messages_en_US.properties

EMPTY_LABEL=

# Exception Code Labels
INVALID_END_POINT=Following {0} end point is not available. Please check endpoint name from allEndPoint call and try again.
INVALID_LEVEL=Following {0} level is not a valid level value. Please check supported level and endpoint from allEndPoint call and try again.
UNAVAILABLE_LEVEL=Following {0} level in {1} endpoint is not available. Please check supported level and endpoint from allEndPoint call and try again.
INVALID_ACCESS=Following {0} method is not accessible. Reasons might be improper visibility or improper method definition. please check logs.
INVALID_AGRUMENTS=Following {0} method is not passed right set of arguments. please check logs.
SYSTEM_ERROR=System Error Occurred. please check logs.

# XSS based Injections
XSS_VULNERABILITY=Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into \
otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code,\
 generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed\
  are quite widespread and occur anywhere a web application uses input from a user within the output \
  it generates without validating or encoding it. <br/> <br/> An attacker can use XSS to send a malicious script to an unsuspecting user.\
  The end user\u2019s browser has no way to know that the script should not be trusted, and will execute the script.\
   Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens,\
    or other sensitive information retained by the browser and used with that site. These scripts can even rewrite the content\
     of the HTML page. <br/><br/> For more information on XSS: <ol><li><a href="https://owasp.org/www-community/attacks/xss/" target="_blank">Owasp XSS</a> \
     <li><a href="https://www.google.com/about/appsecurity/learning/xss/" target="_blank">Google Application Security</a></ol>
   
### Persistent XSS in Html tag injection
PERSISTENT_XSS_HTML_TAG_URL_CONTAINING_COMMENT=User comments are passed in a url parameter named \"comment\" 
#### AttackVector description
PERSISTENT_XSS_HTML_TAG_URL_PARAM_DIRECTLY_INJECTED_IN_DIV_TAG=\"comment\" query param's value is directly added to \"div\" tag.
PERSISTENT_XSS_HTML_TAG_URL_PARAM_DIRECTLY_INJECTED_IN_DIV_TAG_REPLACING_IMG_AND_INPUT_TAG=\"comment\" query param's value is directly added to \"div\" tag after replacing "<img" and "<input" tags.
PERSISTENT_XSS_HTML_TAG_URL_PARAM_DIRECTLY_INJECTED_IN_DIV_TAG_REPLACING_IMG_AND_INPUT_TAG_CASE_INSENSITIVE=\"comment\" query param's value is directly added to \"div\" tag after replacing case insensitive "<img" and "<input" tags.
PERSISTENT_XSS_HTML_TAG_URL_PARAM_DIRECTLY_INJECTED_IN_DIV_TAG_IF_NOT_CONTAINING_ANGLE_BRACKETS=\"comment\" query param's value is directly added to \"div\" tag after replacing "<" and ">" brackets.
PERSISTENT_XSS_HTML_TAG_URL_PARAM_DIRECTLY_INJECTED_IN_DIV_TAG_AFTER_HTML_ESCAPING=\"comment\" query param's value is directly added to \"div\" tag after HTML escaping.

PERSISTENT_XSS_HTML_TAG_URL_PARAM_DIRECTLY_INJECTED_IN_DIV_TAG_REPLACING_IMG_AND_INPUT_TAG_IF_TAGS_ARE_PRESENT_BEFORE_NULL_BYTE=\"comment\" query param's value is directly added to \"div\" tag after replacing "<img" and "<input" tags if these tags are present before Null Byte.
PERSISTENT_XSS_HTML_TAG_URL_PARAM_DIRECTLY_INJECTED_IN_DIV_TAG_REPLACING_IMG_AND_INPUT_TAG_CASE_INSENSITIVEIF_TAGS_ARE_PRESENT_BEFORE_NULL_BYTE=\"comment\" query param's value is directly added to \"div\" tag after replacing case insensitive "<img" and "<input" tags if these tags are present before Null Byte.
PERSISTENT_XSS_HTML_TAG_URL_PARAM_DIRECTLY_INJECTED_IN_DIV_TAG_AFTER_HTML_ESCAPING_POST_CONTENT_BEFORE_NULL_BYTE=\"comment\" query param's value is directly added to \"div\" tag after HTML escaping the content present before Null Byte and other portion is left as is.

