dd-trace 4.15.0 → 4.17.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (76) hide show
  1. package/LICENSE-3rdparty.csv +2 -0
  2. package/ext/tags.d.ts +1 -0
  3. package/ext/tags.js +1 -0
  4. package/index.d.ts +1 -0
  5. package/package.json +9 -6
  6. package/packages/datadog-esbuild/index.js +30 -25
  7. package/packages/datadog-instrumentations/src/body-parser.js +4 -3
  8. package/packages/datadog-instrumentations/src/cookie-parser.js +37 -0
  9. package/packages/datadog-instrumentations/src/cucumber.js +24 -4
  10. package/packages/datadog-instrumentations/src/express-mongo-sanitize.js +45 -0
  11. package/packages/datadog-instrumentations/src/express.js +3 -2
  12. package/packages/datadog-instrumentations/src/graphql.js +5 -0
  13. package/packages/datadog-instrumentations/src/helpers/hooks.js +5 -1
  14. package/packages/datadog-instrumentations/src/http/server.js +1 -1
  15. package/packages/datadog-instrumentations/src/jest.js +20 -11
  16. package/packages/datadog-instrumentations/src/knex.js +62 -1
  17. package/packages/datadog-instrumentations/src/mocha.js +19 -4
  18. package/packages/datadog-instrumentations/src/mongodb.js +63 -0
  19. package/packages/datadog-instrumentations/src/mongoose.js +140 -1
  20. package/packages/datadog-instrumentations/src/next.js +62 -80
  21. package/packages/datadog-instrumentations/src/pg.js +14 -15
  22. package/packages/datadog-instrumentations/src/playwright.js +26 -5
  23. package/packages/datadog-plugin-cucumber/src/index.js +17 -5
  24. package/packages/datadog-plugin-cypress/src/plugin.js +38 -8
  25. package/packages/datadog-plugin-jest/src/index.js +19 -4
  26. package/packages/datadog-plugin-jest/src/util.js +45 -2
  27. package/packages/datadog-plugin-memcached/src/index.js +10 -5
  28. package/packages/datadog-plugin-mocha/src/index.js +19 -6
  29. package/packages/datadog-plugin-mysql/src/index.js +2 -2
  30. package/packages/datadog-plugin-next/src/index.js +14 -5
  31. package/packages/datadog-plugin-pg/src/index.js +2 -2
  32. package/packages/dd-trace/src/appsec/channels.js +4 -1
  33. package/packages/dd-trace/src/appsec/iast/analyzers/analyzers.js +1 -0
  34. package/packages/dd-trace/src/appsec/iast/analyzers/nosql-injection-mongodb-analyzer.js +166 -0
  35. package/packages/dd-trace/src/appsec/iast/analyzers/sql-injection-analyzer.js +21 -1
  36. package/packages/dd-trace/src/appsec/iast/analyzers/unvalidated-redirect-analyzer.js +3 -3
  37. package/packages/dd-trace/src/appsec/iast/analyzers/vulnerability-analyzer.js +1 -2
  38. package/packages/dd-trace/src/appsec/iast/iast-plugin.js +4 -0
  39. package/packages/dd-trace/src/appsec/iast/taint-tracking/operations.js +25 -12
  40. package/packages/dd-trace/src/appsec/iast/taint-tracking/plugin.js +4 -4
  41. package/packages/dd-trace/src/appsec/iast/taint-tracking/secure-marks-generator.js +13 -0
  42. package/packages/dd-trace/src/appsec/iast/taint-tracking/source-types.js +2 -1
  43. package/packages/dd-trace/src/appsec/iast/vulnerabilities-formatter/evidence-redaction/sensitive-analyzers/json-sensitive-analyzer.js +16 -0
  44. package/packages/dd-trace/src/appsec/iast/vulnerabilities-formatter/evidence-redaction/sensitive-handler.js +3 -4
  45. package/packages/dd-trace/src/appsec/iast/vulnerabilities-formatter/evidence-redaction/sensitive-regex.js +9 -0
  46. package/packages/dd-trace/src/appsec/iast/vulnerabilities-formatter/index.js +13 -1
  47. package/packages/dd-trace/src/appsec/iast/vulnerabilities-formatter/utils.js +169 -0
  48. package/packages/dd-trace/src/appsec/iast/vulnerabilities.js +1 -0
  49. package/packages/dd-trace/src/appsec/index.js +45 -14
  50. package/packages/dd-trace/src/appsec/recommended.json +549 -24
  51. package/packages/dd-trace/src/appsec/remote_config/capabilities.js +2 -1
  52. package/packages/dd-trace/src/appsec/remote_config/index.js +2 -0
  53. package/packages/dd-trace/src/appsec/remote_config/manager.js +11 -3
  54. package/packages/dd-trace/src/appsec/reporter.js +7 -5
  55. package/packages/dd-trace/src/appsec/telemetry.js +2 -2
  56. package/packages/dd-trace/src/appsec/waf/waf_context_wrapper.js +18 -5
  57. package/packages/dd-trace/src/appsec/waf/waf_manager.js +5 -4
  58. package/packages/dd-trace/src/ci-visibility/intelligent-test-runner/get-itr-configuration.js +1 -14
  59. package/packages/dd-trace/src/ci-visibility/intelligent-test-runner/get-skippable-suites.js +1 -13
  60. package/packages/dd-trace/src/config.js +8 -0
  61. package/packages/dd-trace/src/datastreams/processor.js +6 -2
  62. package/packages/dd-trace/src/format.js +9 -1
  63. package/packages/dd-trace/src/opentracing/propagation/text_map.js +2 -2
  64. package/packages/dd-trace/src/opentracing/tracer.js +0 -2
  65. package/packages/dd-trace/src/plugin_manager.js +4 -3
  66. package/packages/dd-trace/src/plugins/database.js +14 -4
  67. package/packages/dd-trace/src/plugins/index.js +1 -0
  68. package/packages/dd-trace/src/plugins/outbound.js +4 -3
  69. package/packages/dd-trace/src/plugins/util/ci.js +17 -0
  70. package/packages/dd-trace/src/plugins/util/git.js +26 -4
  71. package/packages/dd-trace/src/plugins/util/test.js +16 -1
  72. package/packages/dd-trace/src/profiling/config.js +36 -5
  73. package/packages/dd-trace/src/profiling/profilers/wall.js +7 -1
  74. package/packages/dd-trace/src/service-naming/extra-services.js +24 -0
  75. package/packages/dd-trace/src/telemetry/index.js +10 -1
  76. package/packages/dd-trace/src/telemetry/metrics.js +0 -5
package/packages/dd-trace/src/appsec/recommended.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "version": "2.2",
3
3
  "metadata": {
4
- "rules_version": "1.7.2"
4
+ "rules_version": "1.8.0"
5
5
  },
6
6
  "rules": [
7
7
  {
@@ -62,6 +62,8 @@
62
62
  "crs_id": "913110",
63
63
  "category": "attack_attempt",
64
64
  "tool_name": "Acunetix",
65
+ "cwe": "200",
66
+ "capec": "1000/118/169",
65
67
  "confidence": "0"
66
68
  },
67
69
  "conditions": [
@@ -94,6 +96,8 @@
94
96
  "type": "security_scanner",
95
97
  "crs_id": "913120",
96
98
  "category": "attack_attempt",
99
+ "cwe": "200",
100
+ "capec": "1000/118/169",
97
101
  "confidence": "1"
98
102
  },
99
103
  "conditions": [
@@ -108,6 +112,12 @@
108
112
  },
109
113
  {
110
114
  "address": "server.request.path_params"
115
+ },
116
+ {
117
+ "address": "grpc.server.request.message"
118
+ },
119
+ {
120
+ "address": "graphql.server.all_resolvers"
111
121
  }
112
122
  ],
113
123
  "list": [
@@ -144,6 +154,8 @@
144
154
  "type": "http_protocol_violation",
145
155
  "crs_id": "920260",
146
156
  "category": "attack_attempt",
157
+ "cwe": "176",
158
+ "capec": "1000/255/153/267/71",
147
159
  "confidence": "0"
148
160
  },
149
161
  "conditions": [
@@ -171,7 +183,9 @@
171
183
  "tags": {
172
184
  "type": "http_protocol_violation",
173
185
  "crs_id": "921110",
174
- "category": "attack_attempt"
186
+ "category": "attack_attempt",
187
+ "cwe": "444",
188
+ "capec": "1000/210/272/220/33"
175
189
  },
176
190
  "conditions": [
177
191
  {
@@ -206,7 +220,9 @@
206
220
  "tags": {
207
221
  "type": "http_protocol_violation",
208
222
  "crs_id": "921160",
209
- "category": "attack_attempt"
223
+ "category": "attack_attempt",
224
+ "cwe": "113",
225
+ "capec": "1000/210/272/220/105"
210
226
  },
211
227
  "conditions": [
212
228
  {
@@ -239,6 +255,8 @@
239
255
  "type": "lfi",
240
256
  "crs_id": "930100",
241
257
  "category": "attack_attempt",
258
+ "cwe": "22",
259
+ "capec": "1000/255/153/126",
242
260
  "confidence": "1"
243
261
  },
244
262
  "conditions": [
@@ -271,6 +289,8 @@
271
289
  "type": "lfi",
272
290
  "crs_id": "930110",
273
291
  "category": "attack_attempt",
292
+ "cwe": "22",
293
+ "capec": "1000/255/153/126",
274
294
  "confidence": "1"
275
295
  },
276
296
  "conditions": [
@@ -304,6 +324,8 @@
304
324
  "type": "lfi",
305
325
  "crs_id": "930120",
306
326
  "category": "attack_attempt",
327
+ "cwe": "22",
328
+ "capec": "1000/255/153/126",
307
329
  "confidence": "1"
308
330
  },
309
331
  "conditions": [
@@ -321,6 +343,9 @@
321
343
  },
322
344
  {
323
345
  "address": "grpc.server.request.message"
346
+ },
347
+ {
348
+ "address": "graphql.server.all_resolvers"
324
349
  }
325
350
  ],
326
351
  "list": [
@@ -1764,6 +1789,8 @@
1764
1789
  "type": "rfi",
1765
1790
  "crs_id": "931110",
1766
1791
  "category": "attack_attempt",
1792
+ "cwe": "98",
1793
+ "capec": "1000/152/175/253/193",
1767
1794
  "confidence": "1"
1768
1795
  },
1769
1796
  "conditions": [
@@ -1790,7 +1817,9 @@
1790
1817
  "tags": {
1791
1818
  "type": "rfi",
1792
1819
  "crs_id": "931120",
1793
- "category": "attack_attempt"
1820
+ "category": "attack_attempt",
1821
+ "cwe": "98",
1822
+ "capec": "1000/152/175/253/193"
1794
1823
  },
1795
1824
  "conditions": [
1796
1825
  {
@@ -1804,6 +1833,12 @@
1804
1833
  },
1805
1834
  {
1806
1835
  "address": "server.request.path_params"
1836
+ },
1837
+ {
1838
+ "address": "grpc.server.request.message"
1839
+ },
1840
+ {
1841
+ "address": "graphql.server.all_resolvers"
1807
1842
  }
1808
1843
  ],
1809
1844
  "regex": "^(?i:file|ftps?)://.*?\\?+$",
@@ -1824,6 +1859,8 @@
1824
1859
  "type": "command_injection",
1825
1860
  "crs_id": "932160",
1826
1861
  "category": "attack_attempt",
1862
+ "cwe": "77",
1863
+ "capec": "1000/152/248/88",
1827
1864
  "confidence": "1"
1828
1865
  },
1829
1866
