diff --git a/.github/workflows/run-tests.yml b/.github/workflows/run-tests.yml index f86c1aec..8adbc88c 100644 --- a/.github/workflows/run-tests.yml +++ b/.github/workflows/run-tests.yml @@ -2,7 +2,7 @@ name: Run Tests on: pull_request: branches: - - main + - '**' permissions: contents: read actions: read diff --git a/README.md b/README.md index a4cb03de..f0b6ef24 100644 --- a/README.md +++ b/README.md @@ -6,13 +6,22 @@ - [Strict Mode](#strict-mode) - [API](#api) - [Interfaces](#interfaces) - - [Module `schemaTests.js`](#module-schematestsjs) - - [Module `mandatoryTests.js`](#module-mandatorytestsjs) - - [Module `optionalTests.js`](#module-optionaltestsjs) - - [Module `informativeTests.js`](#module-informativetestsjs) - - [Module `basic.js`](#module-basicjs) - - [Module `extended.js`](#module-extendedjs) - - [Module `full.js`](#module-fulljs) + - CSAF 2.0 + - [Module `schemaTests.js`](#module-schematestsjs) + - [Module `mandatoryTests.js`](#module-mandatorytestsjs) + - [Module `optionalTests.js`](#module-optionaltestsjs) + - [Module `informativeTests.js`](#module-informativetestsjs) + - [Module `basic.js`](#module-basicjs) + - [Module `extended.js`](#module-extendedjs) + - [Module `full.js`](#module-fulljs) + - CSAF 2.1 + - [Module `csaf_2_1/schemaTests.js`](#module-csaf_2_1schematestsjs) + - [Module `csaf_2_1/mandatoryTests.js`](#module-csaf_2_1mandatorytestsjs) + - [Module `csaf_2_1/optionalTests.js`](#module-csaf_2_1optionaltestsjs) + - [Module `csaf_2_1/informativeTests.js`](#module-csaf_2_1informativetestsjs) + - [Module `csaf_2_1/basic.js`](#module-csaf_2_1basicjs) + - [Module `csaf_2_1/extended.js`](#module-csaf_2_1extendedjs) + - [Module `csaf_2_1/full.js`](#module-csaf_2_1fulljs) - [Module `validate.js`](#module-validatejs) - [Module `validateStrict.js`](#module-validatestrictjs) - [Module `strip.js`](#module-stripjs) @@ -37,6 +46,7 @@ After that you can reference the modules from within your JavaScript application There is an [official package](https://www.npmjs.com/package/@secvisogram/csaf-validator-lib) in the npm registry. You can add it to your project using the following command: + ```sh npm install @secvisogram/csaf-validator-lib ``` @@ -52,30 +62,33 @@ You can also include this library as a subtree in your repository. ``` - install dependencies + ```sh cd csaf-validator-lib && npm ci --prod ``` -- This repository includes git submodules. Make sure to initialize and update +- This repository includes git submodules. Make sure to initialize and update the submodules before you start working with the repository. + ```sh git submodule update --init --recursive ``` -- For test 6.3.8 an installation of hunspell as well as all languages that +- For test 6.3.8 an installation of hunspell as well as all languages that you want to spell check is required. ### Managing Hunspell languages A CSAF Document can contain a [language](https://docs.oasis-open.org/csaf/csaf/v2.0/cs02/csaf-v2.0-cs02.html#3216-document-property---language). For example, valid entries could be `en` or `en-US`. When running test 6.3.8 we -try to match this language to the list of installed hunspell languages. If the +try to match this language to the list of installed hunspell languages. If the region is specified (like in `en-US`) and the corresponding language is installed the test will run. If you want/need to check a `en` language specifically with `en-US` (or any other variant) you need to make sure that you link `en` to `en-US` using a symlink. Example of linking `en` to `en-US`: + ```sh ln -s /usr/share/hunspell/en_US.aff /usr/share/hunspell/en.aff ln -s /usr/share/hunspell/en_US.dic /usr/share/hunspell/en.dic @@ -83,9 +96,9 @@ ln -s /usr/share/hunspell/en_US.dic /usr/share/hunspell/en.dic You can find out what languages you have installed by running `hunspell -D`. -If you need additional languages they are most likely available in the +If you need additional languages they are most likely available in the repository of your distribution. If you have a custom dictionary -copy them in the directory provided by the command above. Hunspell should +copy them in the directory provided by the command above. Hunspell should automatically recognize them. [(back to top)](#bsi-csaf-validator-lib) @@ -117,7 +130,7 @@ automatically recognize them. The library has two validate functions, `validate` and `validateStrict`. `validateStrict` checks whether the test that should be executed was defined in the library. Otherwise, it throws an error. To extend the library you can use -the `validate` function instead. In such case, **the calling function is +the `validate` function instead. In such case, **the calling function is responsible for checking** whether the test function passed to the `csaf-validator-lib` is benign. **Calling arbitrary** functions (especially those resulting from user input) may result in a **code execution @@ -127,9 +140,9 @@ To proceed this dangerous path, use the `validate` function. [(back to top)](#bsi-csaf-validator-lib) -### API +## API -#### Interfaces +### Interfaces ```typescript interface Result { @@ -159,6 +172,8 @@ type DocumentTest = (doc: any) => TestResult | Promise [(back to top)](#bsi-csaf-validator-lib) +### CSAF 2.0 + #### Module `schemaTests.js` ```typescript @@ -281,19 +296,143 @@ This module exports all tests included in `extended.js` and all informative test [(back to top)](#bsi-csaf-validator-lib) -#### Module `validate.js` +### CSAF 2.1 + +#### Module `csaf_2_1/schemaTests.js` + +```typescript +export const csaf_2_0_strict: DocumentTest +export const csaf_2_0: DocumentTest +``` + +[(back to top)](#bsi-csaf-validator-lib) + +#### Module `csaf_2_1/mandatoryTests.js` + +```typescript +export const mandatoryTest_6_1_1: DocumentTest +export const mandatoryTest_6_1_2: DocumentTest +export const mandatoryTest_6_1_3: DocumentTest +export const mandatoryTest_6_1_4: DocumentTest +export const mandatoryTest_6_1_5: DocumentTest +export const mandatoryTest_6_1_6: DocumentTest +export const mandatoryTest_6_1_7: DocumentTest +export const mandatoryTest_6_1_8: DocumentTest +export const mandatoryTest_6_1_9: DocumentTest +export const mandatoryTest_6_1_10: DocumentTest +export const mandatoryTest_6_1_11: DocumentTest +export const mandatoryTest_6_1_12: DocumentTest +export const mandatoryTest_6_1_13: DocumentTest +export const mandatoryTest_6_1_14: DocumentTest +export const mandatoryTest_6_1_15: DocumentTest +export const mandatoryTest_6_1_16: DocumentTest +export const mandatoryTest_6_1_17: DocumentTest +export const mandatoryTest_6_1_18: DocumentTest +export const mandatoryTest_6_1_19: DocumentTest +export const mandatoryTest_6_1_20: DocumentTest +export const mandatoryTest_6_1_21: DocumentTest +export const mandatoryTest_6_1_22: DocumentTest +export const mandatoryTest_6_1_23: DocumentTest +export const mandatoryTest_6_1_24: DocumentTest +export const mandatoryTest_6_1_25: DocumentTest +export const mandatoryTest_6_1_26: DocumentTest +export const mandatoryTest_6_1_27_1: DocumentTest +export const mandatoryTest_6_1_27_2: DocumentTest +export const mandatoryTest_6_1_27_3: DocumentTest +export const mandatoryTest_6_1_27_4: DocumentTest +export const mandatoryTest_6_1_27_5: DocumentTest +export const mandatoryTest_6_1_27_6: DocumentTest +export const mandatoryTest_6_1_27_7: DocumentTest +export const mandatoryTest_6_1_27_8: DocumentTest +export const mandatoryTest_6_1_27_9: DocumentTest +export const mandatoryTest_6_1_27_10: DocumentTest +export const mandatoryTest_6_1_27_11: DocumentTest +export const mandatoryTest_6_1_28: DocumentTest +export const mandatoryTest_6_1_29: DocumentTest +export const mandatoryTest_6_1_30: DocumentTest +export const mandatoryTest_6_1_31: DocumentTest +export const mandatoryTest_6_1_32: DocumentTest +export const mandatoryTest_6_1_33: DocumentTest +``` + +[(back to top)](#bsi-csaf-validator-lib) + +#### Module `csaf_2_1/optionalTests.js` + +```typescript +export const optionalTest_6_2_1: DocumentTest +export const optionalTest_6_2_2: DocumentTest +export const optionalTest_6_2_3: DocumentTest +export const optionalTest_6_2_4: DocumentTest +export const optionalTest_6_2_5: DocumentTest +export const optionalTest_6_2_6: DocumentTest +export const optionalTest_6_2_7: DocumentTest +export const optionalTest_6_2_8: DocumentTest +export const optionalTest_6_2_9: DocumentTest +export const optionalTest_6_2_10: DocumentTest +export const optionalTest_6_2_11: DocumentTest +export const optionalTest_6_2_12: DocumentTest +export const optionalTest_6_2_13: DocumentTest +export const optionalTest_6_2_14: DocumentTest +export const optionalTest_6_2_15: DocumentTest +export const optionalTest_6_2_16: DocumentTest +export const optionalTest_6_2_17: DocumentTest +export const optionalTest_6_2_18: DocumentTest +export const optionalTest_6_2_19: DocumentTest +export const optionalTest_6_2_20: DocumentTest +``` + +[(back to top)](#bsi-csaf-validator-lib) + +#### Module `csaf_2_1/informativeTests.js` + +```typescript +export const informativeTest_6_3_1: DocumentTest +export const informativeTest_6_3_2: DocumentTest +export const informativeTest_6_3_3: DocumentTest +export const informativeTest_6_3_4: DocumentTest +export const informativeTest_6_3_5: DocumentTest +export const informativeTest_6_3_6: DocumentTest +export const informativeTest_6_3_7: DocumentTest +export const informativeTest_6_3_8: DocumentTest +export const informativeTest_6_3_9: DocumentTest +export const informativeTest_6_3_10: DocumentTest +export const informativeTest_6_3_11: DocumentTest +``` + +[(back to top)](#bsi-csaf-validator-lib) + +#### Module `csaf_2_1/basic.js` + +This module exports the strict schema test and all mandatory tests except `6.1.8`. + +[(back to top)](#bsi-csaf-validator-lib) + +#### Module `csaf_2_1/extended.js` + +This module exports all tests included in `basic.js` and all optional tests. + +[(back to top)](#bsi-csaf-validator-lib) + +#### Module `csaf_2_1/full.js` + +This module exports all tests included in `extended.js` and all informative tests. + +[(back to top)](#bsi-csaf-validator-lib) + +### Module `validate.js` This function validates the given document against the given tests. -#### Module `validateStrict.js` +### Module `validateStrict.js` -This function validates the given document against the given tests. It throws +This function validates the given document against the given tests. It throws an error if an unknown test function was passed. See [Strict Mode](#strict-mode) for more details. [(back to top)](#bsi-csaf-validator-lib) -#### Module `strip.js` +### Module `strip.js` This function strips empty nodes and nodes with errors. The `strict` option (default `true`) throws an error if an unknown test function was passed. See [Strict Mode](#strict-mode) for more details. @@ -316,7 +455,7 @@ export default StripFn [(back to top)](#bsi-csaf-validator-lib) -#### Module `cwe.js` +### Module `cwe.js` ```typescript export const weaknesses: Array<{ id: string; name: string }> diff --git a/csaf_2_1/basic.js b/csaf_2_1/basic.js new file mode 100644 index 00000000..bea4d692 --- /dev/null +++ b/csaf_2_1/basic.js @@ -0,0 +1,46 @@ +export { csaf_2_0_strict } from '../schemaTests.js' +export { + mandatoryTest_6_1_1, + mandatoryTest_6_1_2, + mandatoryTest_6_1_3, + mandatoryTest_6_1_4, + mandatoryTest_6_1_5, + mandatoryTest_6_1_6, + mandatoryTest_6_1_7, + // Mandatory Test 6.1.8 skipped since included in schema tests + mandatoryTest_6_1_9, + mandatoryTest_6_1_10, + mandatoryTest_6_1_11, + mandatoryTest_6_1_12, + mandatoryTest_6_1_13, + mandatoryTest_6_1_14, + mandatoryTest_6_1_15, + mandatoryTest_6_1_16, + mandatoryTest_6_1_17, + mandatoryTest_6_1_18, + mandatoryTest_6_1_19, + mandatoryTest_6_1_20, + mandatoryTest_6_1_21, + mandatoryTest_6_1_22, + mandatoryTest_6_1_23, + mandatoryTest_6_1_24, + mandatoryTest_6_1_25, + mandatoryTest_6_1_26, + mandatoryTest_6_1_27_1, + mandatoryTest_6_1_27_2, + mandatoryTest_6_1_27_3, + mandatoryTest_6_1_27_4, + mandatoryTest_6_1_27_5, + mandatoryTest_6_1_27_6, + mandatoryTest_6_1_27_7, + mandatoryTest_6_1_27_8, + mandatoryTest_6_1_27_9, + mandatoryTest_6_1_27_10, + mandatoryTest_6_1_27_11, + mandatoryTest_6_1_28, + mandatoryTest_6_1_29, + mandatoryTest_6_1_30, + mandatoryTest_6_1_31, + mandatoryTest_6_1_32, + mandatoryTest_6_1_33, +} from '../mandatoryTests.js' diff --git a/csaf_2_1/extended.js b/csaf_2_1/extended.js new file mode 100644 index 00000000..d83e0ac0 --- /dev/null +++ b/csaf_2_1/extended.js @@ -0,0 +1,2 @@ +export * from './basic.js' +export * from './optionalTests.js' diff --git a/csaf_2_1/full.js b/csaf_2_1/full.js new file mode 100644 index 00000000..354517b9 --- /dev/null +++ b/csaf_2_1/full.js @@ -0,0 +1,2 @@ +export * from './extended.js' +export * from './informativeTests.js' diff --git a/csaf_2_1/informativeTests.js b/csaf_2_1/informativeTests.js new file mode 100644 index 00000000..3c193ad2 --- /dev/null +++ b/csaf_2_1/informativeTests.js @@ -0,0 +1,13 @@ +export { + informativeTest_6_3_1, + informativeTest_6_3_2, + informativeTest_6_3_3, + informativeTest_6_3_4, + informativeTest_6_3_5, + informativeTest_6_3_6, + informativeTest_6_3_7, + informativeTest_6_3_8, + informativeTest_6_3_9, + informativeTest_6_3_10, + informativeTest_6_3_11, +} from '../informativeTests.js' diff --git a/csaf_2_1/mandatoryTests.js b/csaf_2_1/mandatoryTests.js new file mode 100644 index 00000000..38d1bd4b --- /dev/null +++ b/csaf_2_1/mandatoryTests.js @@ -0,0 +1,47 @@ +export { + mandatoryTest_6_1_2, + mandatoryTest_6_1_3, + mandatoryTest_6_1_4, + mandatoryTest_6_1_5, + mandatoryTest_6_1_6, + mandatoryTest_6_1_7, + mandatoryTest_6_1_9, + mandatoryTest_6_1_10, + mandatoryTest_6_1_12, + mandatoryTest_6_1_13, + mandatoryTest_6_1_14, + mandatoryTest_6_1_15, + mandatoryTest_6_1_16, + mandatoryTest_6_1_17, + mandatoryTest_6_1_18, + mandatoryTest_6_1_19, + mandatoryTest_6_1_20, + mandatoryTest_6_1_21, + mandatoryTest_6_1_22, + mandatoryTest_6_1_23, + mandatoryTest_6_1_24, + mandatoryTest_6_1_25, + mandatoryTest_6_1_26, + mandatoryTest_6_1_27_1, + mandatoryTest_6_1_27_2, + mandatoryTest_6_1_27_3, + mandatoryTest_6_1_27_4, + mandatoryTest_6_1_27_5, + mandatoryTest_6_1_27_6, + mandatoryTest_6_1_27_7, + mandatoryTest_6_1_27_8, + mandatoryTest_6_1_27_9, + mandatoryTest_6_1_27_10, + mandatoryTest_6_1_27_11, + mandatoryTest_6_1_28, + mandatoryTest_6_1_29, + mandatoryTest_6_1_30, + mandatoryTest_6_1_31, + mandatoryTest_6_1_32, + mandatoryTest_6_1_33, +} from '../mandatoryTests.js' +export { mandatoryTest_6_1_1 } from './mandatoryTests/mandatoryTest_6_1_1.js' +export { mandatoryTest_6_1_8 } from './mandatoryTests/mandatoryTest_6_1_8.js' +export { mandatoryTest_6_1_11 } from './mandatoryTests/mandatoryTest_6_1_11.js' +export { mandatoryTest_6_1_34 } from './mandatoryTests/mandatoryTest_6_1_34.js' +export { mandatoryTest_6_1_35 } from './mandatoryTests/mandatoryTest_6_1_35.js' diff --git a/csaf_2_1/mandatoryTests/mandatoryTest_6_1_1.js b/csaf_2_1/mandatoryTests/mandatoryTest_6_1_1.js new file mode 100644 index 00000000..f2523632 --- /dev/null +++ b/csaf_2_1/mandatoryTests/mandatoryTest_6_1_1.js @@ -0,0 +1,278 @@ +import * as docUtils from '../../lib/mandatoryTests/shared/docUtils.js' + +const { collectProductIds } = docUtils + +/** + * @typedef {Object} FullProductName + * @property {string} name + * @property {string} product_id + */ + +/** + * @typedef {Object} Branch + * @property {Array} branches + * @property {FullProductName} product + */ + +/** + * @param {any} doc + */ +export function mandatoryTest_6_1_1(doc) { + /** @type {Array<{ message: string; instancePath: string }>} */ + const errors = [] + let isValid = true + + const productIds = collectProductIds({ document: doc }) + const productIdRefs = collectProductIdRefs({ document: doc }) + const missingProductDefinitions = findMissingDefinitions( + productIds, + productIdRefs + ) + if (missingProductDefinitions.length > 0) { + isValid = false + missingProductDefinitions.forEach((missingProductDefinition) => { + errors.push({ + message: 'definition of product id missing', + instancePath: missingProductDefinition.instancePath, + }) + }) + } + return { isValid, errors } +} + +/** + * This method collects references to product ids and corresponding instancePaths in the given document and returns a result object. + * @param {any} document + * @returns {{id: string, instancePath: string}[]} + */ +function collectProductIdRefs({ document }) { + const entries = /** @type {{id: string, instancePath: string}[]} */ ([]) + + const productGroups = document.product_tree?.product_groups + if (productGroups) { + for (let i = 0; i < productGroups.length; ++i) { + const productGroup = productGroups[i] + const productIds = productGroup.product_ids + if (productIds) { + for (let j = 0; j < productIds.length; ++j) { + const productId = productIds[j] + if (productId) { + entries.push({ + id: productId, + instancePath: `/product_tree/product_groups/${i}/product_ids/${j}`, + }) + } + } + } + } + } + + const relationshipGroups = document.product_tree?.relationships + if (relationshipGroups) { + for (let i = 0; i < relationshipGroups.length; ++i) { + const relationshipGroup = relationshipGroups[i] + const productRef = relationshipGroup.product_reference + if (productRef) { + entries.push({ + id: productRef, + instancePath: `/product_tree/relationships/${i}/product_reference`, + }) + } + const relToProductRef = relationshipGroup.relates_to_product_reference + if (relToProductRef) { + entries.push({ + id: relToProductRef, + instancePath: `/product_tree/relationships/${i}/relates_to_product_reference`, + }) + } + } + } + + const vulnerabilities = document.vulnerabilities + if (vulnerabilities) { + for (let i = 0; i < vulnerabilities.length; ++i) { + const vulnerability = vulnerabilities[i] + collectRefsInProductStatus( + `/vulnerabilities/${i}/product_status`, + vulnerability, + entries + ) + collectProductRefsInRemediations( + `/vulnerabilities/${i}/remediations`, + vulnerability, + entries + ) + collectRefsInMetrics( + `/vulnerabilities/${i}/metrics`, + vulnerability, + entries + ) + collectProductRefsInThreats( + `/vulnerabilities/${i}/threats`, + vulnerability, + entries + ) + } + } + + return entries +} + +/** + * @param {string} instancePath + * @param {{product_status: any}} vulnerability + * @param {*} entries + */ +const collectRefsInProductStatus = (instancePath, vulnerability, entries) => { + findRefsInProductStatus( + vulnerability.product_status?.first_affected, + `${instancePath}/first_affected`, + entries + ) + findRefsInProductStatus( + vulnerability.product_status?.first_fixed, + `${instancePath}/first_fixed`, + entries + ) + findRefsInProductStatus( + vulnerability.product_status?.fixed, + `${instancePath}/fixed`, + entries + ) + findRefsInProductStatus( + vulnerability.product_status?.known_affected, + `${instancePath}/known_affected`, + entries + ) + findRefsInProductStatus( + vulnerability.product_status?.known_not_affected, + `${instancePath}/known_not_affected`, + entries + ) + findRefsInProductStatus( + vulnerability.product_status?.last_affected, + `${instancePath}/last_affected`, + entries + ) + findRefsInProductStatus( + vulnerability.product_status?.recommended, + `${instancePath}/recommended`, + entries + ) + findRefsInProductStatus( + vulnerability.product_status?.under_investigation, + `${instancePath}/under_investigation`, + entries + ) +} + +/** + * @param {string[]} refs + * @param {string} instancePath + * @param {{id: string, instancePath: string}[]} entries + */ +const findRefsInProductStatus = (refs, instancePath, entries) => { + if (refs) { + for (let i = 0; i < refs.length; ++i) { + const ref = refs[i] + if (ref) { + entries.push({ + id: ref, + instancePath: `${instancePath}/${i}`, + }) + } + } + } +} + +/** + * @param {string} instancePath + * @param {{threats: any}} vulnerability + * @param {*} entries + */ +const collectProductRefsInThreats = (instancePath, vulnerability, entries) => { + const threats = vulnerability.threats + if (threats) { + for (let i = 0; i < threats.length; ++i) { + const threat = threats[i] + const productIds = threat.product_ids + if (productIds) { + for (let j = 0; j < productIds.length; ++j) { + const productId = productIds[j] + if (productId) { + entries.push({ + id: productId, + instancePath: `${instancePath}/${i}/product_ids/${j}`, + }) + } + } + } + } + } +} + +/** + * @param {string} instancePath + * @param {{metrics: any}} vulnerability + * @param {*} entries + */ +const collectRefsInMetrics = (instancePath, vulnerability, entries) => { + const metrics = vulnerability.metrics + if (metrics) { + for (let i = 0; i < metrics.length; ++i) { + const metric = metrics[i] + const products = metric.products + if (products) { + for (let j = 0; j < products.length; ++j) { + const productId = products[j] + if (productId) { + entries.push({ + id: productId, + instancePath: `${instancePath}/${i}/products/${j}`, + }) + } + } + } + } + } +} + +/** + * @param {string} instancePath + * @param {{remediations: any}} vulnerability + * @param {*} entries + */ +const collectProductRefsInRemediations = ( + instancePath, + vulnerability, + entries +) => { + const remediations = vulnerability.remediations + if (remediations) { + for (let i = 0; i < remediations.length; ++i) { + const remediation = remediations[i] + const productIds = remediation.product_ids + if (productIds) { + for (let j = 0; j < productIds.length; ++j) { + const productId = productIds[j] + if (productId) { + entries.push({ + id: productId, + instancePath: `${instancePath}/${i}/product_ids/${j}`, + }) + } + } + } + } + } +} + +/** + * @param {{id: string}[]} entries + * @param {{id: string, instancePath: string}[]} refs + */ +const findMissingDefinitions = (entries, refs) => { + return refs.filter( + (ref) => entries.find((e) => e.id === ref.id) === undefined + ) +} diff --git a/csaf_2_1/mandatoryTests/mandatoryTest_6_1_11.js b/csaf_2_1/mandatoryTests/mandatoryTest_6_1_11.js new file mode 100644 index 00000000..c0f3d920 --- /dev/null +++ b/csaf_2_1/mandatoryTests/mandatoryTest_6_1_11.js @@ -0,0 +1,96 @@ +import Ajv from 'ajv/dist/jtd.js' +import { cwecMap } from '../../lib/cwec.js' + +const ajv = new Ajv() + +/* + This is the jtd schema that needs to match the input document so that the + test is activated. If this schema doesn't match it normally means that the input + document does not validate against the csaf json schema or optional fields that + the test checks are not present. + */ +const inputSchema = /** @type {const} */ ({ + additionalProperties: true, + properties: { + vulnerabilities: { + elements: { + additionalProperties: true, + properties: { + cwes: { + elements: { + additionalProperties: true, + properties: {}, + }, + }, + }, + }, + }, + }, +}) + +const validateInput = ajv.compile(inputSchema) + +const cweSchema = /** @type {const} */ ({ + additionalProperties: true, + properties: { + id: { type: 'string' }, + version: { type: 'string' }, + name: { type: 'string' }, + }, +}) + +const validateCWE = ajv.compile(cweSchema) + +/** + * This implements the mandatory test 6.1.11 of the CSAF 2.1 standard. + * + * @param {any} doc + */ +export async function mandatoryTest_6_1_11(doc) { + /** @type {Array<{ message: string; instancePath: string }>} */ + const errors = [] + let isValid = true + + if (!validateInput(doc)) { + return { errors, isValid } + } + + for (let i = 0; i < doc.vulnerabilities.length; ++i) { + const vulnerability = doc.vulnerabilities[i] + for (let j = 0; j < vulnerability.cwes.length; ++j) { + const cwe = vulnerability.cwes.at(i) + if (validateCWE(cwe)) { + const cwec = cwecMap.get(cwe.version) + if (!cwec) { + isValid = false + errors.push({ + instancePath: `/vulnerabilities/${i}/cwes/${j}/version`, + message: 'no such cwe version is recognized', + }) + continue + } + const entry = (await cwec()).default.weaknesses.find( + (w) => w.id === cwe.id + ) + if (!entry) { + isValid = false + errors.push({ + instancePath: `/vulnerabilities/${i}/cwes/${j}/id`, + message: `no weakness with this id is recognized in CWE ${cwe.version}`, + }) + continue + } + if (entry.name !== cwe.name) { + isValid = false + errors.push({ + instancePath: `/vulnerabilities/${i}/cwes/${j}/name`, + message: 'the name does not match the weakness with the given id', + }) + continue + } + } + } + } + + return { isValid, errors } +} diff --git a/csaf_2_1/mandatoryTests/mandatoryTest_6_1_34.js b/csaf_2_1/mandatoryTests/mandatoryTest_6_1_34.js new file mode 100644 index 00000000..3fcef2d6 --- /dev/null +++ b/csaf_2_1/mandatoryTests/mandatoryTest_6_1_34.js @@ -0,0 +1,85 @@ +import Ajv from 'ajv/dist/jtd.js' + +/* + The maximum allowed nesting level of branches. + */ +const MAX_DEPTH = 30 + +const ajv = new Ajv() + +const branchSchema = /** @type {const} */ ({ + additionalProperties: true, + optionalProperties: { + branches: { + elements: { + additionalProperties: true, + properties: {}, + }, + }, + }, +}) + +const validateBranch = ajv.compile(branchSchema) + +/* + This is the jtd schema that needs to match the input document so that the + test is activated. If this schema doesn't match it normally means that the input + document does not validate against the csaf json schema or optional fields that + the test checks are not present. + */ +const inputSchema = /** @type {const} */ ({ + additionalProperties: true, + properties: { + product_tree: branchSchema, + }, +}) + +const validate = ajv.compile(inputSchema) + +/** + * This implements the mandatory test 6.1.34 of the CSAF 2.1 standard. + * + * @param {any} doc + */ +export function mandatoryTest_6_1_34(doc) { + /* + The `ctx` variable holds the state that is accumulated during the test ran and is + finally returned by the function. + */ + const ctx = { + errors: + /** @type {Array<{ instancePath: string; message: string }>} */ ([]), + isValid: true, + } + + if (!validate(doc)) { + return ctx + } + + /** + * This recursive function checks if the given branch is too deep. A maximum of 30 + * levels is allowed. + * + * @param {import('./mandatoryTest_6_1_34/types').TypeOf} branch + * @param {string} prefix The json path to the given branch. + * Is used to generate the error messages. + */ + const checkBranch = (branch, prefix, count = 0) => { + if (!branch.branches?.length && count > MAX_DEPTH) { + ctx.isValid = false + ctx.errors.push({ + instancePath: prefix, + message: `branch structure nesting exceeds ${MAX_DEPTH} branches (it is ${count} levels deep)`, + }) + return + } + branch.branches?.forEach((branch, index) => { + if (!validateBranch(branch)) return + checkBranch(branch, `${prefix}/branches/${index}`, count + 1) + }) + } + + checkBranch(doc.product_tree, '/product_tree') + + return ctx +} diff --git a/csaf_2_1/mandatoryTests/mandatoryTest_6_1_34/types.ts b/csaf_2_1/mandatoryTests/mandatoryTest_6_1_34/types.ts new file mode 100644 index 00000000..291b2d19 --- /dev/null +++ b/csaf_2_1/mandatoryTests/mandatoryTest_6_1_34/types.ts @@ -0,0 +1,3 @@ +import { ValidateFunction } from 'ajv' + +export type TypeOf = T extends ValidateFunction ? R : never diff --git a/csaf_2_1/mandatoryTests/mandatoryTest_6_1_35.js b/csaf_2_1/mandatoryTests/mandatoryTest_6_1_35.js new file mode 100644 index 00000000..b74c95f0 --- /dev/null +++ b/csaf_2_1/mandatoryTests/mandatoryTest_6_1_35.js @@ -0,0 +1,209 @@ +import Ajv from 'ajv/dist/jtd.js' + +const ajv = new Ajv() + +/** + * @typedef {'workaround' + * | 'mitigation' + * | 'vendor_fix' + * | 'optional_patch' + * | 'none_available' + * | 'fix_planned' + * | 'no_fix_planned'} Category + */ + +/** + * This map holds prohibited category combinations. + * See https://github.com/oasis-tcs/csaf/blob/master/csaf_2.1/prose/share/csaf-v2.1-draft.md#324131-vulnerabilities-property---remediations---category- + * + * @type {Map>} + */ +const prohibitionRuleMap = new Map( + /** @satisfies {Array<[Category, Category[]]>} */ ([ + ['workaround', ['optional_patch', 'none_available']], + ['mitigation', ['optional_patch', 'none_available']], + [ + 'vendor_fix', + ['optional_patch', 'none_available', 'fix_planned', 'no_fix_planned'], + ], + [ + 'optional_patch', + [ + 'workaround', + 'mitigation', + 'vendor_fix', + 'none_available', + 'fix_planned', + 'no_fix_planned', + ], + ], + [ + 'none_available', + [ + 'workaround', + 'mitigation', + 'vendor_fix', + 'optional_patch', + 'fix_planned', + 'no_fix_planned', + ], + ], + [ + 'fix_planned', + ['vendor_fix', 'optional_patch', 'none_available', 'no_fix_planned'], + ], + [ + 'no_fix_planned', + ['vendor_fix', 'optional_patch', 'none_available', 'fix_planned'], + ], + ]).map((e) => [e[0], new Set(e[1])]) +) + +const remediationSchema = /** @type {const} */ ({ + additionalProperties: true, + optionalProperties: { + group_ids: { + elements: { + type: 'string', + }, + }, + product_ids: { + elements: { + type: 'string', + }, + }, + category: { type: 'string' }, + }, +}) + +/* + This is the jtd schema that needs to match the input document so that the + test is activated. If this schema doesn't match it normally means that the input + document does not validate against the csaf json schema or optional fields that + the test checks are not present. + */ +const inputSchema = /** @type {const} */ ({ + additionalProperties: true, + optionalProperties: { + product_tree: { + additionalProperties: true, + optionalProperties: { + product_groups: { + elements: { + additionalProperties: true, + optionalProperties: { + group_id: { type: 'string' }, + product_ids: { + elements: { + type: 'string', + }, + }, + }, + }, + }, + }, + }, + }, + properties: { + vulnerabilities: { + elements: { + additionalProperties: true, + optionalProperties: { + remediations: { + elements: remediationSchema, + }, + }, + }, + }, + }, +}) + +const validate = ajv.compile(inputSchema) + +/** + * This implements the mandatory test of the CSAF 2.1 standard. + * + * @param {any} doc + */ +export function mandatoryTest_6_1_35(doc) { + /* + The `ctx` variable holds the state that is accumulated during the test ran and is + finally returned by the function. + */ + const ctx = { + /** @type {Array<{ instancePath: string; message: string }>} */ + errors: [], + isValid: true, + } + + if (!validate(doc)) { + return ctx + } + + for (const [vulnerabilityIndex, vulnerability] of Object.entries( + doc.vulnerabilities + )) { + /** + * This map holds all discovered product ids and maps them to the set of corresponding + * remediation categories. Later we can check this map to find out if there are any + * contradicting remediations. + * + * @type {Map>} + */ + const productToCategoriesMap = new Map() + + vulnerability.remediations?.forEach((remediation, remediationIndex) => { + const category = remediation.category + if (!category) return + + /** + * This function adds the current category to the given product id in the + * `productMap`. If the product does not yet exist in the map, it is added. + * + * @param {string} id + */ + const collectCategory = (id) => { + productToCategoriesMap.set( + id, + new Set(productToCategoriesMap.get(id)).add(category) + ) + } + + remediation.product_ids?.forEach(collectCategory) + + remediation.group_ids?.forEach((id) => { + const group = doc.product_tree?.product_groups?.find( + (g) => g.group_id === id + ) + if (!group) return + group.product_ids?.forEach(collectCategory) + }) + + for (const [productId, categories] of productToCategoriesMap) { + /** + * This set will hold all already checked categories to avoid double checks + * and doubled error messages. + */ + const checkedCategories = new Set() + + for (const categoryA of categories) { + checkedCategories.add(categoryA) + + for (const categoryB of categories) { + if (checkedCategories.has(categoryB)) continue + + if (prohibitionRuleMap.get(categoryA)?.has(categoryB)) { + ctx.errors.push({ + instancePath: `/vulnerabilities/${vulnerabilityIndex}/remediations/${remediationIndex}`, + message: `contradicting remediation categories for product id "${productId}": ${categoryA}, ${categoryB}`, + }) + ctx.isValid = false + } + } + } + } + }) + } + + return ctx +} diff --git a/csaf_2_1/mandatoryTests/mandatoryTest_6_1_8.js b/csaf_2_1/mandatoryTests/mandatoryTest_6_1_8.js new file mode 100644 index 00000000..5b70e62b --- /dev/null +++ b/csaf_2_1/mandatoryTests/mandatoryTest_6_1_8.js @@ -0,0 +1,124 @@ +import Ajv from 'ajv/dist/jtd.js' +import csafAjv from '../../lib/shared/csafAjv.js' + +const jtdAjv = new Ajv() + +const inputSchema = /** @type {const} */ ({ + additionalProperties: true, + optionalProperties: { + vulnerabilities: { + elements: { + additionalProperties: true, + optionalProperties: { + metrics: { + elements: { + additionalProperties: true, + optionalProperties: { + content: { + additionalProperties: true, + optionalProperties: { + cvss_v2: { + additionalProperties: true, + properties: {}, + }, + cvss_v3: { + additionalProperties: true, + properties: {}, + }, + cvss_v4: { + additionalProperties: true, + properties: {}, + }, + }, + }, + }, + }, + }, + }, + }, + }, + }, +}) + +const validate = jtdAjv.compile(inputSchema) + +const validate_2_0 = csafAjv.compile({ + $ref: 'https://www.first.org/cvss/cvss-v2.0.json', +}) + +const validate_3 = csafAjv.compile({ + oneOf: [ + { + $ref: 'https://www.first.org/cvss/cvss-v3.0.json', + }, + { + $ref: 'https://www.first.org/cvss/cvss-v3.1.json', + }, + ], +}) + +const validate_4_0 = csafAjv.compile({ + $ref: 'https://www.first.org/cvss/cvss-v4.0.json', +}) + +/** + * @param {any} doc + */ +export function mandatoryTest_6_1_8(doc) { + const ctx = { + errors: + /** @type {Array<{ instancePath: string; message: string }>} */ ([]), + isValid: true, + } + + if (!validate(doc)) { + return ctx + } + + for (const [ + vulnerabilityIndex, + vulnerability, + ] of doc.vulnerabilities?.entries() ?? []) { + for (const [metricIndex, metric] of vulnerability.metrics?.entries() ?? + []) { + if (metric?.content?.cvss_v2) { + const valid = validate_2_0(metric?.content.cvss_v2) + if (!valid) { + ctx.isValid = false + for (const err of validate_2_0.errors ?? []) { + ctx.errors.push({ + instancePath: `/vulnerabilities/${vulnerabilityIndex}/metrics/${metricIndex}/content/cvss_v2${err.instancePath}`, + message: err.message ?? '', + }) + } + } + } + if (metric?.content?.cvss_v3) { + const valid = validate_3(metric?.content?.cvss_v3) + if (!valid) { + ctx.isValid = false + for (const err of validate_3.errors ?? []) { + ctx.errors.push({ + instancePath: `/vulnerabilities/${vulnerabilityIndex}/metrics/${metricIndex}/content/cvss_v3${err.instancePath}`, + message: err.message ?? '', + }) + } + } + } + if (metric?.content?.cvss_v4) { + const valid = validate_4_0(metric?.content?.cvss_v4) + if (!valid) { + ctx.isValid = false + for (const err of validate_4_0.errors ?? []) { + ctx.errors.push({ + instancePath: `/vulnerabilities/${vulnerabilityIndex}/metrics/${metricIndex}/content/cvss_v4${err.instancePath}`, + message: err.message ?? '', + }) + } + } + } + } + } + + return ctx +} diff --git a/csaf_2_1/optionalTests.js b/csaf_2_1/optionalTests.js new file mode 100644 index 00000000..be281583 --- /dev/null +++ b/csaf_2_1/optionalTests.js @@ -0,0 +1,23 @@ +export { + optionalTest_6_2_1, + optionalTest_6_2_2, + optionalTest_6_2_3, + optionalTest_6_2_4, + optionalTest_6_2_5, + optionalTest_6_2_6, + optionalTest_6_2_7, + optionalTest_6_2_8, + optionalTest_6_2_9, + optionalTest_6_2_10, + optionalTest_6_2_11, + optionalTest_6_2_12, + optionalTest_6_2_13, + optionalTest_6_2_14, + optionalTest_6_2_15, + optionalTest_6_2_16, + optionalTest_6_2_17, + optionalTest_6_2_18, + optionalTest_6_2_19, + optionalTest_6_2_20, +} from '../optionalTests.js' +export { optionalTest_6_2_25 } from './optionalTests/optionalTest_6_2_25.js' diff --git a/csaf_2_1/optionalTests/optionalTest_6_2_25.js b/csaf_2_1/optionalTests/optionalTest_6_2_25.js new file mode 100644 index 00000000..4f1d1732 --- /dev/null +++ b/csaf_2_1/optionalTests/optionalTest_6_2_25.js @@ -0,0 +1,98 @@ +import Ajv from 'ajv/dist/jtd.js' +import { cwecMap } from '../../lib/cwec.js' + +const ajv = new Ajv() + +/* + This is the jtd schema that needs to match the input document so that the + test is activated. If this schema doesn't match it normally means that the input + document does not validate against the csaf json schema or optional fields that + the test checks are not present. + */ +const inputSchema = /** @type {const} */ ({ + additionalProperties: true, + properties: { + vulnerabilities: { + elements: { + additionalProperties: true, + properties: { + cwes: { + elements: { + additionalProperties: true, + properties: {}, + }, + }, + }, + }, + }, + }, +}) + +const validateInput = ajv.compile(inputSchema) + +const cweSchema = /** @type {const} */ ({ + additionalProperties: true, + properties: { + id: { type: 'string' }, + version: { type: 'string' }, + name: { type: 'string' }, + }, +}) + +const validateCWE = ajv.compile(cweSchema) + +/** + * This implements the optional test 6.2.25 of the CSAF 2.1 standard. + * + * @param {any} doc + */ +export async function optionalTest_6_2_25(doc) { + /** @type {Array<{ message: string; instancePath: string }>} */ + const warnings = [] + const context = { warnings } + + if (!validateInput(doc)) { + return context + } + + for (let i = 0; i < doc.vulnerabilities.length; ++i) { + const vulnerability = doc.vulnerabilities[i] + for (let j = 0; j < vulnerability.cwes.length; ++j) { + const cwe = vulnerability.cwes.at(j) + if (validateCWE(cwe)) { + const cwec = cwecMap.get(cwe.version) + if (!cwec) { + context.warnings.push({ + instancePath: `/vulnerabilities/${i}/cwes/${j}/version`, + message: 'no such cwe version is recognized', + }) + continue + } + const entry = (await cwec()).default.weaknesses.find( + (w) => w.id === cwe.id + ) + if (!entry) { + context.warnings.push({ + instancePath: `/vulnerabilities/${i}/cwes/${j}/id`, + message: `no weakness with this id is recognized in CWE ${cwe.version}`, + }) + continue + } + //NOTE: the usage property is not available in cwe version 4.11 and older + if ( + entry.usage !== 'Allowed' && + entry.usage !== 'Allowed-with-Review' + ) { + context.warnings.push({ + instancePath: `/vulnerabilities/${i}/cwes/${j}/id`, + message: + 'the usage of the weakness with the given id is not allowed', + }) + continue + } + } + } + } + + return context +} diff --git a/csaf_2_1/schemaTests.js b/csaf_2_1/schemaTests.js new file mode 100644 index 00000000..bee19515 --- /dev/null +++ b/csaf_2_1/schemaTests.js @@ -0,0 +1,2 @@ +export { default as csaf_2_1_strict } from './schemaTests/csaf_2_1_strict.js' +export { default as csaf_2_1 } from './schemaTests/csaf_2_1.js' diff --git a/csaf_2_1/schemaTests/csaf_2_1.js b/csaf_2_1/schemaTests/csaf_2_1.js new file mode 100644 index 00000000..cef04aa1 --- /dev/null +++ b/csaf_2_1/schemaTests/csaf_2_1.js @@ -0,0 +1,26 @@ +import csafAjv from '../../lib/shared/csafAjv.js' +import schema from './csaf_2_1/schema.js' + +const validate = csafAjv.compile(schema) + +/** + * @param {any} doc + */ +export default function csaf_2_1(doc) { + let isValid = validate(doc) + /** + * + * @type {Array<{ + * message?: string + * instancePath: string + * }>} + */ + const errors = validate.errors ?? [] + return { + isValid, + errors: errors.map((e) => ({ + ...e, + message: e.message ?? 'unexpected empty error message', + })), + } +} diff --git a/csaf_2_1/schemaTests/csaf_2_1/schema.js b/csaf_2_1/schemaTests/csaf_2_1/schema.js new file mode 100644 index 00000000..e2d53e2b --- /dev/null +++ b/csaf_2_1/schemaTests/csaf_2_1/schema.js @@ -0,0 +1,1485 @@ +export default { + $schema: 'https://json-schema.org/draft/2020-12/schema', + $id: 'https://docs.oasis-open.org/csaf/csaf/v2.1/csaf_json_schema.json', + title: 'Common Security Advisory Framework', + description: + 'Representation of security advisory information as a JSON document.', + type: 'object', + $defs: { + acknowledgments_t: { + title: 'List of acknowledgments', + description: 'Contains a list of acknowledgment elements.', + type: 'array', + minItems: 1, + items: { + title: 'Acknowledgment', + description: + 'Acknowledges contributions by describing those that contributed.', + type: 'object', + minProperties: 1, + properties: { + names: { + title: 'List of acknowledged names', + description: 'Contains the names of contributors being recognized.', + type: 'array', + minItems: 1, + items: { + title: 'Name of the contributor', + description: + 'Contains the name of a single contributor being recognized.', + type: 'string', + minLength: 1, + examples: ['Albert Einstein', 'Johann Sebastian Bach'], + }, + }, + organization: { + title: 'Contributing organization', + description: + 'Contains the name of a contributing organization being recognized.', + type: 'string', + minLength: 1, + examples: ['CISA', 'Google Project Zero', 'Talos'], + }, + summary: { + title: 'Summary of the acknowledgment', + description: + 'SHOULD represent any contextual details the document producers wish to make known about the acknowledgment or acknowledged parties.', + type: 'string', + minLength: 1, + examples: [ + 'First analysis of Coordinated Multi-Stream Attack (CMSA)', + ], + }, + urls: { + title: 'List of URLs', + description: + 'Specifies a list of URLs or location of the reference to be acknowledged.', + type: 'array', + minItems: 1, + items: { + title: 'URL of acknowledgment', + description: + 'Contains the URL or location of the reference to be acknowledged.', + type: 'string', + format: 'uri', + }, + }, + }, + }, + }, + branches_t: { + title: 'List of branches', + description: + 'Contains branch elements as children of the current element.', + type: 'array', + minItems: 1, + items: { + title: 'Branch', + description: + 'Is a part of the hierarchical structure of the product tree.', + type: 'object', + maxProperties: 3, + minProperties: 3, + required: ['category', 'name'], + properties: { + branches: { + $ref: '#/$defs/branches_t', + }, + category: { + title: 'Category of the branch', + description: 'Describes the characteristics of the labeled branch.', + type: 'string', + enum: [ + 'architecture', + 'host_name', + 'language', + 'legacy', + 'patch_level', + 'platform', + 'product_family', + 'product_name', + 'product_version', + 'product_version_range', + 'service_pack', + 'specification', + 'vendor', + ], + }, + name: { + title: 'Name of the branch', + description: + "Contains the canonical descriptor or 'friendly name' of the branch.", + type: 'string', + minLength: 1, + examples: [ + '10', + '365', + 'Microsoft', + 'Office', + 'PCS 7', + 'SIMATIC', + 'Siemens', + 'Windows', + ], + }, + product: { + $ref: '#/$defs/full_product_name_t', + }, + }, + }, + }, + full_product_name_t: { + title: 'Full product name', + description: + 'Specifies information about the product and assigns the product_id.', + type: 'object', + required: ['name', 'product_id'], + properties: { + name: { + title: 'Textual description of the product', + description: + 'The value should be the product’s full canonical name, including version number and other attributes, as it would be used in a human-friendly document.', + type: 'string', + minLength: 1, + examples: [ + 'Cisco AnyConnect Secure Mobility Client 2.3.185', + 'Microsoft Host Integration Server 2006 Service Pack 1', + ], + }, + product_id: { + $ref: '#/$defs/product_id_t', + }, + product_identification_helper: { + title: 'Helper to identify the product', + description: + 'Provides at least one method which aids in identifying the product in an asset database.', + type: 'object', + minProperties: 1, + properties: { + cpe: { + title: 'Common Platform Enumeration representation', + description: + 'The Common Platform Enumeration (CPE) attribute refers to a method for naming platforms external to this specification.', + type: 'string', + pattern: + '^((cpe:2\\.3:[aho\\*\\-](:(((\\?*|\\*?)([a-zA-Z0-9\\-\\._]|(\\\\[\\\\\\*\\?!"#\\$%&\'\\(\\)\\+,\\/:;<=>@\\[\\]\\^`\\{\\|\\}~]))+(\\?*|\\*?))|[\\*\\-])){5}(:(([a-zA-Z]{2,3}(-([a-zA-Z]{2}|[0-9]{3}))?)|[\\*\\-]))(:(((\\?*|\\*?)([a-zA-Z0-9\\-\\._]|(\\\\[\\\\\\*\\?!"#\\$%&\'\\(\\)\\+,\\/:;<=>@\\[\\]\\^`\\{\\|\\}~]))+(\\?*|\\*?))|[\\*\\-])){4})|([c][pP][eE]:\\/[AHOaho]?(:[A-Za-z0-9\\._\\-~%]*){0,6}))$', + minLength: 5, + }, + hashes: { + title: 'List of hashes', + description: + 'Contains a list of cryptographic hashes usable to identify files.', + type: 'array', + minItems: 1, + items: { + title: 'Cryptographic hashes', + description: + 'Contains all information to identify a file based on its cryptographic hash values.', + type: 'object', + required: ['file_hashes', 'filename'], + properties: { + file_hashes: { + title: 'List of file hashes', + description: + 'Contains a list of cryptographic hashes for this file.', + type: 'array', + minItems: 1, + items: { + title: 'File hash', + description: + 'Contains one hash value and algorithm of the file to be identified.', + type: 'object', + required: ['algorithm', 'value'], + properties: { + algorithm: { + title: 'Algorithm of the cryptographic hash', + description: + 'Contains the name of the cryptographic hash algorithm used to calculate the value.', + type: 'string', + default: 'sha256', + minLength: 1, + examples: [ + 'blake2b512', + 'sha256', + 'sha3-512', + 'sha384', + 'sha512', + ], + }, + value: { + title: 'Value of the cryptographic hash', + description: + 'Contains the cryptographic hash value in hexadecimal representation.', + type: 'string', + pattern: '^[0-9a-fA-F]{32,}$', + minLength: 32, + examples: [ + '37df33cb7464da5c7f077f4d56a32bc84987ec1d85b234537c1c1a4d4fc8d09dc29e2e762cb5203677bf849a2855a0283710f1f5fe1d6ce8d5ac85c645d0fcb3', + '4775203615d9534a8bfca96a93dc8b461a489f69124a130d786b42204f3341cc', + '9ea4c8200113d49d26505da0e02e2f49055dc078d1ad7a419b32e291c7afebbb84badfbd46dec42883bea0b2a1fa697c', + ], + }, + }, + }, + }, + filename: { + title: 'Filename', + description: + 'Contains the name of the file which is identified by the hash values.', + type: 'string', + minLength: 1, + examples: ['WINWORD.EXE', 'msotadddin.dll', 'sudoers.so'], + }, + }, + }, + }, + model_numbers: { + title: 'List of models', + description: + 'Contains a list of full or abbreviated (partial) model numbers.', + type: 'array', + minItems: 1, + uniqueItems: true, + items: { + title: 'Model number', + description: + 'Contains a full or abbreviated (partial) model number of the component to identify.', + type: 'string', + minLength: 1, + }, + }, + purl: { + title: 'package URL representation', + description: + 'The package URL (purl) attribute refers to a method for reliably identifying and locating software packages external to this specification.', + type: 'string', + format: 'uri', + pattern: '^pkg:[A-Za-z\\.\\-\\+][A-Za-z0-9\\.\\-\\+]*\\/.+', + minLength: 7, + }, + sbom_urls: { + title: 'List of SBOM URLs', + description: + 'Contains a list of URLs where SBOMs for this product can be retrieved.', + type: 'array', + minItems: 1, + items: { + title: 'SBOM URL', + description: 'Contains a URL of one SBOM for this product.', + type: 'string', + format: 'uri', + }, + }, + serial_numbers: { + title: 'List of serial numbers', + description: + 'Contains a list of full or abbreviated (partial) serial numbers.', + type: 'array', + minItems: 1, + uniqueItems: true, + items: { + title: 'Serial number', + description: + 'Contains a full or abbreviated (partial) serial number of the component to identify.', + type: 'string', + minLength: 1, + }, + }, + skus: { + title: 'List of stock keeping units', + description: + 'Contains a list of full or abbreviated (partial) stock keeping units.', + type: 'array', + minItems: 1, + items: { + title: 'Stock keeping unit', + description: + 'Contains a full or abbreviated (partial) stock keeping unit (SKU) which is used in the ordering process to identify the component.', + type: 'string', + minLength: 1, + }, + }, + x_generic_uris: { + title: 'List of generic URIs', + description: + 'Contains a list of identifiers which are either vendor-specific or derived from a standard not yet supported.', + type: 'array', + minItems: 1, + items: { + title: 'Generic URI', + description: + 'Provides a generic extension point for any identifier which is either vendor-specific or derived from a standard not yet supported.', + type: 'object', + required: ['namespace', 'uri'], + properties: { + namespace: { + title: 'Namespace of the generic URI', + description: + 'Refers to a URL which provides the name and knowledge about the specification used or is the namespace in which these values are valid.', + type: 'string', + format: 'uri', + }, + uri: { + title: 'URI', + description: 'Contains the identifier itself.', + type: 'string', + format: 'uri', + }, + }, + }, + }, + }, + }, + }, + }, + lang_t: { + title: 'Language type', + description: + 'Identifies a language, corresponding to IETF BCP 47 / RFC 5646. See IETF language registry: https://www.iana.org/assignments/language-subtag-registry/language-subtag-registry', + type: 'string', + pattern: + '^(([A-Za-z]{2,3}(-[A-Za-z]{3}(-[A-Za-z]{3}){0,2})?|[A-Za-z]{4,8})(-[A-Za-z]{4})?(-([A-Za-z]{2}|[0-9]{3}))?(-([A-Za-z0-9]{5,8}|[0-9][A-Za-z0-9]{3}))*(-[A-WY-Za-wy-z0-9](-[A-Za-z0-9]{2,8})+)*(-[Xx](-[A-Za-z0-9]{1,8})+)?|[Xx](-[A-Za-z0-9]{1,8})+|[Ii]-[Dd][Ee][Ff][Aa][Uu][Ll][Tt]|[Ii]-[Mm][Ii][Nn][Gg][Oo])$', + examples: ['de', 'en', 'fr', 'frc', 'jp'], + }, + notes_t: { + title: 'List of notes', + description: 'Contains notes which are specific to the current context.', + type: 'array', + minItems: 1, + items: { + title: 'Note', + description: + 'Is a place to put all manner of text blobs related to the current context.', + type: 'object', + required: ['category', 'text'], + properties: { + audience: { + title: 'Audience of note', + description: 'Indicates who is intended to read it.', + type: 'string', + minLength: 1, + examples: [ + 'all', + 'executives', + 'operational management and system administrators', + 'safety engineers', + ], + }, + category: { + title: 'Note category', + description: + 'Contains the information of what kind of note this is.', + type: 'string', + enum: [ + 'description', + 'details', + 'faq', + 'general', + 'legal_disclaimer', + 'other', + 'summary', + ], + }, + text: { + title: 'Note content', + description: + 'Holds the content of the note. Content varies depending on type.', + type: 'string', + minLength: 1, + }, + title: { + title: 'Title of note', + description: + 'Provides a concise description of what is contained in the text of the note.', + type: 'string', + minLength: 1, + examples: [ + 'Details', + 'Executive summary', + 'Technical summary', + 'Impact on safety systems', + ], + }, + }, + }, + }, + product_group_id_t: { + title: 'Reference token for product group instance', + description: + 'Token required to identify a group of products so that it can be referred to from other parts in the document. There is no predefined or required format for the product_group_id as long as it uniquely identifies a group in the context of the current document.', + type: 'string', + minLength: 1, + examples: ['CSAFGID-0001', 'CSAFGID-0002', 'CSAFGID-0020'], + }, + product_groups_t: { + title: 'List of product_group_ids', + description: + 'Specifies a list of product_group_ids to give context to the parent item.', + type: 'array', + minItems: 1, + uniqueItems: true, + items: { + $ref: '#/$defs/product_group_id_t', + }, + }, + product_id_t: { + title: 'Reference token for product instance', + description: + 'Token required to identify a full_product_name so that it can be referred to from other parts in the document. There is no predefined or required format for the product_id as long as it uniquely identifies a product in the context of the current document.', + type: 'string', + minLength: 1, + examples: ['CSAFPID-0004', 'CSAFPID-0008'], + }, + products_t: { + title: 'List of product_ids', + description: + 'Specifies a list of product_ids to give context to the parent item.', + type: 'array', + minItems: 1, + uniqueItems: true, + items: { + $ref: '#/$defs/product_id_t', + }, + }, + references_t: { + title: 'List of references', + description: 'Holds a list of references.', + type: 'array', + minItems: 1, + items: { + title: 'Reference', + description: + 'Holds any reference to conferences, papers, advisories, and other resources that are related and considered related to either a surrounding part of or the entire document and to be of value to the document consumer.', + type: 'object', + required: ['summary', 'url'], + properties: { + category: { + title: 'Category of reference', + description: + 'Indicates whether the reference points to the same document or vulnerability in focus (depending on scope) or to an external resource.', + type: 'string', + default: 'external', + enum: ['external', 'self'], + }, + summary: { + title: 'Summary of the reference', + description: 'Indicates what this reference refers to.', + type: 'string', + minLength: 1, + }, + url: { + title: 'URL of reference', + description: 'Provides the URL for the reference.', + type: 'string', + format: 'uri', + }, + }, + }, + }, + version_t: { + title: 'Version', + description: + 'Specifies a version string to denote clearly the evolution of the content of the document. Format must be either integer or semantic versioning.', + type: 'string', + pattern: + '^(0|[1-9][0-9]*)$|^((0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?)$', + examples: ['1', '4', '0.9.0', '1.4.3', '2.40.0+21AF26D3'], + }, + }, + required: ['$schema', 'document'], + properties: { + $schema: { + title: 'JSON schema', + description: + 'Contains the URL of the CSAF JSON schema which the document promises to be valid for.', + type: 'string', + enum: [ + 'https://docs.oasis-open.org/csaf/csaf/v2.1/csaf_json_schema.json', + ], + format: 'uri', + }, + document: { + title: 'Document level meta-data', + description: + 'Captures the meta-data about this document describing a particular set of security advisories.', + type: 'object', + required: [ + 'category', + 'csaf_version', + 'distribution', + 'publisher', + 'title', + 'tracking', + ], + properties: { + acknowledgments: { + title: 'Document acknowledgments', + description: + 'Contains a list of acknowledgment elements associated with the whole document.', + $ref: '#/$defs/acknowledgments_t', + }, + aggregate_severity: { + title: 'Aggregate severity', + description: + "Is a vehicle that is provided by the document producer to convey the urgency and criticality with which the one or more vulnerabilities reported should be addressed. It is a document-level metric and applied to the document as a whole — not any specific vulnerability. The range of values in this field is defined according to the document producer's policies and procedures.", + type: 'object', + required: ['text'], + properties: { + namespace: { + title: 'Namespace of aggregate severity', + description: 'Points to the namespace so referenced.', + type: 'string', + format: 'uri', + }, + text: { + title: 'Text of aggregate severity', + description: + 'Provides a severity which is independent of - and in addition to - any other standard metric for determining the impact or severity of a given vulnerability (such as CVSS).', + type: 'string', + minLength: 1, + examples: ['Critical', 'Important', 'Moderate'], + }, + }, + }, + category: { + title: 'Document category', + description: + 'Defines a short canonical name, chosen by the document producer, which will inform the end user as to the category of document.', + type: 'string', + pattern: '^[^\\s\\-_\\.](.*[^\\s\\-_\\.])?$', + minLength: 1, + examples: [ + 'csaf_base', + 'csaf_security_advisory', + 'csaf_vex', + 'Example Company Security Notice', + ], + }, + csaf_version: { + title: 'CSAF version', + description: + 'Gives the version of the CSAF specification which the document was generated for.', + type: 'string', + enum: ['2.1'], + }, + distribution: { + title: 'Rules for sharing document', + description: + 'Describe any constraints on how this document might be shared.', + type: 'object', + required: ['tlp'], + properties: { + sharing_group: { + title: 'Sharing Group', + description: + 'Contains information about the group this document is intended to be shared with.', + type: 'object', + required: ['id'], + properties: { + id: { + title: 'Sharing Group ID', + description: 'Provides the unique ID for the sharing group.', + type: 'string', + format: 'uuid', + pattern: + '^(([0-9a-f]{8}-[0-9a-f]{4}-4[0-9a-f]{3}-[0-9a-f]{4}-[0-9a-f]{12})|([0]{8}-([0]{4}-){3}[0]{12})|([f]{8}-([f]{4}-){3}[f]{12}))$', + }, + name: { + title: 'Sharing Group Name', + description: + 'Contains a human-readable name for the sharing group.', + type: 'string', + minLength: 1, + examples: [ + 'Customer A', + 'ISAC members', + 'NIS2 regulated important entities in Germany, sector water', + 'Pre-Sharing group for advisory discussion', + 'Users of Product A', + 'US Federal Civilian Authorities', + ], + }, + }, + }, + text: { + title: 'Textual description', + description: + 'Provides a textual description of additional constraints.', + type: 'string', + minLength: 1, + examples: [ + 'Copyright 2021, Example Company, All Rights Reserved.', + 'Distribute freely.', + 'Share only on a need-to-know-basis only.', + ], + }, + tlp: { + title: 'Traffic Light Protocol (TLP)', + description: + 'Provides details about the TLP classification of the document.', + type: 'object', + required: ['label'], + properties: { + label: { + title: 'Label of TLP', + description: 'Provides the TLP label of the document.', + type: 'string', + default: 'CLEAR', + enum: ['AMBER', 'AMBER+STRICT', 'CLEAR', 'GREEN', 'RED'], + }, + url: { + title: 'URL of TLP version', + description: + 'Provides a URL where to find the textual description of the TLP version which is used in this document. Default is the URL to the definition by FIRST.', + type: 'string', + default: 'https://www.first.org/tlp/', + format: 'uri', + examples: [ + 'https://www.us-cert.gov/tlp', + 'https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Kritis/Merkblatt_TLP.pdf', + ], + }, + }, + }, + }, + }, + lang: { + title: 'Document language', + description: + 'Identifies the language used by this document, corresponding to IETF BCP 47 / RFC 5646.', + $ref: '#/$defs/lang_t', + }, + notes: { + title: 'Document notes', + description: 'Holds notes associated with the whole document.', + $ref: '#/$defs/notes_t', + }, + publisher: { + title: 'Publisher', + description: + 'Provides information about the publisher of the document.', + type: 'object', + required: ['category', 'name', 'namespace'], + properties: { + category: { + title: 'Category of publisher', + description: + 'Provides information about the category of publisher releasing the document.', + type: 'string', + enum: [ + 'coordinator', + 'discoverer', + 'multiplier', + 'other', + 'translator', + 'user', + 'vendor', + ], + }, + contact_details: { + title: 'Contact details', + description: + 'Information on how to contact the publisher, possibly including details such as web sites, email addresses, phone numbers, and postal mail addresses.', + type: 'string', + minLength: 1, + examples: [ + 'Example Company can be reached at contact_us@example.com, or via our website at https://www.example.com/contact.', + ], + }, + issuing_authority: { + title: 'Issuing authority', + description: + "Provides information about the authority of the issuing party to release the document, in particular, the party's constituency and responsibilities or other obligations.", + type: 'string', + minLength: 1, + }, + name: { + title: 'Name of publisher', + description: 'Contains the name of the issuing party.', + type: 'string', + minLength: 1, + examples: ['BSI', 'Cisco PSIRT', 'Siemens ProductCERT'], + }, + namespace: { + title: 'Namespace of publisher', + description: + 'Contains a URL which is under control of the issuing party and can be used as a globally unique identifier for that issuing party.', + type: 'string', + format: 'uri', + examples: ['https://csaf.io', 'https://www.example.com'], + }, + }, + }, + references: { + title: 'Document references', + description: + 'Holds a list of references associated with the whole document.', + $ref: '#/$defs/references_t', + }, + source_lang: { + title: 'Source language', + description: + 'If this copy of the document is a translation then the value of this property describes from which language this document was translated.', + $ref: '#/$defs/lang_t', + }, + title: { + title: 'Title of this document', + description: + 'This SHOULD be a canonical name for the document, and sufficiently unique to distinguish it from similar documents.', + type: 'string', + minLength: 1, + examples: [ + 'Cisco IPv6 Crafted Packet Denial of Service Vulnerability', + 'Example Company Cross-Site-Scripting Vulnerability in Example Generator', + ], + }, + tracking: { + title: 'Tracking', + description: + 'Is a container designated to hold all management attributes necessary to track a CSAF document as a whole.', + type: 'object', + required: [ + 'current_release_date', + 'id', + 'initial_release_date', + 'revision_history', + 'status', + 'version', + ], + properties: { + aliases: { + title: 'Aliases', + description: + 'Contains a list of alternate names for the same document.', + type: 'array', + minItems: 1, + uniqueItems: true, + items: { + title: 'Alternate name', + description: + 'Specifies a non-empty string that represents a distinct optional alternative ID used to refer to the document.', + type: 'string', + minLength: 1, + examples: ['CVE-2019-12345'], + }, + }, + current_release_date: { + title: 'Current release date', + description: + 'The date when the current revision of this document was released', + type: 'string', + format: 'date-time', + }, + generator: { + title: 'Document generator', + description: + 'Is a container to hold all elements related to the generation of the document. These items will reference when the document was actually created, including the date it was generated and the entity that generated it.', + type: 'object', + required: ['engine'], + properties: { + date: { + title: 'Date of document generation', + description: + 'This SHOULD be the current date that the document was generated. Because documents are often generated internally by a document producer and exist for a nonzero amount of time before being released, this field MAY be different from the Initial Release Date and Current Release Date.', + type: 'string', + format: 'date-time', + }, + engine: { + title: 'Engine of document generation', + description: + 'Contains information about the engine that generated the CSAF document.', + type: 'object', + required: ['name'], + properties: { + name: { + title: 'Engine name', + description: + 'Represents the name of the engine that generated the CSAF document.', + type: 'string', + minLength: 1, + examples: ['Red Hat rhsa-to-cvrf', 'Secvisogram', 'TVCE'], + }, + version: { + title: 'Engine version', + description: + 'Contains the version of the engine that generated the CSAF document.', + type: 'string', + minLength: 1, + examples: ['0.6.0', '1.0.0-beta+exp.sha.a1c44f85', '2'], + }, + }, + }, + }, + }, + id: { + title: 'Unique identifier for the document', + description: + 'The ID is a simple label that provides for a wide range of numbering values, types, and schemes. Its value SHOULD be assigned and maintained by the original document issuing authority.', + type: 'string', + pattern: '^[\\S](.*[\\S])?$', + minLength: 1, + examples: [ + 'Example Company - 2019-YH3234', + 'RHBA-2019:0024', + 'cisco-sa-20190513-secureboot', + ], + }, + initial_release_date: { + title: 'Initial release date', + description: 'The date when this document was first published.', + type: 'string', + format: 'date-time', + }, + revision_history: { + title: 'Revision history', + description: + 'Holds one revision item for each version of the CSAF document, including the initial one.', + type: 'array', + minItems: 1, + items: { + title: 'Revision', + description: + 'Contains all the information elements required to track the evolution of a CSAF document.', + type: 'object', + required: ['date', 'number', 'summary'], + properties: { + date: { + title: 'Date of the revision', + description: 'The date of the revision entry', + type: 'string', + format: 'date-time', + }, + legacy_version: { + title: 'Legacy version of the revision', + description: + 'Contains the version string used in an existing document with the same content.', + type: 'string', + minLength: 1, + }, + number: { + $ref: '#/$defs/version_t', + }, + summary: { + title: 'Summary of the revision', + description: + 'Holds a single non-empty string representing a short description of the changes.', + type: 'string', + minLength: 1, + examples: ['Initial version.'], + }, + }, + }, + }, + status: { + title: 'Document status', + description: 'Defines the draft status of the document.', + type: 'string', + enum: ['draft', 'final', 'interim'], + }, + version: { + $ref: '#/$defs/version_t', + }, + }, + }, + }, + }, + product_tree: { + title: 'Product tree', + description: + 'Is a container for all fully qualified product names that can be referenced elsewhere in the document.', + type: 'object', + minProperties: 1, + properties: { + branches: { + $ref: '#/$defs/branches_t', + }, + full_product_names: { + title: 'List of full product names', + description: 'Contains a list of full product names.', + type: 'array', + minItems: 1, + items: { + $ref: '#/$defs/full_product_name_t', + }, + }, + product_groups: { + title: 'List of product groups', + description: 'Contains a list of product groups.', + type: 'array', + minItems: 1, + items: { + title: 'Product group', + description: + 'Defines a new logical group of products that can then be referred to in other parts of the document to address a group of products with a single identifier.', + type: 'object', + required: ['group_id', 'product_ids'], + properties: { + group_id: { + $ref: '#/$defs/product_group_id_t', + }, + product_ids: { + title: 'List of Product IDs', + description: + 'Lists the product_ids of those products which known as one group in the document.', + type: 'array', + minItems: 2, + uniqueItems: true, + items: { + $ref: '#/$defs/product_id_t', + }, + }, + summary: { + title: 'Summary of the product group', + description: + 'Gives a short, optional description of the group.', + type: 'string', + minLength: 1, + examples: [ + 'Products supporting Modbus.', + 'The x64 versions of the operating system.', + ], + }, + }, + }, + }, + relationships: { + title: 'List of relationships', + description: 'Contains a list of relationships.', + type: 'array', + minItems: 1, + items: { + title: 'Relationship', + description: + 'Establishes a link between two existing full_product_name_t elements, allowing the document producer to define a combination of two products that form a new full_product_name entry.', + type: 'object', + required: [ + 'category', + 'full_product_name', + 'product_reference', + 'relates_to_product_reference', + ], + properties: { + category: { + title: 'Relationship category', + description: + 'Defines the category of relationship for the referenced component.', + type: 'string', + enum: [ + 'default_component_of', + 'external_component_of', + 'installed_on', + 'installed_with', + 'optional_component_of', + ], + }, + full_product_name: { + $ref: '#/$defs/full_product_name_t', + }, + product_reference: { + title: 'Product reference', + description: + 'Holds a Product ID that refers to the Full Product Name element, which is referenced as the first element of the relationship.', + $ref: '#/$defs/product_id_t', + }, + relates_to_product_reference: { + title: 'Relates to product reference', + description: + 'Holds a Product ID that refers to the Full Product Name element, which is referenced as the second element of the relationship.', + $ref: '#/$defs/product_id_t', + }, + }, + }, + }, + }, + }, + vulnerabilities: { + title: 'Vulnerabilities', + description: + 'Represents a list of all relevant vulnerability information items.', + type: 'array', + minItems: 1, + items: { + title: 'Vulnerability', + description: + 'Is a container for the aggregation of all fields that are related to a single vulnerability in the document.', + type: 'object', + minProperties: 1, + properties: { + acknowledgments: { + title: 'Vulnerability acknowledgments', + description: + 'Contains a list of acknowledgment elements associated with this vulnerability item.', + $ref: '#/$defs/acknowledgments_t', + }, + cve: { + title: 'CVE', + description: + 'Holds the MITRE standard Common Vulnerabilities and Exposures (CVE) tracking number for the vulnerability.', + type: 'string', + pattern: '^CVE-[0-9]{4}-[0-9]{4,}$', + }, + cwes: { + title: 'List of CWEs', + description: 'Contains a list of CWEs.', + type: 'array', + minItems: 1, + uniqueItems: true, + items: { + title: 'CWE', + description: + 'Holds the MITRE standard Common Weakness Enumeration (CWE) for the weakness associated.', + type: 'object', + required: ['id', 'name', 'version'], + properties: { + id: { + title: 'Weakness ID', + description: 'Holds the ID for the weakness associated.', + type: 'string', + pattern: '^CWE-[1-9]\\d{0,5}$', + examples: ['CWE-22', 'CWE-352', 'CWE-79'], + }, + name: { + title: 'Weakness name', + description: + 'Holds the full name of the weakness as given in the CWE specification.', + type: 'string', + minLength: 1, + examples: [ + 'Cross-Site Request Forgery (CSRF)', + "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + ], + }, + version: { + title: 'CWE version', + description: + 'Holds the version string of the CWE specification this weakness was extracted from.', + type: 'string', + minLength: 1, + pattern: '^[1-9]\\d*\\.([0-9]|([1-9]\\d+))(\\.\\d+)?$', + examples: ['1.0', '3.4.1', '4.0', '4.11', '4.12'], + }, + }, + }, + }, + discovery_date: { + title: 'Discovery date', + description: + 'Holds the date and time the vulnerability was originally discovered.', + type: 'string', + format: 'date-time', + }, + flags: { + title: 'List of flags', + description: 'Contains a list of machine readable flags.', + type: 'array', + minItems: 1, + uniqueItems: true, + items: { + title: 'Flag', + description: + 'Contains product specific information in regard to this vulnerability as a single machine readable flag.', + type: 'object', + required: ['label'], + properties: { + date: { + title: 'Date of the flag', + description: + 'Contains the date when assessment was done or the flag was assigned.', + type: 'string', + format: 'date-time', + }, + group_ids: { + $ref: '#/$defs/product_groups_t', + }, + label: { + title: 'Label of the flag', + description: 'Specifies the machine readable label.', + type: 'string', + enum: [ + 'component_not_present', + 'inline_mitigations_already_exist', + 'vulnerable_code_cannot_be_controlled_by_adversary', + 'vulnerable_code_not_in_execute_path', + 'vulnerable_code_not_present', + ], + }, + product_ids: { + $ref: '#/$defs/products_t', + }, + }, + }, + }, + ids: { + title: 'List of IDs', + description: + 'Represents a list of unique labels or tracking IDs for the vulnerability (if such information exists).', + type: 'array', + minItems: 1, + uniqueItems: true, + items: { + title: 'ID', + description: + 'Contains a single unique label or tracking ID for the vulnerability.', + type: 'object', + required: ['system_name', 'text'], + properties: { + system_name: { + title: 'System name', + description: + 'Indicates the name of the vulnerability tracking or numbering system.', + type: 'string', + minLength: 1, + examples: ['Cisco Bug ID', 'GitHub Issue'], + }, + text: { + title: 'Text', + description: + 'Is unique label or tracking ID for the vulnerability (if such information exists).', + type: 'string', + minLength: 1, + examples: ['CSCso66472', 'oasis-tcs/csaf#210'], + }, + }, + }, + }, + involvements: { + title: 'List of involvements', + description: 'Contains a list of involvements.', + type: 'array', + minItems: 1, + uniqueItems: true, + items: { + title: 'Involvement', + description: + 'Is a container, that allows the document producers to comment on the level of involvement (or engagement) of themselves or third parties in the vulnerability identification, scoping, and remediation process.', + type: 'object', + required: ['party', 'status'], + properties: { + date: { + title: 'Date of involvement', + description: + 'Holds the date and time of the involvement entry.', + type: 'string', + format: 'date-time', + }, + party: { + title: 'Party category', + description: 'Defines the category of the involved party.', + type: 'string', + enum: [ + 'coordinator', + 'discoverer', + 'other', + 'user', + 'vendor', + ], + }, + status: { + title: 'Party status', + description: 'Defines contact status of the involved party.', + type: 'string', + enum: [ + 'completed', + 'contact_attempted', + 'disputed', + 'in_progress', + 'not_contacted', + 'open', + ], + }, + summary: { + title: 'Summary of the involvement', + description: + 'Contains additional context regarding what is going on.', + type: 'string', + minLength: 1, + }, + }, + }, + }, + metrics: { + title: 'List of metrics', + description: + 'Contains metric objects for the current vulnerability.', + type: 'array', + minItems: 1, + uniqueItems: true, + items: { + title: 'metric', + description: + 'Contains all metadata about the metric including products it applies to and the source and the content itself.', + type: 'object', + required: ['content', 'products'], + properties: { + content: { + title: 'Content', + description: + 'Specifies information about (at least one) metric or score for the given products regarding the current vulnerability.', + type: 'object', + minProperties: 1, + properties: { + cvss_v2: { + $ref: 'https://www.first.org/cvss/cvss-v2.0.json', + }, + cvss_v3: { + oneOf: [ + { + $ref: 'https://www.first.org/cvss/cvss-v3.0.json', + }, + { + $ref: 'https://www.first.org/cvss/cvss-v3.1.json', + }, + ], + }, + cvss_v4: { + $ref: 'https://www.first.org/cvss/cvss-v4.0.json', + }, + }, + }, + products: { + $ref: '#/$defs/products_t', + }, + source: { + title: 'Source', + description: + 'Contains the URL of the source that originally determined the metric.', + type: 'string', + format: 'uri', + }, + }, + }, + }, + notes: { + title: 'Vulnerability notes', + description: 'Holds notes associated with this vulnerability item.', + $ref: '#/$defs/notes_t', + }, + product_status: { + title: 'Product status', + description: + 'Contains different lists of product_ids which provide details on the status of the referenced product related to the current vulnerability. ', + type: 'object', + minProperties: 1, + properties: { + first_affected: { + title: 'First affected', + description: + 'These are the first versions of the releases known to be affected by the vulnerability.', + $ref: '#/$defs/products_t', + }, + first_fixed: { + title: 'First fixed', + description: + 'These versions contain the first fix for the vulnerability but may not be the recommended fixed versions.', + $ref: '#/$defs/products_t', + }, + fixed: { + title: 'Fixed', + description: + 'These versions contain a fix for the vulnerability but may not be the recommended fixed versions.', + $ref: '#/$defs/products_t', + }, + known_affected: { + title: 'Known affected', + description: + 'These versions are known to be affected by the vulnerability.', + $ref: '#/$defs/products_t', + }, + known_not_affected: { + title: 'Known not affected', + description: + 'These versions are known not to be affected by the vulnerability.', + $ref: '#/$defs/products_t', + }, + last_affected: { + title: 'Last affected', + description: + 'These are the last versions in a release train known to be affected by the vulnerability. Subsequently released versions would contain a fix for the vulnerability.', + $ref: '#/$defs/products_t', + }, + recommended: { + title: 'Recommended', + description: + 'These versions have a fix for the vulnerability and are the vendor-recommended versions for fixing the vulnerability.', + $ref: '#/$defs/products_t', + }, + under_investigation: { + title: 'Under investigation', + description: + 'It is not known yet whether these versions are or are not affected by the vulnerability. However, it is still under investigation - the result will be provided in a later release of the document.', + $ref: '#/$defs/products_t', + }, + }, + }, + references: { + title: 'Vulnerability references', + description: + 'Holds a list of references associated with this vulnerability item.', + $ref: '#/$defs/references_t', + }, + release_date: { + title: 'Release date', + description: + 'Holds the date and time the vulnerability was originally released into the wild.', + type: 'string', + format: 'date-time', + }, + remediations: { + title: 'List of remediations', + description: 'Contains a list of remediations.', + type: 'array', + minItems: 1, + items: { + title: 'Remediation', + description: + 'Specifies details on how to handle (and presumably, fix) a vulnerability.', + type: 'object', + required: ['category', 'details'], + properties: { + category: { + title: 'Category of the remediation', + description: + 'Specifies the category which this remediation belongs to.', + type: 'string', + enum: [ + 'fix_planned', + 'mitigation', + 'no_fix_planned', + 'none_available', + 'optional_patch', + 'vendor_fix', + 'workaround', + ], + }, + date: { + title: 'Date of the remediation', + description: + 'Contains the date from which the remediation is available.', + type: 'string', + format: 'date-time', + }, + details: { + title: 'Details of the remediation', + description: + 'Contains a thorough human-readable discussion of the remediation.', + type: 'string', + minLength: 1, + }, + entitlements: { + title: 'List of entitlements', + description: 'Contains a list of entitlements.', + type: 'array', + minItems: 1, + items: { + title: 'Entitlement of the remediation', + description: + 'Contains any possible vendor-defined constraints for obtaining fixed software or hardware that fully resolves the vulnerability.', + type: 'string', + minLength: 1, + }, + }, + group_ids: { + $ref: '#/$defs/product_groups_t', + }, + product_ids: { + $ref: '#/$defs/products_t', + }, + restart_required: { + title: 'Restart required by remediation', + description: + 'Provides information on category of restart is required by this remediation to become effective.', + type: 'object', + required: ['category'], + properties: { + category: { + title: 'Category of restart', + description: + 'Specifies what category of restart is required by this remediation to become effective.', + type: 'string', + enum: [ + 'connected', + 'dependencies', + 'machine', + 'none', + 'parent', + 'service', + 'system', + 'vulnerable_component', + 'zone', + ], + }, + details: { + title: 'Additional restart information', + description: + 'Provides additional information for the restart. This can include details on procedures, scope or impact.', + type: 'string', + minLength: 1, + }, + }, + }, + url: { + title: 'URL to the remediation', + description: + 'Contains the URL where to obtain the remediation.', + type: 'string', + format: 'uri', + }, + }, + }, + }, + threats: { + title: 'List of threats', + description: + 'Contains information about a vulnerability that can change with time.', + type: 'array', + minItems: 1, + items: { + title: 'Threat', + description: + 'Contains the vulnerability kinetic information. This information can change as the vulnerability ages and new information becomes available.', + type: 'object', + required: ['category', 'details'], + properties: { + category: { + title: 'Category of the threat', + description: + 'Categorizes the threat according to the rules of the specification.', + type: 'string', + enum: ['exploit_status', 'impact', 'target_set'], + }, + date: { + title: 'Date of the threat', + description: + 'Contains the date when the assessment was done or the threat appeared.', + type: 'string', + format: 'date-time', + }, + details: { + title: 'Details of the threat', + description: + 'Represents a thorough human-readable discussion of the threat.', + type: 'string', + minLength: 1, + }, + group_ids: { + $ref: '#/$defs/product_groups_t', + }, + product_ids: { + $ref: '#/$defs/products_t', + }, + }, + }, + }, + title: { + title: 'Title', + description: + 'Gives the document producer the ability to apply a canonical name or title to the vulnerability.', + type: 'string', + minLength: 1, + }, + }, + }, + }, + }, +} diff --git a/csaf_2_1/schemaTests/csaf_2_1_strict.js b/csaf_2_1/schemaTests/csaf_2_1_strict.js new file mode 100644 index 00000000..f8b12296 --- /dev/null +++ b/csaf_2_1/schemaTests/csaf_2_1_strict.js @@ -0,0 +1,26 @@ +import csafAjv from '../../lib/shared/csafAjv.js' +import schema from './csaf_2_1_strict/schema.js' + +const validate = csafAjv.compile(schema) + +/** + * @param {any} doc + */ +export default function csaf_2_1_strict(doc) { + let isValid = validate(doc) + /** + * + * @type {Array<{ + * message?: string + * instancePath: string + * }>} + */ + const errors = validate.errors ?? [] + return { + isValid, + errors: errors.map((e) => ({ + ...e, + message: e.message ?? 