     
## Image Tag Injections
XSS_IMAGE_TAG_INJECTION=$XSS_VULNERABILITY <br\> This vulnerability is related to Image Tag having XSS attacks. If ..
### How the Input is passed to the application
URL_PARAMETER_CONTAINING_IMAGE_NAME_ALL_PARAMETER_CONSIDERED=Image name is passed as a URL parameter to the application. It is not dependent on the query parameter name as all the sent query parameters are considered.
#### Attack Vector Description
XSS_DIRECT_INPUT_SRC_ATTRIBUTE_IMG_TAG=Url Parameters are added directly into the src attribute of Image Tag.
XSS_QUOTES_ON_INPUT_SRC_ATTRIBUTE_IMG_TAG=Quotes are added to Url Parameters and then directly added into the src attribute of Image Tag
XSS_HTML_ESCAPE_ON_DIRECT_INPUT_SRC_ATTRIBUTE_IMG_TAG=HTML escaping is done on the Url Parameters and then directly added into the src attribute of Image Tag
XSS_HTML_ESCAPE_ON_DIRECT_INPUT_AND_REMOVAL_OF_VALUES_WITH_PARENTHESIS_SRC_ATTRIBUTE_IMG_TAG=HTML escaping along with removal of values containing paranthesis is done on the Url Parameters and then directly added into the src attribute of Image Tag.
XSS_QUOTES_AND_WITH_HTML_ESCAPE_ON_INPUT_SRC_ATTRIBUTE_IMG_TAG=HTML escaping is done on the Url Parameters and then inserted inside Quotes into the src attribute of Image Tag.
XSS_HTML_ESCAPE_PLUS_FILTERING_ON_INPUT_SRC_ATTRIBUTE_IMG_TAG_BUT_NULL_BYTE_VULNERABLE=Url Parameters are HTML escaped, validated against whitelist of filenames and inserted into the src attribute of Image Tag, However validator for validating filenames is vulnerable with Null Byte Injection.
XSS_QUOTES_AND_WITH_HTML_ESCAPE_PLUS_FILTERING_ON_INPUT_SRC_ATTRIBUTE_IMG_TAG=Url Parameters are HTML escaped, validated against whitelist of filenames and inserted inside Quotes into the src attribute of Image Tag.

## Html Tag Injection
XSS_HTML_TAG_INJECTION=Html Tag based XSS attack.
XSS_DIRECT_INPUT_DIV_TAG=Html Tag is directly injected into div tag.

### How the Input is passed to the application
URL_PARAMETER_CONTAINING_HTML_TAG_ALL_PARAMETER_CONSIDERED=Input passed as a URL parameter to the application will be shown in bold characters. It is not dependent on query parameter name as all the sent query parameters are considered.
### Attack vectors
XSS_DIRECT_INPUT_DIV_TAG=Url Parameters are added directly into div tag.
XSS_DIRECT_INPUT_DIV_TAG_AFTER_REMOVING_VALUES_CONTAINING_ANCHOR_SCRIPT_AND_IMG_TAG=Url Parameters are added directly into the div tag if they are not having Script/Image and Anchor tag.
XSS_DIRECT_INPUT_DIV_TAG_AFTER_REMOVING_VALUES_CONTAINING_ANCHOR_SCRIPT_IMG_TAG_AND_ALERT_KEYWORD=Url Parameters are added directly into the div tag if they are not having Script/Image/Anchor tag and Javascript and Alert keywords.

# URL Redirection
## Location Header Injection
OPEN_REDIRECTION_VULNERABILITY_3XX_BASED=Open redirection vulnerabilities arise when an application incorporates user-controllable \
data into the target of a redirection in an unsafe way.<br/> An attacker can construct a URL within the application that \
causes a redirection to an arbitrary external domain. This behavior can be leveraged to facilitate phishing attacks against users of the application.<br/> \
The ability to use an authentic application URL, targeting the correct domain and with a valid SSL certificate (if SSL is used), lends credibility to \
the phishing attack because many users, even if they verify these features, will not notice the subsequent redirection to a different domain. \
<br/><br/> <a href="https://www.w3.org/Protocols/rfc2616/rfc2616.html">RFC 2616 - "Hypertext Transfer Protocol - HTTP/1.1" target="_blank"</a> defines a variety\
 of 3xx status codes that will cause a browser to redirect to a specified location and this implementation is based on 3xx status codes <br/><br/>\
 Important Links:<ol>\
 <li><a href="http://projects.webappsec.org/w/page/13246981/URL%20Redirector%20Abuse" target="_blank">WASC-38</a><br/></li>\
 <li><a href="https://cwe.mitre.org/data/definitions/601.html" target="_blank">CWE-601</a><br/></li>\
 <li><a href="https://portswigger.net/kb/issues/00500100_open-redirection-reflected" target="_blank">Port Swigger's vulnerability documentation</a><br/></li>\
 <li><a href="https://en.wikipedia.org/wiki/URL_redirection" target="_blank">Wiki link for describing the purpose of URL Redirection</a></li>\
 <li><a href="https://github.com/payloadbox/open-redirect-payload-list" target="_blank">Open Redirection payload list</a></li>\
 <li><a href="https://appsec-labs.com/portal/case-study-open-redirect/" target="_blank">Adding domain as prefix case study</a></li>\
 </ol>\
 Some myths: <a href="https://security.stackexchange.com/questions/59517/are-url-shorteners-vulnerable-due-to-open-redirects" target="_blank">Are URL shorteners \u201Cvulnerable\u201D due to open redirects?</a><br/>