  "conditions": [
@@ -1841,6 +1878,9 @@
1841
1878
  },
1842
1879
  {
1843
1880
  "address": "grpc.server.request.message"
1881
+ },
1882
+ {
1883
+ "address": "graphql.server.all_resolvers"
1844
1884
  }
1845
1885
  ],
1846
1886
  "list": [
@@ -2326,6 +2366,8 @@
2326
2366
  "type": "command_injection",
2327
2367
  "crs_id": "932171",
2328
2368
  "category": "attack_attempt",
2369
+ "cwe": "77",
2370
+ "capec": "1000/152/248/88",
2329
2371
  "confidence": "1"
2330
2372
  },
2331
2373
  "conditions": [
@@ -2346,6 +2388,9 @@
2346
2388
  },
2347
2389
  {
2348
2390
  "address": "grpc.server.request.message"
2391
+ },
2392
+ {
2393
+ "address": "graphql.server.all_resolvers"
2349
2394
  }
2350
2395
  ],
2351
2396
  "regex": "^\\(\\s*\\)\\s+{",
@@ -2366,6 +2411,8 @@
2366
2411
  "type": "command_injection",
2367
2412
  "crs_id": "932180",
2368
2413
  "category": "attack_attempt",
2414
+ "cwe": "706",
2415
+ "capec": "1000/225/122/17/177",
2369
2416
  "confidence": "1"
2370
2417
  },
2371
2418
  "conditions": [
@@ -2425,6 +2472,8 @@
2425
2472
  "type": "unrestricted_file_upload",
2426
2473
  "crs_id": "933111",
2427
2474
  "category": "attack_attempt",
2475
+ "cwe": "434",
2476
+ "capec": "1000/225/122/17/650",
2428
2477
  "confidence": "1"
2429
2478
  },
2430
2479
  "conditions": [
@@ -2476,6 +2525,8 @@
2476
2525
  "type": "php_code_injection",
2477
2526
  "crs_id": "933130",
2478
2527
  "category": "attack_attempt",
2528
+ "cwe": "94",
2529
+ "capec": "1000/225/122/17/650",
2479
2530
  "confidence": "1"
2480
2531
  },
2481
2532
  "conditions": [
@@ -2493,6 +2544,9 @@
2493
2544
  },
2494
2545
  {
2495
2546
  "address": "grpc.server.request.message"
2547
+ },
2548
+ {
2549
+ "address": "graphql.server.all_resolvers"
2496
2550
  }
2497
2551
  ],
2498
2552
  "list": [
@@ -2532,7 +2586,9 @@
2532
2586
  "tags": {
2533
2587
  "type": "php_code_injection",
2534
2588
  "crs_id": "933131",
2535
- "category": "attack_attempt"
2589
+ "category": "attack_attempt",
2590
+ "cwe": "94",
2591
+ "capec": "1000/225/122/17/650"
2536
2592
  },
2537
2593
  "conditions": [
2538
2594
  {
@@ -2549,6 +2605,9 @@
2549
2605
  },
2550
2606
  {
2551
2607
  "address": "grpc.server.request.message"
2608
+ },
2609
+ {
2610
+ "address": "graphql.server.all_resolvers"
2552
2611
  }
2553
2612
  ],
2554
2613
  "regex": "(?:HTTP_(?:ACCEPT(?:_(?:ENCODING|LANGUAGE|CHARSET))?|(?:X_FORWARDED_FO|REFERE)R|(?:USER_AGEN|HOS)T|CONNECTION|KEEP_ALIVE)|PATH_(?:TRANSLATED|INFO)|ORIG_PATH_INFO|QUERY_STRING|REQUEST_URI|AUTH_TYPE)",
@@ -2569,6 +2628,8 @@
2569
2628
  "type": "php_code_injection",
2570
2629
  "crs_id": "933140",
2571
2630
  "category": "attack_attempt",
2631
+ "cwe": "94",
2632
+ "capec": "1000/225/122/17/650",
2572
2633
  "confidence": "1"
2573
2634
  },
2574
2635
  "conditions": [
@@ -2586,6 +2647,9 @@
2586
2647
  },
2587
2648
  {
2588
2649
  "address": "grpc.server.request.message"
2650
+ },
2651
+ {
2652
+ "address": "graphql.server.all_resolvers"
2589
2653
  }
2590
2654
  ],
2591
2655
  "regex": "php://(?:std(?:in|out|err)|(?:in|out)put|fd|memory|temp|filter)",
@@ -2605,6 +2669,8 @@
2605
2669
  "type": "php_code_injection",
2606
2670
  "crs_id": "933150",
2607
2671
  "category": "attack_attempt",
2672
+ "cwe": "94",
2673
+ "capec": "1000/225/122/17/650",
2608
2674
  "confidence": "1"
2609
2675
  },
2610
2676
  "conditions": [
@@ -2622,6 +2688,9 @@
2622
2688
  },
2623
2689
  {
2624
2690
  "address": "grpc.server.request.message"
2691
+ },
2692
+ {
2693
+ "address": "graphql.server.all_resolvers"
2625
2694
  }
2626
2695
  ],
2627
2696
  "list": [
@@ -2684,7 +2753,9 @@
2684
2753
  "tags": {
2685
2754
  "type": "php_code_injection",
2686
2755
  "crs_id": "933160",
2687
- "category": "attack_attempt"
2756
+ "category": "attack_attempt",
2757
+ "cwe": "94",
2758
+ "capec": "1000/225/122/17/650"
2688
2759
  },
2689
2760
  "conditions": [
2690
2761
  {
@@ -2701,6 +2772,9 @@
2701
2772
  },
2702
2773
  {
2703
2774
  "address": "grpc.server.request.message"
2775
+ },
2776
+ {
2777
+ "address": "graphql.server.all_resolvers"
2704
2778
  }
2705
2779
  ],
2706
2780
  "regex": "\\b(?:s(?:e(?:t(?:_(?:e(?:xception|rror)_handler|magic_quotes_runtime|include_path)|defaultstub)|ssion_s(?:et_save_handler|tart))|qlite_(?:(?:(?:unbuffered|single|array)_)?query|create_(?:aggregate|function)|p?open|exec)|tr(?:eam_(?:context_create|socket_client)|ipc?slashes|rev)|implexml_load_(?:string|file)|ocket_c(?:onnect|reate)|h(?:ow_sourc|a1_fil)e|pl_autoload_register|ystem)|p(?:r(?:eg_(?:replace(?:_callback(?:_array)?)?|match(?:_all)?|split)|oc_(?:(?:terminat|clos|nic)e|get_status|open)|int_r)|o(?:six_(?:get(?:(?:e[gu]|g)id|login|pwnam)|mk(?:fifo|nod)|ttyname|kill)|pen)|hp(?:_(?:strip_whitespac|unam)e|version|info)|g_(?:(?:execut|prepar)e|connect|query)|a(?:rse_(?:ini_file|str)|ssthru)|utenv)|r(?:unkit_(?:function_(?:re(?:defin|nam)e|copy|add)|method_(?:re(?:defin|nam)e|copy|add)|constant_(?:redefine|add))|e(?:(?:gister_(?:shutdown|tick)|name)_function|ad(?:(?:gz)?file|_exif_data|dir))|awurl(?:de|en)code)|i(?:mage(?:createfrom(?:(?:jpe|pn)g|x[bp]m|wbmp|gif)|(?:jpe|pn)g|g(?:d2?|if)|2?wbmp|xbm)|s_(?:(?:(?:execut|write?|read)ab|fi)le|dir)|ni_(?:get(?:_all)?|set)|terator_apply|ptcembed)|g(?:et(?:_(?:c(?:urrent_use|fg_va)r|meta_tags)|my(?:[gpu]id|inode)|(?:lastmo|cw)d|imagesize|env)|z(?:(?:(?:defla|wri)t|encod|fil)e|compress|open|read)|lob)|a(?:rray_(?:u(?:intersect(?:_u?assoc)?|diff(?:_u?assoc)?)|intersect_u(?:assoc|key)|diff_u(?:assoc|key)|filter|reduce|map)|ssert(?:_options)?|tob)|h(?:tml(?:specialchars(?:_decode)?|_entity_decode|entities)|(?:ash(?:_(?:update|hmac))?|ighlight)_file|e(?:ader_register_callback|x2bin))|f(?:i(?:le(?:(?:[acm]tim|inod)e|(?:_exist|perm)s|group)?|nfo_open)|tp_(?:nb_(?:ge|pu)|connec|ge|pu)t|(?:unction_exis|pu)ts|write|open)|o(?:b_(?:get_(?:c(?:ontents|lean)|flush)|end_(?:clean|flush)|clean|flush|start)|dbc_(?:result(?:_all)?|exec(?:ute)?|connect)|pendir)|m(?:b_(?:ereg(?:_(?:replace(?:_callback)?|match)|i(?:_replace)?)?|parse_str)|(?:ove_uploaded|d5)_file|ethod_exists|ysql_query|kdir)|e(?:x(?:if_(?:t(?:humbnail|agname)|imagetype|read_data)|ec)|scapeshell(?:arg|cmd)|rror_reporting|val)|c(?:url_(?:file_create|exec|init)|onvert_uuencode|reate_function|hr)|u(?:n(?:serialize|pack)|rl(?:de|en)code|[ak]?sort)|b(?:(?:son_(?:de|en)|ase64_en)code|zopen|toa)|(?:json_(?:de|en)cod|debug_backtrac|tmpfil)e|var_dump)(?:\\s|/\\*.*\\*/|//.*|#.*|\\\"|')*\\((?:(?:\\s|/\\*.*\\*/|//.*|#.*)*(?:\\$\\w+|[A-Z\\d]\\w*|\\w+\\(.*\\)|\\\\?\"(?:[^\"]|\\\\\"|\"\"|\"\\+\")*\\\\?\"|\\\\?'(?:[^']|''|'\\+')*\\\\?')(?:\\s|/\\*.*\\*/|//.*|#.*)*(?:(?:::|\\.|->)(?:\\s|/\\*.*\\*/|//.*|#.*)*\\w+(?:\\(.*\\))?)?,)*(?:(?:\\s|/\\*.*\\*/|//.*|#.*)*(?:\\$\\w+|[A-Z\\d]\\w*|\\w+\\(.*\\)|\\\\?\"(?:[^\"]|\\\\\"|\"\"|\"\\+\")*\\\\?\"|\\\\?'(?:[^']|''|'\\+')*\\\\?')(?:\\s|/\\*.*\\*/|//.*|#.*)*(?:(?:::|\\.|->)(?:\\s|/\\*.*\\*/|//.*|#.*)*\\w+(?:\\(.*\\))?)?)?\\)",
@@ -2721,6 +2795,8 @@
2721
2795
  "type": "php_code_injection",
2722
2796
  "crs_id": "933170",
2723
2797
  "category": "attack_attempt",
2798
+ "cwe": "502",
2799
+ "capec": "1000/152/586",
2724
2800
  "confidence": "1"
2725
2801
  },
2726
2802
  "conditions": [
@@ -2741,6 +2817,9 @@
2741
2817
  },
2742
2818
  {
2743
2819
  "address": "grpc.server.request.message"
2820
+ },
2821
+ {
2822
+ "address": "graphql.server.all_resolvers"
2744
2823
  }
2745
2824
  ],
2746
2825
  "regex": "[oOcC]:\\d+:\\\".+?\\\":\\d+:{[\\W\\w]*}",
@@ -2760,7 +2839,9 @@
2760
2839
  "tags": {
2761
2840
  "type": "php_code_injection",
2762
2841
  "crs_id": "933200",
2763
- "category": "attack_attempt"
2842
+ "category": "attack_attempt",
2843
+ "cwe": "502",
2844
+ "capec": "1000/152/586"
2764
2845
  },
2765
2846
  "conditions": [
2766
2847
  {
@@ -2777,6 +2858,9 @@
2777
2858
  },
2778
2859
  {
2779
2860
  "address": "grpc.server.request.message"
2861
+ },
2862
+ {
2863
+ "address": "graphql.server.all_resolvers"
2780
2864
  }
2781
2865
  ],
2782
2866
  "regex": "(?:(?:bzip|ssh)2|z(?:lib|ip)|(?:ph|r)ar|expect|glob|ogg)://",
@@ -2798,7 +2882,9 @@
2798
2882
  "tags": {
2799
2883
  "type": "js_code_injection",
2800
2884
  "crs_id": "934100",
2801
- "category": "attack_attempt"
2885
+ "category": "attack_attempt",
2886
+ "cwe": "94",
2887
+ "capec": "1000/152/242"
2802
2888
  },
2803
2889
  "conditions": [
2804
2890
  {
@@ -2815,6 +2901,9 @@
2815
2901
  },
2816
2902
  {
2817
2903
  "address": "grpc.server.request.message"
2904
+ },
2905
+ {
2906
+ "address": "graphql.server.all_resolvers"
2818
2907
  }
2819
2908
  ],
2820
2909
  "regex": "\\b(?:(?:l(?:(?:utimes|chmod)(?:Sync)?|(?:stat|ink)Sync)|w(?:rite(?:(?:File|v)(?:Sync)?|Sync)|atchFile)|u(?:n(?:watchFile|linkSync)|times(?:Sync)?)|s(?:(?:ymlink|tat)Sync|pawn(?:File|Sync))|ex(?:ec(?:File(?:Sync)?|Sync)|istsSync)|a(?:ppendFile|ccess)(?:Sync)?|(?:Caveat|Inode)s|open(?:dir)?Sync|new\\s+Function|Availability|\\beval)\\s*\\(|m(?:ain(?:Module\\s*(?:\\W*\\s*(?:constructor|require)|\\[)|\\s*(?:\\W*\\s*(?:constructor|require)|\\[))|kd(?:temp(?:Sync)?|irSync)\\s*\\(|odule\\.exports\\s*=)|c(?:(?:(?:h(?:mod|own)|lose)Sync|reate(?:Write|Read)Stream|p(?:Sync)?)\\s*\\(|o(?:nstructor\\s*(?:\\W*\\s*_load|\\[)|pyFile(?:Sync)?\\s*\\())|f(?:(?:(?:s(?:(?:yncS)?|tatS)|datas(?:yncS)?)ync|ch(?:mod|own)(?:Sync)?)\\s*\\(|u(?:nction\\s*\\(\\s*\\)\\s*{|times(?:Sync)?\\s*\\())|r(?:e(?:(?:ad(?:(?:File|link|dir)?Sync|v(?:Sync)?)|nameSync)\\s*\\(|quire\\s*(?:\\W*\\s*main|\\[))|m(?:Sync)?\\s*\\()|process\\s*(?:\\W*\\s*(?:mainModule|binding)|\\[)|t(?:his\\.constructor|runcateSync\\s*\\()|_(?:\\$\\$ND_FUNC\\$\\$_|_js_function)|global\\s*(?:\\W*\\s*process|\\[)|String\\s*\\.\\s*fromCharCode|binding\\s*\\[)",