'unexpected empty error message', + })), + } +} diff --git a/csaf_2_1/schemaTests/csaf_2_1_strict/schema.js b/csaf_2_1/schemaTests/csaf_2_1_strict/schema.js new file mode 100644 index 00000000..b0b05b86 --- /dev/null +++ b/csaf_2_1/schemaTests/csaf_2_1_strict/schema.js @@ -0,0 +1,1519 @@ +export default { + $defs: { + acknowledgments_t: { + description: 'Contains a list of acknowledgment elements.', + items: { + additionalProperties: false, + description: + 'Acknowledges contributions by describing those that contributed.', + minProperties: 1, + properties: { + names: { + description: 'Contains the names of contributors being recognized.', + items: { + description: + 'Contains the name of a single contributor being recognized.', + examples: ['Albert Einstein', 'Johann Sebastian Bach'], + minLength: 1, + title: 'Name of the contributor', + type: 'string', + }, + minItems: 1, + title: 'List of acknowledged names', + type: 'array', + }, + organization: { + description: + 'Contains the name of a contributing organization being recognized.', + examples: ['CISA', 'Google Project Zero', 'Talos'], + minLength: 1, + title: 'Contributing organization', + type: 'string', + }, + summary: { + description: + 'SHOULD represent any contextual details the document producers wish to make known about the acknowledgment or acknowledged parties.', + examples: [ + 'First analysis of Coordinated Multi-Stream Attack (CMSA)', + ], + minLength: 1, + title: 'Summary of the acknowledgment', + type: 'string', + }, + urls: { + description: + 'Specifies a list of URLs or location of the reference to be acknowledged.', + items: { + description: + 'Contains the URL or location of the reference to be acknowledged.', + format: 'uri', + title: 'URL of acknowledgment', + type: 'string', + }, + minItems: 1, + title: 'List of URLs', + type: 'array', + }, + }, + title: 'Acknowledgment', + type: 'object', + }, + minItems: 1, + title: 'List of acknowledgments', + type: 'array', + }, + branches_t: { + description: + 'Contains branch elements as children of the current element.', + items: { + additionalProperties: false, + description: + 'Is a part of the hierarchical structure of the product tree.', + maxProperties: 3, + minProperties: 3, + properties: { + branches: { + $ref: '#/$defs/branches_t', + }, + category: { + description: 'Describes the characteristics of the labeled branch.', + enum: [ + 'architecture', + 'host_name', + 'language', + 'legacy', + 'patch_level', + 'platform', + 'product_family', + 'product_name', + 'product_version', + 'product_version_range', + 'service_pack', + 'specification', + 'vendor', + ], + title: 'Category of the branch', + type: 'string', + }, + name: { + description: + "Contains the canonical descriptor or 'friendly name' of the branch.", + examples: [ + '10', + '365', + 'Microsoft', + 'Office', + 'PCS 7', + 'SIMATIC', + 'Siemens', + 'Windows', + ], + minLength: 1, + title: 'Name of the branch', + type: 'string', + }, + product: { + $ref: '#/$defs/full_product_name_t', + }, + }, + required: ['category', 'name'], + title: 'Branch', + type: 'object', + }, + minItems: 1, + title: 'List of branches', + type: 'array', + }, + full_product_name_t: { + additionalProperties: false, + description: + 'Specifies information about the product and assigns the product_id.', + properties: { + name: { + description: + 'The value should be the product\u00e2\u20ac\u2122s full canonical name, including version number and other attributes, as it would be used in a human-friendly document.', + examples: [ + 'Cisco AnyConnect Secure Mobility Client 2.3.185', + 'Microsoft Host Integration Server 2006 Service Pack 1', + ], + minLength: 1, + title: 'Textual description of the product', + type: 'string', + }, + product_id: { + $ref: '#/$defs/product_id_t', + }, + product_identification_helper: { + additionalProperties: false, + description: + 'Provides at least one method which aids in identifying the product in an asset database.', + minProperties: 1, + properties: { + cpe: { + description: + 'The Common Platform Enumeration (CPE) attribute refers to a method for naming platforms external to this specification.', + minLength: 5, + pattern: + '^((cpe:2\\.3:[aho\\*\\-](:(((\\?*|\\*?)([a-zA-Z0-9\\-\\._]|(\\\\[\\\\\\*\\?!"#\\$%&\'\\(\\)\\+,\\/:;<=>@\\[\\]\\^`\\{\\|\\}~]))+(\\?*|\\*?))|[\\*\\-])){5}(:(([a-zA-Z]{2,3}(-([a-zA-Z]{2}|[0-9]{3}))?)|[\\*\\-]))(:(((\\?*|\\*?)([a-zA-Z0-9\\-\\._]|(\\\\[\\\\\\*\\?!"#\\$%&\'\\(\\)\\+,\\/:;<=>@\\[\\]\\^`\\{\\|\\}~]))+(\\?*|\\*?))|[\\*\\-])){4})|([c][pP][eE]:\\/[AHOaho]?(:[A-Za-z0-9\\._\\-~%]*){0,6}))$', + title: 'Common Platform Enumeration representation', + type: 'string', + }, + hashes: { + description: + 'Contains a list of cryptographic hashes usable to identify files.', + items: { + additionalProperties: false, + description: + 'Contains all information to identify a file based on its cryptographic hash values.', + properties: { + file_hashes: { + description: + 'Contains a list of cryptographic hashes for this file.', + items: { + additionalProperties: false, + description: + 'Contains one hash value and algorithm of the file to be identified.', + properties: { + algorithm: { + default: 'sha256', + description: + 'Contains the name of the cryptographic hash algorithm used to calculate the value.', + examples: [ + 'blake2b512', + 'sha256', + 'sha3-512', + 'sha384', + 'sha512', + ], + minLength: 1, + title: 'Algorithm of the cryptographic hash', + type: 'string', + }, + value: { + description: + 'Contains the cryptographic hash value in hexadecimal representation.', + examples: [ + '37df33cb7464da5c7f077f4d56a32bc84987ec1d85b234537c1c1a4d4fc8d09dc29e2e762cb5203677bf849a2855a0283710f1f5fe1d6ce8d5ac85c645d0fcb3', + '4775203615d9534a8bfca96a93dc8b461a489f69124a130d786b42204f3341cc', + '9ea4c8200113d49d26505da0e02e2f49055dc078d1ad7a419b32e291c7afebbb84badfbd46dec42883bea0b2a1fa697c', + ], + minLength: 32, + pattern: '^[0-9a-fA-F]{32,}$', + title: 'Value of the cryptographic hash', + type: 'string', + }, + }, + required: ['algorithm', 'value'], + title: 'File hash', + type: 'object', + }, + minItems: 1, + title: 'List of file hashes', + type: 'array', + }, + filename: { + description: + 'Contains the name of the file which is identified by the hash values.', + examples: ['WINWORD.EXE', 'msotadddin.dll', 'sudoers.so'], + minLength: 1, + title: 'Filename', + type: 'string', + }, + }, + required: ['file_hashes', 'filename'], + title: 'Cryptographic hashes', + type: 'object', + }, + minItems: 1, + title: 'List of hashes', + type: 'array', + }, + model_numbers: { + description: + 'Contains a list of full or abbreviated (partial) model numbers.', + items: { + description: + 'Contains a full or abbreviated (partial) model number of the component to identify.', + minLength: 1, + title: 'Model number', + type: 'string', + }, + minItems: 1, + title: 'List of models', + type: 'array', + uniqueItems: true, + }, + purl: { + description: + 'The package URL (purl) attribute refers to a method for reliably identifying and locating software packages external to this specification.', + format: 'uri', + minLength: 7, + pattern: '^pkg:[A-Za-z\\.\\-\\+][A-Za-z0-9\\.\\-\\+]*\\/.+', + title: 'package URL representation', + type: 'string', + }, + sbom_urls: { + description: + 'Contains a list of URLs where SBOMs for this product can be retrieved.', + items: { + description: 'Contains a URL of one SBOM for this product.', + format: 'uri', + title: 'SBOM URL', + type: 'string', + }, + minItems: 1, + title: 'List of SBOM URLs', + type: 'array', + }, + serial_numbers: { + description: + 'Contains a list of full or abbreviated (partial) serial numbers.', + items: { + description: + 'Contains a full or abbreviated (partial) serial number of the component to identify.', + minLength: 1, + title: 'Serial number', + type: 'string', + }, + minItems: 1, + title: 'List of serial numbers', + type: 'array', + uniqueItems: true, + }, + skus: { + description: + 'Contains a list of full or abbreviated (partial) stock keeping units.', + items: { + description: + 'Contains a full or abbreviated (partial) stock keeping unit (SKU) which is used in the ordering process to identify the component.', + minLength: 1, + title: 'Stock keeping unit', + type: 'string', + }, + minItems: 1, + title: 'List of stock keeping units', + type: 'array', + }, + x_generic_uris: { + description: + 'Contains a list of identifiers which are either vendor-specific or derived from a standard not yet supported.', + items: { + additionalProperties: false, + description: + 'Provides a generic extension point for any identifier which is either vendor-specific or derived from a standard not yet supported.', + properties: { + namespace: { + description: + 'Refers to a URL which provides the name and knowledge about the specification used or is the namespace in which these values are valid.', + format: 'uri', + title: 'Namespace of the generic URI', + type: 'string', + }, + uri: { + description: 'Contains the identifier itself.', + format: 'uri', + title: 'URI', + type: 'string', + }, + }, + required: ['namespace', 'uri'], + title: 'Generic URI', + type: 'object', + }, + minItems: 1, + title: 'List of generic URIs', + type: 'array', + }, + }, + title: 'Helper to identify the product', + type: 'object', + }, + }, + required: ['name', 'product_id'], + title: 'Full product name', + type: 'object', + }, + lang_t: { + description: + 'Identifies a language, corresponding to IETF BCP 47 / RFC 5646. See IETF language registry: https://www.iana.org/assignments/language-subtag-registry/language-subtag-registry', + examples: ['de', 'en', 'fr', 'frc', 'jp'], + pattern: + '^(([A-Za-z]{2,3}(-[A-Za-z]{3}(-[A-Za-z]{3}){0,2})?|[A-Za-z]{4,8})(-[A-Za-z]{4})?(-([A-Za-z]{2}|[0-9]{3}))?(-([A-Za-z0-9]{5,8}|[0-9][A-Za-z0-9]{3}))*(-[A-WY-Za-wy-z0-9](-[A-Za-z0-9]{2,8})+)*(-[Xx](-[A-Za-z0-9]{1,8})+)?|[Xx](-[A-Za-z0-9]{1,8})+|[Ii]-[Dd][Ee][Ff][Aa][Uu][Ll][Tt]|[Ii]-[Mm][Ii][Nn][Gg][Oo])$', + title: 'Language type', + type: 'string', + }, + notes_t: { + description: 'Contains notes which are specific to the current context.', + items: { + additionalProperties: false, + description: + 'Is a place to put all manner of text blobs related to the current context.', + properties: { + audience: { + description: 'Indicates who is intended to read it.', + examples: [ + 'all', + 'executives', + 'operational management and system administrators', + 'safety engineers', + ], + minLength: 1, + title: 'Audience of note', + type: 'string', + }, + category: { + description: + 'Contains the information of what kind of note this is.', + enum: [ + 'description', + 'details', + 'faq', + 'general', + 'legal_disclaimer', + 'other', + 'summary', + ], + title: 'Note category', + type: 'string', + }, + text: { + description: + 'Holds the content of the note. Content varies depending on type.', + minLength: 1, + title: 'Note content', + type: 'string', + }, + title: { + description: + 'Provides a concise description of what is contained in the text of the note.', + examples: [ + 'Details', + 'Executive summary', + 'Technical summary', + 'Impact on safety systems', + ], + minLength: 1, + title: 'Title of note', + type: 'string', + }, + }, + required: ['category', 'text'], + title: 'Note', + type: 'object', + }, + minItems: 1, + title: 'List of notes', + type: 'array', + }, + product_group_id_t: { + description: + 'Token required to identify a group of products so that it can be referred to from other parts in the document. There is no predefined or required format for the product_group_id as long as it uniquely identifies a group in the context of the current document.', + examples: ['CSAFGID-0001', 'CSAFGID-0002', 'CSAFGID-0020'], + minLength: 1, + title: 'Reference token for product group instance', + type: 'string', + }, + product_groups_t: { + description: + 'Specifies a list of product_group_ids to give context to the parent item.', + items: { + $ref: '#/$defs/product_group_id_t', + }, + minItems: 1, + title: 'List of product_group_ids', + type: 'array', + uniqueItems: true, + }, + product_id_t: { + description: + 'Token required to identify a full_product_name so that it can be referred to from other parts in the document. There is no predefined or required format for the product_id as long as it uniquely identifies a product in the context of the current document.', + examples: ['CSAFPID-0004', 'CSAFPID-0008'], + minLength: 1, + title: 'Reference token for product instance', + type: 'string', + }, + products_t: { + description: + 'Specifies a list of product_ids to give context to the parent item.', + items: { + $ref: '#/$defs/product_id_t', + }, + minItems: 1, + title: 'List of product_ids', + type: 'array', + uniqueItems: true, + }, + references_t: { + description: 'Holds a list of references.', + items: { + additionalProperties: false, + description: + 'Holds any reference to conferences, papers, advisories, and other resources that are related and considered related to either a surrounding part of or the entire document and to be of value to the document consumer.', + properties: { + category: { + default: 'external', + description: + 'Indicates whether the reference points to the same document or vulnerability in focus (depending on scope) or to an external resource.', + enum: ['external', 'self'], + title: 'Category of reference', + type: 'string', + }, + summary: { + description: 'Indicates what this reference refers to.', + minLength: 1, + title: 'Summary of the reference', + type: 'string', + }, + url: { + description: 'Provides the URL for the reference.', + format: 'uri', + title: 'URL of reference', + type: 'string', + }, + }, + required: ['summary', 'url'], + title: 'Reference', + type: 'object', + }, + minItems: 1, + title: 'List of references', + type: 'array', + }, + version_t: { + description: + 'Specifies a version string to denote clearly the evolution of the content of the document. Format must be either integer or semantic versioning.', + examples: ['1', '4', '0.9.0', '1.4.3', '2.40.0+21AF26D3'], + pattern: + '^(0|[1-9][0-9]*)$|^((0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?)$', + title: 'Version', + type: 'string', + }, + }, + $id: 'https://docs.oasis-open.org/csaf/csaf/v2.1/csaf_json_schema.json?strict', + $schema: 'https://json-schema.org/draft/2020-12/schema', + additionalProperties: false, + description: + 'Representation of security advisory information as a JSON document.', + properties: { + $schema: { + description: + 'Contains the URL of the CSAF JSON schema which the document promises to be valid for.', + enum: [ + 'https://docs.oasis-open.org/csaf/csaf/v2.1/csaf_json_schema.json', + ], + format: 'uri', + title: 'JSON schema', + type: 'string', + }, + document: { + additionalProperties: false, + description: + 'Captures the meta-data about this document describing a particular set of security advisories.', + properties: { + acknowledgments: { + $ref: '#/$defs/acknowledgments_t', + description: + 'Contains a list of acknowledgment elements associated with the whole document.', + title: 'Document acknowledgments', + }, + aggregate_severity: { + additionalProperties: false, + description: + "Is a vehicle that is provided by the document producer to convey the urgency and criticality with which the one or more vulnerabilities reported should be addressed. It is a document-level metric and applied to the document as a whole \u00e2\u20ac\u201d not any specific vulnerability. The range of values in this field is defined according to the document producer's policies and procedures.", + properties: { + namespace: { + description: 'Points to the namespace so referenced.', + format: 'uri', + title: 'Namespace of aggregate severity', + type: 'string', + }, + text: { + description: + 'Provides a severity which is independent of - and in addition to - any other standard metric for determining the impact or severity of a given vulnerability (such as CVSS).', + examples: ['Critical', 'Important', 'Moderate'], + minLength: 1, + title: 'Text of aggregate severity', + type: 'string', + }, + }, + required: ['text'], + title: 'Aggregate severity', + type: 'object', + }, + category: { + description: + 'Defines a short canonical name, chosen by the document producer, which will inform the end user as to the category of document.', + examples: [ + 'csaf_base', + 'csaf_security_advisory', + 'csaf_vex', + 'Example Company Security Notice', + ], + minLength: 1, + pattern: '^[^\\s\\-_\\.](.*[^\\s\\-_\\.])?$', + title: 'Document category', + type: 'string', + }, + csaf_version: { + description: + 'Gives the version of the CSAF specification which the document was generated for.', + enum: ['2.1'], + title: 'CSAF version', + type: 'string', + }, + distribution: { + additionalProperties: false, + description: + 'Describe any constraints on how this document might be shared.', + properties: { + sharing_group: { + additionalProperties: false, + description: + 'Contains information about the group this document is intended to be shared with.', + properties: { + id: { + description: 'Provides the unique ID for the sharing group.', + format: 'uuid', + pattern: + '^(([0-9a-f]{8}-[0-9a-f]{4}-4[0-9a-f]{3}-[0-9a-f]{4}-[0-9a-f]{12})|([0]{8}-([0]{4}-){3}[0]{12})|([f]{8}-([f]{4}-){3}[f]{12}))$', + title: 'Sharing Group ID', + type: 'string', + }, + name: { + description: + 'Contains a human-readable name for the sharing group.', + examples: [ + 'Customer A', + 'ISAC members', + 'NIS2 regulated important entities in Germany, sector water', + 'Pre-Sharing group for advisory discussion', + 'Users of Product A', + 'US Federal Civilian Authorities', + ], + minLength: 1, + title: 'Sharing Group Name', + type: 'string', + }, + }, + required: ['id'], + title: 'Sharing Group', + type: 'object', + }, + text: { + description: + 'Provides a textual description of additional constraints.', + examples: [ + 'Copyright 2021, Example Company, All Rights Reserved.', + 'Distribute freely.', + 'Share only on a need-to-know-basis only.', + ], + minLength: 1, + title: 'Textual description', + type: 'string', + }, + tlp: { + additionalProperties: false, + description: + 'Provides details about the TLP classification of the document.', + properties: { + label: { + default: 'CLEAR', + description: 'Provides the TLP label of the document.', + enum: ['AMBER', 'AMBER+STRICT', 'CLEAR', 'GREEN', 'RED'], + title: 'Label of TLP', + type: 'string', + }, + url: { + default: 'https://www.first.org/tlp/', + description: + 'Provides a URL where to find the textual description of the TLP version which is used in this document. Default is the URL to the definition by FIRST.', + examples: [ + 'https://www.us-cert.gov/tlp', + 'https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Kritis/Merkblatt_TLP.pdf', + ], + format: 'uri', + title: 'URL of TLP version', + type: 'string', + }, + }, + required: ['label'], + title: 'Traffic Light Protocol (TLP)', + type: 'object', + }, + }, + required: ['tlp'], + title: 'Rules for sharing document', + type: 'object', + }, + lang: { + $ref: '#/$defs/lang_t', + description: + 'Identifies the language used by this document, corresponding to IETF BCP 47 / RFC 5646.', + title: 'Document language', + }, + notes: { + $ref: '#/$defs/notes_t', + description: 'Holds notes associated with the whole document.', + title: 'Document notes', + }, + publisher: { + additionalProperties: false, + description: + 'Provides information about the publisher of the document.', + properties: { + category: { + description: + 'Provides information about the category of publisher releasing the document.', + enum: [ + 'coordinator', + 'discoverer', + 'multiplier', + 'other', + 'translator', + 'user', + 'vendor', + ], + title: 'Category of publisher', + type: 'string', + }, + contact_details: { + description: + 'Information on how to contact the publisher, possibly including details such as web sites, email addresses, phone numbers, and postal mail addresses.', + examples: [ + 'Example Company can be reached at contact_us@example.com, or via our website at https://www.example.com/contact.', + ], + minLength: 1, + title: 'Contact details', + type: 'string', + }, + issuing_authority: { + description: + "Provides information about the authority of the issuing party to release the document, in particular, the party's constituency and responsibilities or other obligations.", + minLength: 1, + title: 'Issuing authority', + type: 'string', + }, + name: { + description: 'Contains the name of the issuing party.', + examples: ['BSI', 'Cisco PSIRT', 'Siemens ProductCERT'], + minLength: 1, + title: 'Name of publisher', + type: 'string', + }, + namespace: { + description: + 'Contains a URL which is under control of the issuing party and can be used as a globally unique identifier for that issuing party.', + examples: ['https://csaf.io', 'https://www.example.com'], + format: 'uri', + title: 'Namespace of publisher', + type: 'string', + }, + }, + required: ['category', 'name', 'namespace'], + title: 'Publisher', + type: 'object', + }, + references: { + $ref: '#/$defs/references_t', + description: + 'Holds a list of references associated with the whole document.', + title: 'Document references', + }, + source_lang: { + $ref: '#/$defs/lang_t', + description: + 'If this copy of the document is a translation then the value of this property describes from which language this document was translated.', + title: 'Source language', + }, + title: { + description: + 'This SHOULD be a canonical name for the document, and sufficiently unique to distinguish it from similar documents.', + examples: [ + 'Cisco IPv6 Crafted Packet Denial of Service Vulnerability', + 'Example Company Cross-Site-Scripting Vulnerability in Example Generator', + ], + minLength: 1, + title: 'Title of this document', + type: 'string', + }, + tracking: { + additionalProperties: false, + description: + 'Is a container designated to hold all management attributes necessary to track a CSAF document as a whole.', + properties: { + aliases: { + description: + 'Contains a list of alternate names for the same document.', + items: { + description: + 'Specifies a non-empty string that represents a distinct optional alternative ID used to refer to the document.', + examples: ['CVE-2019-12345'], + minLength: 1, + title: 'Alternate name', + type: 'string', + }, + minItems: 1, + title: 'Aliases', + type: 'array', + uniqueItems: true, + }, + current_release_date: { + description: + 'The date when the current revision of this document was released', + format: 'date-time', + title: 'Current release date', + type: 'string', + }, + generator: { + additionalProperties: false, + description: + 'Is a container to hold all elements related to the generation of the document. These items will reference when the document was actually created, including the date it was generated and the entity that generated it.', + properties: { + date: { + description: + 'This SHOULD be the current date that the document was generated. Because documents are often generated internally by a document producer and exist for a nonzero amount of time before being released, this field MAY be different from the Initial Release Date and Current Release Date.', + format: 'date-time', + title: 'Date of document generation', + type: 'string', + }, + engine: { + additionalProperties: false, + description: + 'Contains information about the engine that generated the CSAF document.', + properties: { + name: { + description: + 'Represents the name of the engine that generated the CSAF document.', + examples: ['Red Hat rhsa-to-cvrf', 'Secvisogram', 'TVCE'], + minLength: 1, + title: 'Engine name', + type: 'string', + }, + version: { + description: + 'Contains the version of the engine that generated the CSAF document.', + examples: ['0.6.0', '1.0.0-beta+exp.sha.a1c44f85', '2'], + minLength: 1, + title: 'Engine version', + type: 'string', + }, + }, + required: ['name'], + title: 'Engine of document generation', + type: 'object', + }, + }, + required: ['engine'], + title: 'Document generator', + type: 'object', + }, + id: { + description: + 'The ID is a simple label that provides for a wide range of numbering values, types, and schemes. Its value SHOULD be assigned and maintained by the original document issuing authority.', + examples: [ + 'Example Company - 2019-YH3234', + 'RHBA-2019:0024', + 'cisco-sa-20190513-secureboot', + ], + minLength: 1, + pattern: '^[\\S](.*[\\S])?$', + title: 'Unique identifier for the document', + type: 'string', + }, + initial_release_date: { + description: 'The date when this document was first published.', + format: 'date-time', + title: 'Initial release date', + type: 'string', + }, + revision_history: { + description: + 'Holds one revision item for each version of the CSAF document, including the initial one.', + items: { + additionalProperties: false, + description: + 'Contains all the information elements required to track the evolution of a CSAF document.', + properties: { + date: { + description: 'The date of the revision entry', + format: 'date-time', + title: 'Date of the revision', + type: 'string', + }, + legacy_version: { + description: + 'Contains the version string used in an existing document with the same content.', + minLength: 1, + title: 'Legacy version of the revision', + type: 'string', + }, + number: { + $ref: '#/$defs/version_t', + }, + summary: { + description: + 'Holds a single non-empty string representing a short description of the changes.', + examples: ['Initial version.'], + minLength: 1, + title: 'Summary of the revision', + type: 'string', + }, + }, + required: ['date', 'number', 'summary'], + title: 'Revision', + type: 'object', + }, + minItems: 1, + title: 'Revision history', + type: 'array', + }, + status: { + description: 'Defines the draft status of the document.', + enum: ['draft', 'final', 'interim'], + title: 'Document status', + type: 'string', + }, + version: { + $ref: '#/$defs/version_t', + }, + }, + required: [ + 'current_release_date', + 'id', + 'initial_release_date', + 'revision_history', + 'status', + 'version', + ], + title: 'Tracking', + type: 'object', + }, + }, + required: [ + 'category', + 'csaf_version', + 'distribution', + 'publisher', + 'title', + 'tracking', + ], + title: 'Document level meta-data', + type: 'object', + }, + product_tree: { + additionalProperties: false, + description: + 'Is a container for all fully qualified product names that can be referenced elsewhere in the document.', + minProperties: 1, + properties: { + branches: { + $ref: '#/$defs/branches_t', + }, + full_product_names: { + description: 'Contains a list of full product names.', + items: { + $ref: '#/$defs/full_product_name_t', + }, + minItems: 1, + title: 'List of full product names', + type: 'array', + }, + product_groups: { + description: 'Contains a list of product groups.', + items: { + additionalProperties: false, + description: + 'Defines a new logical group of products that can then be referred to in other parts of the document to address a group of products with a single identifier.', + properties: { + group_id: { + $ref: '#/$defs/product_group_id_t', + }, + product_ids: { + description: + 'Lists the product_ids of those products which known as one group in the document.', + items: { + $ref: '#/$defs/product_id_t', + }, + minItems: 2, + title: 'List of Product IDs', + type: 'array', + uniqueItems: true, + }, + summary: { + description: + 'Gives a short, optional description of the group.', + examples: [ + 'Products supporting Modbus.', + 'The x64 versions of the operating system.', + ], + minLength: 1, + title: 'Summary of the product group', + type: 'string', + }, + }, + required: ['group_id', 'product_ids'], + title: 'Product group', + type: 'object', + }, + minItems: 1, + title: 'List of product groups', + type: 'array', + }, + relationships: { + description: 'Contains a list of relationships.', + items: { + additionalProperties: false, + description: + 'Establishes a link between two existing full_product_name_t elements, allowing the document producer to define a combination of two products that form a new full_product_name entry.', + properties: { + category: { + description: + 'Defines the category of relationship for the referenced component.', + enum: [ + 'default_component_of', + 'external_component_of', + 'installed_on', + 'installed_with', + 'optional_component_of', + ], + title: 'Relationship category', + type: 'string', + }, + full_product_name: { + $ref: '#/$defs/full_product_name_t', + }, + product_reference: { + $ref: '#/$defs/product_id_t', + description: + 'Holds a Product ID that refers to the Full Product Name element, which is referenced as the first element of the relationship.', + title: 'Product reference', + }, + relates_to_product_reference: { + $ref: '#/$defs/product_id_t', + description: + 'Holds a Product ID that refers to the Full Product Name element, which is referenced as the second element of the relationship.', + title: 'Relates to product reference', + }, + }, + required: [ + 'category', + 'full_product_name', + 'product_reference', + 'relates_to_product_reference', + ], + title: 'Relationship', + type: 'object', + }, + minItems: 1, + title: 'List of relationships', + type: 'array', + }, + }, + title: 'Product tree', + type: 'object', + }, + vulnerabilities: { + description: + 'Represents a list of all relevant vulnerability information items.', + items: { + additionalProperties: false, + description: + 'Is a container for the aggregation of all fields that are related to a single vulnerability in the document.', + minProperties: 1, + properties: { + acknowledgments: { + $ref: '#/$defs/acknowledgments_t', + description: + 'Contains a list of acknowledgment elements associated with this vulnerability item.', + title: 'Vulnerability acknowledgments', + }, + cve: { + description: + 'Holds the MITRE standard Common Vulnerabilities and Exposures (CVE) tracking number for the vulnerability.', + pattern: '^CVE-[0-9]{4}-[0-9]{4,}$', + title: 'CVE', + type: 'string', + }, + cwes: { + description: 'Contains a list of CWEs.', + items: { + additionalProperties: false, + description: + 'Holds the MITRE standard Common Weakness Enumeration (CWE) for the weakness associated.', + properties: { + id: { + description: 'Holds the ID for the weakness associated.', + examples: ['CWE-22', 'CWE-352', 'CWE-79'], + pattern: '^CWE-[1-9]\\d{0,5}$', + title: 'Weakness ID', + type: 'string', + }, + name: { + description: + 'Holds the full name of the weakness as given in the CWE specification.', + examples: [ + 'Cross-Site Request Forgery (CSRF)', + "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + ], + minLength: 1, + title: 'Weakness name', + type: 'string', + }, + version: { + description: + 'Holds the version string of the CWE specification this weakness was extracted from.', + examples: ['1.0', '3.4.1', '4.0', '4.11', '4.12'], + minLength: 1, + pattern: '^[1-9]\\d*\\.([0-9]|([1-9]\\d+))(\\.\\d+)?$', + title: 'CWE version', + type: 'string', + }, + }, + required: ['id', 'name', 'version'], + title: 'CWE', + type: 'object', + }, + minItems: 1, + title: 'List of CWEs', + type: 'array', + uniqueItems: true, + }, + discovery_date: { + description: + 'Holds the date and time the vulnerability was originally discovered.', + format: 'date-time', + title: 'Discovery date', + type: 'string', + }, + flags: { + description: 'Contains a list of machine readable flags.', + items: { + additionalProperties: false, + description: + 'Contains product specific information in regard to this vulnerability as a single machine readable flag.', + properties: { + date: { + description: + 'Contains the date when assessment was done or the flag was assigned.', + format: 'date-time', + title: 'Date of the flag', + type: 'string', + }, + group_ids: { + $ref: '#/$defs/product_groups_t', + }, + label: { + description: 'Specifies the machine readable label.', + enum: [ + 'component_not_present', + 'inline_mitigations_already_exist', + 'vulnerable_code_cannot_be_controlled_by_adversary', + 'vulnerable_code_not_in_execute_path', + 'vulnerable_code_not_present', + ], + title: 'Label of the flag', + type: 'string', + }, + product_ids: { + $ref: '#/$defs/products_t', + }, + }, + required: ['label'], + title: 'Flag', + type: 'object', + }, + minItems: 1, + title: 'List of flags', + type: 'array', + uniqueItems: true, + }, + ids: { + description: + 'Represents a list of unique labels or tracking IDs for the vulnerability (if such information exists).', + items: { + additionalProperties: false, + description: + 'Contains a single unique label or tracking ID for the vulnerability.', + properties: { + system_name: { + description: + 'Indicates the name of the vulnerability tracking or numbering system.', + examples: ['Cisco Bug ID', 'GitHub Issue'], + minLength: 1, + title: 'System name', + type: 'string', + }, + text: { + description: + 'Is unique label or tracking ID for the vulnerability (if such information exists).', + examples: ['CSCso66472', 'oasis-tcs/csaf#210'], + minLength: 1, + title: 'Text', + type: 'string', + }, + }, + required: ['system_name', 'text'], + title: 'ID', + type: 'object', + }, + minItems: 1, + title: 'List of IDs', + type: 'array', + uniqueItems: true, + }, + involvements: { + description: 'Contains a list of involvements.', + items: { + additionalProperties: false, + description: + 'Is a container, that allows the document producers to comment on the level of involvement (or engagement) of themselves or third parties in the vulnerability identification, scoping, and remediation process.', + properties: { + date: { + description: + 'Holds the date and time of the involvement entry.', + format: 'date-time', + title: 'Date of involvement', + type: 'string', + }, + party: { + description: 'Defines the category of the involved party.', + enum: [ + 'coordinator', + 'discoverer', + 'other', + 'user', + 'vendor', + ], + title: 'Party category', + type: 'string', + }, + status: { + description: 'Defines contact status of the involved party.', + enum: [ + 'completed', + 'contact_attempted', + 'disputed', + 'in_progress', + 'not_contacted', + 'open', + ], + title: 'Party status', + type: 'string', + }, + summary: { + description: + 'Contains additional context regarding what is going on.', + minLength: 1, + title: 'Summary of the involvement', + type: 'string', + }, + }, + required: ['party', 'status'], + title: 'Involvement', + type: 'object', + }, + minItems: 1, + title: 'List of involvements', + type: 'array', + uniqueItems: true, + }, + metrics: { + description: + 'Contains metric objects for the current vulnerability.', + items: { + additionalProperties: false, + description: + 'Contains all metadata about the metric including products it applies to and the source and the content itself.', + properties: { + content: { + additionalProperties: false, + description: + 'Specifies information about (at least one) metric or score for the given products regarding the current vulnerability.', + minProperties: 1, + properties: { + cvss_v2: { + $ref: 'https://www.first.org/cvss/cvss-v2.0.json', + }, + cvss_v3: { + oneOf: [ + { + $ref: 'https://www.first.org/cvss/cvss-v3.0.json', + }, + { + $ref: 'https://www.first.org/cvss/cvss-v3.1.json', + }, + ], + }, + cvss_v4: { + $ref: 'https://www.first.org/cvss/cvss-v4.0.json', + }, + }, + title: 'Content', + type: 'object', + }, + products: { + $ref: '#/$defs/products_t', + }, + source: { + description: + 'Contains the URL of the source that originally determined the metric.', + format: 'uri', + title: 'Source', + type: 'string', + }, + }, + required: ['content', 'products'], + title: 'metric', + type: 'object', + }, + minItems: 1, + title: 'List of metrics', + type: 'array', + uniqueItems: true, + }, + notes: { + $ref: '#/$defs/notes_t', + description: 'Holds notes associated with this vulnerability item.', + title: 'Vulnerability notes', + }, + product_status: { + additionalProperties: false, + description: + 'Contains different lists of product_ids which provide details on the status of the referenced product related to the current vulnerability. ', + minProperties: 1, + properties: { + first_affected: { + $ref: '#/$defs/products_t', + description: + 'These are the first versions of the releases known to be affected by the vulnerability.', + title: 'First affected', + }, + first_fixed: { + $ref: '#/$defs/products_t', + description: + 'These versions contain the first fix for the vulnerability but may not be the recommended fixed versions.', + title: 'First fixed', + }, + fixed: { + $ref: '#/$defs/products_t', + description: + 'These versions contain a fix for the vulnerability but may not be the recommended fixed versions.', + title: 'Fixed', + }, + known_affected: { + $ref: '#/$defs/products_t', + description: + 'These versions are known to be affected by the vulnerability.', + title: 'Known affected', + }, + known_not_affected: { + $ref: '#/$defs/products_t', + description: + 'These versions are known not to be affected by the vulnerability.', + title: 'Known not affected', + }, + last_affected: { + $ref: '#/$defs/products_t', + description: + 'These are the last versions in a release train known to be affected by the vulnerability. Subsequently released versions would contain a fix for the vulnerability.', + title: 'Last affected', + }, + recommended: { + $ref: '#/$defs/products_t', + description: + 'These versions have a fix for the vulnerability and are the vendor-recommended versions for fixing the vulnerability.', + title: 'Recommended', + }, + under_investigation: { + $ref: '#/$defs/products_t', + description: + 'It is not known yet whether these versions are or are not affected by the vulnerability. However, it is still under investigation - the result will be provided in a later release of the document.', + title: 'Under investigation', + }, + }, + title: 'Product status', + type: 'object', + }, + references: { + $ref: '#/$defs/references_t', + description: + 'Holds a list of references associated with this vulnerability item.', + title: 'Vulnerability references', + }, + release_date: { + description: + 'Holds the date and time the vulnerability was originally released into the wild.', + format: 'date-time', + title: 'Release date', + type: 'string', + }, + remediations: { + description: 'Contains a list of remediations.', + items: { + additionalProperties: false, + description: + 'Specifies details on how to handle (and presumably, fix) a vulnerability.', + properties: { + category: { + description: + 'Specifies the category which this remediation belongs to.', + enum: [ + 'fix_planned', + 'mitigation', + 'no_fix_planned', + 'none_available', + 'optional_patch', + 'vendor_fix', + 'workaround', + ], + title: 'Category of the remediation', + type: 'string', + }, + date: { + description: + 'Contains the date from which the remediation is available.', + format: 'date-time', + title: 'Date of the remediation', + type: 'string', + }, + details: { + description: + 'Contains a thorough human-readable discussion of the remediation.', + minLength: 1, + title: 'Details of the remediation', + type: 'string', + }, + entitlements: { + description: 'Contains a list of entitlements.', + items: { + description: + 'Contains any possible vendor-defined constraints for obtaining fixed software or hardware that fully resolves the vulnerability.', + minLength: 1, + title: 'Entitlement of the remediation', + type: 'string', + }, + minItems: 1, + title: 'List of entitlements', + type: 'array', + }, + group_ids: { + $ref: '#/$defs/product_groups_t', + }, + product_ids: { + $ref: '#/$defs/products_t', + }, + restart_required: { + additionalProperties: false, + description: + 'Provides information on category of restart is required by this remediation to become effective.', + properties: { + category: { + description: + 'Specifies what category of restart is required by this remediation to become effective.', + enum: [ + 'connected', + 'dependencies', + 'machine', + 'none', + 'parent', + 'service', + 'system', + 'vulnerable_component', + 'zone', + ], + title: 'Category of restart', + type: 'string', + }, + details: { + description: + 'Provides additional information for the restart. This can include details on procedures, scope or impact.', + minLength: 1, + title: 'Additional restart information', + type: 'string', + }, + }, + required: ['category'], + title: 'Restart required by remediation', + type: 'object', + }, + url: { + description: + 'Contains the URL where to obtain the remediation.', + format: 'uri', + title: 'URL to the remediation', + type: 'string', + }, + }, + required: ['category', 'details'], + title: 'Remediation', + type: 'object', + }, + minItems: 1, + title: 'List of remediations', + type: 'array', + }, + threats: { + description: + 'Contains information about a vulnerability that can change with time.', + items: { + additionalProperties: false, + description: + 'Contains the vulnerability kinetic information. This information can change as the vulnerability ages and new information becomes available.', + properties: { + category: { + description: + 'Categorizes the threat according to the rules of the specification.', + enum: ['exploit_status', 'impact', 'target_set'], + title: 'Category of the threat', + type: 'string', + }, + date: { + description: + 'Contains the date when the assessment was done or the threat appeared.', + format: 'date-time', + title: 'Date of the threat', + type: 'string', + }, + details: { + description: + 'Represents a thorough human-readable discussion of the threat.', + minLength: 1, + title: 'Details of the threat', + type: 'string', + }, + group_ids: { + $ref: '#/$defs/product_groups_t', + }, + product_ids: { + $ref: '#/$defs/products_t', + }, + }, + required: ['category', 'details'], + title: 'Threat', + type: 'object', + }, + minItems: 1, + title: 'List of threats', + type: 'array', + }, + title: { + description: + 'Gives the document producer the ability to apply a canonical name or title to the vulnerability.', + minLength: 1, + title: 'Title', + type: 'string', + }, + }, + title: 'Vulnerability', + type: 'object', + }, + minItems: 1, + title: 'Vulnerabilities', + type: 'array', + }, + }, + required: ['$schema', 'document'], + title: 'Common Security Advisory Framework', + type: 'object', +} diff --git a/lib/cwec.js b/lib/cwec.js new file mode 100644 index 00000000..01478bbd --- /dev/null +++ b/lib/cwec.js @@ -0,0 +1,55 @@ +export const cwecMap = new Map([ + ['4.17', () => import('./cwec/4.17.js')], + ['4.16', () => import('./cwec/4.16.js')], + ['4.15', () => import('./cwec/4.15.js')], + ['4.14', () => import('./cwec/4.14.js')], + ['4.13', () => import('./cwec/4.13.js')], + ['4.12', () => import('./cwec/4.12.js')], + ['4.11', () => import('./cwec/4.11.js')], + ['4.10', () => import('./cwec/4.10.js')], + ['4.9', () => import('./cwec/4.9.js')], + ['4.8', () => import('./cwec/4.8.js')], + ['4.7', () => import('./cwec/4.7.js')], + ['4.6', () => import('./cwec/4.6.js')], + ['4.5', () => import('./cwec/4.5.js')], + ['4.4', () => import('./cwec/4.4.js')], + ['4.3', () => import('./cwec/4.3.js')], + ['4.2', () => import('./cwec/4.2.js')], + ['4.1', () => import('./cwec/4.1.js')], + ['4.0', () => import('./cwec/4.0.js')], + ['3.4.1', () => import('./cwec/3.4.1.js')], + ['3.4', () => import('./cwec/3.4.js')], + ['3.3', () => import('./cwec/3.3.js')], + ['3.2', () => import('./cwec/3.2.js')], + ['3.1', () => import('./cwec/3.1.js')], + ['3.0', () => import('./cwec/3.0.js')], + ['2.12', () => import('./cwec/2.12.js')], + ['2.11', () => import('./cwec/2.11.js')], + ['2.10', () => import('./cwec/2.10.js')], + ['2.9', () => import('./cwec/2.9.js')], + ['2.8', () => import('./cwec/2.8.js')], + ['2.7', () => import('./cwec/2.7.js')], + ['2.6', () => import('./cwec/2.6.js')], + ['2.5', () => import('./cwec/2.5.js')], + ['2.4', () => import('./cwec/2.4.js')], + ['2.3', () => import('./cwec/2.3.js')], + ['2.2', () => import('./cwec/2.2.js')], + ['2.1', () => import('./cwec/2.1.js')], + ['2.0', () => import('./cwec/2.0.js')], + ['1.13', () => import('./cwec/1.13.js')], + ['1.12', () => import('./cwec/1.12.js')], + ['1.11', () => import('./cwec/1.11.js')], + ['1.10', () => import('./cwec/1.10.js')], + ['1.9', () => import('./cwec/1.9.js')], + ['1.8.1', () => import('./cwec/1.8.1.js')], + ['1.8', () => import('./cwec/1.8.js')], + ['1.7', () => import('./cwec/1.7.js')], + ['1.6', () => import('./cwec/1.6.js')], + ['1.5', () => import('./cwec/1.5.js')], + ['1.4', () => import('./cwec/1.4.js')], + ['1.3', () => import('./cwec/1.3.js')], + ['1.2', () => import('./cwec/1.2.js')], + ['1.1', () => import('./cwec/1.1.js')], + ['1.0.1', () => import('./cwec/1.0.1.js')], + ['1.0', () => import('./cwec/1.0.js')], +]) diff --git a/lib/cwec/1.0.1.js b/lib/cwec/1.0.1.js new file mode 100644 index 00000000..1470946d --- /dev/null +++ b/lib/cwec/1.0.1.js @@ -0,0 +1,2440 @@ +export default { + weaknesses: [ + { + id: 'CWE-100', + name: 'Technology-Specific Input Validation Problems', + status: 'Incomplete', + }, + { + id: 'CWE-102', + name: 'Struts: Duplicate Validation Forms', + status: 'Incomplete', + }, + { + id: 'CWE-103', + name: 'Struts: Incomplete validate() Method Definition', + status: 'Draft', + }, + { + id: 'CWE-104', + name: 'Struts: Form Bean Does Not Extend Validation Class', + status: 'Draft', + }, + { + id: 'CWE-105', + name: 'Struts: Form Field Without Validator', + status: 'Draft', + }, + { + id: 'CWE-106', + name: 'Struts: Plug-in Framework not in Use', + status: 'Draft', + }, + { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, + { + id: 'CWE-108', + name: 'Struts: Unvalidated Action Form', + status: 'Incomplete', + }, + { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, + { + id: 'CWE-11', + name: 'ASP.NET Misconfiguration: Creating Debug Binary', + status: 'Draft', + }, + { + id: 'CWE-110', + name: 'Struts: Validator Without Form Field', + status: 'Draft', + }, + { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, + { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, + { + id: 'CWE-113', + name: "Failure to Sanitize CRLF Sequences in HTTP Headers (aka 'HTTP Response Splitting')", + status: 'Incomplete', + }, + { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, + { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, + { + id: 'CWE-116', + name: 'Insufficient Output Sanitization', + status: 'Draft', + }, + { + id: 'CWE-117', + name: 'Incorrect Output Sanitization for Logs', + status: 'Draft', + }, + { + id: 'CWE-118', + name: "Improper Access of Indexable Resource (aka 'Range Error')", + status: 'Incomplete', + }, + { + id: 'CWE-119', + name: 'Failure to Constrain Operations within the Bounds of an Allocated Memory Buffer', + status: 'Draft', + }, + { + id: 'CWE-12', + name: 'ASP.NET Misconfiguration: Missing Custom Error Handling', + status: 'Draft', + }, + { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, + { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, + { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, + { + id: 'CWE-124', + name: "Boundary Beginning Violation ('Buffer Underwrite')", + status: 'Incomplete', + }, + { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, + { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, + { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, + { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, + { id: 'CWE-129', name: 'Unchecked Array Indexing', status: 'Draft' }, + { + id: 'CWE-13', + name: 'ASP.NET Misconfiguration: Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-130', + name: 'Failure to Handle Length Parameter Inconsistency', + status: 'Incomplete', + }, + { + id: 'CWE-131', + name: 'Incorrect Calculation of Buffer Size', + status: 'Draft', + }, + { + id: 'CWE-132', + name: 'DEPRECATED (Duplicate): Miscalculated Null Termination', + status: 'Deprecated', + }, + { id: 'CWE-134', name: 'Uncontrolled Format String', status: 'Draft' }, + { + id: 'CWE-135', + name: 'Incorrect Calculation of Multi-Byte String Length', + status: 'Draft', + }, + { + id: 'CWE-138', + name: 'Failure to Sanitize Special Elements', + status: 'Draft', + }, + { + id: 'CWE-14', + name: 'Compiler Removal of Code to Clear Buffers', + status: 'Draft', + }, + { id: 'CWE-140', name: 'Failure to Sanitize Delimiters', status: 'Draft' }, + { + id: 'CWE-141', + name: 'Failure to Sanitize Parameter/Argument Delimiters', + status: 'Draft', + }, + { + id: 'CWE-142', + name: 'Failure to Sanitize Value Delimiters', + status: 'Draft', + }, + { + id: 'CWE-143', + name: 'Failure to Sanitize Record Delimiters', + status: 'Draft', + }, + { + id: 'CWE-144', + name: 'Failure to Sanitize Line Delimiters', + status: 'Draft', + }, + { + id: 'CWE-145', + name: 'Failure to Sanitize Section Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-146', + name: 'Failure to Sanitize Expression/Command Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-147', + name: 'Failure to Sanitize Input Terminators', + status: 'Draft', + }, + { + id: 'CWE-148', + name: 'Failure to Sanitize Input Leaders', + status: 'Draft', + }, + { + id: 'CWE-149', + name: 'Failure to Sanitize Quoting Syntax', + status: 'Draft', + }, + { + id: 'CWE-15', + name: 'External Control of System or Configuration Setting', + status: 'Incomplete', + }, + { + id: 'CWE-150', + name: 'Failure to Sanitize Escape, Meta, or Control Sequences', + status: 'Incomplete', + }, + { + id: 'CWE-151', + name: 'Failure to Sanitize Comment Element', + status: 'Draft', + }, + { + id: 'CWE-152', + name: 'Failure to Sanitize Macro Symbol', + status: 'Draft', + }, + { + id: 'CWE-153', + name: 'Failure to Sanitize Substitution Character', + status: 'Draft', + }, + { + id: 'CWE-154', + name: 'Failure to Sanitize Variable Name Delimiter', + status: 'Incomplete', + }, + { + id: 'CWE-155', + name: 'Failure to Sanitize Wildcard or Matching Symbol', + status: 'Draft', + }, + { id: 'CWE-156', name: 'Failure to Sanitize Whitespace', status: 'Draft' }, + { + id: 'CWE-157', + name: 'Failure to Sanitize Paired Delimiters', + status: 'Draft', + }, + { + id: 'CWE-158', + name: 'Failure to Sanitize Null Byte or NUL Character', + status: 'Incomplete', + }, + { + id: 'CWE-159', + name: 'Failure to Sanitize Special Element', + status: 'Draft', + }, + { + id: 'CWE-160', + name: 'Failure to Sanitize Leading Special Element', + status: 'Incomplete', + }, + { + id: 'CWE-161', + name: 'Failure to Sanitize Multiple Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-162', + name: 'Failure to Sanitize Trailing Special Element', + status: 'Incomplete', + }, + { + id: 'CWE-163', + name: 'Failure to Sanitize Multiple Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-164', + name: 'Failure to Sanitize Internal Special Element', + status: 'Incomplete', + }, + { + id: 'CWE-165', + name: 'Failure to Sanitize Multiple Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-166', + name: 'Failure to Handle Missing Special Element', + status: 'Draft', + }, + { + id: 'CWE-167', + name: 'Failure to Handle Additional Special Element', + status: 'Draft', + }, + { + id: 'CWE-168', + name: 'Failure to Resolve Inconsistent Special Elements', + status: 'Draft', + }, + { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, + { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, + { + id: 'CWE-173', + name: 'Failure to Handle Alternate Encoding', + status: 'Draft', + }, + { + id: 'CWE-174', + name: 'Double Decoding of the Same Data', + status: 'Draft', + }, + { + id: 'CWE-175', + name: 'Failure to Handle Mixed Encoding', + status: 'Draft', + }, + { + id: 'CWE-176', + name: 'Failure to Handle Unicode Encoding', + status: 'Draft', + }, + { + id: 'CWE-177', + name: 'Failure to Handle URL Encoding (Hex Encoding)', + status: 'Draft', + }, + { + id: 'CWE-178', + name: 'Failure to Resolve Case Sensitivity', + status: 'Incomplete', + }, + { + id: 'CWE-179', + name: 'Incorrect Behavior Order: Early Validation', + status: 'Incomplete', + }, + { + id: 'CWE-180', + name: 'Incorrect Behavior Order: Validate Before Canonicalize', + status: 'Draft', + }, + { + id: 'CWE-181', + name: 'Incorrect Behavior Order: Validate Before Filter', + status: 'Draft', + }, + { + id: 'CWE-182', + name: 'Collapse of Data Into Unsafe Value', + status: 'Draft', + }, + { id: 'CWE-183', name: 'Permissive Whitelist', status: 'Draft' }, + { id: 'CWE-184', name: 'Incomplete Blacklist', status: 'Draft' }, + { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, + { + id: 'CWE-186', + name: 'Overly Restrictive Regular Expression', + status: 'Draft', + }, + { id: 'CWE-187', name: 'Partial Comparison', status: 'Incomplete' }, + { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, + { + id: 'CWE-190', + name: 'Integer Overflow (Wrap or Wraparound)', + status: 'Incomplete', + }, + { + id: 'CWE-191', + name: 'Integer Underflow (Wrap or Wraparound)', + status: 'Draft', + }, + { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, + { id: 'CWE-194', name: 'Incorrect Sign Extension', status: 'Incomplete' }, + { + id: 'CWE-195', + name: 'Signed to Unsigned Conversion Error', + status: 'Draft', + }, + { + id: 'CWE-196', + name: 'Unsigned to Signed Conversion Error', + status: 'Draft', + }, + { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, + { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, + { id: 'CWE-20', name: 'Insufficient Input Validation', status: 'Draft' }, + { + id: 'CWE-200', + name: 'Information Leak (Information Disclosure)', + status: 'Incomplete', + }, + { + id: 'CWE-201', + name: 'Information Leak Through Sent Data', + status: 'Draft', + }, + { + id: 'CWE-202', + name: 'Privacy Leak through Data Queries', + status: 'Draft', + }, + { + id: 'CWE-203', + name: 'Discrepancy Information Leaks', + status: 'Incomplete', + }, + { + id: 'CWE-204', + name: 'Response Discrepancy Information Leak', + status: 'Incomplete', + }, + { + id: 'CWE-205', + name: 'Behavioral Discrepancy Information Leak', + status: 'Incomplete', + }, + { + id: 'CWE-206', + name: 'Internal Behavioral Inconsistency Information Leak', + status: 'Incomplete', + }, + { + id: 'CWE-207', + name: 'External Behavioral Inconsistency Information Leak', + status: 'Draft', + }, + { + id: 'CWE-208', + name: 'Timing Discrepancy Information Leak', + status: 'Incomplete', + }, + { id: 'CWE-209', name: 'Error Message Information Leaks', status: 'Draft' }, + { + id: 'CWE-210', + name: 'Product-Generated Error Message Information Leak', + status: 'Draft', + }, + { + id: 'CWE-211', + name: 'Product-External Error Message Information Leak', + status: 'Incomplete', + }, + { + id: 'CWE-212', + name: 'Cross-boundary Cleansing Information Leak', + status: 'Incomplete', + }, + { id: 'CWE-213', name: 'Intended Information Leak', status: 'Draft' }, + { + id: 'CWE-214', + name: 'Process Environment Information Leak', + status: 'Incomplete', + }, + { + id: 'CWE-215', + name: 'Information Leak Through Debug Information', + status: 'Draft', + }, + { + id: 'CWE-216', + name: 'Containment Errors (Container Errors)', + status: 'Incomplete', + }, + { + id: 'CWE-217', + name: 'Failure to Protect Stored Data from Modification', + status: 'Incomplete', + }, + { + id: 'CWE-218', + name: 'DEPRECATED (Duplicate): Failure to provide confidentiality for stored data', + status: 'Deprecated', + }, + { id: 'CWE-219', name: 'Sensitive Data Under Web Root', status: 'Draft' }, + { id: 'CWE-22', name: 'Path Traversal', status: 'Draft' }, + { id: 'CWE-220', name: 'Sensitive Data Under FTP Root', status: 'Draft' }, + { + id: 'CWE-221', + name: 'Information Loss or Omission', + status: 'Incomplete', + }, + { + id: 'CWE-222', + name: 'Truncation of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-223', + name: 'Omission of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-224', + name: 'Obscured Security-relevant Information by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-225', + name: 'DEPRECATED (Duplicate): General Information Management Problems', + status: 'Deprecated', + }, + { + id: 'CWE-226', + name: 'Sensitive Information Uncleared Before Release', + status: 'Draft', + }, + { + id: 'CWE-227', + name: "Failure to Fulfill API Contract (aka 'API Abuse')", + status: 'Draft', + }, + { + id: 'CWE-228', + name: 'Failure to Handle Syntactically Invalid Structure', + status: 'Incomplete', + }, + { + id: 'CWE-229', + name: 'Improper Handling of Values', + status: 'Incomplete', + }, + { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, + { id: 'CWE-230', name: 'Failure to Handle Missing Value', status: 'Draft' }, + { id: 'CWE-231', name: 'Failure to Handle Extra Value', status: 'Draft' }, + { + id: 'CWE-232', + name: 'Failure to Handle Undefined Value', + status: 'Draft', + }, + { id: 'CWE-233', name: 'Parameter Problems', status: 'Incomplete' }, + { + id: 'CWE-234', + name: 'Failure to Handle Missing Parameter', + status: 'Incomplete', + }, + { + id: 'CWE-235', + name: 'Failure to Handle Extra Parameter', + status: 'Draft', + }, + { + id: 'CWE-236', + name: 'Failure to Handle Undefined Parameter', + status: 'Draft', + }, + { id: 'CWE-237', name: 'Element Problems', status: 'Incomplete' }, + { + id: 'CWE-238', + name: 'Failure to Handle Missing Element', + status: 'Draft', + }, + { + id: 'CWE-239', + name: 'Failure to Handle Incomplete Element', + status: 'Draft', + }, + { + id: 'CWE-24', + name: "Path Traversal: '../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-240', + name: 'Failure to Resolve Inconsistent Elements', + status: 'Draft', + }, + { + id: 'CWE-241', + name: 'Failure to Handle Wrong Data Type', + status: 'Draft', + }, + { + id: 'CWE-242', + name: 'Use of Inherently Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-243', + name: 'Failure to Change Working Directory in chroot Jail', + status: 'Draft', + }, + { + id: 'CWE-244', + name: "Failure to Clear Heap Memory Before Release (aka 'Heap Inspection')", + status: 'Draft', + }, + { + id: 'CWE-245', + name: 'J2EE Bad Practices: Direct Management of Connections', + status: 'Draft', + }, + { + id: 'CWE-246', + name: 'J2EE Bad Practices: Direct Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-247', + name: 'Reliance on DNS Lookups in a Security Decision', + status: 'Incomplete', + }, + { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, + { + id: 'CWE-249', + name: 'Often Misused: Path Manipulation', + status: 'Incomplete', + }, + { + id: 'CWE-25', + name: "Path Traversal: '/../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-250', + name: 'Design Principle Violation: Failure to Use Least Privilege', + status: 'Draft', + }, + { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, + { + id: 'CWE-253', + name: 'Misinterpreted Function Return Value', + status: 'Incomplete', + }, + { + id: 'CWE-256', + name: 'Plaintext Storage of a Password', + status: 'Incomplete', + }, + { + id: 'CWE-257', + name: 'Storing Passwords in a Recoverable Format', + status: 'Incomplete', + }, + { + id: 'CWE-258', + name: 'Empty Password in Configuration File', + status: 'Incomplete', + }, + { id: 'CWE-259', name: 'Hard-Coded Password', status: 'Incomplete' }, + { + id: 'CWE-26', + name: "Path Traversal: '/dir/../filename'", + status: 'Draft', + }, + { + id: 'CWE-260', + name: 'Password in Configuration File', + status: 'Incomplete', + }, + { + id: 'CWE-261', + name: 'Weak Cryptography for Passwords', + status: 'Incomplete', + }, + { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, + { + id: 'CWE-263', + name: 'Password Aging with Long Expiration', + status: 'Draft', + }, + { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, + { + id: 'CWE-267', + name: 'Privilege Defined With Unsafe Actions', + status: 'Incomplete', + }, + { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, + { + id: 'CWE-269', + name: 'Insecure Privilege Management', + status: 'Incomplete', + }, + { + id: 'CWE-27', + name: "Path Traversal: 'dir/../../filename'", + status: 'Draft', + }, + { + id: 'CWE-270', + name: 'Privilege Context Switching Error', + status: 'Draft', + }, + { + id: 'CWE-271', + name: 'Privilege Dropping / Lowering Errors', + status: 'Incomplete', + }, + { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, + { + id: 'CWE-273', + name: 'Failure to Check Whether Privileges Were Dropped Successfully', + status: 'Incomplete', + }, + { + id: 'CWE-274', + name: 'Failure to Handle Insufficient Privileges', + status: 'Draft', + }, + { id: 'CWE-276', name: 'Insecure Default Permissions', status: 'Draft' }, + { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, + { + id: 'CWE-278', + name: 'Insecure Preserved Inherited Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-279', + name: 'Insecure Execution-assigned Permissions', + status: 'Draft', + }, + { + id: 'CWE-28', + name: "Path Traversal: '..\\filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-280', + name: 'Failure to Handle Insufficient Permissions or Privileges', + status: 'Draft', + }, + { id: 'CWE-281', name: 'Permission Preservation Failure', status: 'Draft' }, + { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, + { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, + { + id: 'CWE-284', + name: 'Access Control (Authorization) Issues', + status: 'Incomplete', + }, + { + id: 'CWE-285', + name: 'Missing or Inconsistent Access Control', + status: 'Draft', + }, + { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, + { id: 'CWE-287', name: 'Insufficient Authentication', status: 'Draft' }, + { + id: 'CWE-288', + name: 'Authentication Bypass Using an Alternate Path or Channel', + status: 'Incomplete', + }, + { + id: 'CWE-289', + name: 'Authentication Bypass by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-29', + name: "Path Traversal: '\\..\\filename'", + status: 'Incomplete', + }, + { + id: 'CWE-290', + name: 'Authentication Bypass by Spoofing', + status: 'Incomplete', + }, + { + id: 'CWE-292', + name: 'Trusting Self-reported DNS Name', + status: 'Incomplete', + }, + { + id: 'CWE-293', + name: 'Using Referer Field for Authentication', + status: 'Draft', + }, + { + id: 'CWE-294', + name: 'Authentication Bypass by Capture-replay', + status: 'Incomplete', + }, + { + id: 'CWE-296', + name: 'Failure to Follow Chain of Trust in Certificate Validation', + status: 'Draft', + }, + { + id: 'CWE-297', + name: 'Failure to Validate Host-specific Certificate Data', + status: 'Incomplete', + }, + { + id: 'CWE-298', + name: 'Failure to Validate Certificate Expiration', + status: 'Draft', + }, + { + id: 'CWE-299', + name: 'Failure to Check for Certificate Revocation', + status: 'Draft', + }, + { + id: 'CWE-30', + name: "Path Traversal: '\\dir\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-300', + name: "Channel Accessible by Non-Endpoint (aka 'Man-in-the-Middle')", + status: 'Draft', + }, + { + id: 'CWE-301', + name: 'Reflection Attack in an Authentication Protocol', + status: 'Draft', + }, + { + id: 'CWE-302', + name: 'Authentication Bypass by Assumed-Immutable Data', + status: 'Incomplete', + }, + { + id: 'CWE-303', + name: 'Improper Implementation of Authentication Algorithm', + status: 'Draft', + }, + { + id: 'CWE-304', + name: 'Missing Critical Step in Authentication', + status: 'Draft', + }, + { + id: 'CWE-305', + name: 'Authentication Bypass by Primary Weakness', + status: 'Draft', + }, + { + id: 'CWE-306', + name: 'No Authentication for Critical Function', + status: 'Draft', + }, + { + id: 'CWE-307', + name: 'Failure to Restrict Excessive Authentication Attempts', + status: 'Draft', + }, + { + id: 'CWE-308', + name: 'Use of Single-factor Authentication', + status: 'Draft', + }, + { + id: 'CWE-309', + name: 'Use of Password System for Primary Authentication', + status: 'Draft', + }, + { + id: 'CWE-31', + name: "Path Traversal: 'dir\\..\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-311', + name: 'Failure to Encrypt Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-312', + name: 'Plaintext Storage of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-313', + name: 'Plaintext Storage in a File or on Disk', + status: 'Draft', + }, + { + id: 'CWE-314', + name: 'Plaintext Storage in the Registry', + status: 'Draft', + }, + { id: 'CWE-315', name: 'Plaintext Storage in a Cookie', status: 'Draft' }, + { id: 'CWE-316', name: 'Plaintext Storage in Memory', status: 'Draft' }, + { id: 'CWE-317', name: 'Plaintext Storage in GUI', status: 'Draft' }, + { id: 'CWE-318', name: 'Plaintext Storage in Executable', status: 'Draft' }, + { + id: 'CWE-319', + name: 'Plaintext Transmission of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-32', + name: "Path Traversal: '...' (Triple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-321', + name: 'Use of Hard-coded Cryptographic Key', + status: 'Draft', + }, + { + id: 'CWE-322', + name: 'Key Exchange without Entity Authentication', + status: 'Draft', + }, + { + id: 'CWE-323', + name: 'Reusing a Nonce, Key Pair in Encryption', + status: 'Incomplete', + }, + { + id: 'CWE-324', + name: 'Use of a Key Past its Expiration Date', + status: 'Draft', + }, + { + id: 'CWE-325', + name: 'Missing Required Cryptographic Step', + status: 'Incomplete', + }, + { id: 'CWE-326', name: 'Weak Encryption', status: 'Draft' }, + { + id: 'CWE-327', + name: 'Use of a Broken or Risky Cryptographic Algorithm', + status: 'Incomplete', + }, + { id: 'CWE-328', name: 'Reversible One-Way Hash', status: 'Draft' }, + { + id: 'CWE-329', + name: 'Not Using a Random IV with CBC Mode', + status: 'Draft', + }, + { + id: 'CWE-33', + name: "Path Traversal: '....' (Multiple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-330', + name: 'Use of Insufficiently Random Values', + status: 'Draft', + }, + { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, + { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, + { + id: 'CWE-333', + name: 'Failure to Handle Insufficient Entropy in TRNG', + status: 'Draft', + }, + { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, + { id: 'CWE-335', name: 'PRNG Seed Error', status: 'Draft' }, + { id: 'CWE-336', name: 'Same Seed in PRNG', status: 'Draft' }, + { id: 'CWE-337', name: 'Predictable Seed in PRNG', status: 'Draft' }, + { + id: 'CWE-338', + name: 'Use of Cryptographically Weak PRNG', + status: 'Draft', + }, + { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, + { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, + { id: 'CWE-340', name: 'Predictability Problems', status: 'Incomplete' }, + { + id: 'CWE-341', + name: 'Predictable from Observable State', + status: 'Draft', + }, + { + id: 'CWE-342', + name: 'Predictable Exact Value from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-343', + name: 'Predictable Value Range from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-344', + name: 'Use of Invariant Value in Dynamically Changing Context', + status: 'Draft', + }, + { + id: 'CWE-345', + name: 'Insufficient Verification of Data Authenticity', + status: 'Draft', + }, + { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, + { id: 'CWE-347', name: 'Improperly Verified Signature', status: 'Draft' }, + { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, + { + id: 'CWE-349', + name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', + status: 'Draft', + }, + { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, + { id: 'CWE-350', name: 'Improperly Trusted Reverse DNS', status: 'Draft' }, + { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, + { + id: 'CWE-353', + name: 'Failure to Add Integrity Check Value', + status: 'Draft', + }, + { + id: 'CWE-354', + name: 'Failure to Check Integrity Check Value', + status: 'Draft', + }, + { + id: 'CWE-356', + name: 'Product UI does not Warn User of Unsafe Actions', + status: 'Incomplete', + }, + { + id: 'CWE-357', + name: 'Insufficient UI Warning of Dangerous Operations', + status: 'Draft', + }, + { + id: 'CWE-358', + name: 'Improperly Implemented Security Check for Standard', + status: 'Draft', + }, + { id: 'CWE-359', name: 'Privacy Violation', status: 'Incomplete' }, + { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, + { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, + { id: 'CWE-362', name: 'Race Condition', status: 'Draft' }, + { + id: 'CWE-363', + name: 'Race Condition Enabling Link Following', + status: 'Draft', + }, + { + id: 'CWE-364', + name: 'Signal Handler Race Condition', + status: 'Incomplete', + }, + { id: 'CWE-365', name: 'Race Condition in Switch', status: 'Draft' }, + { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, + { + id: 'CWE-367', + name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', + status: 'Incomplete', + }, + { + id: 'CWE-368', + name: 'Context Switching Race Condition', + status: 'Draft', + }, + { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, + { + id: 'CWE-37', + name: "Path Traversal: '/absolute/pathname/here'", + status: 'Draft', + }, + { + id: 'CWE-370', + name: 'Race Condition in Checking for Certificate Revocation', + status: 'Draft', + }, + { + id: 'CWE-372', + name: 'Incomplete Internal State Distinction', + status: 'Draft', + }, + { id: 'CWE-373', name: 'State Synchronization Error', status: 'Draft' }, + { + id: 'CWE-374', + name: 'Mutable Objects Passed by Reference', + status: 'Draft', + }, + { + id: 'CWE-375', + name: 'Passing Mutable Objects to an Untrusted Method', + status: 'Draft', + }, + { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, + { + id: 'CWE-378', + name: 'Creation of Temporary File With Insecure Permissions', + status: 'Draft', + }, + { + id: 'CWE-379', + name: 'Creation of Temporary File in Directory with Insecure Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-38', + name: "Path Traversal: '\\absolute\\pathname\\here'", + status: 'Draft', + }, + { + id: 'CWE-382', + name: 'J2EE Bad Practices: Use of System.exit()', + status: 'Draft', + }, + { + id: 'CWE-383', + name: 'J2EE Bad Practices: Direct Use of Threads', + status: 'Draft', + }, + { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, + { + id: 'CWE-386', + name: 'Symbolic Name not Mapping to Correct Object', + status: 'Draft', + }, + { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, + { + id: 'CWE-390', + name: 'Detection of Error Condition Without Action', + status: 'Draft', + }, + { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, + { + id: 'CWE-392', + name: 'Failure to Report Error in Status Code', + status: 'Draft', + }, + { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, + { + id: 'CWE-394', + name: 'Unexpected Status Code or Return Value', + status: 'Draft', + }, + { + id: 'CWE-395', + name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', + status: 'Draft', + }, + { + id: 'CWE-396', + name: 'Declaration of Catch for Generic Exception', + status: 'Draft', + }, + { + id: 'CWE-397', + name: 'Declaration of Throws for Generic Exception', + status: 'Draft', + }, + { id: 'CWE-398', name: 'Indicator of Poor Code Quality', status: 'Draft' }, + { + id: 'CWE-40', + name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", + status: 'Draft', + }, + { + id: 'CWE-400', + name: "Uncontrolled Resource Consumption (aka 'Resource Exhaustion')", + status: 'Incomplete', + }, + { + id: 'CWE-401', + name: "Failure to Release Memory Before Removing Last Reference (aka 'Memory Leak')", + status: 'Draft', + }, + { + id: 'CWE-402', + name: "Transmission of Private Resources into a New Sphere (aka 'Resource Leak')", + status: 'Draft', + }, + { id: 'CWE-403', name: 'UNIX File Descriptor Leak', status: 'Draft' }, + { + id: 'CWE-404', + name: 'Improper Resource Shutdown or Release', + status: 'Draft', + }, + { + id: 'CWE-405', + name: 'Asymmetric Resource Consumption (Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-406', + name: 'Insufficient Control of Network Message Volume (Network Amplification)', + status: 'Incomplete', + }, + { id: 'CWE-407', name: 'Algorithmic Complexity', status: 'Incomplete' }, + { + id: 'CWE-408', + name: 'Incorrect Behavior Order: Early Amplification', + status: 'Draft', + }, + { + id: 'CWE-409', + name: 'Failure to Handle Highly Compressed Data (Data Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-41', + name: 'Failure to Resolve Path Equivalence', + status: 'Incomplete', + }, + { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, + { + id: 'CWE-412', + name: 'Unrestricted Lock on Critical Resource', + status: 'Incomplete', + }, + { id: 'CWE-413', name: 'Insufficient Resource Locking', status: 'Draft' }, + { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, + { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, + { id: 'CWE-416', name: 'Use After Free', status: 'Draft' }, + { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, + { + id: 'CWE-42', + name: "Path Equivalence: 'filename.' (Trailing Dot)", + status: 'Incomplete', + }, + { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, + { + id: 'CWE-421', + name: 'Race Condition During Access to Alternate Channel', + status: 'Draft', + }, + { + id: 'CWE-422', + name: "Unprotected Windows Messaging Channel ('Shatter')", + status: 'Draft', + }, + { id: 'CWE-423', name: 'Proxied Trusted Channel', status: 'Incomplete' }, + { + id: 'CWE-424', + name: 'Failure to Protect Alternate Path', + status: 'Draft', + }, + { + id: 'CWE-425', + name: "Direct Request ('Forced Browsing')", + status: 'Incomplete', + }, + { + id: 'CWE-427', + name: 'Uncontrolled Search Path Element', + status: 'Draft', + }, + { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, + { + id: 'CWE-43', + name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-430', + name: 'Deployment of Wrong Handler', + status: 'Incomplete', + }, + { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, + { + id: 'CWE-432', + name: 'Dangerous Handler not Disabled During Sensitive Operations', + status: 'Draft', + }, + { + id: 'CWE-433', + name: 'Unparsed Raw Web Content Delivery', + status: 'Incomplete', + }, + { id: 'CWE-435', name: 'Interaction Error', status: 'Draft' }, + { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, + { + id: 'CWE-437', + name: 'Incomplete Model of Endpoint Features', + status: 'Incomplete', + }, + { + id: 'CWE-439', + name: 'Behavioral Change in New Version or Environment', + status: 'Draft', + }, + { + id: 'CWE-44', + name: "Path Equivalence: 'file.name' (Internal Dot)", + status: 'Incomplete', + }, + { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, + { id: 'CWE-441', name: 'Unintended Proxy/Intermediary', status: 'Draft' }, + { + id: 'CWE-443', + name: 'DEPRECATED (Duplicate): HTTP response splitting', + status: 'Deprecated', + }, + { + id: 'CWE-444', + name: "Inconsistent Interpretation of HTTP Requests (aka 'HTTP Request Smuggling')", + status: 'Incomplete', + }, + { + id: 'CWE-446', + name: 'UI Discrepancy for Security Feature', + status: 'Incomplete', + }, + { + id: 'CWE-447', + name: 'Unimplemented or Unsupported Feature in UI', + status: 'Draft', + }, + { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, + { + id: 'CWE-449', + name: 'The UI Performs the Wrong Action', + status: 'Incomplete', + }, + { + id: 'CWE-45', + name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-450', + name: 'Multiple Interpretations of UI Input', + status: 'Draft', + }, + { + id: 'CWE-451', + name: 'UI Misrepresentation of Critical Information', + status: 'Draft', + }, + { + id: 'CWE-453', + name: 'Insecure Default Variable Initialization', + status: 'Draft', + }, + { + id: 'CWE-454', + name: 'External Initialization of Trusted Variables', + status: 'Draft', + }, + { + id: 'CWE-455', + name: 'Non-exit on Failed Initialization', + status: 'Draft', + }, + { id: 'CWE-456', name: 'Missing Initialization', status: 'Draft' }, + { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, + { + id: 'CWE-458', + name: 'DEPRECATED: Incorrect Initialization', + status: 'Deprecated', + }, + { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, + { + id: 'CWE-46', + name: "Path Equivalence: 'filename ' (Trailing Space)", + status: 'Incomplete', + }, + { + id: 'CWE-460', + name: 'Improper Cleanup on Thrown Exception', + status: 'Draft', + }, + { + id: 'CWE-462', + name: 'Duplicate Key in Associative List (Alist)', + status: 'Incomplete', + }, + { + id: 'CWE-463', + name: 'Deletion of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-464', + name: 'Addition of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-466', + name: 'Return of Pointer Value Outside of Expected Range', + status: 'Draft', + }, + { + id: 'CWE-467', + name: 'Use of sizeof() on a Pointer Type', + status: 'Draft', + }, + { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, + { + id: 'CWE-469', + name: 'Use of Pointer Subtraction to Determine Size', + status: 'Draft', + }, + { + id: 'CWE-47', + name: "Path Equivalence: ' filename (Leading Space)", + status: 'Incomplete', + }, + { + id: 'CWE-470', + name: "Use of Externally-Controlled Input to Select Classes or Code (aka 'Unsafe Reflection')", + status: 'Draft', + }, + { + id: 'CWE-471', + name: 'Modification of Assumed-Immutable Data (MAID)', + status: 'Draft', + }, + { + id: 'CWE-472', + name: 'External Control of Assumed-Immutable Web Parameter', + status: 'Draft', + }, + { + id: 'CWE-473', + name: 'PHP External Variable Modification', + status: 'Draft', + }, + { + id: 'CWE-474', + name: 'Use of Function with Inconsistent Implementations', + status: 'Draft', + }, + { + id: 'CWE-475', + name: 'Undefined Behavior for Input to API', + status: 'Incomplete', + }, + { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Draft' }, + { id: 'CWE-477', name: 'Use of Obsolete Functions', status: 'Draft' }, + { + id: 'CWE-478', + name: 'Failure to Use Default Case in Switch', + status: 'Draft', + }, + { + id: 'CWE-479', + name: 'Unsafe Function Call from a Signal Handler', + status: 'Draft', + }, + { + id: 'CWE-48', + name: "Path Equivalence: 'file name' (Internal Whitespace)", + status: 'Incomplete', + }, + { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, + { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, + { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, + { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, + { id: 'CWE-484', name: 'Omitted Break Statement', status: 'Draft' }, + { id: 'CWE-485', name: 'Insufficient Encapsulation', status: 'Draft' }, + { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, + { + id: 'CWE-487', + name: 'Reliance on Package-level Scope', + status: 'Incomplete', + }, + { id: 'CWE-488', name: 'Data Leak Between Sessions', status: 'Draft' }, + { id: 'CWE-489', name: 'Leftover Debug Code', status: 'Draft' }, + { + id: 'CWE-49', + name: "Path Equivalence: 'filename/' (Trailing Slash)", + status: 'Incomplete', + }, + { + id: 'CWE-491', + name: "Public cloneable() Method Without Final (aka 'Object Hijack')", + status: 'Draft', + }, + { + id: 'CWE-492', + name: 'Use of Inner Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-493', + name: 'Critical Public Variable Without Final Modifier', + status: 'Draft', + }, + { + id: 'CWE-494', + name: 'Download of Untrusted Mobile Code Without Integrity Check', + status: 'Draft', + }, + { + id: 'CWE-495', + name: 'Private Array-Typed Field Returned From A Public Method', + status: 'Draft', + }, + { + id: 'CWE-496', + name: 'Public Data Assigned to Private Array-Typed Field', + status: 'Incomplete', + }, + { + id: 'CWE-497', + name: 'Information Leak of System Data', + status: 'Incomplete', + }, + { + id: 'CWE-498', + name: 'Information Leak through Class Cloning', + status: 'Draft', + }, + { + id: 'CWE-499', + name: 'Serializable Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-5', + name: 'J2EE Misconfiguration: Data Transmission Without Encryption', + status: 'Draft', + }, + { + id: 'CWE-50', + name: "Path Equivalence: '//multiple/leading/slash'", + status: 'Incomplete', + }, + { id: 'CWE-500', name: 'Static Field Not Marked Final', status: 'Draft' }, + { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, + { + id: 'CWE-502', + name: 'Deserialization of Untrusted Data', + status: 'Draft', + }, + { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, + { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, + { + id: 'CWE-508', + name: 'Non-Replicating Malicious Code', + status: 'Incomplete', + }, + { + id: 'CWE-509', + name: 'Replicating Malicious Code (Virus or Worm)', + status: 'Incomplete', + }, + { + id: 'CWE-51', + name: "Path Equivalence: '/multiple//internal/slash'", + status: 'Incomplete', + }, + { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, + { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, + { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, + { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, + { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, + { + id: 'CWE-516', + name: 'DEPRECATED (Duplicate): Covert Timing Channel', + status: 'Deprecated', + }, + { + id: 'CWE-52', + name: "Path Equivalence: '/multiple/trailing/slash//'", + status: 'Incomplete', + }, + { + id: 'CWE-520', + name: '.NET Misconfiguration: Use of Impersonation', + status: 'Incomplete', + }, + { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, + { + id: 'CWE-522', + name: 'Insufficiently Protected Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-523', + name: 'Unprotected Transport of Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-524', + name: 'Information Leak Through Caching', + status: 'Incomplete', + }, + { + id: 'CWE-525', + name: 'Information Leak Through Browser Caching', + status: 'Incomplete', + }, + { + id: 'CWE-526', + name: 'Information Leak Through Environmental Variables', + status: 'Incomplete', + }, + { + id: 'CWE-527', + name: 'Information Leak Through CVS Repository', + status: 'Incomplete', + }, + { + id: 'CWE-528', + name: 'Information Leak Through Core Dump Files', + status: 'Draft', + }, + { + id: 'CWE-529', + name: 'Information Leak Through Access Control List Files', + status: 'Incomplete', + }, + { + id: 'CWE-53', + name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", + status: 'Incomplete', + }, + { + id: 'CWE-530', + name: 'Information Leak Through Backup (.