OPEN_REDIRECT_RETURN_TO_PARAMETER_CONTAINING_REDIRECTION_URL=Url to redirect is passed as a query parameter named \"returnTo\".
OPEN_REDIRECT_QUERY_PARAM_DIRECTLY_ADD_TO_LOCATION_HEADER=\"returnTo\" query parameter's value is directly added to the \"Location\" header.
OPEN_REDIRECT_QUERY_PARAM_DIRECTLY_ADD_TO_LOCATION_HEADER_IF_NOT_HTTP_HTTPS_OR_DOMAIN_IS_SAME=\"returnTo\" query parameter's value is directly added to the \"Location\" header if it doesn't starts with \"http\" and \"https\" or domain is same as the application.
OPEN_REDIRECT_QUERY_PARAM_DIRECTLY_ADD_TO_LOCATION_HEADER_IF_NOT_HTTP_HTTPS_//_OR_DOMAIN_IS_SAME=\"returnTo\" query parameter's value is directly added to the \"Location\" header if it doesn't starts with \"http\", \"https\" and "//" or domain is same as the application.
OPEN_REDIRECT_QUERY_PARAM_DIRECTLY_ADD_TO_LOCATION_HEADER_IF_NOT_HTTP_HTTPS_//_NULL_BYTE_OR_DOMAIN_IS_SAME=\"returnTo\" query parameter's value is directly added to the \"Location\" header if it doesn't starts with \"http\", \"https\", "//" and Null Byte or domain is same as the application.
OPEN_REDIRECT_QUERY_PARAM_DIRECTLY_ADD_TO_LOCATION_HEADER_IF_NOT_HTTP_HTTPS_//_%_OR_DOMAIN_IS_SAME=\"returnTo\" query parameter's value is directly added to the \"Location\" header if it doesn't starts with \"http\", \"https\", "//" and character less than ascii value 33 or domain is same as the application.
OPEN_REDIRECT_QUERY_PARAM_DIRECTLY_ADDED_TO_LOCATION_HEADER_BY_ADDING_DOMAIN_AS_PREFIX=\"returnTo\" query parameter's value is directly added to the \"Location\" header by prefixing it will applications domain name.


## Meta Tag based URL Redirection
OPEN_REDIRECTION_VULNERABILITY_META_TAG_BASED=Open redirection vulnerabilities arise when an application incorporates user-controllable \
data into the target of a redirection in an unsafe way.<br/> An attacker can construct a URL within the application that \
causes a redirection to an arbitrary external domain. This behavior can be leveraged to facilitate phishing attacks against users of the application.<br/> \
The ability to use an authentic application URL, targeting the correct domain and with a valid SSL certificate (if SSL is used), lends credibility to \
the phishing attack because many users, even if they verify these features, will not notice the subsequent redirection to a different domain. \
<br/><br/> An HTML meta element which specifies the time in seconds before the browser is to refresh the page. \
Providing an alternate URI allows the element to be used as a timed URL redirector. \
For example, in the following example the browser will redirect to example.com after 5 seconds: <br/> \
          &lt;meta http-equiv=&quot;refresh&quot; content=&quot;5;url=http://example.com&quot;&gt; <br/><br/>\
 Important Links:<ol>\
 <li><a href="http://projects.webappsec.org/w/page/13246981/URL%20Redirector%20Abuse" target="_blank">WASC-38</a><br/></li>\
 <li><a href="https://cwe.mitre.org/data/definitions/601.html" target="_blank">CWE-601</a><br/></li>\
 <li><a href="https://portswigger.net/kb/issues/00500100_open-redirection-reflected" target="_blank">Port Swigger's vulnerability documentation</a><br/></li>\
 <li><a href="https://en.wikipedia.org/wiki/URL_redirection" target="_blank">Wiki link for describing the purpose of URL Redirection</a></li>\
 <li><a href="https://github.com/payloadbox/open-redirect-payload-list" target="_blank">Open Redirection payload list</a></li>\
 <li><a href="https://appsec-labs.com/portal/case-study-open-redirect/" target="_blank">Adding domain as prefix case study</a></li>\
 </ol>\
 Some myths: <a href="https://security.stackexchange.com/questions/59517/are-url-shorteners-vulnerable-due-to-open-redirects" target="_blank">Are URL shorteners \u201Cvulnerable\u201D due to open redirects?</a><br/>