@@ -2835,7 +2924,9 @@
2835
2924
  "type": "js_code_injection",
2836
2925
  "crs_id": "934101",
2837
2926
  "category": "attack_attempt",
2838
- "confidence": "1"
2927
+ "confidence": "1",
2928
+ "cwe": "94",
2929
+ "capec": "1000/152/242"
2839
2930
  },
2840
2931
  "conditions": [
2841
2932
  {
@@ -2852,6 +2943,9 @@
2852
2943
  },
2853
2944
  {
2854
2945
  "address": "grpc.server.request.message"
2946
+ },
2947
+ {
2948
+ "address": "graphql.server.all_resolvers"
2855
2949
  }
2856
2950
  ],
2857
2951
  "regex": "\\b(?:w(?:atch|rite)|(?:spaw|ope)n|exists|close|fork|read)\\s*\\(",
@@ -2872,6 +2966,8 @@
2872
2966
  "type": "xss",
2873
2967
  "crs_id": "941110",
2874
2968
  "category": "attack_attempt",
2969
+ "cwe": "80",
2970
+ "capec": "1000/152/242/63/591",
2875
2971
  "confidence": "1"
2876
2972
  },
2877
2973
  "conditions": [
@@ -2901,6 +2997,9 @@
2901
2997
  },
2902
2998
  {
2903
2999
  "address": "grpc.server.request.message"
3000
+ },
3001
+ {
3002
+ "address": "graphql.server.all_resolvers"
2904
3003
  }
2905
3004
  ],
2906
3005
  "regex": "<script[^>]*>[\\s\\S]*?",
@@ -2923,6 +3022,8 @@
2923
3022
  "type": "xss",
2924
3023
  "crs_id": "941120",
2925
3024
  "category": "attack_attempt",
3025
+ "cwe": "83",
3026
+ "capec": "1000/152/242/63/591/243",
2926
3027
  "confidence": "1"
2927
3028
  },
2928
3029
  "conditions": [
@@ -2952,6 +3053,9 @@
2952
3053
  },
2953
3054
  {
2954
3055
  "address": "grpc.server.request.message"
3056
+ },
3057
+ {
3058
+ "address": "graphql.server.all_resolvers"
2955
3059
  }
2956
3060
  ],
2957
3061
  "regex": "\\bon(?:d(?:r(?:ag(?:en(?:ter|d)|leave|start|over)?|op)|urationchange|blclick)|s(?:e(?:ek(?:ing|ed)|arch|lect)|u(?:spend|bmit)|talled|croll|how)|m(?:ouse(?:(?:lea|mo)ve|o(?:ver|ut)|enter|down|up)|essage)|p(?:a(?:ge(?:hide|show)|(?:st|us)e)|lay(?:ing)?|rogress|aste|ointer(?:cancel|down|enter|leave|move|out|over|rawupdate|up))|c(?:anplay(?:through)?|o(?:ntextmenu|py)|hange|lick|ut)|a(?:nimation(?:iteration|start|end)|(?:fterprin|bor)t|uxclick|fterscriptexecute)|t(?:o(?:uch(?:cancel|start|move|end)|ggle)|imeupdate)|f(?:ullscreen(?:change|error)|ocus(?:out|in)?|inish)|(?:(?:volume|hash)chang|o(?:ff|n)lin)e|b(?:efore(?:unload|print)|lur)|load(?:ed(?:meta)?data|start|end)?|r(?:es(?:ize|et)|atechange)|key(?:press|down|up)|w(?:aiting|heel)|in(?:valid|put)|e(?:nded|rror)|unload)[\\s\\x0B\\x09\\x0C\\x3B\\x2C\\x28\\x3B]*?=[^=]",
@@ -2974,6 +3078,8 @@
2974
3078
  "type": "xss",
2975
3079
  "crs_id": "941140",
2976
3080
  "category": "attack_attempt",
3081
+ "cwe": "84",
3082
+ "capec": "1000/152/242/63/591/244",
2977
3083
  "confidence": "1"
2978
3084
  },
2979
3085
  "conditions": [
@@ -3003,6 +3109,9 @@
3003
3109
  },
3004
3110
  {
3005
3111
  "address": "grpc.server.request.message"
3112
+ },
3113
+ {
3114
+ "address": "graphql.server.all_resolvers"
3006
3115
  }
3007
3116
  ],
3008
3117
  "regex": "[a-z]+=(?:[^:=]+:.+;)*?[^:=]+:url\\(javascript",
@@ -3025,6 +3134,8 @@
3025
3134
  "type": "xss",
3026
3135
  "crs_id": "941170",
3027
3136
  "category": "attack_attempt",
3137
+ "cwe": "83",
3138
+ "capec": "1000/152/242/63/591/243",
3028
3139
  "confidence": "1"
3029
3140
  },
3030
3141
  "conditions": [
@@ -3051,6 +3162,12 @@
3051
3162
  },
3052
3163
  {
3053
3164
  "address": "server.request.path_params"
3165
+ },
3166
+ {
3167
+ "address": "grpc.server.request.message"
3168
+ },
3169
+ {
3170
+ "address": "graphql.server.all_resolvers"
3054
3171
  }
3055
3172
  ],
3056
3173
  "regex": "(?:\\W|^)(?:javascript:(?:[\\s\\S]+[=\\x5c\\(\\[\\.<]|[\\s\\S]*?(?:\\bname\\b|\\x5c[ux]\\d)))|@\\W*?i\\W*?m\\W*?p\\W*?o\\W*?r\\W*?t\\W*?(?:/\\*[\\s\\S]*?)?(?:[\\\"']|\\W*?u\\W*?r\\W*?l[\\s\\S]*?\\()|[^-]*?-\\W*?m\\W*?o\\W*?z\\W*?-\\W*?b\\W*?i\\W*?n\\W*?d\\W*?i\\W*?n\\W*?g[^:]*?:\\W*?u\\W*?r\\W*?l[\\s\\S]*?\\(",
@@ -3072,7 +3189,9 @@
3072
3189
  "tags": {
3073
3190
  "type": "xss",
3074
3191
  "crs_id": "941180",
3075
- "category": "attack_attempt"
3192
+ "category": "attack_attempt",
3193
+ "cwe": "79",
3194
+ "capec": "1000/152/242/63/591"
3076
3195
  },
3077
3196
  "conditions": [
3078
3197
  {
@@ -3089,6 +3208,9 @@
3089
3208
  },
3090
3209
  {
3091
3210
  "address": "grpc.server.request.message"
3211
+ },
3212
+ {
3213
+ "address": "graphql.server.all_resolvers"
3092
3214
  }
3093
3215
  ],
3094
3216
  "list": [
@@ -3115,6 +3237,8 @@
3115
3237
  "type": "xss",
3116
3238
  "crs_id": "941200",
3117
3239
  "category": "attack_attempt",
3240
+ "cwe": "80",
3241
+ "capec": "1000/152/242/63/591",
3118
3242
  "confidence": "1"
3119
3243
  },
3120
3244
  "conditions": [
@@ -3132,6 +3256,9 @@
3132
3256
  },
3133
3257
  {
3134
3258
  "address": "grpc.server.request.message"
3259
+ },
3260
+ {
3261
+ "address": "graphql.server.all_resolvers"
3135
3262
  }
3136
3263
  ],
3137
3264
  "regex": "(?i:<.*[:]?vmlframe.*?[\\s/+]*?src[\\s/+]*=)",
@@ -3154,6 +3281,8 @@
3154
3281
  "type": "xss",
3155
3282
  "crs_id": "941210",
3156
3283
  "category": "attack_attempt",
3284
+ "cwe": "80",
3285
+ "capec": "1000/152/242/63/591",
3157
3286
  "confidence": "1"
3158
3287
  },
3159
3288
  "conditions": [
@@ -3171,6 +3300,9 @@
3171
3300
  },
3172
3301
  {
3173
3302
  "address": "grpc.server.request.message"
3303
+ },
3304
+ {
3305
+ "address": "graphql.server.all_resolvers"
3174
3306
  }
3175
3307
  ],
3176
3308
  "regex": "(?i:(?:j|&#x?0*(?:74|4A|106|6A);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:a|&#x?0*(?:65|41|97|61);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:v|&#x?0*(?:86|56|118|76);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:a|&#x?0*(?:65|41|97|61);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:s|&#x?0*(?:83|53|115|73);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:c|&#x?0*(?:67|43|99|63);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:r|&#x?0*(?:82|52|114|72);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:i|&#x?0*(?:73|49|105|69);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:p|&#x?0*(?:80|50|112|70);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:t|&#x?0*(?:84|54|116|74);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?::|&(?:#x?0*(?:58|3A);?|colon;)).)",
@@ -3193,6 +3325,8 @@
3193
3325
  "type": "xss",
3194
3326
  "crs_id": "941220",
3195
3327
  "category": "attack_attempt",
3328
+ "cwe": "80",
3329
+ "capec": "1000/152/242/63/591",
3196
3330
  "confidence": "1"
3197
3331
  },
3198
3332
  "conditions": [
@@ -3210,6 +3344,9 @@
3210
3344
  },
3211
3345
  {
3212
3346
  "address": "grpc.server.request.message"
3347
+ },
3348
+ {
3349
+ "address": "graphql.server.all_resolvers"
3213
3350
  }
3214
3351
  ],
3215
3352
  "regex": "(?i:(?:v|&#x?0*(?:86|56|118|76);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:b|&#x?0*(?:66|42|98|62);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:s|&#x?0*(?:83|53|115|73);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:c|&#x?0*(?:67|43|99|63);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:r|&#x?0*(?:82|52|114|72);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:i|&#x?0*(?:73|49|105|69);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:p|&#x?0*(?:80|50|112|70);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:t|&#x?0*(?:84|54|116|74);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?::|&(?:#x?0*(?:58|3A);?|colon;)).)",
@@ -3232,6 +3369,8 @@
3232
3369
  "type": "xss",
3233
3370
  "crs_id": "941230",
3234
3371
  "category": "attack_attempt",
3372
+ "cwe": "83",
3373
+ "capec": "1000/152/242/63/591/243",
3235
3374
  "confidence": "1"
3236
3375
  },
3237
3376
  "conditions": [
@@ -3249,6 +3388,9 @@
3249
3388
  },
3250
3389
  {
3251
3390
  "address": "grpc.server.request.message"
3391
+ },
3392
+ {
3393
+ "address": "graphql.server.all_resolvers"
3252
3394
  }
3253
3395
  ],
3254
3396
  "regex": "<EMBED[\\s/+].*?(?:src|type).*?=",
@@ -3270,6 +3412,8 @@
3270
3412
  "type": "xss",
3271
3413
  "crs_id": "941240",
3272
3414
  "category": "attack_attempt",
3415
+ "cwe": "83",
3416
+ "capec": "1000/152/242/63/591/243",
3273
3417
  "confidence": "1"
3274
3418
  },
3275
3419
  "conditions": [
@@ -3287,6 +3431,9 @@
3287
3431
  },
3288
3432
  {
3289
3433
  "address": "grpc.server.request.message"
3434
+ },
3435
+ {
3436
+ "address": "graphql.server.all_resolvers"
3290
3437
  }
3291
3438
  ],
3292
3439
  "regex": "<[?]?import[\\s/+\\S]*?implementation[\\s/+]*?=",
@@ -3309,7 +3456,9 @@
3309
3456
  "tags": {
3310
3457
  "type": "xss",
3311
3458
  "crs_id": "941270",
3312
- "category": "attack_attempt"
3459
+ "category": "attack_attempt",
3460
+ "cwe": "83",
3461
+ "capec": "1000/152/242/63/591/243"
3313
3462
  },
3314
3463
  "conditions": [
3315
3464
  {
@@ -3326,6 +3475,9 @@
3326
3475
  },
3327
3476
  {
3328
3477
  "address": "grpc.server.request.message"
3478
+ },
3479
+ {
3480
+ "address": "graphql.server.all_resolvers"
3329
3481
  }
3330
3482
  ],
3331
3483
  "regex": "<LINK[\\s/+].*?href[\\s/+]*=",
@@ -3347,6 +3499,8 @@
3347
3499
  "type": "xss",
3348
3500
  "crs_id": "941280",
3349
3501
  "category": "attack_attempt",
3502
+ "cwe": "83",
3503
+ "capec": "1000/152/242/63/591/243",
3350
3504