~bk) Files', + status: 'Incomplete', + }, + { + id: 'CWE-531', + name: 'Information Leak Through Test Code', + status: 'Incomplete', + }, + { + id: 'CWE-532', + name: 'Information Leak Through Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-533', + name: 'Information Leak Through Server Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-534', + name: 'Information Leak Through Debug Log Files', + status: 'Draft', + }, + { + id: 'CWE-535', + name: 'Information Leak Through Shell Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-536', + name: 'Information Leak Through Servlet Runtime Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-537', + name: 'Information Leak Through Java Runtime Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-538', + name: 'File and Directory Information Leaks', + status: 'Draft', + }, + { + id: 'CWE-539', + name: 'Information Leak Through Persistent Cookies', + status: 'Incomplete', + }, + { + id: 'CWE-54', + name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", + status: 'Incomplete', + }, + { + id: 'CWE-540', + name: 'Information Leak Through Source Code', + status: 'Incomplete', + }, + { + id: 'CWE-541', + name: 'Information Leak Through Include Source Code', + status: 'Incomplete', + }, + { + id: 'CWE-542', + name: 'Information Leak Through Cleanup Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-543', + name: 'Use of Singleton Pattern in a Non-thread-safe Manner', + status: 'Incomplete', + }, + { + id: 'CWE-544', + name: 'Missing Error Handling Mechanism', + status: 'Draft', + }, + { + id: 'CWE-545', + name: 'Use of Dynamic Class Loading', + status: 'Incomplete', + }, + { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, + { + id: 'CWE-547', + name: 'Use of Hard-coded, Security-relevant Constants', + status: 'Draft', + }, + { + id: 'CWE-548', + name: 'Information Leak Through Directory Listing', + status: 'Draft', + }, + { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, + { + id: 'CWE-55', + name: "Path Equivalence: '/./' (Single Dot Directory)", + status: 'Incomplete', + }, + { + id: 'CWE-550', + name: 'Information Leak Through Server Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-551', + name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', + status: 'Incomplete', + }, + { + id: 'CWE-552', + name: 'Files or Directories Accessible to External Parties', + status: 'Draft', + }, + { + id: 'CWE-553', + name: 'Command Shell in Externally Accessible Directory', + status: 'Incomplete', + }, + { + id: 'CWE-554', + name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', + status: 'Draft', + }, + { + id: 'CWE-555', + name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-556', + name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', + status: 'Incomplete', + }, + { + id: 'CWE-558', + name: 'Use of getlogin() in Multithreaded Application', + status: 'Draft', + }, + { + id: 'CWE-56', + name: "Path Equivalence: 'filedir*' (Wildcard)", + status: 'Incomplete', + }, + { + id: 'CWE-560', + name: 'Use of umask() with chmod-style Argument', + status: 'Draft', + }, + { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, + { + id: 'CWE-562', + name: 'Return of Stack Variable Address', + status: 'Draft', + }, + { id: 'CWE-563', name: 'Unused Variable', status: 'Draft' }, + { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, + { + id: 'CWE-565', + name: 'Use of Cookies in Security Decision', + status: 'Incomplete', + }, + { + id: 'CWE-566', + name: 'Access Control Bypass Through User-Controlled SQL Primary Key', + status: 'Incomplete', + }, + { + id: 'CWE-567', + name: 'Unsynchronized Access to Shared Data', + status: 'Draft', + }, + { + id: 'CWE-568', + name: 'finalize() Method Without super.finalize()', + status: 'Draft', + }, + { + id: 'CWE-57', + name: "Path Equivalence: 'fakedir/../realdir/filename'", + status: 'Incomplete', + }, + { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, + { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, + { + id: 'CWE-572', + name: 'Call to Thread run() instead of start()', + status: 'Draft', + }, + { id: 'CWE-573', name: 'Failure to Follow Specification', status: 'Draft' }, + { + id: 'CWE-574', + name: 'EJB Bad Practices: Use of Synchronization Primitives', + status: 'Draft', + }, + { + id: 'CWE-575', + name: 'EJB Bad Practices: Use of AWT Swing', + status: 'Draft', + }, + { + id: 'CWE-576', + name: 'EJB Bad Practices: Use of Java I/O', + status: 'Draft', + }, + { + id: 'CWE-577', + name: 'EJB Bad Practices: Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-578', + name: 'EJB Bad Practices: Use of Class Loader', + status: 'Draft', + }, + { + id: 'CWE-579', + name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', + status: 'Draft', + }, + { + id: 'CWE-58', + name: 'Path Equivalence: Windows 8.3 Filename', + status: 'Incomplete', + }, + { + id: 'CWE-580', + name: 'clone() Method Without super.clone()', + status: 'Draft', + }, + { + id: 'CWE-581', + name: 'Object Model Violation: Just One of Equals and Hashcode Defined', + status: 'Draft', + }, + { + id: 'CWE-582', + name: 'Array Declared Public, Final, and Static', + status: 'Draft', + }, + { + id: 'CWE-583', + name: 'finalize() Method Declared Public', + status: 'Incomplete', + }, + { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, + { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, + { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, + { + id: 'CWE-587', + name: 'Assignment of a Fixed Address to a Pointer', + status: 'Draft', + }, + { + id: 'CWE-588', + name: 'Attempt to Access Child of a Non-structure Pointer', + status: 'Incomplete', + }, + { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, + { + id: 'CWE-59', + name: "Failure to Resolve Links Before File Access (aka 'Link Following')", + status: 'Draft', + }, + { + id: 'CWE-590', + name: 'Free of Invalid Pointer Not on the Heap', + status: 'Incomplete', + }, + { + id: 'CWE-591', + name: 'Sensitive Data Storage in Improperly Locked Memory', + status: 'Draft', + }, + { + id: 'CWE-592', + name: 'Authentication Bypass Issues', + status: 'Incomplete', + }, + { + id: 'CWE-593', + name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', + status: 'Draft', + }, + { + id: 'CWE-594', + name: 'J2EE Framework: Saving Unserializable Objects to Disk', + status: 'Incomplete', + }, + { + id: 'CWE-595', + name: 'Incorrect Syntactic Object Comparison', + status: 'Incomplete', + }, + { + id: 'CWE-596', + name: 'Incorrect Semantic Object Comparison', + status: 'Incomplete', + }, + { + id: 'CWE-597', + name: 'Use of Wrong Operator in String Comparison', + status: 'Draft', + }, + { + id: 'CWE-598', + name: 'Information Leak Through Query Strings in GET Request', + status: 'Draft', + }, + { + id: 'CWE-599', + name: 'Trust of OpenSSL Certificate Without Validation', + status: 'Incomplete', + }, + { + id: 'CWE-6', + name: 'J2EE Misconfiguration: Insufficient Session-ID Length', + status: 'Incomplete', + }, + { + id: 'CWE-600', + name: 'Failure to Catch All Exceptions (Missing Catch Block)', + status: 'Draft', + }, + { + id: 'CWE-601', + name: "URL Redirection to Untrusted Site (aka 'Open Redirect')", + status: 'Draft', + }, + { + id: 'CWE-602', + name: 'Design Principle Violation: Client-Side Enforcement of Server-Side Security', + status: 'Draft', + }, + { + id: 'CWE-603', + name: 'Use of Client-Side Authentication', + status: 'Draft', + }, + { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, + { + id: 'CWE-606', + name: 'Unchecked Input for Loop Condition', + status: 'Draft', + }, + { + id: 'CWE-607', + name: 'Public Static Final Field References Mutable Object', + status: 'Draft', + }, + { + id: 'CWE-608', + name: 'Struts: Non-private Field in ActionForm Class', + status: 'Draft', + }, + { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, + { + id: 'CWE-610', + name: 'Externally Controlled Reference to a Resource in Another Sphere', + status: 'Draft', + }, + { + id: 'CWE-611', + name: 'Information Leak Through XML External Entity File Disclosure', + status: 'Draft', + }, + { + id: 'CWE-612', + name: 'Information Leak Through Indexing of Private Data', + status: 'Draft', + }, + { + id: 'CWE-613', + name: 'Insufficient Session Expiration', + status: 'Incomplete', + }, + { + id: 'CWE-614', + name: 'Sensitive Cookie in HTTPS Session Without "Secure" Attribute', + status: 'Draft', + }, + { + id: 'CWE-615', + name: 'Information Leak Through Comments', + status: 'Incomplete', + }, + { + id: 'CWE-616', + name: 'Incomplete Identification of Uploaded File Variables (PHP)', + status: 'Incomplete', + }, + { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, + { + id: 'CWE-618', + name: 'Exposed Unsafe ActiveX Method', + status: 'Incomplete', + }, + { + id: 'CWE-619', + name: "Dangling Database Cursor (aka 'Cursor Injection')", + status: 'Incomplete', + }, + { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, + { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, + { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, + { + id: 'CWE-622', + name: 'Unvalidated Function Hook Arguments', + status: 'Draft', + }, + { + id: 'CWE-623', + name: 'Unsafe ActiveX Control Marked Safe For Scripting', + status: 'Draft', + }, + { + id: 'CWE-624', + name: 'Executable Regular Expression Error', + status: 'Incomplete', + }, + { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, + { + id: 'CWE-626', + name: 'Null Byte Interaction Error (Poison Null Byte)', + status: 'Draft', + }, + { + id: 'CWE-627', + name: 'Dynamic Variable Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-628', + name: 'Function Call with Incorrectly Specified Arguments', + status: 'Draft', + }, + { + id: 'CWE-636', + name: "Design Principle Violation: Not Failing Securely (aka 'Failing Open')", + status: 'Draft', + }, + { + id: 'CWE-637', + name: 'Design Principle Violation: Not Using Economy of Mechanism', + status: 'Draft', + }, + { + id: 'CWE-638', + name: 'Design Principle Violation: Not Using Complete Mediation', + status: 'Draft', + }, + { + id: 'CWE-639', + name: 'Access Control Bypass Through User-Controlled Key', + status: 'Incomplete', + }, + { + id: 'CWE-64', + name: 'Windows Shortcut Following (.LNK)', + status: 'Incomplete', + }, + { + id: 'CWE-640', + name: 'Weak Password Recovery Mechanism for Forgotten Password', + status: 'Incomplete', + }, + { + id: 'CWE-641', + name: 'Insufficient Filtering of File and Other Resource Names for Executable Content', + status: 'Incomplete', + }, + { + id: 'CWE-642', + name: 'External Control of User State Data', + status: 'Incomplete', + }, + { + id: 'CWE-643', + name: "Failure to Sanitize Data within XPath Expressions (aka 'XPath injection')", + status: 'Incomplete', + }, + { + id: 'CWE-644', + name: 'Insufficient Sanitization of HTTP Headers for Scripting Syntax', + status: 'Incomplete', + }, + { + id: 'CWE-645', + name: 'Overly Restrictive Account Lockout Mechanism', + status: 'Incomplete', + }, + { + id: 'CWE-646', + name: 'Reliance on File Name or Extension of Externally-Supplied File', + status: 'Incomplete', + }, + { + id: 'CWE-647', + name: 'Use of Non-Canonical URL Paths for Authorization Decisions', + status: 'Incomplete', + }, + { + id: 'CWE-648', + name: 'Improper Use of Privileged APIs', + status: 'Incomplete', + }, + { + id: 'CWE-649', + name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', + status: 'Incomplete', + }, + { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, + { + id: 'CWE-650', + name: 'Trusting HTTP Permission Methods on the Server Side', + status: 'Incomplete', + }, + { + id: 'CWE-651', + name: 'Information Leak through WSDL File', + status: 'Incomplete', + }, + { + id: 'CWE-652', + name: "Failure to Sanitize Data within XQuery Expressions (aka 'XQuery Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-653', + name: 'Design Principle Violation: Insufficient Compartmentalization', + status: 'Draft', + }, + { + id: 'CWE-654', + name: 'Design Principle Violation: Reliance on a Single Factor in a Security Decision', + status: 'Draft', + }, + { + id: 'CWE-655', + name: 'Design Principle Violation: Failure to Satisfy Psychological Acceptability', + status: 'Draft', + }, + { + id: 'CWE-656', + name: 'Design Principle Violation: Reliance on Security through Obscurity', + status: 'Draft', + }, + { + id: 'CWE-657', + name: 'Violation of Secure Design Principles', + status: 'Draft', + }, + { + id: 'CWE-66', + name: 'Failure to Handle File Names that Identify Virtual Resources', + status: 'Draft', + }, + { id: 'CWE-662', name: 'Insufficient Synchronization', status: 'Draft' }, + { + id: 'CWE-663', + name: 'Use of a Non-reentrant Function in an Unsynchronized Context', + status: 'Draft', + }, + { + id: 'CWE-664', + name: 'Insufficient Control of a Resource Through its Lifetime', + status: 'Draft', + }, + { + id: 'CWE-665', + name: 'Incorrect or Incomplete Initialization', + status: 'Draft', + }, + { + id: 'CWE-666', + name: 'Operation on Resource in Wrong Phase of Lifetime', + status: 'Draft', + }, + { id: 'CWE-667', name: 'Insufficient Locking', status: 'Draft' }, + { + id: 'CWE-668', + name: 'Exposure of Resource to Wrong Sphere', + status: 'Draft', + }, + { + id: 'CWE-669', + name: 'Incorrect Resource Transfer Between Spheres', + status: 'Draft', + }, + { + id: 'CWE-67', + name: 'Failure to Handle Windows Device Names', + status: 'Incomplete', + }, + { + id: 'CWE-670', + name: 'Always-Incorrect Control Flow Implementation', + status: 'Draft', + }, + { + id: 'CWE-671', + name: 'Design Principle Violation: Lack of Administrator Control over Security', + status: 'Draft', + }, + { + id: 'CWE-672', + name: 'Use of a Resource after Expiration or Release', + status: 'Draft', + }, + { + id: 'CWE-673', + name: 'External Influence of Sphere Definition', + status: 'Draft', + }, + { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, + { + id: 'CWE-675', + name: 'Duplicate Operations on Resource', + status: 'Draft', + }, + { + id: 'CWE-676', + name: 'Use of Potentially Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-681', + name: 'Incorrect Conversion between Numeric Types', + status: 'Draft', + }, + { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, + { + id: 'CWE-683', + name: 'Function Call With Incorrect Order of Arguments', + status: 'Draft', + }, + { + id: 'CWE-684', + name: 'Failure to Provide Specified Functionality', + status: 'Draft', + }, + { + id: 'CWE-685', + name: 'Function Call With Incorrect Number of Arguments', + status: 'Draft', + }, + { + id: 'CWE-686', + name: 'Function Call With Incorrect Argument Type', + status: 'Draft', + }, + { + id: 'CWE-687', + name: 'Function Call With Incorrectly Specified Argument Value', + status: 'Draft', + }, + { + id: 'CWE-688', + name: 'Function Call With Incorrect Variable or Reference as Argument', + status: 'Draft', + }, + { + id: 'CWE-69', + name: 'Failure to Handle Windows ::DATA Alternate Data Stream', + status: 'Incomplete', + }, + { + id: 'CWE-691', + name: 'Insufficient Control Flow Management', + status: 'Draft', + }, + { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, + { + id: 'CWE-694', + name: 'Use of Multiple Resources with Duplicate Identifier', + status: 'Incomplete', + }, + { + id: 'CWE-695', + name: 'Use of Low-Level Functionality', + status: 'Incomplete', + }, + { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, + { id: 'CWE-697', name: 'Insufficient Comparison', status: 'Incomplete' }, + { id: 'CWE-698', name: 'Redirect Without Exit', status: 'Incomplete' }, + { + id: 'CWE-7', + name: 'J2EE Misconfiguration: Missing Error Handling', + status: 'Incomplete', + }, + { + id: 'CWE-703', + name: 'Failure to Handle Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-704', + name: 'Incorrect Type Conversion or Cast', + status: 'Incomplete', + }, + { + id: 'CWE-705', + name: 'Incorrect Control Flow Scoping', + status: 'Incomplete', + }, + { + id: 'CWE-706', + name: 'Use of Incorrectly-Resolved Name or Reference', + status: 'Incomplete', + }, + { + id: 'CWE-707', + name: 'Failure to Enforce that Messages or Data are Well-Formed', + status: 'Incomplete', + }, + { + id: 'CWE-708', + name: 'Incorrect Ownership Assignment', + status: 'Incomplete', + }, + { id: 'CWE-71', name: "Apple '.DS_Store'", status: 'Incomplete' }, + { id: 'CWE-710', name: 'Coding Standards Violation', status: 'Incomplete' }, + { + id: 'CWE-72', + name: 'Apple HFS+ Alternate Data Stream', + status: 'Incomplete', + }, + { + id: 'CWE-73', + name: 'External Control of File Name or Path', + status: 'Draft', + }, + { + id: 'CWE-732', + name: 'Insecure Permission Assignment for Resource', + status: 'Incomplete', + }, + { + id: 'CWE-733', + name: 'Compiler Optimization Removal or Modification of Security-critical Code', + status: 'Incomplete', + }, + { + id: 'CWE-74', + name: "Failure to Sanitize Data into a Different Plane (aka 'Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-75', + name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', + status: 'Draft', + }, + { + id: 'CWE-76', + name: 'Failure to Resolve Equivalent Special Elements into a Different Plane', + status: 'Draft', + }, + { + id: 'CWE-77', + name: "Failure to Sanitize Data into a Control Plane (aka 'Command Injection')", + status: 'Draft', + }, + { + id: 'CWE-78', + name: "Failure to Sanitize Data into an OS Command (aka 'OS Command Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-79', + name: "Failure to Sanitize Directives in a Web Page (aka 'Cross-site scripting' (XSS))", + status: 'Draft', + }, + { + id: 'CWE-8', + name: 'J2EE Misconfiguration: Entity Bean Declared Remote', + status: 'Incomplete', + }, + { + id: 'CWE-80', + name: 'Failure to Sanitize Script-Related HTML Tags in a Web Page (Basic XSS)', + status: 'Incomplete', + }, + { + id: 'CWE-81', + name: 'Failure to Sanitize Directives in an Error Message Web Page', + status: 'Incomplete', + }, + { + id: 'CWE-82', + name: 'Failure to Sanitize Script in Attributes of IMG Tags in a Web Page', + status: 'Incomplete', + }, + { + id: 'CWE-83', + name: 'Failure to Sanitize Script in Attributes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-84', + name: 'Failure to Resolve Encoded URI Schemes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-85', + name: 'Doubled Character XSS Manipulations', + status: 'Draft', + }, + { + id: 'CWE-86', + name: 'Failure to Sanitize Invalid Characters in Identifiers in Web Pages', + status: 'Draft', + }, + { + id: 'CWE-87', + name: 'Failure to Sanitize Alternate XSS Syntax', + status: 'Draft', + }, + { + id: 'CWE-88', + name: 'Argument Injection or Modification', + status: 'Draft', + }, + { + id: 'CWE-89', + name: "Failure to Sanitize Data within SQL Queries (aka 'SQL Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-9', + name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', + status: 'Draft', + }, + { + id: 'CWE-90', + name: "Failure to Sanitize Data into LDAP Queries (aka 'LDAP Injection')", + status: 'Draft', + }, + { + id: 'CWE-91', + name: 'XML Injection (aka Blind XPath Injection)', + status: 'Draft', + }, + { + id: 'CWE-92', + name: 'Insufficient Sanitization of Custom Special Characters', + status: 'Incomplete', + }, + { + id: 'CWE-93', + name: "Failure to Sanitize CRLF Sequences (aka 'CRLF Injection')", + status: 'Draft', + }, + { id: 'CWE-94', name: 'Code Injection', status: 'Draft' }, + { + id: 'CWE-95', + name: "Insufficient Control of Directives in Dynamically Evaluated Code (aka 'Eval Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-96', + name: 'Insufficient Control of Directives in Statically Saved Code (Static Code Injection)', + status: 'Draft', + }, + { + id: 'CWE-97', + name: 'Failure to Sanitize Server-Side Includes (SSI) Within a Web Page', + status: 'Draft', + }, + { + id: 'CWE-99', + name: "Insufficient Control of Resource Identifiers (aka 'Resource Injection')", + status: 'Draft', + }, + ], +} diff --git a/lib/cwec/1.0.js b/lib/cwec/1.0.js new file mode 100644 index 00000000..648ee8a1 --- /dev/null +++ b/lib/cwec/1.0.js @@ -0,0 +1,2427 @@ +export default { + weaknesses: [ + { + id: 'CWE-100', + name: 'Technology-Specific Input Validation Problems', + status: 'Incomplete', + }, + { + id: 'CWE-102', + name: 'Struts: Duplicate Validation Forms', + status: 'Incomplete', + }, + { + id: 'CWE-103', + name: 'Struts: Incomplete validate() Method Definition', + status: 'Draft', + }, + { + id: 'CWE-104', + name: 'Struts: Form Bean Does Not Extend Validation Class', + status: 'Draft', + }, + { + id: 'CWE-105', + name: 'Struts: Form Field Without Validator', + status: 'Draft', + }, + { + id: 'CWE-106', + name: 'Struts: Plug-in Framework not in Use', + status: 'Draft', + }, + { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, + { + id: 'CWE-108', + name: 'Struts: Unvalidated Action Form', + status: 'Incomplete', + }, + { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, + { + id: 'CWE-11', + name: 'ASP.NET Misconfiguration: Creating Debug Binary', + status: 'Draft', + }, + { + id: 'CWE-110', + name: 'Struts: Validator Without Form Field', + status: 'Draft', + }, + { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, + { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, + { + id: 'CWE-113', + name: "Failure to Sanitize CRLF Sequences in HTTP Headers (aka 'HTTP Response Splitting')", + status: 'Incomplete', + }, + { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, + { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, + { + id: 'CWE-116', + name: 'Insufficient Output Sanitization', + status: 'Draft', + }, + { + id: 'CWE-117', + name: 'Incorrect Output Sanitization for Logs', + status: 'Draft', + }, + { + id: 'CWE-118', + name: "Improper Access of Indexable Resource (aka 'Range Error')", + status: 'Incomplete', + }, + { + id: 'CWE-119', + name: 'Failure to Constrain Operations within the Bounds of an Allocated Memory Buffer', + status: 'Draft', + }, + { + id: 'CWE-12', + name: 'ASP.NET Misconfiguration: Missing Custom Error Handling', + status: 'Draft', + }, + { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, + { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, + { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, + { + id: 'CWE-124', + name: "Boundary Beginning Violation ('Buffer Underwrite')", + status: 'Incomplete', + }, + { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, + { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, + { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, + { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, + { id: 'CWE-129', name: 'Unchecked Array Indexing', status: 'Draft' }, + { + id: 'CWE-13', + name: 'ASP.NET Misconfiguration: Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-130', + name: 'Failure to Handle Length Parameter Inconsistency', + status: 'Incomplete', + }, + { + id: 'CWE-131', + name: 'Incorrect Calculation of Buffer Size', + status: 'Draft', + }, + { + id: 'CWE-132', + name: 'DEPRECATED (Duplicate): Miscalculated Null Termination', + status: 'Deprecated', + }, + { id: 'CWE-134', name: 'Uncontrolled Format String', status: 'Draft' }, + { + id: 'CWE-135', + name: 'Incorrect Calculation of Multi-Byte String Length', + status: 'Draft', + }, + { + id: 'CWE-138', + name: 'Failure to Sanitize Special Elements', + status: 'Draft', + }, + { + id: 'CWE-14', + name: 'Compiler Removal of Code to Clear Buffers', + status: 'Draft', + }, + { id: 'CWE-140', name: 'Failure to Sanitize Delimiters', status: 'Draft' }, + { + id: 'CWE-141', + name: 'Failure to Sanitize Parameter/Argument Delimiters', + status: 'Draft', + }, + { + id: 'CWE-142', + name: 'Failure to Sanitize Value Delimiters', + status: 'Draft', + }, + { + id: 'CWE-143', + name: 'Failure to Sanitize Record Delimiters', + status: 'Draft', + }, + { + id: 'CWE-144', + name: 'Failure to Sanitize Line Delimiters', + status: 'Draft', + }, + { + id: 'CWE-145', + name: 'Failure to Sanitize Section Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-146', + name: 'Failure to Sanitize Expression/Command Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-147', + name: 'Failure to Sanitize Input Terminators', + status: 'Draft', + }, + { + id: 'CWE-148', + name: 'Failure to Sanitize Input Leaders', + status: 'Draft', + }, + { + id: 'CWE-149', + name: 'Failure to Sanitize Quoting Syntax', + status: 'Draft', + }, + { + id: 'CWE-15', + name: 'External Control of System or Configuration Setting', + status: 'Incomplete', + }, + { + id: 'CWE-150', + name: 'Failure to Sanitize Escape, Meta, or Control Sequences', + status: 'Incomplete', + }, + { + id: 'CWE-151', + name: 'Failure to Sanitize Comment Element', + status: 'Draft', + }, + { + id: 'CWE-152', + name: 'Failure to Sanitize Macro Symbol', + status: 'Draft', + }, + { + id: 'CWE-153', + name: 'Failure to Sanitize Substitution Character', + status: 'Draft', + }, + { + id: 'CWE-154', + name: 'Failure to Sanitize Variable Name Delimiter', + status: 'Incomplete', + }, + { + id: 'CWE-155', + name: 'Failure to Sanitize Wildcard or Matching Symbol', + status: 'Draft', + }, + { id: 'CWE-156', name: 'Failure to Sanitize Whitespace', status: 'Draft' }, + { + id: 'CWE-157', + name: 'Failure to Sanitize Paired Delimiters', + status: 'Draft', + }, + { + id: 'CWE-158', + name: 'Failure to Sanitize Null Byte or NUL Character', + status: 'Incomplete', + }, + { + id: 'CWE-159', + name: 'Failure to Sanitize Special Element', + status: 'Draft', + }, + { + id: 'CWE-160', + name: 'Failure to Sanitize Leading Special Element', + status: 'Incomplete', + }, + { + id: 'CWE-161', + name: 'Failure to Sanitize Multiple Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-162', + name: 'Failure to Sanitize Trailing Special Element', + status: 'Incomplete', + }, + { + id: 'CWE-163', + name: 'Failure to Sanitize Multiple Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-164', + name: 'Failure to Sanitize Internal Special Element', + status: 'Incomplete', + }, + { + id: 'CWE-165', + name: 'Failure to Sanitize Multiple Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-166', + name: 'Failure to Handle Missing Special Element', + status: 'Draft', + }, + { + id: 'CWE-167', + name: 'Failure to Handle Additional Special Element', + status: 'Draft', + }, + { + id: 'CWE-168', + name: 'Failure to Resolve Inconsistent Special Elements', + status: 'Draft', + }, + { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, + { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, + { + id: 'CWE-173', + name: 'Failure to Handle Alternate Encoding', + status: 'Draft', + }, + { + id: 'CWE-174', + name: 'Double Decoding of the Same Data', + status: 'Draft', + }, + { + id: 'CWE-175', + name: 'Failure to Handle Mixed Encoding', + status: 'Draft', + }, + { + id: 'CWE-176', + name: 'Failure to Handle Unicode Encoding', + status: 'Draft', + }, + { + id: 'CWE-177', + name: 'Failure to Handle URL Encoding (Hex Encoding)', + status: 'Draft', + }, + { + id: 'CWE-178', + name: 'Failure to Resolve Case Sensitivity', + status: 'Incomplete', + }, + { + id: 'CWE-179', + name: 'Incorrect Behavior Order: Early Validation', + status: 'Incomplete', + }, + { + id: 'CWE-180', + name: 'Incorrect Behavior Order: Validate Before Canonicalize', + status: 'Draft', + }, + { + id: 'CWE-181', + name: 'Incorrect Behavior Order: Validate Before Filter', + status: 'Draft', + }, + { + id: 'CWE-182', + name: 'Collapse of Data Into Unsafe Value', + status: 'Draft', + }, + { id: 'CWE-183', name: 'Permissive Whitelist', status: 'Draft' }, + { id: 'CWE-184', name: 'Incomplete Blacklist', status: 'Draft' }, + { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, + { + id: 'CWE-186', + name: 'Overly Restrictive Regular Expression', + status: 'Draft', + }, + { id: 'CWE-187', name: 'Partial Comparison', status: 'Incomplete' }, + { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, + { + id: 'CWE-190', + name: 'Integer Overflow (Wrap or Wraparound)', + status: 'Incomplete', + }, + { + id: 'CWE-191', + name: 'Integer Underflow (Wrap or Wraparound)', + status: 'Draft', + }, + { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, + { id: 'CWE-194', name: 'Incorrect Sign Extension', status: 'Incomplete' }, + { + id: 'CWE-195', + name: 'Signed to Unsigned Conversion Error', + status: 'Draft', + }, + { + id: 'CWE-196', + name: 'Unsigned to Signed Conversion Error', + status: 'Draft', + }, + { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, + { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, + { id: 'CWE-20', name: 'Insufficient Input Validation', status: 'Draft' }, + { + id: 'CWE-200', + name: 'Information Leak (Information Disclosure)', + status: 'Incomplete', + }, + { + id: 'CWE-201', + name: 'Information Leak Through Sent Data', + status: 'Draft', + }, + { + id: 'CWE-202', + name: 'Privacy Leak through Data Queries', + status: 'Draft', + }, + { + id: 'CWE-203', + name: 'Discrepancy Information Leaks', + status: 'Incomplete', + }, + { + id: 'CWE-204', + name: 'Response Discrepancy Information Leak', + status: 'Incomplete', + }, + { + id: 'CWE-205', + name: 'Behavioral Discrepancy Information Leak', + status: 'Incomplete', + }, + { + id: 'CWE-206', + name: 'Internal Behavioral Inconsistency Information Leak', + status: 'Incomplete', + }, + { + id: 'CWE-207', + name: 'External Behavioral Inconsistency Information Leak', + status: 'Draft', + }, + { + id: 'CWE-208', + name: 'Timing Discrepancy Information Leak', + status: 'Incomplete', + }, + { id: 'CWE-209', name: 'Error Message Information Leaks', status: 'Draft' }, + { + id: 'CWE-210', + name: 'Product-Generated Error Message Information Leak', + status: 'Draft', + }, + { + id: 'CWE-211', + name: 'Product-External Error Message Information Leak', + status: 'Incomplete', + }, + { + id: 'CWE-212', + name: 'Cross-boundary Cleansing Information Leak', + status: 'Incomplete', + }, + { id: 'CWE-213', name: 'Intended Information Leak', status: 'Draft' }, + { + id: 'CWE-214', + name: 'Process Environment Information Leak', + status: 'Incomplete', + }, + { + id: 'CWE-215', + name: 'Information Leak Through Debug Information', + status: 'Draft', + }, + { + id: 'CWE-216', + name: 'Containment Errors (Container Errors)', + status: 'Incomplete', + }, + { + id: 'CWE-217', + name: 'Failure to Protect Stored Data from Modification', + status: 'Incomplete', + }, + { + id: 'CWE-218', + name: 'DEPRECATED (Duplicate): Failure to provide confidentiality for stored data', + status: 'Deprecated', + }, + { id: 'CWE-219', name: 'Sensitive Data Under Web Root', status: 'Draft' }, + { id: 'CWE-22', name: 'Path Traversal', status: 'Draft' }, + { id: 'CWE-220', name: 'Sensitive Data Under FTP Root', status: 'Draft' }, + { + id: 'CWE-221', + name: 'Information Loss or Omission', + status: 'Incomplete', + }, + { + id: 'CWE-222', + name: 'Truncation of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-223', + name: 'Omission of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-224', + name: 'Obscured Security-relevant Information by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-225', + name: 'DEPRECATED (Duplicate): General Information Management Problems', + status: 'Deprecated', + }, + { + id: 'CWE-226', + name: 'Sensitive Information Uncleared Before Release', + status: 'Draft', + }, + { + id: 'CWE-227', + name: "Failure to Fulfill API Contract (aka 'API Abuse')", + status: 'Draft', + }, + { + id: 'CWE-228', + name: 'Failure to Handle Syntactically Invalid Structure', + status: 'Incomplete', + }, + { + id: 'CWE-229', + name: 'Improper Handling of Values', + status: 'Incomplete', + }, + { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, + { id: 'CWE-230', name: 'Failure to Handle Missing Value', status: 'Draft' }, + { id: 'CWE-231', name: 'Failure to Handle Extra Value', status: 'Draft' }, + { + id: 'CWE-232', + name: 'Failure to Handle Undefined Value', + status: 'Draft', + }, + { id: 'CWE-233', name: 'Parameter Problems', status: 'Incomplete' }, + { + id: 'CWE-234', + name: 'Failure to Handle Missing Parameter', + status: 'Incomplete', + }, + { + id: 'CWE-235', + name: 'Failure to Handle Extra Parameter', + status: 'Draft', + }, + { + id: 'CWE-236', + name: 'Failure to Handle Undefined Parameter', + status: 'Draft', + }, + { id: 'CWE-237', name: 'Element Problems', status: 'Incomplete' }, + { + id: 'CWE-238', + name: 'Failure to Handle Missing Element', + status: 'Draft', + }, + { + id: 'CWE-239', + name: 'Failure to Handle Incomplete Element', + status: 'Draft', + }, + { + id: 'CWE-24', + name: "Path Traversal: '../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-240', + name: 'Failure to Resolve Inconsistent Elements', + status: 'Draft', + }, + { + id: 'CWE-241', + name: 'Failure to Handle Wrong Data Type', + status: 'Draft', + }, + { + id: 'CWE-242', + name: 'Use of Inherently Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-243', + name: 'Failure to Change Working Directory in chroot Jail', + status: 'Draft', + }, + { + id: 'CWE-244', + name: "Failure to Clear Heap Memory Before Release (aka 'Heap Inspection')", + status: 'Draft', + }, + { + id: 'CWE-245', + name: 'J2EE Bad Practices: Direct Management of Connections', + status: 'Draft', + }, + { + id: 'CWE-246', + name: 'J2EE Bad Practices: Direct Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-247', + name: 'Reliance on DNS Lookups in a Security Decision', + status: 'Incomplete', + }, + { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, + { + id: 'CWE-249', + name: 'Often Misused: Path Manipulation', + status: 'Incomplete', + }, + { + id: 'CWE-25', + name: "Path Traversal: '/../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-250', + name: 'Design Principle Violation: Failure to Use Least Privilege', + status: 'Draft', + }, + { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, + { + id: 'CWE-253', + name: 'Misinterpreted Function Return Value', + status: 'Incomplete', + }, + { + id: 'CWE-256', + name: 'Plaintext Storage of a Password', + status: 'Incomplete', + }, + { + id: 'CWE-257', + name: 'Storing Passwords in a Recoverable Format', + status: 'Incomplete', + }, + { + id: 'CWE-258', + name: 'Empty Password in Configuration File', + status: 'Incomplete', + }, + { id: 'CWE-259', name: 'Hard-Coded Password', status: 'Incomplete' }, + { + id: 'CWE-26', + name: "Path Traversal: '/dir/../filename'", + status: 'Draft', + }, + { + id: 'CWE-260', + name: 'Password in Configuration File', + status: 'Incomplete', + }, + { + id: 'CWE-261', + name: 'Weak Cryptography for Passwords', + status: 'Incomplete', + }, + { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, + { + id: 'CWE-263', + name: 'Password Aging with Long Expiration', + status: 'Draft', + }, + { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, + { + id: 'CWE-267', + name: 'Privilege Defined With Unsafe Actions', + status: 'Incomplete', + }, + { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, + { + id: 'CWE-269', + name: 'Insecure Privilege Management', + status: 'Incomplete', + }, + { + id: 'CWE-27', + name: "Path Traversal: 'dir/../../filename'", + status: 'Draft', + }, + { + id: 'CWE-270', + name: 'Privilege Context Switching Error', + status: 'Draft', + }, + { + id: 'CWE-271', + name: 'Privilege Dropping / Lowering Errors', + status: 'Incomplete', + }, + { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, + { + id: 'CWE-273', + name: 'Failure to Check Whether Privileges Were Dropped Successfully', + status: 'Incomplete', + }, + { + id: 'CWE-274', + name: 'Failure to Handle Insufficient Privileges', + status: 'Draft', + }, + { id: 'CWE-276', name: 'Insecure Default Permissions', status: 'Draft' }, + { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, + { + id: 'CWE-278', + name: 'Insecure Preserved Inherited Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-279', + name: 'Insecure Execution-assigned Permissions', + status: 'Draft', + }, + { + id: 'CWE-28', + name: "Path Traversal: '..\\filename'", + status: 'Incomplete', + }, + { + id: 'CWE-280', + name: 'Failure to Handle Insufficient Permissions or Privileges', + status: 'Draft', + }, + { id: 'CWE-281', name: 'Permission Preservation Failure', status: 'Draft' }, + { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, + { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, + { + id: 'CWE-284', + name: 'Access Control (Authorization) Issues', + status: 'Incomplete', + }, + { + id: 'CWE-285', + name: 'Missing or Inconsistent Access Control', + status: 'Draft', + }, + { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, + { id: 'CWE-287', name: 'Insufficient Authentication', status: 'Draft' }, + { + id: 'CWE-288', + name: 'Authentication Bypass Using an Alternate Path or Channel', + status: 'Incomplete', + }, + { + id: 'CWE-289', + name: 'Authentication Bypass by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-29', + name: "Path Traversal: '\\..\\filename'", + status: 'Incomplete', + }, + { + id: 'CWE-290', + name: 'Authentication Bypass by Spoofing', + status: 'Incomplete', + }, + { + id: 'CWE-292', + name: 'Trusting Self-reported DNS Name', + status: 'Incomplete', + }, + { + id: 'CWE-293', + name: 'Using Referer Field for Authentication', + status: 'Draft', + }, + { + id: 'CWE-294', + name: 'Authentication Bypass by Capture-replay', + status: 'Incomplete', + }, + { + id: 'CWE-296', + name: 'Failure to Follow Chain of Trust in Certificate Validation', + status: 'Draft', + }, + { + id: 'CWE-297', + name: 'Failure to Validate Host-specific Certificate Data', + status: 'Incomplete', + }, + { + id: 'CWE-298', + name: 'Failure to Validate Certificate Expiration', + status: 'Draft', + }, + { + id: 'CWE-299', + name: 'Failure to Check for Certificate Revocation', + status: 'Draft', + }, + { + id: 'CWE-30', + name: "Path Traversal: '\\dir\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-300', + name: "Channel Accessible by Non-Endpoint (aka 'Man-in-the-Middle')", + status: 'Draft', + }, + { + id: 'CWE-301', + name: 'Reflection Attack in an Authentication Protocol', + status: 'Draft', + }, + { + id: 'CWE-302', + name: 'Authentication Bypass by Assumed-Immutable Data', + status: 'Incomplete', + }, + { + id: 'CWE-303', + name: 'Improper Implementation of Authentication Algorithm', + status: 'Draft', + }, + { + id: 'CWE-304', + name: 'Missing Critical Step in Authentication', + status: 'Draft', + }, + { + id: 'CWE-305', + name: 'Authentication Bypass by Primary Weakness', + status: 'Draft', + }, + { + id: 'CWE-306', + name: 'No Authentication for Critical Function', + status: 'Draft', + }, + { + id: 'CWE-307', + name: 'Failure to Restrict Excessive Authentication Attempts', + status: 'Draft', + }, + { + id: 'CWE-308', + name: 'Use of Single-factor Authentication', + status: 'Draft', + }, + { + id: 'CWE-309', + name: 'Use of Password System for Primary Authentication', + status: 'Draft', + }, + { + id: 'CWE-31', + name: "Path Traversal: 'dir\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-311', + name: 'Failure to Encrypt Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-312', + name: 'Plaintext Storage of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-313', + name: 'Plaintext Storage in a File or on Disk', + status: 'Draft', + }, + { + id: 'CWE-314', + name: 'Plaintext Storage in the Registry', + status: 'Draft', + }, + { id: 'CWE-315', name: 'Plaintext Storage in a Cookie', status: 'Draft' }, + { id: 'CWE-316', name: 'Plaintext Storage in Memory', status: 'Draft' }, + { id: 'CWE-317', name: 'Plaintext Storage in GUI', status: 'Draft' }, + { id: 'CWE-318', name: 'Plaintext Storage in Executable', status: 'Draft' }, + { + id: 'CWE-319', + name: 'Plaintext Transmission of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-32', + name: "Path Traversal: '...' (Triple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-321', + name: 'Use of Hard-coded Cryptographic Key', + status: 'Draft', + }, + { + id: 'CWE-322', + name: 'Key Exchange without Entity Authentication', + status: 'Draft', + }, + { + id: 'CWE-323', + name: 'Reusing a Nonce, Key Pair in Encryption', + status: 'Incomplete', + }, + { + id: 'CWE-324', + name: 'Use of a Key Past its Expiration Date', + status: 'Draft', + }, + { + id: 'CWE-325', + name: 'Missing Required Cryptographic Step', + status: 'Incomplete', + }, + { id: 'CWE-326', name: 'Weak Encryption', status: 'Draft' }, + { + id: 'CWE-327', + name: 'Use of a Broken or Risky Cryptographic Algorithm', + status: 'Incomplete', + }, + { id: 'CWE-328', name: 'Reversible One-Way Hash', status: 'Draft' }, + { + id: 'CWE-329', + name: 'Not Using a Random IV with CBC Mode', + status: 'Draft', + }, + { + id: 'CWE-33', + name: "Path Traversal: '....' (Multiple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-330', + name: 'Use of Insufficiently Random Values', + status: 'Draft', + }, + { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, + { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, + { + id: 'CWE-333', + name: 'Failure to Handle Insufficient Entropy in TRNG', + status: 'Draft', + }, + { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, + { id: 'CWE-335', name: 'PRNG Seed Error', status: 'Draft' }, + { id: 'CWE-336', name: 'Same Seed in PRNG', status: 'Draft' }, + { id: 'CWE-337', name: 'Predictable Seed in PRNG', status: 'Draft' }, + { + id: 'CWE-338', + name: 'Use of Cryptographically Weak PRNG', + status: 'Draft', + }, + { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, + { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, + { id: 'CWE-340', name: 'Predictability Problems', status: 'Incomplete' }, + { + id: 'CWE-341', + name: 'Predictable from Observable State', + status: 'Draft', + }, + { + id: 'CWE-342', + name: 'Predictable Exact Value from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-343', + name: 'Predictable Value Range from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-344', + name: 'Use of Invariant Value in Dynamically Changing Context', + status: 'Draft', + }, + { + id: 'CWE-345', + name: 'Insufficient Verification of Data Authenticity', + status: 'Draft', + }, + { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, + { id: 'CWE-347', name: 'Improperly Verified Signature', status: 'Draft' }, + { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, + { + id: 'CWE-349', + name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', + status: 'Draft', + }, + { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, + { id: 'CWE-350', name: 'Improperly Trusted Reverse DNS', status: 'Draft' }, + { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, + { + id: 'CWE-353', + name: 'Failure to Add Integrity Check Value', + status: 'Draft', + }, + { + id: 'CWE-354', + name: 'Failure to Check Integrity Check Value', + status: 'Draft', + }, + { + id: 'CWE-356', + name: 'Product UI does not Warn User of Unsafe Actions', + status: 'Incomplete', + }, + { + id: 'CWE-357', + name: 'Insufficient UI Warning of Dangerous Operations', + status: 'Draft', + }, + { + id: 'CWE-358', + name: 'Improperly Implemented Security Check for Standard', + status: 'Draft', + }, + { id: 'CWE-359', name: 'Privacy Violation', status: 'Incomplete' }, + { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, + { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, + { id: 'CWE-362', name: 'Race Condition', status: 'Draft' }, + { + id: 'CWE-363', + name: 'Race Condition Enabling Link Following', + status: 'Draft', + }, + { + id: 'CWE-364', + name: 'Signal Handler Race Condition', + status: 'Incomplete', + }, + { id: 'CWE-365', name: 'Race Condition in Switch', status: 'Draft' }, + { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, + { + id: 'CWE-367', + name: 'Time-of-check Time-of-use Race Condition', + status: 'Incomplete', + }, + { + id: 'CWE-368', + name: 'Context Switching Race Condition', + status: 'Draft', + }, + { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, + { + id: 'CWE-37', + name: "Path Traversal: '/absolute/pathname/here'", + status: 'Draft', + }, + { + id: 'CWE-370', + name: 'Race Condition in Checking for Certificate Revocation', + status: 'Draft', + }, + { + id: 'CWE-372', + name: 'Incomplete Internal State Distinction', + status: 'Draft', + }, + { id: 'CWE-373', name: 'State Synchronization Error', status: 'Draft' }, + { + id: 'CWE-374', + name: 'Mutable Objects Passed by Reference', + status: 'Draft', + }, + { + id: 'CWE-375', + name: 'Passing Mutable Objects to an Untrusted Method', + status: 'Draft', + }, + { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, + { + id: 'CWE-378', + name: 'Creation of Temporary File With Insecure Permissions', + status: 'Draft', + }, + { + id: 'CWE-379', + name: 'Creation of Temporary File in Directory with Insecure Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-38', + name: "Path Traversal: '\\absolute\\pathname\\here'", + status: 'Draft', + }, + { + id: 'CWE-382', + name: 'J2EE Bad Practices: Use of System.exit()', + status: 'Draft', + }, + { + id: 'CWE-383', + name: 'J2EE Bad Practices: Direct Use of Threads', + status: 'Draft', + }, + { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, + { + id: 'CWE-386', + name: 'Symbolic Name not Mapping to Correct Object', + status: 'Draft', + }, + { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, + { + id: 'CWE-390', + name: 'Detection of Error Condition Without Action', + status: 'Draft', + }, + { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, + { + id: 'CWE-392', + name: 'Failure to Report Error in Status Code', + status: 'Draft', + }, + { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, + { + id: 'CWE-394', + name: 'Unexpected Status Code or Return Value', + status: 'Draft', + }, + { + id: 'CWE-395', + name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', + status: 'Draft', + }, + { + id: 'CWE-396', + name: 'Declaration of Catch for Generic Exception', + status: 'Draft', + }, + { + id: 'CWE-397', + name: 'Declaration of Throws for Generic Exception', + status: 'Draft', + }, + { id: 'CWE-398', name: 'Indicator of Poor Code Quality', status: 'Draft' }, + { + id: 'CWE-40', + name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", + status: 'Draft', + }, + { id: 'CWE-400', name: 'Resource Exhaustion', status: 'Incomplete' }, + { + id: 'CWE-401', + name: "Failure to Release Memory Before Removing Last Reference (aka 'Memory Leak')", + status: 'Draft', + }, + { + id: 'CWE-402', + name: "Transmission of Private Resources into a New Sphere (aka 'Resource Leak')", + status: 'Draft', + }, + { id: 'CWE-403', name: 'UNIX File Descriptor Leak', status: 'Draft' }, + { + id: 'CWE-404', + name: 'Improper Resource Shutdown or Release', + status: 'Draft', + }, + { + id: 'CWE-405', + name: 'Asymmetric Resource Consumption (Amplification)', + status: 'Incomplete', + }, + { id: 'CWE-406', name: 'Network Amplification', status: 'Incomplete' }, + { id: 'CWE-407', name: 'Algorithmic Complexity', status: 'Incomplete' }, + { + id: 'CWE-408', + name: 'Incorrect Behavior Order: Early Amplification', + status: 'Draft', + }, + { + id: 'CWE-409', + name: 'Failure to Handle Highly Compressed Data (Data Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-41', + name: 'Failure to Resolve Path Equivalence', + status: 'Incomplete', + }, + { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, + { + id: 'CWE-412', + name: 'Unrestricted Lock on Critical Resource', + status: 'Incomplete', + }, + { id: 'CWE-413', name: 'Insufficient Resource Locking', status: 'Draft' }, + { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, + { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, + { id: 'CWE-416', name: 'Use After Free', status: 'Draft' }, + { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, + { + id: 'CWE-42', + name: "Path Equivalence: 'filename.' (Trailing Dot)", + status: 'Incomplete', + }, + { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, + { + id: 'CWE-421', + name: 'Race Condition During Access to Alternate Channel', + status: 'Draft', + }, + { + id: 'CWE-422', + name: "Unprotected Windows Messaging Channel ('Shatter')", + status: 'Draft', + }, + { id: 'CWE-423', name: 'Proxied Trusted Channel', status: 'Incomplete' }, + { + id: 'CWE-424', + name: 'Failure to Protect Alternate Path', + status: 'Draft', + }, + { + id: 'CWE-425', + name: "Direct Request ('Forced Browsing')", + status: 'Incomplete', + }, + { + id: 'CWE-427', + name: 'Uncontrolled Search Path Element', + status: 'Draft', + }, + { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, + { + id: 'CWE-43', + name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-430', + name: 'Deployment of Wrong Handler', + status: 'Incomplete', + }, + { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, + { + id: 'CWE-432', + name: 'Dangerous Handler not Disabled During Sensitive Operations', + status: 'Draft', + }, + { + id: 'CWE-433', + name: 'Unparsed Raw Web Content Delivery', + status: 'Incomplete', + }, + { id: 'CWE-435', name: 'Interaction Error', status: 'Draft' }, + { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, + { + id: 'CWE-437', + name: 'Incomplete Model of Endpoint Features', + status: 'Incomplete', + }, + { + id: 'CWE-439', + name: 'Behavioral Change in New Version or Environment', + status: 'Draft', + }, + { + id: 'CWE-44', + name: "Path Equivalence: 'file.name' (Internal Dot)", + status: 'Incomplete', + }, + { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, + { id: 'CWE-441', name: 'Unintended Proxy/Intermediary', status: 'Draft' }, + { + id: 'CWE-443', + name: 'DEPRECATED (Duplicate): HTTP response splitting', + status: 'Deprecated', + }, + { + id: 'CWE-444', + name: "Inconsistent Interpretation of HTTP Requests (aka 'HTTP Request Smuggling')", + status: 'Incomplete', + }, + { + id: 'CWE-446', + name: 'UI Discrepancy for Security Feature', + status: 'Incomplete', + }, + { + id: 'CWE-447', + name: 'Unimplemented or Unsupported Feature in UI', + status: 'Draft', + }, + { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, + { + id: 'CWE-449', + name: 'The UI Performs the Wrong Action', + status: 'Incomplete', + }, + { + id: 'CWE-45', + name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-450', + name: 'Multiple Interpretations of UI Input', + status: 'Draft', + }, + { + id: 'CWE-451', + name: 'UI Misrepresentation of Critical Information', + status: 'Draft', + }, + { + id: 'CWE-453', + name: 'Insecure Default Variable Initialization', + status: 'Draft', + }, + { + id: 'CWE-454', + name: 'External Initialization of Trusted Variables', + status: 'Draft', + }, + { + id: 'CWE-455', + name: 'Non-exit on Failed Initialization', + status: 'Draft', + }, + { id: 'CWE-456', name: 'Missing Initialization', status: 'Draft' }, + { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, + { + id: 'CWE-458', + name: 'DEPRECATED: Incorrect Initialization', + status: 'Deprecated', + }, + { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, + { + id: 'CWE-46', + name: "Path Equivalence: 'filename ' (Trailing Space)", + status: 'Incomplete', + }, + { + id: 'CWE-460', + name: 'Improper Cleanup on Thrown Exception', + status: 'Draft', + }, + { + id: 'CWE-462', + name: 'Duplicate Key in Associative List (Alist)', + status: 'Incomplete', + }, + { + id: 'CWE-463', + name: 'Deletion of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-464', + name: 'Addition of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-466', + name: 'Return of Pointer Value Outside of Expected Range', + status: 'Draft', + }, + { + id: 'CWE-467', + name: 'Use of sizeof() on a Pointer Type', + status: 'Draft', + }, + { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, + { + id: 'CWE-469', + name: 'Use of Pointer Subtraction to Determine Size', + status: 'Draft', + }, + { + id: 'CWE-47', + name: "Path Equivalence: ' filename (Leading Space)", + status: 'Incomplete', + }, + { + id: 'CWE-470', + name: "Use of Externally-Controlled Input to Select Classes or Code (aka 'Unsafe Reflection')", + status: 'Draft', + }, + { + id: 'CWE-471', + name: 'Modification of Assumed-Immutable Data (MAID)', + status: 'Draft', + }, + { + id: 'CWE-472', + name: 'External Control of Assumed-Immutable Web Parameter', + status: 'Draft', + }, + { + id: 'CWE-473', + name: 'PHP External Variable Modification', + status: 'Draft', + }, + { + id: 'CWE-474', + name: 'Use of Function with Inconsistent Implementations', + status: 'Draft', + }, + { + id: 'CWE-475', + name: 'Undefined Behavior for Input to API', + status: 'Incomplete', + }, + { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Draft' }, + { id: 'CWE-477', name: 'Use of Obsolete Functions', status: 'Draft' }, + { + id: 'CWE-478', + name: 'Failure to Use Default Case in Switch', + status: 'Draft', + }, + { + id: 'CWE-479', + name: 'Unsafe Function Call from a Signal Handler', + status: 'Draft', + }, + { + id: 'CWE-48', + name: "Path Equivalence: 'file name' (Internal Whitespace)", + status: 'Incomplete', + }, + { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, + { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, + { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, + { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, + { id: 'CWE-484', name: 'Omitted Break Statement', status: 'Draft' }, + { id: 'CWE-485', name: 'Insufficient Encapsulation', status: 'Draft' }, + { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, + { + id: 'CWE-487', + name: 'Reliance on Package-level Scope', + status: 'Incomplete', + }, + { id: 'CWE-488', name: 'Data Leak Between Sessions', status: 'Draft' }, + { id: 'CWE-489', name: 'Leftover Debug Code', status: 'Draft' }, + { + id: 'CWE-49', + name: "Path Equivalence: 'filename/' (Trailing Slash)", + status: 'Incomplete', + }, + { + id: 'CWE-491', + name: "Public cloneable() Method Without Final (aka 'Object Hijack')", + status: 'Draft', + }, + { + id: 'CWE-492', + name: 'Use of Inner Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-493', + name: 'Critical Public Variable Without Final Modifier', + status: 'Draft', + }, + { + id: 'CWE-494', + name: 'Download of Untrusted Mobile Code Without Integrity Check', + status: 'Draft', + }, + { + id: 'CWE-495', + name: 'Private Array-Typed Field Returned From A Public Method', + status: 'Draft', + }, + { + id: 'CWE-496', + name: 'Public Data Assigned to Private Array-Typed Field', + status: 'Incomplete', + }, + { + id: 'CWE-497', + name: 'Information Leak of System Data', + status: 'Incomplete', + }, + { + id: 'CWE-498', + name: 'Information Leak through Class Cloning', + status: 'Draft', + }, + { + id: 'CWE-499', + name: 'Serializable Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-5', + name: 'J2EE Misconfiguration: Data Transmission Without Encryption', + status: 'Draft', + }, + { + id: 'CWE-50', + name: "Path Equivalence: '//multiple/leading/slash'", + status: 'Incomplete', + }, + { id: 'CWE-500', name: 'Static Field Not Marked Final', status: 'Draft' }, + { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, + { + id: 'CWE-502', + name: 'Deserialization of Untrusted Data', + status: 'Draft', + }, + { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, + { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, + { + id: 'CWE-508', + name: 'Non-Replicating Malicious Code', + status: 'Incomplete', + }, + { + id: 'CWE-509', + name: 'Replicating Malicious Code (Virus or Worm)', + status: 'Incomplete', + }, + { + id: 'CWE-51', + name: "Path Equivalence: '/multiple//internal/slash'", + status: 'Incomplete', + }, + { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, + { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, + { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, + { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, + { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, + { + id: 'CWE-516', + name: 'DEPRECATED (Duplicate): Covert Timing Channel', + status: 'Deprecated', + }, + { + id: 'CWE-52', + name: "Path Equivalence: '/multiple/trailing/slash//'", + status: 'Incomplete', + }, + { + id: 'CWE-520', + name: '.NET Misconfiguration: Use of Impersonation', + status: 'Incomplete', + }, + { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, + { + id: 'CWE-522', + name: 'Insufficiently Protected Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-523', + name: 'Unprotected Transport of Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-524', + name: 'Information Leak Through Caching', + status: 'Incomplete', + }, + { + id: 'CWE-525', + name: 'Information Leak Through Browser Caching', + status: 'Incomplete', + }, + { + id: 'CWE-526', + name: 'Information Leak Through Environmental Variables', + status: 'Incomplete', + }, + { + id: 'CWE-527', + name: 'Information Leak Through CVS Repository', + status: 'Incomplete', + }, + { + id: 'CWE-528', + name: 'Information Leak Through Core Dump Files', + status: 'Draft', + }, + { + id: 'CWE-529', + name: 'Information Leak Through Access Control List Files', + status: 'Incomplete', + }, + { + id: 'CWE-53', + name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", + status: 'Incomplete', + }, + { + id: 'CWE-530', + name: 'Information Leak Through Backup (.~bk) Files', + status: 'Incomplete', + }, + { + id: 'CWE-531', + name: 'Information Leak Through Test Code', + status: 'Incomplete', + }, + { + id: 'CWE-532', + name: 'Information Leak Through Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-533', + name: 'Information Leak Through Server Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-534', + name: 'Information Leak Through Debug Log Files', + status: 'Draft', + }, + { + id: 'CWE-535', + name: 'Information Leak Through Shell Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-536', + name: 'Information Leak Through Servlet Runtime Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-537', + name: 'Information Leak Through Java Runtime Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-538', + name: 'File and Directory Information Leaks', + status: 'Draft', + }, + { + id: 'CWE-539', + name: 'Information Leak Through Persistent Cookies', + status: 'Incomplete', + }, + { + id: 'CWE-54', + name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", + status: 'Incomplete', + }, + { + id: 'CWE-540', + name: 'Information Leak Through Source Code', + status: 'Incomplete', + }, + { + id: 'CWE-541', + name: 'Information Leak Through Include Source Code', + status: 'Incomplete', + }, + { + id: 'CWE-542', + name: 'Information Leak Through Cleanup Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-543', + name: 'Use of Singleton Pattern in a Non-thread-safe Manner', + status: 'Incomplete', + }, + { + id: 'CWE-544', + name: 'Missing Error Handling Mechanism', + status: 'Draft', + }, + { + id: 'CWE-545', + name: 'Use of Dynamic Class Loading', + status: 'Incomplete', + }, + { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, + { + id: 'CWE-547', + name: 'Use of Hard-coded, Security-relevant Constants', + status: 'Draft', + }, + { + id: 'CWE-548', + name: 'Information Leak Through Directory Listing', + status: 'Draft', + }, + { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, + { + id: 'CWE-55', + name: "Path Equivalence: '/./' (Single Dot Directory)", + status: 'Incomplete', + }, + { + id: 'CWE-550', + name: 'Information Leak Through Server Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-551', + name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', + status: 'Incomplete', + }, + { + id: 'CWE-552', + name: 'Files or Directories Accessible to External Parties', + status: 'Draft', + }, + { + id: 'CWE-553', + name: 'Command Shell in Externally Accessible Directory', + status: 'Incomplete', + }, + { + id: 'CWE-554', + name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', + status: 'Draft', + }, + { + id: 'CWE-555', + name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-556', + name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', + status: 'Incomplete', + }, + { + id: 'CWE-558', + name: 'Use of getlogin() in Multithreaded Application', + status: 'Draft', + }, + { + id: 'CWE-56', + name: "Path Equivalence: 'filedir*' (Wildcard)", + status: 'Incomplete', + }, + { + id: 'CWE-560', + name: 'Use of umask() with chmod-style Argument', + status: 'Draft', + }, + { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, + { + id: 'CWE-562', + name: 'Return of Stack Variable Address', + status: 'Draft', + }, + { id: 'CWE-563', name: 'Unused Variable', status: 'Draft' }, + { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, + { + id: 'CWE-565', + name: 'Use of Cookies in Security Decision', + status: 'Incomplete', + }, + { + id: 'CWE-566', + name: 'Access Control Bypass Through User-Controlled SQL Primary Key', + status: 'Incomplete', + }, + { + id: 'CWE-567', + name: 'Unsynchronized Access to Shared Data', + status: 'Draft', + }, + { + id: 'CWE-568', + name: 'finalize() Method Without super.finalize()', + status: 'Draft', + }, + { + id: 'CWE-57', + name: "Path Equivalence: 'dirname/fakechild/../realchild/filename'", + status: 'Incomplete', + }, + { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, + { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, + { + id: 'CWE-572', + name: 'Call to Thread run() instead of start()', + status: 'Draft', + }, + { id: 'CWE-573', name: 'Failure to Follow Specification', status: 'Draft' }, + { + id: 'CWE-574', + name: 'EJB Bad Practices: Use of Synchronization Primitives', + status: 'Draft', + }, + { + id: 'CWE-575', + name: 'EJB Bad Practices: Use of AWT Swing', + status: 'Draft', + }, + { + id: 'CWE-576', + name: 'EJB Bad Practices: Use of Java I/O', + status: 'Draft', + }, + { + id: 'CWE-577', + name: 'EJB Bad Practices: Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-578', + name: 'EJB Bad Practices: Use of Class Loader', + status: 'Draft', + }, + { + id: 'CWE-579', + name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', + status: 'Draft', + }, + { + id: 'CWE-58', + name: 'Path Equivalence: Windows 8.3 Filename', + status: 'Incomplete', + }, + { + id: 'CWE-580', + name: 'clone() Method Without super.clone()', + status: 'Draft', + }, + { + id: 'CWE-581', + name: 'Object Model Violation: Just One of Equals and Hashcode Defined', + status: 'Draft', + }, + { + id: 'CWE-582', + name: 'Array Declared Public, Final, and Static', + status: 'Draft', + }, + { + id: 'CWE-583', + name: 'finalize() Method Declared Public', + status: 'Incomplete', + }, + { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, + { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, + { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, + { + id: 'CWE-587', + name: 'Assignment of a Fixed Address to a Pointer', + status: 'Draft', + }, + { + id: 'CWE-588', + name: 'Attempt to Access Child of a Non-structure Pointer', + status: 'Incomplete', + }, + { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, + { + id: 'CWE-59', + name: "Failure to Resolve Links Before File Access (aka 'Link Following')", + status: 'Draft', + }, + { + id: 'CWE-590', + name: 'Free of Invalid Pointer Not on the Heap', + status: 'Incomplete', + }, + { + id: 'CWE-591', + name: 'Sensitive Data Storage in Improperly Locked Memory', + status: 'Draft', + }, + { + id: 'CWE-592', + name: 'Authentication Bypass Issues', + status: 'Incomplete', + }, + { + id: 'CWE-593', + name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', + status: 'Draft', + }, + { + id: 'CWE-594', + name: 'J2EE Framework: Saving Unserializable Objects to Disk', + status: 'Incomplete', + }, + { + id: 'CWE-595', + name: 'Incorrect Syntactic Object Comparison', + status: 'Incomplete', + }, + { + id: 'CWE-596', + name: 'Incorrect Semantic Object Comparison', + status: 'Incomplete', + }, + { + id: 'CWE-597', + name: 'Use of Wrong Operator in String Comparison', + status: 'Draft', + }, + { + id: 'CWE-598', + name: 'Information Leak Through Query Strings in GET Request', + status: 'Draft', + }, + { + id: 'CWE-599', + name: 'Trust of OpenSSL Certificate Without Validation', + status: 'Incomplete', + }, + { + id: 'CWE-6', + name: 'J2EE Misconfiguration: Insufficient Session-ID Length', + status: 'Incomplete', + }, + { + id: 'CWE-600', + name: 'Failure to Catch All Exceptions (Missing Catch Block)', + status: 'Draft', + }, + { + id: 'CWE-601', + name: "URL Redirection to Untrusted Site (aka 'Open Redirect')", + status: 'Draft', + }, + { + id: 'CWE-602', + name: 'Design Principle Violation: Client-Side Enforcement of Server-Side Security', + status: 'Draft', + }, + { + id: 'CWE-603', + name: 'Use of Client-Side Authentication', + status: 'Draft', + }, + { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, + { + id: 'CWE-606', + name: 'Unchecked Input for Loop Condition', + status: 'Draft', + }, + { + id: 'CWE-607', + name: 'Public Static Final Field References Mutable Object', + status: 'Draft', + }, + { + id: 'CWE-608', + name: 'Struts: Non-private Field in ActionForm Class', + status: 'Draft', + }, + { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, + { + id: 'CWE-610', + name: 'Externally Controlled Reference to a Resource in Another Sphere', + status: 'Draft', + }, + { + id: 'CWE-611', + name: 'Information Leak Through XML External Entity File Disclosure', + status: 'Draft', + }, + { + id: 'CWE-612', + name: 'Information Leak Through Indexing of Private Data', + status: 'Draft', + }, + { + id: 'CWE-613', + name: 'Insufficient Session Expiration', + status: 'Incomplete', + }, + { + id: 'CWE-614', + name: 'Sensitive Cookie in HTTPS Session Without "Secure" Attribute', + status: 'Draft', + }, + { + id: 'CWE-615', + name: 'Information Leak Through Comments', + status: 'Incomplete', + }, + { + id: 'CWE-616', + name: 'Incomplete Identification of Uploaded File Variables (PHP)', + status: 'Incomplete', + }, + { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, + { + id: 'CWE-618', + name: 'Exposed Unsafe ActiveX Method', + status: 'Incomplete', + }, + { + id: 'CWE-619', + name: "Dangling Database Cursor (aka 'Cursor Injection')", + status: 'Incomplete', + }, + { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, + { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, + { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, + { + id: 'CWE-622', + name: 'Unvalidated Function Hook Arguments', + status: 'Draft', + }, + { + id: 'CWE-623', + name: 'Unsafe ActiveX Control Marked Safe For Scripting', + status: 'Draft', + }, + { + id: 'CWE-624', + name: 'Executable Regular Expression Error', + status: 'Incomplete', + }, + { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, + { + id: 'CWE-626', + name: 'Null Byte Interaction Error (Poison Null Byte)', + status: 'Draft', + }, + { + id: 'CWE-627', + name: 'Dynamic Variable Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-628', + name: 'Function Call with Incorrectly Specified Arguments', + status: 'Draft', + }, + { + id: 'CWE-636', + name: "Design Principle Violation: Not Failing Securely (aka 'Failing Open')", + status: 'Draft', + }, + { + id: 'CWE-637', + name: 'Design Principle Violation: Not Using Economy of Mechanism', + status: 'Draft', + }, + { + id: 'CWE-638', + name: 'Design Principle Violation: Not Using Complete Mediation', + status: 'Draft', + }, + { + id: 'CWE-639', + name: 'Access Control Bypass Through User-Controlled Key', + status: 'Incomplete', + }, + { + id: 'CWE-64', + name: 'Windows Shortcut Following (.LNK)', + status: 'Incomplete', + }, + { + id: 'CWE-640', + name: 'Weak Password Recovery Mechanism for Forgotten Password', + status: 'Incomplete', + }, + { + id: 'CWE-641', + name: 'Insufficient Filtering of File and Other Resource Names for Executable Content', + status: 'Incomplete', + }, + { + id: 'CWE-642', + name: 'External Control of User State Data', + status: 'Incomplete', + }, + { + id: 'CWE-643', + name: 'Unsafe Treatment of XPath Input', + status: 'Incomplete', + }, + { + id: 'CWE-644', + name: 'Insufficient Filtering of HTTP Headers for Scripting Syntax', + status: 'Incomplete', + }, + { + id: 'CWE-645', + name: 'Overly Restrictive Account Lockout Mechanism', + status: 'Incomplete', + }, + { + id: 'CWE-646', + name: 'Taking Actions based on File Name or Extension of a User Supplied File', + status: 'Incomplete', + }, + { + id: 'CWE-647', + name: 'Using Non-Canonical Paths for Authorization Decisions', + status: 'Incomplete', + }, + { + id: 'CWE-648', + name: 'Improper Use of Privileged APIs', + status: 'Incomplete', + }, + { + id: 'CWE-649', + name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', + status: 'Incomplete', + }, + { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, + { + id: 'CWE-650', + name: 'Trusting HTTP Permission Methods on the Server Side', + status: 'Incomplete', + }, + { + id: 'CWE-651', + name: 'Information Leak through WSDL File', + status: 'Incomplete', + }, + { + id: 'CWE-652', + name: 'Unsafe Treatment of XQuery Input', + status: 'Incomplete', + }, + { + id: 'CWE-653', + name: 'Design Principle Violation: Insufficient Compartmentalization', + status: 'Draft', + }, + { + id: 'CWE-654', + name: 'Design Principle Violation: Reliance on a Single Factor in a Security Decision', + status: 'Draft', + }, + { + id: 'CWE-655', + name: 'Design Principle Violation: Failure to Satisfy Psychological Acceptability', + status: 'Draft', + }, + { + id: 'CWE-656', + name: 'Design Principle Violation: Reliance on Security through Obscurity', + status: 'Draft', + }, + { + id: 'CWE-657', + name: 'Violation of Secure Design Principles', + status: 'Draft', + }, + { + id: 'CWE-66', + name: 'Failure to Handle File Names that Identify Virtual Resources', + status: 'Draft', + }, + { id: 'CWE-662', name: 'Insufficient Synchronization', status: 'Draft' }, + { + id: 'CWE-663', + name: 'Use of a Non-reentrant Function in an Unsynchronized Context', + status: 'Draft', + }, + { + id: 'CWE-664', + name: 'Insufficient Control of a Resource Through its Lifetime', + status: 'Draft', + }, + { + id: 'CWE-665', + name: 'Incorrect or Incomplete Initialization', + status: 'Draft', + }, + { + id: 'CWE-666', + name: 'Operation on Resource in Wrong Phase of Lifetime', + status: 'Draft', + }, + { id: 'CWE-667', name: 'Insufficient Locking', status: 'Draft' }, + { + id: 'CWE-668', + name: 'Exposure of Resource to Wrong Sphere', + status: 'Draft', + }, + { + id: 'CWE-669', + name: 'Incorrect Resource Transfer Between Spheres', + status: 'Draft', + }, + { + id: 'CWE-67', + name: 'Failure to Handle Windows Device Names', + status: 'Incomplete', + }, + { + id: 'CWE-670', + name: 'Always-Incorrect Control Flow Implementation', + status: 'Draft', + }, + { + id: 'CWE-671', + name: 'Design Principle Violation: Lack of Administrator Control over Security', + status: 'Draft', + }, + { + id: 'CWE-672', + name: 'Use of a Resource after Expiration or Release', + status: 'Draft', + }, + { + id: 'CWE-673', + name: 'External Influence of Sphere Definition', + status: 'Draft', + }, + { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, + { + id: 'CWE-675', + name: 'Duplicate Operations on Resource', + status: 'Draft', + }, + { + id: 'CWE-676', + name: 'Use of Potentially Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-681', + name: 'Incorrect Conversion between Numeric Types', + status: 'Draft', + }, + { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, + { + id: 'CWE-683', + name: 'Function Call With Incorrect Order of Arguments', + status: 'Draft', + }, + { + id: 'CWE-684', + name: 'Failure to Provide Specified Functionality', + status: 'Draft', + }, + { + id: 'CWE-685', + name: 'Function Call With Incorrect Number of Arguments', + status: 'Draft', + }, + { + id: 'CWE-686', + name: 'Function Call With Incorrect Argument Type', + status: 'Draft', + }, + { + id: 'CWE-687', + name: 'Function Call With Incorrectly Specified Argument Value', + status: 'Draft', + }, + { + id: 'CWE-688', + name: 'Function Call With Incorrect Variable or Reference as Argument', + status: 'Draft', + }, + { + id: 'CWE-69', + name: 'Failure to Handle Windows ::DATA Alternate Data Stream', + status: 'Incomplete', + }, + { + id: 'CWE-691', + name: 'Insufficient Control Flow Management', + status: 'Draft', + }, + { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, + { + id: 'CWE-694', + name: 'Use of Multiple Resources with Duplicate Identifier', + status: 'Incomplete', + }, + { + id: 'CWE-695', + name: 'Use of Low-Level Functionality', + status: 'Incomplete', + }, + { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, + { id: 'CWE-697', name: 'Insufficient Comparison', status: 'Incomplete' }, + { id: 'CWE-698', name: 'Redirect Without Exit', status: 'Incomplete' }, + { + id: 'CWE-7', + name: 'J2EE Misconfiguration: Missing Error Handling', + status: 'Incomplete', + }, + { + id: 'CWE-703', + name: 'Failure to Handle Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-704', + name: 'Incorrect Type Conversion or Cast', + status: 'Incomplete', + }, + { + id: 'CWE-705', + name: 'Incorrect Control Flow Scoping', + status: 'Incomplete', + }, + { + id: 'CWE-706', + name: 'Use of Incorrectly-Resolved Name or Reference', + status: 'Incomplete', + }, + { + id: 'CWE-707', + name: 'Failure to Enforce that Messages or Data are Well-Formed', + status: 'Incomplete', + }, + { + id: 'CWE-708', + name: 'Incorrect Ownership Assignment', + status: 'Incomplete', + }, + { id: 'CWE-71', name: "Apple '.DS_Store'", status: 'Incomplete' }, + { id: 'CWE-710', name: 'Coding Standards Violation', status: 'Incomplete' }, + { + id: 'CWE-72', + name: 'Apple HFS+ Alternate Data Stream', + status: 'Incomplete', + }, + { + id: 'CWE-73', + name: 'External Control of File Name or Path', + status: 'Draft', + }, + { + id: 'CWE-732', + name: 'Insecure Permission Assignment for Resource', + status: 'Incomplete', + }, + { + id: 'CWE-74', + name: "Failure to Sanitize Data into a Different Plane (aka 'Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-75', + name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', + status: 'Draft', + }, + { + id: 'CWE-76', + name: 'Failure to Resolve Equivalent Special Elements into a Different Plane', + status: 'Draft', + }, + { + id: 'CWE-77', + name: "Failure to Sanitize Data into a Control Plane (aka 'Command Injection')", + status: 'Draft', + }, + { + id: 'CWE-78', + name: "Failure to Sanitize Data into an OS Command (aka 'OS Command Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-79', + name: "Failure to Sanitize Directives in a Web Page (aka 'Cross-site scripting' (XSS))", + status: 'Draft', + }, + { + id: 'CWE-8', + name: 'J2EE Misconfiguration: Entity Bean Declared Remote', + status: 'Incomplete', + }, + { + id: 'CWE-80', + name: 'Failure to Sanitize Script-Related HTML Tags in a Web Page (Basic XSS)', + status: 'Incomplete', + }, + { + id: 'CWE-81', + name: 'Failure to Sanitize Directives in an Error Message Web Page', + status: 'Incomplete', + }, + { + id: 'CWE-82', + name: 'Failure to Sanitize Script in Attributes of IMG Tags in a Web Page', + status: 'Incomplete', + }, + { + id: 'CWE-83', + name: 'Failure to Sanitize Script in Attributes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-84', + name: 