URL_REDIRECTION_META_TAG_BASED_INJECTION=Meta Tag based Url Redirection.
URL_REDIRECTION_URL_PARAMETER_INJECTION_INTO_META_TAG=Url Parameter is directly added to Meta Tag.



# UNRESTRICTED_FILE_UPLOAD_VULNERABILITY
UNRESTRICTED_FILE_UPLOAD_VULNERABILITY=Uploaded files represent a significant risk to applications. The first step in many attacks is to get some code to the system to be attacked. Then the attack only needs to find a way to get the code executed.\
<br/>The consequences of unrestricted file upload can vary, including complete system takeover, an overloaded file system or database, forwarding attacks to back-end systems, client-side attacks, or simple defacement. It depends on what the application does with the uploaded file and especially where it is stored.\
<br/><br/>\
Important Links:<br/>\
<ol> <li> <a href="https://owasp.org/www-community/vulnerabilities/Unrestricted_File_Upload" target="_blank">Owasp Wiki Link</a>  \
 <li> <a href="https://www.youtube.com/watch?v=CmF9sEyKZNo" target="_blank">Ebrahim Hegazy talk on Unrestricted File Uploads</a> \
 <li> <a href="https://www.sans.org/blog/8-basic-rules-to-implement-secure-file-uploads/" target="_blank">Sans rules to implement secure file uploads</a> \
</ol>

UNRESTRICTED_FILE_UPLOADED_POST_CALL=Uploaded files are passed as Http POST method.
#### Attack Vector Description
UNRESTRICTED_FILE_UPLOAD_NO_VALIDATION_FILE_NAME=There is no validation on uploaded file's name.
UNRESTRICTED_FILE_UPLOAD_IF_NOT_HTML_FILE_EXTENSION=All file extensions are allowed except .html extensions.
UNRESTRICTED_FILE_UPLOAD_IF_NOT_HTML_NOT_HTM_FILE_EXTENSION=All file extensions are allowed except .html and .htm extensions.
UNRESTRICTED_FILE_UPLOAD_IF_NOT_HTML_NOT_HTM_FILE_EXTENSION_CASE_INSENSITIVE=All file extensions are allowed except case insensitive .html, .htm extensions.
UNRESTRICTED_FILE_UPLOAD_IF_FILE_NAME_NOT_CONTAINS_.PNG_OR_.JPEG_CASE_INSENSITIVE=Only file name is allowed if it contains case insensitive .jpeg or .png.
UNRESTRICTED_FILE_UPLOAD_IF_FILE_NAME_NOT_ENDS_WITH_.PNG_OR_.JPEG_CASE_INSENSITIVE_AND_FILE_NAMES_CONSIDERED_BEFORE_NULL_BYTE=Only file name is allowed if it ends with case insensitive .jpeg or .png and it is considered before Null Bytes only.
UNRESTRICTED_FILE_UPLOAD_IF_FILE_NAME_NOT_ENDS_WITH_.PNG_OR_.JPEG_CASE_INSENSITIVE=Only file name is allowed if it ends with case insensitive .jpeg or .png.