  "confidence": "1"
3351
3505
  },
3352
3506
  "conditions": [
@@ -3364,6 +3518,9 @@
3364
3518
  },
3365
3519
  {
3366
3520
  "address": "grpc.server.request.message"
3521
+ },
3522
+ {
3523
+ "address": "graphql.server.all_resolvers"
3367
3524
  }
3368
3525
  ],
3369
3526
  "regex": "<BASE[\\s/+].*?href[\\s/+]*=",
@@ -3385,6 +3542,8 @@
3385
3542
  "type": "xss",
3386
3543
  "crs_id": "941290",
3387
3544
  "category": "attack_attempt",
3545
+ "cwe": "83",
3546
+ "capec": "1000/152/242/63/591/243",
3388
3547
  "confidence": "1"
3389
3548
  },
3390
3549
  "conditions": [
@@ -3402,6 +3561,9 @@
3402
3561
  },
3403
3562
  {
3404
3563
  "address": "grpc.server.request.message"
3564
+ },
3565
+ {
3566
+ "address": "graphql.server.all_resolvers"
3405
3567
  }
3406
3568
  ],
3407
3569
  "regex": "<APPLET[\\s/+>]",
@@ -3423,6 +3585,8 @@
3423
3585
  "type": "xss",
3424
3586
  "crs_id": "941300",
3425
3587
  "category": "attack_attempt",
3588
+ "cwe": "83",
3589
+ "capec": "1000/152/242/63/591/243",
3426
3590
  "confidence": "1"
3427
3591
  },
3428
3592
  "conditions": [
@@ -3440,6 +3604,9 @@
3440
3604
  },
3441
3605
  {
3442
3606
  "address": "grpc.server.request.message"
3607
+ },
3608
+ {
3609
+ "address": "graphql.server.all_resolvers"
3443
3610
  }
3444
3611
  ],
3445
3612
  "regex": "<OBJECT[\\s/+].*?(?:type|codetype|classid|code|data)[\\s/+]*=",
@@ -3461,6 +3628,8 @@
3461
3628
  "type": "xss",
3462
3629
  "crs_id": "941350",
3463
3630
  "category": "attack_attempt",
3631
+ "cwe": "87",
3632
+ "capec": "1000/152/242/63/591/199",
3464
3633
  "confidence": "1"
3465
3634
  },
3466
3635
  "conditions": [
@@ -3478,6 +3647,9 @@
3478
3647
  },
3479
3648
  {
3480
3649
  "address": "grpc.server.request.message"
3650
+ },
3651
+ {
3652
+ "address": "graphql.server.all_resolvers"
3481
3653
  }
3482
3654
  ],
3483
3655
  "regex": "\\+ADw-.*(?:\\+AD4-|>)|<.*\\+AD4-",
@@ -3497,7 +3669,9 @@
3497
3669
  "tags": {
3498
3670
  "type": "xss",
3499
3671
  "crs_id": "941360",
3500
- "category": "attack_attempt"
3672
+ "category": "attack_attempt",
3673
+ "cwe": "87",
3674
+ "capec": "1000/152/242/63/591/199"
3501
3675
  },
3502
3676
  "conditions": [
3503
3677
  {
@@ -3514,6 +3688,9 @@
3514
3688
  },
3515
3689
  {
3516
3690
  "address": "grpc.server.request.message"
3691
+ },
3692
+ {
3693
+ "address": "graphql.server.all_resolvers"
3517
3694
  }
3518
3695
  ],
3519
3696
  "regex": "![!+ ]\\[\\]",
@@ -3534,7 +3711,9 @@
3534
3711
  "type": "xss",
3535
3712
  "crs_id": "941390",
3536
3713
  "category": "attack_attempt",
3537
- "confidence": "1"
3714
+ "confidence": "1",
3715
+ "cwe": "79",
3716
+ "capec": "1000/152/242/63/591"
3538
3717
  },
3539
3718
  "conditions": [
3540
3719
  {
@@ -3551,6 +3730,9 @@
3551
3730
  },
3552
3731
  {
3553
3732
  "address": "grpc.server.request.message"
3733
+ },
3734
+ {
3735
+ "address": "graphql.server.all_resolvers"
3554
3736
  }
3555
3737
  ],
3556
3738
  "regex": "\\b(?i:eval|settimeout|setinterval|new\\s+Function|alert|prompt)[\\s+]*\\([^\\)]",
@@ -3570,7 +3752,9 @@
3570
3752
  "tags": {
3571
3753
  "type": "sql_injection",
3572
3754
  "crs_id": "942100",
3573
- "category": "attack_attempt"
3755
+ "category": "attack_attempt",
3756
+ "cwe": "89",
3757
+ "capec": "1000/152/248/66"
3574
3758
  },
3575
3759
  "conditions": [
3576
3760
  {
@@ -3587,6 +3771,9 @@
3587
3771
  },
3588
3772
  {
3589
3773
  "address": "grpc.server.request.message"
3774
+ },
3775
+ {
3776
+ "address": "graphql.server.all_resolvers"
3590
3777
  }
3591
3778
  ]
3592
3779
  },
@@ -3604,6 +3791,8 @@
3604
3791
  "type": "sql_injection",
3605
3792
  "crs_id": "942160",
3606
3793
  "category": "attack_attempt",
3794
+ "cwe": "89",
3795
+ "capec": "1000/152/248/66/7",
3607
3796
  "confidence": "1"
3608
3797
  },
3609
3798
  "conditions": [
@@ -3621,6 +3810,9 @@
3621
3810
  },
3622
3811
  {
3623
3812
  "address": "grpc.server.request.message"
3813
+ },
3814
+ {
3815
+ "address": "graphql.server.all_resolvers"
3624
3816
  }
3625
3817
  ],
3626
3818
  "regex": "(?i:sleep\\(\\s*?\\d*?\\s*?\\)|benchmark\\(.*?\\,.*?\\))",
@@ -3641,6 +3833,8 @@
3641
3833
  "type": "sql_injection",
3642
3834
  "crs_id": "942240",
3643
3835
  "category": "attack_attempt",
3836
+ "cwe": "89",
3837
+ "capec": "1000/152/248/66/7",
3644
3838
  "confidence": "1"
3645
3839
  },
3646
3840
  "conditions": [
@@ -3658,6 +3852,9 @@
3658
3852
  },
3659
3853
  {
3660
3854
  "address": "grpc.server.request.message"
3855
+ },
3856
+ {
3857
+ "address": "graphql.server.all_resolvers"
3661
3858
  }
3662
3859
  ],
3663
3860
  "regex": "(?:[\\\"'`](?:;*?\\s*?waitfor\\s+(?:delay|time)\\s+[\\\"'`]|;.*?:\\s*?goto)|alter\\s*?\\w+.*?cha(?:racte)?r\\s+set\\s+\\w+)",
@@ -3676,7 +3873,9 @@
3676
3873
  "tags": {
3677
3874
  "type": "sql_injection",
3678
3875
  "crs_id": "942250",
3679
- "category": "attack_attempt"
3876
+ "category": "attack_attempt",
3877
+ "cwe": "89",
3878
+ "capec": "1000/152/248/66"
3680
3879
  },
3681
3880
  "conditions": [
3682
3881
  {
@@ -3693,6 +3892,9 @@
3693
3892
  },
3694
3893
  {
3695
3894
  "address": "grpc.server.request.message"
3895
+ },
3896
+ {
3897
+ "address": "graphql.server.all_resolvers"
3696
3898
  }
3697
3899
  ],
3698
3900
  "regex": "(?i:merge.*?using\\s*?\\(|execute\\s*?immediate\\s*?[\\\"'`]|match\\s*?[\\w(?:),+-]+\\s*?against\\s*?\\()",
@@ -3712,7 +3914,9 @@
3712
3914
  "tags": {
3713
3915
  "type": "sql_injection",
3714
3916
  "crs_id": "942270",
3715
- "category": "attack_attempt"
3917
+ "category": "attack_attempt",
3918
+ "cwe": "89",
3919
+ "capec": "1000/152/248/66"
3716
3920
  },
3717
3921
  "conditions": [
3718
3922
  {
@@ -3729,6 +3933,9 @@
3729
3933
  },
3730
3934
  {
3731
3935
  "address": "grpc.server.request.message"
3936
+ },
3937
+ {
3938
+ "address": "graphql.server.all_resolvers"
3732
3939
  }
3733
3940
  ],
3734
3941
  "regex": "union.*?select.*?from",
@@ -3748,6 +3955,8 @@
3748
3955
  "type": "sql_injection",
3749
3956
  "crs_id": "942280",
3750
3957
  "category": "attack_attempt",
3958
+ "cwe": "89",
3959
+ "capec": "1000/152/248/66/7",
3751
3960
  "confidence": "1"
3752
3961
  },
3753
3962
  "conditions": [
@@ -3765,6 +3974,9 @@
3765
3974
  },
3766
3975
  {
3767
3976
  "address": "grpc.server.request.message"
3977
+ },
3978
+ {
3979
+ "address": "graphql.server.all_resolvers"
3768
3980
  }
3769
3981
  ],
3770
3982
  "regex": "(?:;\\s*?shutdown\\s*?(?:[#;{]|\\/\\*|--)|waitfor\\s*?delay\\s?[\\\"'`]+\\s?\\d|select\\s*?pg_sleep)",
@@ -3783,7 +3995,9 @@
3783
3995
  "tags": {
3784
3996
  "type": "nosql_injection",
3785
3997
  "crs_id": "942290",
3786
- "category": "attack_attempt"
3998
+ "category": "attack_attempt",
3999
+ "cwe": "943",
4000
+ "capec": "1000/152/248/676"
3787
4001
  },
3788
4002
  "conditions": [
3789
4003
  {
@@ -3800,6 +4014,9 @@
3800
4014
  },
3801
4015
  {
3802
4016
  "address": "grpc.server.request.message"
4017
+ },
4018
+ {
4019
+ "address": "graphql.server.all_resolvers"
3803
4020
  }
3804
4021
  ],
3805
4022
  "regex": "(?i:(?:\\[?\\$(?:(?:s(?:lic|iz)|wher)e|e(?:lemMatch|xists|q)|n(?:o[rt]|in?|e)|l(?:ike|te?)|t(?:ext|ype)|a(?:ll|nd)|jsonSchema|between|regex|x?or|div|mod)\\]?)\\b)",
@@ -3821,7 +4038,9 @@
3821
4038
  "tags": {
3822
4039
  "type": "sql_injection",
3823
4040
  "crs_id": "942360",
3824
- "category": "attack_attempt"
4041
+ "category": "attack_attempt",
4042
+ "cwe": "89",
4043
+ "capec": "1000/152/248/66/470"
3825
4044
  },
3826
4045
  "conditions": [
3827
4046
  {
@@ -3838,6 +4057,9 @@
3838
4057
  },
3839
4058
  {
3840
4059
  "address": "grpc.server.request.message"
4060
+ },
4061
+ {
4062
+ "address": "graphql.server.all_resolvers"
3841
4063
  }
3842
4064
  ],
3843
4065
  "regex": "(?:^[\\W\\d]+\\s*?(?:alter\\s*(?:a(?:(?:pplication\\s*rol|ggregat)e|s(?:ymmetric\\s*ke|sembl)y|u(?:thorization|dit)|vailability\\s*group)|c(?:r(?:yptographic\\s*provider|edential)|o(?:l(?:latio|um)|nversio)n|ertificate|luster)|s(?:e(?:rv(?:ice|er)|curity|quence|ssion|arch)|y(?:mmetric\\s*key|nonym)|togroup|chema)|m(?:a(?:s(?:ter\\s*key|k)|terialized)|e(?:ssage\\s*type|thod)|odule)|l(?:o(?:g(?:file\\s*group|in)|ckdown)|a(?:ngua|r)ge|ibrary)|t(?:(?:abl(?:espac)?|yp)e|r(?:igger|usted)|hreshold|ext)|p(?:a(?:rtition|ckage)|ro(?:cedur|fil)e|ermission)|d(?:i(?:mension|skgroup)|atabase|efault|omain)|r(?:o(?:l(?:lback|e)|ute)|e(?:sourc|mot)e)|f(?:u(?:lltext|nction)|lashback|oreign)|e(?:xte(?:nsion|rnal)|(?:ndpoi|ve)nt)|in(?:dex(?:type)?|memory|stance)|b(?:roker\\s*priority|ufferpool)|x(?:ml\\s*schema|srobject)|w(?:ork(?:load)?|rapper)|hi(?:erarchy|stogram)|o(?:perator|utline)|(?:nicknam|queu)e|us(?:age|er)|group|java|view)|union\\s*(?:(?:distin|sele)ct|all))\\b|\\b(?:(?:(?:trunc|cre|upd)at|renam)e|(?:inser|selec)t|de(?:lete|sc)|alter|load)\\s+(?:group_concat|load_file|char)\\b\\s*\\(?|[\\s(]load_file\\s*?\\(|[\\\"'`]\\s+regexp\\W)",
@@ -3856,7 +4078,9 @@
3856
4078
  "tags": {
3857
4079
  "type": "sql_injection",
3858
4080
  "crs_id": "942500",
3859
- "category": "attack_attempt"
4081
+ "category": "attack_attempt",
4082
+ "cwe": "89",
4083
+ "capec": "1000/152/248/66"
3860
4084
  },
3861
4085
  "conditions": [
3862
4086
  {
@@ -3873,6 +4097,9 @@
3873
4097
  },
3874
4098
  {
3875
4099
  "address": "grpc.server.request.message"
4100
+ },
4101
+ {
4102
+ "address": "graphql.server.all_resolvers"
3876
4103
  }
3877
4104
  ],
3878
4105
  "regex": "(?i:/\\*[!+](?:[\\w\\s=_\\-(?:)]+)?\\*/)",
