
  "category": "attack_attempt",
6387
+ "cwe": "200",
6388
+ "capec": "1000/118/169",
5856
6389
  "tool_name": "SQLPowerInjector",
5857
6390
  "confidence": "1"
5858
6391
  },
@@ -5880,6 +6413,8 @@
5880
6413
  "tags": {
5881
6414
  "type": "attack_tool",
5882
6415
  "category": "attack_attempt",
6416
+ "cwe": "200",
6417
+ "capec": "1000/118/169",
5883
6418
  "tool_name": "N-Stealth",
5884
6419
  "confidence": "1"
5885
6420
  },
@@ -5907,6 +6442,8 @@
5907
6442
  "tags": {
5908
6443
  "type": "attack_tool",
5909
6444
  "category": "attack_attempt",
6445
+ "cwe": "200",
6446
+ "capec": "1000/118/169",
5910
6447
  "tool_name": "Brutus",
5911
6448
  "confidence": "1"
5912
6449
  },
@@ -5934,6 +6471,8 @@
5934
6471
  "tags": {
5935
6472
  "type": "security_scanner",
5936
6473
  "category": "attack_attempt",
6474
+ "cwe": "200",
6475
+ "capec": "1000/118/169",
5937
6476
  "confidence": "1"
5938
6477
  },
5939
6478
  "conditions": [
@@ -5960,6 +6499,8 @@
5960
6499
  "tags": {
5961
6500
  "type": "commercial_scanner",
5962
6501
  "category": "attack_attempt",
6502
+ "cwe": "200",
6503
+ "capec": "1000/118/169",
5963
6504
  "tool_name": "Netsparker",
5964
6505
  "confidence": "0"
5965
6506
  },
@@ -5987,6 +6528,8 @@
5987
6528
  "tags": {
5988
6529
  "type": "attack_tool",
5989
6530
  "category": "attack_attempt",
6531
+ "cwe": "200",
6532
+ "capec": "1000/118/169",
5990
6533
  "tool_name": "JAASCois",
5991
6534
  "confidence": "1"
5992
6535
  },
@@ -6014,6 +6557,8 @@
6014
6557
  "tags": {
6015
6558
  "type": "attack_tool",
6016
6559
  "category": "attack_attempt",
6560
+ "cwe": "200",
6561
+ "capec": "1000/118/169",
6017
6562
  "tool_name": "Nsauditor",
6018
6563
  "confidence": "1"
6019
6564
  },
@@ -6041,6 +6586,8 @@
6041
6586
  "tags": {
6042
6587
  "type": "attack_tool",
6043
6588
  "category": "attack_attempt",
6589
+ "cwe": "200",
6590
+ "capec": "1000/118/169",
6044
6591
  "tool_name": "Paros",
6045
6592
  "confidence": "1"
6046
6593
  },
@@ -6068,6 +6615,8 @@
6068
6615
  "tags": {
6069
6616
  "type": "attack_tool",
6070
6617
  "category": "attack_attempt",
6618
+ "cwe": "200",
6619
+ "capec": "1000/118/169",
6071
6620
  "tool_name": "DirBuster",
6072
6621
  "confidence": "1"
6073
6622
  },
@@ -6095,6 +6644,8 @@
6095
6644
  "tags": {
6096
6645
  "type": "attack_tool",
6097
6646
  "category": "attack_attempt",
6647
+ "cwe": "200",
6648
+ "capec": "1000/118/169",
6098
6649
  "tool_name": "Pangolin",
6099
6650
  "confidence": "1"
6100
6651
  },
@@ -6122,6 +6673,8 @@
6122
6673
  "tags": {
6123
6674
  "type": "commercial_scanner",
6124
6675
  "category": "attack_attempt",
6676
+ "cwe": "200",
6677
+ "capec": "1000/118/169",
6125
6678
  "tool_name": "Qualys",
6126
6679
  "confidence": "0"
6127
6680
  },
@@ -6149,6 +6702,8 @@
6149
6702
  "tags": {
6150
6703
  "type": "attack_tool",
6151
6704
  "category": "attack_attempt",
6705
+ "cwe": "200",
6706
+ "capec": "1000/118/169",
6152
6707
  "tool_name": "SQLNinja",
6153
6708
  "confidence": "1"