# XXE Vulnerability
XXE_VULNERABILITY=An XML External Entity attack is a type of attack against an \
application that parses XML input. This attack occurs when XML input containing \
a reference to an external entity is processed by a weakly configured XML parser. \
This attack may lead to the disclosure of confidential data, denial of service, \
server side request forgery, port scanning from the perspective of the machine where \
the parser is located, and other system impacts.\
<br/><br/>\
Important Links:<br/>\
<ol> <li> <a href="https://owasp.org/www-community/vulnerabilities/XML_External_Entity_(XXE)_Processing" target="_blank">Owasp Wiki Link</a>  \
 <li> <a href="https://www.youtube.com/watch?v=DREgLWZqMWg" target="_blank">HackHappy's video tutorial</a> \
 <li> <a href="https://medium.com/@onehackman/exploiting-xml-external-entity-xxe-injections-b0e3eac388f9" target="_blank">Medium article by OneHackMan</a>\
 <li> <a href="https://portswigger.net/web-security/xxe" target="_blank">Portswigger XXE documentation</a> \
 <li> <a href="https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.md1" target="_blank">Owasp Prevention cheat sheet</a>\
</ol>
XML_CONTAINING_BOOK_ENTITY_INFORMATION=Book information is passed as an XML.
#### Attack Vector Description
XXE_NO_VALIDATION=There is no validation on the XML passed in request body.
XXE_DISABLE_GENERAL_ENTITY=Parser is disabled from processing general external entities.
XXE_DISABLE_GENERAL_AND_PARAMETER_ENTITY=Parser is disabled from processing general and parameter entities.

# Path Traversal Attack
PATH_TRAVERSAL_VULNERABILITY=A directory traversal (or path traversal) consists in exploiting insufficient security validation/sanitization of user-supplied input file names,\
such that characters representing "traverse to parent directory" are passed through to the file APIs.\
<br/><br/>\
The goal of this attack is to use an affected application to gain unauthorized access to the file system. <br/><br/>\
Important Links:<br/>\
<ol> <li> <a href="https://en.wikipedia.org/wiki/Directory_traversal_attack" target="_blank">Wiki Link</a>  \
 <li> <a href="https://owasp.org/www-community/attacks/Path_Traversal" target="_blank">Owasp Wiki Link</a> \
</ol>

PATH_TRAVERSAL_URL_CONTAINING_FILENAME=File Name is passed in the URL parameter named \"fileName\"

#### AttackVector description
PATH_TRAVERSAL_URL_PARAM_DIRECTLY_INJECTED=\"fileName\" query param's value is directly appended to path to read the file.
PATH_TRAVERSAL_URL_PARAM_IF_PARENT_DIRECTORY_PATH_NOT_PRESENT_DIRECTLY_INJECTED=\"fileName\" query param's value is directly appended if it doesn't contains "../".
PATH_TRAVERSAL_URL_PARAM_IF_DOT_DOT_PATH_NOT_PRESENT_DIRECTLY_INJECTED=\"fileName\" query param's value is directly appended if it doesn't contains "..".
PATH_TRAVERSAL_URL_PARAM_IF_DOT_DOT_PATH_OR_%2F_NOT_PRESENT_DIRECTLY_INJECTED=\"fileName\" query param's value is directly appended if it doesn't contains ".." or "%2f" which is URL encoding of "/".
PATH_TRAVERSAL_URL_PARAM_IF_DOT_DOT_PATH_OR_%2F_CASE_INSENSITIVE_NOT_PRESENT_DIRECTLY_INJECTED=\"fileName\" query param's value is directly appended if it doesn't contains ".." or "%2f" or "%2F" which is URL encoding of "/".
PATH_TRAVERSAL_URL_PARAM_IF_DOT_DOT_PATH_WITH_OR_WITHOUT_URL_ENCODING_NOT_PRESENT_DIRECTLY_INJECTED=\"fileName\" query param's value is directly appended if it doesn't contains "..", takes care of URL encoding too.