@@ -3893,6 +4120,8 @@
3893
4120
  "type": "http_protocol_violation",
3894
4121
  "crs_id": "943100",
3895
4122
  "category": "attack_attempt",
4123
+ "cwe": "384",
4124
+ "capec": "1000/225/21/593/61",
3896
4125
  "confidence": "1"
3897
4126
  },
3898
4127
  "conditions": [
@@ -3907,6 +4136,12 @@
3907
4136
  },
3908
4137
  {
3909
4138
  "address": "server.request.path_params"
4139
+ },
4140
+ {
4141
+ "address": "grpc.server.request.message"
4142
+ },
4143
+ {
4144
+ "address": "graphql.server.all_resolvers"
3910
4145
  }
3911
4146
  ],
3912
4147
  "regex": "(?i:\\.cookie\\b.*?;\\W*?(?:expires|domain)\\W*?=|\\bhttp-equiv\\W+set-cookie\\b)",
@@ -3927,6 +4162,8 @@
3927
4162
  "type": "java_code_injection",
3928
4163
  "crs_id": "944100",
3929
4164
  "category": "attack_attempt",
4165
+ "cwe": "94",
4166
+ "capec": "1000/152/242",
3930
4167
  "confidence": "1"
3931
4168
  },
3932
4169
  "conditions": [
@@ -3947,6 +4184,9 @@
3947
4184
  },
3948
4185
  {
3949
4186
  "address": "grpc.server.request.message"
4187
+ },
4188
+ {
4189
+ "address": "graphql.server.all_resolvers"
3950
4190
  }
3951
4191
  ],
3952
4192
  "regex": "java\\.lang\\.(?:runtime|processbuilder)",
@@ -3968,7 +4208,9 @@
3968
4208
  "tags": {
3969
4209
  "type": "java_code_injection",
3970
4210
  "crs_id": "944110",
3971
- "category": "attack_attempt"
4211
+ "category": "attack_attempt",
4212
+ "cwe": "94",
4213
+ "capec": "1000/152/242"
3972
4214
  },
3973
4215
  "conditions": [
3974
4216
  {
@@ -3988,6 +4230,9 @@
3988
4230
  },
3989
4231
  {
3990
4232
  "address": "grpc.server.request.message"
4233
+ },
4234
+ {
4235
+ "address": "graphql.server.all_resolvers"
3991
4236
  }
3992
4237
  ],
3993
4238
  "regex": "(?:runtime|processbuilder)",
@@ -4015,6 +4260,9 @@
4015
4260
  },
4016
4261
  {
4017
4262
  "address": "grpc.server.request.message"
4263
+ },
4264
+ {
4265
+ "address": "graphql.server.all_resolvers"
4018
4266
  }
4019
4267
  ],
4020
4268
  "regex": "(?:unmarshaller|base64data|java\\.)",
@@ -4036,7 +4284,9 @@
4036
4284
  "tags": {
4037
4285
  "type": "java_code_injection",
4038
4286
  "crs_id": "944130",
4039
- "category": "attack_attempt"
4287
+ "category": "attack_attempt",
4288
+ "cwe": "94",
4289
+ "capec": "1000/152/242"
4040
4290
  },
4041
4291
  "conditions": [
4042
4292
  {
@@ -4056,6 +4306,9 @@
4056
4306
  },
4057
4307
  {
4058
4308
  "address": "grpc.server.request.message"
4309
+ },
4310
+ {
4311
+ "address": "graphql.server.all_resolvers"
4059
4312
  }
4060
4313
  ],
4061
4314
  "list": [
@@ -4116,6 +4369,8 @@
4116
4369
  "type": "java_code_injection",
4117
4370
  "crs_id": "944260",
4118
4371
  "category": "attack_attempt",
4372
+ "cwe": "94",
4373
+ "capec": "1000/152/242",
4119
4374
  "confidence": "1"
4120
4375
  },
4121
4376
  "conditions": [
@@ -4136,6 +4391,9 @@
4136
4391
  },
4137
4392
  {
4138
4393
  "address": "grpc.server.request.message"
4394
+ },
4395
+ {
4396
+ "address": "graphql.server.all_resolvers"
4139
4397
  }
4140
4398
  ],
4141
4399
  "regex": "(?:class\\.module\\.classLoader\\.resources\\.context\\.parent\\.pipeline|springframework\\.context\\.support\\.FileSystemXmlApplicationContext)",
@@ -4154,7 +4412,9 @@
4154
4412
  "name": "Look for Cassandra injections",
4155
4413
  "tags": {
4156
4414
  "type": "nosql_injection",
4157
- "category": "attack_attempt"
4415
+ "category": "attack_attempt",
4416
+ "cwe": "943",
4417
+ "capec": "1000/152/248/676"
4158
4418
  },
4159
4419
  "conditions": [
4160
4420
  {
@@ -4169,6 +4429,12 @@
4169
4429
  {
4170
4430
  "address": "server.request.path_params"
4171
4431
  },
4432
+ {
4433
+ "address": "grpc.server.request.message"
4434
+ },
4435
+ {
4436
+ "address": "graphql.server.all_resolvers"
4437
+ },
4172
4438
  {
4173
4439
  "address": "server.request.headers.no_cookies"
4174
4440
  }
@@ -4187,7 +4453,9 @@
4187
4453
  "name": "OGNL - Look for formatting injection patterns",
4188
4454
  "tags": {
4189
4455
  "type": "java_code_injection",
4190
- "category": "attack_attempt"
4456
+ "category": "attack_attempt",
4457
+ "cwe": "94",
4458
+ "capec": "1000/152/242"
4191
4459
  },
4192
4460
  "conditions": [
4193
4461
  {
@@ -4208,6 +4476,9 @@
4208
4476
  },
4209
4477
  {
4210
4478
  "address": "grpc.server.request.message"
4479
+ },
4480
+ {
4481
+ "address": "graphql.server.all_resolvers"
4211
4482
  }
4212
4483
  ],
4213
4484
  "regex": "[#%$]{(?:[^}]+[^\\w\\s}\\-_][^}]+|\\d+-\\d+)}",
@@ -4225,6 +4496,8 @@
4225
4496
  "tags": {
4226
4497
  "type": "java_code_injection",
4227
4498
  "category": "attack_attempt",
4499
+ "cwe": "94",
4500
+ "capec": "1000/152/242",
4228
4501
  "confidence": "1"
4229
4502
  },
4230
4503
  "conditions": [
@@ -4246,6 +4519,9 @@
4246
4519
  },
4247
4520
  {
4248
4521
  "address": "grpc.server.request.message"
4522
+ },
4523
+ {
4524
+ "address": "graphql.server.all_resolvers"
4249
4525
  }
4250
4526
  ],
4251
4527
  "regex": "[@#]ognl",
@@ -4263,6 +4539,8 @@
4263
4539
  "tags": {
4264
4540
  "type": "exploit_detection",
4265
4541
  "category": "attack_attempt",
4542
+ "cwe": "94",
4543
+ "capec": "1000/152/242",
4266
4544
  "confidence": "1"
4267
4545
  },
4268
4546
  "conditions": [
@@ -4291,6 +4569,8 @@
4291
4569
  "tags": {
4292
4570
  "type": "js_code_injection",
4293
4571
  "category": "attack_attempt",
4572
+ "cwe": "1321",
4573
+ "capec": "1000/152/242",
4294
4574
  "confidence": "1"
4295
4575
  },
4296
4576
  "conditions": [
@@ -4319,6 +4599,8 @@
4319
4599
  "tags": {
4320
4600
  "type": "js_code_injection",
4321
4601
  "category": "attack_attempt",
4602
+ "cwe": "1321",
4603
+ "capec": "1000/152/242",
4322
4604
  "confidence": "1"
4323
4605
  },
4324
4606
  "conditions": [
@@ -4361,6 +4643,8 @@
4361
4643
  "tags": {
4362
4644
  "type": "java_code_injection",
4363
4645
  "category": "attack_attempt",
4646
+ "cwe": "1336",
4647
+ "capec": "1000/152/242/19",
4364
4648
  "confidence": "1"
4365
4649
  },
4366
4650
  "conditions": [
@@ -4381,6 +4665,9 @@
4381
4665
  },
4382
4666
  {
4383
4667
  "address": "grpc.server.request.message"
4668
+ },
4669
+ {
4670
+ "address": "graphql.server.all_resolvers"
4384
4671
  }
4385
4672
  ],
4386
4673
  "regex": "#(?:set|foreach|macro|parse|if)\\(.*\\)|<#assign.*>"
@@ -4397,6 +4684,8 @@
4397
4684
  "type": "attack_tool",
4398
4685
  "category": "attack_attempt",
4399
4686
  "tool_name": "BurpCollaborator",
4687
+ "cwe": "200",
4688
+ "capec": "1000/118/169",
4400
4689
  "confidence": "1"
4401
4690
  },
4402
4691
  "conditions": [
@@ -4417,6 +4706,9 @@
4417
4706
  },
4418
4707
  {
4419
4708
  "address": "grpc.server.request.message"
4709
+ },
4710
+ {
4711
+ "address": "graphql.server.all_resolvers"
4420
4712
  }
4421
4713
  ],
4422
4714
  "regex": "\\b(?:burpcollaborator\\.net|oastify\\.com)\\b"
@@ -4433,6 +4725,8 @@
4433
4725
  "type": "commercial_scanner",
4434
4726
  "category": "attack_attempt",
4435
4727
  "tool_name": "Qualys",
4728
+ "cwe": "200",
4729
+ "capec": "1000/118/169",
4436
4730
  "confidence": "0"
4437
4731
  },
4438
4732
  "conditions": [
@@ -4453,6 +4747,9 @@
4453
4747
  },
4454
4748
  {
4455
4749
  "address": "grpc.server.request.message"
4750
+ },
4751
+ {
4752
+ "address": "graphql.server.all_resolvers"
4456
4753
  }
4457
4754
  ],
4458
4755
  "regex": "\\bqualysperiscope\\.com\\b"
@@ -4469,6 +4766,8 @@
4469
4766
  "type": "commercial_scanner",
4470
4767
  "category": "attack_attempt",
4471
4768
  "tool_name": "Probely",
4769
+ "cwe": "200",
4770
+ "capec": "1000/118/169",
4472
4771
  "confidence": "0"
4473
4772
  },
4474
4773
  "conditions": [
@@ -4489,6 +4788,9 @@
4489
4788
  },
4490
4789
  {
4491
4790
  "address": "grpc.server.request.message"
4791
+ },
4792
+ {
4793
+ "address": "graphql.server.all_resolvers"
4492
4794
  }
4493
4795
  ],
4494
4796
  "regex": "\\bprbly\\.win\\b"
@@ -4504,6 +4806,8 @@
4504
4806
  "tags": {
4505
4807
  "type": "security_scanner",
4506
4808
  "category": "attack_attempt",
4809
+ "cwe": "200",
4810
+ "capec": "1000/118/169",
4507
4811
  "confidence": "1"
4508
4812
  },
4509
4813
  "conditions": [
@@ -4524,6 +4828,9 @@
4524
4828
  },
4525
4829
  {
4526
4830
  "address": "grpc.server.request.message"
4831
+ },
4832
+ {
4833
+ "address": "graphql.server.all_resolvers"
4527
4834
  }
4528
4835
  ],
4529
4836
  "regex": "\\b(?:webhook\\.site|\\.canarytokens\\.com|vii\\.one|act1on3\\.ru|gdsburp\\.com)\\b"
@@ -4539,6 +4846,8 @@
4539
4846
  "tags": {
4540
4847
  "type": "security_scanner",
4541
4848
  "category": "attack_attempt",
4849
+ "cwe": "200",
4850
+ "capec": "1000/118/169",
4542
4851
  "confidence": "0"
4543
4852
  },
4544
4853
  "conditions": [
@@ -4559,6 +4868,9 @@
4559
4868
  },
4560
4869
  {
4561
4870
  "address": "grpc.server.request.message"
4871
+ },
4872
+ {
4873
+ "address": "graphql.server.all_resolvers"
4562
4874
  }
4563
4875
  ],
4564
4876
  "regex": "\\b(?:\\.ngrok\\.io|requestbin\\.com|requestbin\\.net)\\b"
@@ -4575,6 +4887,8 @@
4575
4887
  "type": "commercial_scanner",
4576
4888
  "category": "attack_attempt",
4577
4889
  "tool_name": "Rapid7",
4890
+ "cwe": "200",
4891
+ "capec": "1000/118/169",
4578
4892
  "confidence": "0"
4579
4893
  },
4580
4894
  "conditions": [
@@ -4595,6 +4909,9 @@
4595
4909
  },
4596
4910
  {
4597
4911
  "address": "grpc.server.request.message"
4912
+ },
4913
+ {
4914
+ "address": "graphql.server.all_resolvers"
4598
4915
  }
4599
4916
  ],
4600
4917
  "regex": "\\bappspidered\\.rapid7\\."