'Failure to Resolve Encoded URI Schemes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-85', + name: 'Doubled Character XSS Manipulations', + status: 'Draft', + }, + { + id: 'CWE-86', + name: 'Failure to Sanitize Invalid Characters in Identifiers in Web Pages', + status: 'Draft', + }, + { + id: 'CWE-87', + name: 'Failure to Sanitize Alternate XSS Syntax', + status: 'Draft', + }, + { + id: 'CWE-88', + name: 'Argument Injection or Modification', + status: 'Draft', + }, + { + id: 'CWE-89', + name: "Failure to Sanitize Data within SQL Queries (aka 'SQL Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-9', + name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', + status: 'Draft', + }, + { + id: 'CWE-90', + name: "Failure to Sanitize Data into LDAP Queries (aka 'LDAP Injection')", + status: 'Draft', + }, + { + id: 'CWE-91', + name: 'XML Injection (aka Blind XPath Injection)', + status: 'Draft', + }, + { + id: 'CWE-92', + name: 'Custom Special Character Injection', + status: 'Incomplete', + }, + { + id: 'CWE-93', + name: "Failure to Sanitize CRLF Sequences (aka 'CRLF Injection')", + status: 'Draft', + }, + { id: 'CWE-94', name: 'Code Injection', status: 'Draft' }, + { + id: 'CWE-95', + name: "Insufficient Control of Directives in Dynamically Evaluated Code (aka 'Eval Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-96', + name: 'Insufficient Control of Directives in Statically Saved Code (Static Code Injection)', + status: 'Draft', + }, + { + id: 'CWE-97', + name: 'Failure to Sanitize Server-Side Includes (SSI) Within a Web Page', + status: 'Draft', + }, + { + id: 'CWE-99', + name: "Insufficient Control of Resource Identifiers (aka 'Resource Injection')", + status: 'Draft', + }, + ], +} diff --git a/lib/cwec/1.1.js b/lib/cwec/1.1.js new file mode 100644 index 00000000..603b2a36 --- /dev/null +++ b/lib/cwec/1.1.js @@ -0,0 +1,2457 @@ +export default { + weaknesses: [ + { + id: 'CWE-100', + name: 'Technology-Specific Input Validation Problems', + status: 'Incomplete', + }, + { + id: 'CWE-102', + name: 'Struts: Duplicate Validation Forms', + status: 'Incomplete', + }, + { + id: 'CWE-103', + name: 'Struts: Incomplete validate() Method Definition', + status: 'Draft', + }, + { + id: 'CWE-104', + name: 'Struts: Form Bean Does Not Extend Validation Class', + status: 'Draft', + }, + { + id: 'CWE-105', + name: 'Struts: Form Field Without Validator', + status: 'Draft', + }, + { + id: 'CWE-106', + name: 'Struts: Plug-in Framework not in Use', + status: 'Draft', + }, + { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, + { + id: 'CWE-108', + name: 'Struts: Unvalidated Action Form', + status: 'Incomplete', + }, + { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, + { + id: 'CWE-11', + name: 'ASP.NET Misconfiguration: Creating Debug Binary', + status: 'Draft', + }, + { + id: 'CWE-110', + name: 'Struts: Validator Without Form Field', + status: 'Draft', + }, + { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, + { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, + { + id: 'CWE-113', + name: "Failure to Sanitize CRLF Sequences in HTTP Headers (aka 'HTTP Response Splitting')", + status: 'Incomplete', + }, + { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, + { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, + { + id: 'CWE-116', + name: 'Insufficient Output Sanitization', + status: 'Draft', + }, + { + id: 'CWE-117', + name: 'Incorrect Output Sanitization for Logs', + status: 'Draft', + }, + { + id: 'CWE-118', + name: "Improper Access of Indexable Resource (aka 'Range Error')", + status: 'Incomplete', + }, + { + id: 'CWE-119', + name: 'Failure to Constrain Operations within the Bounds of an Allocated Memory Buffer', + status: 'Draft', + }, + { + id: 'CWE-12', + name: 'ASP.NET Misconfiguration: Missing Custom Error Handling', + status: 'Draft', + }, + { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, + { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, + { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, + { + id: 'CWE-124', + name: "Boundary Beginning Violation ('Buffer Underwrite')", + status: 'Incomplete', + }, + { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, + { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, + { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, + { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, + { id: 'CWE-129', name: 'Unchecked Array Indexing', status: 'Draft' }, + { + id: 'CWE-13', + name: 'ASP.NET Misconfiguration: Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-130', + name: 'Failure to Handle Length Parameter Inconsistency', + status: 'Incomplete', + }, + { + id: 'CWE-131', + name: 'Incorrect Calculation of Buffer Size', + status: 'Draft', + }, + { + id: 'CWE-132', + name: 'DEPRECATED (Duplicate): Miscalculated Null Termination', + status: 'Deprecated', + }, + { id: 'CWE-134', name: 'Uncontrolled Format String', status: 'Draft' }, + { + id: 'CWE-135', + name: 'Incorrect Calculation of Multi-Byte String Length', + status: 'Draft', + }, + { + id: 'CWE-138', + name: 'Failure to Sanitize Special Elements', + status: 'Draft', + }, + { + id: 'CWE-14', + name: 'Compiler Removal of Code to Clear Buffers', + status: 'Draft', + }, + { id: 'CWE-140', name: 'Failure to Sanitize Delimiters', status: 'Draft' }, + { + id: 'CWE-141', + name: 'Failure to Sanitize Parameter/Argument Delimiters', + status: 'Draft', + }, + { + id: 'CWE-142', + name: 'Failure to Sanitize Value Delimiters', + status: 'Draft', + }, + { + id: 'CWE-143', + name: 'Failure to Sanitize Record Delimiters', + status: 'Draft', + }, + { + id: 'CWE-144', + name: 'Failure to Sanitize Line Delimiters', + status: 'Draft', + }, + { + id: 'CWE-145', + name: 'Failure to Sanitize Section Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-146', + name: 'Failure to Sanitize Expression/Command Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-147', + name: 'Failure to Sanitize Input Terminators', + status: 'Draft', + }, + { + id: 'CWE-148', + name: 'Failure to Sanitize Input Leaders', + status: 'Draft', + }, + { + id: 'CWE-149', + name: 'Failure to Sanitize Quoting Syntax', + status: 'Draft', + }, + { + id: 'CWE-15', + name: 'External Control of System or Configuration Setting', + status: 'Incomplete', + }, + { + id: 'CWE-150', + name: 'Failure to Sanitize Escape, Meta, or Control Sequences', + status: 'Incomplete', + }, + { + id: 'CWE-151', + name: 'Failure to Sanitize Comment Element', + status: 'Draft', + }, + { + id: 'CWE-152', + name: 'Failure to Sanitize Macro Symbol', + status: 'Draft', + }, + { + id: 'CWE-153', + name: 'Failure to Sanitize Substitution Character', + status: 'Draft', + }, + { + id: 'CWE-154', + name: 'Failure to Sanitize Variable Name Delimiter', + status: 'Incomplete', + }, + { + id: 'CWE-155', + name: 'Failure to Sanitize Wildcard or Matching Symbol', + status: 'Draft', + }, + { id: 'CWE-156', name: 'Failure to Sanitize Whitespace', status: 'Draft' }, + { + id: 'CWE-157', + name: 'Failure to Sanitize Paired Delimiters', + status: 'Draft', + }, + { + id: 'CWE-158', + name: 'Failure to Sanitize Null Byte or NUL Character', + status: 'Incomplete', + }, + { + id: 'CWE-159', + name: 'Failure to Sanitize Special Element', + status: 'Draft', + }, + { + id: 'CWE-160', + name: 'Failure to Sanitize Leading Special Element', + status: 'Incomplete', + }, + { + id: 'CWE-161', + name: 'Failure to Sanitize Multiple Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-162', + name: 'Failure to Sanitize Trailing Special Element', + status: 'Incomplete', + }, + { + id: 'CWE-163', + name: 'Failure to Sanitize Multiple Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-164', + name: 'Failure to Sanitize Internal Special Element', + status: 'Incomplete', + }, + { + id: 'CWE-165', + name: 'Failure to Sanitize Multiple Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-166', + name: 'Failure to Handle Missing Special Element', + status: 'Draft', + }, + { + id: 'CWE-167', + name: 'Failure to Handle Additional Special Element', + status: 'Draft', + }, + { + id: 'CWE-168', + name: 'Failure to Resolve Inconsistent Special Elements', + status: 'Draft', + }, + { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, + { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, + { + id: 'CWE-173', + name: 'Failure to Handle Alternate Encoding', + status: 'Draft', + }, + { + id: 'CWE-174', + name: 'Double Decoding of the Same Data', + status: 'Draft', + }, + { + id: 'CWE-175', + name: 'Failure to Handle Mixed Encoding', + status: 'Draft', + }, + { + id: 'CWE-176', + name: 'Failure to Handle Unicode Encoding', + status: 'Draft', + }, + { + id: 'CWE-177', + name: 'Failure to Handle URL Encoding (Hex Encoding)', + status: 'Draft', + }, + { + id: 'CWE-178', + name: 'Failure to Resolve Case Sensitivity', + status: 'Incomplete', + }, + { + id: 'CWE-179', + name: 'Incorrect Behavior Order: Early Validation', + status: 'Incomplete', + }, + { + id: 'CWE-180', + name: 'Incorrect Behavior Order: Validate Before Canonicalize', + status: 'Draft', + }, + { + id: 'CWE-181', + name: 'Incorrect Behavior Order: Validate Before Filter', + status: 'Draft', + }, + { + id: 'CWE-182', + name: 'Collapse of Data Into Unsafe Value', + status: 'Draft', + }, + { id: 'CWE-183', name: 'Permissive Whitelist', status: 'Draft' }, + { id: 'CWE-184', name: 'Incomplete Blacklist', status: 'Draft' }, + { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, + { + id: 'CWE-186', + name: 'Overly Restrictive Regular Expression', + status: 'Draft', + }, + { id: 'CWE-187', name: 'Partial Comparison', status: 'Incomplete' }, + { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, + { + id: 'CWE-190', + name: 'Integer Overflow (Wrap or Wraparound)', + status: 'Incomplete', + }, + { + id: 'CWE-191', + name: 'Integer Underflow (Wrap or Wraparound)', + status: 'Draft', + }, + { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, + { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, + { + id: 'CWE-195', + name: 'Signed to Unsigned Conversion Error', + status: 'Draft', + }, + { + id: 'CWE-196', + name: 'Unsigned to Signed Conversion Error', + status: 'Draft', + }, + { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, + { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, + { id: 'CWE-20', name: 'Insufficient Input Validation', status: 'Draft' }, + { + id: 'CWE-200', + name: 'Information Leak (Information Disclosure)', + status: 'Incomplete', + }, + { + id: 'CWE-201', + name: 'Information Leak Through Sent Data', + status: 'Draft', + }, + { + id: 'CWE-202', + name: 'Privacy Leak through Data Queries', + status: 'Draft', + }, + { + id: 'CWE-203', + name: 'Discrepancy Information Leaks', + status: 'Incomplete', + }, + { + id: 'CWE-204', + name: 'Response Discrepancy Information Leak', + status: 'Incomplete', + }, + { + id: 'CWE-205', + name: 'Behavioral Discrepancy Information Leak', + status: 'Incomplete', + }, + { + id: 'CWE-206', + name: 'Internal Behavioral Inconsistency Information Leak', + status: 'Incomplete', + }, + { + id: 'CWE-207', + name: 'External Behavioral Inconsistency Information Leak', + status: 'Draft', + }, + { + id: 'CWE-208', + name: 'Timing Discrepancy Information Leak', + status: 'Incomplete', + }, + { id: 'CWE-209', name: 'Error Message Information Leaks', status: 'Draft' }, + { + id: 'CWE-210', + name: 'Product-Generated Error Message Information Leak', + status: 'Draft', + }, + { + id: 'CWE-211', + name: 'Product-External Error Message Information Leak', + status: 'Incomplete', + }, + { + id: 'CWE-212', + name: 'Cross-boundary Cleansing Information Leak', + status: 'Incomplete', + }, + { id: 'CWE-213', name: 'Intended Information Leak', status: 'Draft' }, + { + id: 'CWE-214', + name: 'Process Environment Information Leak', + status: 'Incomplete', + }, + { + id: 'CWE-215', + name: 'Information Leak Through Debug Information', + status: 'Draft', + }, + { + id: 'CWE-216', + name: 'Containment Errors (Container Errors)', + status: 'Incomplete', + }, + { + id: 'CWE-217', + name: 'Failure to Protect Stored Data from Modification', + status: 'Incomplete', + }, + { + id: 'CWE-218', + name: 'DEPRECATED (Duplicate): Failure to provide confidentiality for stored data', + status: 'Deprecated', + }, + { id: 'CWE-219', name: 'Sensitive Data Under Web Root', status: 'Draft' }, + { id: 'CWE-22', name: 'Path Traversal', status: 'Draft' }, + { id: 'CWE-220', name: 'Sensitive Data Under FTP Root', status: 'Draft' }, + { + id: 'CWE-221', + name: 'Information Loss or Omission', + status: 'Incomplete', + }, + { + id: 'CWE-222', + name: 'Truncation of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-223', + name: 'Omission of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-224', + name: 'Obscured Security-relevant Information by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-225', + name: 'DEPRECATED (Duplicate): General Information Management Problems', + status: 'Deprecated', + }, + { + id: 'CWE-226', + name: 'Sensitive Information Uncleared Before Release', + status: 'Draft', + }, + { + id: 'CWE-227', + name: "Failure to Fulfill API Contract (aka 'API Abuse')", + status: 'Draft', + }, + { + id: 'CWE-228', + name: 'Failure to Handle Syntactically Invalid Structure', + status: 'Incomplete', + }, + { + id: 'CWE-229', + name: 'Improper Handling of Values', + status: 'Incomplete', + }, + { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, + { id: 'CWE-230', name: 'Failure to Handle Missing Value', status: 'Draft' }, + { id: 'CWE-231', name: 'Failure to Handle Extra Value', status: 'Draft' }, + { + id: 'CWE-232', + name: 'Failure to Handle Undefined Value', + status: 'Draft', + }, + { id: 'CWE-233', name: 'Parameter Problems', status: 'Incomplete' }, + { + id: 'CWE-234', + name: 'Failure to Handle Missing Parameter', + status: 'Incomplete', + }, + { + id: 'CWE-235', + name: 'Failure to Handle Extra Parameter', + status: 'Draft', + }, + { + id: 'CWE-236', + name: 'Failure to Handle Undefined Parameter', + status: 'Draft', + }, + { id: 'CWE-237', name: 'Element Problems', status: 'Incomplete' }, + { + id: 'CWE-238', + name: 'Failure to Handle Missing Element', + status: 'Draft', + }, + { + id: 'CWE-239', + name: 'Failure to Handle Incomplete Element', + status: 'Draft', + }, + { + id: 'CWE-24', + name: "Path Traversal: '../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-240', + name: 'Failure to Resolve Inconsistent Elements', + status: 'Draft', + }, + { + id: 'CWE-241', + name: 'Failure to Handle Wrong Data Type', + status: 'Draft', + }, + { + id: 'CWE-242', + name: 'Use of Inherently Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-243', + name: 'Failure to Change Working Directory in chroot Jail', + status: 'Draft', + }, + { + id: 'CWE-244', + name: "Failure to Clear Heap Memory Before Release (aka 'Heap Inspection')", + status: 'Draft', + }, + { + id: 'CWE-245', + name: 'J2EE Bad Practices: Direct Management of Connections', + status: 'Draft', + }, + { + id: 'CWE-246', + name: 'J2EE Bad Practices: Direct Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-247', + name: 'Reliance on DNS Lookups in a Security Decision', + status: 'Incomplete', + }, + { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, + { + id: 'CWE-249', + name: 'Often Misused: Path Manipulation', + status: 'Incomplete', + }, + { + id: 'CWE-25', + name: "Path Traversal: '/../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-250', + name: 'Design Principle Violation: Failure to Use Least Privilege', + status: 'Draft', + }, + { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, + { + id: 'CWE-253', + name: 'Misinterpreted Function Return Value', + status: 'Incomplete', + }, + { + id: 'CWE-256', + name: 'Plaintext Storage of a Password', + status: 'Incomplete', + }, + { + id: 'CWE-257', + name: 'Storing Passwords in a Recoverable Format', + status: 'Incomplete', + }, + { + id: 'CWE-258', + name: 'Empty Password in Configuration File', + status: 'Incomplete', + }, + { id: 'CWE-259', name: 'Hard-Coded Password', status: 'Incomplete' }, + { + id: 'CWE-26', + name: "Path Traversal: '/dir/../filename'", + status: 'Draft', + }, + { + id: 'CWE-260', + name: 'Password in Configuration File', + status: 'Incomplete', + }, + { + id: 'CWE-261', + name: 'Weak Cryptography for Passwords', + status: 'Incomplete', + }, + { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, + { + id: 'CWE-263', + name: 'Password Aging with Long Expiration', + status: 'Draft', + }, + { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, + { + id: 'CWE-267', + name: 'Privilege Defined With Unsafe Actions', + status: 'Incomplete', + }, + { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, + { + id: 'CWE-269', + name: 'Insecure Privilege Management', + status: 'Incomplete', + }, + { + id: 'CWE-27', + name: "Path Traversal: 'dir/../../filename'", + status: 'Draft', + }, + { + id: 'CWE-270', + name: 'Privilege Context Switching Error', + status: 'Draft', + }, + { + id: 'CWE-271', + name: 'Privilege Dropping / Lowering Errors', + status: 'Incomplete', + }, + { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, + { + id: 'CWE-273', + name: 'Failure to Check Whether Privileges Were Dropped Successfully', + status: 'Incomplete', + }, + { + id: 'CWE-274', + name: 'Failure to Handle Insufficient Privileges', + status: 'Draft', + }, + { id: 'CWE-276', name: 'Insecure Default Permissions', status: 'Draft' }, + { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, + { + id: 'CWE-278', + name: 'Insecure Preserved Inherited Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-279', + name: 'Insecure Execution-assigned Permissions', + status: 'Draft', + }, + { + id: 'CWE-28', + name: "Path Traversal: '..\\filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-280', + name: 'Failure to Handle Insufficient Permissions or Privileges', + status: 'Draft', + }, + { id: 'CWE-281', name: 'Permission Preservation Failure', status: 'Draft' }, + { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, + { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, + { + id: 'CWE-284', + name: 'Access Control (Authorization) Issues', + status: 'Incomplete', + }, + { + id: 'CWE-285', + name: 'Missing or Inconsistent Access Control', + status: 'Draft', + }, + { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, + { id: 'CWE-287', name: 'Insufficient Authentication', status: 'Draft' }, + { + id: 'CWE-288', + name: 'Authentication Bypass Using an Alternate Path or Channel', + status: 'Incomplete', + }, + { + id: 'CWE-289', + name: 'Authentication Bypass by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-29', + name: "Path Traversal: '\\..\\filename'", + status: 'Incomplete', + }, + { + id: 'CWE-290', + name: 'Authentication Bypass by Spoofing', + status: 'Incomplete', + }, + { + id: 'CWE-292', + name: 'Trusting Self-reported DNS Name', + status: 'Incomplete', + }, + { + id: 'CWE-293', + name: 'Using Referer Field for Authentication', + status: 'Draft', + }, + { + id: 'CWE-294', + name: 'Authentication Bypass by Capture-replay', + status: 'Incomplete', + }, + { + id: 'CWE-296', + name: 'Failure to Follow Chain of Trust in Certificate Validation', + status: 'Draft', + }, + { + id: 'CWE-297', + name: 'Failure to Validate Host-specific Certificate Data', + status: 'Incomplete', + }, + { + id: 'CWE-298', + name: 'Failure to Validate Certificate Expiration', + status: 'Draft', + }, + { + id: 'CWE-299', + name: 'Failure to Check for Certificate Revocation', + status: 'Draft', + }, + { + id: 'CWE-30', + name: "Path Traversal: '\\dir\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-300', + name: "Channel Accessible by Non-Endpoint (aka 'Man-in-the-Middle')", + status: 'Draft', + }, + { + id: 'CWE-301', + name: 'Reflection Attack in an Authentication Protocol', + status: 'Draft', + }, + { + id: 'CWE-302', + name: 'Authentication Bypass by Assumed-Immutable Data', + status: 'Incomplete', + }, + { + id: 'CWE-303', + name: 'Improper Implementation of Authentication Algorithm', + status: 'Draft', + }, + { + id: 'CWE-304', + name: 'Missing Critical Step in Authentication', + status: 'Draft', + }, + { + id: 'CWE-305', + name: 'Authentication Bypass by Primary Weakness', + status: 'Draft', + }, + { + id: 'CWE-306', + name: 'No Authentication for Critical Function', + status: 'Draft', + }, + { + id: 'CWE-307', + name: 'Failure to Restrict Excessive Authentication Attempts', + status: 'Draft', + }, + { + id: 'CWE-308', + name: 'Use of Single-factor Authentication', + status: 'Draft', + }, + { + id: 'CWE-309', + name: 'Use of Password System for Primary Authentication', + status: 'Draft', + }, + { + id: 'CWE-31', + name: "Path Traversal: 'dir\\..\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-311', + name: 'Failure to Encrypt Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-312', + name: 'Plaintext Storage of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-313', + name: 'Plaintext Storage in a File or on Disk', + status: 'Draft', + }, + { + id: 'CWE-314', + name: 'Plaintext Storage in the Registry', + status: 'Draft', + }, + { id: 'CWE-315', name: 'Plaintext Storage in a Cookie', status: 'Draft' }, + { id: 'CWE-316', name: 'Plaintext Storage in Memory', status: 'Draft' }, + { id: 'CWE-317', name: 'Plaintext Storage in GUI', status: 'Draft' }, + { id: 'CWE-318', name: 'Plaintext Storage in Executable', status: 'Draft' }, + { + id: 'CWE-319', + name: 'Plaintext Transmission of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-32', + name: "Path Traversal: '...' (Triple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-321', + name: 'Use of Hard-coded Cryptographic Key', + status: 'Draft', + }, + { + id: 'CWE-322', + name: 'Key Exchange without Entity Authentication', + status: 'Draft', + }, + { + id: 'CWE-323', + name: 'Reusing a Nonce, Key Pair in Encryption', + status: 'Incomplete', + }, + { + id: 'CWE-324', + name: 'Use of a Key Past its Expiration Date', + status: 'Draft', + }, + { + id: 'CWE-325', + name: 'Missing Required Cryptographic Step', + status: 'Incomplete', + }, + { id: 'CWE-326', name: 'Weak Encryption', status: 'Draft' }, + { + id: 'CWE-327', + name: 'Use of a Broken or Risky Cryptographic Algorithm', + status: 'Incomplete', + }, + { id: 'CWE-328', name: 'Reversible One-Way Hash', status: 'Draft' }, + { + id: 'CWE-329', + name: 'Not Using a Random IV with CBC Mode', + status: 'Draft', + }, + { + id: 'CWE-33', + name: "Path Traversal: '....' (Multiple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-330', + name: 'Use of Insufficiently Random Values', + status: 'Draft', + }, + { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, + { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, + { + id: 'CWE-333', + name: 'Failure to Handle Insufficient Entropy in TRNG', + status: 'Draft', + }, + { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, + { id: 'CWE-335', name: 'PRNG Seed Error', status: 'Draft' }, + { id: 'CWE-336', name: 'Same Seed in PRNG', status: 'Draft' }, + { id: 'CWE-337', name: 'Predictable Seed in PRNG', status: 'Draft' }, + { + id: 'CWE-338', + name: 'Use of Cryptographically Weak PRNG', + status: 'Draft', + }, + { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, + { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, + { id: 'CWE-340', name: 'Predictability Problems', status: 'Incomplete' }, + { + id: 'CWE-341', + name: 'Predictable from Observable State', + status: 'Draft', + }, + { + id: 'CWE-342', + name: 'Predictable Exact Value from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-343', + name: 'Predictable Value Range from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-344', + name: 'Use of Invariant Value in Dynamically Changing Context', + status: 'Draft', + }, + { + id: 'CWE-345', + name: 'Insufficient Verification of Data Authenticity', + status: 'Draft', + }, + { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, + { id: 'CWE-347', name: 'Improperly Verified Signature', status: 'Draft' }, + { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, + { + id: 'CWE-349', + name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', + status: 'Draft', + }, + { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, + { id: 'CWE-350', name: 'Improperly Trusted Reverse DNS', status: 'Draft' }, + { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, + { + id: 'CWE-353', + name: 'Failure to Add Integrity Check Value', + status: 'Draft', + }, + { + id: 'CWE-354', + name: 'Failure to Check Integrity Check Value', + status: 'Draft', + }, + { + id: 'CWE-356', + name: 'Product UI does not Warn User of Unsafe Actions', + status: 'Incomplete', + }, + { + id: 'CWE-357', + name: 'Insufficient UI Warning of Dangerous Operations', + status: 'Draft', + }, + { + id: 'CWE-358', + name: 'Improperly Implemented Security Check for Standard', + status: 'Draft', + }, + { id: 'CWE-359', name: 'Privacy Violation', status: 'Incomplete' }, + { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, + { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, + { id: 'CWE-362', name: 'Race Condition', status: 'Draft' }, + { + id: 'CWE-363', + name: 'Race Condition Enabling Link Following', + status: 'Draft', + }, + { + id: 'CWE-364', + name: 'Signal Handler Race Condition', + status: 'Incomplete', + }, + { id: 'CWE-365', name: 'Race Condition in Switch', status: 'Draft' }, + { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, + { + id: 'CWE-367', + name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', + status: 'Incomplete', + }, + { + id: 'CWE-368', + name: 'Context Switching Race Condition', + status: 'Draft', + }, + { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, + { + id: 'CWE-37', + name: "Path Traversal: '/absolute/pathname/here'", + status: 'Draft', + }, + { + id: 'CWE-370', + name: 'Race Condition in Checking for Certificate Revocation', + status: 'Draft', + }, + { + id: 'CWE-372', + name: 'Incomplete Internal State Distinction', + status: 'Draft', + }, + { id: 'CWE-373', name: 'State Synchronization Error', status: 'Draft' }, + { + id: 'CWE-374', + name: 'Mutable Objects Passed by Reference', + status: 'Draft', + }, + { + id: 'CWE-375', + name: 'Passing Mutable Objects to an Untrusted Method', + status: 'Draft', + }, + { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, + { + id: 'CWE-378', + name: 'Creation of Temporary File With Insecure Permissions', + status: 'Draft', + }, + { + id: 'CWE-379', + name: 'Creation of Temporary File in Directory with Insecure Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-38', + name: "Path Traversal: '\\absolute\\pathname\\here'", + status: 'Draft', + }, + { + id: 'CWE-382', + name: 'J2EE Bad Practices: Use of System.exit()', + status: 'Draft', + }, + { + id: 'CWE-383', + name: 'J2EE Bad Practices: Direct Use of Threads', + status: 'Draft', + }, + { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, + { + id: 'CWE-386', + name: 'Symbolic Name not Mapping to Correct Object', + status: 'Draft', + }, + { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, + { + id: 'CWE-390', + name: 'Detection of Error Condition Without Action', + status: 'Draft', + }, + { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, + { + id: 'CWE-392', + name: 'Failure to Report Error in Status Code', + status: 'Draft', + }, + { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, + { + id: 'CWE-394', + name: 'Unexpected Status Code or Return Value', + status: 'Draft', + }, + { + id: 'CWE-395', + name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', + status: 'Draft', + }, + { + id: 'CWE-396', + name: 'Declaration of Catch for Generic Exception', + status: 'Draft', + }, + { + id: 'CWE-397', + name: 'Declaration of Throws for Generic Exception', + status: 'Draft', + }, + { id: 'CWE-398', name: 'Indicator of Poor Code Quality', status: 'Draft' }, + { + id: 'CWE-40', + name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", + status: 'Draft', + }, + { + id: 'CWE-400', + name: "Uncontrolled Resource Consumption (aka 'Resource Exhaustion')", + status: 'Incomplete', + }, + { + id: 'CWE-401', + name: "Failure to Release Memory Before Removing Last Reference (aka 'Memory Leak')", + status: 'Draft', + }, + { + id: 'CWE-402', + name: "Transmission of Private Resources into a New Sphere (aka 'Resource Leak')", + status: 'Draft', + }, + { id: 'CWE-403', name: 'UNIX File Descriptor Leak', status: 'Draft' }, + { + id: 'CWE-404', + name: 'Improper Resource Shutdown or Release', + status: 'Draft', + }, + { + id: 'CWE-405', + name: 'Asymmetric Resource Consumption (Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-406', + name: 'Insufficient Control of Network Message Volume (Network Amplification)', + status: 'Incomplete', + }, + { id: 'CWE-407', name: 'Algorithmic Complexity', status: 'Incomplete' }, + { + id: 'CWE-408', + name: 'Incorrect Behavior Order: Early Amplification', + status: 'Draft', + }, + { + id: 'CWE-409', + name: 'Failure to Handle Highly Compressed Data (Data Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-41', + name: 'Failure to Resolve Path Equivalence', + status: 'Incomplete', + }, + { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, + { + id: 'CWE-412', + name: 'Unrestricted Lock on Critical Resource', + status: 'Incomplete', + }, + { id: 'CWE-413', name: 'Insufficient Resource Locking', status: 'Draft' }, + { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, + { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, + { id: 'CWE-416', name: 'Use After Free', status: 'Draft' }, + { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, + { + id: 'CWE-42', + name: "Path Equivalence: 'filename.' (Trailing Dot)", + status: 'Incomplete', + }, + { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, + { + id: 'CWE-421', + name: 'Race Condition During Access to Alternate Channel', + status: 'Draft', + }, + { + id: 'CWE-422', + name: "Unprotected Windows Messaging Channel ('Shatter')", + status: 'Draft', + }, + { + id: 'CWE-423', + name: 'DEPRECATED (Duplicate): Proxied Trusted Channel', + status: 'Deprecated', + }, + { + id: 'CWE-424', + name: 'Failure to Protect Alternate Path', + status: 'Draft', + }, + { + id: 'CWE-425', + name: "Direct Request ('Forced Browsing')", + status: 'Incomplete', + }, + { + id: 'CWE-427', + name: 'Uncontrolled Search Path Element', + status: 'Draft', + }, + { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, + { + id: 'CWE-43', + name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-430', + name: 'Deployment of Wrong Handler', + status: 'Incomplete', + }, + { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, + { + id: 'CWE-432', + name: 'Dangerous Handler not Disabled During Sensitive Operations', + status: 'Draft', + }, + { + id: 'CWE-433', + name: 'Unparsed Raw Web Content Delivery', + status: 'Incomplete', + }, + { id: 'CWE-435', name: 'Interaction Error', status: 'Draft' }, + { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, + { + id: 'CWE-437', + name: 'Incomplete Model of Endpoint Features', + status: 'Incomplete', + }, + { + id: 'CWE-439', + name: 'Behavioral Change in New Version or Environment', + status: 'Draft', + }, + { + id: 'CWE-44', + name: "Path Equivalence: 'file.name' (Internal Dot)", + status: 'Incomplete', + }, + { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, + { id: 'CWE-441', name: 'Unintended Proxy/Intermediary', status: 'Draft' }, + { + id: 'CWE-443', + name: 'DEPRECATED (Duplicate): HTTP response splitting', + status: 'Deprecated', + }, + { + id: 'CWE-444', + name: "Inconsistent Interpretation of HTTP Requests (aka 'HTTP Request Smuggling')", + status: 'Incomplete', + }, + { + id: 'CWE-446', + name: 'UI Discrepancy for Security Feature', + status: 'Incomplete', + }, + { + id: 'CWE-447', + name: 'Unimplemented or Unsupported Feature in UI', + status: 'Draft', + }, + { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, + { + id: 'CWE-449', + name: 'The UI Performs the Wrong Action', + status: 'Incomplete', + }, + { + id: 'CWE-45', + name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-450', + name: 'Multiple Interpretations of UI Input', + status: 'Draft', + }, + { + id: 'CWE-451', + name: 'UI Misrepresentation of Critical Information', + status: 'Draft', + }, + { + id: 'CWE-453', + name: 'Insecure Default Variable Initialization', + status: 'Draft', + }, + { + id: 'CWE-454', + name: 'External Initialization of Trusted Variables', + status: 'Draft', + }, + { + id: 'CWE-455', + name: 'Non-exit on Failed Initialization', + status: 'Draft', + }, + { id: 'CWE-456', name: 'Missing Initialization', status: 'Draft' }, + { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, + { + id: 'CWE-458', + name: 'DEPRECATED: Incorrect Initialization', + status: 'Deprecated', + }, + { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, + { + id: 'CWE-46', + name: "Path Equivalence: 'filename ' (Trailing Space)", + status: 'Incomplete', + }, + { + id: 'CWE-460', + name: 'Improper Cleanup on Thrown Exception', + status: 'Draft', + }, + { + id: 'CWE-462', + name: 'Duplicate Key in Associative List (Alist)', + status: 'Incomplete', + }, + { + id: 'CWE-463', + name: 'Deletion of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-464', + name: 'Addition of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-466', + name: 'Return of Pointer Value Outside of Expected Range', + status: 'Draft', + }, + { + id: 'CWE-467', + name: 'Use of sizeof() on a Pointer Type', + status: 'Draft', + }, + { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, + { + id: 'CWE-469', + name: 'Use of Pointer Subtraction to Determine Size', + status: 'Draft', + }, + { + id: 'CWE-47', + name: "Path Equivalence: ' filename (Leading Space)", + status: 'Incomplete', + }, + { + id: 'CWE-470', + name: "Use of Externally-Controlled Input to Select Classes or Code (aka 'Unsafe Reflection')", + status: 'Draft', + }, + { + id: 'CWE-471', + name: 'Modification of Assumed-Immutable Data (MAID)', + status: 'Draft', + }, + { + id: 'CWE-472', + name: 'External Control of Assumed-Immutable Web Parameter', + status: 'Draft', + }, + { + id: 'CWE-473', + name: 'PHP External Variable Modification', + status: 'Draft', + }, + { + id: 'CWE-474', + name: 'Use of Function with Inconsistent Implementations', + status: 'Draft', + }, + { + id: 'CWE-475', + name: 'Undefined Behavior for Input to API', + status: 'Incomplete', + }, + { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Draft' }, + { id: 'CWE-477', name: 'Use of Obsolete Functions', status: 'Draft' }, + { + id: 'CWE-478', + name: 'Failure to Use Default Case in Switch', + status: 'Draft', + }, + { + id: 'CWE-479', + name: 'Unsafe Function Call from a Signal Handler', + status: 'Draft', + }, + { + id: 'CWE-48', + name: "Path Equivalence: 'file name' (Internal Whitespace)", + status: 'Incomplete', + }, + { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, + { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, + { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, + { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, + { + id: 'CWE-484', + name: 'Omitted Break Statement in Switch', + status: 'Draft', + }, + { id: 'CWE-485', name: 'Insufficient Encapsulation', status: 'Draft' }, + { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, + { + id: 'CWE-487', + name: 'Reliance on Package-level Scope', + status: 'Incomplete', + }, + { id: 'CWE-488', name: 'Data Leak Between Sessions', status: 'Draft' }, + { id: 'CWE-489', name: 'Leftover Debug Code', status: 'Draft' }, + { + id: 'CWE-49', + name: "Path Equivalence: 'filename/' (Trailing Slash)", + status: 'Incomplete', + }, + { + id: 'CWE-491', + name: "Public cloneable() Method Without Final (aka 'Object Hijack')", + status: 'Draft', + }, + { + id: 'CWE-492', + name: 'Use of Inner Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-493', + name: 'Critical Public Variable Without Final Modifier', + status: 'Draft', + }, + { + id: 'CWE-494', + name: 'Download of Untrusted Mobile Code Without Integrity Check', + status: 'Draft', + }, + { + id: 'CWE-495', + name: 'Private Array-Typed Field Returned From A Public Method', + status: 'Draft', + }, + { + id: 'CWE-496', + name: 'Public Data Assigned to Private Array-Typed Field', + status: 'Incomplete', + }, + { + id: 'CWE-497', + name: 'Information Leak of System Data', + status: 'Incomplete', + }, + { + id: 'CWE-498', + name: 'Information Leak through Class Cloning', + status: 'Draft', + }, + { + id: 'CWE-499', + name: 'Serializable Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-5', + name: 'J2EE Misconfiguration: Data Transmission Without Encryption', + status: 'Draft', + }, + { + id: 'CWE-50', + name: "Path Equivalence: '//multiple/leading/slash'", + status: 'Incomplete', + }, + { + id: 'CWE-500', + name: 'Public Static Field Not Marked Final', + status: 'Draft', + }, + { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, + { + id: 'CWE-502', + name: 'Deserialization of Untrusted Data', + status: 'Draft', + }, + { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, + { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, + { + id: 'CWE-508', + name: 'Non-Replicating Malicious Code', + status: 'Incomplete', + }, + { + id: 'CWE-509', + name: 'Replicating Malicious Code (Virus or Worm)', + status: 'Incomplete', + }, + { + id: 'CWE-51', + name: "Path Equivalence: '/multiple//internal/slash'", + status: 'Incomplete', + }, + { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, + { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, + { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, + { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, + { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, + { + id: 'CWE-516', + name: 'DEPRECATED (Duplicate): Covert Timing Channel', + status: 'Deprecated', + }, + { + id: 'CWE-52', + name: "Path Equivalence: '/multiple/trailing/slash//'", + status: 'Incomplete', + }, + { + id: 'CWE-520', + name: '.NET Misconfiguration: Use of Impersonation', + status: 'Incomplete', + }, + { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, + { + id: 'CWE-522', + name: 'Insufficiently Protected Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-523', + name: 'Unprotected Transport of Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-524', + name: 'Information Leak Through Caching', + status: 'Incomplete', + }, + { + id: 'CWE-525', + name: 'Information Leak Through Browser Caching', + status: 'Incomplete', + }, + { + id: 'CWE-526', + name: 'Information Leak Through Environmental Variables', + status: 'Incomplete', + }, + { + id: 'CWE-527', + name: 'Information Leak Through CVS Repository', + status: 'Incomplete', + }, + { + id: 'CWE-528', + name: 'Information Leak Through Core Dump Files', + status: 'Draft', + }, + { + id: 'CWE-529', + name: 'Information Leak Through Access Control List Files', + status: 'Incomplete', + }, + { + id: 'CWE-53', + name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", + status: 'Incomplete', + }, + { + id: 'CWE-530', + name: 'Information Leak Through Backup (.~bk) Files', + status: 'Incomplete', + }, + { + id: 'CWE-531', + name: 'Information Leak Through Test Code', + status: 'Incomplete', + }, + { + id: 'CWE-532', + name: 'Information Leak Through Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-533', + name: 'Information Leak Through Server Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-534', + name: 'Information Leak Through Debug Log Files', + status: 'Draft', + }, + { + id: 'CWE-535', + name: 'Information Leak Through Shell Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-536', + name: 'Information Leak Through Servlet Runtime Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-537', + name: 'Information Leak Through Java Runtime Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-538', + name: 'File and Directory Information Leaks', + status: 'Draft', + }, + { + id: 'CWE-539', + name: 'Information Leak Through Persistent Cookies', + status: 'Incomplete', + }, + { + id: 'CWE-54', + name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", + status: 'Incomplete', + }, + { + id: 'CWE-540', + name: 'Information Leak Through Source Code', + status: 'Incomplete', + }, + { + id: 'CWE-541', + name: 'Information Leak Through Include Source Code', + status: 'Incomplete', + }, + { + id: 'CWE-542', + name: 'Information Leak Through Cleanup Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-543', + name: 'Use of Singleton Pattern in a Non-thread-safe Manner', + status: 'Incomplete', + }, + { + id: 'CWE-544', + name: 'Missing Error Handling Mechanism', + status: 'Draft', + }, + { + id: 'CWE-545', + name: 'Use of Dynamic Class Loading', + status: 'Incomplete', + }, + { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, + { + id: 'CWE-547', + name: 'Use of Hard-coded, Security-relevant Constants', + status: 'Draft', + }, + { + id: 'CWE-548', + name: 'Information Leak Through Directory Listing', + status: 'Draft', + }, + { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, + { + id: 'CWE-55', + name: "Path Equivalence: '/./' (Single Dot Directory)", + status: 'Incomplete', + }, + { + id: 'CWE-550', + name: 'Information Leak Through Server Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-551', + name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', + status: 'Incomplete', + }, + { + id: 'CWE-552', + name: 'Files or Directories Accessible to External Parties', + status: 'Draft', + }, + { + id: 'CWE-553', + name: 'Command Shell in Externally Accessible Directory', + status: 'Incomplete', + }, + { + id: 'CWE-554', + name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', + status: 'Draft', + }, + { + id: 'CWE-555', + name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-556', + name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', + status: 'Incomplete', + }, + { + id: 'CWE-558', + name: 'Use of getlogin() in Multithreaded Application', + status: 'Draft', + }, + { + id: 'CWE-56', + name: "Path Equivalence: 'filedir*' (Wildcard)", + status: 'Incomplete', + }, + { + id: 'CWE-560', + name: 'Use of umask() with chmod-style Argument', + status: 'Draft', + }, + { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, + { + id: 'CWE-562', + name: 'Return of Stack Variable Address', + status: 'Draft', + }, + { id: 'CWE-563', name: 'Unused Variable', status: 'Draft' }, + { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, + { + id: 'CWE-565', + name: 'Use of Cookies in Security Decision', + status: 'Incomplete', + }, + { + id: 'CWE-566', + name: 'Access Control Bypass Through User-Controlled SQL Primary Key', + status: 'Incomplete', + }, + { + id: 'CWE-567', + name: 'Unsynchronized Access to Shared Data', + status: 'Draft', + }, + { + id: 'CWE-568', + name: 'finalize() Method Without super.finalize()', + status: 'Draft', + }, + { + id: 'CWE-57', + name: "Path Equivalence: 'fakedir/../realdir/filename'", + status: 'Incomplete', + }, + { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, + { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, + { + id: 'CWE-572', + name: 'Call to Thread run() instead of start()', + status: 'Draft', + }, + { id: 'CWE-573', name: 'Failure to Follow Specification', status: 'Draft' }, + { + id: 'CWE-574', + name: 'EJB Bad Practices: Use of Synchronization Primitives', + status: 'Draft', + }, + { + id: 'CWE-575', + name: 'EJB Bad Practices: Use of AWT Swing', + status: 'Draft', + }, + { + id: 'CWE-576', + name: 'EJB Bad Practices: Use of Java I/O', + status: 'Draft', + }, + { + id: 'CWE-577', + name: 'EJB Bad Practices: Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-578', + name: 'EJB Bad Practices: Use of Class Loader', + status: 'Draft', + }, + { + id: 'CWE-579', + name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', + status: 'Draft', + }, + { + id: 'CWE-58', + name: 'Path Equivalence: Windows 8.3 Filename', + status: 'Incomplete', + }, + { + id: 'CWE-580', + name: 'clone() Method Without super.clone()', + status: 'Draft', + }, + { + id: 'CWE-581', + name: 'Object Model Violation: Just One of Equals and Hashcode Defined', + status: 'Draft', + }, + { + id: 'CWE-582', + name: 'Array Declared Public, Final, and Static', + status: 'Draft', + }, + { + id: 'CWE-583', + name: 'finalize() Method Declared Public', + status: 'Incomplete', + }, + { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, + { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, + { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, + { + id: 'CWE-587', + name: 'Assignment of a Fixed Address to a Pointer', + status: 'Draft', + }, + { + id: 'CWE-588', + name: 'Attempt to Access Child of a Non-structure Pointer', + status: 'Incomplete', + }, + { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, + { + id: 'CWE-59', + name: "Failure to Resolve Links Before File Access (aka 'Link Following')", + status: 'Draft', + }, + { + id: 'CWE-590', + name: 'Free of Invalid Pointer Not on the Heap', + status: 'Incomplete', + }, + { + id: 'CWE-591', + name: 'Sensitive Data Storage in Improperly Locked Memory', + status: 'Draft', + }, + { + id: 'CWE-592', + name: 'Authentication Bypass Issues', + status: 'Incomplete', + }, + { + id: 'CWE-593', + name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', + status: 'Draft', + }, + { + id: 'CWE-594', + name: 'J2EE Framework: Saving Unserializable Objects to Disk', + status: 'Incomplete', + }, + { + id: 'CWE-595', + name: 'Incorrect Syntactic Object Comparison', + status: 'Incomplete', + }, + { + id: 'CWE-596', + name: 'Incorrect Semantic Object Comparison', + status: 'Incomplete', + }, + { + id: 'CWE-597', + name: 'Use of Wrong Operator in String Comparison', + status: 'Draft', + }, + { + id: 'CWE-598', + name: 'Information Leak Through Query Strings in GET Request', + status: 'Draft', + }, + { + id: 'CWE-599', + name: 'Trust of OpenSSL Certificate Without Validation', + status: 'Incomplete', + }, + { + id: 'CWE-6', + name: 'J2EE Misconfiguration: Insufficient Session-ID Length', + status: 'Incomplete', + }, + { + id: 'CWE-600', + name: 'Failure to Catch All Exceptions (Missing Catch Block)', + status: 'Draft', + }, + { + id: 'CWE-601', + name: "URL Redirection to Untrusted Site (aka 'Open Redirect')", + status: 'Draft', + }, + { + id: 'CWE-602', + name: 'Design Principle Violation: Client-Side Enforcement of Server-Side Security', + status: 'Draft', + }, + { + id: 'CWE-603', + name: 'Use of Client-Side Authentication', + status: 'Draft', + }, + { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, + { + id: 'CWE-606', + name: 'Unchecked Input for Loop Condition', + status: 'Draft', + }, + { + id: 'CWE-607', + name: 'Public Static Final Field References Mutable Object', + status: 'Draft', + }, + { + id: 'CWE-608', + name: 'Struts: Non-private Field in ActionForm Class', + status: 'Draft', + }, + { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, + { + id: 'CWE-610', + name: 'Externally Controlled Reference to a Resource in Another Sphere', + status: 'Draft', + }, + { + id: 'CWE-611', + name: 'Information Leak Through XML External Entity File Disclosure', + status: 'Draft', + }, + { + id: 'CWE-612', + name: 'Information Leak Through Indexing of Private Data', + status: 'Draft', + }, + { + id: 'CWE-613', + name: 'Insufficient Session Expiration', + status: 'Incomplete', + }, + { + id: 'CWE-614', + name: 'Sensitive Cookie in HTTPS Session Without "Secure" Attribute', + status: 'Draft', + }, + { + id: 'CWE-615', + name: 'Information Leak Through Comments', + status: 'Incomplete', + }, + { + id: 'CWE-616', + name: 'Incomplete Identification of Uploaded File Variables (PHP)', + status: 'Incomplete', + }, + { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, + { + id: 'CWE-618', + name: 'Exposed Unsafe ActiveX Method', + status: 'Incomplete', + }, + { + id: 'CWE-619', + name: "Dangling Database Cursor (aka 'Cursor Injection')", + status: 'Incomplete', + }, + { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, + { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, + { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, + { + id: 'CWE-622', + name: 'Unvalidated Function Hook Arguments', + status: 'Draft', + }, + { + id: 'CWE-623', + name: 'Unsafe ActiveX Control Marked Safe For Scripting', + status: 'Draft', + }, + { + id: 'CWE-624', + name: 'Executable Regular Expression Error', + status: 'Incomplete', + }, + { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, + { + id: 'CWE-626', + name: 'Null Byte Interaction Error (Poison Null Byte)', + status: 'Draft', + }, + { + id: 'CWE-627', + name: 'Dynamic Variable Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-628', + name: 'Function Call with Incorrectly Specified Arguments', + status: 'Draft', + }, + { + id: 'CWE-636', + name: "Design Principle Violation: Not Failing Securely (aka 'Failing Open')", + status: 'Draft', + }, + { + id: 'CWE-637', + name: 'Design Principle Violation: Not Using Economy of Mechanism', + status: 'Draft', + }, + { + id: 'CWE-638', + name: 'Design Principle Violation: Not Using Complete Mediation', + status: 'Draft', + }, + { + id: 'CWE-639', + name: 'Access Control Bypass Through User-Controlled Key', + status: 'Incomplete', + }, + { + id: 'CWE-64', + name: 'Windows Shortcut Following (.LNK)', + status: 'Incomplete', + }, + { + id: 'CWE-640', + name: 'Weak Password Recovery Mechanism for Forgotten Password', + status: 'Incomplete', + }, + { + id: 'CWE-641', + name: 'Insufficient Filtering of File and Other Resource Names for Executable Content', + status: 'Incomplete', + }, + { + id: 'CWE-642', + name: 'External Control of User State Data', + status: 'Incomplete', + }, + { + id: 'CWE-643', + name: "Failure to Sanitize Data within XPath Expressions (aka 'XPath injection')", + status: 'Incomplete', + }, + { + id: 'CWE-644', + name: 'Insufficient Sanitization of HTTP Headers for Scripting Syntax', + status: 'Incomplete', + }, + { + id: 'CWE-645', + name: 'Overly Restrictive Account Lockout Mechanism', + status: 'Incomplete', + }, + { + id: 'CWE-646', + name: 'Reliance on File Name or Extension of Externally-Supplied File', + status: 'Incomplete', + }, + { + id: 'CWE-647', + name: 'Use of Non-Canonical URL Paths for Authorization Decisions', + status: 'Incomplete', + }, + { + id: 'CWE-648', + name: 'Improper Use of Privileged APIs', + status: 'Incomplete', + }, + { + id: 'CWE-649', + name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', + status: 'Incomplete', + }, + { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, + { + id: 'CWE-650', + name: 'Trusting HTTP Permission Methods on the Server Side', + status: 'Incomplete', + }, + { + id: 'CWE-651', + name: 'Information Leak through WSDL File', + status: 'Incomplete', + }, + { + id: 'CWE-652', + name: "Failure to Sanitize Data within XQuery Expressions (aka 'XQuery Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-653', + name: 'Design Principle Violation: Insufficient Compartmentalization', + status: 'Draft', + }, + { + id: 'CWE-654', + name: 'Design Principle Violation: Reliance on a Single Factor in a Security Decision', + status: 'Draft', + }, + { + id: 'CWE-655', + name: 'Design Principle Violation: Failure to Satisfy Psychological Acceptability', + status: 'Draft', + }, + { + id: 'CWE-656', + name: 'Design Principle Violation: Reliance on Security through Obscurity', + status: 'Draft', + }, + { + id: 'CWE-657', + name: 'Violation of Secure Design Principles', + status: 'Draft', + }, + { + id: 'CWE-66', + name: 'Failure to Handle File Names that Identify Virtual Resources', + status: 'Draft', + }, + { id: 'CWE-662', name: 'Insufficient Synchronization', status: 'Draft' }, + { + id: 'CWE-663', + name: 'Use of a Non-reentrant Function in an Unsynchronized Context', + status: 'Draft', + }, + { + id: 'CWE-664', + name: 'Insufficient Control of a Resource Through its Lifetime', + status: 'Draft', + }, + { + id: 'CWE-665', + name: 'Incorrect or Incomplete Initialization', + status: 'Draft', + }, + { + id: 'CWE-666', + name: 'Operation on Resource in Wrong Phase of Lifetime', + status: 'Draft', + }, + { id: 'CWE-667', name: 'Insufficient Locking', status: 'Draft' }, + { + id: 'CWE-668', + name: 'Exposure of Resource to Wrong Sphere', + status: 'Draft', + }, + { + id: 'CWE-669', + name: 'Incorrect Resource Transfer Between Spheres', + status: 'Draft', + }, + { + id: 'CWE-67', + name: 'Failure to Handle Windows Device Names', + status: 'Incomplete', + }, + { + id: 'CWE-670', + name: 'Always-Incorrect Control Flow Implementation', + status: 'Draft', + }, + { + id: 'CWE-671', + name: 'Design Principle Violation: Lack of Administrator Control over Security', + status: 'Draft', + }, + { + id: 'CWE-672', + name: 'Use of a Resource after Expiration or Release', + status: 'Draft', + }, + { + id: 'CWE-673', + name: 'External Influence of Sphere Definition', + status: 'Draft', + }, + { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, + { + id: 'CWE-675', + name: 'Duplicate Operations on Resource', + status: 'Draft', + }, + { + id: 'CWE-676', + name: 'Use of Potentially Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-681', + name: 'Incorrect Conversion between Numeric Types', + status: 'Draft', + }, + { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, + { + id: 'CWE-683', + name: 'Function Call With Incorrect Order of Arguments', + status: 'Draft', + }, + { + id: 'CWE-684', + name: 'Failure to Provide Specified Functionality', + status: 'Draft', + }, + { + id: 'CWE-685', + name: 'Function Call With Incorrect Number of Arguments', + status: 'Draft', + }, + { + id: 'CWE-686', + name: 'Function Call With Incorrect Argument Type', + status: 'Draft', + }, + { + id: 'CWE-687', + name: 'Function Call With Incorrectly Specified Argument Value', + status: 'Draft', + }, + { + id: 'CWE-688', + name: 'Function Call With Incorrect Variable or Reference as Argument', + status: 'Draft', + }, + { + id: 'CWE-69', + name: 'Failure to Handle Windows ::DATA Alternate Data Stream', + status: 'Incomplete', + }, + { + id: 'CWE-691', + name: 'Insufficient Control Flow Management', + status: 'Draft', + }, + { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, + { + id: 'CWE-694', + name: 'Use of Multiple Resources with Duplicate Identifier', + status: 'Incomplete', + }, + { + id: 'CWE-695', + name: 'Use of Low-Level Functionality', + status: 'Incomplete', + }, + { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, + { id: 'CWE-697', name: 'Insufficient Comparison', status: 'Incomplete' }, + { id: 'CWE-698', name: 'Redirect Without Exit', status: 'Incomplete' }, + { + id: 'CWE-7', + name: 'J2EE Misconfiguration: Missing Error Handling', + status: 'Incomplete', + }, + { + id: 'CWE-703', + name: 'Failure to Handle Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-704', + name: 'Incorrect Type Conversion or Cast', + status: 'Incomplete', + }, + { + id: 'CWE-705', + name: 'Incorrect Control Flow Scoping', + status: 'Incomplete', + }, + { + id: 'CWE-706', + name: 'Use of Incorrectly-Resolved Name or Reference', + status: 'Incomplete', + }, + { + id: 'CWE-707', + name: 'Failure to Enforce that Messages or Data are Well-Formed', + status: 'Incomplete', + }, + { + id: 'CWE-708', + name: 'Incorrect Ownership Assignment', + status: 'Incomplete', + }, + { id: 'CWE-71', name: "Apple '.DS_Store'", status: 'Incomplete' }, + { id: 'CWE-710', name: 'Coding Standards Violation', status: 'Incomplete' }, + { + id: 'CWE-72', + name: 'Failure to Handle Apple HFS+ Alternate Data Stream Path', + status: 'Incomplete', + }, + { + id: 'CWE-73', + name: 'External Control of File Name or Path', + status: 'Draft', + }, + { + id: 'CWE-732', + name: 'Insecure Permission Assignment for Resource', + status: 'Incomplete', + }, + { + id: 'CWE-733', + name: 'Compiler Optimization Removal or Modification of Security-critical Code', + status: 'Incomplete', + }, + { + id: 'CWE-74', + name: "Failure to Sanitize Data into a Different Plane (aka 'Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-749', + name: 'Exposed Insecure Method or Function', + status: 'Incomplete', + }, + { + id: 'CWE-75', + name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', + status: 'Draft', + }, + { + id: 'CWE-76', + name: 'Failure to Resolve Equivalent Special Elements into a Different Plane', + status: 'Draft', + }, + { + id: 'CWE-77', + name: "Failure to Sanitize Data into a Control Plane (aka 'Command Injection')", + status: 'Draft', + }, + { + id: 'CWE-78', + name: "Failure to Sanitize Data into an OS Command (aka 'OS Command Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-79', + name: "Failure to Sanitize Directives in a Web Page (aka 'Cross-site scripting' (XSS))", + status: 'Draft', + }, + { + id: 'CWE-8', + name: 'J2EE Misconfiguration: Entity Bean Declared Remote', + status: 'Incomplete', + }, + { + id: 'CWE-80', + name: 'Failure to Sanitize Script-Related HTML Tags in a Web Page (Basic XSS)', + status: 'Incomplete', + }, + { + id: 'CWE-81', + name: 'Failure to Sanitize Directives in an Error Message Web Page', + status: 'Incomplete', + }, + { + id: 'CWE-82', + name: 'Failure to Sanitize Script in Attributes of IMG Tags in a Web Page', + status: 'Incomplete', + }, + { + id: 'CWE-83', + name: 'Failure to Sanitize Script in Attributes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-84', + name: 'Failure to Resolve Encoded URI Schemes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-85', + name: 'Doubled Character XSS Manipulations', + status: 'Draft', + }, + { + id: 'CWE-86', + name: 'Failure to Sanitize Invalid Characters in Identifiers in Web Pages', + status: 'Draft', + }, + { + id: 'CWE-87', + name: 'Failure to Sanitize Alternate XSS Syntax', + status: 'Draft', + }, + { + id: 'CWE-88', + name: 'Argument Injection or Modification', + status: 'Draft', + }, + { + id: 'CWE-89', + name: "Failure to Sanitize Data within SQL Queries (aka 'SQL Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-9', + name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', + status: 'Draft', + }, + { + id: 'CWE-90', + name: "Failure to Sanitize Data into LDAP Queries (aka 'LDAP Injection')", + status: 'Draft', + }, + { + id: 'CWE-91', + name: 'XML Injection (aka Blind XPath Injection)', + status: 'Draft', + }, + { + id: 'CWE-92', + name: 'Insufficient Sanitization of Custom Special Characters', + status: 'Incomplete', + }, + { + id: 'CWE-93', + name: "Failure to Sanitize CRLF Sequences (aka 'CRLF Injection')", + status: 'Draft', + }, + { id: 'CWE-94', name: 'Code Injection', status: 'Draft' }, + { + id: 'CWE-95', + name: "Insufficient Control of Directives in Dynamically Evaluated Code (aka 'Eval Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-96', + name: 'Insufficient Control of Directives in Statically Saved Code (Static Code Injection)', + status: 'Draft', + }, + { + id: 'CWE-97', + name: 'Failure to Sanitize Server-Side Includes (SSI) Within a Web Page', + status: 'Draft', + }, + { + id: 'CWE-99', + name: "Insufficient Control of Resource Identifiers (aka 'Resource Injection')", + status: 'Draft', + }, + ], +} diff --git a/lib/cwec/1.10.js b/lib/cwec/1.10.js new file mode 100644 index 00000000..8948b8fb --- /dev/null +++ b/lib/cwec/1.10.js @@ -0,0 +1,2747 @@ +export default { + weaknesses: [ + { + id: 'CWE-102', + name: 'Struts: Duplicate Validation Forms', + status: 'Incomplete', + }, + { + id: 'CWE-103', + name: 'Struts: Incomplete validate() Method Definition', + status: 'Draft', + }, + { + id: 'CWE-104', + name: 'Struts: Form Bean Does Not Extend Validation Class', + status: 'Draft', + }, + { + id: 'CWE-105', + name: 'Struts: Form Field Without Validator', + status: 'Draft', + }, + { + id: 'CWE-106', + name: 'Struts: Plug-in Framework not in Use', + status: 'Draft', + }, + { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, + { + id: 'CWE-108', + name: 'Struts: Unvalidated Action Form', + status: 'Incomplete', + }, + { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, + { + id: 'CWE-11', + name: 'ASP.NET Misconfiguration: Creating Debug Binary', + status: 'Draft', + }, + { + id: 'CWE-110', + name: 'Struts: Validator Without Form Field', + status: 'Draft', + }, + { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, + { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, + { + id: 'CWE-113', + name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')", + status: 'Incomplete', + }, + { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, + { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, + { + id: 'CWE-116', + name: 'Improper Encoding or Escaping of Output', + status: 'Draft', + }, + { + id: 'CWE-117', + name: 'Improper Output Neutralization for Logs', + status: 'Draft', + }, + { + id: 'CWE-118', + name: "Improper Access of Indexable Resource ('Range Error')", + status: 'Incomplete', + }, + { + id: 'CWE-119', + name: 'Failure to Constrain Operations within the Bounds of a Memory Buffer', + status: 'Usable', + }, + { + id: 'CWE-12', + name: 'ASP.NET Misconfiguration: Missing Custom Error Page', + status: 'Draft', + }, + { + id: 'CWE-120', + name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", + status: 'Incomplete', + }, + { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, + { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, + { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, + { + id: 'CWE-124', + name: "Buffer Underwrite ('Buffer Underflow')", + status: 'Incomplete', + }, + { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, + { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, + { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, + { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, + { + id: 'CWE-129', + name: 'Improper Validation of Array Index', + status: 'Draft', + }, + { + id: 'CWE-13', + name: 'ASP.NET Misconfiguration: Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-130', + name: 'Improper Handling of Length Parameter Inconsistency ', + status: 'Incomplete', + }, + { + id: 'CWE-131', + name: 'Incorrect Calculation of Buffer Size', + status: 'Draft', + }, + { + id: 'CWE-132', + name: 'DEPRECATED (Duplicate): Miscalculated Null Termination', + status: 'Deprecated', + }, + { id: 'CWE-134', name: 'Uncontrolled Format String', status: 'Draft' }, + { + id: 'CWE-135', + name: 'Incorrect Calculation of Multi-Byte String Length', + status: 'Draft', + }, + { + id: 'CWE-138', + name: 'Improper Neutralization of Special Elements', + status: 'Draft', + }, + { + id: 'CWE-14', + name: 'Compiler Removal of Code to Clear Buffers', + status: 'Draft', + }, + { + id: 'CWE-140', + name: 'Improper Neutralization of Delimiters', + status: 'Draft', + }, + { + id: 'CWE-141', + name: 'Improper Neutralization of Parameter/Argument Delimiters', + status: 'Draft', + }, + { + id: 'CWE-142', + name: 'Improper Neutralization of Value Delimiters', + status: 'Draft', + }, + { + id: 'CWE-143', + name: 'Improper Neutralization of Record Delimiters', + status: 'Draft', + }, + { + id: 'CWE-144', + name: 'Improper Neutralization of Line Delimiters', + status: 'Draft', + }, + { + id: 'CWE-145', + name: 'Improper Neutralization of Section Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-146', + name: 'Improper Neutralization of Expression/Command Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-147', + name: 'Improper Neutralization of Input Terminators', + status: 'Draft', + }, + { + id: 'CWE-148', + name: 'Improper Neutralization of Input Leaders', + status: 'Draft', + }, + { + id: 'CWE-149', + name: 'Improper Neutralization of Quoting Syntax', + status: 'Draft', + }, + { + id: 'CWE-15', + name: 'External Control of System or Configuration Setting', + status: 'Incomplete', + }, + { + id: 'CWE-150', + name: 'Improper Neutralization of Escape, Meta, or Control Sequences', + status: 'Incomplete', + }, + { + id: 'CWE-151', + name: 'Improper Neutralization of Comment Delimiters', + status: 'Draft', + }, + { + id: 'CWE-152', + name: 'Improper Neutralization of Macro Symbols', + status: 'Draft', + }, + { + id: 'CWE-153', + name: 'Improper Neutralization of Substitution Characters', + status: 'Draft', + }, + { + id: 'CWE-154', + name: 'Improper Neutralization of Variable Name Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-155', + name: 'Improper Neutralization of Wildcards or Matching Symbols', + status: 'Draft', + }, + { + id: 'CWE-156', + name: 'Improper Neutralization of Whitespace', + status: 'Draft', + }, + { + id: 'CWE-157', + name: 'Failure to Sanitize Paired Delimiters', + status: 'Draft', + }, + { + id: 'CWE-158', + name: 'Improper Neutralization of Null Byte or NUL Character', + status: 'Incomplete', + }, + { + id: 'CWE-159', + name: 'Failure to Sanitize Special Element', + status: 'Draft', + }, + { + id: 'CWE-160', + name: 'Improper Neutralization of Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-161', + name: 'Improper Neutralization of Multiple Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-162', + name: 'Improper Neutralization of Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-163', + name: 'Improper Neutralization of Multiple Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-164', + name: 'Improper Neutralization of Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-165', + name: 'Improper Neutralization of Multiple Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-166', + name: 'Improper Handling of Missing Special Element', + status: 'Draft', + }, + { + id: 'CWE-167', + name: 'Improper Handling of Additional Special Element', + status: 'Draft', + }, + { + id: 'CWE-168', + name: 'Failure to Resolve Inconsistent Special Elements', + status: 'Draft', + }, + { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, + { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, + { + id: 'CWE-173', + name: 'Failure to Handle Alternate Encoding', + status: 'Draft', + }, + { + id: 'CWE-174', + name: 'Double Decoding of the Same Data', + status: 'Draft', + }, + { + id: 'CWE-175', + name: 'Failure to Handle Mixed Encoding', + status: 'Draft', + }, + { + id: 'CWE-176', + name: 'Failure to Handle Unicode Encoding', + status: 'Draft', + }, + { + id: 'CWE-177', + name: 'Failure to Handle URL Encoding (Hex Encoding)', + status: 'Draft', + }, + { + id: 'CWE-178', + name: 'Failure to Resolve Case Sensitivity', + status: 'Incomplete', + }, + { + id: 'CWE-179', + name: 'Incorrect Behavior Order: Early Validation', + status: 'Incomplete', + }, + { + id: 'CWE-180', + name: 'Incorrect Behavior Order: Validate Before Canonicalize', + status: 'Draft', + }, + { + id: 'CWE-181', + name: 'Incorrect Behavior Order: Validate Before Filter', + status: 'Draft', + }, + { + id: 'CWE-182', + name: 'Collapse of Data into Unsafe Value', + status: 'Draft', + }, + { id: 'CWE-183', name: 'Permissive Whitelist', status: 'Draft' }, + { id: 'CWE-184', name: 'Incomplete Blacklist', status: 'Draft' }, + { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, + { + id: 'CWE-186', + name: 'Overly Restrictive Regular Expression', + status: 'Draft', + }, + { id: 'CWE-187', name: 'Partial Comparison', status: 'Incomplete' }, + { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, + { + id: 'CWE-190', + name: 'Integer Overflow or Wraparound', + status: 'Incomplete', + }, + { + id: 'CWE-191', + name: 'Integer Underflow (Wrap or Wraparound)', + status: 'Draft', + }, + { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, + { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, + { + id: 'CWE-195', + name: 'Signed to Unsigned Conversion Error', + status: 'Draft', + }, + { + id: 'CWE-196', + name: 'Unsigned to Signed Conversion Error', + status: 'Draft', + }, + { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, + { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, + { id: 'CWE-20', name: 'Improper Input Validation', status: 'Usable' }, + { id: 'CWE-200', name: 'Information Exposure', status: 'Incomplete' }, + { + id: 'CWE-201', + name: 'Information Exposure Through Sent Data', + status: 'Draft', + }, + { + id: 'CWE-202', + name: 'Privacy Leak through Data Queries', + status: 'Draft', + }, + { + id: 'CWE-203', + name: 'Information Exposure Through Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-204', + name: 'Response Discrepancy Information Exposure', + status: 'Incomplete', + }, + { + id: 'CWE-205', + name: 'Information Exposure Through Behavioral Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-206', + name: 'Internal Behavioral Inconsistency Information Leak', + status: 'Incomplete', + }, + { + id: 'CWE-207', + name: 'Information Exposure Through an External Behavioral Inconsistency', + status: 'Draft', + }, + { + id: 'CWE-208', + name: 'Timing Discrepancy Information Leak', + status: 'Incomplete', + }, + { + id: 'CWE-209', + name: 'Information Exposure Through an Error Message', + status: 'Draft', + }, + { + id: 'CWE-210', + name: 'Product-Generated Error Message Information Leak', + status: 'Draft', + }, + { + id: 'CWE-211', + name: 'Product-External Error Message Information Leak', + status: 'Incomplete', + }, + { + id: 'CWE-212', + name: 'Improper Cross-boundary Removal of Sensitive Data', + status: 'Incomplete', + }, + { id: 'CWE-213', name: 'Intended Information Leak', status: 'Draft' }, + { + id: 'CWE-214', + name: 'Process Environment Information Leak', + status: 'Incomplete', + }, + { + id: 'CWE-215', + name: 'Information Exposure Through Debug Information', + status: 'Draft', + }, + { + id: 'CWE-216', + name: 'Containment Errors (Container Errors)', + status: 'Incomplete', + }, + { + id: 'CWE-217', + name: 'DEPRECATED: Failure to Protect Stored Data from Modification', + status: 'Deprecated', + }, + { + id: 'CWE-218', + name: 'DEPRECATED (Duplicate): Failure to provide confidentiality for stored data', + status: 'Deprecated', + }, + { id: 'CWE-219', name: 'Sensitive Data Under Web Root', status: 'Draft' }, + { + id: 'CWE-22', + name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + status: 'Draft', + }, + { id: 'CWE-220', name: 'Sensitive Data Under FTP Root', status: 'Draft' }, + { + id: 'CWE-221', + name: 'Information Loss or Omission', + status: 'Incomplete', + }, + { + id: 'CWE-222', + name: 'Truncation of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-223', + name: 'Omission of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-224', + name: 'Obscured Security-relevant Information by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-225', + name: 'DEPRECATED (Duplicate): General Information Management Problems', + status: 'Deprecated', + }, + { + id: 'CWE-226', + name: 'Sensitive Information Uncleared Before Release', + status: 'Draft', + }, + { + id: 'CWE-227', + name: "Failure to Fulfill API Contract ('API Abuse')", + status: 'Draft', + }, + { + id: 'CWE-228', + name: 'Improper Handling of Syntactically Invalid Structure', + status: 'Incomplete', + }, + { + id: 'CWE-229', + name: 'Improper Handling of Values', + status: 'Incomplete', + }, + { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, + { + id: 'CWE-230', + name: 'Improper Handling of Missing Values', + status: 'Draft', + }, + { + id: 'CWE-231', + name: 'Improper Handling of Extra Values', + status: 'Draft', + }, + { + id: 'CWE-232', + name: 'Improper Handling of Undefined Values', + status: 'Draft', + }, + { id: 'CWE-233', name: 'Parameter Problems', status: 'Incomplete' }, + { + id: 'CWE-234', + name: 'Failure to Handle Missing Parameter', + status: 'Incomplete', + }, + { + id: 'CWE-235', + name: 'Improper Handling of Extra Parameters', + status: 'Draft', + }, + { + id: 'CWE-236', + name: 'Improper Handling of Undefined Parameters', + status: 'Draft', + }, + { + id: 'CWE-237', + name: 'Improper Handling of Structural Elements', + status: 'Incomplete', + }, + { + id: 'CWE-238', + name: 'Improper Handling of Incomplete Structural Elements', + status: 'Draft', + }, + { + id: 'CWE-239', + name: 'Failure to Handle Incomplete Element', + status: 'Draft', + }, + { + id: 'CWE-24', + name: "Path Traversal: '../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-240', + name: 'Improper Handling of Inconsistent Structural Elements', + status: 'Draft', + }, + { + id: 'CWE-241', + name: 'Improper Handling of Unexpected Data Type', + status: 'Draft', + }, + { + id: 'CWE-242', + name: 'Use of Inherently Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-243', + name: 'Failure to Change Working Directory in chroot Jail', + status: 'Draft', + }, + { + id: 'CWE-244', + name: "Failure to Clear Heap Memory Before Release ('Heap Inspection')", + status: 'Draft', + }, + { + id: 'CWE-245', + name: 'J2EE Bad Practices: Direct Management of Connections', + status: 'Draft', + }, + { + id: 'CWE-246', + name: 'J2EE Bad Practices: Direct Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-247', + name: 'Reliance on DNS Lookups in a Security Decision', + status: 'Incomplete', + }, + { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, + { + id: 'CWE-249', + name: 'DEPRECATED: Often Misused: Path Manipulation', + status: 'Deprecated', + }, + { + id: 'CWE-25', + name: "Path Traversal: '/../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-250', + name: 'Execution with Unnecessary Privileges', + status: 'Draft', + }, + { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, + { + id: 'CWE-253', + name: 'Incorrect Check of Function Return Value', + status: 'Incomplete', + }, + { + id: 'CWE-256', + name: 'Plaintext Storage of a Password', + status: 'Incomplete', + }, + { + id: 'CWE-257', + name: 'Storing Passwords in a Recoverable Format', + status: 'Incomplete', + }, + { + id: 'CWE-258', + name: 'Empty Password in Configuration File', + status: 'Incomplete', + }, + { id: 'CWE-259', name: 'Use of Hard-coded Password', status: 'Draft' }, + { + id: 'CWE-26', + name: "Path Traversal: '/dir/../filename'", + status: 'Draft', + }, + { + id: 'CWE-260', + name: 'Password in Configuration File', + status: 'Incomplete', + }, + { + id: 'CWE-261', + name: 'Weak Cryptography for Passwords', + status: 'Incomplete', + }, + { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, + { + id: 'CWE-263', + name: 'Password Aging with Long Expiration', + status: 'Draft', + }, + { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, + { + id: 'CWE-267', + name: 'Privilege Defined With Unsafe Actions', + status: 'Incomplete', + }, + { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, + { + id: 'CWE-269', + name: 'Improper Privilege Management', + status: 'Incomplete', + }, + { + id: 'CWE-27', + name: "Path Traversal: 'dir/../../filename'", + status: 'Draft', + }, + { + id: 'CWE-270', + name: 'Privilege Context Switching Error', + status: 'Draft', + }, + { + id: 'CWE-271', + name: 'Privilege Dropping / Lowering Errors', + status: 'Incomplete', + }, + { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, + { + id: 'CWE-273', + name: 'Improper Check for Dropped Privileges', + status: 'Incomplete', + }, + { + id: 'CWE-274', + name: 'Improper Handling of Insufficient Privileges', + status: 'Draft', + }, + { id: 'CWE-276', name: 'Incorrect Default Permissions', status: 'Draft' }, + { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, + { + id: 'CWE-278', + name: 'Insecure Preserved Inherited Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-279', + name: 'Incorrect Execution-Assigned Permissions', + status: 'Draft', + }, + { + id: 'CWE-28', + name: "Path Traversal: '..\\filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-280', + name: 'Improper Handling of Insufficient Permissions or Privileges ', + status: 'Draft', + }, + { + id: 'CWE-281', + name: 'Improper Preservation of Permissions', + status: 'Draft', + }, + { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, + { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, + { + id: 'CWE-284', + name: 'Access Control (Authorization) Issues', + status: 'Incomplete', + }, + { + id: 'CWE-285', + name: 'Improper Access Control (Authorization)', + status: 'Draft', + }, + { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, + { id: 'CWE-287', name: 'Improper Authentication', status: 'Draft' }, + { + id: 'CWE-288', + name: 'Authentication Bypass Using an Alternate Path or Channel', + status: 'Incomplete', + }, + { + id: 'CWE-289', + name: 'Authentication Bypass by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-29', + name: "Path Traversal: '\\..\\filename'", + status: 'Incomplete', + }, + { + id: 'CWE-290', + name: 'Authentication Bypass by Spoofing', + status: 'Incomplete', + }, + { + id: 'CWE-292', + name: 'Trusting Self-reported DNS Name', + status: 'Incomplete', + }, + { + id: 'CWE-293', + name: 'Using Referer Field for Authentication', + status: 'Draft', + }, + { + id: 'CWE-294', + name: 'Authentication Bypass by Capture-replay', + status: 'Incomplete', + }, + { + id: 'CWE-296', + name: 'Improper Following of Chain of Trust for Certificate Validation', + status: 'Draft', + }, + { + id: 'CWE-297', + name: 'Improper Validation of Host-specific Certificate Data', + status: 'Incomplete', + }, + { + id: 'CWE-298', + name: 'Improper Validation of Certificate Expiration', + status: 'Draft', + }, + { + id: 'CWE-299', + name: 'Improper Check for Certificate Revocation', + status: 'Draft', + }, + { + id: 'CWE-30', + name: "Path Traversal: '\\dir\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-300', + name: "Channel Accessible by Non-Endpoint ('Man-in-the-Middle')", + status: 'Draft', + }, + { + id: 'CWE-301', + name: 'Reflection Attack in an Authentication Protocol', + status: 'Draft', + }, + { + id: 'CWE-302', + name: 'Authentication Bypass by Assumed-Immutable Data', + status: 'Incomplete', + }, + { + id: 'CWE-303', + name: 'Incorrect Implementation of Authentication Algorithm', + status: 'Draft', + }, + { + id: 'CWE-304', + name: 'Missing Critical Step in Authentication', + status: 'Draft', + }, + { + id: 'CWE-305', + name: 'Authentication Bypass by Primary Weakness', + status: 'Draft', + }, + { + id: 'CWE-306', + name: 'Missing Authentication for Critical Function', + status: 'Draft', + }, + { + id: 'CWE-307', + name: 'Improper Restriction of Excessive Authentication Attempts', + status: 'Draft', + }, + { + id: 'CWE-308', + name: 'Use of Single-factor Authentication', + status: 'Draft', + }, + { + id: 'CWE-309', + name: 'Use of Password System for Primary Authentication', + status: 'Draft', + }, + { + id: 'CWE-31', + name: "Path Traversal: 'dir\\..