PATH_TRAVERSAL_URL_PARAM_BEFORE_NULL_BYTE_DIRECTLY_INJECTED=\"fileName\" query param's value before Null Byte is directly appended to path to read the file.
PATH_TRAVERSAL_URL_PARAM_BEFORE_NULL_BYTE_IF_PARENT_DIRECTORY_PATH_NOT_PRESENT_DIRECTLY_INJECTED=\"fileName\" query param's value before Null Byte is directly appended if it doesn't contains "../".
PATH_TRAVERSAL_URL_PARAM_BEFORE_NULL_BYTE_IF_DOT_DOT_PATH_NOT_PRESENT_DIRECTLY_INJECTED=\"fileName\" query param's value before Null Byte is directly appended if it doesn't contains "..".
PATH_TRAVERSAL_URL_PARAM_BEFORE_NULL_BYTE_IF_DOT_DOT_PATH_OR_%2F_NOT_PRESENT_DIRECTLY_INJECTED=\"fileName\" query param's value before Null Byte is directly appended if it doesn't contains ".." or "%2f" which is URL encoding of "/".
PATH_TRAVERSAL_URL_PARAM_BEFORE_NULL_BYTE_IF_DOT_DOT_PATH_OR_%2F_CASE_INSENSITIVE_NOT_PRESENT_DIRECTLY_INJECTED=\"fileName\" query param's value before Null Byte is directly appended if it doesn't contains ".." or "%2f" or "%2F" which is URL encoding of "/".
PATH_TRAVERSAL_URL_PARAM_BEFORE_NULL_BYTE_IF_DOT_DOT_PATH_WITH_OR_WITHOUT_URL_ENCODING_NOT_PRESENT_DIRECTLY_INJECTED=\"fileName\" query param's value before Null Byte is directly appended if it doesn't contains "..", takes care of URL encoding too.


# Command Injection Attack
COMMAND_INJECTION_VULNERABILITY=Command injection is an attack in which the goal is execution of arbitrary commands on the host operating system \
via a vulnerable application. Command injection attacks are possible when an application passes unsafe user supplied data (forms, cookies, HTTP headers etc.) \
to a system shell. In this attack, the attacker-supplied operating system commands are usually executed with the privileges of the vulnerable application. \
Command injection attacks are possible largely due to insufficient input validation. <br/><br/>\
Important Links on Command Injection Vulnerability :<br/>\
<ol> <li> <a href="https://cwe.mitre.org/data/definitions/77.html" target="_blank">CWE-77</a>  \
 <li> <a href="https://owasp.org/www-community/attacks/Command_Injection" target="_blank">Owasp Wiki Link</a> \
</ol>

COMMAND_INJECTION_URL_CONTAINING_IPADDRESS=IP Address is passed in the URL parameter named \"ipaddress\"

#### Attack vectors
COMMAND_INJECTION_URL_PARAM_DIRECTLY_EXECUTED=\"ipaddress\" query param's value is directly executed.
COMMAND_INJECTION_URL_PARAM_DIRECTLY_EXECUTED_IF_SEMICOLON_SPACE_LOGICAL_AND_NOT_PRESENT=\"ipaddress\" query param's value is directly executed if \";\", \"&\" or space characters are not present in it.
COMMAND_INJECTION_URL_PARAM_DIRECTLY_EXECUTED_IF_SEMICOLON_SPACE_LOGICAL_AND_%26_%3B_NOT_PRESENT=\"ipaddress\" query param's value is directly executed if \";\", \"&\", \"%26\", \"%3B\" or space characters are not present in it.
COMMAND_INJECTION_URL_PARAM_DIRECTLY_EXECUTED_IF_SEMICOLON_SPACE_LOGICAL_AND_%26_%3B_CASE_INSENSITIVE_NOT_PRESENT=\"ipaddress\" query param's value is directly executed if \";\", \"&\", \"%26\", \"%3B\", \"%3b\" or space characters are not present in it.
COMMAND_INJECTION_URL_PARAM_DIRECTLY_EXECUTED_IF_SEMICOLON_SPACE_LOGICAL_AND_%26_%3B_%7C_CASE_INSENSITIVE_NOT_PRESENT=\"ipaddress\" query param's value is directly executed if \";\", \"&\", \"%26\", \"%3B\", \"%3b\", \"%7C\", \"%7c\" or space characters are not present in it.