@@ -4611,6 +4928,8 @@
4611
4928
  "type": "attack_tool",
4612
4929
  "category": "attack_attempt",
4613
4930
  "tool_name": "interact.sh",
4931
+ "cwe": "200",
4932
+ "capec": "1000/118/169",
4614
4933
  "confidence": "1"
4615
4934
  },
4616
4935
  "conditions": [
@@ -4631,6 +4950,9 @@
4631
4950
  },
4632
4951
  {
4633
4952
  "address": "grpc.server.request.message"
4953
+ },
4954
+ {
4955
+ "address": "graphql.server.all_resolvers"
4634
4956
  }
4635
4957
  ],
4636
4958
  "regex": "\\b(?:interact\\.sh|oast\\.(?:pro|live|site|online|fun|me))\\b"
@@ -4647,6 +4969,8 @@
4647
4969
  "type": "commercial_scanner",
4648
4970
  "category": "attack_attempt",
4649
4971
  "tool_name": "Netsparker",
4972
+ "cwe": "200",
4973
+ "capec": "1000/118/169",
4650
4974
  "confidence": "0"
4651
4975
  },
4652
4976
  "conditions": [
@@ -4667,6 +4991,9 @@
4667
4991
  },
4668
4992
  {
4669
4993
  "address": "grpc.server.request.message"
4994
+ },
4995
+ {
4996
+ "address": "graphql.server.all_resolvers"
4670
4997
  }
4671
4998
  ],
4672
4999
  "regex": "\\b(?:\\.|(?:\\\\|&#)(?:0*46|x0*2e);)r87(?:\\.|(?:\\\\|&#)(?:0*46|x0*2e);)(?:me|com)\\b",
@@ -4686,6 +5013,8 @@
4686
5013
  "tags": {
4687
5014
  "type": "rfi",
4688
5015
  "category": "attack_attempt",
5016
+ "cwe": "98",
5017
+ "capec": "1000/152/175/253/193",
4689
5018
  "confidence": "1"
4690
5019
  },
4691
5020
  "conditions": [
@@ -4700,6 +5029,12 @@
4700
5029
  },
4701
5030
  {
4702
5031
  "address": "server.request.path_params"
5032
+ },
5033
+ {
5034
+ "address": "grpc.server.request.message"
5035
+ },
5036
+ {
5037
+ "address": "graphql.server.all_resolvers"
4703
5038
  }
4704
5039
  ],
4705
5040
  "regex": "^(?i:file|ftps?|https?).*/rfiinc\\.txt\\?+$",
@@ -4719,6 +5054,8 @@
4719
5054
  "tags": {
4720
5055
  "type": "xxe",
4721
5056
  "category": "attack_attempt",
5057
+ "cwe": "91",
5058
+ "capec": "1000/152/248/250",
4722
5059
  "confidence": "0"
4723
5060
  },
4724
5061
  "conditions": [
@@ -4730,6 +5067,9 @@
4730
5067
  },
4731
5068
  {
4732
5069
  "address": "grpc.server.request.message"
5070
+ },
5071
+ {
5072
+ "address": "graphql.server.all_resolvers"
4733
5073
  }
4734
5074
  ],
4735
5075
  "regex": "(?:<\\?xml[^>]*>.*)<!ENTITY[^>]+SYSTEM\\s+[^>]+>",
@@ -4749,6 +5089,8 @@
4749
5089
  "tags": {
4750
5090
  "type": "xss",
4751
5091
  "category": "attack_attempt",
5092
+ "cwe": "83",
5093
+ "capec": "1000/152/242/63/591/243",
4752
5094
  "confidence": "0"
4753
5095
  },
4754
5096
  "conditions": [
@@ -4778,6 +5120,9 @@
4778
5120
  },
4779
5121
  {
4780
5122
  "address": "grpc.server.request.message"
5123
+ },
5124
+ {
5125
+ "address": "graphql.server.all_resolvers"
4781
5126
  }
4782
5127
  ],
4783
5128
  "regex": "<(?:iframe|esi:include)(?:(?:\\s|/)*\\w+=[\"'\\w]+)*(?:\\s|/)*src(?:doc)?=[\"']?(?:data:|javascript:|http:|//)[^\\s'\"]+['\"]?",
@@ -4799,6 +5144,8 @@
4799
5144
  "tags": {
4800
5145
  "type": "xss",
4801
5146
  "category": "attack_attempt",
5147
+ "cwe": "83",
5148
+ "capec": "1000/152/242/63/591/243",
4802
5149
  "confidence": "1"
4803
5150
  },
4804
5151
  "conditions": [
@@ -4819,6 +5166,9 @@
4819
5166
  },
4820
5167
  {
4821
5168
  "address": "grpc.server.request.message"
5169
+ },
5170
+ {
5171
+ "address": "graphql.server.all_resolvers"
4822
5172
  }
4823
5173
  ],
4824
5174
  "regex": "https?:\\/\\/(?:.*\\.)?(?:bxss\\.in|xss\\.ht|js\\.rip)",
@@ -4837,6 +5187,8 @@
4837
5187
  "tags": {
4838
5188
  "type": "security_scanner",
4839
5189
  "category": "attack_attempt",
5190
+ "cwe": "200",
5191
+ "capec": "1000/118/169",
4840
5192
  "confidence": "1"
4841
5193
  },
4842
5194
  "conditions": [
@@ -5072,6 +5424,8 @@
5072
5424
  "tags": {
5073
5425
  "type": "security_scanner",
5074
5426
  "category": "attack_attempt",
5427
+ "cwe": "200",
5428
+ "capec": "1000/118/169",
5075
5429
  "confidence": "1"
5076
5430
  },
5077
5431
  "conditions": [
@@ -5112,6 +5466,8 @@
5112
5466
  "tags": {
5113
5467
  "type": "security_scanner",
5114
5468
  "category": "attack_attempt",
5469
+ "cwe": "200",
5470
+ "capec": "1000/118/169",
5115
5471
  "confidence": "1"
5116
5472
  },
5117
5473
  "conditions": [
@@ -5152,6 +5508,8 @@
5152
5508
  "tags": {
5153
5509
  "type": "security_scanner",
5154
5510
  "category": "attack_attempt",
5511
+ "cwe": "200",
5512
+ "capec": "1000/118/169",
5155
5513
  "confidence": "1"
5156
5514
  },
5157
5515
  "conditions": [
@@ -5192,6 +5550,8 @@
5192
5550
  "tags": {
5193
5551
  "type": "security_scanner",
5194
5552
  "category": "attack_attempt",
5553
+ "cwe": "200",
5554
+ "capec": "1000/118/169",
5195
5555
  "confidence": "1"
5196
5556
  },
5197
5557
  "conditions": [
@@ -5232,6 +5592,8 @@
5232
5592
  "tags": {
5233
5593
  "type": "security_scanner",
5234
5594
  "category": "attack_attempt",
5595
+ "cwe": "200",
5596
+ "capec": "1000/118/169",
5235
5597
  "confidence": "1"
5236
5598
  },
5237
5599
  "conditions": [
@@ -5272,6 +5634,8 @@
5272
5634
  "tags": {
5273
5635
  "type": "security_scanner",
5274
5636
  "category": "attack_attempt",
5637
+ "cwe": "200",
5638
+ "capec": "1000/118/169",
5275
5639
  "confidence": "1"
5276
5640
  },
5277
5641
  "conditions": [
@@ -5312,6 +5676,8 @@
5312
5676
  "tags": {
5313
5677
  "type": "security_scanner",
5314
5678
  "category": "attack_attempt",
5679
+ "cwe": "200",
5680
+ "capec": "1000/118/169",
5315
5681
  "confidence": "1"
5316
5682
  },
5317
5683
  "conditions": [
@@ -5352,6 +5718,8 @@
5352
5718
  "tags": {
5353
5719
  "type": "security_scanner",
5354
5720
  "category": "attack_attempt",
5721
+ "cwe": "200",
5722
+ "capec": "1000/118/169",
5355
5723
  "confidence": "1"
5356
5724
  },
5357
5725
  "conditions": [
@@ -5392,6 +5760,8 @@
5392
5760
  "tags": {
5393
5761
  "type": "ssrf",
5394
5762
  "category": "attack_attempt",
5763
+ "cwe": "918",
5764
+ "capec": "1000/225/115/664",
5395
5765
  "confidence": "1"
5396
5766
  },
5397
5767
  "conditions": [
@@ -5409,6 +5779,9 @@
5409
5779
  },
5410
5780
  {
5411
5781
  "address": "grpc.server.request.message"
5782
+ },
5783
+ {
5784
+ "address": "graphql.server.all_resolvers"
5412
5785
  }
5413
5786
  ],
5414
5787
  "regex": "(?i)^\\W*((http|ftp)s?://)?\\W*((::f{4}:)?(169|(0x)?0*a9|0+251)\\.?(254|(0x)?0*fe|0+376)[0-9a-fx\\.:]+|metadata\\.google\\.internal|metadata\\.goog)\\W*/",
@@ -5428,7 +5801,9 @@
5428
5801
  "name": "Server-side Javascript injection: Try to detect obvious JS injection",
5429
5802
  "tags": {
5430
5803
  "type": "js_code_injection",
5431
- "category": "attack_attempt"
5804
+ "category": "attack_attempt",
5805
+ "cwe": "94",
5806
+ "capec": "1000/152/242"
5432
5807
  },
5433
5808
  "conditions": [
5434
5809
  {
@@ -5445,6 +5820,9 @@
5445
5820
  },
5446
5821
  {
5447
5822
  "address": "grpc.server.request.message"
5823
+ },
5824
+ {
5825
+ "address": "graphql.server.all_resolvers"
5448
5826
  }
5449
5827
  ],
5450
5828
  "regex": "require\\(['\"][\\w\\.]+['\"]\\)|process\\.\\w+\\([\\w\\.]*\\)|\\.toString\\(\\)",
@@ -5465,6 +5843,8 @@
5465
5843
  "tags": {
5466
5844
  "type": "command_injection",
5467
5845
  "category": "attack_attempt",
5846
+ "cwe": "78",
5847
+ "capec": "1000/152/248/88",
5468
5848
  "confidence": "1"
5469
5849
  },
5470
5850
  "conditions": [
@@ -5485,6 +5865,9 @@
5485
5865
  },
5486
5866
  {
5487
5867
  "address": "grpc.server.request.message"
5868
+ },
5869
+ {
5870
+ "address": "graphql.server.all_resolvers"
5488
5871
  }
5489
5872
  ],
5490
5873
  "regex": "(?i)[&|]\\s*type\\s+%\\w+%\\\\+\\w+\\.ini\\s*[&|]"
@@ -5500,6 +5883,8 @@
5500
5883
  "tags": {
5501
5884
  "type": "command_injection",
5502
5885
  "category": "attack_attempt",
5886
+ "cwe": "78",
5887
+ "capec": "1000/152/248/88",
5503
5888
  "confidence": "1"
5504
5889
  },
5505
5890
  "conditions": [
@@ -5520,6 +5905,9 @@
5520
5905
  },
5521
5906
  {
5522
5907
  "address": "grpc.server.request.message"
5908
+ },
5909
+ {
5910
+ "address": "graphql.server.all_resolvers"
5523
5911
  }
5524
5912
  ],
5525
5913
  "regex": "(?i)[&|]\\s*cat\\s*\\/etc\\/[\\w\\.\\/]*passwd\\s*[&|]"
@@ -5537,6 +5925,8 @@
5537
5925
  "tags": {
5538
5926
  "type": "command_injection",
5539
5927
  "category": "attack_attempt",
5928
+ "cwe": "78",
5929
+ "capec": "1000/152/248/88",
5540
5930
  "confidence": "1"
5541
5931
  },
5542
5932
  "conditions": [
@@ -5557,6 +5947,9 @@
5557
5947
  },
5558
5948
  {
5559
5949
  "address": "grpc.server.request.message"
5950
+ },
5951
+ {
5952
+ "address": "graphql.server.all_resolvers"
5560