\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-311', + name: 'Missing Encryption of Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-312', + name: 'Cleartext Storage of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-313', + name: 'Plaintext Storage in a File or on Disk', + status: 'Draft', + }, + { + id: 'CWE-314', + name: 'Plaintext Storage in the Registry', + status: 'Draft', + }, + { id: 'CWE-315', name: 'Plaintext Storage in a Cookie', status: 'Draft' }, + { id: 'CWE-316', name: 'Plaintext Storage in Memory', status: 'Draft' }, + { id: 'CWE-317', name: 'Plaintext Storage in GUI', status: 'Draft' }, + { id: 'CWE-318', name: 'Plaintext Storage in Executable', status: 'Draft' }, + { + id: 'CWE-319', + name: 'Cleartext Transmission of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-32', + name: "Path Traversal: '...' (Triple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-321', + name: 'Use of Hard-coded Cryptographic Key', + status: 'Draft', + }, + { + id: 'CWE-322', + name: 'Key Exchange without Entity Authentication', + status: 'Draft', + }, + { + id: 'CWE-323', + name: 'Reusing a Nonce, Key Pair in Encryption', + status: 'Incomplete', + }, + { + id: 'CWE-324', + name: 'Use of a Key Past its Expiration Date', + status: 'Draft', + }, + { + id: 'CWE-325', + name: 'Missing Required Cryptographic Step', + status: 'Incomplete', + }, + { id: 'CWE-326', name: 'Inadequate Encryption Strength', status: 'Draft' }, + { + id: 'CWE-327', + name: 'Use of a Broken or Risky Cryptographic Algorithm', + status: 'Draft', + }, + { id: 'CWE-328', name: 'Reversible One-Way Hash', status: 'Draft' }, + { + id: 'CWE-329', + name: 'Not Using a Random IV with CBC Mode', + status: 'Draft', + }, + { + id: 'CWE-33', + name: "Path Traversal: '....' (Multiple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-330', + name: 'Use of Insufficiently Random Values', + status: 'Usable', + }, + { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, + { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, + { + id: 'CWE-333', + name: 'Improper Handling of Insufficient Entropy in TRNG', + status: 'Draft', + }, + { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, + { id: 'CWE-335', name: 'PRNG Seed Error', status: 'Draft' }, + { id: 'CWE-336', name: 'Same Seed in PRNG', status: 'Draft' }, + { id: 'CWE-337', name: 'Predictable Seed in PRNG', status: 'Draft' }, + { + id: 'CWE-338', + name: 'Use of Cryptographically Weak PRNG', + status: 'Draft', + }, + { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, + { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, + { id: 'CWE-340', name: 'Predictability Problems', status: 'Incomplete' }, + { + id: 'CWE-341', + name: 'Predictable from Observable State', + status: 'Draft', + }, + { + id: 'CWE-342', + name: 'Predictable Exact Value from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-343', + name: 'Predictable Value Range from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-344', + name: 'Use of Invariant Value in Dynamically Changing Context', + status: 'Draft', + }, + { + id: 'CWE-345', + name: 'Insufficient Verification of Data Authenticity', + status: 'Draft', + }, + { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, + { + id: 'CWE-347', + name: 'Improper Verification of Cryptographic Signature', + status: 'Draft', + }, + { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, + { + id: 'CWE-349', + name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', + status: 'Draft', + }, + { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, + { id: 'CWE-350', name: 'Improperly Trusted Reverse DNS', status: 'Draft' }, + { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, + { + id: 'CWE-353', + name: 'Failure to Add Integrity Check Value', + status: 'Draft', + }, + { + id: 'CWE-354', + name: 'Improper Validation of Integrity Check Value', + status: 'Draft', + }, + { + id: 'CWE-356', + name: 'Product UI does not Warn User of Unsafe Actions', + status: 'Incomplete', + }, + { + id: 'CWE-357', + name: 'Insufficient UI Warning of Dangerous Operations', + status: 'Draft', + }, + { + id: 'CWE-358', + name: 'Improperly Implemented Security Check for Standard', + status: 'Draft', + }, + { id: 'CWE-359', name: 'Privacy Violation', status: 'Incomplete' }, + { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, + { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, + { id: 'CWE-362', name: 'Race Condition', status: 'Draft' }, + { + id: 'CWE-363', + name: 'Race Condition Enabling Link Following', + status: 'Draft', + }, + { + id: 'CWE-364', + name: 'Signal Handler Race Condition', + status: 'Incomplete', + }, + { id: 'CWE-365', name: 'Race Condition in Switch', status: 'Draft' }, + { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, + { + id: 'CWE-367', + name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', + status: 'Incomplete', + }, + { + id: 'CWE-368', + name: 'Context Switching Race Condition', + status: 'Draft', + }, + { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, + { + id: 'CWE-37', + name: "Path Traversal: '/absolute/pathname/here'", + status: 'Draft', + }, + { + id: 'CWE-370', + name: 'Missing Check for Certificate Revocation after Initial Check', + status: 'Draft', + }, + { + id: 'CWE-372', + name: 'Incomplete Internal State Distinction', + status: 'Draft', + }, + { id: 'CWE-373', name: 'State Synchronization Error', status: 'Draft' }, + { + id: 'CWE-374', + name: 'Passing Mutable Objects to an Untrusted Method', + status: 'Draft', + }, + { + id: 'CWE-375', + name: 'Returning a Mutable Object to an Untrusted Caller', + status: 'Draft', + }, + { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, + { + id: 'CWE-378', + name: 'Creation of Temporary File With Insecure Permissions', + status: 'Draft', + }, + { + id: 'CWE-379', + name: 'Creation of Temporary File in Directory with Incorrect Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-38', + name: "Path Traversal: '\\absolute\\pathname\\here'", + status: 'Draft', + }, + { + id: 'CWE-382', + name: 'J2EE Bad Practices: Use of System.exit()', + status: 'Draft', + }, + { + id: 'CWE-383', + name: 'J2EE Bad Practices: Direct Use of Threads', + status: 'Draft', + }, + { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, + { + id: 'CWE-386', + name: 'Symbolic Name not Mapping to Correct Object', + status: 'Draft', + }, + { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, + { + id: 'CWE-390', + name: 'Detection of Error Condition Without Action', + status: 'Draft', + }, + { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, + { + id: 'CWE-392', + name: 'Failure to Report Error in Status Code', + status: 'Draft', + }, + { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, + { + id: 'CWE-394', + name: 'Unexpected Status Code or Return Value', + status: 'Draft', + }, + { + id: 'CWE-395', + name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', + status: 'Draft', + }, + { + id: 'CWE-396', + name: 'Declaration of Catch for Generic Exception', + status: 'Draft', + }, + { + id: 'CWE-397', + name: 'Declaration of Throws for Generic Exception', + status: 'Draft', + }, + { id: 'CWE-398', name: 'Indicator of Poor Code Quality', status: 'Draft' }, + { + id: 'CWE-40', + name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", + status: 'Draft', + }, + { + id: 'CWE-400', + name: "Uncontrolled Resource Consumption ('Resource Exhaustion')", + status: 'Incomplete', + }, + { + id: 'CWE-401', + name: "Failure to Release Memory Before Removing Last Reference ('Memory Leak')", + status: 'Draft', + }, + { + id: 'CWE-402', + name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", + status: 'Draft', + }, + { id: 'CWE-403', name: 'UNIX File Descriptor Leak', status: 'Draft' }, + { + id: 'CWE-404', + name: 'Improper Resource Shutdown or Release', + status: 'Draft', + }, + { + id: 'CWE-405', + name: 'Asymmetric Resource Consumption (Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-406', + name: 'Insufficient Control of Network Message Volume (Network Amplification)', + status: 'Incomplete', + }, + { id: 'CWE-407', name: 'Algorithmic Complexity', status: 'Incomplete' }, + { + id: 'CWE-408', + name: 'Incorrect Behavior Order: Early Amplification', + status: 'Draft', + }, + { + id: 'CWE-409', + name: 'Improper Handling of Highly Compressed Data (Data Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-41', + name: 'Improper Resolution of Path Equivalence', + status: 'Incomplete', + }, + { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, + { + id: 'CWE-412', + name: 'Unrestricted Externally Accessible Lock', + status: 'Incomplete', + }, + { id: 'CWE-413', name: 'Improper Resource Locking', status: 'Draft' }, + { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, + { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, + { id: 'CWE-416', name: 'Use After Free', status: 'Draft' }, + { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, + { + id: 'CWE-42', + name: "Path Equivalence: 'filename.' (Trailing Dot)", + status: 'Incomplete', + }, + { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, + { + id: 'CWE-421', + name: 'Race Condition During Access to Alternate Channel', + status: 'Draft', + }, + { + id: 'CWE-422', + name: "Unprotected Windows Messaging Channel ('Shatter')", + status: 'Draft', + }, + { + id: 'CWE-423', + name: 'DEPRECATED (Duplicate): Proxied Trusted Channel', + status: 'Deprecated', + }, + { + id: 'CWE-424', + name: 'Failure to Protect Alternate Path', + status: 'Draft', + }, + { + id: 'CWE-425', + name: "Direct Request ('Forced Browsing')", + status: 'Incomplete', + }, + { + id: 'CWE-427', + name: 'Uncontrolled Search Path Element', + status: 'Draft', + }, + { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, + { + id: 'CWE-43', + name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-430', + name: 'Deployment of Wrong Handler', + status: 'Incomplete', + }, + { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, + { + id: 'CWE-432', + name: 'Dangerous Handler not Disabled During Sensitive Operations', + status: 'Draft', + }, + { + id: 'CWE-433', + name: 'Unparsed Raw Web Content Delivery', + status: 'Incomplete', + }, + { + id: 'CWE-434', + name: 'Unrestricted Upload of File with Dangerous Type', + status: 'Draft', + }, + { id: 'CWE-435', name: 'Interaction Error', status: 'Draft' }, + { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, + { + id: 'CWE-437', + name: 'Incomplete Model of Endpoint Features', + status: 'Incomplete', + }, + { + id: 'CWE-439', + name: 'Behavioral Change in New Version or Environment', + status: 'Draft', + }, + { + id: 'CWE-44', + name: "Path Equivalence: 'file.name' (Internal Dot)", + status: 'Incomplete', + }, + { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, + { id: 'CWE-441', name: 'Unintended Proxy/Intermediary', status: 'Draft' }, + { + id: 'CWE-443', + name: 'DEPRECATED (Duplicate): HTTP response splitting', + status: 'Deprecated', + }, + { + id: 'CWE-444', + name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')", + status: 'Incomplete', + }, + { + id: 'CWE-446', + name: 'UI Discrepancy for Security Feature', + status: 'Incomplete', + }, + { + id: 'CWE-447', + name: 'Unimplemented or Unsupported Feature in UI', + status: 'Draft', + }, + { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, + { + id: 'CWE-449', + name: 'The UI Performs the Wrong Action', + status: 'Incomplete', + }, + { + id: 'CWE-45', + name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-450', + name: 'Multiple Interpretations of UI Input', + status: 'Draft', + }, + { + id: 'CWE-451', + name: 'UI Misrepresentation of Critical Information', + status: 'Draft', + }, + { + id: 'CWE-453', + name: 'Insecure Default Variable Initialization', + status: 'Draft', + }, + { + id: 'CWE-454', + name: 'External Initialization of Trusted Variables or Data Stores', + status: 'Draft', + }, + { + id: 'CWE-455', + name: 'Non-exit on Failed Initialization', + status: 'Draft', + }, + { id: 'CWE-456', name: 'Missing Initialization', status: 'Draft' }, + { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, + { + id: 'CWE-458', + name: 'DEPRECATED: Incorrect Initialization', + status: 'Deprecated', + }, + { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, + { + id: 'CWE-46', + name: "Path Equivalence: 'filename ' (Trailing Space)", + status: 'Incomplete', + }, + { + id: 'CWE-460', + name: 'Improper Cleanup on Thrown Exception', + status: 'Draft', + }, + { + id: 'CWE-462', + name: 'Duplicate Key in Associative List (Alist)', + status: 'Incomplete', + }, + { + id: 'CWE-463', + name: 'Deletion of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-464', + name: 'Addition of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-466', + name: 'Return of Pointer Value Outside of Expected Range', + status: 'Draft', + }, + { + id: 'CWE-467', + name: 'Use of sizeof() on a Pointer Type', + status: 'Draft', + }, + { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, + { + id: 'CWE-469', + name: 'Use of Pointer Subtraction to Determine Size', + status: 'Draft', + }, + { + id: 'CWE-47', + name: "Path Equivalence: ' filename' (Leading Space)", + status: 'Incomplete', + }, + { + id: 'CWE-470', + name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", + status: 'Draft', + }, + { + id: 'CWE-471', + name: 'Modification of Assumed-Immutable Data (MAID)', + status: 'Draft', + }, + { + id: 'CWE-472', + name: 'External Control of Assumed-Immutable Web Parameter', + status: 'Draft', + }, + { + id: 'CWE-473', + name: 'PHP External Variable Modification', + status: 'Draft', + }, + { + id: 'CWE-474', + name: 'Use of Function with Inconsistent Implementations', + status: 'Draft', + }, + { + id: 'CWE-475', + name: 'Undefined Behavior for Input to API', + status: 'Incomplete', + }, + { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Draft' }, + { id: 'CWE-477', name: 'Use of Obsolete Functions', status: 'Draft' }, + { + id: 'CWE-478', + name: 'Missing Default Case in Switch Statement', + status: 'Draft', + }, + { + id: 'CWE-479', + name: 'Unsafe Function Call from a Signal Handler', + status: 'Draft', + }, + { + id: 'CWE-48', + name: "Path Equivalence: 'file name' (Internal Whitespace)", + status: 'Incomplete', + }, + { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, + { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, + { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, + { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, + { + id: 'CWE-484', + name: 'Omitted Break Statement in Switch', + status: 'Draft', + }, + { id: 'CWE-485', name: 'Insufficient Encapsulation', status: 'Draft' }, + { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, + { + id: 'CWE-487', + name: 'Reliance on Package-level Scope', + status: 'Incomplete', + }, + { id: 'CWE-488', name: 'Data Leak Between Sessions', status: 'Draft' }, + { id: 'CWE-489', name: 'Leftover Debug Code', status: 'Draft' }, + { + id: 'CWE-49', + name: "Path Equivalence: 'filename/' (Trailing Slash)", + status: 'Incomplete', + }, + { + id: 'CWE-491', + name: "Public cloneable() Method Without Final ('Object Hijack')", + status: 'Draft', + }, + { + id: 'CWE-492', + name: 'Use of Inner Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-493', + name: 'Critical Public Variable Without Final Modifier', + status: 'Draft', + }, + { + id: 'CWE-494', + name: 'Download of Code Without Integrity Check', + status: 'Draft', + }, + { + id: 'CWE-495', + name: 'Private Array-Typed Field Returned From A Public Method', + status: 'Draft', + }, + { + id: 'CWE-496', + name: 'Public Data Assigned to Private Array-Typed Field', + status: 'Incomplete', + }, + { + id: 'CWE-497', + name: 'Exposure of System Data to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-498', + name: 'Information Leak through Class Cloning', + status: 'Draft', + }, + { + id: 'CWE-499', + name: 'Serializable Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-5', + name: 'J2EE Misconfiguration: Data Transmission Without Encryption', + status: 'Draft', + }, + { + id: 'CWE-50', + name: "Path Equivalence: '//multiple/leading/slash'", + status: 'Incomplete', + }, + { + id: 'CWE-500', + name: 'Public Static Field Not Marked Final', + status: 'Draft', + }, + { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, + { + id: 'CWE-502', + name: 'Deserialization of Untrusted Data', + status: 'Draft', + }, + { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, + { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, + { + id: 'CWE-508', + name: 'Non-Replicating Malicious Code', + status: 'Incomplete', + }, + { + id: 'CWE-509', + name: 'Replicating Malicious Code (Virus or Worm)', + status: 'Incomplete', + }, + { + id: 'CWE-51', + name: "Path Equivalence: '/multiple//internal/slash'", + status: 'Incomplete', + }, + { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, + { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, + { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, + { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, + { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, + { + id: 'CWE-516', + name: 'DEPRECATED (Duplicate): Covert Timing Channel', + status: 'Deprecated', + }, + { + id: 'CWE-52', + name: "Path Equivalence: '/multiple/trailing/slash//'", + status: 'Incomplete', + }, + { + id: 'CWE-520', + name: '.NET Misconfiguration: Use of Impersonation', + status: 'Incomplete', + }, + { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, + { + id: 'CWE-522', + name: 'Insufficiently Protected Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-523', + name: 'Unprotected Transport of Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-524', + name: 'Information Leak Through Caching', + status: 'Incomplete', + }, + { + id: 'CWE-525', + name: 'Information Leak Through Browser Caching', + status: 'Incomplete', + }, + { + id: 'CWE-526', + name: 'Information Leak Through Environmental Variables', + status: 'Incomplete', + }, + { + id: 'CWE-527', + name: 'Exposure of CVS Repository to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-528', + name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', + status: 'Draft', + }, + { + id: 'CWE-529', + name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-53', + name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", + status: 'Incomplete', + }, + { + id: 'CWE-530', + name: 'Exposure of Backup File to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-531', + name: 'Information Leak Through Test Code', + status: 'Incomplete', + }, + { + id: 'CWE-532', + name: 'Information Leak Through Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-533', + name: 'Information Leak Through Server Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-534', + name: 'Information Leak Through Debug Log Files', + status: 'Draft', + }, + { + id: 'CWE-535', + name: 'Information Leak Through Shell Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-536', + name: 'Information Leak Through Servlet Runtime Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-537', + name: 'Information Leak Through Java Runtime Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-538', + name: 'File and Directory Information Exposure', + status: 'Draft', + }, + { + id: 'CWE-539', + name: 'Information Leak Through Persistent Cookies', + status: 'Incomplete', + }, + { + id: 'CWE-54', + name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", + status: 'Incomplete', + }, + { + id: 'CWE-540', + name: 'Information Leak Through Source Code', + status: 'Incomplete', + }, + { + id: 'CWE-541', + name: 'Information Leak Through Include Source Code', + status: 'Incomplete', + }, + { + id: 'CWE-542', + name: 'Information Leak Through Cleanup Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-543', + name: 'Use of Singleton Pattern Without Synchronization in a Multithreaded Context', + status: 'Incomplete', + }, + { + id: 'CWE-544', + name: 'Failure to Use a Standardized Error Handling Mechanism', + status: 'Draft', + }, + { + id: 'CWE-545', + name: 'Use of Dynamic Class Loading', + status: 'Incomplete', + }, + { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, + { + id: 'CWE-547', + name: 'Use of Hard-coded, Security-relevant Constants', + status: 'Draft', + }, + { + id: 'CWE-548', + name: 'Information Leak Through Directory Listing', + status: 'Draft', + }, + { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, + { + id: 'CWE-55', + name: "Path Equivalence: '/./' (Single Dot Directory)", + status: 'Incomplete', + }, + { + id: 'CWE-550', + name: 'Information Leak Through Server Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-551', + name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', + status: 'Incomplete', + }, + { + id: 'CWE-552', + name: 'Files or Directories Accessible to External Parties', + status: 'Draft', + }, + { + id: 'CWE-553', + name: 'Command Shell in Externally Accessible Directory', + status: 'Incomplete', + }, + { + id: 'CWE-554', + name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', + status: 'Draft', + }, + { + id: 'CWE-555', + name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-556', + name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', + status: 'Incomplete', + }, + { + id: 'CWE-558', + name: 'Use of getlogin() in Multithreaded Application', + status: 'Draft', + }, + { + id: 'CWE-56', + name: "Path Equivalence: 'filedir*' (Wildcard)", + status: 'Incomplete', + }, + { + id: 'CWE-560', + name: 'Use of umask() with chmod-style Argument', + status: 'Draft', + }, + { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, + { + id: 'CWE-562', + name: 'Return of Stack Variable Address', + status: 'Draft', + }, + { id: 'CWE-563', name: 'Unused Variable', status: 'Draft' }, + { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, + { + id: 'CWE-565', + name: 'Reliance on Cookies without Validation and Integrity Checking', + status: 'Incomplete', + }, + { + id: 'CWE-566', + name: 'Access Control Bypass Through User-Controlled SQL Primary Key', + status: 'Incomplete', + }, + { + id: 'CWE-567', + name: 'Unsynchronized Access to Shared Data', + status: 'Draft', + }, + { + id: 'CWE-568', + name: 'finalize() Method Without super.finalize()', + status: 'Draft', + }, + { + id: 'CWE-57', + name: "Path Equivalence: 'fakedir/../realdir/filename'", + status: 'Incomplete', + }, + { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, + { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, + { + id: 'CWE-572', + name: 'Call to Thread run() instead of start()', + status: 'Draft', + }, + { id: 'CWE-573', name: 'Failure to Follow Specification', status: 'Draft' }, + { + id: 'CWE-574', + name: 'EJB Bad Practices: Use of Synchronization Primitives', + status: 'Draft', + }, + { + id: 'CWE-575', + name: 'EJB Bad Practices: Use of AWT Swing', + status: 'Draft', + }, + { + id: 'CWE-576', + name: 'EJB Bad Practices: Use of Java I/O', + status: 'Draft', + }, + { + id: 'CWE-577', + name: 'EJB Bad Practices: Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-578', + name: 'EJB Bad Practices: Use of Class Loader', + status: 'Draft', + }, + { + id: 'CWE-579', + name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', + status: 'Draft', + }, + { + id: 'CWE-58', + name: 'Path Equivalence: Windows 8.3 Filename', + status: 'Incomplete', + }, + { + id: 'CWE-580', + name: 'clone() Method Without super.clone()', + status: 'Draft', + }, + { + id: 'CWE-581', + name: 'Object Model Violation: Just One of Equals and Hashcode Defined', + status: 'Draft', + }, + { + id: 'CWE-582', + name: 'Array Declared Public, Final, and Static', + status: 'Draft', + }, + { + id: 'CWE-583', + name: 'finalize() Method Declared Public', + status: 'Incomplete', + }, + { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, + { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, + { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, + { + id: 'CWE-587', + name: 'Assignment of a Fixed Address to a Pointer', + status: 'Draft', + }, + { + id: 'CWE-588', + name: 'Attempt to Access Child of a Non-structure Pointer', + status: 'Incomplete', + }, + { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, + { + id: 'CWE-59', + name: "Improper Link Resolution Before File Access ('Link Following')", + status: 'Draft', + }, + { + id: 'CWE-590', + name: 'Free of Memory not on the Heap', + status: 'Incomplete', + }, + { + id: 'CWE-591', + name: 'Sensitive Data Storage in Improperly Locked Memory', + status: 'Draft', + }, + { + id: 'CWE-592', + name: 'Authentication Bypass Issues', + status: 'Incomplete', + }, + { + id: 'CWE-593', + name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', + status: 'Draft', + }, + { + id: 'CWE-594', + name: 'J2EE Framework: Saving Unserializable Objects to Disk', + status: 'Incomplete', + }, + { + id: 'CWE-595', + name: 'Comparison of Object References Instead of Object Contents', + status: 'Incomplete', + }, + { + id: 'CWE-596', + name: 'Incorrect Semantic Object Comparison', + status: 'Incomplete', + }, + { + id: 'CWE-597', + name: 'Use of Wrong Operator in String Comparison', + status: 'Draft', + }, + { + id: 'CWE-598', + name: 'Information Leak Through Query Strings in GET Request', + status: 'Draft', + }, + { + id: 'CWE-599', + name: 'Trust of OpenSSL Certificate Without Validation', + status: 'Incomplete', + }, + { + id: 'CWE-6', + name: 'J2EE Misconfiguration: Insufficient Session-ID Length', + status: 'Incomplete', + }, + { + id: 'CWE-600', + name: 'Failure to Catch All Exceptions in Servlet ', + status: 'Draft', + }, + { + id: 'CWE-601', + name: "URL Redirection to Untrusted Site ('Open Redirect')", + status: 'Draft', + }, + { + id: 'CWE-602', + name: 'Client-Side Enforcement of Server-Side Security', + status: 'Draft', + }, + { + id: 'CWE-603', + name: 'Use of Client-Side Authentication', + status: 'Draft', + }, + { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, + { + id: 'CWE-606', + name: 'Unchecked Input for Loop Condition', + status: 'Draft', + }, + { + id: 'CWE-607', + name: 'Public Static Final Field References Mutable Object', + status: 'Draft', + }, + { + id: 'CWE-608', + name: 'Struts: Non-private Field in ActionForm Class', + status: 'Draft', + }, + { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, + { + id: 'CWE-610', + name: 'Externally Controlled Reference to a Resource in Another Sphere', + status: 'Draft', + }, + { + id: 'CWE-611', + name: 'Information Leak Through XML External Entity File Disclosure', + status: 'Draft', + }, + { + id: 'CWE-612', + name: 'Information Leak Through Indexing of Private Data', + status: 'Draft', + }, + { + id: 'CWE-613', + name: 'Insufficient Session Expiration', + status: 'Incomplete', + }, + { + id: 'CWE-614', + name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", + status: 'Draft', + }, + { + id: 'CWE-615', + name: 'Information Leak Through Comments', + status: 'Incomplete', + }, + { + id: 'CWE-616', + name: 'Incomplete Identification of Uploaded File Variables (PHP)', + status: 'Incomplete', + }, + { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, + { + id: 'CWE-618', + name: 'Exposed Unsafe ActiveX Method', + status: 'Incomplete', + }, + { + id: 'CWE-619', + name: "Dangling Database Cursor ('Cursor Injection')", + status: 'Incomplete', + }, + { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, + { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, + { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, + { + id: 'CWE-622', + name: 'Unvalidated Function Hook Arguments', + status: 'Draft', + }, + { + id: 'CWE-623', + name: 'Unsafe ActiveX Control Marked Safe For Scripting', + status: 'Draft', + }, + { + id: 'CWE-624', + name: 'Executable Regular Expression Error', + status: 'Incomplete', + }, + { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, + { + id: 'CWE-626', + name: 'Null Byte Interaction Error (Poison Null Byte)', + status: 'Draft', + }, + { + id: 'CWE-627', + name: 'Dynamic Variable Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-628', + name: 'Function Call with Incorrectly Specified Arguments', + status: 'Draft', + }, + { + id: 'CWE-636', + name: "Not Failing Securely ('Failing Open')", + status: 'Draft', + }, + { + id: 'CWE-637', + name: 'Failure to Use Economy of Mechanism', + status: 'Draft', + }, + { + id: 'CWE-638', + name: 'Failure to Use Complete Mediation', + status: 'Draft', + }, + { + id: 'CWE-639', + name: 'Access Control Bypass Through User-Controlled Key', + status: 'Incomplete', + }, + { + id: 'CWE-64', + name: 'Windows Shortcut Following (.LNK)', + status: 'Incomplete', + }, + { + id: 'CWE-640', + name: 'Weak Password Recovery Mechanism for Forgotten Password', + status: 'Incomplete', + }, + { + id: 'CWE-641', + name: 'Improper Restriction of Names for Files and Other Resources', + status: 'Incomplete', + }, + { + id: 'CWE-642', + name: 'External Control of Critical State Data', + status: 'Draft', + }, + { + id: 'CWE-643', + name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-644', + name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', + status: 'Incomplete', + }, + { + id: 'CWE-645', + name: 'Overly Restrictive Account Lockout Mechanism', + status: 'Incomplete', + }, + { + id: 'CWE-646', + name: 'Reliance on File Name or Extension of Externally-Supplied File', + status: 'Incomplete', + }, + { + id: 'CWE-647', + name: 'Use of Non-Canonical URL Paths for Authorization Decisions', + status: 'Incomplete', + }, + { + id: 'CWE-648', + name: 'Incorrect Use of Privileged APIs', + status: 'Incomplete', + }, + { + id: 'CWE-649', + name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', + status: 'Incomplete', + }, + { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, + { + id: 'CWE-650', + name: 'Trusting HTTP Permission Methods on the Server Side', + status: 'Incomplete', + }, + { + id: 'CWE-651', + name: 'Information Exposure through WSDL File', + status: 'Incomplete', + }, + { + id: 'CWE-652', + name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-653', + name: 'Insufficient Compartmentalization', + status: 'Draft', + }, + { + id: 'CWE-654', + name: 'Reliance on a Single Factor in a Security Decision', + status: 'Draft', + }, + { + id: 'CWE-655', + name: 'Insufficient Psychological Acceptability', + status: 'Draft', + }, + { + id: 'CWE-656', + name: 'Reliance on Security through Obscurity', + status: 'Draft', + }, + { + id: 'CWE-657', + name: 'Violation of Secure Design Principles', + status: 'Draft', + }, + { + id: 'CWE-66', + name: 'Improper Handling of File Names that Identify Virtual Resources', + status: 'Draft', + }, + { id: 'CWE-662', name: 'Improper Synchronization', status: 'Draft' }, + { + id: 'CWE-663', + name: 'Use of a Non-reentrant Function in a Multithreaded Context', + status: 'Draft', + }, + { + id: 'CWE-664', + name: 'Improper Control of a Resource Through its Lifetime', + status: 'Draft', + }, + { id: 'CWE-665', name: 'Improper Initialization', status: 'Draft' }, + { + id: 'CWE-666', + name: 'Operation on Resource in Wrong Phase of Lifetime', + status: 'Draft', + }, + { id: 'CWE-667', name: 'Insufficient Locking', status: 'Draft' }, + { + id: 'CWE-668', + name: 'Exposure of Resource to Wrong Sphere', + status: 'Draft', + }, + { + id: 'CWE-669', + name: 'Incorrect Resource Transfer Between Spheres', + status: 'Draft', + }, + { + id: 'CWE-67', + name: 'Improper Handling of Windows Device Names', + status: 'Incomplete', + }, + { + id: 'CWE-670', + name: 'Always-Incorrect Control Flow Implementation', + status: 'Draft', + }, + { + id: 'CWE-671', + name: 'Lack of Administrator Control over Security', + status: 'Draft', + }, + { + id: 'CWE-672', + name: 'Operation on a Resource after Expiration or Release', + status: 'Draft', + }, + { + id: 'CWE-673', + name: 'External Influence of Sphere Definition', + status: 'Draft', + }, + { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, + { + id: 'CWE-675', + name: 'Duplicate Operations on Resource', + status: 'Draft', + }, + { + id: 'CWE-676', + name: 'Use of Potentially Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-681', + name: 'Incorrect Conversion between Numeric Types', + status: 'Draft', + }, + { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, + { + id: 'CWE-683', + name: 'Function Call With Incorrect Order of Arguments', + status: 'Draft', + }, + { + id: 'CWE-684', + name: 'Failure to Provide Specified Functionality', + status: 'Draft', + }, + { + id: 'CWE-685', + name: 'Function Call With Incorrect Number of Arguments', + status: 'Draft', + }, + { + id: 'CWE-686', + name: 'Function Call With Incorrect Argument Type', + status: 'Draft', + }, + { + id: 'CWE-687', + name: 'Function Call With Incorrectly Specified Argument Value', + status: 'Draft', + }, + { + id: 'CWE-688', + name: 'Function Call With Incorrect Variable or Reference as Argument', + status: 'Draft', + }, + { + id: 'CWE-69', + name: 'Failure to Handle Windows ::DATA Alternate Data Stream', + status: 'Incomplete', + }, + { + id: 'CWE-691', + name: 'Insufficient Control Flow Management', + status: 'Draft', + }, + { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, + { + id: 'CWE-694', + name: 'Use of Multiple Resources with Duplicate Identifier', + status: 'Incomplete', + }, + { + id: 'CWE-695', + name: 'Use of Low-Level Functionality', + status: 'Incomplete', + }, + { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, + { id: 'CWE-697', name: 'Insufficient Comparison', status: 'Incomplete' }, + { id: 'CWE-698', name: 'Redirect Without Exit', status: 'Incomplete' }, + { + id: 'CWE-7', + name: 'J2EE Misconfiguration: Missing Custom Error Page', + status: 'Incomplete', + }, + { + id: 'CWE-703', + name: 'Failure to Handle Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-704', + name: 'Incorrect Type Conversion or Cast', + status: 'Incomplete', + }, + { + id: 'CWE-705', + name: 'Incorrect Control Flow Scoping', + status: 'Incomplete', + }, + { + id: 'CWE-706', + name: 'Use of Incorrectly-Resolved Name or Reference', + status: 'Incomplete', + }, + { + id: 'CWE-707', + name: 'Improper Enforcement of Message or Data Structure', + status: 'Incomplete', + }, + { + id: 'CWE-708', + name: 'Incorrect Ownership Assignment', + status: 'Incomplete', + }, + { id: 'CWE-71', name: "Apple '.DS_Store'", status: 'Incomplete' }, + { id: 'CWE-710', name: 'Coding Standards Violation', status: 'Incomplete' }, + { + id: 'CWE-72', + name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', + status: 'Incomplete', + }, + { + id: 'CWE-73', + name: 'External Control of File Name or Path', + status: 'Draft', + }, + { + id: 'CWE-732', + name: 'Incorrect Permission Assignment for Critical Resource', + status: 'Draft', + }, + { + id: 'CWE-733', + name: 'Compiler Optimization Removal or Modification of Security-critical Code', + status: 'Incomplete', + }, + { + id: 'CWE-74', + name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-749', + name: 'Exposed Dangerous Method or Function', + status: 'Incomplete', + }, + { + id: 'CWE-75', + name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', + status: 'Draft', + }, + { + id: 'CWE-754', + name: 'Improper Check for Unusual or Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-755', + name: 'Improper Handling of Exceptional Conditions', + status: 'Incomplete', + }, + { id: 'CWE-756', name: 'Missing Custom Error Page', status: 'Incomplete' }, + { + id: 'CWE-757', + name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", + status: 'Incomplete', + }, + { + id: 'CWE-758', + name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', + status: 'Incomplete', + }, + { + id: 'CWE-759', + name: 'Use of a One-Way Hash without a Salt', + status: 'Incomplete', + }, + { + id: 'CWE-76', + name: 'Improper Neutralization of Equivalent Special Elements', + status: 'Draft', + }, + { + id: 'CWE-760', + name: 'Use of a One-Way Hash with a Predictable Salt', + status: 'Incomplete', + }, + { + id: 'CWE-761', + name: 'Free of Pointer not at Start of Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-762', + name: 'Mismatched Memory Management Routines', + status: 'Incomplete', + }, + { + id: 'CWE-763', + name: 'Release of Invalid Pointer or Reference', + status: 'Incomplete', + }, + { + id: 'CWE-764', + name: 'Multiple Locks of a Critical Resource', + status: 'Incomplete', + }, + { + id: 'CWE-765', + name: 'Multiple Unlocks of a Critical Resource', + status: 'Incomplete', + }, + { + id: 'CWE-766', + name: 'Critical Variable Declared Public', + status: 'Incomplete', + }, + { + id: 'CWE-767', + name: 'Access to Critical Private Variable via Public Method', + status: 'Incomplete', + }, + { + id: 'CWE-768', + name: 'Incorrect Short Circuit Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-77', + name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", + status: 'Draft', + }, + { + id: 'CWE-770', + name: 'Allocation of Resources Without Limits or Throttling', + status: 'Incomplete', + }, + { + id: 'CWE-771', + name: 'Missing Reference to Active Allocated Resource', + status: 'Incomplete', + }, + { + id: 'CWE-772', + name: 'Missing Release of Resource after Effective Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-773', + name: 'Missing Reference to Active File Descriptor or Handle', + status: 'Incomplete', + }, + { + id: 'CWE-774', + name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', + status: 'Incomplete', + }, + { + id: 'CWE-775', + name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-776', + name: "Unrestricted Recursive Entity References in DTDs ('XML Bomb')", + status: 'Draft', + }, + { + id: 'CWE-777', + name: 'Regular Expression without Anchors', + status: 'Incomplete', + }, + { id: 'CWE-778', name: 'Insufficient Logging', status: 'Draft' }, + { id: 'CWE-779', name: 'Logging of Excessive Data', status: 'Draft' }, + { + id: 'CWE-78', + name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", + status: 'Draft', + }, + { + id: 'CWE-780', + name: 'Use of RSA Algorithm without OAEP', + status: 'Incomplete', + }, + { + id: 'CWE-781', + name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', + status: 'Draft', + }, + { + id: 'CWE-782', + name: 'Exposed IOCTL with Insufficient Access Control', + status: 'Draft', + }, + { id: 'CWE-783', name: 'Operator Precedence Logic Error', status: 'Draft' }, + { + id: 'CWE-784', + name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', + status: 'Draft', + }, + { + id: 'CWE-785', + name: 'Use of Path Manipulation Function without Maximum-sized Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-786', + name: 'Access of Memory Location Before Start of Buffer', + status: 'Incomplete', + }, + { id: 'CWE-787', name: 'Out-of-bounds Write', status: 'Incomplete' }, + { + id: 'CWE-788', + name: 'Access of Memory Location After End of Buffer', + status: 'Incomplete', + }, + { id: 'CWE-789', name: 'Uncontrolled Memory Allocation', status: 'Draft' }, + { + id: 'CWE-79', + name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + status: 'Usable', + }, + { + id: 'CWE-790', + name: 'Improper Filtering of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-791', + name: 'Incomplete Filtering of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-792', + name: 'Incomplete Filtering of One or More Instances of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-793', + name: 'Only Filtering One Instance of a Special Element', + status: 'Incomplete', + }, + { + id: 'CWE-794', + name: 'Incomplete Filtering of Multiple Instances of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-795', + name: 'Only Filtering Special Elements at a Specified Location', + status: 'Incomplete', + }, + { + id: 'CWE-796', + name: 'Only Filtering Special Elements Relative to a Marker', + status: 'Incomplete', + }, + { + id: 'CWE-797', + name: 'Only Filtering Special Elements at an Absolute Position', + status: 'Incomplete', + }, + { + id: 'CWE-798', + name: 'Use of Hard-coded Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-799', + name: 'Improper Control of Interaction Frequency', + status: 'Incomplete', + }, + { + id: 'CWE-8', + name: 'J2EE Misconfiguration: Entity Bean Declared Remote', + status: 'Incomplete', + }, + { + id: 'CWE-80', + name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', + status: 'Incomplete', + }, + { id: 'CWE-804', name: 'Guessable CAPTCHA', status: 'Incomplete' }, + { + id: 'CWE-805', + name: 'Buffer Access with Incorrect Length Value', + status: 'Incomplete', + }, + { + id: 'CWE-806', + name: 'Buffer Access Using Size of Source Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-807', + name: 'Reliance on Untrusted Inputs in a Security Decision', + status: 'Incomplete', + }, + { + id: 'CWE-81', + name: 'Improper Neutralization of Script in an Error Message Web Page', + status: 'Incomplete', + }, + { + id: 'CWE-82', + name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', + status: 'Incomplete', + }, + { id: 'CWE-820', name: 'Missing Synchronization', status: 'Incomplete' }, + { id: 'CWE-821', name: 'Incorrect Synchronization', status: 'Incomplete' }, + { + id: 'CWE-822', + name: 'Untrusted Pointer Dereference', + status: 'Incomplete', + }, + { + id: 'CWE-823', + name: 'Use of Out-of-range Pointer Offset', + status: 'Incomplete', + }, + { + id: 'CWE-824', + name: 'Access of Uninitialized Pointer', + status: 'Incomplete', + }, + { + id: 'CWE-825', + name: 'Expired Pointer Dereference', + status: 'Incomplete', + }, + { + id: 'CWE-826', + name: 'Premature Release of Resource During Expected Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-83', + name: 'Improper Neutralization of Script in Attributes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-84', + name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-85', + name: 'Doubled Character XSS Manipulations', + status: 'Draft', + }, + { + id: 'CWE-86', + name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', + status: 'Draft', + }, + { + id: 'CWE-87', + name: 'Improper Neutralization of Alternate XSS Syntax', + status: 'Draft', + }, + { + id: 'CWE-88', + name: 'Argument Injection or Modification', + status: 'Draft', + }, + { + id: 'CWE-89', + name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + status: 'Draft', + }, + { + id: 'CWE-9', + name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', + status: 'Draft', + }, + { + id: 'CWE-90', + name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", + status: 'Draft', + }, + { + id: 'CWE-91', + name: 'XML Injection (aka Blind XPath Injection)', + status: 'Draft', + }, + { + id: 'CWE-92', + name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', + status: 'Deprecated', + }, + { + id: 'CWE-93', + name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", + status: 'Draft', + }, + { + id: 'CWE-94', + name: "Failure to Control Generation of Code ('Code Injection')", + status: 'Draft', + }, + { + id: 'CWE-95', + name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-96', + name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", + status: 'Draft', + }, + { + id: 'CWE-97', + name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', + status: 'Draft', + }, + { + id: 'CWE-98', + name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP File Inclusion')", + status: 'Draft', + }, + { + id: 'CWE-99', + name: "Improper Control of Resource Identifiers ('Resource Injection')", + status: 'Draft', + }, + ], +} diff --git a/lib/cwec/1.11.js b/lib/cwec/1.11.js new file mode 100644 index 00000000..38e6d315 --- /dev/null +++ b/lib/cwec/1.11.js @@ -0,0 +1,2778 @@ +export default { + weaknesses: [ + { + id: 'CWE-102', + name: 'Struts: Duplicate Validation Forms', + status: 'Incomplete', + }, + { + id: 'CWE-103', + name: 'Struts: Incomplete validate() Method Definition', + status: 'Draft', + }, + { + id: 'CWE-104', + name: 'Struts: Form Bean Does Not Extend Validation Class', + status: 'Draft', + }, + { + id: 'CWE-105', + name: 'Struts: Form Field Without Validator', + status: 'Draft', + }, + { + id: 'CWE-106', + name: 'Struts: Plug-in Framework not in Use', + status: 'Draft', + }, + { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, + { + id: 'CWE-108', + name: 'Struts: Unvalidated Action Form', + status: 'Incomplete', + }, + { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, + { + id: 'CWE-11', + name: 'ASP.NET Misconfiguration: Creating Debug Binary', + status: 'Draft', + }, + { + id: 'CWE-110', + name: 'Struts: Validator Without Form Field', + status: 'Draft', + }, + { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, + { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, + { + id: 'CWE-113', + name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')", + status: 'Incomplete', + }, + { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, + { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, + { + id: 'CWE-116', + name: 'Improper Encoding or Escaping of Output', + status: 'Draft', + }, + { + id: 'CWE-117', + name: 'Improper Output Neutralization for Logs', + status: 'Draft', + }, + { + id: 'CWE-118', + name: "Improper Access of Indexable Resource ('Range Error')", + status: 'Incomplete', + }, + { + id: 'CWE-119', + name: 'Improper Restriction of Operations within the Bounds of a Memory Buffer', + status: 'Usable', + }, + { + id: 'CWE-12', + name: 'ASP.NET Misconfiguration: Missing Custom Error Page', + status: 'Draft', + }, + { + id: 'CWE-120', + name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", + status: 'Incomplete', + }, + { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, + { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, + { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, + { + id: 'CWE-124', + name: "Buffer Underwrite ('Buffer Underflow')", + status: 'Incomplete', + }, + { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, + { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, + { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, + { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, + { + id: 'CWE-129', + name: 'Improper Validation of Array Index', + status: 'Draft', + }, + { + id: 'CWE-13', + name: 'ASP.NET Misconfiguration: Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-130', + name: 'Improper Handling of Length Parameter Inconsistency ', + status: 'Incomplete', + }, + { + id: 'CWE-131', + name: 'Incorrect Calculation of Buffer Size', + status: 'Draft', + }, + { + id: 'CWE-132', + name: 'DEPRECATED (Duplicate): Miscalculated Null Termination', + status: 'Deprecated', + }, + { id: 'CWE-134', name: 'Uncontrolled Format String', status: 'Draft' }, + { + id: 'CWE-135', + name: 'Incorrect Calculation of Multi-Byte String Length', + status: 'Draft', + }, + { + id: 'CWE-138', + name: 'Improper Neutralization of Special Elements', + status: 'Draft', + }, + { + id: 'CWE-14', + name: 'Compiler Removal of Code to Clear Buffers', + status: 'Draft', + }, + { + id: 'CWE-140', + name: 'Improper Neutralization of Delimiters', + status: 'Draft', + }, + { + id: 'CWE-141', + name: 'Improper Neutralization of Parameter/Argument Delimiters', + status: 'Draft', + }, + { + id: 'CWE-142', + name: 'Improper Neutralization of Value Delimiters', + status: 'Draft', + }, + { + id: 'CWE-143', + name: 'Improper Neutralization of Record Delimiters', + status: 'Draft', + }, + { + id: 'CWE-144', + name: 'Improper Neutralization of Line Delimiters', + status: 'Draft', + }, + { + id: 'CWE-145', + name: 'Improper Neutralization of Section Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-146', + name: 'Improper Neutralization of Expression/Command Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-147', + name: 'Improper Neutralization of Input Terminators', + status: 'Draft', + }, + { + id: 'CWE-148', + name: 'Improper Neutralization of Input Leaders', + status: 'Draft', + }, + { + id: 'CWE-149', + name: 'Improper Neutralization of Quoting Syntax', + status: 'Draft', + }, + { + id: 'CWE-15', + name: 'External Control of System or Configuration Setting', + status: 'Incomplete', + }, + { + id: 'CWE-150', + name: 'Improper Neutralization of Escape, Meta, or Control Sequences', + status: 'Incomplete', + }, + { + id: 'CWE-151', + name: 'Improper Neutralization of Comment Delimiters', + status: 'Draft', + }, + { + id: 'CWE-152', + name: 'Improper Neutralization of Macro Symbols', + status: 'Draft', + }, + { + id: 'CWE-153', + name: 'Improper Neutralization of Substitution Characters', + status: 'Draft', + }, + { + id: 'CWE-154', + name: 'Improper Neutralization of Variable Name Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-155', + name: 'Improper Neutralization of Wildcards or Matching Symbols', + status: 'Draft', + }, + { + id: 'CWE-156', + name: 'Improper Neutralization of Whitespace', + status: 'Draft', + }, + { + id: 'CWE-157', + name: 'Failure to Sanitize Paired Delimiters', + status: 'Draft', + }, + { + id: 'CWE-158', + name: 'Improper Neutralization of Null Byte or NUL Character', + status: 'Incomplete', + }, + { + id: 'CWE-159', + name: 'Failure to Sanitize Special Element', + status: 'Draft', + }, + { + id: 'CWE-160', + name: 'Improper Neutralization of Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-161', + name: 'Improper Neutralization of Multiple Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-162', + name: 'Improper Neutralization of Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-163', + name: 'Improper Neutralization of Multiple Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-164', + name: 'Improper Neutralization of Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-165', + name: 'Improper Neutralization of Multiple Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-166', + name: 'Improper Handling of Missing Special Element', + status: 'Draft', + }, + { + id: 'CWE-167', + name: 'Improper Handling of Additional Special Element', + status: 'Draft', + }, + { + id: 'CWE-168', + name: 'Improper Handling of Inconsistent Special Elements', + status: 'Draft', + }, + { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, + { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, + { + id: 'CWE-173', + name: 'Improper Handling of Alternate Encoding', + status: 'Draft', + }, + { + id: 'CWE-174', + name: 'Double Decoding of the Same Data', + status: 'Draft', + }, + { + id: 'CWE-175', + name: 'Improper Handling of Mixed Encoding', + status: 'Draft', + }, + { + id: 'CWE-176', + name: 'Improper Handling of Unicode Encoding', + status: 'Draft', + }, + { + id: 'CWE-177', + name: 'Improper Handling of URL Encoding (Hex Encoding)', + status: 'Draft', + }, + { + id: 'CWE-178', + name: 'Improper Handling of Case Sensitivity', + status: 'Incomplete', + }, + { + id: 'CWE-179', + name: 'Incorrect Behavior Order: Early Validation', + status: 'Incomplete', + }, + { + id: 'CWE-180', + name: 'Incorrect Behavior Order: Validate Before Canonicalize', + status: 'Draft', + }, + { + id: 'CWE-181', + name: 'Incorrect Behavior Order: Validate Before Filter', + status: 'Draft', + }, + { + id: 'CWE-182', + name: 'Collapse of Data into Unsafe Value', + status: 'Draft', + }, + { id: 'CWE-183', name: 'Permissive Whitelist', status: 'Draft' }, + { id: 'CWE-184', name: 'Incomplete Blacklist', status: 'Draft' }, + { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, + { + id: 'CWE-186', + name: 'Overly Restrictive Regular Expression', + status: 'Draft', + }, + { id: 'CWE-187', name: 'Partial Comparison', status: 'Incomplete' }, + { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, + { + id: 'CWE-190', + name: 'Integer Overflow or Wraparound', + status: 'Incomplete', + }, + { + id: 'CWE-191', + name: 'Integer Underflow (Wrap or Wraparound)', + status: 'Draft', + }, + { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, + { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, + { + id: 'CWE-195', + name: 'Signed to Unsigned Conversion Error', + status: 'Draft', + }, + { + id: 'CWE-196', + name: 'Unsigned to Signed Conversion Error', + status: 'Draft', + }, + { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, + { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, + { id: 'CWE-20', name: 'Improper Input Validation', status: 'Usable' }, + { id: 'CWE-200', name: 'Information Exposure', status: 'Incomplete' }, + { + id: 'CWE-201', + name: 'Information Exposure Through Sent Data', + status: 'Draft', + }, + { + id: 'CWE-202', + name: 'Privacy Leak through Data Queries', + status: 'Draft', + }, + { + id: 'CWE-203', + name: 'Information Exposure Through Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-204', + name: 'Response Discrepancy Information Exposure', + status: 'Incomplete', + }, + { + id: 'CWE-205', + name: 'Information Exposure Through Behavioral Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-206', + name: 'Internal Behavioral Inconsistency Information Leak', + status: 'Incomplete', + }, + { + id: 'CWE-207', + name: 'Information Exposure Through an External Behavioral Inconsistency', + status: 'Draft', + }, + { + id: 'CWE-208', + name: 'Timing Discrepancy Information Leak', + status: 'Incomplete', + }, + { + id: 'CWE-209', + name: 'Information Exposure Through an Error Message', + status: 'Draft', + }, + { + id: 'CWE-210', + name: 'Product-Generated Error Message Information Leak', + status: 'Draft', + }, + { + id: 'CWE-211', + name: 'Product-External Error Message Information Leak', + status: 'Incomplete', + }, + { + id: 'CWE-212', + name: 'Improper Cross-boundary Removal of Sensitive Data', + status: 'Incomplete', + }, + { id: 'CWE-213', name: 'Intended Information Leak', status: 'Draft' }, + { + id: 'CWE-214', + name: 'Process Environment Information Leak', + status: 'Incomplete', + }, + { + id: 'CWE-215', + name: 'Information Exposure Through Debug Information', + status: 'Draft', + }, + { + id: 'CWE-216', + name: 'Containment Errors (Container Errors)', + status: 'Incomplete', + }, + { + id: 'CWE-217', + name: 'DEPRECATED: Failure to Protect Stored Data from Modification', + status: 'Deprecated', + }, + { + id: 'CWE-218', + name: 'DEPRECATED (Duplicate): Failure to provide confidentiality for stored data', + status: 'Deprecated', + }, + { id: 'CWE-219', name: 'Sensitive Data Under Web Root', status: 'Draft' }, + { + id: 'CWE-22', + name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + status: 'Draft', + }, + { id: 'CWE-220', name: 'Sensitive Data Under FTP Root', status: 'Draft' }, + { + id: 'CWE-221', + name: 'Information Loss or Omission', + status: 'Incomplete', + }, + { + id: 'CWE-222', + name: 'Truncation of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-223', + name: 'Omission of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-224', + name: 'Obscured Security-relevant Information by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-225', + name: 'DEPRECATED (Duplicate): General Information Management Problems', + status: 'Deprecated', + }, + { + id: 'CWE-226', + name: 'Sensitive Information Uncleared Before Release', + status: 'Draft', + }, + { + id: 'CWE-227', + name: "Failure to Fulfill API Contract ('API Abuse')", + status: 'Draft', + }, + { + id: 'CWE-228', + name: 'Improper Handling of Syntactically Invalid Structure', + status: 'Incomplete', + }, + { + id: 'CWE-229', + name: 'Improper Handling of Values', + status: 'Incomplete', + }, + { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, + { + id: 'CWE-230', + name: 'Improper Handling of Missing Values', + status: 'Draft', + }, + { + id: 'CWE-231', + name: 'Improper Handling of Extra Values', + status: 'Draft', + }, + { + id: 'CWE-232', + name: 'Improper Handling of Undefined Values', + status: 'Draft', + }, + { id: 'CWE-233', name: 'Parameter Problems', status: 'Incomplete' }, + { + id: 'CWE-234', + name: 'Failure to Handle Missing Parameter', + status: 'Incomplete', + }, + { + id: 'CWE-235', + name: 'Improper Handling of Extra Parameters', + status: 'Draft', + }, + { + id: 'CWE-236', + name: 'Improper Handling of Undefined Parameters', + status: 'Draft', + }, + { + id: 'CWE-237', + name: 'Improper Handling of Structural Elements', + status: 'Incomplete', + }, + { + id: 'CWE-238', + name: 'Improper Handling of Incomplete Structural Elements', + status: 'Draft', + }, + { + id: 'CWE-239', + name: 'Failure to Handle Incomplete Element', + status: 'Draft', + }, + { + id: 'CWE-24', + name: "Path Traversal: '../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-240', + name: 'Improper Handling of Inconsistent Structural Elements', + status: 'Draft', + }, + { + id: 'CWE-241', + name: 'Improper Handling of Unexpected Data Type', + status: 'Draft', + }, + { + id: 'CWE-242', + name: 'Use of Inherently Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-243', + name: 'Creation of chroot Jail Without Changing Working Directory', + status: 'Draft', + }, + { + id: 'CWE-244', + name: "Improper Clearing of Heap Memory Before Release ('Heap Inspection')", + status: 'Draft', + }, + { + id: 'CWE-245', + name: 'J2EE Bad Practices: Direct Management of Connections', + status: 'Draft', + }, + { + id: 'CWE-246', + name: 'J2EE Bad Practices: Direct Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-247', + name: 'Reliance on DNS Lookups in a Security Decision', + status: 'Incomplete', + }, + { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, + { + id: 'CWE-249', + name: 'DEPRECATED: Often Misused: Path Manipulation', + status: 'Deprecated', + }, + { + id: 'CWE-25', + name: "Path Traversal: '/../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-250', + name: 'Execution with Unnecessary Privileges', + status: 'Draft', + }, + { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, + { + id: 'CWE-253', + name: 'Incorrect Check of Function Return Value', + status: 'Incomplete', + }, + { + id: 'CWE-256', + name: 'Plaintext Storage of a Password', + status: 'Incomplete', + }, + { + id: 'CWE-257', + name: 'Storing Passwords in a Recoverable Format', + status: 'Incomplete', + }, + { + id: 'CWE-258', + name: 'Empty Password in Configuration File', + status: 'Incomplete', + }, + { id: 'CWE-259', name: 'Use of Hard-coded Password', status: 'Draft' }, + { + id: 'CWE-26', + name: "Path Traversal: '/dir/../filename'", + status: 'Draft', + }, + { + id: 'CWE-260', + name: 'Password in Configuration File', + status: 'Incomplete', + }, + { + id: 'CWE-261', + name: 'Weak Cryptography for Passwords', + status: 'Incomplete', + }, + { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, + { + id: 'CWE-263', + name: 'Password Aging with Long Expiration', + status: 'Draft', + }, + { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, + { + id: 'CWE-267', + name: 'Privilege Defined With Unsafe Actions', + status: 'Incomplete', + }, + { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, + { + id: 'CWE-269', + name: 'Improper Privilege Management', + status: 'Incomplete', + }, + { + id: 'CWE-27', + name: "Path Traversal: 'dir/../../filename'", + status: 'Draft', + }, + { + id: 'CWE-270', + name: 'Privilege Context Switching Error', + status: 'Draft', + }, + { + id: 'CWE-271', + name: 'Privilege Dropping / Lowering Errors', + status: 'Incomplete', + }, + { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, + { + id: 'CWE-273', + name: 'Improper Check for Dropped Privileges', + status: 'Incomplete', + }, + { + id: 'CWE-274', + name: 'Improper Handling of Insufficient Privileges', + status: 'Draft', + }, + { id: 'CWE-276', name: 'Incorrect Default Permissions', status: 'Draft' }, + { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, + { + id: 'CWE-278', + name: 'Insecure Preserved Inherited Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-279', + name: 'Incorrect Execution-Assigned Permissions', + status: 'Draft', + }, + { + id: 'CWE-28', + name: "Path Traversal: '..\\filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-280', + name: 'Improper Handling of Insufficient Permissions or Privileges ', + status: 'Draft', + }, + { + id: 'CWE-281', + name: 'Improper Preservation of Permissions', + status: 'Draft', + }, + { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, + { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, + { + id: 'CWE-284', + name: 'Access Control (Authorization) Issues', + status: 'Incomplete', + }, + { + id: 'CWE-285', + name: 'Improper Access Control (Authorization)', + status: 'Draft', + }, + { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, + { id: 'CWE-287', name: 'Improper Authentication', status: 'Draft' }, + { + id: 'CWE-288', + name: 'Authentication Bypass Using an Alternate Path or Channel', + status: 'Incomplete', + }, + { + id: 'CWE-289', + name: 'Authentication Bypass by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-29', + name: "Path Traversal: '\\..\\filename'", + status: 'Incomplete', + }, + { + id: 'CWE-290', + name: 'Authentication Bypass by Spoofing', + status: 'Incomplete', + }, + { + id: 'CWE-292', + name: 'Trusting Self-reported DNS Name', + status: 'Incomplete', + }, + { + id: 'CWE-293', + name: 'Using Referer Field for Authentication', + status: 'Draft', + }, + { + id: 'CWE-294', + name: 'Authentication Bypass by Capture-replay', + status: 'Incomplete', + }, + { + id: 'CWE-296', + name: 'Improper Following of Chain of Trust for Certificate Validation', + status: 'Draft', + }, + { + id: 'CWE-297', + name: 'Improper Validation of Host-specific Certificate Data', + status: 'Incomplete', + }, + { + id: 'CWE-298', + name: 'Improper Validation of Certificate Expiration', + status: 'Draft', + }, + { + id: 'CWE-299', + name: 'Improper Check for Certificate Revocation', + status: 'Draft', + }, + { + id: 'CWE-30', + name: "Path Traversal: '\\dir\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-300', + name: "Channel Accessible by Non-Endpoint ('Man-in-the-Middle')", + status: 'Draft', + }, + { + id: 'CWE-301', + name: 'Reflection Attack in an Authentication Protocol', + status: 'Draft', + }, + { + id: 'CWE-302', + name: 'Authentication Bypass by Assumed-Immutable Data', + status: 'Incomplete', + }, + { + id: 'CWE-303', + name: 'Incorrect Implementation of Authentication Algorithm', + status: 'Draft', + }, + { + id: 'CWE-304', + name: 'Missing Critical Step in Authentication', + status: 'Draft', + }, + { + id: 'CWE-305', + name: 'Authentication Bypass by Primary Weakness', + status: 'Draft', + }, + { + id: 'CWE-306', + name: 'Missing Authentication for Critical Function', + status: 'Draft', + }, + { + id: 'CWE-307', + name: 'Improper Restriction of Excessive Authentication Attempts', + status: 'Draft', + }, + { + id: 'CWE-308', + name: 'Use of Single-factor Authentication', + status: 'Draft', + }, + { + id: 'CWE-309', + name: 'Use of Password System for Primary Authentication', + status: 'Draft', + }, + { + id: 'CWE-31', + name: "Path Traversal: 'dir\\..\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-311', + name: 'Missing Encryption of Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-312', + name: 'Cleartext Storage of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-313', + name: 'Plaintext Storage in a File or on Disk', + status: 'Draft', + }, + { + id: 'CWE-314', + name: 'Plaintext Storage in the Registry', + status: 'Draft', + }, + { id: 'CWE-315', name: 'Plaintext Storage in a Cookie', status: 'Draft' }, + { id: 'CWE-316', name: 'Plaintext Storage in Memory', status: 'Draft' }, + { id: 'CWE-317', name: 'Plaintext Storage in GUI', status: 'Draft' }, + { id: 'CWE-318', name: 'Plaintext Storage in Executable', status: 'Draft' }, + { + id: 'CWE-319', + name: 'Cleartext Transmission of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-32', + name: "Path Traversal: '...' (Triple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-321', + name: 'Use of Hard-coded Cryptographic Key', + status: 'Draft', + }, + { + id: 'CWE-322', + name: 'Key Exchange without Entity Authentication', + status: 'Draft', + }, + { + id: 'CWE-323', + name: 'Reusing a Nonce, Key Pair in Encryption', + status: 'Incomplete', + }, + { + id: 'CWE-324', + name: 'Use of a Key Past its Expiration Date', + status: 'Draft', + }, + { + id: 'CWE-325', + name: 'Missing Required Cryptographic Step', + status: 'Incomplete', + }, + { id: 'CWE-326', name: 'Inadequate Encryption Strength', status: 'Draft' }, + { + id: 'CWE-327', + name: 'Use of a Broken or Risky Cryptographic Algorithm', + status: 'Draft', + }, + { id: 'CWE-328', name: 'Reversible One-Way Hash', status: 'Draft' }, + { + id: 'CWE-329', + name: 'Not Using a Random IV with CBC Mode', + status: 'Draft', + }, + { + id: 'CWE-33', + name: "Path Traversal: '....' (Multiple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-330', + name: 'Use of Insufficiently Random Values', + status: 'Usable', + }, + { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, + { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, + { + id: 'CWE-333', + name: 'Improper Handling of Insufficient Entropy in TRNG', + status: 'Draft', + }, + { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, + { id: 'CWE-335', name: 'PRNG Seed Error', status: 'Draft' }, + { id: 'CWE-336', name: 'Same Seed in PRNG', status: 'Draft' }, + { id: 'CWE-337', name: 'Predictable Seed in PRNG', status: 'Draft' }, + { + id: 'CWE-338', + name: 'Use of Cryptographically Weak PRNG', + status: 'Draft', + }, + { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, + { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, + { id: 'CWE-340', name: 'Predictability Problems', status: 'Incomplete' }, + { + id: 'CWE-341', + name: 'Predictable from Observable State', + status: 'Draft', + }, + { + id: 'CWE-342', + name: 'Predictable Exact Value from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-343', + name: 'Predictable Value Range from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-344', + name: 'Use of Invariant Value in Dynamically Changing Context', + status: 'Draft', + }, + { + id: 'CWE-345', + name: 'Insufficient Verification of Data Authenticity', + status: 'Draft', + }, + { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, + { + id: 'CWE-347', + name: 'Improper Verification of Cryptographic Signature', + status: 'Draft', + }, + { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, + { + id: 'CWE-349', + name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', + status: 'Draft', + }, + { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, + { id: 'CWE-350', name: 'Improperly Trusted Reverse DNS', status: 'Draft' }, + { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, + { + id: 'CWE-353', + name: 'Missing Support for Integrity Check', + status: 'Draft', + }, + { + id: 'CWE-354', + name: 'Improper Validation of Integrity Check Value', + status: 'Draft', + }, + { + id: 'CWE-356', + name: 'Product UI does not Warn User of Unsafe Actions', + status: 'Incomplete', + }, + { + id: 'CWE-357', + name: 'Insufficient UI Warning of Dangerous Operations', + status: 'Draft', + }, + { + id: 'CWE-358', + name: 'Improperly Implemented Security Check for Standard', + status: 'Draft', + }, + { id: 'CWE-359', name: 'Privacy Violation', status: 'Incomplete' }, + { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, + { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, + { + id: 'CWE-362', + name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", + status: 'Draft', + }, + { + id: 'CWE-363', + name: 'Race Condition Enabling Link Following', + status: 'Draft', + }, + { + id: 'CWE-364', + name: 'Signal Handler Race Condition', + status: 'Incomplete', + }, + { id: 'CWE-365', name: 'Race Condition in Switch', status: 'Draft' }, + { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, + { + id: 'CWE-367', + name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', + status: 'Incomplete', + }, + { + id: 'CWE-368', + name: 'Context Switching Race Condition', + status: 'Draft', + }, + { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, + { + id: 'CWE-37', + name: "Path Traversal: '/absolute/pathname/here'", + status: 'Draft', + }, + { + id: 'CWE-370', + name: 'Missing Check for Certificate Revocation after Initial Check', + status: 'Draft', + }, + { + id: 'CWE-372', + name: 'Incomplete Internal State Distinction', + status: 'Draft', + }, + { + id: 'CWE-373', + name: 'DEPRECATED: State Synchronization Error', + status: 'Deprecated', + }, + { + id: 'CWE-374', + name: 'Passing Mutable Objects to an Untrusted Method', + status: 'Draft', + }, + { + id: 'CWE-375', + name: 'Returning a Mutable Object to an Untrusted Caller', + status: 'Draft', + }, + { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, + { + id: 'CWE-378', + name: 'Creation of Temporary File With Insecure Permissions', + status: 'Draft', + }, + { + id: 'CWE-379', + name: 'Creation of Temporary File in Directory with Incorrect Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-38', + name: "Path Traversal: '\\absolute\\pathname\\here'", + status: 'Draft', + }, + { + id: 'CWE-382', + name: 'J2EE Bad Practices: Use of System.exit()', + status: 'Draft', + }, + { + id: 'CWE-383', + name: 'J2EE Bad Practices: Direct Use of Threads', + status: 'Draft', + }, + { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, + { + id: 'CWE-386', + name: 'Symbolic Name not Mapping to Correct Object', + status: 'Draft', + }, + { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, + { + id: 'CWE-390', + name: 'Detection of Error Condition Without Action', + status: 'Draft', + }, + { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, + { + id: 'CWE-392', + name: 'Missing Report of Error Condition', + status: 'Draft', + }, + { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, + { + id: 'CWE-394', + name: 'Unexpected Status Code or Return Value', + status: 'Draft', + }, + { + id: 'CWE-395', + name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', + status: 'Draft', + }, + { + id: 'CWE-396', + name: 'Declaration of Catch for Generic Exception', + status: 'Draft', + }, + { + id: 'CWE-397', + name: 'Declaration of Throws for Generic Exception', + status: 'Draft', + }, + { id: 'CWE-398', name: 'Indicator of Poor Code Quality', status: 'Draft' }, + { + id: 'CWE-40', + name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", + status: 'Draft', + }, + { + id: 'CWE-400', + name: "Uncontrolled Resource Consumption ('Resource Exhaustion')", + status: 'Incomplete', + }, + { + id: 'CWE-401', + name: "Improper Release of Memory Before Removing Last Reference ('Memory Leak')", + status: 'Draft', + }, + { + id: 'CWE-402', + name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", + status: 'Draft', + }, + { id: 'CWE-403', name: 'UNIX File Descriptor Leak', status: 'Draft' }, + { + id: 'CWE-404', + name: 'Improper Resource Shutdown or Release', + status: 'Draft', + }, + { + id: 'CWE-405', + name: 'Asymmetric Resource Consumption (Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-406', + name: 'Insufficient Control of Network Message Volume (Network Amplification)', + status: 'Incomplete', + }, + { id: 'CWE-407', name: 'Algorithmic Complexity', status: 'Incomplete' }, + { + id: 'CWE-408', + name: 'Incorrect Behavior Order: Early Amplification', + status: 'Draft', + }, + { + id: 'CWE-409', + name: 'Improper Handling of Highly Compressed Data (Data Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-41', + name: 'Improper Resolution of Path Equivalence', + status: 'Incomplete', + }, + { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, + { + id: 'CWE-412', + name: 'Unrestricted Externally Accessible Lock', + status: 'Incomplete', + }, + { id: 'CWE-413', name: 'Improper Resource Locking', status: 'Draft' }, + { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, + { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, + { id: 'CWE-416', name: 'Use After Free', status: 'Draft' }, + { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, + { + id: 'CWE-42', + name: "Path Equivalence: 'filename.' (Trailing Dot)", + status: 'Incomplete', + }, + { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, + { + id: 'CWE-421', + name: 'Race Condition During Access to Alternate Channel', + status: 'Draft', + }, + { + id: 'CWE-422', + name: "Unprotected Windows Messaging Channel ('Shatter')", + status: 'Draft', + }, + { + id: 'CWE-423', + name: 'DEPRECATED (Duplicate): Proxied Trusted Channel', + status: 'Deprecated', + }, + { + id: 'CWE-424', + name: 'Improper Protection of Alternate Path', + status: 'Draft', + }, + { + id: 'CWE-425', + name: "Direct Request ('Forced Browsing')", + status: 'Incomplete', + }, + { + id: 'CWE-427', + name: 'Uncontrolled Search Path Element', + status: 'Draft', + }, + { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, + { + id: 'CWE-43', + name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-430', + name: 'Deployment of Wrong Handler', + status: 'Incomplete', + }, + { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, + { + id: 'CWE-432', + name: 'Dangerous Signal Handler not Disabled During Sensitive Operations', + status: 'Draft', + }, + { + id: 'CWE-433', + name: 'Unparsed Raw Web Content Delivery', + status: 'Incomplete', + }, + { + id: 'CWE-434', + name: 'Unrestricted Upload of File with Dangerous Type', + status: 'Draft', + }, + { id: 'CWE-435', name: 'Interaction Error', status: 'Draft' }, + { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, + { + id: 'CWE-437', + name: 'Incomplete Model of Endpoint Features', + status: 'Incomplete', + }, + { + id: 'CWE-439', + name: 'Behavioral Change in New Version or Environment', + status: 'Draft', + }, + { + id: 'CWE-44', + name: "Path Equivalence: 'file.name' (Internal Dot)", + status: 'Incomplete', + }, + { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, + { id: 'CWE-441', name: 'Unintended Proxy/Intermediary', status: 'Draft' }, + { + id: 'CWE-443', + name: 'DEPRECATED (Duplicate): HTTP response splitting', + status: 'Deprecated', + }, + { + id: 'CWE-444', + name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')", + status: 'Incomplete', + }, + { + id: 'CWE-446', + name: 'UI Discrepancy for Security Feature', + status: 'Incomplete', + }, + { + id: 'CWE-447', + name: 'Unimplemented or Unsupported Feature in UI', + status: 'Draft', + }, + { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, + { + id: 'CWE-449', + name: 'The UI Performs the Wrong Action', + status: 'Incomplete', + }, + { + id: 'CWE-45', + name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-450', + name: 'Multiple Interpretations of UI Input', + status: 'Draft', + }, + { + id: 'CWE-451', + name: 'UI Misrepresentation of Critical Information', + status: 'Draft', + }, + { + id: 'CWE-453', + name: 'Insecure Default Variable Initialization', + status: 'Draft', + }, + { + id: 'CWE-454', + name: 'External Initialization of Trusted Variables or Data Stores', + status: 'Draft', + }, + { + id: 'CWE-455', + name: 'Non-exit on Failed Initialization', + status: 'Draft', + }, + { id: 'CWE-456', name: 'Missing Initialization', status: 'Draft' }, + { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, + { + id: 'CWE-458', + name: 'DEPRECATED: Incorrect Initialization', + status: 'Deprecated', + }, + { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, + { + id: 'CWE-46', + name: "Path Equivalence: 'filename ' (Trailing Space)", + status: 'Incomplete', + }, + { + id: 'CWE-460', + name: 'Improper Cleanup on Thrown Exception', + status: 'Draft', + }, + { + id: 'CWE-462', + name: 'Duplicate Key in Associative List (Alist)', + status: 'Incomplete', + }, + { + id: 'CWE-463', + name: 'Deletion of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-464', + name: 'Addition of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-466', + name: 'Return of Pointer Value Outside of Expected Range', + status: 'Draft', + }, + { + id: 'CWE-467', + name: 'Use of sizeof() on a Pointer Type', + status: 'Draft', + }, + { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, + { + id: 'CWE-469', + name: 'Use of Pointer Subtraction to Determine Size', + status: 'Draft', + }, + { + id: 'CWE-47', + name: "Path Equivalence: ' filename' (Leading Space)", + status: 'Incomplete', + }, + { + id: 'CWE-470', + name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", + status: 'Draft', + }, + { + id: 'CWE-471', + name: 'Modification of Assumed-Immutable Data (MAID)', + status: 'Draft', + }, + { + id: 'CWE-472', + name: 'External Control of Assumed-Immutable Web Parameter', + status: 'Draft', + }, + { + id: 'CWE-473', + name: 'PHP External Variable Modification', + status: 'Draft', + }, + { + id: 'CWE-474', + name: 'Use of Function with Inconsistent Implementations', + status: 'Draft', + }, + { + id: 'CWE-475', + name: 'Undefined Behavior for Input to API', + status: 'Incomplete', + }, + { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Draft' }, + { id: 'CWE-477', name: 'Use of Obsolete Functions', status: 'Draft' }, + { + id: 'CWE-478', + name: 'Missing Default Case in Switch Statement', + status: 'Draft', + }, + { + id: 'CWE-479', + name: 'Signal Handler Use of a Non-reentrant Function', + status: 'Draft', + }, + { + id: 'CWE-48', + name: "Path Equivalence: 'file name' (Internal Whitespace)", + status: 'Incomplete', + }, + { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, + { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, + { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, + { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, + { + id: 'CWE-484', + name: 'Omitted Break Statement in Switch', + status: 'Draft', + }, + { id: 'CWE-485', name: 'Insufficient Encapsulation', status: 'Draft' }, + { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, + { + id: 'CWE-487', + name: 'Reliance on Package-level Scope', + status: 'Incomplete', + }, + { id: 'CWE-488', name: 'Data Leak Between Sessions', status: 'Draft' }, + { id: 'CWE-489', name: 'Leftover Debug Code', status: 'Draft' }, + { + id: 'CWE-49', + name: "Path Equivalence: 'filename/' (Trailing Slash)", + status: 'Incomplete', + }, + { + id: 'CWE-491', + name: "Public cloneable() Method Without Final ('Object Hijack')", + status: 'Draft', + }, + { + id: 'CWE-492', + name: 'Use of Inner Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-493', + name: 'Critical Public Variable Without Final Modifier', + status: 'Draft', + }, + { + id: 'CWE-494', + name: 'Download of Code Without Integrity Check', + status: 'Draft', + }, + { + id: 'CWE-495', + name: 'Private Array-Typed Field Returned From A Public Method', + status: 'Draft', + }, + { + id: 'CWE-496', + name: 'Public Data Assigned to Private Array-Typed Field', + status: 'Incomplete', + }, + { + id: 'CWE-497', + name: 'Exposure of System Data to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-498', + name: 'Information Leak through Class Cloning', + status: 'Draft', + }, + { + id: 'CWE-499', + name: 'Serializable Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-5', + name: 'J2EE Misconfiguration: Data Transmission Without Encryption', + status: 'Draft', + }, + { + id: 'CWE-50', + name: "Path Equivalence: '//multiple/leading/slash'", + status: 'Incomplete', + }, + { + id: 'CWE-500', + name: 'Public Static Field Not Marked Final', + status: 'Draft', + }, + { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, + { + id: 'CWE-502', + name: 'Deserialization of Untrusted Data', + status: 'Draft', + }, + { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, + { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, + { + id: 'CWE-508', + name: 'Non-Replicating Malicious Code', + status: 'Incomplete', + }, + { + id: 'CWE-509', + name: 'Replicating Malicious Code (Virus or Worm)', + status: 'Incomplete', + }, + { + id: 'CWE-51', + name: "Path Equivalence: '/multiple//internal/slash'", + status: 'Incomplete', + }, + { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, + { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, + { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, + { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, + { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, + { + id: 'CWE-516', + name: 'DEPRECATED (Duplicate): Covert Timing Channel', + status: 'Deprecated', + }, + { + id: 'CWE-52', + name: "Path Equivalence: '/multiple/trailing/slash//'", + status: 'Incomplete', + }, + { + id: 'CWE-520', + name: '.NET Misconfiguration: Use of Impersonation', + status: 'Incomplete', + }, + { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, + { + id: 'CWE-522', + name: 'Insufficiently Protected Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-523', + name: 'Unprotected Transport of Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-524', + name: 'Information