# Local File Injection
URL_BASED_LFI_INJECTION=LFI vulnerabilities allow an attacker to read (and sometimes execute) files on the victim machine.\
 An attacker can use Local File Inclusion (LFI) to trick the web application into exposing or running files on the web server. \
An LFI attack may lead to information disclosure, remote code execution, or even Cross-site Scripting (XSS). \
Typically, LFI occurs when an application uses the path to a file as input. If the application treats this input \ \
as trusted, a local file may be used in the include statement. \
<br/><br/> Important Links on LFI : \
 <ol> \ <li><a href="https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/11.1-Testing_for_Local_File_Inclusion" target="_blank">\
  Testing for Local File Inclusion \</a> \
   <li><a \
       href="https://www.netsparker.com/web-vulnerability-scanner/vulnerabilities/local-file-inclusion/" target="_blank"> \
       Local File Inclusion by netsparker </a> \
 </ol>
LFI_URL_PARAM_BASED_DIRECT_INJECTION=Url Parameter \"fileName\" is directly passed to the include file.
LFI_URL_PARAM_BASED_INJECTION_WITH_VALIDATION_ON_FILE=Url Parameter \"fileName\" is validated and passed to include file.
#### AttackVector description
LFI_URL_DIRECT_INJECTION=If the developer fails to implement sufficient filtering an attacker could exploit the local file \
inclusion vulnerability by replacing the path with another path of a sensitive file such as a password file, allowing \
the attacker to see its content.
LFI_URL_DIRECT_INJECTION_WITH_VALIDATION_ON_FILE=The null character is a control character with the value zero present in \
many character sets that is being used as a reserved character to mark the end of a string. Once used, any character after \
this special byte will be ignored. Commonly the way to inject this character would be with the URL encoded string %00 by \
appending it to the requested path, this would ignore the file's extension being added to the input filename, \
returning to an attacker the file information as a result of a successful exploitation.

# Local File Injection with Null Byte
#URL_WITH_NULL_BYTE_BASED_LFI_INJECTION=Url with Null Byte Injection based Local File Injection attack.
#LFI_URL_PARAM_AND_NULL_BYTE_BASED_DIRECT_INJECTION=Url Parameter \"fileName\" is directly passed to the include file if containing Null Byte.
#LFI_URL_PARAM_BASED_INJECTION_WITH_VALIDATION_ON_FILE=Url Parameter \"fileName\" is validated and passed to include file.

# Remote File Injection
URL_BASED_RFI_INJECTION=Url based Local File Injection attack.
RFI_URL_PARAM_BASED_DIRECT_INJECTION=Url Parameter \"url\" is directly requested and response is appended to the general response.
RFI_URL_PARAM_AND_NULL_BYTE_BASED_DIRECT_INJECTION=Url Parameter \"url\" is directly requested if contains null byte and response is appended to the general response.

# JWT Injection
JWT_INJECTION_VULNERABILITY=JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for \
securely transmitting information between parties as a JSON object. This information can be verified and trusted because \
it is digitally signed.There can be multiple things that can go wrong with the implementation of JWT and that can impact the Authentication or Authorization \
of the application and result in complete compromise of the system. <br/><br/> Important Links on JWT : \
<ol> <li> <a href="https://en.wikipedia.org/wiki/JSON_Web_Token" target="_blank">Wiki Link</a>  \
 <li> <a href="https://jwt.io/introduction/" target="_blank">Jwt.io</a> \
 </ol> Important Links on Vulnerable implementations in JWT : \
 <ol> \ <li><a href="https://tools.ietf.org/html/draft-ietf-oauth-jwt-bcp-06" target="_blank">JSON Web Token Best \
      Current Practices(ieft document)</a> \
   <li><a \
       href="https://cheatsheetseries.owasp.org/cheatsheets/JSON_Web_Token_Cheat_Sheet_for_Java.html" target="_blank"> \
       OWASP cheatsheet for vulnerabilities in JWT implementation </a> \
   <li><a href="https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries" target="_blank">For \
       server side vulnerabilities in JWT implementations</a> \
 </ol>
URL_CONTAINING_JWT_TOKEN=JWT Token is passed in the URL parameter named \"JWTToken\"
COOKIE_CONTAINING_JWT_TOKEN=JWT Token is passed in the Cookie key named \"JWTToken\"

#### AttackVector description
JWT_URL_EXPOSING_SECURE_INFORMATION=The request contains JWT token which is leaked in the URL. This can violate PCI and most organizational compliance policies.
COOKIE_CONTAINING_JWT_TOKEN_SECURITY_ATTRIBUTES_MISSING=Cookie based JWT token but without Secure/HttpOnly flags and also without cookie prefixes.
COOKIE_WITH_HTTPONLY_WITHOUT_SECURE_FLAG_BASED_JWT_VULNERABILITY=Cookie based JWT token but with HttpOnly flag but without Secure flag and also without cookie prefixes.
COOKIE_BASED_LOW_KEY_STRENGTH_JWT_VULNERABILITY=Cookie based JWT token signed using Weak key vulnerability.
COOKIE_BASED_NULL_BYTE_JWT_VULNERABILITY=Cookie based Null byte vulnerable JWT token validator.
COOKIE_BASED_NONE_ALGORITHM_JWT_VULNERABILITY=Cookie based None algorithm vulnerable JWT token validator.
COOKIE_BASED_KEY_CONFUSION_JWT_VULNERABILITY=Cookie based JWT token with Key confusion vulnerability.
COOKIE_BASED_FOR_JWK_HEADER_BASED_JWT_VULNERABILITY=Cookie based JWT token validator vulnerable to trusting JWK field without checking if public key provided is present in truststore or not. 
COOKIE_BASED_EMPTY_TOKEN_JWT_VULNERABILITY=Cookie based JWT token, vulnerable to empty token vulnerability attack.