6154
6709
  },
@@ -6176,6 +6731,8 @@
6176
6731
  "tags": {
6177
6732
  "type": "attack_tool",
6178
6733
  "category": "attack_attempt",
6734
+ "cwe": "200",
6735
+ "capec": "1000/118/169",
6179
6736
  "tool_name": "Nikto",
6180
6737
  "confidence": "1"
6181
6738
  },
@@ -6203,6 +6760,8 @@
6203
6760
  "tags": {
6204
6761
  "type": "attack_tool",
6205
6762
  "category": "attack_attempt",
6763
+ "cwe": "200",
6764
+ "capec": "1000/118/169",
6206
6765
  "tool_name": "BlackWidow",
6207
6766
  "confidence": "1"
6208
6767
  },
@@ -6230,6 +6789,8 @@
6230
6789
  "tags": {
6231
6790
  "type": "attack_tool",
6232
6791
  "category": "attack_attempt",
6792
+ "cwe": "200",
6793
+ "capec": "1000/118/169",
6233
6794
  "tool_name": "Grendel-Scan",
6234
6795
  "confidence": "1"
6235
6796
  },
@@ -6257,6 +6818,8 @@
6257
6818
  "tags": {
6258
6819
  "type": "attack_tool",
6259
6820
  "category": "attack_attempt",
6821
+ "cwe": "200",
6822
+ "capec": "1000/118/169",
6260
6823
  "tool_name": "Havij",
6261
6824
  "confidence": "1"
6262
6825
  },
@@ -6284,6 +6847,8 @@
6284
6847
  "tags": {
6285
6848
  "type": "attack_tool",
6286
6849
  "category": "attack_attempt",
6850
+ "cwe": "200",
6851
+ "capec": "1000/118/169",
6287
6852
  "tool_name": "w3af",
6288
6853
  "confidence": "1"
6289
6854
  },
@@ -6311,6 +6876,8 @@
6311
6876
  "tags": {
6312
6877
  "type": "attack_tool",
6313
6878
  "category": "attack_attempt",
6879
+ "cwe": "200",
6880
+ "capec": "1000/118/169",
6314
6881
  "tool_name": "Nmap",
6315
6882
  "confidence": "1"
6316
6883
  },
@@ -6338,6 +6905,8 @@
6338
6905
  "tags": {
6339
6906
  "type": "attack_tool",
6340
6907
  "category": "attack_attempt",
6908
+ "cwe": "200",
6909
+ "capec": "1000/118/169",
6341
6910
  "tool_name": "Nessus",
6342
6911
  "confidence": "1"
6343
6912
  },
@@ -6365,6 +6934,8 @@
6365
6934
  "tags": {
6366
6935
  "type": "attack_tool",
6367
6936
  "category": "attack_attempt",
6937
+ "cwe": "200",
6938
+ "capec": "1000/118/169",
6368
6939
  "tool_name": "EvilScanner",
6369
6940
  "confidence": "1"
6370
6941
  },
@@ -6392,6 +6963,8 @@
6392
6963
  "tags": {
6393
6964
  "type": "attack_tool",
6394
6965
  "category": "attack_attempt",
6966
+ "cwe": "200",
6967
+ "capec": "1000/118/169",
6395
6968
  "tool_name": "WebFuck",
6396
6969
  "confidence": "1"
6397
6970
  },
@@ -6419,6 +6992,8 @@
6419
6992
  "tags": {
6420
6993
  "type": "attack_tool",
6421
6994
  "category": "attack_attempt",
6995
+ "cwe": "200",
6996
+ "capec": "1000/118/169",
6422
6997
  "tool_name": "OpenVAS",
6423
6998
  "confidence": "1"
6424
6999
  },
@@ -6446,6 +7021,8 @@
6446
7021
  "tags": {
6447
7022
  "type": "attack_tool",
6448
7023
  "category": "attack_attempt",
7024
+ "cwe": "200",
7025
+ "capec": "1000/118/169",
6449
7026
  "tool_name": "Spider-Pig",
6450
7027
  "confidence": "1"
6451
7028
  },
@@ -6473,6 +7050,8 @@
6473
7050
  "tags": {
6474
7051
  "type": "attack_tool",
6475
7052
  "category": "attack_attempt",
7053
+ "cwe": "200",
7054