Leak Through Caching', + status: 'Incomplete', + }, + { + id: 'CWE-525', + name: 'Information Leak Through Browser Caching', + status: 'Incomplete', + }, + { + id: 'CWE-526', + name: 'Information Leak Through Environmental Variables', + status: 'Incomplete', + }, + { + id: 'CWE-527', + name: 'Exposure of CVS Repository to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-528', + name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', + status: 'Draft', + }, + { + id: 'CWE-529', + name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-53', + name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", + status: 'Incomplete', + }, + { + id: 'CWE-530', + name: 'Exposure of Backup File to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-531', + name: 'Information Leak Through Test Code', + status: 'Incomplete', + }, + { + id: 'CWE-532', + name: 'Information Leak Through Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-533', + name: 'Information Leak Through Server Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-534', + name: 'Information Leak Through Debug Log Files', + status: 'Draft', + }, + { + id: 'CWE-535', + name: 'Information Leak Through Shell Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-536', + name: 'Information Leak Through Servlet Runtime Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-537', + name: 'Information Leak Through Java Runtime Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-538', + name: 'File and Directory Information Exposure', + status: 'Draft', + }, + { + id: 'CWE-539', + name: 'Information Leak Through Persistent Cookies', + status: 'Incomplete', + }, + { + id: 'CWE-54', + name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", + status: 'Incomplete', + }, + { + id: 'CWE-540', + name: 'Information Leak Through Source Code', + status: 'Incomplete', + }, + { + id: 'CWE-541', + name: 'Information Leak Through Include Source Code', + status: 'Incomplete', + }, + { + id: 'CWE-542', + name: 'Information Leak Through Cleanup Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-543', + name: 'Use of Singleton Pattern Without Synchronization in a Multithreaded Context', + status: 'Incomplete', + }, + { + id: 'CWE-544', + name: 'Missing Standardized Error Handling Mechanism', + status: 'Draft', + }, + { + id: 'CWE-545', + name: 'Use of Dynamic Class Loading', + status: 'Incomplete', + }, + { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, + { + id: 'CWE-547', + name: 'Use of Hard-coded, Security-relevant Constants', + status: 'Draft', + }, + { + id: 'CWE-548', + name: 'Information Leak Through Directory Listing', + status: 'Draft', + }, + { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, + { + id: 'CWE-55', + name: "Path Equivalence: '/./' (Single Dot Directory)", + status: 'Incomplete', + }, + { + id: 'CWE-550', + name: 'Information Leak Through Server Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-551', + name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', + status: 'Incomplete', + }, + { + id: 'CWE-552', + name: 'Files or Directories Accessible to External Parties', + status: 'Draft', + }, + { + id: 'CWE-553', + name: 'Command Shell in Externally Accessible Directory', + status: 'Incomplete', + }, + { + id: 'CWE-554', + name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', + status: 'Draft', + }, + { + id: 'CWE-555', + name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-556', + name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', + status: 'Incomplete', + }, + { + id: 'CWE-558', + name: 'Use of getlogin() in Multithreaded Application', + status: 'Draft', + }, + { + id: 'CWE-56', + name: "Path Equivalence: 'filedir*' (Wildcard)", + status: 'Incomplete', + }, + { + id: 'CWE-560', + name: 'Use of umask() with chmod-style Argument', + status: 'Draft', + }, + { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, + { + id: 'CWE-562', + name: 'Return of Stack Variable Address', + status: 'Draft', + }, + { id: 'CWE-563', name: 'Unused Variable', status: 'Draft' }, + { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, + { + id: 'CWE-565', + name: 'Reliance on Cookies without Validation and Integrity Checking', + status: 'Incomplete', + }, + { + id: 'CWE-566', + name: 'Access Control Bypass Through User-Controlled SQL Primary Key', + status: 'Incomplete', + }, + { + id: 'CWE-567', + name: 'Unsynchronized Access to Shared Data in a Multithreaded Context', + status: 'Draft', + }, + { + id: 'CWE-568', + name: 'finalize() Method Without super.finalize()', + status: 'Draft', + }, + { + id: 'CWE-57', + name: "Path Equivalence: 'fakedir/../realdir/filename'", + status: 'Incomplete', + }, + { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, + { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, + { + id: 'CWE-572', + name: 'Call to Thread run() instead of start()', + status: 'Draft', + }, + { id: 'CWE-573', name: 'Failure to Follow Specification', status: 'Draft' }, + { + id: 'CWE-574', + name: 'EJB Bad Practices: Use of Synchronization Primitives', + status: 'Draft', + }, + { + id: 'CWE-575', + name: 'EJB Bad Practices: Use of AWT Swing', + status: 'Draft', + }, + { + id: 'CWE-576', + name: 'EJB Bad Practices: Use of Java I/O', + status: 'Draft', + }, + { + id: 'CWE-577', + name: 'EJB Bad Practices: Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-578', + name: 'EJB Bad Practices: Use of Class Loader', + status: 'Draft', + }, + { + id: 'CWE-579', + name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', + status: 'Draft', + }, + { + id: 'CWE-58', + name: 'Path Equivalence: Windows 8.3 Filename', + status: 'Incomplete', + }, + { + id: 'CWE-580', + name: 'clone() Method Without super.clone()', + status: 'Draft', + }, + { + id: 'CWE-581', + name: 'Object Model Violation: Just One of Equals and Hashcode Defined', + status: 'Draft', + }, + { + id: 'CWE-582', + name: 'Array Declared Public, Final, and Static', + status: 'Draft', + }, + { + id: 'CWE-583', + name: 'finalize() Method Declared Public', + status: 'Incomplete', + }, + { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, + { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, + { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, + { + id: 'CWE-587', + name: 'Assignment of a Fixed Address to a Pointer', + status: 'Draft', + }, + { + id: 'CWE-588', + name: 'Attempt to Access Child of a Non-structure Pointer', + status: 'Incomplete', + }, + { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, + { + id: 'CWE-59', + name: "Improper Link Resolution Before File Access ('Link Following')", + status: 'Draft', + }, + { + id: 'CWE-590', + name: 'Free of Memory not on the Heap', + status: 'Incomplete', + }, + { + id: 'CWE-591', + name: 'Sensitive Data Storage in Improperly Locked Memory', + status: 'Draft', + }, + { + id: 'CWE-592', + name: 'Authentication Bypass Issues', + status: 'Incomplete', + }, + { + id: 'CWE-593', + name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', + status: 'Draft', + }, + { + id: 'CWE-594', + name: 'J2EE Framework: Saving Unserializable Objects to Disk', + status: 'Incomplete', + }, + { + id: 'CWE-595', + name: 'Comparison of Object References Instead of Object Contents', + status: 'Incomplete', + }, + { + id: 'CWE-596', + name: 'Incorrect Semantic Object Comparison', + status: 'Incomplete', + }, + { + id: 'CWE-597', + name: 'Use of Wrong Operator in String Comparison', + status: 'Draft', + }, + { + id: 'CWE-598', + name: 'Information Leak Through Query Strings in GET Request', + status: 'Draft', + }, + { + id: 'CWE-599', + name: 'Trust of OpenSSL Certificate Without Validation', + status: 'Incomplete', + }, + { + id: 'CWE-6', + name: 'J2EE Misconfiguration: Insufficient Session-ID Length', + status: 'Incomplete', + }, + { id: 'CWE-600', name: 'Uncaught Exception in Servlet ', status: 'Draft' }, + { + id: 'CWE-601', + name: "URL Redirection to Untrusted Site ('Open Redirect')", + status: 'Draft', + }, + { + id: 'CWE-602', + name: 'Client-Side Enforcement of Server-Side Security', + status: 'Draft', + }, + { + id: 'CWE-603', + name: 'Use of Client-Side Authentication', + status: 'Draft', + }, + { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, + { + id: 'CWE-606', + name: 'Unchecked Input for Loop Condition', + status: 'Draft', + }, + { + id: 'CWE-607', + name: 'Public Static Final Field References Mutable Object', + status: 'Draft', + }, + { + id: 'CWE-608', + name: 'Struts: Non-private Field in ActionForm Class', + status: 'Draft', + }, + { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, + { + id: 'CWE-610', + name: 'Externally Controlled Reference to a Resource in Another Sphere', + status: 'Draft', + }, + { + id: 'CWE-611', + name: 'Information Leak Through XML External Entity File Disclosure', + status: 'Draft', + }, + { + id: 'CWE-612', + name: 'Information Leak Through Indexing of Private Data', + status: 'Draft', + }, + { + id: 'CWE-613', + name: 'Insufficient Session Expiration', + status: 'Incomplete', + }, + { + id: 'CWE-614', + name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", + status: 'Draft', + }, + { + id: 'CWE-615', + name: 'Information Leak Through Comments', + status: 'Incomplete', + }, + { + id: 'CWE-616', + name: 'Incomplete Identification of Uploaded File Variables (PHP)', + status: 'Incomplete', + }, + { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, + { + id: 'CWE-618', + name: 'Exposed Unsafe ActiveX Method', + status: 'Incomplete', + }, + { + id: 'CWE-619', + name: "Dangling Database Cursor ('Cursor Injection')", + status: 'Incomplete', + }, + { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, + { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, + { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, + { + id: 'CWE-622', + name: 'Unvalidated Function Hook Arguments', + status: 'Draft', + }, + { + id: 'CWE-623', + name: 'Unsafe ActiveX Control Marked Safe For Scripting', + status: 'Draft', + }, + { + id: 'CWE-624', + name: 'Executable Regular Expression Error', + status: 'Incomplete', + }, + { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, + { + id: 'CWE-626', + name: 'Null Byte Interaction Error (Poison Null Byte)', + status: 'Draft', + }, + { + id: 'CWE-627', + name: 'Dynamic Variable Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-628', + name: 'Function Call with Incorrectly Specified Arguments', + status: 'Draft', + }, + { + id: 'CWE-636', + name: "Not Failing Securely ('Failing Open')", + status: 'Draft', + }, + { + id: 'CWE-637', + name: "Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')", + status: 'Draft', + }, + { id: 'CWE-638', name: 'Not Using Complete Mediation', status: 'Draft' }, + { + id: 'CWE-639', + name: 'Access Control Bypass Through User-Controlled Key', + status: 'Incomplete', + }, + { + id: 'CWE-64', + name: 'Windows Shortcut Following (.LNK)', + status: 'Incomplete', + }, + { + id: 'CWE-640', + name: 'Weak Password Recovery Mechanism for Forgotten Password', + status: 'Incomplete', + }, + { + id: 'CWE-641', + name: 'Improper Restriction of Names for Files and Other Resources', + status: 'Incomplete', + }, + { + id: 'CWE-642', + name: 'External Control of Critical State Data', + status: 'Draft', + }, + { + id: 'CWE-643', + name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-644', + name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', + status: 'Incomplete', + }, + { + id: 'CWE-645', + name: 'Overly Restrictive Account Lockout Mechanism', + status: 'Incomplete', + }, + { + id: 'CWE-646', + name: 'Reliance on File Name or Extension of Externally-Supplied File', + status: 'Incomplete', + }, + { + id: 'CWE-647', + name: 'Use of Non-Canonical URL Paths for Authorization Decisions', + status: 'Incomplete', + }, + { + id: 'CWE-648', + name: 'Incorrect Use of Privileged APIs', + status: 'Incomplete', + }, + { + id: 'CWE-649', + name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', + status: 'Incomplete', + }, + { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, + { + id: 'CWE-650', + name: 'Trusting HTTP Permission Methods on the Server Side', + status: 'Incomplete', + }, + { + id: 'CWE-651', + name: 'Information Exposure through WSDL File', + status: 'Incomplete', + }, + { + id: 'CWE-652', + name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-653', + name: 'Insufficient Compartmentalization', + status: 'Draft', + }, + { + id: 'CWE-654', + name: 'Reliance on a Single Factor in a Security Decision', + status: 'Draft', + }, + { + id: 'CWE-655', + name: 'Insufficient Psychological Acceptability', + status: 'Draft', + }, + { + id: 'CWE-656', + name: 'Reliance on Security through Obscurity', + status: 'Draft', + }, + { + id: 'CWE-657', + name: 'Violation of Secure Design Principles', + status: 'Draft', + }, + { + id: 'CWE-66', + name: 'Improper Handling of File Names that Identify Virtual Resources', + status: 'Draft', + }, + { id: 'CWE-662', name: 'Improper Synchronization', status: 'Draft' }, + { + id: 'CWE-663', + name: 'Use of a Non-reentrant Function in a Concurrent Context', + status: 'Draft', + }, + { + id: 'CWE-664', + name: 'Improper Control of a Resource Through its Lifetime', + status: 'Draft', + }, + { id: 'CWE-665', name: 'Improper Initialization', status: 'Draft' }, + { + id: 'CWE-666', + name: 'Operation on Resource in Wrong Phase of Lifetime', + status: 'Draft', + }, + { id: 'CWE-667', name: 'Improper Locking', status: 'Draft' }, + { + id: 'CWE-668', + name: 'Exposure of Resource to Wrong Sphere', + status: 'Draft', + }, + { + id: 'CWE-669', + name: 'Incorrect Resource Transfer Between Spheres', + status: 'Draft', + }, + { + id: 'CWE-67', + name: 'Improper Handling of Windows Device Names', + status: 'Incomplete', + }, + { + id: 'CWE-670', + name: 'Always-Incorrect Control Flow Implementation', + status: 'Draft', + }, + { + id: 'CWE-671', + name: 'Lack of Administrator Control over Security', + status: 'Draft', + }, + { + id: 'CWE-672', + name: 'Operation on a Resource after Expiration or Release', + status: 'Draft', + }, + { + id: 'CWE-673', + name: 'External Influence of Sphere Definition', + status: 'Draft', + }, + { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, + { + id: 'CWE-675', + name: 'Duplicate Operations on Resource', + status: 'Draft', + }, + { + id: 'CWE-676', + name: 'Use of Potentially Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-681', + name: 'Incorrect Conversion between Numeric Types', + status: 'Draft', + }, + { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, + { + id: 'CWE-683', + name: 'Function Call With Incorrect Order of Arguments', + status: 'Draft', + }, + { + id: 'CWE-684', + name: 'Failure to Provide Specified Functionality', + status: 'Draft', + }, + { + id: 'CWE-685', + name: 'Function Call With Incorrect Number of Arguments', + status: 'Draft', + }, + { + id: 'CWE-686', + name: 'Function Call With Incorrect Argument Type', + status: 'Draft', + }, + { + id: 'CWE-687', + name: 'Function Call With Incorrectly Specified Argument Value', + status: 'Draft', + }, + { + id: 'CWE-688', + name: 'Function Call With Incorrect Variable or Reference as Argument', + status: 'Draft', + }, + { + id: 'CWE-69', + name: 'Improper Handling of Windows ::DATA Alternate Data Stream', + status: 'Incomplete', + }, + { + id: 'CWE-691', + name: 'Insufficient Control Flow Management', + status: 'Draft', + }, + { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, + { + id: 'CWE-694', + name: 'Use of Multiple Resources with Duplicate Identifier', + status: 'Incomplete', + }, + { + id: 'CWE-695', + name: 'Use of Low-Level Functionality', + status: 'Incomplete', + }, + { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, + { id: 'CWE-697', name: 'Insufficient Comparison', status: 'Incomplete' }, + { id: 'CWE-698', name: 'Redirect Without Exit', status: 'Incomplete' }, + { + id: 'CWE-7', + name: 'J2EE Misconfiguration: Missing Custom Error Page', + status: 'Incomplete', + }, + { + id: 'CWE-703', + name: 'Improper Check or Handling of Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-704', + name: 'Incorrect Type Conversion or Cast', + status: 'Incomplete', + }, + { + id: 'CWE-705', + name: 'Incorrect Control Flow Scoping', + status: 'Incomplete', + }, + { + id: 'CWE-706', + name: 'Use of Incorrectly-Resolved Name or Reference', + status: 'Incomplete', + }, + { + id: 'CWE-707', + name: 'Improper Enforcement of Message or Data Structure', + status: 'Incomplete', + }, + { + id: 'CWE-708', + name: 'Incorrect Ownership Assignment', + status: 'Incomplete', + }, + { id: 'CWE-71', name: "Apple '.DS_Store'", status: 'Incomplete' }, + { id: 'CWE-710', name: 'Coding Standards Violation', status: 'Incomplete' }, + { + id: 'CWE-72', + name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', + status: 'Incomplete', + }, + { + id: 'CWE-73', + name: 'External Control of File Name or Path', + status: 'Draft', + }, + { + id: 'CWE-732', + name: 'Incorrect Permission Assignment for Critical Resource', + status: 'Draft', + }, + { + id: 'CWE-733', + name: 'Compiler Optimization Removal or Modification of Security-critical Code', + status: 'Incomplete', + }, + { + id: 'CWE-74', + name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-749', + name: 'Exposed Dangerous Method or Function', + status: 'Incomplete', + }, + { + id: 'CWE-75', + name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', + status: 'Draft', + }, + { + id: 'CWE-754', + name: 'Improper Check for Unusual or Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-755', + name: 'Improper Handling of Exceptional Conditions', + status: 'Incomplete', + }, + { id: 'CWE-756', name: 'Missing Custom Error Page', status: 'Incomplete' }, + { + id: 'CWE-757', + name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", + status: 'Incomplete', + }, + { + id: 'CWE-758', + name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', + status: 'Incomplete', + }, + { + id: 'CWE-759', + name: 'Use of a One-Way Hash without a Salt', + status: 'Incomplete', + }, + { + id: 'CWE-76', + name: 'Improper Neutralization of Equivalent Special Elements', + status: 'Draft', + }, + { + id: 'CWE-760', + name: 'Use of a One-Way Hash with a Predictable Salt', + status: 'Incomplete', + }, + { + id: 'CWE-761', + name: 'Free of Pointer not at Start of Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-762', + name: 'Mismatched Memory Management Routines', + status: 'Incomplete', + }, + { + id: 'CWE-763', + name: 'Release of Invalid Pointer or Reference', + status: 'Incomplete', + }, + { + id: 'CWE-764', + name: 'Multiple Locks of a Critical Resource', + status: 'Incomplete', + }, + { + id: 'CWE-765', + name: 'Multiple Unlocks of a Critical Resource', + status: 'Incomplete', + }, + { + id: 'CWE-766', + name: 'Critical Variable Declared Public', + status: 'Incomplete', + }, + { + id: 'CWE-767', + name: 'Access to Critical Private Variable via Public Method', + status: 'Incomplete', + }, + { + id: 'CWE-768', + name: 'Incorrect Short Circuit Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-77', + name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", + status: 'Draft', + }, + { + id: 'CWE-770', + name: 'Allocation of Resources Without Limits or Throttling', + status: 'Incomplete', + }, + { + id: 'CWE-771', + name: 'Missing Reference to Active Allocated Resource', + status: 'Incomplete', + }, + { + id: 'CWE-772', + name: 'Missing Release of Resource after Effective Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-773', + name: 'Missing Reference to Active File Descriptor or Handle', + status: 'Incomplete', + }, + { + id: 'CWE-774', + name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', + status: 'Incomplete', + }, + { + id: 'CWE-775', + name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-776', + name: "Unrestricted Recursive Entity References in DTDs ('XML Bomb')", + status: 'Draft', + }, + { + id: 'CWE-777', + name: 'Regular Expression without Anchors', + status: 'Incomplete', + }, + { id: 'CWE-778', name: 'Insufficient Logging', status: 'Draft' }, + { id: 'CWE-779', name: 'Logging of Excessive Data', status: 'Draft' }, + { + id: 'CWE-78', + name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", + status: 'Draft', + }, + { + id: 'CWE-780', + name: 'Use of RSA Algorithm without OAEP', + status: 'Incomplete', + }, + { + id: 'CWE-781', + name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', + status: 'Draft', + }, + { + id: 'CWE-782', + name: 'Exposed IOCTL with Insufficient Access Control', + status: 'Draft', + }, + { id: 'CWE-783', name: 'Operator Precedence Logic Error', status: 'Draft' }, + { + id: 'CWE-784', + name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', + status: 'Draft', + }, + { + id: 'CWE-785', + name: 'Use of Path Manipulation Function without Maximum-sized Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-786', + name: 'Access of Memory Location Before Start of Buffer', + status: 'Incomplete', + }, + { id: 'CWE-787', name: 'Out-of-bounds Write', status: 'Incomplete' }, + { + id: 'CWE-788', + name: 'Access of Memory Location After End of Buffer', + status: 'Incomplete', + }, + { id: 'CWE-789', name: 'Uncontrolled Memory Allocation', status: 'Draft' }, + { + id: 'CWE-79', + name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + status: 'Usable', + }, + { + id: 'CWE-790', + name: 'Improper Filtering of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-791', + name: 'Incomplete Filtering of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-792', + name: 'Incomplete Filtering of One or More Instances of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-793', + name: 'Only Filtering One Instance of a Special Element', + status: 'Incomplete', + }, + { + id: 'CWE-794', + name: 'Incomplete Filtering of Multiple Instances of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-795', + name: 'Only Filtering Special Elements at a Specified Location', + status: 'Incomplete', + }, + { + id: 'CWE-796', + name: 'Only Filtering Special Elements Relative to a Marker', + status: 'Incomplete', + }, + { + id: 'CWE-797', + name: 'Only Filtering Special Elements at an Absolute Position', + status: 'Incomplete', + }, + { + id: 'CWE-798', + name: 'Use of Hard-coded Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-799', + name: 'Improper Control of Interaction Frequency', + status: 'Incomplete', + }, + { + id: 'CWE-8', + name: 'J2EE Misconfiguration: Entity Bean Declared Remote', + status: 'Incomplete', + }, + { + id: 'CWE-80', + name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', + status: 'Incomplete', + }, + { id: 'CWE-804', name: 'Guessable CAPTCHA', status: 'Incomplete' }, + { + id: 'CWE-805', + name: 'Buffer Access with Incorrect Length Value', + status: 'Incomplete', + }, + { + id: 'CWE-806', + name: 'Buffer Access Using Size of Source Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-807', + name: 'Reliance on Untrusted Inputs in a Security Decision', + status: 'Incomplete', + }, + { + id: 'CWE-81', + name: 'Improper Neutralization of Script in an Error Message Web Page', + status: 'Incomplete', + }, + { + id: 'CWE-82', + name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', + status: 'Incomplete', + }, + { id: 'CWE-820', name: 'Missing Synchronization', status: 'Incomplete' }, + { id: 'CWE-821', name: 'Incorrect Synchronization', status: 'Incomplete' }, + { + id: 'CWE-822', + name: 'Untrusted Pointer Dereference', + status: 'Incomplete', + }, + { + id: 'CWE-823', + name: 'Use of Out-of-range Pointer Offset', + status: 'Incomplete', + }, + { + id: 'CWE-824', + name: 'Access of Uninitialized Pointer', + status: 'Incomplete', + }, + { + id: 'CWE-825', + name: 'Expired Pointer Dereference', + status: 'Incomplete', + }, + { + id: 'CWE-826', + name: 'Premature Release of Resource During Expected Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-827', + name: 'Improper Control of Document Type Definition', + status: 'Incomplete', + }, + { + id: 'CWE-828', + name: 'Signal Handler with Functionality that is not Asynchronous-Safe', + status: 'Incomplete', + }, + { + id: 'CWE-829', + name: 'Inclusion of Functionality from Untrusted Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-83', + name: 'Improper Neutralization of Script in Attributes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-830', + name: 'Inclusion of Web Functionality from an Untrusted Source', + status: 'Incomplete', + }, + { + id: 'CWE-831', + name: 'Signal Handler Function Associated with Multiple Signals', + status: 'Incomplete', + }, + { + id: 'CWE-832', + name: 'Unlock of a Resource that is not Locked', + status: 'Incomplete', + }, + { id: 'CWE-833', name: 'Deadlock', status: 'Incomplete' }, + { + id: 'CWE-84', + name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-85', + name: 'Doubled Character XSS Manipulations', + status: 'Draft', + }, + { + id: 'CWE-86', + name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', + status: 'Draft', + }, + { + id: 'CWE-87', + name: 'Improper Neutralization of Alternate XSS Syntax', + status: 'Draft', + }, + { + id: 'CWE-88', + name: 'Argument Injection or Modification', + status: 'Draft', + }, + { + id: 'CWE-89', + name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + status: 'Draft', + }, + { + id: 'CWE-9', + name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', + status: 'Draft', + }, + { + id: 'CWE-90', + name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", + status: 'Draft', + }, + { + id: 'CWE-91', + name: 'XML Injection (aka Blind XPath Injection)', + status: 'Draft', + }, + { + id: 'CWE-92', + name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', + status: 'Deprecated', + }, + { + id: 'CWE-93', + name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", + status: 'Draft', + }, + { + id: 'CWE-94', + name: "Failure to Control Generation of Code ('Code Injection')", + status: 'Draft', + }, + { + id: 'CWE-95', + name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-96', + name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", + status: 'Draft', + }, + { + id: 'CWE-97', + name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', + status: 'Draft', + }, + { + id: 'CWE-98', + name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP File Inclusion')", + status: 'Draft', + }, + { + id: 'CWE-99', + name: "Improper Control of Resource Identifiers ('Resource Injection')", + status: 'Draft', + }, + ], +} diff --git a/lib/cwec/1.12.js b/lib/cwec/1.12.js new file mode 100644 index 00000000..bc2a8fa0 --- /dev/null +++ b/lib/cwec/1.12.js @@ -0,0 +1,2822 @@ +export default { + weaknesses: [ + { + id: 'CWE-102', + name: 'Struts: Duplicate Validation Forms', + status: 'Incomplete', + }, + { + id: 'CWE-103', + name: 'Struts: Incomplete validate() Method Definition', + status: 'Draft', + }, + { + id: 'CWE-104', + name: 'Struts: Form Bean Does Not Extend Validation Class', + status: 'Draft', + }, + { + id: 'CWE-105', + name: 'Struts: Form Field Without Validator', + status: 'Draft', + }, + { + id: 'CWE-106', + name: 'Struts: Plug-in Framework not in Use', + status: 'Draft', + }, + { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, + { + id: 'CWE-108', + name: 'Struts: Unvalidated Action Form', + status: 'Incomplete', + }, + { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, + { + id: 'CWE-11', + name: 'ASP.NET Misconfiguration: Creating Debug Binary', + status: 'Draft', + }, + { + id: 'CWE-110', + name: 'Struts: Validator Without Form Field', + status: 'Draft', + }, + { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, + { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, + { + id: 'CWE-113', + name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')", + status: 'Incomplete', + }, + { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, + { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, + { + id: 'CWE-116', + name: 'Improper Encoding or Escaping of Output', + status: 'Draft', + }, + { + id: 'CWE-117', + name: 'Improper Output Neutralization for Logs', + status: 'Draft', + }, + { + id: 'CWE-118', + name: "Improper Access of Indexable Resource ('Range Error')", + status: 'Incomplete', + }, + { + id: 'CWE-119', + name: 'Improper Restriction of Operations within the Bounds of a Memory Buffer', + status: 'Usable', + }, + { + id: 'CWE-12', + name: 'ASP.NET Misconfiguration: Missing Custom Error Page', + status: 'Draft', + }, + { + id: 'CWE-120', + name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", + status: 'Incomplete', + }, + { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, + { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, + { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, + { + id: 'CWE-124', + name: "Buffer Underwrite ('Buffer Underflow')", + status: 'Incomplete', + }, + { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, + { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, + { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, + { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, + { + id: 'CWE-129', + name: 'Improper Validation of Array Index', + status: 'Draft', + }, + { + id: 'CWE-13', + name: 'ASP.NET Misconfiguration: Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-130', + name: 'Improper Handling of Length Parameter Inconsistency ', + status: 'Incomplete', + }, + { + id: 'CWE-131', + name: 'Incorrect Calculation of Buffer Size', + status: 'Draft', + }, + { + id: 'CWE-132', + name: 'DEPRECATED (Duplicate): Miscalculated Null Termination', + status: 'Deprecated', + }, + { id: 'CWE-134', name: 'Uncontrolled Format String', status: 'Draft' }, + { + id: 'CWE-135', + name: 'Incorrect Calculation of Multi-Byte String Length', + status: 'Draft', + }, + { + id: 'CWE-138', + name: 'Improper Neutralization of Special Elements', + status: 'Draft', + }, + { + id: 'CWE-14', + name: 'Compiler Removal of Code to Clear Buffers', + status: 'Draft', + }, + { + id: 'CWE-140', + name: 'Improper Neutralization of Delimiters', + status: 'Draft', + }, + { + id: 'CWE-141', + name: 'Improper Neutralization of Parameter/Argument Delimiters', + status: 'Draft', + }, + { + id: 'CWE-142', + name: 'Improper Neutralization of Value Delimiters', + status: 'Draft', + }, + { + id: 'CWE-143', + name: 'Improper Neutralization of Record Delimiters', + status: 'Draft', + }, + { + id: 'CWE-144', + name: 'Improper Neutralization of Line Delimiters', + status: 'Draft', + }, + { + id: 'CWE-145', + name: 'Improper Neutralization of Section Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-146', + name: 'Improper Neutralization of Expression/Command Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-147', + name: 'Improper Neutralization of Input Terminators', + status: 'Draft', + }, + { + id: 'CWE-148', + name: 'Improper Neutralization of Input Leaders', + status: 'Draft', + }, + { + id: 'CWE-149', + name: 'Improper Neutralization of Quoting Syntax', + status: 'Draft', + }, + { + id: 'CWE-15', + name: 'External Control of System or Configuration Setting', + status: 'Incomplete', + }, + { + id: 'CWE-150', + name: 'Improper Neutralization of Escape, Meta, or Control Sequences', + status: 'Incomplete', + }, + { + id: 'CWE-151', + name: 'Improper Neutralization of Comment Delimiters', + status: 'Draft', + }, + { + id: 'CWE-152', + name: 'Improper Neutralization of Macro Symbols', + status: 'Draft', + }, + { + id: 'CWE-153', + name: 'Improper Neutralization of Substitution Characters', + status: 'Draft', + }, + { + id: 'CWE-154', + name: 'Improper Neutralization of Variable Name Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-155', + name: 'Improper Neutralization of Wildcards or Matching Symbols', + status: 'Draft', + }, + { + id: 'CWE-156', + name: 'Improper Neutralization of Whitespace', + status: 'Draft', + }, + { + id: 'CWE-157', + name: 'Failure to Sanitize Paired Delimiters', + status: 'Draft', + }, + { + id: 'CWE-158', + name: 'Improper Neutralization of Null Byte or NUL Character', + status: 'Incomplete', + }, + { + id: 'CWE-159', + name: 'Failure to Sanitize Special Element', + status: 'Draft', + }, + { + id: 'CWE-160', + name: 'Improper Neutralization of Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-161', + name: 'Improper Neutralization of Multiple Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-162', + name: 'Improper Neutralization of Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-163', + name: 'Improper Neutralization of Multiple Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-164', + name: 'Improper Neutralization of Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-165', + name: 'Improper Neutralization of Multiple Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-166', + name: 'Improper Handling of Missing Special Element', + status: 'Draft', + }, + { + id: 'CWE-167', + name: 'Improper Handling of Additional Special Element', + status: 'Draft', + }, + { + id: 'CWE-168', + name: 'Improper Handling of Inconsistent Special Elements', + status: 'Draft', + }, + { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, + { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, + { + id: 'CWE-173', + name: 'Improper Handling of Alternate Encoding', + status: 'Draft', + }, + { + id: 'CWE-174', + name: 'Double Decoding of the Same Data', + status: 'Draft', + }, + { + id: 'CWE-175', + name: 'Improper Handling of Mixed Encoding', + status: 'Draft', + }, + { + id: 'CWE-176', + name: 'Improper Handling of Unicode Encoding', + status: 'Draft', + }, + { + id: 'CWE-177', + name: 'Improper Handling of URL Encoding (Hex Encoding)', + status: 'Draft', + }, + { + id: 'CWE-178', + name: 'Improper Handling of Case Sensitivity', + status: 'Incomplete', + }, + { + id: 'CWE-179', + name: 'Incorrect Behavior Order: Early Validation', + status: 'Incomplete', + }, + { + id: 'CWE-180', + name: 'Incorrect Behavior Order: Validate Before Canonicalize', + status: 'Draft', + }, + { + id: 'CWE-181', + name: 'Incorrect Behavior Order: Validate Before Filter', + status: 'Draft', + }, + { + id: 'CWE-182', + name: 'Collapse of Data into Unsafe Value', + status: 'Draft', + }, + { id: 'CWE-183', name: 'Permissive Whitelist', status: 'Draft' }, + { id: 'CWE-184', name: 'Incomplete Blacklist', status: 'Draft' }, + { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, + { + id: 'CWE-186', + name: 'Overly Restrictive Regular Expression', + status: 'Draft', + }, + { id: 'CWE-187', name: 'Partial Comparison', status: 'Incomplete' }, + { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, + { + id: 'CWE-190', + name: 'Integer Overflow or Wraparound', + status: 'Incomplete', + }, + { + id: 'CWE-191', + name: 'Integer Underflow (Wrap or Wraparound)', + status: 'Draft', + }, + { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, + { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, + { + id: 'CWE-195', + name: 'Signed to Unsigned Conversion Error', + status: 'Draft', + }, + { + id: 'CWE-196', + name: 'Unsigned to Signed Conversion Error', + status: 'Draft', + }, + { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, + { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, + { id: 'CWE-20', name: 'Improper Input Validation', status: 'Usable' }, + { id: 'CWE-200', name: 'Information Exposure', status: 'Incomplete' }, + { + id: 'CWE-201', + name: 'Information Exposure Through Sent Data', + status: 'Draft', + }, + { + id: 'CWE-202', + name: 'Exposure of Sensitive Data Through Data Queries', + status: 'Draft', + }, + { + id: 'CWE-203', + name: 'Information Exposure Through Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-204', + name: 'Response Discrepancy Information Exposure', + status: 'Incomplete', + }, + { + id: 'CWE-205', + name: 'Information Exposure Through Behavioral Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-206', + name: 'Information Exposure of Internal State Through Behavioral Inconsistency', + status: 'Incomplete', + }, + { + id: 'CWE-207', + name: 'Information Exposure Through an External Behavioral Inconsistency', + status: 'Draft', + }, + { + id: 'CWE-208', + name: 'Information Exposure Through Timing Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-209', + name: 'Information Exposure Through an Error Message', + status: 'Draft', + }, + { + id: 'CWE-210', + name: 'Information Exposure Through Generated Error Message', + status: 'Draft', + }, + { + id: 'CWE-211', + name: 'Information Exposure Through External Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-212', + name: 'Improper Cross-boundary Removal of Sensitive Data', + status: 'Incomplete', + }, + { + id: 'CWE-213', + name: 'Intentional Information Exposure', + status: 'Draft', + }, + { + id: 'CWE-214', + name: 'Information Exposure Through Process Environment', + status: 'Incomplete', + }, + { + id: 'CWE-215', + name: 'Information Exposure Through Debug Information', + status: 'Draft', + }, + { + id: 'CWE-216', + name: 'Containment Errors (Container Errors)', + status: 'Incomplete', + }, + { + id: 'CWE-217', + name: 'DEPRECATED: Failure to Protect Stored Data from Modification', + status: 'Deprecated', + }, + { + id: 'CWE-218', + name: 'DEPRECATED (Duplicate): Failure to provide confidentiality for stored data', + status: 'Deprecated', + }, + { id: 'CWE-219', name: 'Sensitive Data Under Web Root', status: 'Draft' }, + { + id: 'CWE-22', + name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + status: 'Draft', + }, + { id: 'CWE-220', name: 'Sensitive Data Under FTP Root', status: 'Draft' }, + { + id: 'CWE-221', + name: 'Information Loss or Omission', + status: 'Incomplete', + }, + { + id: 'CWE-222', + name: 'Truncation of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-223', + name: 'Omission of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-224', + name: 'Obscured Security-relevant Information by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-225', + name: 'DEPRECATED (Duplicate): General Information Management Problems', + status: 'Deprecated', + }, + { + id: 'CWE-226', + name: 'Sensitive Information Uncleared Before Release', + status: 'Draft', + }, + { + id: 'CWE-227', + name: "Improper Fulfillment of API Contract ('API Abuse')", + status: 'Draft', + }, + { + id: 'CWE-228', + name: 'Improper Handling of Syntactically Invalid Structure', + status: 'Incomplete', + }, + { + id: 'CWE-229', + name: 'Improper Handling of Values', + status: 'Incomplete', + }, + { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, + { + id: 'CWE-230', + name: 'Improper Handling of Missing Values', + status: 'Draft', + }, + { + id: 'CWE-231', + name: 'Improper Handling of Extra Values', + status: 'Draft', + }, + { + id: 'CWE-232', + name: 'Improper Handling of Undefined Values', + status: 'Draft', + }, + { id: 'CWE-233', name: 'Parameter Problems', status: 'Incomplete' }, + { + id: 'CWE-234', + name: 'Failure to Handle Missing Parameter', + status: 'Incomplete', + }, + { + id: 'CWE-235', + name: 'Improper Handling of Extra Parameters', + status: 'Draft', + }, + { + id: 'CWE-236', + name: 'Improper Handling of Undefined Parameters', + status: 'Draft', + }, + { + id: 'CWE-237', + name: 'Improper Handling of Structural Elements', + status: 'Incomplete', + }, + { + id: 'CWE-238', + name: 'Improper Handling of Incomplete Structural Elements', + status: 'Draft', + }, + { + id: 'CWE-239', + name: 'Failure to Handle Incomplete Element', + status: 'Draft', + }, + { + id: 'CWE-24', + name: "Path Traversal: '../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-240', + name: 'Improper Handling of Inconsistent Structural Elements', + status: 'Draft', + }, + { + id: 'CWE-241', + name: 'Improper Handling of Unexpected Data Type', + status: 'Draft', + }, + { + id: 'CWE-242', + name: 'Use of Inherently Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-243', + name: 'Creation of chroot Jail Without Changing Working Directory', + status: 'Draft', + }, + { + id: 'CWE-244', + name: "Improper Clearing of Heap Memory Before Release ('Heap Inspection')", + status: 'Draft', + }, + { + id: 'CWE-245', + name: 'J2EE Bad Practices: Direct Management of Connections', + status: 'Draft', + }, + { + id: 'CWE-246', + name: 'J2EE Bad Practices: Direct Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-247', + name: 'Reliance on DNS Lookups in a Security Decision', + status: 'Incomplete', + }, + { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, + { + id: 'CWE-249', + name: 'DEPRECATED: Often Misused: Path Manipulation', + status: 'Deprecated', + }, + { + id: 'CWE-25', + name: "Path Traversal: '/../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-250', + name: 'Execution with Unnecessary Privileges', + status: 'Draft', + }, + { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, + { + id: 'CWE-253', + name: 'Incorrect Check of Function Return Value', + status: 'Incomplete', + }, + { + id: 'CWE-256', + name: 'Plaintext Storage of a Password', + status: 'Incomplete', + }, + { + id: 'CWE-257', + name: 'Storing Passwords in a Recoverable Format', + status: 'Incomplete', + }, + { + id: 'CWE-258', + name: 'Empty Password in Configuration File', + status: 'Incomplete', + }, + { id: 'CWE-259', name: 'Use of Hard-coded Password', status: 'Draft' }, + { + id: 'CWE-26', + name: "Path Traversal: '/dir/../filename'", + status: 'Draft', + }, + { + id: 'CWE-260', + name: 'Password in Configuration File', + status: 'Incomplete', + }, + { + id: 'CWE-261', + name: 'Weak Cryptography for Passwords', + status: 'Incomplete', + }, + { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, + { + id: 'CWE-263', + name: 'Password Aging with Long Expiration', + status: 'Draft', + }, + { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, + { + id: 'CWE-267', + name: 'Privilege Defined With Unsafe Actions', + status: 'Incomplete', + }, + { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, + { + id: 'CWE-269', + name: 'Improper Privilege Management', + status: 'Incomplete', + }, + { + id: 'CWE-27', + name: "Path Traversal: 'dir/../../filename'", + status: 'Draft', + }, + { + id: 'CWE-270', + name: 'Privilege Context Switching Error', + status: 'Draft', + }, + { + id: 'CWE-271', + name: 'Privilege Dropping / Lowering Errors', + status: 'Incomplete', + }, + { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, + { + id: 'CWE-273', + name: 'Improper Check for Dropped Privileges', + status: 'Incomplete', + }, + { + id: 'CWE-274', + name: 'Improper Handling of Insufficient Privileges', + status: 'Draft', + }, + { id: 'CWE-276', name: 'Incorrect Default Permissions', status: 'Draft' }, + { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, + { + id: 'CWE-278', + name: 'Insecure Preserved Inherited Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-279', + name: 'Incorrect Execution-Assigned Permissions', + status: 'Draft', + }, + { + id: 'CWE-28', + name: "Path Traversal: '..\\filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-280', + name: 'Improper Handling of Insufficient Permissions or Privileges ', + status: 'Draft', + }, + { + id: 'CWE-281', + name: 'Improper Preservation of Permissions', + status: 'Draft', + }, + { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, + { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, + { id: 'CWE-284', name: 'Improper Access Control', status: 'Incomplete' }, + { id: 'CWE-285', name: 'Improper Authorization', status: 'Draft' }, + { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, + { id: 'CWE-287', name: 'Improper Authentication', status: 'Draft' }, + { + id: 'CWE-288', + name: 'Authentication Bypass Using an Alternate Path or Channel', + status: 'Incomplete', + }, + { + id: 'CWE-289', + name: 'Authentication Bypass by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-29', + name: "Path Traversal: '\\..\\filename'", + status: 'Incomplete', + }, + { + id: 'CWE-290', + name: 'Authentication Bypass by Spoofing', + status: 'Incomplete', + }, + { + id: 'CWE-292', + name: 'Trusting Self-reported DNS Name', + status: 'Incomplete', + }, + { + id: 'CWE-293', + name: 'Using Referer Field for Authentication', + status: 'Draft', + }, + { + id: 'CWE-294', + name: 'Authentication Bypass by Capture-replay', + status: 'Incomplete', + }, + { + id: 'CWE-296', + name: 'Improper Following of Chain of Trust for Certificate Validation', + status: 'Draft', + }, + { + id: 'CWE-297', + name: 'Improper Validation of Host-specific Certificate Data', + status: 'Incomplete', + }, + { + id: 'CWE-298', + name: 'Improper Validation of Certificate Expiration', + status: 'Draft', + }, + { + id: 'CWE-299', + name: 'Improper Check for Certificate Revocation', + status: 'Draft', + }, + { + id: 'CWE-30', + name: "Path Traversal: '\\dir\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-300', + name: "Channel Accessible by Non-Endpoint ('Man-in-the-Middle')", + status: 'Draft', + }, + { + id: 'CWE-301', + name: 'Reflection Attack in an Authentication Protocol', + status: 'Draft', + }, + { + id: 'CWE-302', + name: 'Authentication Bypass by Assumed-Immutable Data', + status: 'Incomplete', + }, + { + id: 'CWE-303', + name: 'Incorrect Implementation of Authentication Algorithm', + status: 'Draft', + }, + { + id: 'CWE-304', + name: 'Missing Critical Step in Authentication', + status: 'Draft', + }, + { + id: 'CWE-305', + name: 'Authentication Bypass by Primary Weakness', + status: 'Draft', + }, + { + id: 'CWE-306', + name: 'Missing Authentication for Critical Function', + status: 'Draft', + }, + { + id: 'CWE-307', + name: 'Improper Restriction of Excessive Authentication Attempts', + status: 'Draft', + }, + { + id: 'CWE-308', + name: 'Use of Single-factor Authentication', + status: 'Draft', + }, + { + id: 'CWE-309', + name: 'Use of Password System for Primary Authentication', + status: 'Draft', + }, + { + id: 'CWE-31', + name: "Path Traversal: 'dir\\..\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-311', + name: 'Missing Encryption of Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-312', + name: 'Cleartext Storage of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-313', + name: 'Plaintext Storage in a File or on Disk', + status: 'Draft', + }, + { + id: 'CWE-314', + name: 'Plaintext Storage in the Registry', + status: 'Draft', + }, + { id: 'CWE-315', name: 'Plaintext Storage in a Cookie', status: 'Draft' }, + { id: 'CWE-316', name: 'Plaintext Storage in Memory', status: 'Draft' }, + { id: 'CWE-317', name: 'Plaintext Storage in GUI', status: 'Draft' }, + { id: 'CWE-318', name: 'Plaintext Storage in Executable', status: 'Draft' }, + { + id: 'CWE-319', + name: 'Cleartext Transmission of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-32', + name: "Path Traversal: '...' (Triple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-321', + name: 'Use of Hard-coded Cryptographic Key', + status: 'Draft', + }, + { + id: 'CWE-322', + name: 'Key Exchange without Entity Authentication', + status: 'Draft', + }, + { + id: 'CWE-323', + name: 'Reusing a Nonce, Key Pair in Encryption', + status: 'Incomplete', + }, + { + id: 'CWE-324', + name: 'Use of a Key Past its Expiration Date', + status: 'Draft', + }, + { + id: 'CWE-325', + name: 'Missing Required Cryptographic Step', + status: 'Incomplete', + }, + { id: 'CWE-326', name: 'Inadequate Encryption Strength', status: 'Draft' }, + { + id: 'CWE-327', + name: 'Use of a Broken or Risky Cryptographic Algorithm', + status: 'Draft', + }, + { id: 'CWE-328', name: 'Reversible One-Way Hash', status: 'Draft' }, + { + id: 'CWE-329', + name: 'Not Using a Random IV with CBC Mode', + status: 'Draft', + }, + { + id: 'CWE-33', + name: "Path Traversal: '....' (Multiple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-330', + name: 'Use of Insufficiently Random Values', + status: 'Usable', + }, + { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, + { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, + { + id: 'CWE-333', + name: 'Improper Handling of Insufficient Entropy in TRNG', + status: 'Draft', + }, + { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, + { id: 'CWE-335', name: 'PRNG Seed Error', status: 'Draft' }, + { id: 'CWE-336', name: 'Same Seed in PRNG', status: 'Draft' }, + { id: 'CWE-337', name: 'Predictable Seed in PRNG', status: 'Draft' }, + { + id: 'CWE-338', + name: 'Use of Cryptographically Weak PRNG', + status: 'Draft', + }, + { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, + { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, + { id: 'CWE-340', name: 'Predictability Problems', status: 'Incomplete' }, + { + id: 'CWE-341', + name: 'Predictable from Observable State', + status: 'Draft', + }, + { + id: 'CWE-342', + name: 'Predictable Exact Value from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-343', + name: 'Predictable Value Range from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-344', + name: 'Use of Invariant Value in Dynamically Changing Context', + status: 'Draft', + }, + { + id: 'CWE-345', + name: 'Insufficient Verification of Data Authenticity', + status: 'Draft', + }, + { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, + { + id: 'CWE-347', + name: 'Improper Verification of Cryptographic Signature', + status: 'Draft', + }, + { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, + { + id: 'CWE-349', + name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', + status: 'Draft', + }, + { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, + { id: 'CWE-350', name: 'Improperly Trusted Reverse DNS', status: 'Draft' }, + { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, + { + id: 'CWE-353', + name: 'Missing Support for Integrity Check', + status: 'Draft', + }, + { + id: 'CWE-354', + name: 'Improper Validation of Integrity Check Value', + status: 'Draft', + }, + { + id: 'CWE-356', + name: 'Product UI does not Warn User of Unsafe Actions', + status: 'Incomplete', + }, + { + id: 'CWE-357', + name: 'Insufficient UI Warning of Dangerous Operations', + status: 'Draft', + }, + { + id: 'CWE-358', + name: 'Improperly Implemented Security Check for Standard', + status: 'Draft', + }, + { id: 'CWE-359', name: 'Privacy Violation', status: 'Incomplete' }, + { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, + { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, + { + id: 'CWE-362', + name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", + status: 'Draft', + }, + { + id: 'CWE-363', + name: 'Race Condition Enabling Link Following', + status: 'Draft', + }, + { + id: 'CWE-364', + name: 'Signal Handler Race Condition', + status: 'Incomplete', + }, + { id: 'CWE-365', name: 'Race Condition in Switch', status: 'Draft' }, + { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, + { + id: 'CWE-367', + name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', + status: 'Incomplete', + }, + { + id: 'CWE-368', + name: 'Context Switching Race Condition', + status: 'Draft', + }, + { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, + { + id: 'CWE-37', + name: "Path Traversal: '/absolute/pathname/here'", + status: 'Draft', + }, + { + id: 'CWE-370', + name: 'Missing Check for Certificate Revocation after Initial Check', + status: 'Draft', + }, + { + id: 'CWE-372', + name: 'Incomplete Internal State Distinction', + status: 'Draft', + }, + { + id: 'CWE-373', + name: 'DEPRECATED: State Synchronization Error', + status: 'Deprecated', + }, + { + id: 'CWE-374', + name: 'Passing Mutable Objects to an Untrusted Method', + status: 'Draft', + }, + { + id: 'CWE-375', + name: 'Returning a Mutable Object to an Untrusted Caller', + status: 'Draft', + }, + { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, + { + id: 'CWE-378', + name: 'Creation of Temporary File With Insecure Permissions', + status: 'Draft', + }, + { + id: 'CWE-379', + name: 'Creation of Temporary File in Directory with Incorrect Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-38', + name: "Path Traversal: '\\absolute\\pathname\\here'", + status: 'Draft', + }, + { + id: 'CWE-382', + name: 'J2EE Bad Practices: Use of System.exit()', + status: 'Draft', + }, + { + id: 'CWE-383', + name: 'J2EE Bad Practices: Direct Use of Threads', + status: 'Draft', + }, + { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, + { + id: 'CWE-386', + name: 'Symbolic Name not Mapping to Correct Object', + status: 'Draft', + }, + { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, + { + id: 'CWE-390', + name: 'Detection of Error Condition Without Action', + status: 'Draft', + }, + { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, + { + id: 'CWE-392', + name: 'Missing Report of Error Condition', + status: 'Draft', + }, + { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, + { + id: 'CWE-394', + name: 'Unexpected Status Code or Return Value', + status: 'Draft', + }, + { + id: 'CWE-395', + name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', + status: 'Draft', + }, + { + id: 'CWE-396', + name: 'Declaration of Catch for Generic Exception', + status: 'Draft', + }, + { + id: 'CWE-397', + name: 'Declaration of Throws for Generic Exception', + status: 'Draft', + }, + { id: 'CWE-398', name: 'Indicator of Poor Code Quality', status: 'Draft' }, + { + id: 'CWE-40', + name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", + status: 'Draft', + }, + { + id: 'CWE-400', + name: "Uncontrolled Resource Consumption ('Resource Exhaustion')", + status: 'Incomplete', + }, + { + id: 'CWE-401', + name: "Improper Release of Memory Before Removing Last Reference ('Memory Leak')", + status: 'Draft', + }, + { + id: 'CWE-402', + name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", + status: 'Draft', + }, + { + id: 'CWE-403', + name: 'Exposure of File Descriptor to Unintended Control Sphere', + status: 'Draft', + }, + { + id: 'CWE-404', + name: 'Improper Resource Shutdown or Release', + status: 'Draft', + }, + { + id: 'CWE-405', + name: 'Asymmetric Resource Consumption (Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-406', + name: 'Insufficient Control of Network Message Volume (Network Amplification)', + status: 'Incomplete', + }, + { id: 'CWE-407', name: 'Algorithmic Complexity', status: 'Incomplete' }, + { + id: 'CWE-408', + name: 'Incorrect Behavior Order: Early Amplification', + status: 'Draft', + }, + { + id: 'CWE-409', + name: 'Improper Handling of Highly Compressed Data (Data Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-41', + name: 'Improper Resolution of Path Equivalence', + status: 'Incomplete', + }, + { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, + { + id: 'CWE-412', + name: 'Unrestricted Externally Accessible Lock', + status: 'Incomplete', + }, + { id: 'CWE-413', name: 'Improper Resource Locking', status: 'Draft' }, + { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, + { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, + { id: 'CWE-416', name: 'Use After Free', status: 'Draft' }, + { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, + { + id: 'CWE-42', + name: "Path Equivalence: 'filename.' (Trailing Dot)", + status: 'Incomplete', + }, + { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, + { + id: 'CWE-421', + name: 'Race Condition During Access to Alternate Channel', + status: 'Draft', + }, + { + id: 'CWE-422', + name: "Unprotected Windows Messaging Channel ('Shatter')", + status: 'Draft', + }, + { + id: 'CWE-423', + name: 'DEPRECATED (Duplicate): Proxied Trusted Channel', + status: 'Deprecated', + }, + { + id: 'CWE-424', + name: 'Improper Protection of Alternate Path', + status: 'Draft', + }, + { + id: 'CWE-425', + name: "Direct Request ('Forced Browsing')", + status: 'Incomplete', + }, + { + id: 'CWE-427', + name: 'Uncontrolled Search Path Element', + status: 'Draft', + }, + { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, + { + id: 'CWE-43', + name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-430', + name: 'Deployment of Wrong Handler', + status: 'Incomplete', + }, + { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, + { + id: 'CWE-432', + name: 'Dangerous Signal Handler not Disabled During Sensitive Operations', + status: 'Draft', + }, + { + id: 'CWE-433', + name: 'Unparsed Raw Web Content Delivery', + status: 'Incomplete', + }, + { + id: 'CWE-434', + name: 'Unrestricted Upload of File with Dangerous Type', + status: 'Draft', + }, + { id: 'CWE-435', name: 'Interaction Error', status: 'Draft' }, + { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, + { + id: 'CWE-437', + name: 'Incomplete Model of Endpoint Features', + status: 'Incomplete', + }, + { + id: 'CWE-439', + name: 'Behavioral Change in New Version or Environment', + status: 'Draft', + }, + { + id: 'CWE-44', + name: "Path Equivalence: 'file.name' (Internal Dot)", + status: 'Incomplete', + }, + { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, + { id: 'CWE-441', name: 'Unintended Proxy/Intermediary', status: 'Draft' }, + { + id: 'CWE-443', + name: 'DEPRECATED (Duplicate): HTTP response splitting', + status: 'Deprecated', + }, + { + id: 'CWE-444', + name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')", + status: 'Incomplete', + }, + { + id: 'CWE-446', + name: 'UI Discrepancy for Security Feature', + status: 'Incomplete', + }, + { + id: 'CWE-447', + name: 'Unimplemented or Unsupported Feature in UI', + status: 'Draft', + }, + { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, + { + id: 'CWE-449', + name: 'The UI Performs the Wrong Action', + status: 'Incomplete', + }, + { + id: 'CWE-45', + name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-450', + name: 'Multiple Interpretations of UI Input', + status: 'Draft', + }, + { + id: 'CWE-451', + name: 'UI Misrepresentation of Critical Information', + status: 'Draft', + }, + { + id: 'CWE-453', + name: 'Insecure Default Variable Initialization', + status: 'Draft', + }, + { + id: 'CWE-454', + name: 'External Initialization of Trusted Variables or Data Stores', + status: 'Draft', + }, + { + id: 'CWE-455', + name: 'Non-exit on Failed Initialization', + status: 'Draft', + }, + { id: 'CWE-456', name: 'Missing Initialization', status: 'Draft' }, + { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, + { + id: 'CWE-458', + name: 'DEPRECATED: Incorrect Initialization', + status: 'Deprecated', + }, + { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, + { + id: 'CWE-46', + name: "Path Equivalence: 'filename ' (Trailing Space)", + status: 'Incomplete', + }, + { + id: 'CWE-460', + name: 'Improper Cleanup on Thrown Exception', + status: 'Draft', + }, + { + id: 'CWE-462', + name: 'Duplicate Key in Associative List (Alist)', + status: 'Incomplete', + }, + { + id: 'CWE-463', + name: 'Deletion of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-464', + name: 'Addition of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-466', + name: 'Return of Pointer Value Outside of Expected Range', + status: 'Draft', + }, + { + id: 'CWE-467', + name: 'Use of sizeof() on a Pointer Type', + status: 'Draft', + }, + { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, + { + id: 'CWE-469', + name: 'Use of Pointer Subtraction to Determine Size', + status: 'Draft', + }, + { + id: 'CWE-47', + name: "Path Equivalence: ' filename' (Leading Space)", + status: 'Incomplete', + }, + { + id: 'CWE-470', + name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", + status: 'Draft', + }, + { + id: 'CWE-471', + name: 'Modification of Assumed-Immutable Data (MAID)', + status: 'Draft', + }, + { + id: 'CWE-472', + name: 'External Control of Assumed-Immutable Web Parameter', + status: 'Draft', + }, + { + id: 'CWE-473', + name: 'PHP External Variable Modification', + status: 'Draft', + }, + { + id: 'CWE-474', + name: 'Use of Function with Inconsistent Implementations', + status: 'Draft', + }, + { + id: 'CWE-475', + name: 'Undefined Behavior for Input to API', + status: 'Incomplete', + }, + { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Draft' }, + { id: 'CWE-477', name: 'Use of Obsolete Functions', status: 'Draft' }, + { + id: 'CWE-478', + name: 'Missing Default Case in Switch Statement', + status: 'Draft', + }, + { + id: 'CWE-479', + name: 'Signal Handler Use of a Non-reentrant Function', + status: 'Draft', + }, + { + id: 'CWE-48', + name: "Path Equivalence: 'file name' (Internal Whitespace)", + status: 'Incomplete', + }, + { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, + { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, + { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, + { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, + { + id: 'CWE-484', + name: 'Omitted Break Statement in Switch', + status: 'Draft', + }, + { id: 'CWE-485', name: 'Insufficient Encapsulation', status: 'Draft' }, + { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, + { + id: 'CWE-487', + name: 'Reliance on Package-level Scope', + status: 'Incomplete', + }, + { + id: 'CWE-488', + name: 'Exposure of Data Element to Wrong Session', + status: 'Draft', + }, + { id: 'CWE-489', name: 'Leftover Debug Code', status: 'Draft' }, + { + id: 'CWE-49', + name: "Path Equivalence: 'filename/' (Trailing Slash)", + status: 'Incomplete', + }, + { + id: 'CWE-491', + name: "Public cloneable() Method Without Final ('Object Hijack')", + status: 'Draft', + }, + { + id: 'CWE-492', + name: 'Use of Inner Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-493', + name: 'Critical Public Variable Without Final Modifier', + status: 'Draft', + }, + { + id: 'CWE-494', + name: 'Download of Code Without Integrity Check', + status: 'Draft', + }, + { + id: 'CWE-495', + name: 'Private Array-Typed Field Returned From A Public Method', + status: 'Draft', + }, + { + id: 'CWE-496', + name: 'Public Data Assigned to Private Array-Typed Field', + status: 'Incomplete', + }, + { + id: 'CWE-497', + name: 'Exposure of System Data to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-498', + name: 'Cloneable Class Containing Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-499', + name: 'Serializable Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-5', + name: 'J2EE Misconfiguration: Data Transmission Without Encryption', + status: 'Draft', + }, + { + id: 'CWE-50', + name: "Path Equivalence: '//multiple/leading/slash'", + status: 'Incomplete', + }, + { + id: 'CWE-500', + name: 'Public Static Field Not Marked Final', + status: 'Draft', + }, + { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, + { + id: 'CWE-502', + name: 'Deserialization of Untrusted Data', + status: 'Draft', + }, + { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, + { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, + { + id: 'CWE-508', + name: 'Non-Replicating Malicious Code', + status: 'Incomplete', + }, + { + id: 'CWE-509', + name: 'Replicating Malicious Code (Virus or Worm)', + status: 'Incomplete', + }, + { + id: 'CWE-51', + name: "Path Equivalence: '/multiple//internal/slash'", + status: 'Incomplete', + }, + { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, + { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, + { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, + { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, + { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, + { + id: 'CWE-516', + name: 'DEPRECATED (Duplicate): Covert Timing Channel', + status: 'Deprecated', + }, + { + id: 'CWE-52', + name: "Path Equivalence: '/multiple/trailing/slash//'", + status: 'Incomplete', + }, + { + id: 'CWE-520', + name: '.NET Misconfiguration: Use of Impersonation', + status: 'Incomplete', + }, + { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, + { + id: 'CWE-522', + name: 'Insufficiently Protected Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-523', + name: 'Unprotected Transport of Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-524', + name: 'Information Exposure Through Caching', + status: 'Incomplete', + }, + { + id: 'CWE-525', + name: 'Information Exposure Through Browser Caching', + status: 'Incomplete', + }, + { + id: 'CWE-526', + name: 'Information Exposure Through Environmental Variables', + status: 'Incomplete', + }, + { + id: 'CWE-527', + name: 'Exposure of CVS Repository to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-528', + name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', + status: 'Draft', + }, + { + id: 'CWE-529', + name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-53', + name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", + status: 'Incomplete', + }, + { + id: 'CWE-530', + name: 'Exposure of Backup File to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-531', + name: 'Information Exposure Through Test Code', + status: 'Incomplete', + }, + { + id: 'CWE-532', + name: 'Information Exposure Through Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-533', + name: 'Information Exposure Through Server Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-534', + name: 'Information Exposure Through Debug Log Files', + status: 'Draft', + }, + { + id: 'CWE-535', + name: 'Information Exposure Through Shell Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-536', + name: 'Information Exposure Through Servlet Runtime Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-537', + name: 'Information Exposure Through Java Runtime Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-538', + name: 'File and Directory Information Exposure', + status: 'Draft', + }, + { + id: 'CWE-539', + name: 'Information Exposure Through Persistent Cookies', + status: 'Incomplete', + }, + { + id: 'CWE-54', + name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", + status: 'Incomplete', + }, + { + id: 'CWE-540', + name: 'Information Exposure Through Source Code', + status: 'Incomplete', + }, + { + id: 'CWE-541', + name: 'Information Exposure Through Include Source Code', + status: 'Incomplete', + }, + { + id: 'CWE-542', + name: 'Information Exposure Through Cleanup Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-543', + name: 'Use of Singleton Pattern Without Synchronization in a Multithreaded Context', + status: 'Incomplete', + }, + { + id: 'CWE-544', + name: 'Missing Standardized Error Handling Mechanism', + status: 'Draft', + }, + { + id: 'CWE-545', + name: 'Use of Dynamic Class Loading', + status: 'Incomplete', + }, + { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, + { + id: 'CWE-547', + name: 'Use of Hard-coded, Security-relevant Constants', + status: 'Draft', + }, + { + id: 'CWE-548', + name: 'Information Exposure Through Directory Listing', + status: 'Draft', + }, + { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, + { + id: 'CWE-55', + name: "Path Equivalence: '/./' (Single Dot Directory)", + status: 'Incomplete', + }, + { + id: 'CWE-550', + name: 'Information Exposure Through Server Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-551', + name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', + status: 'Incomplete', + }, + { + id: 'CWE-552', + name: 'Files or Directories Accessible to External Parties', + status: 'Draft', + }, + { + id: 'CWE-553', + name: 'Command Shell in Externally Accessible Directory', + status: 'Incomplete', + }, + { + id: 'CWE-554', + name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', + status: 'Draft', + }, + { + id: 'CWE-555', + name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-556', + name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', + status: 'Incomplete', + }, + { + id: 'CWE-558', + name: 'Use of getlogin() in Multithreaded Application', + status: 'Draft', + }, + { + id: 'CWE-56', + name: "Path Equivalence: 'filedir*' (Wildcard)", + status: 'Incomplete', + }, + { + id: 'CWE-560', + name: 'Use of umask() with chmod-style Argument', + status: 'Draft', + }, + { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, + { + id: 'CWE-562', + name: 'Return of Stack Variable Address', + status: 'Draft', + }, + { id: 'CWE-563', name: 'Unused Variable', status: 'Draft' }, + { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, + { + id: 'CWE-565', + name: 'Reliance on Cookies without Validation and Integrity Checking', + status: 'Incomplete', + }, + { + id: 'CWE-566', + name: 'Authorization Bypass Through User-Controlled SQL Primary Key', + status: 'Incomplete', + }, + { + id: 'CWE-567', + name: 'Unsynchronized Access to Shared Data in a Multithreaded Context', + status: 'Draft', + }, + { + id: 'CWE-568', + name: 'finalize() Method Without super.finalize()', + status: 'Draft', + }, + { + id: 'CWE-57', + name: "Path Equivalence: 'fakedir/../realdir/filename'", + status: 'Incomplete', + }, + { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, + { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, + { + id: 'CWE-572', + name: 'Call to Thread run() instead of start()', + status: 'Draft', + }, + { + id: 'CWE-573', + name: 'Improper Following of Specification by Caller', + status: 'Draft', + }, + { + id: 'CWE-574', + name: 'EJB Bad Practices: Use of Synchronization Primitives', + status: 'Draft', + }, + { + id: 'CWE-575', + name: 'EJB Bad Practices: Use of AWT Swing', + status: 'Draft', + }, + { + id: 'CWE-576', + name: 'EJB Bad Practices: Use of Java I/O', + status: 'Draft', + }, + { + id: 'CWE-577', + name: 'EJB Bad Practices: Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-578', + name: 'EJB Bad Practices: Use of Class Loader', + status: 'Draft', + }, + { + id: 'CWE-579', + name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', + status: 'Draft', + }, + { + id: 'CWE-58', + name: 'Path Equivalence: Windows 8.3 Filename', + status: 'Incomplete', + }, + { + id: 'CWE-580', + name: 'clone() Method Without super.clone()', + status: 'Draft', + }, + { + id: 'CWE-581', + name: 'Object Model Violation: Just One of Equals and Hashcode Defined', + status: 'Draft', + }, + { + id: 'CWE-582', + name: 'Array Declared Public, Final, and Static', + status: 'Draft', + }, + { + id: 'CWE-583', + name: 'finalize() Method Declared Public', + status: 'Incomplete', + }, + { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, + { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, + { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, + { + id: 'CWE-587', + name: 'Assignment of a Fixed Address to a Pointer', + status: 'Draft', + }, + { + id: 'CWE-588', + name: 'Attempt to Access Child of a Non-structure Pointer', + status: 'Incomplete', + }, + { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, + { + id: 'CWE-59', + name: "Improper Link Resolution Before File Access ('Link Following')", + status: 'Draft', + }, + { + id: 'CWE-590', + name: 'Free of Memory not on the Heap', + status: 'Incomplete', + }, + { + id: 'CWE-591', + name: 'Sensitive Data Storage in Improperly Locked Memory', + status: 'Draft', + }, + { + id: 'CWE-592', + name: 'Authentication Bypass Issues', + status: 'Incomplete', + }, + { + id: 'CWE-593', + name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', + status: 'Draft', + }, + { + id: 'CWE-594', + name: 'J2EE Framework: Saving Unserializable Objects to Disk', + status: 'Incomplete', + }, + { + id: 'CWE-595', + name: 'Comparison of Object References Instead of Object Contents', + status: 'Incomplete', + }, + { + id: 'CWE-596', + name: 'Incorrect Semantic Object Comparison', + status: 'Incomplete', + }, + { + id: 'CWE-597', + name: 'Use of Wrong Operator in String Comparison', + status: 'Draft', + }, + { + id: 'CWE-598', + name: 'Information Exposure Through Query Strings in GET Request', + status: 'Draft', + }, + { + id: 'CWE-599', + name: 'Trust of OpenSSL Certificate Without Validation', + status: 'Incomplete', + }, + { + id: 'CWE-6', + name: 'J2EE Misconfiguration: Insufficient Session-ID Length', + status: 'Incomplete', + }, + { id: 'CWE-600', name: 'Uncaught Exception in Servlet ', status: 'Draft' }, + { + id: 'CWE-601', + name: "URL Redirection to Untrusted Site ('Open Redirect')", + status: 'Draft', + }, + { + id: 'CWE-602', + name: 'Client-Side Enforcement of Server-Side Security', + status: 'Draft', + }, + { + id: 'CWE-603', + name: 'Use of Client-Side Authentication', + status: 'Draft', + }, + { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, + { + id: 'CWE-606', + name: 'Unchecked Input for Loop Condition', + status: 'Draft', + }, + { + id: 'CWE-607', + name: 'Public Static Final Field References Mutable Object', + status: 'Draft', + }, + { + id: 'CWE-608', + name: 'Struts: Non-private Field in ActionForm Class', + status: 'Draft', + }, + { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, + { + id: 'CWE-610', + name: 'Externally Controlled Reference to a Resource in Another Sphere', + status: 'Draft', + }, + { + id: 'CWE-611', + name: 'Information Exposure Through XML External Entity Reference', + status: 'Draft', + }, + { + id: 'CWE-612', + name: 'Information Exposure Through Indexing of Private Data', + status: 'Draft', + }, + { + id: 'CWE-613', + name: 'Insufficient Session Expiration', + status: 'Incomplete', + }, + { + id: 'CWE-614', + name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", + status: 'Draft', + }, + { + id: 'CWE-615', + name: 'Information Exposure Through Comments', + status: 'Incomplete', + }, + { + id: 'CWE-616', + name: 'Incomplete Identification of Uploaded File Variables (PHP)', + status: 'Incomplete', + }, + { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, + { + id: 'CWE-618', + name: 'Exposed Unsafe ActiveX Method', + status: 'Incomplete', + }, + { + id: 'CWE-619', + name: "Dangling Database Cursor ('Cursor Injection')", + status: 'Incomplete', + }, + { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, + { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, + { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, + { + id: 'CWE-622', + name: 'Unvalidated Function Hook Arguments', + status: 'Draft', + }, + { + id: 'CWE-623', + name: 'Unsafe ActiveX Control Marked Safe For Scripting', + status: 'Draft', + }, + { + id: 'CWE-624', + name: 'Executable Regular Expression Error', + status: 'Incomplete', + }, + { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, + { + id: 'CWE-626', + name: 'Null Byte Interaction Error (Poison Null Byte)', + status: 'Draft', + }, + { + id: 'CWE-627', + name: 'Dynamic Variable Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-628', + name: 'Function Call with Incorrectly Specified Arguments', + status: 'Draft', + }, + { + id: 'CWE-636', + name: "Not Failing Securely ('Failing Open')", + status: 'Draft', + }, + { + id: 'CWE-637', + name: "Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')", + status: 'Draft', + }, + { id: 'CWE-638', name: 'Not Using Complete Mediation', status: 'Draft' }, + { + id: 'CWE-639', + name: 'Authorization Bypass Through User-Controlled Key', + status: 'Incomplete', + }, + { + id: 'CWE-64', + name: 'Windows Shortcut Following (.LNK)', + status: 'Incomplete', + }, + { + id: 'CWE-640', + name: 'Weak Password Recovery Mechanism for Forgotten Password', + status: 'Incomplete', + }, + { + id: 'CWE-641', + name: 'Improper Restriction of Names for Files and Other Resources', + status: 'Incomplete', + }, + { + id: 'CWE-642', + name: 'External Control of Critical State Data', + status: 'Draft', + }, + { + id: 'CWE-643', + name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-644', + name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', + status: 'Incomplete', + }, + { + id: 'CWE-645', + name: 'Overly Restrictive Account Lockout Mechanism', + status: 'Incomplete', + }, + { + id: 'CWE-646', + name: 'Reliance on File Name or Extension of Externally-Supplied File', + status: 'Incomplete', + }, + { + id: 'CWE-647', + name: 'Use of Non-Canonical URL Paths for Authorization Decisions', + status: 'Incomplete', + }, + { + id: 'CWE-648', + name: 'Incorrect Use of Privileged APIs', + status: 'Incomplete', + }, + { + id: 'CWE-649', + name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', + status: 'Incomplete', + }, + { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, + { + id: 'CWE-650', + name: 'Trusting HTTP Permission Methods on the Server Side', + status: 'Incomplete', + }, + { + id: 'CWE-651', + name: 'Information Exposure Through WSDL File', + status: 'Incomplete', + }, + { + id: 'CWE-652', + name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-653', + name: 'Insufficient Compartmentalization', + status: 'Draft', + }, + { + id: 'CWE-654', + name: 'Reliance on a Single Factor in a Security Decision', + status: 'Draft', + }, + { + id: 'CWE-655', + name: 'Insufficient Psychological Acceptability', + status: 'Draft', + }, + { + id: 'CWE-656', + name: 'Reliance on Security Through Obscurity', + status: 'Draft', + }, + { + id: 'CWE-657', + name: 'Violation of Secure Design Principles', + status: 'Draft', + }, + { + id: 'CWE-66', + name: 'Improper Handling of File Names that Identify Virtual Resources', + status: 'Draft', + }, + { id: 'CWE-662', name: 'Improper Synchronization', status: 'Draft' }, + { + id: 'CWE-663', + name: 'Use of a Non-reentrant Function in a Concurrent Context', + status: 'Draft', + }, + { + id: 'CWE-664', + name: 'Improper Control of a Resource Through its Lifetime', + status: 'Draft', + }, + { id: 'CWE-665', name: 'Improper Initialization', status: 'Draft' }, + { + id: 'CWE-666', + name: 'Operation on Resource in Wrong Phase of Lifetime', + status: 'Draft', + }, + { id: 'CWE-667', name: 'Improper Locking', status: 'Draft' }, + { + id: 'CWE-668', + name: 'Exposure of Resource to Wrong Sphere', + status: 'Draft', + }, + { + id: 'CWE-669', + name: 'Incorrect Resource Transfer Between Spheres', + status: 'Draft', + }, + { + id: 'CWE-67', + name: 'Improper Handling of Windows Device Names', + status: 'Incomplete', + }, + { + id: 'CWE-670', + name: 'Always-Incorrect Control Flow Implementation', + status: 'Draft', + }, + { + id: 'CWE-671', + name: 'Lack of Administrator Control over Security', + status: 'Draft', + }, + { + id: 'CWE-672', + name: 'Operation on a Resource after Expiration or Release', + status: 'Draft', + }, + { + id: 'CWE-673', + name: 'External Influence of Sphere Definition', + status: 'Draft', + }, + { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, + { + id: 'CWE-675', + name: 'Duplicate Operations on Resource', + status: 'Draft', + }, + { + id: 'CWE-676', + name: 'Use of Potentially Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-681', + name: 'Incorrect Conversion between Numeric Types', + status: 'Draft', + }, + { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, + { + id: 'CWE-683', + name: 'Function Call With Incorrect Order of Arguments', + status: 'Draft', + }, + { + id: 'CWE-684', + name: 'Incorrect Provision of Specified Functionality', + status: 'Draft', + }, + { + id: 'CWE-685', + name: 'Function Call With Incorrect Number of Arguments', + status: 'Draft', + }, + { + id: 'CWE-686', + name: 'Function Call With Incorrect Argument Type', + status: 'Draft', + }, + { + id: 'CWE-687', + name: 'Function Call With Incorrectly Specified Argument Value', + status: 'Draft', + }, + { + id: 'CWE-688', + name: 'Function Call With Incorrect Variable or Reference as Argument', + status: 'Draft', + }, + { + id: 'CWE-69', + name: 'Improper Handling of Windows ::DATA Alternate Data Stream', + status: 'Incomplete', + }, + { + id: 'CWE-691', + name: 'Insufficient Control Flow Management', + status: 'Draft', + }, + { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, + { + id: 'CWE-694', + name: 'Use of Multiple Resources with Duplicate Identifier', + status: 'Incomplete', + }, + { + id: 'CWE-695', + name: 'Use of Low-Level Functionality', + status: 'Incomplete', + }, + { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, + { id: 'CWE-697', name: 'Insufficient