5953
  }
5561
5954
  ],
5562
5955
  "regex": "(?i)[&|]\\s*timeout\\s+/t\\s+\\d+\\s*[&|]"
@@ -5572,6 +5965,8 @@
5572
5965
  "tags": {
5573
5966
  "type": "ssrf",
5574
5967
  "category": "attack_attempt",
5968
+ "cwe": "918",
5969
+ "capec": "1000/225/115/664",
5575
5970
  "confidence": "1"
5576
5971
  },
5577
5972
  "conditions": [
@@ -5589,6 +5984,9 @@
5589
5984
  },
5590
5985
  {
5591
5986
  "address": "grpc.server.request.message"
5987
+ },
5988
+ {
5989
+ "address": "graphql.server.all_resolvers"
5592
5990
  }
5593
5991
  ],
5594
5992
  "regex": "http(s?):\\/\\/([A-Za-z0-9\\.\\-\\_]+|\\[[A-Fa-f0-9\\:]+\\]|):5986\\/wsman",
@@ -5607,6 +6005,8 @@
5607
6005
  "tags": {
5608
6006
  "type": "ssrf",
5609
6007
  "category": "attack_attempt",
6008
+ "cwe": "918",
6009
+ "capec": "1000/225/115/664",
5610
6010
  "confidence": "0"
5611
6011
  },
5612
6012
  "conditions": [
@@ -5624,6 +6024,9 @@
5624
6024
  },
5625
6025
  {
5626
6026
  "address": "grpc.server.request.message"
6027
+ },
6028
+ {
6029
+ "address": "graphql.server.all_resolvers"
5627
6030
  }
5628
6031
  ],
5629
6032
  "regex": "^(jar:)?(http|https):\\/\\/([0-9oq]{1,5}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}|[0-9]{1,10})(:[0-9]{1,5})?(\\/[^:@]*)?$"
@@ -5641,6 +6044,8 @@
5641
6044
  "tags": {
5642
6045
  "type": "ssrf",
5643
6046
  "category": "attack_attempt",
6047
+ "cwe": "918",
6048
+ "capec": "1000/225/115/664",
5644
6049
  "confidence": "0"
5645
6050
  },
5646
6051
  "conditions": [
@@ -5658,6 +6063,9 @@
5658
6063
  },
5659
6064
  {
5660
6065
  "address": "grpc.server.request.message"
6066
+ },
6067
+ {
6068
+ "address": "graphql.server.all_resolvers"
5661
6069
  }
5662
6070
  ],
5663
6071
  "regex": "^(jar:)?(http|https):\\/\\/((\\[)?[:0-9a-f\\.x]{2,}(\\])?)(:[0-9]{1,5})?(\\/[^:@]*)?$"
@@ -5675,6 +6083,8 @@
5675
6083
  "tags": {
5676
6084
  "type": "ssrf",
5677
6085
  "category": "attack_attempt",
6086
+ "cwe": "918",
6087
+ "capec": "1000/225/115/664",
5678
6088
  "confidence": "1"
5679
6089
  },
5680
6090
  "conditions": [
@@ -5695,6 +6105,9 @@
5695
6105
  },
5696
6106
  {
5697
6107
  "address": "grpc.server.request.message"
6108
+ },
6109
+ {
6110
+ "address": "graphql.server.all_resolvers"
5698
6111
  }
5699
6112
  ],
5700
6113
  "regex": "(http|https):\\/\\/(?:.*\\.)?(?:burpcollaborator\\.net|localtest\\.me|mail\\.ebc\\.apple\\.com|bugbounty\\.dod\\.network|.*\\.[nx]ip\\.io|oastify\\.com|oast\\.(?:pro|live|site|online|fun|me)|sslip\\.io|requestbin\\.com|requestbin\\.net|hookbin\\.com|webhook\\.site|canarytokens\\.com|interact\\.sh|ngrok\\.io|bugbounty\\.click|prbly\\.win|qualysperiscope\\.com|vii.one|act1on3.ru)"
@@ -5710,6 +6123,8 @@
5710
6123
  "tags": {
5711
6124
  "type": "ssrf",
5712
6125
  "category": "attack_attempt",
6126
+ "cwe": "918",
6127
+ "capec": "1000/225/115/664",
5713
6128
  "confidence": "0"
5714
6129
  },
5715
6130
  "conditions": [
@@ -5730,6 +6145,9 @@
5730
6145
  },
5731
6146
  {
5732
6147
  "address": "grpc.server.request.message"
6148
+ },
6149
+ {
6150
+ "address": "graphql.server.all_resolvers"
5733
6151
  }
5734
6152
  ],
5735
6153
  "regex": "^(jar:)?((file|netdoc):\\/\\/[\\\\\\/]+|(dict|gopher|ldap|sftp|tftp):\\/\\/.*:[0-9]{1,5})"
@@ -5747,6 +6165,8 @@
5747
6165
  "tags": {
5748
6166
  "type": "exploit_detection",
5749
6167
  "category": "attack_attempt",
6168
+ "cwe": "94",
6169
+ "capec": "1000/152/242",
5750
6170
  "confidence": "1"
5751
6171
  },
5752
6172
  "conditions": [
@@ -5770,6 +6190,9 @@
5770
6190
  },
5771
6191
  {
5772
6192
  "address": "grpc.server.request.message"
6193
+ },
6194
+ {
6195
+ "address": "graphql.server.all_resolvers"
5773
6196
  }
5774
6197
  ],
5775
6198
  "regex": "\\${[^j]*j[^n]*n[^d]*d[^i]*i[^:]*:[^}]*}"
@@ -5787,6 +6210,8 @@
5787
6210
  "tags": {
5788
6211
  "type": "attack_tool",
5789
6212
  "category": "attack_attempt",
6213
+ "cwe": "200",
6214
+ "capec": "1000/118/169",
5790
6215
  "tool_name": "Joomla exploitation tool",
5791
6216
  "confidence": "1"
5792
6217
  },
@@ -5814,6 +6239,8 @@
5814
6239
  "tags": {
5815
6240
  "type": "attack_tool",
5816
6241
  "category": "attack_attempt",
6242
+ "cwe": "200",
6243
+ "capec": "1000/118/169",
5817
6244
  "tool_name": "Nessus",
5818
6245
  "confidence": "1"
5819
6246
  },
@@ -5841,6 +6268,8 @@
5841
6268
  "tags": {
5842
6269
  "type": "attack_tool",
5843
6270
  "category": "attack_attempt",
6271
+ "cwe": "200",
6272
+ "capec": "1000/118/169",
5844
6273
  "tool_name": "Arachni",
5845
6274
  "confidence": "1"
5846
6275
  },
@@ -5868,6 +6297,8 @@
5868
6297
  "tags": {
5869
6298
  "type": "attack_tool",
5870
6299
  "category": "attack_attempt",
6300
+ "cwe": "200",
6301
+ "capec": "1000/118/169",
5871
6302
  "tool_name": "Jorgee",
5872
6303
  "confidence": "1"
5873
6304
  },
@@ -5895,6 +6326,8 @@
5895
6326
  "tags": {
5896
6327
  "type": "commercial_scanner",
5897
6328
  "category": "attack_attempt",
6329
+ "cwe": "200",
6330
+ "capec": "1000/118/169",
5898
6331
  "tool_name": "Probely",
5899
6332
  "confidence": "0"
5900
6333
  },
@@ -5922,6 +6355,8 @@
5922
6355
  "tags": {
5923
6356
  "type": "attack_tool",
5924
6357
  "category": "attack_attempt",
6358
+ "cwe": "200",
6359
+ "capec": "1000/118/169",
5925
6360
  "tool_name": "Metis",
5926
6361
  "confidence": "1"
5927
6362
  },
@@ -5949,6 +6384,8 @@
5949
6384
  "tags": {
5950
6385
  "type": "attack_tool",
5951
6386
  "category": "attack_attempt",
6387
+ "cwe": "200",
6388
+ "capec": "1000/118/169",
5952
6389
  "tool_name": "SQLPowerInjector",
5953
6390
  "confidence": "1"
5954
6391
  },
@@ -5976,6 +6413,8 @@
5976
6413
  "tags": {
5977
6414
  "type": "attack_tool",
5978
6415
  "category": "attack_attempt",
6416
+ "cwe": "200",
6417
+ "capec": "1000/118/169",
5979
6418
  "tool_name": "N-Stealth",
5980
6419
  "confidence": "1"
5981
6420
  },
@@ -6003,6 +6442,8 @@
6003
6442
  "tags": {
6004
6443
  "type": "attack_tool",
6005
6444
  "category": "attack_attempt",
6445
+ "cwe": "200",
6446
+ "capec": "1000/118/169",
6006
6447
  "tool_name": "Brutus",
6007
6448
  "confidence": "1"
6008
6449
  },
@@ -6030,6 +6471,8 @@
6030
6471
  "tags": {
6031
6472
  "type": "security_scanner",
6032
6473
  "category": "attack_attempt",
6474
+ "cwe": "200",
6475
+ "capec": "1000/118/169",
6033
6476
  "confidence": "1"
6034
6477
  },
6035
6478
  "conditions": [
@@ -6056,6 +6499,8 @@
6056
6499
  "tags": {
6057
6500
  "type": "commercial_scanner",
6058
6501
  "category": "attack_attempt",
6502
+ "cwe": "200",
6503
+ "capec": "1000/118/169",
6059
6504
  "tool_name": "Netsparker",
6060
6505
  "confidence": "0"
6061
6506
  },
@@ -6083,6 +6528,8 @@
6083
6528
  "tags": {
6084
6529
  "type": "attack_tool",
6085
6530
  "category": "attack_attempt",
6531
+ "cwe": "200",
6532
+ "capec": "1000/118/169",
6086
6533
  "tool_name": "JAASCois",
6087
6534
  "confidence": "1"
6088
6535
  },
@@ -6110,6 +6557,8 @@
6110
6557
  "tags": {
6111
6558
  "type": "attack_tool",
6112
6559
  "category": "attack_attempt",
6560
+ "cwe": "200",
6561
+ "capec": "1000/118/169",
6113
6562
  "tool_name": "Nsauditor",
6114
6563
  "confidence": "1"
6115
6564
  },
@@ -6137,6 +6586,8 @@
6137
6586
  "tags": {
6138
6587
  "type": "attack_tool",
6139
6588
  "category": "attack_attempt",
6589
+ "cwe": "200",
6590
+ "capec": "1000/118/169",
6140
6591
  "tool_name": "Paros",
6141
6592
  "confidence": "1"
6142
6593
  },
@@ -6164,6 +6615,8 @@
6164
6615
  "tags": {
6165
6616
  "type": "attack_tool",
6166
6617
  "category": "attack_attempt",
6618
+ "cwe": "200",
6619
+ "capec": "1000/118/169",
6167
6620
  "tool_name": "DirBuster",
6168
6621
  "confidence": "1"
6169
6622
  },
@@ -6191,6 +6644,8 @@
6191
6644
  "tags": {
6192
6645
  "type": "attack_tool",
6193
6646
  "category": "attack_attempt",
6647
+ "cwe": "200",
6648
+ "capec": "1000/118/169",
6194
6649
  "tool_name": "Pangolin",
6195
6650
  "confidence": "1"
6196
6651
  },
@@ -6218,6 +6673,8 @@
6218
6673
  "tags": {
6219
6674
  "type": "commercial_scanner",
6220
6675
  "category": "attack_attempt",
6676
+ "cwe": "200",
6677
+ "capec": "1000/118/169",
6221
6678
  "tool_name": "Qualys",
6222
6679
  "confidence": "0"
6223
6680
  },
@@ -6245,6 +6702,8 @@
6245
6702
  "tags": {
6246
6703
  "type": "attack_tool",
6247
6704
  "category": "attack_attempt",
6705
+ "cwe": "200",
6706
+ "capec": "1000/118/169",
6248
6707
  "tool_name": "SQLNinja",
6249
6708
  "confidence": "1"
6250
6709
  },
@@ -6272,6 +6731,8 @@
6272
6731
  "tags": {
6273
6732