+ "capec": "1000/118/169",
6476
7055
  "tool_name": "Zgrab",
6477
7056
  "confidence": "1"
6478
7057
  },
@@ -6500,6 +7079,8 @@
6500
7079
  "tags": {
6501
7080
  "type": "attack_tool",
6502
7081
  "category": "attack_attempt",
7082
+ "cwe": "200",
7083
+ "capec": "1000/118/169",
6503
7084
  "tool_name": "Zmeu",
6504
7085
  "confidence": "1"
6505
7086
  },
@@ -6527,6 +7108,8 @@
6527
7108
  "tags": {
6528
7109
  "type": "commercial_scanner",
6529
7110
  "category": "attack_attempt",
7111
+ "cwe": "200",
7112
+ "capec": "1000/118/169",
6530
7113
  "tool_name": "GoogleSecurityScanner",
6531
7114
  "confidence": "0"
6532
7115
  },
@@ -6554,6 +7137,8 @@
6554
7137
  "tags": {
6555
7138
  "type": "attack_tool",
6556
7139
  "category": "attack_attempt",
7140
+ "cwe": "200",
7141
+ "capec": "1000/118/169",
6557
7142
  "tool_name": "Commix",
6558
7143
  "confidence": "1"
6559
7144
  },
@@ -6581,6 +7166,8 @@
6581
7166
  "tags": {
6582
7167
  "type": "attack_tool",
6583
7168
  "category": "attack_attempt",
7169
+ "cwe": "200",
7170
+ "capec": "1000/118/169",
6584
7171
  "tool_name": "Gobuster",
6585
7172
  "confidence": "1"
6586
7173
  },
@@ -6608,6 +7195,8 @@
6608
7195
  "tags": {
6609
7196
  "type": "attack_tool",
6610
7197
  "category": "attack_attempt",
7198
+ "cwe": "200",
7199
+ "capec": "1000/118/169",
6611
7200
  "tool_name": "CGIchk",
6612
7201
  "confidence": "1"
6613
7202
  },
@@ -6635,6 +7224,8 @@
6635
7224
  "tags": {
6636
7225
  "type": "attack_tool",
6637
7226
  "category": "attack_attempt",
7227
+ "cwe": "200",
7228
+ "capec": "1000/118/169",
6638
7229
  "tool_name": "FFUF",
6639
7230
  "confidence": "1"
6640
7231
  },
@@ -6662,6 +7253,8 @@
6662
7253
  "tags": {
6663
7254
  "type": "attack_tool",
6664
7255
  "category": "attack_attempt",
7256
+ "cwe": "200",
7257
+ "capec": "1000/118/169",
6665
7258
  "tool_name": "Nuclei",
6666
7259
  "confidence": "1"
6667
7260
  },
@@ -6689,6 +7282,8 @@
6689
7282
  "tags": {
6690
7283
  "type": "attack_tool",
6691
7284
  "category": "attack_attempt",
7285
+ "cwe": "200",
7286
+ "capec": "1000/118/169",
6692
7287
  "tool_name": "Tsunami",
6693
7288
  "confidence": "1"
6694
7289
  },
@@ -6716,6 +7311,8 @@
6716
7311
  "tags": {
6717
7312
  "type": "attack_tool",
6718
7313
  "category": "attack_attempt",
7314
+ "cwe": "200",
7315
+ "capec": "1000/118/169",
6719
7316
  "tool_name": "Nimbostratus",
6720
7317
  "confidence": "1"
6721
7318
  },
@@ -6743,6 +7340,8 @@
6743
7340
  "tags": {
6744
7341
  "type": "security_scanner",
6745
7342
  "category": "attack_attempt",
7343
+ "cwe": "200",
7344
+ "capec": "1000/118/169",
6746
7345
  "tool_name": "Datadog Canary Test",
6747
7346
  "confidence": "1"
6748
7347
  },
@@ -6776,6 +7375,8 @@
6776
7375
  "tags": {
6777
7376
  "type": "attack_tool",
6778
7377
  "category": "attack_attempt",
7378
+ "cwe": "200",
7379
+ "capec": "1000/118/169",
6779
7380
  "tool_name": "Datadog Canary Test",
6780
7381
  "confidence": "1"
6781
7382
  },
@@ -6812,6 +7413,8 @@
6812
7413