Comparison', status: 'Incomplete' }, + { id: 'CWE-698', name: 'Redirect Without Exit', status: 'Incomplete' }, + { + id: 'CWE-7', + name: 'J2EE Misconfiguration: Missing Custom Error Page', + status: 'Incomplete', + }, + { + id: 'CWE-703', + name: 'Improper Check or Handling of Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-704', + name: 'Incorrect Type Conversion or Cast', + status: 'Incomplete', + }, + { + id: 'CWE-705', + name: 'Incorrect Control Flow Scoping', + status: 'Incomplete', + }, + { + id: 'CWE-706', + name: 'Use of Incorrectly-Resolved Name or Reference', + status: 'Incomplete', + }, + { + id: 'CWE-707', + name: 'Improper Enforcement of Message or Data Structure', + status: 'Incomplete', + }, + { + id: 'CWE-708', + name: 'Incorrect Ownership Assignment', + status: 'Incomplete', + }, + { id: 'CWE-71', name: "Apple '.DS_Store'", status: 'Incomplete' }, + { id: 'CWE-710', name: 'Coding Standards Violation', status: 'Incomplete' }, + { + id: 'CWE-72', + name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', + status: 'Incomplete', + }, + { + id: 'CWE-73', + name: 'External Control of File Name or Path', + status: 'Draft', + }, + { + id: 'CWE-732', + name: 'Incorrect Permission Assignment for Critical Resource', + status: 'Draft', + }, + { + id: 'CWE-733', + name: 'Compiler Optimization Removal or Modification of Security-critical Code', + status: 'Incomplete', + }, + { + id: 'CWE-74', + name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-749', + name: 'Exposed Dangerous Method or Function', + status: 'Incomplete', + }, + { + id: 'CWE-75', + name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', + status: 'Draft', + }, + { + id: 'CWE-754', + name: 'Improper Check for Unusual or Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-755', + name: 'Improper Handling of Exceptional Conditions', + status: 'Incomplete', + }, + { id: 'CWE-756', name: 'Missing Custom Error Page', status: 'Incomplete' }, + { + id: 'CWE-757', + name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", + status: 'Incomplete', + }, + { + id: 'CWE-758', + name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', + status: 'Incomplete', + }, + { + id: 'CWE-759', + name: 'Use of a One-Way Hash without a Salt', + status: 'Incomplete', + }, + { + id: 'CWE-76', + name: 'Improper Neutralization of Equivalent Special Elements', + status: 'Draft', + }, + { + id: 'CWE-760', + name: 'Use of a One-Way Hash with a Predictable Salt', + status: 'Incomplete', + }, + { + id: 'CWE-761', + name: 'Free of Pointer not at Start of Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-762', + name: 'Mismatched Memory Management Routines', + status: 'Incomplete', + }, + { + id: 'CWE-763', + name: 'Release of Invalid Pointer or Reference', + status: 'Incomplete', + }, + { + id: 'CWE-764', + name: 'Multiple Locks of a Critical Resource', + status: 'Incomplete', + }, + { + id: 'CWE-765', + name: 'Multiple Unlocks of a Critical Resource', + status: 'Incomplete', + }, + { + id: 'CWE-766', + name: 'Critical Variable Declared Public', + status: 'Incomplete', + }, + { + id: 'CWE-767', + name: 'Access to Critical Private Variable via Public Method', + status: 'Incomplete', + }, + { + id: 'CWE-768', + name: 'Incorrect Short Circuit Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-77', + name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", + status: 'Draft', + }, + { + id: 'CWE-770', + name: 'Allocation of Resources Without Limits or Throttling', + status: 'Incomplete', + }, + { + id: 'CWE-771', + name: 'Missing Reference to Active Allocated Resource', + status: 'Incomplete', + }, + { + id: 'CWE-772', + name: 'Missing Release of Resource after Effective Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-773', + name: 'Missing Reference to Active File Descriptor or Handle', + status: 'Incomplete', + }, + { + id: 'CWE-774', + name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', + status: 'Incomplete', + }, + { + id: 'CWE-775', + name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-776', + name: "Unrestricted Recursive Entity References in DTDs ('XML Bomb')", + status: 'Draft', + }, + { + id: 'CWE-777', + name: 'Regular Expression without Anchors', + status: 'Incomplete', + }, + { id: 'CWE-778', name: 'Insufficient Logging', status: 'Draft' }, + { id: 'CWE-779', name: 'Logging of Excessive Data', status: 'Draft' }, + { + id: 'CWE-78', + name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", + status: 'Draft', + }, + { + id: 'CWE-780', + name: 'Use of RSA Algorithm without OAEP', + status: 'Incomplete', + }, + { + id: 'CWE-781', + name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', + status: 'Draft', + }, + { + id: 'CWE-782', + name: 'Exposed IOCTL with Insufficient Access Control', + status: 'Draft', + }, + { id: 'CWE-783', name: 'Operator Precedence Logic Error', status: 'Draft' }, + { + id: 'CWE-784', + name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', + status: 'Draft', + }, + { + id: 'CWE-785', + name: 'Use of Path Manipulation Function without Maximum-sized Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-786', + name: 'Access of Memory Location Before Start of Buffer', + status: 'Incomplete', + }, + { id: 'CWE-787', name: 'Out-of-bounds Write', status: 'Incomplete' }, + { + id: 'CWE-788', + name: 'Access of Memory Location After End of Buffer', + status: 'Incomplete', + }, + { id: 'CWE-789', name: 'Uncontrolled Memory Allocation', status: 'Draft' }, + { + id: 'CWE-79', + name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + status: 'Usable', + }, + { + id: 'CWE-790', + name: 'Improper Filtering of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-791', + name: 'Incomplete Filtering of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-792', + name: 'Incomplete Filtering of One or More Instances of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-793', + name: 'Only Filtering One Instance of a Special Element', + status: 'Incomplete', + }, + { + id: 'CWE-794', + name: 'Incomplete Filtering of Multiple Instances of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-795', + name: 'Only Filtering Special Elements at a Specified Location', + status: 'Incomplete', + }, + { + id: 'CWE-796', + name: 'Only Filtering Special Elements Relative to a Marker', + status: 'Incomplete', + }, + { + id: 'CWE-797', + name: 'Only Filtering Special Elements at an Absolute Position', + status: 'Incomplete', + }, + { + id: 'CWE-798', + name: 'Use of Hard-coded Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-799', + name: 'Improper Control of Interaction Frequency', + status: 'Incomplete', + }, + { + id: 'CWE-8', + name: 'J2EE Misconfiguration: Entity Bean Declared Remote', + status: 'Incomplete', + }, + { + id: 'CWE-80', + name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', + status: 'Incomplete', + }, + { id: 'CWE-804', name: 'Guessable CAPTCHA', status: 'Incomplete' }, + { + id: 'CWE-805', + name: 'Buffer Access with Incorrect Length Value', + status: 'Incomplete', + }, + { + id: 'CWE-806', + name: 'Buffer Access Using Size of Source Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-807', + name: 'Reliance on Untrusted Inputs in a Security Decision', + status: 'Incomplete', + }, + { + id: 'CWE-81', + name: 'Improper Neutralization of Script in an Error Message Web Page', + status: 'Incomplete', + }, + { + id: 'CWE-82', + name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', + status: 'Incomplete', + }, + { id: 'CWE-820', name: 'Missing Synchronization', status: 'Incomplete' }, + { id: 'CWE-821', name: 'Incorrect Synchronization', status: 'Incomplete' }, + { + id: 'CWE-822', + name: 'Untrusted Pointer Dereference', + status: 'Incomplete', + }, + { + id: 'CWE-823', + name: 'Use of Out-of-range Pointer Offset', + status: 'Incomplete', + }, + { + id: 'CWE-824', + name: 'Access of Uninitialized Pointer', + status: 'Incomplete', + }, + { + id: 'CWE-825', + name: 'Expired Pointer Dereference', + status: 'Incomplete', + }, + { + id: 'CWE-826', + name: 'Premature Release of Resource During Expected Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-827', + name: 'Improper Control of Document Type Definition', + status: 'Incomplete', + }, + { + id: 'CWE-828', + name: 'Signal Handler with Functionality that is not Asynchronous-Safe', + status: 'Incomplete', + }, + { + id: 'CWE-829', + name: 'Inclusion of Functionality from Untrusted Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-83', + name: 'Improper Neutralization of Script in Attributes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-830', + name: 'Inclusion of Web Functionality from an Untrusted Source', + status: 'Incomplete', + }, + { + id: 'CWE-831', + name: 'Signal Handler Function Associated with Multiple Signals', + status: 'Incomplete', + }, + { + id: 'CWE-832', + name: 'Unlock of a Resource that is not Locked', + status: 'Incomplete', + }, + { id: 'CWE-833', name: 'Deadlock', status: 'Incomplete' }, + { id: 'CWE-834', name: 'Excessive Iteration', status: 'Incomplete' }, + { + id: 'CWE-835', + name: "Loop with Unreachable Exit Condition ('Infinite Loop')", + status: 'Incomplete', + }, + { + id: 'CWE-836', + name: 'Use of Password Hash Instead of Password for Authentication', + status: 'Incomplete', + }, + { + id: 'CWE-837', + name: 'Improper Enforcement of a Single, Unique Action', + status: 'Incomplete', + }, + { + id: 'CWE-838', + name: 'Inappropriate Encoding for Output Context', + status: 'Incomplete', + }, + { + id: 'CWE-839', + name: 'Numeric Range Comparison Without Minimum Check', + status: 'Incomplete', + }, + { + id: 'CWE-84', + name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-841', + name: 'Improper Enforcement of Behavioral Workflow', + status: 'Incomplete', + }, + { + id: 'CWE-842', + name: 'Placement of User into Incorrect Group', + status: 'Incomplete', + }, + { + id: 'CWE-85', + name: 'Doubled Character XSS Manipulations', + status: 'Draft', + }, + { + id: 'CWE-86', + name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', + status: 'Draft', + }, + { + id: 'CWE-87', + name: 'Improper Neutralization of Alternate XSS Syntax', + status: 'Draft', + }, + { + id: 'CWE-88', + name: 'Argument Injection or Modification', + status: 'Draft', + }, + { + id: 'CWE-89', + name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + status: 'Draft', + }, + { + id: 'CWE-9', + name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', + status: 'Draft', + }, + { + id: 'CWE-90', + name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", + status: 'Draft', + }, + { + id: 'CWE-91', + name: 'XML Injection (aka Blind XPath Injection)', + status: 'Draft', + }, + { + id: 'CWE-92', + name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', + status: 'Deprecated', + }, + { + id: 'CWE-93', + name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", + status: 'Draft', + }, + { + id: 'CWE-94', + name: "Improper Control of Generation of Code ('Code Injection')", + status: 'Draft', + }, + { + id: 'CWE-95', + name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-96', + name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", + status: 'Draft', + }, + { + id: 'CWE-97', + name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', + status: 'Draft', + }, + { + id: 'CWE-98', + name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP File Inclusion')", + status: 'Draft', + }, + { + id: 'CWE-99', + name: "Improper Control of Resource Identifiers ('Resource Injection')", + status: 'Draft', + }, + ], +} diff --git a/lib/cwec/1.13.js b/lib/cwec/1.13.js new file mode 100644 index 00000000..fd9b0642 --- /dev/null +++ b/lib/cwec/1.13.js @@ -0,0 +1,2829 @@ +export default { + weaknesses: [ + { + id: 'CWE-102', + name: 'Struts: Duplicate Validation Forms', + status: 'Incomplete', + }, + { + id: 'CWE-103', + name: 'Struts: Incomplete validate() Method Definition', + status: 'Draft', + }, + { + id: 'CWE-104', + name: 'Struts: Form Bean Does Not Extend Validation Class', + status: 'Draft', + }, + { + id: 'CWE-105', + name: 'Struts: Form Field Without Validator', + status: 'Draft', + }, + { + id: 'CWE-106', + name: 'Struts: Plug-in Framework not in Use', + status: 'Draft', + }, + { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, + { + id: 'CWE-108', + name: 'Struts: Unvalidated Action Form', + status: 'Incomplete', + }, + { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, + { + id: 'CWE-11', + name: 'ASP.NET Misconfiguration: Creating Debug Binary', + status: 'Draft', + }, + { + id: 'CWE-110', + name: 'Struts: Validator Without Form Field', + status: 'Draft', + }, + { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, + { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, + { + id: 'CWE-113', + name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')", + status: 'Incomplete', + }, + { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, + { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, + { + id: 'CWE-116', + name: 'Improper Encoding or Escaping of Output', + status: 'Draft', + }, + { + id: 'CWE-117', + name: 'Improper Output Neutralization for Logs', + status: 'Draft', + }, + { + id: 'CWE-118', + name: "Improper Access of Indexable Resource ('Range Error')", + status: 'Incomplete', + }, + { + id: 'CWE-119', + name: 'Improper Restriction of Operations within the Bounds of a Memory Buffer', + status: 'Usable', + }, + { + id: 'CWE-12', + name: 'ASP.NET Misconfiguration: Missing Custom Error Page', + status: 'Draft', + }, + { + id: 'CWE-120', + name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", + status: 'Incomplete', + }, + { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, + { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, + { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, + { + id: 'CWE-124', + name: "Buffer Underwrite ('Buffer Underflow')", + status: 'Incomplete', + }, + { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, + { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, + { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, + { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, + { + id: 'CWE-129', + name: 'Improper Validation of Array Index', + status: 'Draft', + }, + { + id: 'CWE-13', + name: 'ASP.NET Misconfiguration: Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-130', + name: 'Improper Handling of Length Parameter Inconsistency ', + status: 'Incomplete', + }, + { + id: 'CWE-131', + name: 'Incorrect Calculation of Buffer Size', + status: 'Draft', + }, + { + id: 'CWE-132', + name: 'DEPRECATED (Duplicate): Miscalculated Null Termination', + status: 'Deprecated', + }, + { id: 'CWE-134', name: 'Uncontrolled Format String', status: 'Draft' }, + { + id: 'CWE-135', + name: 'Incorrect Calculation of Multi-Byte String Length', + status: 'Draft', + }, + { + id: 'CWE-138', + name: 'Improper Neutralization of Special Elements', + status: 'Draft', + }, + { + id: 'CWE-14', + name: 'Compiler Removal of Code to Clear Buffers', + status: 'Draft', + }, + { + id: 'CWE-140', + name: 'Improper Neutralization of Delimiters', + status: 'Draft', + }, + { + id: 'CWE-141', + name: 'Improper Neutralization of Parameter/Argument Delimiters', + status: 'Draft', + }, + { + id: 'CWE-142', + name: 'Improper Neutralization of Value Delimiters', + status: 'Draft', + }, + { + id: 'CWE-143', + name: 'Improper Neutralization of Record Delimiters', + status: 'Draft', + }, + { + id: 'CWE-144', + name: 'Improper Neutralization of Line Delimiters', + status: 'Draft', + }, + { + id: 'CWE-145', + name: 'Improper Neutralization of Section Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-146', + name: 'Improper Neutralization of Expression/Command Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-147', + name: 'Improper Neutralization of Input Terminators', + status: 'Draft', + }, + { + id: 'CWE-148', + name: 'Improper Neutralization of Input Leaders', + status: 'Draft', + }, + { + id: 'CWE-149', + name: 'Improper Neutralization of Quoting Syntax', + status: 'Draft', + }, + { + id: 'CWE-15', + name: 'External Control of System or Configuration Setting', + status: 'Incomplete', + }, + { + id: 'CWE-150', + name: 'Improper Neutralization of Escape, Meta, or Control Sequences', + status: 'Incomplete', + }, + { + id: 'CWE-151', + name: 'Improper Neutralization of Comment Delimiters', + status: 'Draft', + }, + { + id: 'CWE-152', + name: 'Improper Neutralization of Macro Symbols', + status: 'Draft', + }, + { + id: 'CWE-153', + name: 'Improper Neutralization of Substitution Characters', + status: 'Draft', + }, + { + id: 'CWE-154', + name: 'Improper Neutralization of Variable Name Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-155', + name: 'Improper Neutralization of Wildcards or Matching Symbols', + status: 'Draft', + }, + { + id: 'CWE-156', + name: 'Improper Neutralization of Whitespace', + status: 'Draft', + }, + { + id: 'CWE-157', + name: 'Failure to Sanitize Paired Delimiters', + status: 'Draft', + }, + { + id: 'CWE-158', + name: 'Improper Neutralization of Null Byte or NUL Character', + status: 'Incomplete', + }, + { + id: 'CWE-159', + name: 'Failure to Sanitize Special Element', + status: 'Draft', + }, + { + id: 'CWE-160', + name: 'Improper Neutralization of Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-161', + name: 'Improper Neutralization of Multiple Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-162', + name: 'Improper Neutralization of Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-163', + name: 'Improper Neutralization of Multiple Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-164', + name: 'Improper Neutralization of Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-165', + name: 'Improper Neutralization of Multiple Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-166', + name: 'Improper Handling of Missing Special Element', + status: 'Draft', + }, + { + id: 'CWE-167', + name: 'Improper Handling of Additional Special Element', + status: 'Draft', + }, + { + id: 'CWE-168', + name: 'Improper Handling of Inconsistent Special Elements', + status: 'Draft', + }, + { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, + { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, + { + id: 'CWE-173', + name: 'Improper Handling of Alternate Encoding', + status: 'Draft', + }, + { + id: 'CWE-174', + name: 'Double Decoding of the Same Data', + status: 'Draft', + }, + { + id: 'CWE-175', + name: 'Improper Handling of Mixed Encoding', + status: 'Draft', + }, + { + id: 'CWE-176', + name: 'Improper Handling of Unicode Encoding', + status: 'Draft', + }, + { + id: 'CWE-177', + name: 'Improper Handling of URL Encoding (Hex Encoding)', + status: 'Draft', + }, + { + id: 'CWE-178', + name: 'Improper Handling of Case Sensitivity', + status: 'Incomplete', + }, + { + id: 'CWE-179', + name: 'Incorrect Behavior Order: Early Validation', + status: 'Incomplete', + }, + { + id: 'CWE-180', + name: 'Incorrect Behavior Order: Validate Before Canonicalize', + status: 'Draft', + }, + { + id: 'CWE-181', + name: 'Incorrect Behavior Order: Validate Before Filter', + status: 'Draft', + }, + { + id: 'CWE-182', + name: 'Collapse of Data into Unsafe Value', + status: 'Draft', + }, + { id: 'CWE-183', name: 'Permissive Whitelist', status: 'Draft' }, + { id: 'CWE-184', name: 'Incomplete Blacklist', status: 'Draft' }, + { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, + { + id: 'CWE-186', + name: 'Overly Restrictive Regular Expression', + status: 'Draft', + }, + { id: 'CWE-187', name: 'Partial Comparison', status: 'Incomplete' }, + { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, + { + id: 'CWE-190', + name: 'Integer Overflow or Wraparound', + status: 'Incomplete', + }, + { + id: 'CWE-191', + name: 'Integer Underflow (Wrap or Wraparound)', + status: 'Draft', + }, + { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, + { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, + { + id: 'CWE-195', + name: 'Signed to Unsigned Conversion Error', + status: 'Draft', + }, + { + id: 'CWE-196', + name: 'Unsigned to Signed Conversion Error', + status: 'Draft', + }, + { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, + { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, + { id: 'CWE-20', name: 'Improper Input Validation', status: 'Usable' }, + { id: 'CWE-200', name: 'Information Exposure', status: 'Incomplete' }, + { + id: 'CWE-201', + name: 'Information Exposure Through Sent Data', + status: 'Draft', + }, + { + id: 'CWE-202', + name: 'Exposure of Sensitive Data Through Data Queries', + status: 'Draft', + }, + { + id: 'CWE-203', + name: 'Information Exposure Through Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-204', + name: 'Response Discrepancy Information Exposure', + status: 'Incomplete', + }, + { + id: 'CWE-205', + name: 'Information Exposure Through Behavioral Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-206', + name: 'Information Exposure of Internal State Through Behavioral Inconsistency', + status: 'Incomplete', + }, + { + id: 'CWE-207', + name: 'Information Exposure Through an External Behavioral Inconsistency', + status: 'Draft', + }, + { + id: 'CWE-208', + name: 'Information Exposure Through Timing Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-209', + name: 'Information Exposure Through an Error Message', + status: 'Draft', + }, + { + id: 'CWE-210', + name: 'Information Exposure Through Generated Error Message', + status: 'Draft', + }, + { + id: 'CWE-211', + name: 'Information Exposure Through External Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-212', + name: 'Improper Cross-boundary Removal of Sensitive Data', + status: 'Incomplete', + }, + { + id: 'CWE-213', + name: 'Intentional Information Exposure', + status: 'Draft', + }, + { + id: 'CWE-214', + name: 'Information Exposure Through Process Environment', + status: 'Incomplete', + }, + { + id: 'CWE-215', + name: 'Information Exposure Through Debug Information', + status: 'Draft', + }, + { + id: 'CWE-216', + name: 'Containment Errors (Container Errors)', + status: 'Incomplete', + }, + { + id: 'CWE-217', + name: 'DEPRECATED: Failure to Protect Stored Data from Modification', + status: 'Deprecated', + }, + { + id: 'CWE-218', + name: 'DEPRECATED (Duplicate): Failure to provide confidentiality for stored data', + status: 'Deprecated', + }, + { id: 'CWE-219', name: 'Sensitive Data Under Web Root', status: 'Draft' }, + { + id: 'CWE-22', + name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + status: 'Draft', + }, + { id: 'CWE-220', name: 'Sensitive Data Under FTP Root', status: 'Draft' }, + { + id: 'CWE-221', + name: 'Information Loss or Omission', + status: 'Incomplete', + }, + { + id: 'CWE-222', + name: 'Truncation of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-223', + name: 'Omission of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-224', + name: 'Obscured Security-relevant Information by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-225', + name: 'DEPRECATED (Duplicate): General Information Management Problems', + status: 'Deprecated', + }, + { + id: 'CWE-226', + name: 'Sensitive Information Uncleared Before Release', + status: 'Draft', + }, + { + id: 'CWE-227', + name: "Improper Fulfillment of API Contract ('API Abuse')", + status: 'Draft', + }, + { + id: 'CWE-228', + name: 'Improper Handling of Syntactically Invalid Structure', + status: 'Incomplete', + }, + { + id: 'CWE-229', + name: 'Improper Handling of Values', + status: 'Incomplete', + }, + { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, + { + id: 'CWE-230', + name: 'Improper Handling of Missing Values', + status: 'Draft', + }, + { + id: 'CWE-231', + name: 'Improper Handling of Extra Values', + status: 'Draft', + }, + { + id: 'CWE-232', + name: 'Improper Handling of Undefined Values', + status: 'Draft', + }, + { id: 'CWE-233', name: 'Parameter Problems', status: 'Incomplete' }, + { + id: 'CWE-234', + name: 'Failure to Handle Missing Parameter', + status: 'Incomplete', + }, + { + id: 'CWE-235', + name: 'Improper Handling of Extra Parameters', + status: 'Draft', + }, + { + id: 'CWE-236', + name: 'Improper Handling of Undefined Parameters', + status: 'Draft', + }, + { + id: 'CWE-237', + name: 'Improper Handling of Structural Elements', + status: 'Incomplete', + }, + { + id: 'CWE-238', + name: 'Improper Handling of Incomplete Structural Elements', + status: 'Draft', + }, + { + id: 'CWE-239', + name: 'Failure to Handle Incomplete Element', + status: 'Draft', + }, + { + id: 'CWE-24', + name: "Path Traversal: '../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-240', + name: 'Improper Handling of Inconsistent Structural Elements', + status: 'Draft', + }, + { + id: 'CWE-241', + name: 'Improper Handling of Unexpected Data Type', + status: 'Draft', + }, + { + id: 'CWE-242', + name: 'Use of Inherently Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-243', + name: 'Creation of chroot Jail Without Changing Working Directory', + status: 'Draft', + }, + { + id: 'CWE-244', + name: "Improper Clearing of Heap Memory Before Release ('Heap Inspection')", + status: 'Draft', + }, + { + id: 'CWE-245', + name: 'J2EE Bad Practices: Direct Management of Connections', + status: 'Draft', + }, + { + id: 'CWE-246', + name: 'J2EE Bad Practices: Direct Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-247', + name: 'Reliance on DNS Lookups in a Security Decision', + status: 'Incomplete', + }, + { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, + { + id: 'CWE-249', + name: 'DEPRECATED: Often Misused: Path Manipulation', + status: 'Deprecated', + }, + { + id: 'CWE-25', + name: "Path Traversal: '/../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-250', + name: 'Execution with Unnecessary Privileges', + status: 'Draft', + }, + { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, + { + id: 'CWE-253', + name: 'Incorrect Check of Function Return Value', + status: 'Incomplete', + }, + { + id: 'CWE-256', + name: 'Plaintext Storage of a Password', + status: 'Incomplete', + }, + { + id: 'CWE-257', + name: 'Storing Passwords in a Recoverable Format', + status: 'Incomplete', + }, + { + id: 'CWE-258', + name: 'Empty Password in Configuration File', + status: 'Incomplete', + }, + { id: 'CWE-259', name: 'Use of Hard-coded Password', status: 'Draft' }, + { + id: 'CWE-26', + name: "Path Traversal: '/dir/../filename'", + status: 'Draft', + }, + { + id: 'CWE-260', + name: 'Password in Configuration File', + status: 'Incomplete', + }, + { + id: 'CWE-261', + name: 'Weak Cryptography for Passwords', + status: 'Incomplete', + }, + { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, + { + id: 'CWE-263', + name: 'Password Aging with Long Expiration', + status: 'Draft', + }, + { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, + { + id: 'CWE-267', + name: 'Privilege Defined With Unsafe Actions', + status: 'Incomplete', + }, + { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, + { + id: 'CWE-269', + name: 'Improper Privilege Management', + status: 'Incomplete', + }, + { + id: 'CWE-27', + name: "Path Traversal: 'dir/../../filename'", + status: 'Draft', + }, + { + id: 'CWE-270', + name: 'Privilege Context Switching Error', + status: 'Draft', + }, + { + id: 'CWE-271', + name: 'Privilege Dropping / Lowering Errors', + status: 'Incomplete', + }, + { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, + { + id: 'CWE-273', + name: 'Improper Check for Dropped Privileges', + status: 'Incomplete', + }, + { + id: 'CWE-274', + name: 'Improper Handling of Insufficient Privileges', + status: 'Draft', + }, + { id: 'CWE-276', name: 'Incorrect Default Permissions', status: 'Draft' }, + { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, + { + id: 'CWE-278', + name: 'Insecure Preserved Inherited Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-279', + name: 'Incorrect Execution-Assigned Permissions', + status: 'Draft', + }, + { + id: 'CWE-28', + name: "Path Traversal: '..\\filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-280', + name: 'Improper Handling of Insufficient Permissions or Privileges ', + status: 'Draft', + }, + { + id: 'CWE-281', + name: 'Improper Preservation of Permissions', + status: 'Draft', + }, + { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, + { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, + { id: 'CWE-284', name: 'Improper Access Control', status: 'Incomplete' }, + { id: 'CWE-285', name: 'Improper Authorization', status: 'Draft' }, + { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, + { id: 'CWE-287', name: 'Improper Authentication', status: 'Draft' }, + { + id: 'CWE-288', + name: 'Authentication Bypass Using an Alternate Path or Channel', + status: 'Incomplete', + }, + { + id: 'CWE-289', + name: 'Authentication Bypass by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-29', + name: "Path Traversal: '\\..\\filename'", + status: 'Incomplete', + }, + { + id: 'CWE-290', + name: 'Authentication Bypass by Spoofing', + status: 'Incomplete', + }, + { + id: 'CWE-292', + name: 'Trusting Self-reported DNS Name', + status: 'Incomplete', + }, + { + id: 'CWE-293', + name: 'Using Referer Field for Authentication', + status: 'Draft', + }, + { + id: 'CWE-294', + name: 'Authentication Bypass by Capture-replay', + status: 'Incomplete', + }, + { + id: 'CWE-296', + name: 'Improper Following of Chain of Trust for Certificate Validation', + status: 'Draft', + }, + { + id: 'CWE-297', + name: 'Improper Validation of Host-specific Certificate Data', + status: 'Incomplete', + }, + { + id: 'CWE-298', + name: 'Improper Validation of Certificate Expiration', + status: 'Draft', + }, + { + id: 'CWE-299', + name: 'Improper Check for Certificate Revocation', + status: 'Draft', + }, + { + id: 'CWE-30', + name: "Path Traversal: '\\dir\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-300', + name: "Channel Accessible by Non-Endpoint ('Man-in-the-Middle')", + status: 'Draft', + }, + { + id: 'CWE-301', + name: 'Reflection Attack in an Authentication Protocol', + status: 'Draft', + }, + { + id: 'CWE-302', + name: 'Authentication Bypass by Assumed-Immutable Data', + status: 'Incomplete', + }, + { + id: 'CWE-303', + name: 'Incorrect Implementation of Authentication Algorithm', + status: 'Draft', + }, + { + id: 'CWE-304', + name: 'Missing Critical Step in Authentication', + status: 'Draft', + }, + { + id: 'CWE-305', + name: 'Authentication Bypass by Primary Weakness', + status: 'Draft', + }, + { + id: 'CWE-306', + name: 'Missing Authentication for Critical Function', + status: 'Draft', + }, + { + id: 'CWE-307', + name: 'Improper Restriction of Excessive Authentication Attempts', + status: 'Draft', + }, + { + id: 'CWE-308', + name: 'Use of Single-factor Authentication', + status: 'Draft', + }, + { + id: 'CWE-309', + name: 'Use of Password System for Primary Authentication', + status: 'Draft', + }, + { + id: 'CWE-31', + name: "Path Traversal: 'dir\\..\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-311', + name: 'Missing Encryption of Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-312', + name: 'Cleartext Storage of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-313', + name: 'Plaintext Storage in a File or on Disk', + status: 'Draft', + }, + { + id: 'CWE-314', + name: 'Plaintext Storage in the Registry', + status: 'Draft', + }, + { id: 'CWE-315', name: 'Plaintext Storage in a Cookie', status: 'Draft' }, + { id: 'CWE-316', name: 'Plaintext Storage in Memory', status: 'Draft' }, + { id: 'CWE-317', name: 'Plaintext Storage in GUI', status: 'Draft' }, + { id: 'CWE-318', name: 'Plaintext Storage in Executable', status: 'Draft' }, + { + id: 'CWE-319', + name: 'Cleartext Transmission of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-32', + name: "Path Traversal: '...' (Triple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-321', + name: 'Use of Hard-coded Cryptographic Key', + status: 'Draft', + }, + { + id: 'CWE-322', + name: 'Key Exchange without Entity Authentication', + status: 'Draft', + }, + { + id: 'CWE-323', + name: 'Reusing a Nonce, Key Pair in Encryption', + status: 'Incomplete', + }, + { + id: 'CWE-324', + name: 'Use of a Key Past its Expiration Date', + status: 'Draft', + }, + { + id: 'CWE-325', + name: 'Missing Required Cryptographic Step', + status: 'Incomplete', + }, + { id: 'CWE-326', name: 'Inadequate Encryption Strength', status: 'Draft' }, + { + id: 'CWE-327', + name: 'Use of a Broken or Risky Cryptographic Algorithm', + status: 'Draft', + }, + { id: 'CWE-328', name: 'Reversible One-Way Hash', status: 'Draft' }, + { + id: 'CWE-329', + name: 'Not Using a Random IV with CBC Mode', + status: 'Draft', + }, + { + id: 'CWE-33', + name: "Path Traversal: '....' (Multiple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-330', + name: 'Use of Insufficiently Random Values', + status: 'Usable', + }, + { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, + { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, + { + id: 'CWE-333', + name: 'Improper Handling of Insufficient Entropy in TRNG', + status: 'Draft', + }, + { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, + { id: 'CWE-335', name: 'PRNG Seed Error', status: 'Draft' }, + { id: 'CWE-336', name: 'Same Seed in PRNG', status: 'Draft' }, + { id: 'CWE-337', name: 'Predictable Seed in PRNG', status: 'Draft' }, + { + id: 'CWE-338', + name: 'Use of Cryptographically Weak PRNG', + status: 'Draft', + }, + { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, + { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, + { id: 'CWE-340', name: 'Predictability Problems', status: 'Incomplete' }, + { + id: 'CWE-341', + name: 'Predictable from Observable State', + status: 'Draft', + }, + { + id: 'CWE-342', + name: 'Predictable Exact Value from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-343', + name: 'Predictable Value Range from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-344', + name: 'Use of Invariant Value in Dynamically Changing Context', + status: 'Draft', + }, + { + id: 'CWE-345', + name: 'Insufficient Verification of Data Authenticity', + status: 'Draft', + }, + { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, + { + id: 'CWE-347', + name: 'Improper Verification of Cryptographic Signature', + status: 'Draft', + }, + { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, + { + id: 'CWE-349', + name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', + status: 'Draft', + }, + { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, + { id: 'CWE-350', name: 'Improperly Trusted Reverse DNS', status: 'Draft' }, + { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, + { + id: 'CWE-353', + name: 'Missing Support for Integrity Check', + status: 'Draft', + }, + { + id: 'CWE-354', + name: 'Improper Validation of Integrity Check Value', + status: 'Draft', + }, + { + id: 'CWE-356', + name: 'Product UI does not Warn User of Unsafe Actions', + status: 'Incomplete', + }, + { + id: 'CWE-357', + name: 'Insufficient UI Warning of Dangerous Operations', + status: 'Draft', + }, + { + id: 'CWE-358', + name: 'Improperly Implemented Security Check for Standard', + status: 'Draft', + }, + { id: 'CWE-359', name: 'Privacy Violation', status: 'Incomplete' }, + { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, + { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, + { + id: 'CWE-362', + name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", + status: 'Draft', + }, + { + id: 'CWE-363', + name: 'Race Condition Enabling Link Following', + status: 'Draft', + }, + { + id: 'CWE-364', + name: 'Signal Handler Race Condition', + status: 'Incomplete', + }, + { id: 'CWE-365', name: 'Race Condition in Switch', status: 'Draft' }, + { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, + { + id: 'CWE-367', + name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', + status: 'Incomplete', + }, + { + id: 'CWE-368', + name: 'Context Switching Race Condition', + status: 'Draft', + }, + { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, + { + id: 'CWE-37', + name: "Path Traversal: '/absolute/pathname/here'", + status: 'Draft', + }, + { + id: 'CWE-370', + name: 'Missing Check for Certificate Revocation after Initial Check', + status: 'Draft', + }, + { + id: 'CWE-372', + name: 'Incomplete Internal State Distinction', + status: 'Draft', + }, + { + id: 'CWE-373', + name: 'DEPRECATED: State Synchronization Error', + status: 'Deprecated', + }, + { + id: 'CWE-374', + name: 'Passing Mutable Objects to an Untrusted Method', + status: 'Draft', + }, + { + id: 'CWE-375', + name: 'Returning a Mutable Object to an Untrusted Caller', + status: 'Draft', + }, + { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, + { + id: 'CWE-378', + name: 'Creation of Temporary File With Insecure Permissions', + status: 'Draft', + }, + { + id: 'CWE-379', + name: 'Creation of Temporary File in Directory with Incorrect Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-38', + name: "Path Traversal: '\\absolute\\pathname\\here'", + status: 'Draft', + }, + { + id: 'CWE-382', + name: 'J2EE Bad Practices: Use of System.exit()', + status: 'Draft', + }, + { + id: 'CWE-383', + name: 'J2EE Bad Practices: Direct Use of Threads', + status: 'Draft', + }, + { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, + { + id: 'CWE-386', + name: 'Symbolic Name not Mapping to Correct Object', + status: 'Draft', + }, + { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, + { + id: 'CWE-390', + name: 'Detection of Error Condition Without Action', + status: 'Draft', + }, + { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, + { + id: 'CWE-392', + name: 'Missing Report of Error Condition', + status: 'Draft', + }, + { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, + { + id: 'CWE-394', + name: 'Unexpected Status Code or Return Value', + status: 'Draft', + }, + { + id: 'CWE-395', + name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', + status: 'Draft', + }, + { + id: 'CWE-396', + name: 'Declaration of Catch for Generic Exception', + status: 'Draft', + }, + { + id: 'CWE-397', + name: 'Declaration of Throws for Generic Exception', + status: 'Draft', + }, + { id: 'CWE-398', name: 'Indicator of Poor Code Quality', status: 'Draft' }, + { + id: 'CWE-40', + name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", + status: 'Draft', + }, + { + id: 'CWE-400', + name: "Uncontrolled Resource Consumption ('Resource Exhaustion')", + status: 'Incomplete', + }, + { + id: 'CWE-401', + name: "Improper Release of Memory Before Removing Last Reference ('Memory Leak')", + status: 'Draft', + }, + { + id: 'CWE-402', + name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", + status: 'Draft', + }, + { + id: 'CWE-403', + name: 'Exposure of File Descriptor to Unintended Control Sphere', + status: 'Draft', + }, + { + id: 'CWE-404', + name: 'Improper Resource Shutdown or Release', + status: 'Draft', + }, + { + id: 'CWE-405', + name: 'Asymmetric Resource Consumption (Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-406', + name: 'Insufficient Control of Network Message Volume (Network Amplification)', + status: 'Incomplete', + }, + { id: 'CWE-407', name: 'Algorithmic Complexity', status: 'Incomplete' }, + { + id: 'CWE-408', + name: 'Incorrect Behavior Order: Early Amplification', + status: 'Draft', + }, + { + id: 'CWE-409', + name: 'Improper Handling of Highly Compressed Data (Data Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-41', + name: 'Improper Resolution of Path Equivalence', + status: 'Incomplete', + }, + { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, + { + id: 'CWE-412', + name: 'Unrestricted Externally Accessible Lock', + status: 'Incomplete', + }, + { id: 'CWE-413', name: 'Improper Resource Locking', status: 'Draft' }, + { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, + { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, + { id: 'CWE-416', name: 'Use After Free', status: 'Draft' }, + { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, + { + id: 'CWE-42', + name: "Path Equivalence: 'filename.' (Trailing Dot)", + status: 'Incomplete', + }, + { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, + { + id: 'CWE-421', + name: 'Race Condition During Access to Alternate Channel', + status: 'Draft', + }, + { + id: 'CWE-422', + name: "Unprotected Windows Messaging Channel ('Shatter')", + status: 'Draft', + }, + { + id: 'CWE-423', + name: 'DEPRECATED (Duplicate): Proxied Trusted Channel', + status: 'Deprecated', + }, + { + id: 'CWE-424', + name: 'Improper Protection of Alternate Path', + status: 'Draft', + }, + { + id: 'CWE-425', + name: "Direct Request ('Forced Browsing')", + status: 'Incomplete', + }, + { + id: 'CWE-427', + name: 'Uncontrolled Search Path Element', + status: 'Draft', + }, + { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, + { + id: 'CWE-43', + name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-430', + name: 'Deployment of Wrong Handler', + status: 'Incomplete', + }, + { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, + { + id: 'CWE-432', + name: 'Dangerous Signal Handler not Disabled During Sensitive Operations', + status: 'Draft', + }, + { + id: 'CWE-433', + name: 'Unparsed Raw Web Content Delivery', + status: 'Incomplete', + }, + { + id: 'CWE-434', + name: 'Unrestricted Upload of File with Dangerous Type', + status: 'Draft', + }, + { id: 'CWE-435', name: 'Interaction Error', status: 'Draft' }, + { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, + { + id: 'CWE-437', + name: 'Incomplete Model of Endpoint Features', + status: 'Incomplete', + }, + { + id: 'CWE-439', + name: 'Behavioral Change in New Version or Environment', + status: 'Draft', + }, + { + id: 'CWE-44', + name: "Path Equivalence: 'file.name' (Internal Dot)", + status: 'Incomplete', + }, + { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, + { id: 'CWE-441', name: 'Unintended Proxy/Intermediary', status: 'Draft' }, + { + id: 'CWE-443', + name: 'DEPRECATED (Duplicate): HTTP response splitting', + status: 'Deprecated', + }, + { + id: 'CWE-444', + name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')", + status: 'Incomplete', + }, + { + id: 'CWE-446', + name: 'UI Discrepancy for Security Feature', + status: 'Incomplete', + }, + { + id: 'CWE-447', + name: 'Unimplemented or Unsupported Feature in UI', + status: 'Draft', + }, + { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, + { + id: 'CWE-449', + name: 'The UI Performs the Wrong Action', + status: 'Incomplete', + }, + { + id: 'CWE-45', + name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-450', + name: 'Multiple Interpretations of UI Input', + status: 'Draft', + }, + { + id: 'CWE-451', + name: 'UI Misrepresentation of Critical Information', + status: 'Draft', + }, + { + id: 'CWE-453', + name: 'Insecure Default Variable Initialization', + status: 'Draft', + }, + { + id: 'CWE-454', + name: 'External Initialization of Trusted Variables or Data Stores', + status: 'Draft', + }, + { + id: 'CWE-455', + name: 'Non-exit on Failed Initialization', + status: 'Draft', + }, + { id: 'CWE-456', name: 'Missing Initialization', status: 'Draft' }, + { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, + { + id: 'CWE-458', + name: 'DEPRECATED: Incorrect Initialization', + status: 'Deprecated', + }, + { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, + { + id: 'CWE-46', + name: "Path Equivalence: 'filename ' (Trailing Space)", + status: 'Incomplete', + }, + { + id: 'CWE-460', + name: 'Improper Cleanup on Thrown Exception', + status: 'Draft', + }, + { + id: 'CWE-462', + name: 'Duplicate Key in Associative List (Alist)', + status: 'Incomplete', + }, + { + id: 'CWE-463', + name: 'Deletion of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-464', + name: 'Addition of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-466', + name: 'Return of Pointer Value Outside of Expected Range', + status: 'Draft', + }, + { + id: 'CWE-467', + name: 'Use of sizeof() on a Pointer Type', + status: 'Draft', + }, + { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, + { + id: 'CWE-469', + name: 'Use of Pointer Subtraction to Determine Size', + status: 'Draft', + }, + { + id: 'CWE-47', + name: "Path Equivalence: ' filename' (Leading Space)", + status: 'Incomplete', + }, + { + id: 'CWE-470', + name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", + status: 'Draft', + }, + { + id: 'CWE-471', + name: 'Modification of Assumed-Immutable Data (MAID)', + status: 'Draft', + }, + { + id: 'CWE-472', + name: 'External Control of Assumed-Immutable Web Parameter', + status: 'Draft', + }, + { + id: 'CWE-473', + name: 'PHP External Variable Modification', + status: 'Draft', + }, + { + id: 'CWE-474', + name: 'Use of Function with Inconsistent Implementations', + status: 'Draft', + }, + { + id: 'CWE-475', + name: 'Undefined Behavior for Input to API', + status: 'Incomplete', + }, + { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Draft' }, + { id: 'CWE-477', name: 'Use of Obsolete Functions', status: 'Draft' }, + { + id: 'CWE-478', + name: 'Missing Default Case in Switch Statement', + status: 'Draft', + }, + { + id: 'CWE-479', + name: 'Signal Handler Use of a Non-reentrant Function', + status: 'Draft', + }, + { + id: 'CWE-48', + name: "Path Equivalence: 'file name' (Internal Whitespace)", + status: 'Incomplete', + }, + { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, + { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, + { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, + { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, + { + id: 'CWE-484', + name: 'Omitted Break Statement in Switch', + status: 'Draft', + }, + { id: 'CWE-485', name: 'Insufficient Encapsulation', status: 'Draft' }, + { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, + { + id: 'CWE-487', + name: 'Reliance on Package-level Scope', + status: 'Incomplete', + }, + { + id: 'CWE-488', + name: 'Exposure of Data Element to Wrong Session', + status: 'Draft', + }, + { id: 'CWE-489', name: 'Leftover Debug Code', status: 'Draft' }, + { + id: 'CWE-49', + name: "Path Equivalence: 'filename/' (Trailing Slash)", + status: 'Incomplete', + }, + { + id: 'CWE-491', + name: "Public cloneable() Method Without Final ('Object Hijack')", + status: 'Draft', + }, + { + id: 'CWE-492', + name: 'Use of Inner Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-493', + name: 'Critical Public Variable Without Final Modifier', + status: 'Draft', + }, + { + id: 'CWE-494', + name: 'Download of Code Without Integrity Check', + status: 'Draft', + }, + { + id: 'CWE-495', + name: 'Private Array-Typed Field Returned From A Public Method', + status: 'Draft', + }, + { + id: 'CWE-496', + name: 'Public Data Assigned to Private Array-Typed Field', + status: 'Incomplete', + }, + { + id: 'CWE-497', + name: 'Exposure of System Data to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-498', + name: 'Cloneable Class Containing Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-499', + name: 'Serializable Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-5', + name: 'J2EE Misconfiguration: Data Transmission Without Encryption', + status: 'Draft', + }, + { + id: 'CWE-50', + name: "Path Equivalence: '//multiple/leading/slash'", + status: 'Incomplete', + }, + { + id: 'CWE-500', + name: 'Public Static Field Not Marked Final', + status: 'Draft', + }, + { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, + { + id: 'CWE-502', + name: 'Deserialization of Untrusted Data', + status: 'Draft', + }, + { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, + { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, + { + id: 'CWE-508', + name: 'Non-Replicating Malicious Code', + status: 'Incomplete', + }, + { + id: 'CWE-509', + name: 'Replicating Malicious Code (Virus or Worm)', + status: 'Incomplete', + }, + { + id: 'CWE-51', + name: "Path Equivalence: '/multiple//internal/slash'", + status: 'Incomplete', + }, + { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, + { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, + { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, + { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, + { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, + { + id: 'CWE-516', + name: 'DEPRECATED (Duplicate): Covert Timing Channel', + status: 'Deprecated', + }, + { + id: 'CWE-52', + name: "Path Equivalence: '/multiple/trailing/slash//'", + status: 'Incomplete', + }, + { + id: 'CWE-520', + name: '.NET Misconfiguration: Use of Impersonation', + status: 'Incomplete', + }, + { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, + { + id: 'CWE-522', + name: 'Insufficiently Protected Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-523', + name: 'Unprotected Transport of Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-524', + name: 'Information Exposure Through Caching', + status: 'Incomplete', + }, + { + id: 'CWE-525', + name: 'Information Exposure Through Browser Caching', + status: 'Incomplete', + }, + { + id: 'CWE-526', + name: 'Information Exposure Through Environmental Variables', + status: 'Incomplete', + }, + { + id: 'CWE-527', + name: 'Exposure of CVS Repository to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-528', + name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', + status: 'Draft', + }, + { + id: 'CWE-529', + name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-53', + name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", + status: 'Incomplete', + }, + { + id: 'CWE-530', + name: 'Exposure of Backup File to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-531', + name: 'Information Exposure Through Test Code', + status: 'Incomplete', + }, + { + id: 'CWE-532', + name: 'Information Exposure Through Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-533', + name: 'Information Exposure Through Server Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-534', + name: 'Information Exposure Through Debug Log Files', + status: 'Draft', + }, + { + id: 'CWE-535', + name: 'Information Exposure Through Shell Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-536', + name: 'Information Exposure Through Servlet Runtime Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-537', + name: 'Information Exposure Through Java Runtime Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-538', + name: 'File and Directory Information Exposure', + status: 'Draft', + }, + { + id: 'CWE-539', + name: 'Information Exposure Through Persistent Cookies', + status: 'Incomplete', + }, + { + id: 'CWE-54', + name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", + status: 'Incomplete', + }, + { + id: 'CWE-540', + name: 'Information Exposure Through Source Code', + status: 'Incomplete', + }, + { + id: 'CWE-541', + name: 'Information Exposure Through Include Source Code', + status: 'Incomplete', + }, + { + id: 'CWE-542', + name: 'Information Exposure Through Cleanup Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-543', + name: 'Use of Singleton Pattern Without Synchronization in a Multithreaded Context', + status: 'Incomplete', + }, + { + id: 'CWE-544', + name: 'Missing Standardized Error Handling Mechanism', + status: 'Draft', + }, + { + id: 'CWE-545', + name: 'Use of Dynamic Class Loading', + status: 'Incomplete', + }, + { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, + { + id: 'CWE-547', + name: 'Use of Hard-coded, Security-relevant Constants', + status: 'Draft', + }, + { + id: 'CWE-548', + name: 'Information Exposure Through Directory Listing', + status: 'Draft', + }, + { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, + { + id: 'CWE-55', + name: "Path Equivalence: '/./' (Single Dot Directory)", + status: 'Incomplete', + }, + { + id: 'CWE-550', + name: 'Information Exposure Through Server Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-551', + name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', + status: 'Incomplete', + }, + { + id: 'CWE-552', + name: 'Files or Directories Accessible to External Parties', + status: 'Draft', + }, + { + id: 'CWE-553', + name: 'Command Shell in Externally Accessible Directory', + status: 'Incomplete', + }, + { + id: 'CWE-554', + name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', + status: 'Draft', + }, + { + id: 'CWE-555', + name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-556', + name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', + status: 'Incomplete', + }, + { + id: 'CWE-558', + name: 'Use of getlogin() in Multithreaded Application', + status: 'Draft', + }, + { + id: 'CWE-56', + name: "Path Equivalence: 'filedir*' (Wildcard)", + status: 'Incomplete', + }, + { + id: 'CWE-560', + name: 'Use of umask() with chmod-style Argument', + status: 'Draft', + }, + { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, + { + id: 'CWE-562', + name: 'Return of Stack Variable Address', + status: 'Draft', + }, + { id: 'CWE-563', name: 'Unused Variable', status: 'Draft' }, + { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, + { + id: 'CWE-565', + name: 'Reliance on Cookies without Validation and Integrity Checking', + status: 'Incomplete', + }, + { + id: 'CWE-566', + name: 'Authorization Bypass Through User-Controlled SQL Primary Key', + status: 'Incomplete', + }, + { + id: 'CWE-567', + name: 'Unsynchronized Access to Shared Data in a Multithreaded Context', + status: 'Draft', + }, + { + id: 'CWE-568', + name: 'finalize() Method Without super.finalize()', + status: 'Draft', + }, + { + id: 'CWE-57', + name: "Path Equivalence: 'fakedir/../realdir/filename'", + status: 'Incomplete', + }, + { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, + { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, + { + id: 'CWE-572', + name: 'Call to Thread run() instead of start()', + status: 'Draft', + }, + { + id: 'CWE-573', + name: 'Improper Following of Specification by Caller', + status: 'Draft', + }, + { + id: 'CWE-574', + name: 'EJB Bad Practices: Use of Synchronization Primitives', + status: 'Draft', + }, + { + id: 'CWE-575', + name: 'EJB Bad Practices: Use of AWT Swing', + status: 'Draft', + }, + { + id: 'CWE-576', + name: 'EJB Bad Practices: Use of Java I/O', + status: 'Draft', + }, + { + id: 'CWE-577', + name: 'EJB Bad Practices: Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-578', + name: 'EJB Bad Practices: Use of Class Loader', + status: 'Draft', + }, + { + id: 'CWE-579', + name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', + status: 'Draft', + }, + { + id: 'CWE-58', + name: 'Path Equivalence: Windows 8.3 Filename', + status: 'Incomplete', + }, + { + id: 'CWE-580', + name: 'clone() Method Without super.clone()', + status: 'Draft', + }, + { + id: 'CWE-581', + name: 'Object Model Violation: Just One of Equals and Hashcode Defined', + status: 'Draft', + }, + { + id: 'CWE-582', + name: 'Array Declared Public, Final, and Static', + status: 'Draft', + }, + { + id: 'CWE-583', + name: 'finalize() Method Declared Public', + status: 'Incomplete', + }, + { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, + { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, + { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, + { + id: 'CWE-587', + name: 'Assignment of a Fixed Address to a Pointer', + status: 'Draft', + }, + { + id: 'CWE-588', + name: 'Attempt to Access Child of a Non-structure Pointer', + status: 'Incomplete', + }, + { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, + { + id: 'CWE-59', + name: "Improper Link Resolution Before File Access ('Link Following')", + status: 'Draft', + }, + { + id: 'CWE-590', + name: 'Free of Memory not on the Heap', + status: 'Incomplete', + }, + { + id: 'CWE-591', + name: 'Sensitive Data Storage in Improperly Locked Memory', + status: 'Draft', + }, + { + id: 'CWE-592', + name: 'Authentication Bypass Issues', + status: 'Incomplete', + }, + { + id: 'CWE-593', + name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', + status: 'Draft', + }, + { + id: 'CWE-594', + name: 'J2EE Framework: Saving Unserializable Objects to Disk', + status: 'Incomplete', + }, + { + id: 'CWE-595', + name: 'Comparison of Object References Instead of Object Contents', + status: 'Incomplete', + }, + { + id: 'CWE-596', + name: 'Incorrect Semantic Object Comparison', + status: 'Incomplete', + }, + { + id: 'CWE-597', + name: 'Use of Wrong Operator in String Comparison', + status: 'Draft', + }, + { + id: 'CWE-598', + name: 'Information Exposure Through Query Strings in GET Request', + status: 'Draft', + }, + { + id: 'CWE-599', + name: 'Trust of OpenSSL Certificate Without Validation', + status: 'Incomplete', + }, + { + id: 'CWE-6', + name: 'J2EE Misconfiguration: Insufficient Session-ID Length', + status: 'Incomplete', + }, + { id: 'CWE-600', name: 'Uncaught Exception in Servlet ', status: 'Draft' }, + { + id: 'CWE-601', + name: "URL Redirection to Untrusted Site ('Open Redirect')", + status: 'Draft', + }, + { + id: 'CWE-602', + name: 'Client-Side Enforcement of Server-Side Security', + status: 'Draft', + }, + { + id: 'CWE-603', + name: 'Use of Client-Side Authentication', + status: 'Draft', + }, + { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, + { + id: 'CWE-606', + name: 'Unchecked Input for Loop Condition', + status: 'Draft', + }, + { + id: 'CWE-607', + name: 'Public Static Final Field References Mutable Object', + status: 'Draft', + }, + { + id: 'CWE-608', + name: 'Struts: Non-private Field in ActionForm Class', + status: 'Draft', + }, + { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, + { + id: 'CWE-610', + name: 'Externally Controlled Reference to a Resource in Another Sphere', + status: 'Draft', + }, + { + id: 'CWE-611', + name: 'Information Exposure Through XML External Entity Reference', + status: 'Draft', + }, + { + id: 'CWE-612', + name: 'Information Exposure Through Indexing of Private Data', + status: 'Draft', + }, + { + id: 'CWE-613', + name: 'Insufficient Session Expiration', + status: 'Incomplete', + }, + { + id: 'CWE-614', + name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", + status: 'Draft', + }, + { + id: 'CWE-615', + name: 'Information Exposure Through Comments', + status: 'Incomplete', + }, + { + id: 'CWE-616', + name: 'Incomplete Identification of Uploaded File Variables (PHP)', + status: 'Incomplete', + }, + { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, + { + id: 'CWE-618', + name: 'Exposed Unsafe ActiveX Method', + status: 'Incomplete', + }, + { + id: 'CWE-619', + name: "Dangling Database Cursor ('Cursor Injection')", + status: 'Incomplete', + }, + { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, + { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, + { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, + { + id: 'CWE-622', + name: 'Unvalidated Function Hook Arguments', + status: 'Draft', + }, + { + id: 'CWE-623', + name: 'Unsafe ActiveX Control Marked Safe For Scripting', + status: 'Draft', + }, + { + id: 'CWE-624', + name: 'Executable Regular Expression Error', + status: 'Incomplete', + }, + { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, + { + id: 'CWE-626', + name: 'Null Byte Interaction Error (Poison Null Byte)', + status: 'Draft', + }, + { + id: 'CWE-627', + name: 'Dynamic Variable Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-628', + name: 'Function Call with Incorrectly Specified Arguments', + status: 'Draft', + }, + { + id: 'CWE-636', + name: "Not Failing Securely ('Failing Open')", + status: 'Draft', + }, + { + id: 'CWE-637', + name: "Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')", + status: 'Draft', + }, + { id: 'CWE-638', name: 'Not Using Complete Mediation', status: 'Draft' }, + { + id: 'CWE-639', + name: 'Authorization Bypass Through User-Controlled Key', + status: 'Incomplete', + }, + { + id: 'CWE-64', + name: 'Windows Shortcut Following (.LNK)', + status: 'Incomplete', + }, + { + id: 'CWE-640', + name: 'Weak Password Recovery Mechanism for Forgotten Password', + status: 'Incomplete', + }, + { + id: 'CWE-641', + name: 'Improper Restriction of Names for Files and Other Resources', + status: 'Incomplete', + }, + { + id: 'CWE-642', + name: 'External Control of Critical State Data', + status: 'Draft', + }, + { + id: 'CWE-643', + name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-644', + name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', + status: 'Incomplete', + }, + { + id: 'CWE-645', + name: 'Overly Restrictive Account Lockout Mechanism', + status: 'Incomplete', + }, + { + id: 'CWE-646', + name: 'Reliance on File Name or Extension of Externally-Supplied File', + status: 'Incomplete', + }, + { + id: 'CWE-647', + name: 'Use of Non-Canonical URL Paths for Authorization Decisions', + status: 'Incomplete', + }, + { + id: 'CWE-648', + name: 'Incorrect Use of Privileged APIs', + status: 'Incomplete', + }, + { + id: 'CWE-649', + name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', + status: 'Incomplete', + }, + { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, + { + id: 'CWE-650', + name: 'Trusting HTTP Permission Methods on the Server Side', + status: 'Incomplete', + }, + { + id: 'CWE-651', + name: 'Information Exposure Through WSDL File', + status: 'Incomplete', + }, + { + id: 'CWE-652', + name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-653', + name: 'Insufficient Compartmentalization', + status: 'Draft', + }, + { + id: 'CWE-654', + name: 'Reliance on a Single Factor in a Security Decision', + status: 'Draft', + }, + { + id: 'CWE-655', + name: 'Insufficient Psychological Acceptability', + status: 'Draft', + }, + { + id: 'CWE-656', + name: 'Reliance on Security Through Obscurity', + status: 'Draft', + }, + { + id: 'CWE-657', + name: 'Violation of Secure Design Principles', + status: 'Draft', + }, + { + id: 'CWE-66', + name: 'Improper Handling of File Names that Identify Virtual Resources', + status: 'Draft', + }, + { id: 'CWE-662', name: 'Improper Synchronization', status: 'Draft' }, + { + id: 'CWE-663', + name: 'Use of a Non-reentrant Function in a Concurrent Context', + status: 'Draft', + }, + { + id: 'CWE-664', + name: 'Improper Control of a Resource Through its Lifetime', + status: 'Draft', + }, + { id: 'CWE-665', name: 'Improper Initialization', status: 'Draft' }, + { + id: 'CWE-666', + name: 'Operation on Resource in Wrong Phase of Lifetime', + status: 'Draft', + }, + { id: 'CWE-667', name: 'Improper Locking', status: 'Draft' }, + { + id: 'CWE-668', + name: 'Exposure of Resource to Wrong Sphere', + status: 'Draft', + }, + { + id: 'CWE-669', + name: 'Incorrect Resource Transfer Between Spheres', + status: 'Draft', + }, + { + id: 'CWE-67', + name: 'Improper Handling of Windows Device Names', + status: 'Incomplete', + }, + { + id: 'CWE-670', + name: 'Always-Incorrect Control Flow Implementation', + status: 'Draft', + }, + { + id: 'CWE-671', + name: 'Lack of Administrator Control over Security', + status: 'Draft', + }, + { + id: 'CWE-672', + name: 'Operation on a Resource after Expiration or Release', + status: 'Draft', + }, + { + id: 'CWE-673', + name: 'External Influence of Sphere Definition', + status: 'Draft', + }, + { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, + { + id: 'CWE-675', + name: 'Duplicate Operations on Resource', + status: 'Draft', + }, + { + id: 'CWE-676', + name: 'Use of Potentially Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-681', + name: 'Incorrect Conversion between Numeric Types', + status: 'Draft', + }, + { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, + { + id: 'CWE-683', + name: 'Function Call With Incorrect Order of Arguments', + status: 'Draft', + }, + { + id: 'CWE-684', + name: 'Incorrect Provision of Specified Functionality', + status: 'Draft', + }, + { + id: 'CWE-685', + name: 'Function Call With Incorrect Number of Arguments', + status: 'Draft', + }, + { + id: 'CWE-686', + name: 'Function Call With Incorrect Argument Type', + status: 'Draft', + }, + { + id: 'CWE-687', + name: 'Function Call With Incorrectly Specified Argument Value', + status: 'Draft', + }, + { + id: 'CWE-688', + name: 'Function Call With Incorrect Variable or Reference as Argument', + status: 'Draft', + }, + { + id: 'CWE-69', + name: 'Improper Handling of Windows ::DATA Alternate Data Stream', + status: 'Incomplete', + }, + { + id: 'CWE-691', + name: 'Insufficient Control Flow Management', + status: 'Draft', + }, + { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, + { + id: 'CWE-694', + name: 'Use of Multiple Resources with Duplicate Identifier', + status: 'Incomplete', + }, + { + id: 'CWE-695', + name: 'Use of Low-Level Functionality', + status: 'Incomplete', + }, + { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, + { id: 'CWE-697', name: 'Insufficient Comparison', status: 'Incomplete' }, + { id: 'CWE-698', name: 'Redirect Without Exit', status: 'Incomplete' }, + { + id: 'CWE-7', + name: 'J2EE Misconfiguration: Missing Custom Error Page', + status: 'Incomplete', + }, + { + id: 'CWE-703', + name: 'Improper Check or Handling of Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-704', + name: 'Incorrect Type Conversion or Cast', + status: 'Incomplete', + }, + { + id: 'CWE-705', + name: 'Incorrect Control Flow Scoping', + status: 'Incomplete', + }, + { + id: 'CWE-706', + name: 'Use of Incorrectly-Resolved Name or Reference', + status: 'Incomplete', + }, + { + id: 'CWE-707', + name: 'Improper Enforcement of Message or Data Structure', + status: 'Incomplete', + }, + { + id: 'CWE-708', + name: 'Incorrect Ownership Assignment', + status: 'Incomplete', + }, + { id: 'CWE-71', name: "Apple '.DS_Store'", status: 'Incomplete' }, + { id: 'CWE-710', name: 'Coding Standards Violation', status: 'Incomplete' }, + { + id: 'CWE-72', + name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', + status: 'Incomplete', + }, + { + id: 'CWE-73', + name: 'External Control of File Name or Path', + status: 'Draft', + }, + { + id: 'CWE-732', + name: 'Incorrect Permission Assignment for Critical Resource', + status: 'Draft', + }, + { + id: 'CWE-733', + name: 'Compiler Optimization Removal or Modification of Security-critical Code', + status: 'Incomplete', + }, + { + id: 'CWE-74', + name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-749', + name: 'Exposed Dangerous Method or Function', + status: 'Incomplete', + }, + { + id: 'CWE-75', + name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', + status: 'Draft', + }, + { + id: 'CWE-754', + name: 'Improper Check for Unusual or Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-755', + name: 'Improper Handling of Exceptional Conditions', + status: 'Incomplete', + }, + { id: 'CWE-756', name: 'Missing Custom Error Page', status: 'Incomplete' }, + { + id: 'CWE-757', + name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", + status: 'Incomplete', + }, + { + id: 'CWE-758', + name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', + status: 'Incomplete', + }, + { + id: 'CWE-759', + name: 'Use of a One-Way Hash without a Salt', + status: 'Incomplete', + }, + { + id: 'CWE-76', + name: 'Improper Neutralization of Equivalent Special Elements', + status: 'Draft', + }, + { + id: 'CWE-760', + name: 'Use of a One-Way Hash with a Predictable Salt', + status: 'Incomplete', + }, + { + id: 'CWE-761', + name: 'Free of Pointer not at Start of Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-762', + name: 'Mismatched Memory Management Routines', + status: 'Incomplete', + }, + { + id: 'CWE-763', + name: 'Release of Invalid Pointer or Reference', + status: 'Incomplete', + }, + { + id: 'CWE-764', + name: 'Multiple Locks of a Critical Resource', + status: 'Incomplete', + }, + { + id: 'CWE-765', + name: 'Multiple Unlocks of a Critical Resource', + status: 'Incomplete', + }, + { + id: 'CWE-766', + name: 'Critical Variable Declared Public', + status: 'Incomplete', + }, + { + id: 'CWE-767', + name: 'Access to Critical Private Variable via Public Method', + status: 'Incomplete', + }, + { + id: 'CWE-768', + name: 'Incorrect Short Circuit Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-77', + name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", + status: 'Draft', + }, + { + id: 'CWE-770', + name: 'Allocation of Resources Without Limits or Throttling', + status: 'Incomplete', + }, + { + id: 'CWE-771', + name: 'Missing Reference to Active Allocated Resource', + status: 'Incomplete', + }, + { + id: 'CWE-772', + name: 'Missing Release of Resource after Effective Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-773', + name: 'Missing Reference to Active File Descriptor or Handle', + status: 'Incomplete', + }, + { + id: 'CWE-774', + name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', + status: 'Incomplete', + }, + { + id: 'CWE-775', + name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-776', + name: "Unrestricted Recursive Entity References in DTDs ('XML Bomb')", + status: 'Draft', + }, + { + id: 'CWE-777', + name: 'Regular Expression without Anchors', + status: 'Incomplete', + }, + { id: 'CWE-778', name: 'Insufficient Logging', status: 'Draft' }, + { id: 'CWE-779', name: 'Logging of Excessive Data', status: 'Draft' }, + { + id: 'CWE-78', + name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", + status: 'Draft', + }, + { + id: 'CWE-780', + name: 'Use of RSA Algorithm without OAEP', + status: 'Incomplete', + }, + { + id: 'CWE-781', + name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', + status: 'Draft', + }, + { + id: 'CWE-782', + name: 'Exposed IOCTL with Insufficient Access Control', + status: 'Draft', + }, + { id: 'CWE-783', name: 'Operator Precedence Logic Error', status: 'Draft' }, + { + id: 'CWE-784', + name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', + status: 'Draft', + }, + { + id: 'CWE-785', + name: 'Use of Path Manipulation Function without Maximum-sized Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-786', + name: 'Access of Memory Location Before Start of Buffer', + status: 'Incomplete', + }, + { id: 'CWE-787', name: 'Out-of-bounds Write', status: 'Incomplete' }, + { + id: 'CWE-788', + name: 'Access of Memory Location After End of Buffer', + status: 'Incomplete', + }, + { id: 'CWE-789', name: 'Uncontrolled Memory Allocation', status: 'Draft' }, + { + id: 'CWE-79', + name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + status: 'Usable', + }, + { + id: 'CWE-790', + name: 'Improper Filtering of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-791', + name: 'Incomplete Filtering of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-792', + name: 'Incomplete Filtering of One or More Instances of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-793', + name: 'Only Filtering One Instance of a Special Element', + status: 'Incomplete', + }, + { + id: 'CWE-794', + name: 'Incomplete Filtering of Multiple Instances of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-795', + name: 'Only Filtering Special Elements at a Specified Location', + status: 'Incomplete', + }, + { + id: 'CWE-796', + name: 'Only Filtering Special Elements Relative to a Marker', + status: 'Incomplete', + }, + { + id: 'CWE-797', + name: 'Only Filtering Special Elements at an Absolute Position', + status: 'Incomplete', + }, + { + id: 'CWE-798', + name: 'Use of Hard-coded Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-799', + name: 'Improper Control of Interaction Frequency', + status: 'Incomplete', + }, + { + id: 'CWE-8', + name: 'J2EE Misconfiguration: Entity Bean Declared Remote', + status: 'Incomplete', + }, + { + id: 'CWE-80', + name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', + status: 'Incomplete', + }, + { id: 'CWE-804', name: 'Guessable CAPTCHA', status: 'Incomplete' }, + { + id: 'CWE-805', + name: 'Buffer Access with Incorrect Length Value', + status: 'Incomplete', + }, + { + id: 'CWE-806', + name: 'Buffer Access Using Size of Source Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-807', + name: 'Reliance on Untrusted Inputs in a Security Decision', + status: 'Incomplete', + }, + { + id: 'CWE-81', + name: 'Improper Neutralization of Script in an Error Message Web Page', + status: 'Incomplete', + }, + { + id: 'CWE-82', + name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', + status: 'Incomplete', + }, + { id: 'CWE-820', name: 'Missing Synchronization', status: 'Incomplete' }, + { id: 'CWE-821', name: 'Incorrect Synchronization', status: 'Incomplete' }, + { + id: 'CWE-822', + name: 'Untrusted Pointer Dereference', + status: 'Incomplete', + }, + { + id: 'CWE-823', + name: 'Use of Out-of-range Pointer Offset', + status: 'Incomplete', + }, + { + id: 'CWE-824', + name: 'Access of Uninitialized Pointer', + status: 'Incomplete', + }, + { + id: 'CWE-825', + name: 'Expired Pointer Dereference', + status: 'Incomplete', + }, + { + id: 'CWE-826', + name: 'Premature Release of Resource During Expected Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-827', + name: 'Improper Control of Document Type Definition', + status: 'Incomplete', + }, + { + id: 'CWE-828', + name: 'Signal Handler with Functionality that is not Asynchronous-Safe', + status: 'Incomplete', + }, + { + id: 'CWE-829', + name: 'Inclusion of Functionality from Untrusted Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-83', + name: 'Improper Neutralization of Script in Attributes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-830', + name: 'Inclusion of Web Functionality from an Untrusted Source', + status: 'Incomplete', + }, + { + id: 'CWE-831', + name: 'Signal Handler Function Associated with Multiple Signals', + status: 'Incomplete', + }, + { + id: 'CWE-832', + name: 'Unlock of a Resource that is not Locked', + status: 'Incomplete', + }, + { id: 'CWE-833', name: 'Deadlock', status: 'Incomplete' }, + { id: 'CWE-834', name: 'Excessive Iteration', status: 'Incomplete' }, + { + id: 'CWE-835', + name: "Loop with Unreachable Exit Condition ('Infinite Loop')", + status: 'Incomplete', + }, + { + id: 'CWE-836', + name: 'Use of Password Hash Instead of Password for Authentication', + status: 'Incomplete', + }, + { + id: 'CWE-837', + name: 'Improper Enforcement of a Single, Unique Action', + status: 'Incomplete', + }, + { + id: 'CWE-838', + name: 'Inappropriate Encoding for Output Context', + status: 'Incomplete', + }, + { + id: 'CWE-839', + name: 'Numeric Range Comparison Without Minimum Check', + status: 'Incomplete', + }, + { + id: 'CWE-84', + name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-841', + name: 'Improper Enforcement of Behavioral Workflow', + status: 'Incomplete', + }, + { + id: 'CWE-842', + name: 'Placement of User into Incorrect Group', + status: 'Incomplete', + }, + { + id: 'CWE-843', + name: "Access of Resource Using Incompatible Type ('Type Confusion')", + status: 'Incomplete', + }, + { + id: 'CWE-85', + name: 'Doubled Character XSS Manipulations', + status: 'Draft', + }, + { + id: 'CWE-86', + name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', + status: 'Draft', + }, + { id: 'CWE-862', name: 'Missing Authorization', status: 'Incomplete' }, + { id: 'CWE-863', name: 'Incorrect Authorization', status: 'Incomplete' }, + { + id: 'CWE-87', + name: 'Improper Neutralization of Alternate XSS Syntax', + status: 'Draft', + }, + { + id: 'CWE-88', + name: 'Argument Injection or Modification', + status: 'Draft', + }, + { + id: 'CWE-89', + name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + status: 'Draft', + }, + { + id: 'CWE-9', + name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', + status: 'Draft', + }, + { + id: 'CWE-90', + name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", + status: 'Draft', + }, + { + id: 'CWE-91', + name: 'XML Injection (aka Blind XPath Injection)', + status: 'Draft', + }, + { + id: 'CWE-92', + name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', + status: 'Deprecated', + }, + { + id: 'CWE-93', + name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", + status: 'Draft', + }, + { + id: 'CWE-94', + name: "Improper Control of Generation of Code ('Code Injection')", + status: 'Draft', + }, + { + id: 'CWE-95', + name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-96', + name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", + status: 'Draft', + }, + { + id: 'CWE-97', + name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', + status: 'Draft', + }, + { + id: 'CWE-98', + name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP File Inclusion')", + status: 'Draft', + }, + { + id: 'CWE-99', + name: "Improper Control of Resource Identifiers ('Resource Injection')", + status: 'Draft', + }, + ], +} diff --git a/lib/cwec/1.2.js b/lib/cwec/1.2.js new file mode 100644 index 00000000..aea0b160 --- /dev/null +++ b/lib/cwec/1.2.js @@ -0,0 +1,2457 @@ +export default { + weaknesses: [ + { + id: 'CWE-100', + name: 'Technology-Specific Input Validation Problems', + status: 'Incomplete', + }, + { + id: 'CWE-102', + name: 'Struts: Duplicate Validation Forms', + status: 'Incomplete', + }, + { + id: 'CWE-103', + name: 'Struts: Incomplete validate() Method Definition', + status: 'Draft', + }, + { + id: 'CWE-104', + name: 'Struts: Form Bean Does Not Extend Validation Class', + status: 'Draft', + }, + { + id: 'CWE-105', + name: 'Struts: Form Field Without Validator', + status: 'Draft', + }, + { + id: 'CWE-106', + name: 'Struts: Plug-in Framework not in Use', + status: 'Draft', + }, + { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, + { + id: 'CWE-108', + name: 'Struts: Unvalidated Action Form', + status: 'Incomplete', + }, + { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, + { + id: 'CWE-11', + name: 'ASP.NET Misconfiguration: Creating Debug Binary', + status: 'Draft', + }, + { + id: 'CWE-110', + name: 'Struts: Validator Without Form Field', + status: 'Draft', + }, + { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, + { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, + { + id: 'CWE-113', + name: "Failure to Sanitize CRLF Sequences in HTTP Headers (aka 'HTTP Response Splitting')", + status: 'Incomplete', + }, + { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, + { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, + { + id: 'CWE-116', + name: 'Improper Encoding or Escaping of Output', + status: 'Draft', + }, + { + id: 'CWE-117', + name: 'Incorrect Output Sanitization for Logs', + status: 'Draft', + }, + { + id: 'CWE-118', + name: "Improper Access of Indexable Resource (aka 'Range Error')", + status: 'Incomplete', + }, + { + id: 'CWE-119', + name: 'Failure to Constrain Operations within the Bounds of a Memory Buffer', + status: 'Draft', + }, + { + id: 'CWE-12', + name: 'ASP.NET Misconfiguration: Missing Custom Error Handling', + status: 'Draft', + }, + { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, + { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, + { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, + { + id: 'CWE-124', + name: "Boundary Beginning Violation ('Buffer Underwrite')", + status: 'Incomplete', + }, + { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, + { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, + { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, + { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, + { id: 'CWE-129', name: 'Unchecked Array Indexing', status: 'Draft' }, + { + id: 'CWE-13', + name: 'ASP.NET Misconfiguration: Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-130', + name: 'Failure to Handle Length Parameter Inconsistency', + status: 'Incomplete', + }, + { + id: 'CWE-131', + name: 'Incorrect Calculation of Buffer Size', + status: 'Draft', + }, + { + id: 'CWE-132', + name: 'DEPRECATED (Duplicate): Miscalculated Null