# SQL Injection Vulnerability
SQL_INJECTION_VULNERABILITY=A SQL injection attack consists of insertion or "injection" of a SQL query via the input data \
from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), \
execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present \
on the DBMS file system and in some cases issue commands to the operating system. SQL injection attacks are a type of injection attack, \
in which SQL commands are injected into data-plane input in order to effect the execution of predefined SQL commands. <br\> \
Important Links on SQLInjection : \
<ol> <li> <a href="https://en.wikipedia.org/wiki/SQL_injection" target="_blank">Wiki Link</a>  \
 <li> <a href="https://owasp.org/www-community/attacks/SQL_Injection" target="_blank">Owasp SQLInjection</a> \
 <li> <a href="https://www.youtube.com/watch?v=WkHkryIoLD0" target="_blank">Joe McCray talk on SQLInjection</a>\
 <li> <a href="https://www.netsparker.com/blog/web-security/sql-injection-cheat-sheet/" target="_blank">SQL Injection cheat sheet by netsparker</a>\
 </ol> <br/><br/>\ Important Links on Prevention techniques : \
 <ol> \ <li><a href="https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html" target="_blank">Owasp Prevention cheatsheet</a> \
   <li><a \
       href="https://www.websec.ca/kb/sql_injection" target="_blank"> \
       SQL Injection knowledge base </a> \
 </ol>
URL_CONTAINING_CAR_ID_PARAMETER=Car Id is passed as a URL Query Parameter named \"id\"

#### AttackVector description
ERROR_SQL_INJECTION_URL_PARAM_APPENDED_DIRECTLY_TO_QUERY=Query param is directly appended to the SQL Query causing exception in certain scenarios\
 and hence exposes the application data.
ERROR_SQL_INJECTION_URL_PARAM_WRAPPED_WITH_SINGLE_QUOTE_APPENDED_TO_QUERY=Query param is wrapped around "'" and then appended to the SQL Query causing exception in certain scenarios\
 and hence exposes the application data.
ERROR_SQL_INJECTION_URL_PARAM_REMOVES_SINGLE_QUOTE_WRAPPED_WITH_SINGLE_QUOTE_APPENDED_TO_QUERY=Single Quote is removed from Query param and then appended to SQL Query by wrapping\
 with "'".
ERROR_SQL_INJECTION_URL_PARAM_APPENDED_TO_PARAMETERIZED_QUERY=Query param is appended directly to the SQL Query and then a parameterized query is formed. This is to depict that\
 proper usage of PreparedStatement is important.
 
UNION_SQL_INJECTION_URL_PARAM_APPENDED_DIRECTLY_TO_QUERY=Query param is directly appended to the Query and hence \"Union\" keyword can be used to club the results and\
extract the application data.
UNION_SQL_INJECTION_URL_PARAM_WRAPPED_WITH_SINGLE_QUOTE_APPENDED_TO_QUERY=Query param is wrapped around "'" and then appended to the Query and hence \"Union\" keyword can be used to club the results and\
extract the application data.
UNION_SQL_INJECTION_URL_PARAM_REMOVES_SINGLE_QUOTE_WITH_SINGLE_QUOTE_APPENDED_TO_QUERY=Single Quote is removed from Query param and then appended to SQL Query by wrapping around "'"\
 hence \"Union\" keyword can be used to club the results and extract the application data.
 
BLIND_SQL_INJECTION_URL_PARAM_APPENDED_DIRECTLY_TO_QUERY=Query param is directly appended to the Query hence Query can be manipulated.
BLIND_SQL_INJECTION_URL_PARAM_WRAPPED_WITH_SINGLE_QUOTE_APPENDED_TO_QUERY=Query param is wrapped around "'" and then appended to the SQL Query hence query can be manipulated.