  "type": "attack_tool",
6274
6733
  "category": "attack_attempt",
6734
+ "cwe": "200",
6735
+ "capec": "1000/118/169",
6275
6736
  "tool_name": "Nikto",
6276
6737
  "confidence": "1"
6277
6738
  },
@@ -6299,6 +6760,8 @@
6299
6760
  "tags": {
6300
6761
  "type": "attack_tool",
6301
6762
  "category": "attack_attempt",
6763
+ "cwe": "200",
6764
+ "capec": "1000/118/169",
6302
6765
  "tool_name": "BlackWidow",
6303
6766
  "confidence": "1"
6304
6767
  },
@@ -6326,6 +6789,8 @@
6326
6789
  "tags": {
6327
6790
  "type": "attack_tool",
6328
6791
  "category": "attack_attempt",
6792
+ "cwe": "200",
6793
+ "capec": "1000/118/169",
6329
6794
  "tool_name": "Grendel-Scan",
6330
6795
  "confidence": "1"
6331
6796
  },
@@ -6353,6 +6818,8 @@
6353
6818
  "tags": {
6354
6819
  "type": "attack_tool",
6355
6820
  "category": "attack_attempt",
6821
+ "cwe": "200",
6822
+ "capec": "1000/118/169",
6356
6823
  "tool_name": "Havij",
6357
6824
  "confidence": "1"
6358
6825
  },
@@ -6380,6 +6847,8 @@
6380
6847
  "tags": {
6381
6848
  "type": "attack_tool",
6382
6849
  "category": "attack_attempt",
6850
+ "cwe": "200",
6851
+ "capec": "1000/118/169",
6383
6852
  "tool_name": "w3af",
6384
6853
  "confidence": "1"
6385
6854
  },
@@ -6407,6 +6876,8 @@
6407
6876
  "tags": {
6408
6877
  "type": "attack_tool",
6409
6878
  "category": "attack_attempt",
6879
+ "cwe": "200",
6880
+ "capec": "1000/118/169",
6410
6881
  "tool_name": "Nmap",
6411
6882
  "confidence": "1"
6412
6883
  },
@@ -6434,6 +6905,8 @@
6434
6905
  "tags": {
6435
6906
  "type": "attack_tool",
6436
6907
  "category": "attack_attempt",
6908
+ "cwe": "200",
6909
+ "capec": "1000/118/169",
6437
6910
  "tool_name": "Nessus",
6438
6911
  "confidence": "1"
6439
6912
  },
@@ -6461,6 +6934,8 @@
6461
6934
  "tags": {
6462
6935
  "type": "attack_tool",
6463
6936
  "category": "attack_attempt",
6937
+ "cwe": "200",
6938
+ "capec": "1000/118/169",
6464
6939
  "tool_name": "EvilScanner",
6465
6940
  "confidence": "1"
6466
6941
  },
@@ -6488,6 +6963,8 @@
6488
6963
  "tags": {
6489
6964
  "type": "attack_tool",
6490
6965
  "category": "attack_attempt",
6966
+ "cwe": "200",
6967
+ "capec": "1000/118/169",
6491
6968
  "tool_name": "WebFuck",
6492
6969
  "confidence": "1"
6493
6970
  },
@@ -6515,6 +6992,8 @@
6515
6992
  "tags": {
6516
6993
  "type": "attack_tool",
6517
6994
  "category": "attack_attempt",
6995
+ "cwe": "200",
6996
+ "capec": "1000/118/169",
6518
6997
  "tool_name": "OpenVAS",
6519
6998
  "confidence": "1"
6520
6999
  },
@@ -6542,6 +7021,8 @@
6542
7021
  "tags": {
6543
7022
  "type": "attack_tool",
6544
7023
  "category": "attack_attempt",
7024
+ "cwe": "200",
7025
+ "capec": "1000/118/169",
6545
7026
  "tool_name": "Spider-Pig",
6546
7027
  "confidence": "1"
6547
7028
  },
@@ -6569,6 +7050,8 @@
6569
7050
  "tags": {
6570
7051
  "type": "attack_tool",
6571
7052
  "category": "attack_attempt",
7053
+ "cwe": "200",
7054
+ "capec": "1000/118/169",
6572
7055
  "tool_name": "Zgrab",
6573
7056
  "confidence": "1"
6574
7057
  },
@@ -6596,6 +7079,8 @@
6596
7079
  "tags": {
6597
7080
  "type": "attack_tool",
6598
7081
  "category": "attack_attempt",
7082
+ "cwe": "200",
7083
+ "capec": "1000/118/169",
6599
7084
  "tool_name": "Zmeu",
6600
7085
  "confidence": "1"
6601
7086
  },
@@ -6623,6 +7108,8 @@
6623
7108
  "tags": {
6624
7109
  "type": "commercial_scanner",
6625
7110
  "category": "attack_attempt",
7111
+ "cwe": "200",
7112
+ "capec": "1000/118/169",
6626
7113
  "tool_name": "GoogleSecurityScanner",
6627
7114
  "confidence": "0"
6628
7115
  },
@@ -6650,6 +7137,8 @@
6650
7137
  "tags": {
6651
7138
  "type": "attack_tool",
6652
7139
  "category": "attack_attempt",
7140
+ "cwe": "200",
7141
+ "capec": "1000/118/169",
6653
7142
  "tool_name": "Commix",
6654
7143
  "confidence": "1"
6655
7144
  },
@@ -6677,6 +7166,8 @@
6677
7166
  "tags": {
6678
7167
  "type": "attack_tool",
6679
7168
  "category": "attack_attempt",
7169
+ "cwe": "200",
7170
+ "capec": "1000/118/169",
6680
7171
  "tool_name": "Gobuster",
6681
7172
  "confidence": "1"
6682
7173
  },
@@ -6704,6 +7195,8 @@
6704
7195
  "tags": {
6705
7196
  "type": "attack_tool",
6706
7197
  "category": "attack_attempt",
7198
+ "cwe": "200",
7199
+ "capec": "1000/118/169",
6707
7200
  "tool_name": "CGIchk",
6708
7201
  "confidence": "1"
6709
7202
  },
@@ -6731,6 +7224,8 @@
6731
7224
  "tags": {
6732
7225
  "type": "attack_tool",
6733
7226
  "category": "attack_attempt",
7227
+ "cwe": "200",
7228
+ "capec": "1000/118/169",
6734
7229
  "tool_name": "FFUF",
6735
7230
  "confidence": "1"
6736
7231
  },
@@ -6758,6 +7253,8 @@
6758
7253
  "tags": {
6759
7254
  "type": "attack_tool",
6760
7255
  "category": "attack_attempt",
7256
+ "cwe": "200",
7257
+ "capec": "1000/118/169",
6761
7258
  "tool_name": "Nuclei",
6762
7259
  "confidence": "1"
6763
7260
  },
@@ -6785,6 +7282,8 @@
6785
7282
  "tags": {
6786
7283
  "type": "attack_tool",
6787
7284
  "category": "attack_attempt",
7285
+ "cwe": "200",
7286
+ "capec": "1000/118/169",
6788
7287
  "tool_name": "Tsunami",
6789
7288
  "confidence": "1"
6790
7289
  },
@@ -6812,6 +7311,8 @@
6812
7311
  "tags": {
6813
7312
  "type": "attack_tool",
6814
7313
  "category": "attack_attempt",
7314
+ "cwe": "200",
7315
+ "capec": "1000/118/169",
6815
7316
  "tool_name": "Nimbostratus",
6816
7317
  "confidence": "1"
6817
7318
  },
@@ -6839,6 +7340,8 @@
6839
7340
  "tags": {
6840
7341
  "type": "security_scanner",
6841
7342
  "category": "attack_attempt",
7343
+ "cwe": "200",
7344
+ "capec": "1000/118/169",
6842
7345
  "tool_name": "Datadog Canary Test",
6843
7346
  "confidence": "1"
6844
7347
  },
@@ -6872,6 +7375,8 @@
6872
7375
  "tags": {
6873
7376
  "type": "attack_tool",
6874
7377
  "category": "attack_attempt",
7378
+ "cwe": "200",
7379
+ "capec": "1000/118/169",
6875
7380
  "tool_name": "Datadog Canary Test",
6876
7381
  "confidence": "1"
6877
7382
  },
@@ -6908,6 +7413,8 @@
6908
7413
  "tags": {
6909
7414
  "type": "commercial_scanner",
6910
7415
  "category": "attack_attempt",
7416
+ "cwe": "200",
7417
+ "capec": "1000/118/169",
6911
7418
  "tool_name": "AlertLogic",
6912
7419
  "confidence": "0"
6913
7420
  },
@@ -6935,6 +7442,8 @@
6935
7442
  "tags": {
6936
7443
  "type": "attack_tool",
6937
7444
  "category": "attack_attempt",
7445
+ "cwe": "200",
7446
+ "capec": "1000/118/169",
6938
7447
  "tool_name": "wfuzz",
6939
7448
  "confidence": "1"
6940
7449
  },
@@ -6962,6 +7471,8 @@
6962
7471
  "tags": {
6963
7472
  "type": "commercial_scanner",
6964
7473
  "category": "attack_attempt",
7474
+ "cwe": "200",
7475
+ "capec": "1000/118/169",
6965
7476
  "tool_name": "Detectify",
6966
7477
  "confidence": "0"
6967
7478
  },
@@ -6989,6 +7500,8 @@
6989
7500
  "tags": {
6990
7501
  "type": "attack_tool",
6991
7502
  "category": "attack_attempt",
7503
+ "cwe": "200",
7504
+ "capec": "1000/118/169",
6992
7505
  "tool_name": "BSQLBF",
6993
7506
  "confidence": "1"
6994
7507
  },
@@ -7016,6 +7529,8 @@
7016
7529
  "tags": {
7017
7530
  "type": "attack_tool",
7018
7531
  "category": "attack_attempt",
7532
+ "cwe": "200",
7533
+ "capec": "1000/118/169",
7019
7534
  "tool_name": "masscan",
7020
7535
  "confidence": "1"
7021
7536
  },
@@ -7043,6 +7558,8 @@
7043
7558
  "tags": {
7044
7559
  "type": "attack_tool",
7045
7560
  "category": "attack_attempt",
7561
+ "cwe": "200",
7562
+ "capec": "1000/118/169",
7046
7563
  "tool_name": "WPScan",
7047
7564
  "confidence": "1"
7048
7565
  },
@@ -7070,6 +7587,8 @@
7070
7587
  "tags": {
7071
7588
  "type": "commercial_scanner",
7072
7589
  "category": "attack_attempt",
7590
+ "cwe": "200",
7591
+ "capec": "1000/118/169",
7073
7592
  "tool_name": "Aon",
7074
7593
  "confidence": "0"
7075
7594
  },
@@ -7097,6 +7616,8 @@
7097
7616
  "tags": {
7098
7617
  "type": "security_scanner",
7099
7618
  "category": "attack_attempt",
7619
+ "cwe": "200",
7620
+ "capec": "1000/118/169",
7100
7621
  "confidence": "1"
7101
7622
  },
7102
7623
  "conditions": [
@@ -7126,6 +7647,8 @@
7126
7647
  "tags": {
7127
7648
  "type": "attack_tool",
7128
7649
  "category": "attack_attempt",
7650
+ "cwe": "200",
7651
+ "capec": "1000/118/169",
7129
7652
  "tool_name": "SQLmap",
7130
7653
  "confidence": "1"
7131
7654
  },
@@ -7153,6 +7676,8 @@
7153
7676
  "tags": {
7154
7677
  "type": "attack_tool",
7155
7678
  "category": "attack_attempt",
7679
+ "cwe": "200",
7680
+ "capec": "1000/118/169",
7156
7681
  "tool_name": "Skipfish",
7157
7682
  "confidence": "1"
7158
7683
  },