  "tags": {
6813
7414
  "type": "commercial_scanner",
6814
7415
  "category": "attack_attempt",
7416
+ "cwe": "200",
7417
+ "capec": "1000/118/169",
6815
7418
  "tool_name": "AlertLogic",
6816
7419
  "confidence": "0"
6817
7420
  },
@@ -6839,6 +7442,8 @@
6839
7442
  "tags": {
6840
7443
  "type": "attack_tool",
6841
7444
  "category": "attack_attempt",
7445
+ "cwe": "200",
7446
+ "capec": "1000/118/169",
6842
7447
  "tool_name": "wfuzz",
6843
7448
  "confidence": "1"
6844
7449
  },
@@ -6866,6 +7471,8 @@
6866
7471
  "tags": {
6867
7472
  "type": "commercial_scanner",
6868
7473
  "category": "attack_attempt",
7474
+ "cwe": "200",
7475
+ "capec": "1000/118/169",
6869
7476
  "tool_name": "Detectify",
6870
7477
  "confidence": "0"
6871
7478
  },
@@ -6893,6 +7500,8 @@
6893
7500
  "tags": {
6894
7501
  "type": "attack_tool",
6895
7502
  "category": "attack_attempt",
7503
+ "cwe": "200",
7504
+ "capec": "1000/118/169",
6896
7505
  "tool_name": "BSQLBF",
6897
7506
  "confidence": "1"
6898
7507
  },
@@ -6920,6 +7529,8 @@
6920
7529
  "tags": {
6921
7530
  "type": "attack_tool",
6922
7531
  "category": "attack_attempt",
7532
+ "cwe": "200",
7533
+ "capec": "1000/118/169",
6923
7534
  "tool_name": "masscan",
6924
7535
  "confidence": "1"
6925
7536
  },
@@ -6947,6 +7558,8 @@
6947
7558
  "tags": {
6948
7559
  "type": "attack_tool",
6949
7560
  "category": "attack_attempt",
7561
+ "cwe": "200",
7562
+ "capec": "1000/118/169",
6950
7563
  "tool_name": "WPScan",
6951
7564
  "confidence": "1"
6952
7565
  },
@@ -6974,6 +7587,8 @@
6974
7587
  "tags": {
6975
7588
  "type": "commercial_scanner",
6976
7589
  "category": "attack_attempt",
7590
+ "cwe": "200",
7591
+ "capec": "1000/118/169",
6977
7592
  "tool_name": "Aon",
6978
7593
  "confidence": "0"
6979
7594
  },
@@ -7001,6 +7616,8 @@
7001
7616
  "tags": {
7002
7617
  "type": "security_scanner",
7003
7618
  "category": "attack_attempt",
7619
+ "cwe": "200",
7620
+ "capec": "1000/118/169",
7004
7621
  "confidence": "1"
7005
7622
  },
7006
7623
  "conditions": [
@@ -7014,7 +7631,10 @@
7014
7631
  ]
7015
7632
  }
7016
7633
  ],
7017
- "regex": "mozilla/4\\.0 \\(compatible(; msie 6\\.0; win32)?\\)"
7634
+ "regex": "mozilla/4\\.0 \\(compatible(; msie (?:6\\.0; win32|4\\.0; Windows NT))?\\)",
7635
+ "options": {
7636
+ "case_sensitive": false
7637
+ }
7018
7638
  },
7019
7639
  "operator": "match_regex"
7020
7640
  }
@@ -7027,6 +7647,8 @@
7027
7647
  "tags": {
7028
7648
  "type": "attack_tool",
7029
7649
  "category": "attack_attempt",
7650
+ "cwe": "200",
7651
+ "capec": "1000/118/169",
7030
7652
  "tool_name": "SQLmap",
7031
7653
  "confidence": "1"
7032
7654
  },
@@ -7054,6 +7676,8 @@
7054
7676
  "tags": {
7055
7677
  "type": "attack_tool",
7056
7678
  "category": "attack_attempt",
7679
+ "cwe": "200",
7680
+ "capec": "1000/118/169",
7057
7681
  "tool_name": "Skipfish",
7058
7682
  "confidence": "1"
7059
7683
  },
@@ -7076,4 +7700,4 @@
7076
7700
  "transformers": []
7077
7701
  }
7078
7702
  ]
7079
- }
7703
+ }