Termination', + status: 'Deprecated', + }, + { id: 'CWE-134', name: 'Uncontrolled Format String', status: 'Draft' }, + { + id: 'CWE-135', + name: 'Incorrect Calculation of Multi-Byte String Length', + status: 'Draft', + }, + { + id: 'CWE-138', + name: 'Failure to Sanitize Special Elements', + status: 'Draft', + }, + { + id: 'CWE-14', + name: 'Compiler Removal of Code to Clear Buffers', + status: 'Draft', + }, + { id: 'CWE-140', name: 'Failure to Sanitize Delimiters', status: 'Draft' }, + { + id: 'CWE-141', + name: 'Failure to Sanitize Parameter/Argument Delimiters', + status: 'Draft', + }, + { + id: 'CWE-142', + name: 'Failure to Sanitize Value Delimiters', + status: 'Draft', + }, + { + id: 'CWE-143', + name: 'Failure to Sanitize Record Delimiters', + status: 'Draft', + }, + { + id: 'CWE-144', + name: 'Failure to Sanitize Line Delimiters', + status: 'Draft', + }, + { + id: 'CWE-145', + name: 'Failure to Sanitize Section Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-146', + name: 'Failure to Sanitize Expression/Command Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-147', + name: 'Failure to Sanitize Input Terminators', + status: 'Draft', + }, + { + id: 'CWE-148', + name: 'Failure to Sanitize Input Leaders', + status: 'Draft', + }, + { + id: 'CWE-149', + name: 'Failure to Sanitize Quoting Syntax', + status: 'Draft', + }, + { + id: 'CWE-15', + name: 'External Control of System or Configuration Setting', + status: 'Incomplete', + }, + { + id: 'CWE-150', + name: 'Failure to Sanitize Escape, Meta, or Control Sequences', + status: 'Incomplete', + }, + { + id: 'CWE-151', + name: 'Failure to Sanitize Comment Element', + status: 'Draft', + }, + { + id: 'CWE-152', + name: 'Failure to Sanitize Macro Symbol', + status: 'Draft', + }, + { + id: 'CWE-153', + name: 'Failure to Sanitize Substitution Character', + status: 'Draft', + }, + { + id: 'CWE-154', + name: 'Failure to Sanitize Variable Name Delimiter', + status: 'Incomplete', + }, + { + id: 'CWE-155', + name: 'Failure to Sanitize Wildcard or Matching Symbol', + status: 'Draft', + }, + { id: 'CWE-156', name: 'Failure to Sanitize Whitespace', status: 'Draft' }, + { + id: 'CWE-157', + name: 'Failure to Sanitize Paired Delimiters', + status: 'Draft', + }, + { + id: 'CWE-158', + name: 'Failure to Sanitize Null Byte or NUL Character', + status: 'Incomplete', + }, + { + id: 'CWE-159', + name: 'Failure to Sanitize Special Element', + status: 'Draft', + }, + { + id: 'CWE-160', + name: 'Failure to Sanitize Leading Special Element', + status: 'Incomplete', + }, + { + id: 'CWE-161', + name: 'Failure to Sanitize Multiple Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-162', + name: 'Failure to Sanitize Trailing Special Element', + status: 'Incomplete', + }, + { + id: 'CWE-163', + name: 'Failure to Sanitize Multiple Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-164', + name: 'Failure to Sanitize Internal Special Element', + status: 'Incomplete', + }, + { + id: 'CWE-165', + name: 'Failure to Sanitize Multiple Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-166', + name: 'Failure to Handle Missing Special Element', + status: 'Draft', + }, + { + id: 'CWE-167', + name: 'Failure to Handle Additional Special Element', + status: 'Draft', + }, + { + id: 'CWE-168', + name: 'Failure to Resolve Inconsistent Special Elements', + status: 'Draft', + }, + { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, + { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, + { + id: 'CWE-173', + name: 'Failure to Handle Alternate Encoding', + status: 'Draft', + }, + { + id: 'CWE-174', + name: 'Double Decoding of the Same Data', + status: 'Draft', + }, + { + id: 'CWE-175', + name: 'Failure to Handle Mixed Encoding', + status: 'Draft', + }, + { + id: 'CWE-176', + name: 'Failure to Handle Unicode Encoding', + status: 'Draft', + }, + { + id: 'CWE-177', + name: 'Failure to Handle URL Encoding (Hex Encoding)', + status: 'Draft', + }, + { + id: 'CWE-178', + name: 'Failure to Resolve Case Sensitivity', + status: 'Incomplete', + }, + { + id: 'CWE-179', + name: 'Incorrect Behavior Order: Early Validation', + status: 'Incomplete', + }, + { + id: 'CWE-180', + name: 'Incorrect Behavior Order: Validate Before Canonicalize', + status: 'Draft', + }, + { + id: 'CWE-181', + name: 'Incorrect Behavior Order: Validate Before Filter', + status: 'Draft', + }, + { + id: 'CWE-182', + name: 'Collapse of Data Into Unsafe Value', + status: 'Draft', + }, + { id: 'CWE-183', name: 'Permissive Whitelist', status: 'Draft' }, + { id: 'CWE-184', name: 'Incomplete Blacklist', status: 'Draft' }, + { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, + { + id: 'CWE-186', + name: 'Overly Restrictive Regular Expression', + status: 'Draft', + }, + { id: 'CWE-187', name: 'Partial Comparison', status: 'Incomplete' }, + { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, + { + id: 'CWE-190', + name: 'Integer Overflow or Wraparound', + status: 'Incomplete', + }, + { + id: 'CWE-191', + name: 'Integer Underflow (Wrap or Wraparound)', + status: 'Draft', + }, + { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, + { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, + { + id: 'CWE-195', + name: 'Signed to Unsigned Conversion Error', + status: 'Draft', + }, + { + id: 'CWE-196', + name: 'Unsigned to Signed Conversion Error', + status: 'Draft', + }, + { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, + { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, + { id: 'CWE-20', name: 'Improper Input Validation', status: 'Draft' }, + { + id: 'CWE-200', + name: 'Information Leak (Information Disclosure)', + status: 'Incomplete', + }, + { + id: 'CWE-201', + name: 'Information Leak Through Sent Data', + status: 'Draft', + }, + { + id: 'CWE-202', + name: 'Privacy Leak through Data Queries', + status: 'Draft', + }, + { + id: 'CWE-203', + name: 'Discrepancy Information Leaks', + status: 'Incomplete', + }, + { + id: 'CWE-204', + name: 'Response Discrepancy Information Leak', + status: 'Incomplete', + }, + { + id: 'CWE-205', + name: 'Behavioral Discrepancy Information Leak', + status: 'Incomplete', + }, + { + id: 'CWE-206', + name: 'Internal Behavioral Inconsistency Information Leak', + status: 'Incomplete', + }, + { + id: 'CWE-207', + name: 'External Behavioral Inconsistency Information Leak', + status: 'Draft', + }, + { + id: 'CWE-208', + name: 'Timing Discrepancy Information Leak', + status: 'Incomplete', + }, + { id: 'CWE-209', name: 'Error Message Information Leak', status: 'Draft' }, + { + id: 'CWE-210', + name: 'Product-Generated Error Message Information Leak', + status: 'Draft', + }, + { + id: 'CWE-211', + name: 'Product-External Error Message Information Leak', + status: 'Incomplete', + }, + { + id: 'CWE-212', + name: 'Cross-boundary Cleansing Information Leak', + status: 'Incomplete', + }, + { id: 'CWE-213', name: 'Intended Information Leak', status: 'Draft' }, + { + id: 'CWE-214', + name: 'Process Environment Information Leak', + status: 'Incomplete', + }, + { + id: 'CWE-215', + name: 'Information Leak Through Debug Information', + status: 'Draft', + }, + { + id: 'CWE-216', + name: 'Containment Errors (Container Errors)', + status: 'Incomplete', + }, + { + id: 'CWE-217', + name: 'Failure to Protect Stored Data from Modification', + status: 'Incomplete', + }, + { + id: 'CWE-218', + name: 'DEPRECATED (Duplicate): Failure to provide confidentiality for stored data', + status: 'Deprecated', + }, + { id: 'CWE-219', name: 'Sensitive Data Under Web Root', status: 'Draft' }, + { id: 'CWE-22', name: 'Path Traversal', status: 'Draft' }, + { id: 'CWE-220', name: 'Sensitive Data Under FTP Root', status: 'Draft' }, + { + id: 'CWE-221', + name: 'Information Loss or Omission', + status: 'Incomplete', + }, + { + id: 'CWE-222', + name: 'Truncation of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-223', + name: 'Omission of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-224', + name: 'Obscured Security-relevant Information by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-225', + name: 'DEPRECATED (Duplicate): General Information Management Problems', + status: 'Deprecated', + }, + { + id: 'CWE-226', + name: 'Sensitive Information Uncleared Before Release', + status: 'Draft', + }, + { + id: 'CWE-227', + name: "Failure to Fulfill API Contract (aka 'API Abuse')", + status: 'Draft', + }, + { + id: 'CWE-228', + name: 'Failure to Handle Syntactically Invalid Structure', + status: 'Incomplete', + }, + { + id: 'CWE-229', + name: 'Improper Handling of Values', + status: 'Incomplete', + }, + { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, + { id: 'CWE-230', name: 'Failure to Handle Missing Value', status: 'Draft' }, + { id: 'CWE-231', name: 'Failure to Handle Extra Value', status: 'Draft' }, + { + id: 'CWE-232', + name: 'Failure to Handle Undefined Value', + status: 'Draft', + }, + { id: 'CWE-233', name: 'Parameter Problems', status: 'Incomplete' }, + { + id: 'CWE-234', + name: 'Failure to Handle Missing Parameter', + status: 'Incomplete', + }, + { + id: 'CWE-235', + name: 'Failure to Handle Extra Parameter', + status: 'Draft', + }, + { + id: 'CWE-236', + name: 'Failure to Handle Undefined Parameter', + status: 'Draft', + }, + { id: 'CWE-237', name: 'Element Problems', status: 'Incomplete' }, + { + id: 'CWE-238', + name: 'Failure to Handle Missing Element', + status: 'Draft', + }, + { + id: 'CWE-239', + name: 'Failure to Handle Incomplete Element', + status: 'Draft', + }, + { + id: 'CWE-24', + name: "Path Traversal: '../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-240', + name: 'Failure to Resolve Inconsistent Elements', + status: 'Draft', + }, + { + id: 'CWE-241', + name: 'Failure to Handle Wrong Data Type', + status: 'Draft', + }, + { + id: 'CWE-242', + name: 'Use of Inherently Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-243', + name: 'Failure to Change Working Directory in chroot Jail', + status: 'Draft', + }, + { + id: 'CWE-244', + name: "Failure to Clear Heap Memory Before Release (aka 'Heap Inspection')", + status: 'Draft', + }, + { + id: 'CWE-245', + name: 'J2EE Bad Practices: Direct Management of Connections', + status: 'Draft', + }, + { + id: 'CWE-246', + name: 'J2EE Bad Practices: Direct Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-247', + name: 'Reliance on DNS Lookups in a Security Decision', + status: 'Incomplete', + }, + { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, + { + id: 'CWE-249', + name: 'Often Misused: Path Manipulation', + status: 'Incomplete', + }, + { + id: 'CWE-25', + name: "Path Traversal: '/../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-250', + name: 'Execution with Unnecessary Privileges', + status: 'Draft', + }, + { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, + { + id: 'CWE-253', + name: 'Misinterpreted Function Return Value', + status: 'Incomplete', + }, + { + id: 'CWE-256', + name: 'Plaintext Storage of a Password', + status: 'Incomplete', + }, + { + id: 'CWE-257', + name: 'Storing Passwords in a Recoverable Format', + status: 'Incomplete', + }, + { + id: 'CWE-258', + name: 'Empty Password in Configuration File', + status: 'Incomplete', + }, + { id: 'CWE-259', name: 'Hard-Coded Password', status: 'Draft' }, + { + id: 'CWE-26', + name: "Path Traversal: '/dir/../filename'", + status: 'Draft', + }, + { + id: 'CWE-260', + name: 'Password in Configuration File', + status: 'Incomplete', + }, + { + id: 'CWE-261', + name: 'Weak Cryptography for Passwords', + status: 'Incomplete', + }, + { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, + { + id: 'CWE-263', + name: 'Password Aging with Long Expiration', + status: 'Draft', + }, + { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, + { + id: 'CWE-267', + name: 'Privilege Defined With Unsafe Actions', + status: 'Incomplete', + }, + { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, + { + id: 'CWE-269', + name: 'Insecure Privilege Management', + status: 'Incomplete', + }, + { + id: 'CWE-27', + name: "Path Traversal: 'dir/../../filename'", + status: 'Draft', + }, + { + id: 'CWE-270', + name: 'Privilege Context Switching Error', + status: 'Draft', + }, + { + id: 'CWE-271', + name: 'Privilege Dropping / Lowering Errors', + status: 'Incomplete', + }, + { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, + { + id: 'CWE-273', + name: 'Failure to Check Whether Privileges Were Dropped Successfully', + status: 'Incomplete', + }, + { + id: 'CWE-274', + name: 'Failure to Handle Insufficient Privileges', + status: 'Draft', + }, + { id: 'CWE-276', name: 'Insecure Default Permissions', status: 'Draft' }, + { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, + { + id: 'CWE-278', + name: 'Insecure Preserved Inherited Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-279', + name: 'Insecure Execution-assigned Permissions', + status: 'Draft', + }, + { + id: 'CWE-28', + name: "Path Traversal: '..\\filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-280', + name: 'Failure to Handle Insufficient Permissions or Privileges', + status: 'Draft', + }, + { id: 'CWE-281', name: 'Permission Preservation Failure', status: 'Draft' }, + { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, + { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, + { + id: 'CWE-284', + name: 'Access Control (Authorization) Issues', + status: 'Incomplete', + }, + { + id: 'CWE-285', + name: 'Improper Access Control (Authorization)', + status: 'Draft', + }, + { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, + { id: 'CWE-287', name: 'Improper Authentication', status: 'Draft' }, + { + id: 'CWE-288', + name: 'Authentication Bypass Using an Alternate Path or Channel', + status: 'Incomplete', + }, + { + id: 'CWE-289', + name: 'Authentication Bypass by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-29', + name: "Path Traversal: '\\..\\filename'", + status: 'Incomplete', + }, + { + id: 'CWE-290', + name: 'Authentication Bypass by Spoofing', + status: 'Incomplete', + }, + { + id: 'CWE-292', + name: 'Trusting Self-reported DNS Name', + status: 'Incomplete', + }, + { + id: 'CWE-293', + name: 'Using Referer Field for Authentication', + status: 'Draft', + }, + { + id: 'CWE-294', + name: 'Authentication Bypass by Capture-replay', + status: 'Incomplete', + }, + { + id: 'CWE-296', + name: 'Failure to Follow Chain of Trust in Certificate Validation', + status: 'Draft', + }, + { + id: 'CWE-297', + name: 'Failure to Validate Host-specific Certificate Data', + status: 'Incomplete', + }, + { + id: 'CWE-298', + name: 'Failure to Validate Certificate Expiration', + status: 'Draft', + }, + { + id: 'CWE-299', + name: 'Failure to Check for Certificate Revocation', + status: 'Draft', + }, + { + id: 'CWE-30', + name: "Path Traversal: '\\dir\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-300', + name: "Channel Accessible by Non-Endpoint (aka 'Man-in-the-Middle')", + status: 'Draft', + }, + { + id: 'CWE-301', + name: 'Reflection Attack in an Authentication Protocol', + status: 'Draft', + }, + { + id: 'CWE-302', + name: 'Authentication Bypass by Assumed-Immutable Data', + status: 'Incomplete', + }, + { + id: 'CWE-303', + name: 'Improper Implementation of Authentication Algorithm', + status: 'Draft', + }, + { + id: 'CWE-304', + name: 'Missing Critical Step in Authentication', + status: 'Draft', + }, + { + id: 'CWE-305', + name: 'Authentication Bypass by Primary Weakness', + status: 'Draft', + }, + { + id: 'CWE-306', + name: 'No Authentication for Critical Function', + status: 'Draft', + }, + { + id: 'CWE-307', + name: 'Failure to Restrict Excessive Authentication Attempts', + status: 'Draft', + }, + { + id: 'CWE-308', + name: 'Use of Single-factor Authentication', + status: 'Draft', + }, + { + id: 'CWE-309', + name: 'Use of Password System for Primary Authentication', + status: 'Draft', + }, + { + id: 'CWE-31', + name: "Path Traversal: 'dir\\..\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-311', + name: 'Failure to Encrypt Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-312', + name: 'Cleartext Storage of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-313', + name: 'Plaintext Storage in a File or on Disk', + status: 'Draft', + }, + { + id: 'CWE-314', + name: 'Plaintext Storage in the Registry', + status: 'Draft', + }, + { id: 'CWE-315', name: 'Plaintext Storage in a Cookie', status: 'Draft' }, + { id: 'CWE-316', name: 'Plaintext Storage in Memory', status: 'Draft' }, + { id: 'CWE-317', name: 'Plaintext Storage in GUI', status: 'Draft' }, + { id: 'CWE-318', name: 'Plaintext Storage in Executable', status: 'Draft' }, + { + id: 'CWE-319', + name: 'Cleartext Transmission of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-32', + name: "Path Traversal: '...' (Triple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-321', + name: 'Use of Hard-coded Cryptographic Key', + status: 'Draft', + }, + { + id: 'CWE-322', + name: 'Key Exchange without Entity Authentication', + status: 'Draft', + }, + { + id: 'CWE-323', + name: 'Reusing a Nonce, Key Pair in Encryption', + status: 'Incomplete', + }, + { + id: 'CWE-324', + name: 'Use of a Key Past its Expiration Date', + status: 'Draft', + }, + { + id: 'CWE-325', + name: 'Missing Required Cryptographic Step', + status: 'Incomplete', + }, + { id: 'CWE-326', name: 'Weak Encryption', status: 'Draft' }, + { + id: 'CWE-327', + name: 'Use of a Broken or Risky Cryptographic Algorithm', + status: 'Draft', + }, + { id: 'CWE-328', name: 'Reversible One-Way Hash', status: 'Draft' }, + { + id: 'CWE-329', + name: 'Not Using a Random IV with CBC Mode', + status: 'Draft', + }, + { + id: 'CWE-33', + name: "Path Traversal: '....' (Multiple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-330', + name: 'Use of Insufficiently Random Values', + status: 'Draft', + }, + { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, + { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, + { + id: 'CWE-333', + name: 'Failure to Handle Insufficient Entropy in TRNG', + status: 'Draft', + }, + { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, + { id: 'CWE-335', name: 'PRNG Seed Error', status: 'Draft' }, + { id: 'CWE-336', name: 'Same Seed in PRNG', status: 'Draft' }, + { id: 'CWE-337', name: 'Predictable Seed in PRNG', status: 'Draft' }, + { + id: 'CWE-338', + name: 'Use of Cryptographically Weak PRNG', + status: 'Draft', + }, + { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, + { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, + { id: 'CWE-340', name: 'Predictability Problems', status: 'Incomplete' }, + { + id: 'CWE-341', + name: 'Predictable from Observable State', + status: 'Draft', + }, + { + id: 'CWE-342', + name: 'Predictable Exact Value from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-343', + name: 'Predictable Value Range from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-344', + name: 'Use of Invariant Value in Dynamically Changing Context', + status: 'Draft', + }, + { + id: 'CWE-345', + name: 'Insufficient Verification of Data Authenticity', + status: 'Draft', + }, + { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, + { id: 'CWE-347', name: 'Improperly Verified Signature', status: 'Draft' }, + { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, + { + id: 'CWE-349', + name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', + status: 'Draft', + }, + { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, + { id: 'CWE-350', name: 'Improperly Trusted Reverse DNS', status: 'Draft' }, + { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, + { + id: 'CWE-353', + name: 'Failure to Add Integrity Check Value', + status: 'Draft', + }, + { + id: 'CWE-354', + name: 'Failure to Check Integrity Check Value', + status: 'Draft', + }, + { + id: 'CWE-356', + name: 'Product UI does not Warn User of Unsafe Actions', + status: 'Incomplete', + }, + { + id: 'CWE-357', + name: 'Insufficient UI Warning of Dangerous Operations', + status: 'Draft', + }, + { + id: 'CWE-358', + name: 'Improperly Implemented Security Check for Standard', + status: 'Draft', + }, + { id: 'CWE-359', name: 'Privacy Violation', status: 'Incomplete' }, + { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, + { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, + { id: 'CWE-362', name: 'Race Condition', status: 'Draft' }, + { + id: 'CWE-363', + name: 'Race Condition Enabling Link Following', + status: 'Draft', + }, + { + id: 'CWE-364', + name: 'Signal Handler Race Condition', + status: 'Incomplete', + }, + { id: 'CWE-365', name: 'Race Condition in Switch', status: 'Draft' }, + { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, + { + id: 'CWE-367', + name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', + status: 'Incomplete', + }, + { + id: 'CWE-368', + name: 'Context Switching Race Condition', + status: 'Draft', + }, + { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, + { + id: 'CWE-37', + name: "Path Traversal: '/absolute/pathname/here'", + status: 'Draft', + }, + { + id: 'CWE-370', + name: 'Race Condition in Checking for Certificate Revocation', + status: 'Draft', + }, + { + id: 'CWE-372', + name: 'Incomplete Internal State Distinction', + status: 'Draft', + }, + { id: 'CWE-373', name: 'State Synchronization Error', status: 'Draft' }, + { + id: 'CWE-374', + name: 'Mutable Objects Passed by Reference', + status: 'Draft', + }, + { + id: 'CWE-375', + name: 'Passing Mutable Objects to an Untrusted Method', + status: 'Draft', + }, + { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, + { + id: 'CWE-378', + name: 'Creation of Temporary File With Insecure Permissions', + status: 'Draft', + }, + { + id: 'CWE-379', + name: 'Creation of Temporary File in Directory with Insecure Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-38', + name: "Path Traversal: '\\absolute\\pathname\\here'", + status: 'Draft', + }, + { + id: 'CWE-382', + name: 'J2EE Bad Practices: Use of System.exit()', + status: 'Draft', + }, + { + id: 'CWE-383', + name: 'J2EE Bad Practices: Direct Use of Threads', + status: 'Draft', + }, + { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, + { + id: 'CWE-386', + name: 'Symbolic Name not Mapping to Correct Object', + status: 'Draft', + }, + { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, + { + id: 'CWE-390', + name: 'Detection of Error Condition Without Action', + status: 'Draft', + }, + { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, + { + id: 'CWE-392', + name: 'Failure to Report Error in Status Code', + status: 'Draft', + }, + { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, + { + id: 'CWE-394', + name: 'Unexpected Status Code or Return Value', + status: 'Draft', + }, + { + id: 'CWE-395', + name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', + status: 'Draft', + }, + { + id: 'CWE-396', + name: 'Declaration of Catch for Generic Exception', + status: 'Draft', + }, + { + id: 'CWE-397', + name: 'Declaration of Throws for Generic Exception', + status: 'Draft', + }, + { id: 'CWE-398', name: 'Indicator of Poor Code Quality', status: 'Draft' }, + { + id: 'CWE-40', + name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", + status: 'Draft', + }, + { + id: 'CWE-400', + name: "Uncontrolled Resource Consumption (aka 'Resource Exhaustion')", + status: 'Incomplete', + }, + { + id: 'CWE-401', + name: "Failure to Release Memory Before Removing Last Reference (aka 'Memory Leak')", + status: 'Draft', + }, + { + id: 'CWE-402', + name: "Transmission of Private Resources into a New Sphere (aka 'Resource Leak')", + status: 'Draft', + }, + { id: 'CWE-403', name: 'UNIX File Descriptor Leak', status: 'Draft' }, + { + id: 'CWE-404', + name: 'Improper Resource Shutdown or Release', + status: 'Draft', + }, + { + id: 'CWE-405', + name: 'Asymmetric Resource Consumption (Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-406', + name: 'Insufficient Control of Network Message Volume (Network Amplification)', + status: 'Incomplete', + }, + { id: 'CWE-407', name: 'Algorithmic Complexity', status: 'Incomplete' }, + { + id: 'CWE-408', + name: 'Incorrect Behavior Order: Early Amplification', + status: 'Draft', + }, + { + id: 'CWE-409', + name: 'Failure to Handle Highly Compressed Data (Data Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-41', + name: 'Failure to Resolve Path Equivalence', + status: 'Incomplete', + }, + { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, + { + id: 'CWE-412', + name: 'Unrestricted Lock on Critical Resource', + status: 'Incomplete', + }, + { id: 'CWE-413', name: 'Insufficient Resource Locking', status: 'Draft' }, + { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, + { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, + { id: 'CWE-416', name: 'Use After Free', status: 'Draft' }, + { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, + { + id: 'CWE-42', + name: "Path Equivalence: 'filename.' (Trailing Dot)", + status: 'Incomplete', + }, + { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, + { + id: 'CWE-421', + name: 'Race Condition During Access to Alternate Channel', + status: 'Draft', + }, + { + id: 'CWE-422', + name: "Unprotected Windows Messaging Channel ('Shatter')", + status: 'Draft', + }, + { + id: 'CWE-423', + name: 'DEPRECATED (Duplicate): Proxied Trusted Channel', + status: 'Deprecated', + }, + { + id: 'CWE-424', + name: 'Failure to Protect Alternate Path', + status: 'Draft', + }, + { + id: 'CWE-425', + name: "Direct Request ('Forced Browsing')", + status: 'Incomplete', + }, + { + id: 'CWE-427', + name: 'Uncontrolled Search Path Element', + status: 'Draft', + }, + { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, + { + id: 'CWE-43', + name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-430', + name: 'Deployment of Wrong Handler', + status: 'Incomplete', + }, + { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, + { + id: 'CWE-432', + name: 'Dangerous Handler not Disabled During Sensitive Operations', + status: 'Draft', + }, + { + id: 'CWE-433', + name: 'Unparsed Raw Web Content Delivery', + status: 'Incomplete', + }, + { id: 'CWE-435', name: 'Interaction Error', status: 'Draft' }, + { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, + { + id: 'CWE-437', + name: 'Incomplete Model of Endpoint Features', + status: 'Incomplete', + }, + { + id: 'CWE-439', + name: 'Behavioral Change in New Version or Environment', + status: 'Draft', + }, + { + id: 'CWE-44', + name: "Path Equivalence: 'file.name' (Internal Dot)", + status: 'Incomplete', + }, + { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, + { id: 'CWE-441', name: 'Unintended Proxy/Intermediary', status: 'Draft' }, + { + id: 'CWE-443', + name: 'DEPRECATED (Duplicate): HTTP response splitting', + status: 'Deprecated', + }, + { + id: 'CWE-444', + name: "Inconsistent Interpretation of HTTP Requests (aka 'HTTP Request Smuggling')", + status: 'Incomplete', + }, + { + id: 'CWE-446', + name: 'UI Discrepancy for Security Feature', + status: 'Incomplete', + }, + { + id: 'CWE-447', + name: 'Unimplemented or Unsupported Feature in UI', + status: 'Draft', + }, + { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, + { + id: 'CWE-449', + name: 'The UI Performs the Wrong Action', + status: 'Incomplete', + }, + { + id: 'CWE-45', + name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-450', + name: 'Multiple Interpretations of UI Input', + status: 'Draft', + }, + { + id: 'CWE-451', + name: 'UI Misrepresentation of Critical Information', + status: 'Draft', + }, + { + id: 'CWE-453', + name: 'Insecure Default Variable Initialization', + status: 'Draft', + }, + { + id: 'CWE-454', + name: 'External Initialization of Trusted Variables', + status: 'Draft', + }, + { + id: 'CWE-455', + name: 'Non-exit on Failed Initialization', + status: 'Draft', + }, + { id: 'CWE-456', name: 'Missing Initialization', status: 'Draft' }, + { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, + { + id: 'CWE-458', + name: 'DEPRECATED: Incorrect Initialization', + status: 'Deprecated', + }, + { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, + { + id: 'CWE-46', + name: "Path Equivalence: 'filename ' (Trailing Space)", + status: 'Incomplete', + }, + { + id: 'CWE-460', + name: 'Improper Cleanup on Thrown Exception', + status: 'Draft', + }, + { + id: 'CWE-462', + name: 'Duplicate Key in Associative List (Alist)', + status: 'Incomplete', + }, + { + id: 'CWE-463', + name: 'Deletion of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-464', + name: 'Addition of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-466', + name: 'Return of Pointer Value Outside of Expected Range', + status: 'Draft', + }, + { + id: 'CWE-467', + name: 'Use of sizeof() on a Pointer Type', + status: 'Draft', + }, + { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, + { + id: 'CWE-469', + name: 'Use of Pointer Subtraction to Determine Size', + status: 'Draft', + }, + { + id: 'CWE-47', + name: "Path Equivalence: ' filename (Leading Space)", + status: 'Incomplete', + }, + { + id: 'CWE-470', + name: "Use of Externally-Controlled Input to Select Classes or Code (aka 'Unsafe Reflection')", + status: 'Draft', + }, + { + id: 'CWE-471', + name: 'Modification of Assumed-Immutable Data (MAID)', + status: 'Draft', + }, + { + id: 'CWE-472', + name: 'External Control of Assumed-Immutable Web Parameter', + status: 'Draft', + }, + { + id: 'CWE-473', + name: 'PHP External Variable Modification', + status: 'Draft', + }, + { + id: 'CWE-474', + name: 'Use of Function with Inconsistent Implementations', + status: 'Draft', + }, + { + id: 'CWE-475', + name: 'Undefined Behavior for Input to API', + status: 'Incomplete', + }, + { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Draft' }, + { id: 'CWE-477', name: 'Use of Obsolete Functions', status: 'Draft' }, + { + id: 'CWE-478', + name: 'Failure to Use Default Case in Switch', + status: 'Draft', + }, + { + id: 'CWE-479', + name: 'Unsafe Function Call from a Signal Handler', + status: 'Draft', + }, + { + id: 'CWE-48', + name: "Path Equivalence: 'file name' (Internal Whitespace)", + status: 'Incomplete', + }, + { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, + { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, + { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, + { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, + { + id: 'CWE-484', + name: 'Omitted Break Statement in Switch', + status: 'Draft', + }, + { id: 'CWE-485', name: 'Insufficient Encapsulation', status: 'Draft' }, + { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, + { + id: 'CWE-487', + name: 'Reliance on Package-level Scope', + status: 'Incomplete', + }, + { id: 'CWE-488', name: 'Data Leak Between Sessions', status: 'Draft' }, + { id: 'CWE-489', name: 'Leftover Debug Code', status: 'Draft' }, + { + id: 'CWE-49', + name: "Path Equivalence: 'filename/' (Trailing Slash)", + status: 'Incomplete', + }, + { + id: 'CWE-491', + name: "Public cloneable() Method Without Final (aka 'Object Hijack')", + status: 'Draft', + }, + { + id: 'CWE-492', + name: 'Use of Inner Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-493', + name: 'Critical Public Variable Without Final Modifier', + status: 'Draft', + }, + { + id: 'CWE-494', + name: 'Download of Code Without Integrity Check', + status: 'Draft', + }, + { + id: 'CWE-495', + name: 'Private Array-Typed Field Returned From A Public Method', + status: 'Draft', + }, + { + id: 'CWE-496', + name: 'Public Data Assigned to Private Array-Typed Field', + status: 'Incomplete', + }, + { + id: 'CWE-497', + name: 'Information Leak of System Data', + status: 'Incomplete', + }, + { + id: 'CWE-498', + name: 'Information Leak through Class Cloning', + status: 'Draft', + }, + { + id: 'CWE-499', + name: 'Serializable Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-5', + name: 'J2EE Misconfiguration: Data Transmission Without Encryption', + status: 'Draft', + }, + { + id: 'CWE-50', + name: "Path Equivalence: '//multiple/leading/slash'", + status: 'Incomplete', + }, + { + id: 'CWE-500', + name: 'Public Static Field Not Marked Final', + status: 'Draft', + }, + { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, + { + id: 'CWE-502', + name: 'Deserialization of Untrusted Data', + status: 'Draft', + }, + { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, + { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, + { + id: 'CWE-508', + name: 'Non-Replicating Malicious Code', + status: 'Incomplete', + }, + { + id: 'CWE-509', + name: 'Replicating Malicious Code (Virus or Worm)', + status: 'Incomplete', + }, + { + id: 'CWE-51', + name: "Path Equivalence: '/multiple//internal/slash'", + status: 'Incomplete', + }, + { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, + { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, + { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, + { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, + { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, + { + id: 'CWE-516', + name: 'DEPRECATED (Duplicate): Covert Timing Channel', + status: 'Deprecated', + }, + { + id: 'CWE-52', + name: "Path Equivalence: '/multiple/trailing/slash//'", + status: 'Incomplete', + }, + { + id: 'CWE-520', + name: '.NET Misconfiguration: Use of Impersonation', + status: 'Incomplete', + }, + { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, + { + id: 'CWE-522', + name: 'Insufficiently Protected Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-523', + name: 'Unprotected Transport of Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-524', + name: 'Information Leak Through Caching', + status: 'Incomplete', + }, + { + id: 'CWE-525', + name: 'Information Leak Through Browser Caching', + status: 'Incomplete', + }, + { + id: 'CWE-526', + name: 'Information Leak Through Environmental Variables', + status: 'Incomplete', + }, + { + id: 'CWE-527', + name: 'Information Leak Through CVS Repository', + status: 'Incomplete', + }, + { + id: 'CWE-528', + name: 'Information Leak Through Core Dump Files', + status: 'Draft', + }, + { + id: 'CWE-529', + name: 'Information Leak Through Access Control List Files', + status: 'Incomplete', + }, + { + id: 'CWE-53', + name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", + status: 'Incomplete', + }, + { + id: 'CWE-530', + name: 'Information Leak Through Backup (.~bk) Files', + status: 'Incomplete', + }, + { + id: 'CWE-531', + name: 'Information Leak Through Test Code', + status: 'Incomplete', + }, + { + id: 'CWE-532', + name: 'Information Leak Through Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-533', + name: 'Information Leak Through Server Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-534', + name: 'Information Leak Through Debug Log Files', + status: 'Draft', + }, + { + id: 'CWE-535', + name: 'Information Leak Through Shell Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-536', + name: 'Information Leak Through Servlet Runtime Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-537', + name: 'Information Leak Through Java Runtime Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-538', + name: 'File and Directory Information Leaks', + status: 'Draft', + }, + { + id: 'CWE-539', + name: 'Information Leak Through Persistent Cookies', + status: 'Incomplete', + }, + { + id: 'CWE-54', + name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", + status: 'Incomplete', + }, + { + id: 'CWE-540', + name: 'Information Leak Through Source Code', + status: 'Incomplete', + }, + { + id: 'CWE-541', + name: 'Information Leak Through Include Source Code', + status: 'Incomplete', + }, + { + id: 'CWE-542', + name: 'Information Leak Through Cleanup Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-543', + name: 'Use of Singleton Pattern in a Non-thread-safe Manner', + status: 'Incomplete', + }, + { + id: 'CWE-544', + name: 'Missing Error Handling Mechanism', + status: 'Draft', + }, + { + id: 'CWE-545', + name: 'Use of Dynamic Class Loading', + status: 'Incomplete', + }, + { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, + { + id: 'CWE-547', + name: 'Use of Hard-coded, Security-relevant Constants', + status: 'Draft', + }, + { + id: 'CWE-548', + name: 'Information Leak Through Directory Listing', + status: 'Draft', + }, + { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, + { + id: 'CWE-55', + name: "Path Equivalence: '/./' (Single Dot Directory)", + status: 'Incomplete', + }, + { + id: 'CWE-550', + name: 'Information Leak Through Server Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-551', + name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', + status: 'Incomplete', + }, + { + id: 'CWE-552', + name: 'Files or Directories Accessible to External Parties', + status: 'Draft', + }, + { + id: 'CWE-553', + name: 'Command Shell in Externally Accessible Directory', + status: 'Incomplete', + }, + { + id: 'CWE-554', + name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', + status: 'Draft', + }, + { + id: 'CWE-555', + name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-556', + name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', + status: 'Incomplete', + }, + { + id: 'CWE-558', + name: 'Use of getlogin() in Multithreaded Application', + status: 'Draft', + }, + { + id: 'CWE-56', + name: "Path Equivalence: 'filedir*' (Wildcard)", + status: 'Incomplete', + }, + { + id: 'CWE-560', + name: 'Use of umask() with chmod-style Argument', + status: 'Draft', + }, + { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, + { + id: 'CWE-562', + name: 'Return of Stack Variable Address', + status: 'Draft', + }, + { id: 'CWE-563', name: 'Unused Variable', status: 'Draft' }, + { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, + { + id: 'CWE-565', + name: 'Use of Cookies in Security Decision', + status: 'Incomplete', + }, + { + id: 'CWE-566', + name: 'Access Control Bypass Through User-Controlled SQL Primary Key', + status: 'Incomplete', + }, + { + id: 'CWE-567', + name: 'Unsynchronized Access to Shared Data', + status: 'Draft', + }, + { + id: 'CWE-568', + name: 'finalize() Method Without super.finalize()', + status: 'Draft', + }, + { + id: 'CWE-57', + name: "Path Equivalence: 'fakedir/../realdir/filename'", + status: 'Incomplete', + }, + { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, + { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, + { + id: 'CWE-572', + name: 'Call to Thread run() instead of start()', + status: 'Draft', + }, + { id: 'CWE-573', name: 'Failure to Follow Specification', status: 'Draft' }, + { + id: 'CWE-574', + name: 'EJB Bad Practices: Use of Synchronization Primitives', + status: 'Draft', + }, + { + id: 'CWE-575', + name: 'EJB Bad Practices: Use of AWT Swing', + status: 'Draft', + }, + { + id: 'CWE-576', + name: 'EJB Bad Practices: Use of Java I/O', + status: 'Draft', + }, + { + id: 'CWE-577', + name: 'EJB Bad Practices: Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-578', + name: 'EJB Bad Practices: Use of Class Loader', + status: 'Draft', + }, + { + id: 'CWE-579', + name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', + status: 'Draft', + }, + { + id: 'CWE-58', + name: 'Path Equivalence: Windows 8.3 Filename', + status: 'Incomplete', + }, + { + id: 'CWE-580', + name: 'clone() Method Without super.clone()', + status: 'Draft', + }, + { + id: 'CWE-581', + name: 'Object Model Violation: Just One of Equals and Hashcode Defined', + status: 'Draft', + }, + { + id: 'CWE-582', + name: 'Array Declared Public, Final, and Static', + status: 'Draft', + }, + { + id: 'CWE-583', + name: 'finalize() Method Declared Public', + status: 'Incomplete', + }, + { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, + { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, + { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, + { + id: 'CWE-587', + name: 'Assignment of a Fixed Address to a Pointer', + status: 'Draft', + }, + { + id: 'CWE-588', + name: 'Attempt to Access Child of a Non-structure Pointer', + status: 'Incomplete', + }, + { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, + { + id: 'CWE-59', + name: "Failure to Resolve Links Before File Access (aka 'Link Following')", + status: 'Draft', + }, + { + id: 'CWE-590', + name: 'Free of Invalid Pointer Not on the Heap', + status: 'Incomplete', + }, + { + id: 'CWE-591', + name: 'Sensitive Data Storage in Improperly Locked Memory', + status: 'Draft', + }, + { + id: 'CWE-592', + name: 'Authentication Bypass Issues', + status: 'Incomplete', + }, + { + id: 'CWE-593', + name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', + status: 'Draft', + }, + { + id: 'CWE-594', + name: 'J2EE Framework: Saving Unserializable Objects to Disk', + status: 'Incomplete', + }, + { + id: 'CWE-595', + name: 'Incorrect Syntactic Object Comparison', + status: 'Incomplete', + }, + { + id: 'CWE-596', + name: 'Incorrect Semantic Object Comparison', + status: 'Incomplete', + }, + { + id: 'CWE-597', + name: 'Use of Wrong Operator in String Comparison', + status: 'Draft', + }, + { + id: 'CWE-598', + name: 'Information Leak Through Query Strings in GET Request', + status: 'Draft', + }, + { + id: 'CWE-599', + name: 'Trust of OpenSSL Certificate Without Validation', + status: 'Incomplete', + }, + { + id: 'CWE-6', + name: 'J2EE Misconfiguration: Insufficient Session-ID Length', + status: 'Incomplete', + }, + { + id: 'CWE-600', + name: 'Failure to Catch All Exceptions (Missing Catch Block)', + status: 'Draft', + }, + { + id: 'CWE-601', + name: "URL Redirection to Untrusted Site (aka 'Open Redirect')", + status: 'Draft', + }, + { + id: 'CWE-602', + name: 'Client-Side Enforcement of Server-Side Security', + status: 'Draft', + }, + { + id: 'CWE-603', + name: 'Use of Client-Side Authentication', + status: 'Draft', + }, + { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, + { + id: 'CWE-606', + name: 'Unchecked Input for Loop Condition', + status: 'Draft', + }, + { + id: 'CWE-607', + name: 'Public Static Final Field References Mutable Object', + status: 'Draft', + }, + { + id: 'CWE-608', + name: 'Struts: Non-private Field in ActionForm Class', + status: 'Draft', + }, + { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, + { + id: 'CWE-610', + name: 'Externally Controlled Reference to a Resource in Another Sphere', + status: 'Draft', + }, + { + id: 'CWE-611', + name: 'Information Leak Through XML External Entity File Disclosure', + status: 'Draft', + }, + { + id: 'CWE-612', + name: 'Information Leak Through Indexing of Private Data', + status: 'Draft', + }, + { + id: 'CWE-613', + name: 'Insufficient Session Expiration', + status: 'Incomplete', + }, + { + id: 'CWE-614', + name: 'Sensitive Cookie in HTTPS Session Without "Secure" Attribute', + status: 'Draft', + }, + { + id: 'CWE-615', + name: 'Information Leak Through Comments', + status: 'Incomplete', + }, + { + id: 'CWE-616', + name: 'Incomplete Identification of Uploaded File Variables (PHP)', + status: 'Incomplete', + }, + { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, + { + id: 'CWE-618', + name: 'Exposed Unsafe ActiveX Method', + status: 'Incomplete', + }, + { + id: 'CWE-619', + name: "Dangling Database Cursor (aka 'Cursor Injection')", + status: 'Incomplete', + }, + { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, + { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, + { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, + { + id: 'CWE-622', + name: 'Unvalidated Function Hook Arguments', + status: 'Draft', + }, + { + id: 'CWE-623', + name: 'Unsafe ActiveX Control Marked Safe For Scripting', + status: 'Draft', + }, + { + id: 'CWE-624', + name: 'Executable Regular Expression Error', + status: 'Incomplete', + }, + { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, + { + id: 'CWE-626', + name: 'Null Byte Interaction Error (Poison Null Byte)', + status: 'Draft', + }, + { + id: 'CWE-627', + name: 'Dynamic Variable Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-628', + name: 'Function Call with Incorrectly Specified Arguments', + status: 'Draft', + }, + { + id: 'CWE-636', + name: "Not Failing Securely (aka 'Failing Open')", + status: 'Draft', + }, + { + id: 'CWE-637', + name: 'Failure to Use Economy of Mechanism', + status: 'Draft', + }, + { + id: 'CWE-638', + name: 'Failure to Use Complete Mediation', + status: 'Draft', + }, + { + id: 'CWE-639', + name: 'Access Control Bypass Through User-Controlled Key', + status: 'Incomplete', + }, + { + id: 'CWE-64', + name: 'Windows Shortcut Following (.LNK)', + status: 'Incomplete', + }, + { + id: 'CWE-640', + name: 'Weak Password Recovery Mechanism for Forgotten Password', + status: 'Incomplete', + }, + { + id: 'CWE-641', + name: 'Insufficient Filtering of File and Other Resource Names for Executable Content', + status: 'Incomplete', + }, + { + id: 'CWE-642', + name: 'External Control of Critical State Data', + status: 'Draft', + }, + { + id: 'CWE-643', + name: "Failure to Sanitize Data within XPath Expressions (aka 'XPath injection')", + status: 'Incomplete', + }, + { + id: 'CWE-644', + name: 'Insufficient Sanitization of HTTP Headers for Scripting Syntax', + status: 'Incomplete', + }, + { + id: 'CWE-645', + name: 'Overly Restrictive Account Lockout Mechanism', + status: 'Incomplete', + }, + { + id: 'CWE-646', + name: 'Reliance on File Name or Extension of Externally-Supplied File', + status: 'Incomplete', + }, + { + id: 'CWE-647', + name: 'Use of Non-Canonical URL Paths for Authorization Decisions', + status: 'Incomplete', + }, + { + id: 'CWE-648', + name: 'Improper Use of Privileged APIs', + status: 'Incomplete', + }, + { + id: 'CWE-649', + name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', + status: 'Incomplete', + }, + { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, + { + id: 'CWE-650', + name: 'Trusting HTTP Permission Methods on the Server Side', + status: 'Incomplete', + }, + { + id: 'CWE-651', + name: 'Information Leak through WSDL File', + status: 'Incomplete', + }, + { + id: 'CWE-652', + name: "Failure to Sanitize Data within XQuery Expressions (aka 'XQuery Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-653', + name: 'Insufficient Compartmentalization', + status: 'Draft', + }, + { + id: 'CWE-654', + name: 'Reliance on a Single Factor in a Security Decision', + status: 'Draft', + }, + { + id: 'CWE-655', + name: 'Failure to Satisfy Psychological Acceptability', + status: 'Draft', + }, + { + id: 'CWE-656', + name: 'Reliance on Security through Obscurity', + status: 'Draft', + }, + { + id: 'CWE-657', + name: 'Violation of Secure Design Principles', + status: 'Draft', + }, + { + id: 'CWE-66', + name: 'Failure to Handle File Names that Identify Virtual Resources', + status: 'Draft', + }, + { id: 'CWE-662', name: 'Insufficient Synchronization', status: 'Draft' }, + { + id: 'CWE-663', + name: 'Use of a Non-reentrant Function in an Unsynchronized Context', + status: 'Draft', + }, + { + id: 'CWE-664', + name: 'Insufficient Control of a Resource Through its Lifetime', + status: 'Draft', + }, + { id: 'CWE-665', name: 'Improper Initialization', status: 'Draft' }, + { + id: 'CWE-666', + name: 'Operation on Resource in Wrong Phase of Lifetime', + status: 'Draft', + }, + { id: 'CWE-667', name: 'Insufficient Locking', status: 'Draft' }, + { + id: 'CWE-668', + name: 'Exposure of Resource to Wrong Sphere', + status: 'Draft', + }, + { + id: 'CWE-669', + name: 'Incorrect Resource Transfer Between Spheres', + status: 'Draft', + }, + { + id: 'CWE-67', + name: 'Failure to Handle Windows Device Names', + status: 'Incomplete', + }, + { + id: 'CWE-670', + name: 'Always-Incorrect Control Flow Implementation', + status: 'Draft', + }, + { + id: 'CWE-671', + name: 'Lack of Administrator Control over Security', + status: 'Draft', + }, + { + id: 'CWE-672', + name: 'Use of a Resource after Expiration or Release', + status: 'Draft', + }, + { + id: 'CWE-673', + name: 'External Influence of Sphere Definition', + status: 'Draft', + }, + { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, + { + id: 'CWE-675', + name: 'Duplicate Operations on Resource', + status: 'Draft', + }, + { + id: 'CWE-676', + name: 'Use of Potentially Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-681', + name: 'Incorrect Conversion between Numeric Types', + status: 'Draft', + }, + { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, + { + id: 'CWE-683', + name: 'Function Call With Incorrect Order of Arguments', + status: 'Draft', + }, + { + id: 'CWE-684', + name: 'Failure to Provide Specified Functionality', + status: 'Draft', + }, + { + id: 'CWE-685', + name: 'Function Call With Incorrect Number of Arguments', + status: 'Draft', + }, + { + id: 'CWE-686', + name: 'Function Call With Incorrect Argument Type', + status: 'Draft', + }, + { + id: 'CWE-687', + name: 'Function Call With Incorrectly Specified Argument Value', + status: 'Draft', + }, + { + id: 'CWE-688', + name: 'Function Call With Incorrect Variable or Reference as Argument', + status: 'Draft', + }, + { + id: 'CWE-69', + name: 'Failure to Handle Windows ::DATA Alternate Data Stream', + status: 'Incomplete', + }, + { + id: 'CWE-691', + name: 'Insufficient Control Flow Management', + status: 'Draft', + }, + { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, + { + id: 'CWE-694', + name: 'Use of Multiple Resources with Duplicate Identifier', + status: 'Incomplete', + }, + { + id: 'CWE-695', + name: 'Use of Low-Level Functionality', + status: 'Incomplete', + }, + { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, + { id: 'CWE-697', name: 'Insufficient Comparison', status: 'Incomplete' }, + { id: 'CWE-698', name: 'Redirect Without Exit', status: 'Incomplete' }, + { + id: 'CWE-7', + name: 'J2EE Misconfiguration: Missing Error Handling', + status: 'Incomplete', + }, + { + id: 'CWE-703', + name: 'Failure to Handle Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-704', + name: 'Incorrect Type Conversion or Cast', + status: 'Incomplete', + }, + { + id: 'CWE-705', + name: 'Incorrect Control Flow Scoping', + status: 'Incomplete', + }, + { + id: 'CWE-706', + name: 'Use of Incorrectly-Resolved Name or Reference', + status: 'Incomplete', + }, + { + id: 'CWE-707', + name: 'Failure to Enforce that Messages or Data are Well-Formed', + status: 'Incomplete', + }, + { + id: 'CWE-708', + name: 'Incorrect Ownership Assignment', + status: 'Incomplete', + }, + { id: 'CWE-71', name: "Apple '.DS_Store'", status: 'Incomplete' }, + { id: 'CWE-710', name: 'Coding Standards Violation', status: 'Incomplete' }, + { + id: 'CWE-72', + name: 'Failure to Handle Apple HFS+ Alternate Data Stream Path', + status: 'Incomplete', + }, + { + id: 'CWE-73', + name: 'External Control of File Name or Path', + status: 'Draft', + }, + { + id: 'CWE-732', + name: 'Insecure Permission Assignment for Critical Resource', + status: 'Draft', + }, + { + id: 'CWE-733', + name: 'Compiler Optimization Removal or Modification of Security-critical Code', + status: 'Incomplete', + }, + { + id: 'CWE-74', + name: "Failure to Sanitize Data into a Different Plane (aka 'Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-749', + name: 'Exposed Dangerous Method or Function', + status: 'Incomplete', + }, + { + id: 'CWE-75', + name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', + status: 'Draft', + }, + { + id: 'CWE-76', + name: 'Failure to Resolve Equivalent Special Elements into a Different Plane', + status: 'Draft', + }, + { + id: 'CWE-77', + name: "Failure to Sanitize Data into a Control Plane (aka 'Command Injection')", + status: 'Draft', + }, + { + id: 'CWE-78', + name: "Failure to Preserve OS Command Structure (aka 'OS Command Injection')", + status: 'Draft', + }, + { + id: 'CWE-79', + name: "Failure to Preserve Web Page Structure (aka 'Cross-site Scripting')", + status: 'Draft', + }, + { + id: 'CWE-8', + name: 'J2EE Misconfiguration: Entity Bean Declared Remote', + status: 'Incomplete', + }, + { + id: 'CWE-80', + name: 'Failure to Sanitize Script-Related HTML Tags in a Web Page (Basic XSS)', + status: 'Incomplete', + }, + { + id: 'CWE-81', + name: 'Failure to Sanitize Directives in an Error Message Web Page', + status: 'Incomplete', + }, + { + id: 'CWE-82', + name: 'Failure to Sanitize Script in Attributes of IMG Tags in a Web Page', + status: 'Incomplete', + }, + { + id: 'CWE-83', + name: 'Failure to Sanitize Script in Attributes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-84', + name: 'Failure to Resolve Encoded URI Schemes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-85', + name: 'Doubled Character XSS Manipulations', + status: 'Draft', + }, + { + id: 'CWE-86', + name: 'Failure to Sanitize Invalid Characters in Identifiers in Web Pages', + status: 'Draft', + }, + { + id: 'CWE-87', + name: 'Failure to Sanitize Alternate XSS Syntax', + status: 'Draft', + }, + { + id: 'CWE-88', + name: 'Argument Injection or Modification', + status: 'Draft', + }, + { + id: 'CWE-89', + name: "Failure to Preserve SQL Query Structure (aka 'SQL Injection')", + status: 'Draft', + }, + { + id: 'CWE-9', + name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', + status: 'Draft', + }, + { + id: 'CWE-90', + name: "Failure to Sanitize Data into LDAP Queries (aka 'LDAP Injection')", + status: 'Draft', + }, + { + id: 'CWE-91', + name: 'XML Injection (aka Blind XPath Injection)', + status: 'Draft', + }, + { + id: 'CWE-92', + name: 'Insufficient Sanitization of Custom Special Characters', + status: 'Incomplete', + }, + { + id: 'CWE-93', + name: "Failure to Sanitize CRLF Sequences (aka 'CRLF Injection')", + status: 'Draft', + }, + { + id: 'CWE-94', + name: "Failure to Control Generation of Code (aka 'Code Injection')", + status: 'Draft', + }, + { + id: 'CWE-95', + name: "Insufficient Control of Directives in Dynamically Evaluated Code (aka 'Eval Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-96', + name: 'Insufficient Control of Directives in Statically Saved Code (Static Code Injection)', + status: 'Draft', + }, + { + id: 'CWE-97', + name: 'Failure to Sanitize Server-Side Includes (SSI) Within a Web Page', + status: 'Draft', + }, + { + id: 'CWE-99', + name: "Insufficient Control of Resource Identifiers (aka 'Resource Injection')", + status: 'Draft', + }, + ], +} diff --git a/lib/cwec/1.3.js b/lib/cwec/1.3.js new file mode 100644 index 00000000..86f980e1 --- /dev/null +++ b/lib/cwec/1.3.js @@ -0,0 +1,2504 @@ +export default { + weaknesses: [ + { + id: 'CWE-100', + name: 'Technology-Specific Input Validation Problems', + status: 'Incomplete', + }, + { + id: 'CWE-102', + name: 'Struts: Duplicate Validation Forms', + status: 'Incomplete', + }, + { + id: 'CWE-103', + name: 'Struts: Incomplete validate() Method Definition', + status: 'Draft', + }, + { + id: 'CWE-104', + name: 'Struts: Form Bean Does Not Extend Validation Class', + status: 'Draft', + }, + { + id: 'CWE-105', + name: 'Struts: Form Field Without Validator', + status: 'Draft', + }, + { + id: 'CWE-106', + name: 'Struts: Plug-in Framework not in Use', + status: 'Draft', + }, + { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, + { + id: 'CWE-108', + name: 'Struts: Unvalidated Action Form', + status: 'Incomplete', + }, + { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, + { + id: 'CWE-11', + name: 'ASP.NET Misconfiguration: Creating Debug Binary', + status: 'Draft', + }, + { + id: 'CWE-110', + name: 'Struts: Validator Without Form Field', + status: 'Draft', + }, + { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, + { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, + { + id: 'CWE-113', + name: "Failure to Sanitize CRLF Sequences in HTTP Headers (aka 'HTTP Response Splitting')", + status: 'Incomplete', + }, + { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, + { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, + { + id: 'CWE-116', + name: 'Improper Encoding or Escaping of Output', + status: 'Draft', + }, + { + id: 'CWE-117', + name: 'Incorrect Output Sanitization for Logs', + status: 'Draft', + }, + { + id: 'CWE-118', + name: "Improper Access of Indexable Resource (aka 'Range Error')", + status: 'Incomplete', + }, + { + id: 'CWE-119', + name: 'Failure to Constrain Operations within the Bounds of a Memory Buffer', + status: 'Draft', + }, + { + id: 'CWE-12', + name: 'ASP.NET Misconfiguration: Missing Custom Error Page', + status: 'Draft', + }, + { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, + { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, + { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, + { + id: 'CWE-124', + name: "Boundary Beginning Violation ('Buffer Underwrite')", + status: 'Incomplete', + }, + { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, + { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, + { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, + { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, + { id: 'CWE-129', name: 'Unchecked Array Indexing', status: 'Draft' }, + { + id: 'CWE-13', + name: 'ASP.NET Misconfiguration: Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-130', + name: 'Improper Handling of Length Parameter Inconsistency ', + status: 'Incomplete', + }, + { + id: 'CWE-131', + name: 'Incorrect Calculation of Buffer Size', + status: 'Draft', + }, + { + id: 'CWE-132', + name: 'DEPRECATED (Duplicate): Miscalculated Null Termination', + status: 'Deprecated', + }, + { id: 'CWE-134', name: 'Uncontrolled Format String', status: 'Draft' }, + { + id: 'CWE-135', + name: 'Incorrect Calculation of Multi-Byte String Length', + status: 'Draft', + }, + { + id: 'CWE-138', + name: 'Improper Sanitization of Special Elements', + status: 'Draft', + }, + { + id: 'CWE-14', + name: 'Compiler Removal of Code to Clear Buffers', + status: 'Draft', + }, + { id: 'CWE-140', name: 'Failure to Sanitize Delimiters', status: 'Draft' }, + { + id: 'CWE-141', + name: 'Failure to Sanitize Parameter/Argument Delimiters', + status: 'Draft', + }, + { + id: 'CWE-142', + name: 'Failure to Sanitize Value Delimiters', + status: 'Draft', + }, + { + id: 'CWE-143', + name: 'Failure to Sanitize Record Delimiters', + status: 'Draft', + }, + { + id: 'CWE-144', + name: 'Failure to Sanitize Line Delimiters', + status: 'Draft', + }, + { + id: 'CWE-145', + name: 'Failure to Sanitize Section Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-146', + name: 'Failure to Sanitize Expression/Command Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-147', + name: 'Improper Sanitization of Input Terminators', + status: 'Draft', + }, + { + id: 'CWE-148', + name: 'Failure to Sanitize Input Leaders', + status: 'Draft', + }, + { + id: 'CWE-149', + name: 'Failure to Sanitize Quoting Syntax', + status: 'Draft', + }, + { + id: 'CWE-15', + name: 'External Control of System or Configuration Setting', + status: 'Incomplete', + }, + { + id: 'CWE-150', + name: 'Failure to Sanitize Escape, Meta, or Control Sequences', + status: 'Incomplete', + }, + { + id: 'CWE-151', + name: 'Improper Sanitization of Comment Delimiters', + status: 'Draft', + }, + { + id: 'CWE-152', + name: 'Improper Sanitization of Macro Symbols', + status: 'Draft', + }, + { + id: 'CWE-153', + name: 'Improper Sanitization of Substitution Characters', + status: 'Draft', + }, + { + id: 'CWE-154', + name: 'Improper Sanitization of Variable Name Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-155', + name: 'Improper Sanitization of Wildcards or Matching Symbols', + status: 'Draft', + }, + { + id: 'CWE-156', + name: 'Improper Sanitization of Whitespace', + status: 'Draft', + }, + { + id: 'CWE-157', + name: 'Failure to Sanitize Paired Delimiters', + status: 'Draft', + }, + { + id: 'CWE-158', + name: 'Failure to Sanitize Null Byte or NUL Character', + status: 'Incomplete', + }, + { + id: 'CWE-159', + name: 'Failure to Sanitize Special Element', + status: 'Draft', + }, + { + id: 'CWE-160', + name: 'Failure to Sanitize Leading Special Element', + status: 'Incomplete', + }, + { + id: 'CWE-161', + name: 'Failure to Sanitize Multiple Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-162', + name: 'Failure to Sanitize Trailing Special Element', + status: 'Incomplete', + }, + { + id: 'CWE-163', + name: 'Failure to Sanitize Multiple Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-164', + name: 'Failure to Sanitize Internal Special Element', + status: 'Incomplete', + }, + { + id: 'CWE-165', + name: 'Failure to Sanitize Multiple Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-166', + name: 'Failure to Handle Missing Special Element', + status: 'Draft', + }, + { + id: 'CWE-167', + name: 'Failure to Handle Additional Special Element', + status: 'Draft', + }, + { + id: 'CWE-168', + name: 'Failure to Resolve Inconsistent Special Elements', + status: 'Draft', + }, + { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, + { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, + { + id: 'CWE-173', + name: 'Failure to Handle Alternate Encoding', + status: 'Draft', + }, + { + id: 'CWE-174', + name: 'Double Decoding of the Same Data', + status: 'Draft', + }, + { + id: 'CWE-175', + name: 'Failure to Handle Mixed Encoding', + status: 'Draft', + }, + { + id: 'CWE-176', + name: 'Failure to Handle Unicode Encoding', + status: 'Draft', + }, + { + id: 'CWE-177', + name: 'Failure to Handle URL Encoding (Hex Encoding)', + status: 'Draft', + }, + { + id: 'CWE-178', + name: 'Failure to Resolve Case Sensitivity', + status: 'Incomplete', + }, + { + id: 'CWE-179', + name: 'Incorrect Behavior Order: Early Validation', + status: 'Incomplete', + }, + { + id: 'CWE-180', + name: 'Incorrect Behavior Order: Validate Before Canonicalize', + status: 'Draft', + }, + { + id: 'CWE-181', + name: 'Incorrect Behavior Order: Validate Before Filter', + status: 'Draft', + }, + { + id: 'CWE-182', + name: 'Collapse of Data Into Unsafe Value', + status: 'Draft', + }, + { id: 'CWE-183', name: 'Permissive Whitelist', status: 'Draft' }, + { id: 'CWE-184', name: 'Incomplete Blacklist', status: 'Draft' }, + { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, + { + id: 'CWE-186', + name: 'Overly Restrictive Regular Expression', + status: 'Draft', + }, + { id: 'CWE-187', name: 'Partial Comparison', status: 'Incomplete' }, + { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, + { + id: 'CWE-190', + name: 'Integer Overflow or Wraparound', + status: 'Incomplete', + }, + { + id: 'CWE-191', + name: 'Integer Underflow (Wrap or Wraparound)', + status: 'Draft', + }, + { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, + { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, + { + id: 'CWE-195', + name: 'Signed to Unsigned Conversion Error', + status: 'Draft', + }, + { + id: 'CWE-196', + name: 'Unsigned to Signed Conversion Error', + status: 'Draft', + }, + { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, + { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, + { id: 'CWE-20', name: 'Improper Input Validation', status: 'Draft' }, + { + id: 'CWE-200', + name: 'Information Leak (Information Disclosure)', + status: 'Incomplete', + }, + { + id: 'CWE-201', + name: 'Information Leak Through Sent Data', + status: 'Draft', + }, + { + id: 'CWE-202', + name: 'Privacy Leak through Data Queries', + status: 'Draft', + }, + { + id: 'CWE-203', + name: 'Discrepancy Information Leaks', + status: 'Incomplete', + }, + { + id: 'CWE-204', + name: 'Response Discrepancy Information Leak', + status: 'Incomplete', + }, + { + id: 'CWE-205', + name: 'Behavioral Discrepancy Information Leak', + status: 'Incomplete', + }, + { + id: 'CWE-206', + name: 'Internal Behavioral Inconsistency Information Leak', + status: 'Incomplete', + }, + { + id: 'CWE-207', + name: 'External Behavioral Inconsistency Information Leak', + status: 'Draft', + }, + { + id: 'CWE-208', + name: 'Timing Discrepancy Information Leak', + status: 'Incomplete', + }, + { id: 'CWE-209', name: 'Error Message Information Leak', status: 'Draft' }, + { + id: 'CWE-210', + name: 'Product-Generated Error Message Information Leak', + status: 'Draft', + }, + { + id: 'CWE-211', + name: 'Product-External Error Message Information Leak', + status: 'Incomplete', + }, + { + id: 'CWE-212', + name: 'Cross-boundary Cleansing Information Leak', + status: 'Incomplete', + }, + { id: 'CWE-213', name: 'Intended Information Leak', status: 'Draft' }, + { + id: 'CWE-214', + name: 'Process Environment Information Leak', + status: 'Incomplete', + }, + { + id: 'CWE-215', + name: 'Information Leak Through Debug Information', + status: 'Draft', + }, + { + id: 'CWE-216', + name: 'Containment Errors (Container Errors)', + status: 'Incomplete', + }, + { + id: 'CWE-217', + name: 'Failure to Protect Stored Data from Modification', + status: 'Incomplete', + }, + { + id: 'CWE-218', + name: 'DEPRECATED (Duplicate): Failure to provide confidentiality for stored data', + status: 'Deprecated', + }, + { id: 'CWE-219', name: 'Sensitive Data Under Web Root', status: 'Draft' }, + { id: 'CWE-22', name: 'Path Traversal', status: 'Draft' }, + { id: 'CWE-220', name: 'Sensitive Data Under FTP Root', status: 'Draft' }, + { + id: 'CWE-221', + name: 'Information Loss or Omission', + status: 'Incomplete', + }, + { + id: 'CWE-222', + name: 'Truncation of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-223', + name: 'Omission of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-224', + name: 'Obscured Security-relevant Information by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-225', + name: 'DEPRECATED (Duplicate): General Information Management Problems', + status: 'Deprecated', + }, + { + id: 'CWE-226', + name: 'Sensitive Information Uncleared Before Release', + status: 'Draft', + }, + { + id: 'CWE-227', + name: "Failure to Fulfill API Contract (aka 'API Abuse')", + status: 'Draft', + }, + { + id: 'CWE-228', + name: 'Improper Handling of Syntactically Invalid Structure', + status: 'Incomplete', + }, + { + id: 'CWE-229', + name: 'Improper Handling of Values', + status: 'Incomplete', + }, + { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, + { + id: 'CWE-230', + name: 'Improper Handling of Missing Values', + status: 'Draft', + }, + { + id: 'CWE-231', + name: 'Improper Handling of Extra Values', + status: 'Draft', + }, + { + id: 'CWE-232', + name: 'Improper Handling of Undefined Values', + status: 'Draft', + }, + { id: 'CWE-233', name: 'Parameter Problems', status: 'Incomplete' }, + { + id: 'CWE-234', + name: 'Failure to Handle Missing Parameter', + status: 'Incomplete', + }, + { + id: 'CWE-235', + name: 'Improper Handling of Extra Parameters', + status: 'Draft', + }, + { + id: 'CWE-236', + name: 'Improper Handling of Undefined Parameters', + status: 'Draft', + }, + { + id: 'CWE-237', + name: 'Improper Handling of Structural Elements', + status: 'Incomplete', + }, + { + id: 'CWE-238', + name: 'Improper Handling of Incomplete Structural Elements', + status: 'Draft', + }, + { + id: 'CWE-239', + name: 'Failure to Handle Incomplete Element', + status: 'Draft', + }, + { + id: 'CWE-24', + name: "Path Traversal: '../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-240', + name: 'Improper Handling of Inconsistent Structural Elements', + status: 'Draft', + }, + { + id: 'CWE-241', + name: 'Improper Handling of Unexpected Data Type', + status: 'Draft', + }, + { + id: 'CWE-242', + name: 'Use of Inherently Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-243', + name: 'Failure to Change Working Directory in chroot Jail', + status: 'Draft', + }, + { + id: 'CWE-244', + name: "Failure to Clear Heap Memory Before Release (aka 'Heap Inspection')", + status: 'Draft', + }, + { + id: 'CWE-245', + name: 'J2EE Bad Practices: Direct Management of Connections', + status: 'Draft', + }, + { + id: 'CWE-246', + name: 'J2EE Bad Practices: Direct Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-247', + name: 'Reliance on DNS Lookups in a Security Decision', + status: 'Incomplete', + }, + { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, + { + id: 'CWE-249', + name: 'Often Misused: Path Manipulation', + status: 'Incomplete', + }, + { + id: 'CWE-25', + name: "Path Traversal: '/../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-250', + name: 'Execution with Unnecessary Privileges', + status: 'Draft', + }, + { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, + { + id: 'CWE-253', + name: 'Incorrect Check of Function Return Value', + status: 'Incomplete', + }, + { + id: 'CWE-256', + name: 'Plaintext Storage of a Password', + status: 'Incomplete', + }, + { + id: 'CWE-257', + name: 'Storing Passwords in a Recoverable Format', + status: 'Incomplete', + }, + { + id: 'CWE-258', + name: 'Empty Password in Configuration File', + status: 'Incomplete', + }, + { id: 'CWE-259', name: 'Hard-Coded Password', status: 'Draft' }, + { + id: 'CWE-26', + name: "Path Traversal: '/dir/../filename'", + status: 'Draft', + }, + { + id: 'CWE-260', + name: 'Password in Configuration File', + status: 'Incomplete', + }, + { + id: 'CWE-261', + name: 'Weak Cryptography for Passwords', + status: 'Incomplete', + }, + { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, + { + id: 'CWE-263', + name: 'Password Aging with Long Expiration', + status: 'Draft', + }, + { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, + { + id: 'CWE-267', + name: 'Privilege Defined With Unsafe Actions', + status: 'Incomplete', + }, + { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, + { + id: 'CWE-269', + name: 'Insecure Privilege Management', + status: 'Incomplete', + }, + { + id: 'CWE-27', + name: "Path Traversal: 'dir/../../filename'", + status: 'Draft', + }, + { + id: 'CWE-270', + name: 'Privilege Context Switching Error', + status: 'Draft', + }, + { + id: 'CWE-271', + name: 'Privilege Dropping / Lowering Errors', + status: 'Incomplete', + }, + { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, + { + id: 'CWE-273', + name: 'Improper Check for Successfully Dropped Privileges', + status: 'Incomplete', + }, + { + id: 'CWE-274', + name: 'Failure to Handle Insufficient Privileges', + status: 'Draft', + }, + { id: 'CWE-276', name: 'Insecure Default Permissions', status: 'Draft' }, + { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, + { + id: 'CWE-278', + name: 'Insecure Preserved Inherited Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-279', + name: 'Insecure Execution-assigned Permissions', + status: 'Draft', + }, + { + id: 'CWE-28', + name: "Path Traversal: '..\\filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-280', + name: 'Improper Handling of Insufficient Permissions or Privileges ', + status: 'Draft', + }, + { id: 'CWE-281', name: 'Permission Preservation Failure', status: 'Draft' }, + { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, + { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, + { + id: 'CWE-284', + name: 'Access Control (Authorization) Issues', + status: 'Incomplete', + }, + { + id: 'CWE-285', + name: 'Improper Access Control (Authorization)', + status: 'Draft', + }, + { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, + { id: 'CWE-287', name: 'Improper Authentication', status: 'Draft' }, + { + id: 'CWE-288', + name: 'Authentication Bypass Using an Alternate Path or Channel', + status: 'Incomplete', + }, + { + id: 'CWE-289', + name: 'Authentication Bypass by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-29', + name: "Path Traversal: '\\..\\filename'", + status: 'Incomplete', + }, + { + id: 'CWE-290', + name: 'Authentication Bypass by Spoofing', + status: 'Incomplete', + }, + { + id: 'CWE-292', + name: 'Trusting Self-reported DNS Name', + status: 'Incomplete', + }, + { + id: 'CWE-293', + name: 'Using Referer Field for Authentication', + status: 'Draft', + }, + { + id: 'CWE-294', + name: 'Authentication Bypass by Capture-replay', + status: 'Incomplete', + }, + { + id: 'CWE-296', + name: 'Improper Following of Chain of Trust for Certificate Validation', + status: 'Draft', + }, + { + id: 'CWE-297', + name: 'Improper Validation of Host-specific Certificate Data', + status: 'Incomplete', + }, + { + id: 'CWE-298', + name: 'Improper Validation of Certificate Expiration', + status: 'Draft', + }, + { + id: 'CWE-299', + name: 'Improper Check for Certificate Revocation', + status: 'Draft', + }, + { + id: 'CWE-30', + name: "Path Traversal: '\\dir\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-300', + name: "Channel Accessible by Non-Endpoint (aka 'Man-in-the-Middle')", + status: 'Draft', + }, + { + id: 'CWE-301', + name: 'Reflection Attack in an Authentication Protocol', + status: 'Draft', + }, + { + id: 'CWE-302', + name: 'Authentication Bypass by Assumed-Immutable Data', + status: 'Incomplete', + }, + { + id: 'CWE-303', + name: 'Improper Implementation of Authentication Algorithm', + status: 'Draft', + }, + { + id: 'CWE-304', + name: 'Missing Critical Step in Authentication', + status: 'Draft', + }, + { + id: 'CWE-305', + name: 'Authentication Bypass by Primary Weakness', + status: 'Draft', + }, + { + id: 'CWE-306', + name: 'No Authentication for Critical Function', + status: 'Draft', + }, + { + id: 'CWE-307', + name: 'Failure to Restrict Excessive Authentication Attempts', + status: 'Draft', + }, + { + id: 'CWE-308', + name: 'Use of Single-factor Authentication', + status: 'Draft', + }, + { + id: 'CWE-309', + name: 'Use of Password System for Primary Authentication', + status: 'Draft', + }, + { + id: 'CWE-31', + name: "Path Traversal: 'dir\\..\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-311', + name: 'Failure to Encrypt Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-312', + name: 'Cleartext Storage of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-313', + name: 'Plaintext Storage in a File or on Disk', + status: 'Draft', + }, + { + id: 'CWE-314', + name: 'Plaintext Storage in the Registry', + status: 'Draft', + }, + { id: 'CWE-315', name: 'Plaintext Storage in a Cookie', status: 'Draft' }, + { id: 'CWE-316', name: 'Plaintext Storage in Memory', status: 'Draft' }, + { id: 'CWE-317', name: 'Plaintext Storage in GUI', status: 'Draft' }, + { id: 'CWE-318', name: 'Plaintext Storage in Executable', status: 'Draft' }, + { + id: 'CWE-319', + name: 'Cleartext Transmission of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-32', + name: "Path Traversal: '...' (Triple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-321', + name: 'Use of Hard-coded Cryptographic Key', + status: 'Draft', + }, + { + id: 'CWE-322', + name: 'Key Exchange without Entity Authentication', + status: 'Draft', + }, + { + id: 'CWE-323', + name: 'Reusing a Nonce, Key Pair in Encryption', + status: 'Incomplete', + }, + { + id: 'CWE-324', + name: 'Use of a Key Past its Expiration Date', + status: 'Draft', + }, + { + id: 'CWE-325', + name: 'Missing Required Cryptographic Step', + status: 'Incomplete', + }, + { id: 'CWE-326', name: 'Weak Encryption', status: 'Draft' }, + { + id: 'CWE-327', + name: 'Use of a Broken or Risky Cryptographic Algorithm', + status: 'Draft', + }, + { id: 'CWE-328', name: 'Reversible One-Way Hash', status: 'Draft' }, + { + id: 'CWE-329', + name: 'Not Using a Random IV with CBC Mode', + status: 'Draft', + }, + { + id: 'CWE-33', + name: "Path Traversal: '....' (Multiple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-330', + name: 'Use of Insufficiently Random Values', + status: 'Draft', + }, + { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, + { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, + { + id: 'CWE-333', + name: 'Failure to Handle Insufficient Entropy in TRNG', + status: 'Draft', + }, + { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, + { id: 'CWE-335', name: 'PRNG Seed Error', status: 'Draft' }, + { id: 'CWE-336', name: 'Same Seed in PRNG', status: 'Draft' }, + { id: 'CWE-337', name: 'Predictable Seed in PRNG', status: 'Draft' }, + { + id: 'CWE-338', + name: 'Use of Cryptographically Weak PRNG', + status: 'Draft', + }, + { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, + { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, + { id: 'CWE-340', name: 'Predictability Problems', status: 'Incomplete' }, + { + id: 'CWE-341', + name: 'Predictable from Observable State', + status: 'Draft', + }, + { + id: 'CWE-342', + name: 'Predictable Exact Value from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-343', + name: 'Predictable Value Range from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-344', + name: 'Use of Invariant Value in Dynamically Changing Context', + status: 'Draft', + }, + { + id: 'CWE-345', + name: 'Insufficient Verification of Data Authenticity', + status: 'Draft', + }, + { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, + { id: 'CWE-347', name: 'Improperly Verified Signature', status: 'Draft' }, + { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, + { + id: 'CWE-349', + name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', + status: 'Draft', + }, + { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, + { id: 'CWE-350', name: 'Improperly Trusted Reverse DNS', status: 'Draft' }, + { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, + { + id: 'CWE-353', + name: 'Failure to Add Integrity Check Value', + status: 'Draft', + }, + { + id: 'CWE-354', + name: 'Improper Validation of Integrity Check Value', + status: 'Draft', + }, + { + id: 'CWE-356', + name: 'Product UI does not Warn User of Unsafe Actions', + status: 'Incomplete', + }, + { + id: 'CWE-357', + name: 'Insufficient UI Warning of Dangerous Operations', + status: 'Draft', + }, + { + id: 'CWE-358', + name: 'Improperly Implemented Security Check for Standard', + status: 'Draft', + }, + { id: 'CWE-359', name: 'Privacy Violation', status: 'Incomplete' }, + { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, + { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, + { id: 'CWE-362', name: 'Race Condition', status: 'Draft' }, + { + id: 'CWE-363', + name: 'Race Condition Enabling Link Following', + status: 'Draft', + }, + { + id: 'CWE-364', + name: 'Signal Handler Race Condition', + status: 'Incomplete', + }, + { id: 'CWE-365', name: 'Race Condition in Switch', status: 'Draft' }, + { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, + { + id: 'CWE-367', + name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', + status: 'Incomplete', + }, + { + id: 'CWE-368', + name: 'Context Switching Race Condition', + status: 'Draft', + }, + { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, + { + id: 'CWE-37', + name: "Path Traversal: '/absolute/pathname/here'", + status: 'Draft', + }, + { + id: 'CWE-370', + name: 'Race Condition in Checking for Certificate Revocation', + status: 'Draft', + }, + { + id: 'CWE-372', + name: 'Incomplete Internal State Distinction', + status: 'Draft', + }, + { id: 'CWE-373', name: 'State Synchronization Error', status: 'Draft' }, + { + id: 'CWE-374', + name: 'Mutable Objects Passed by Reference', + status: 'Draft', + }, + { + id: 'CWE-375', + name: 'Passing Mutable Objects to an Untrusted Method', + status: 'Draft', + }, + { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, + { + id: 'CWE-378', + name: 'Creation of Temporary File With Insecure Permissions', + status: 'Draft', + }, + { + id: 'CWE-379', + name: 'Creation of Temporary File in Directory with Insecure Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-38', + name: "Path Traversal: '\\absolute\\pathname\\here'", + status: 'Draft', + }, + { + id: 'CWE-382', + name: 'J2EE Bad Practices: Use of System.exit()', + status: 'Draft', + }, + { + id: 'CWE-383', + name: 'J2EE Bad Practices: Direct Use of Threads', + status: 'Draft', + }, + { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, + { + id: 'CWE-386', + name: 'Symbolic Name not Mapping to Correct Object', + status: 'Draft', + }, + { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, + { + id: 'CWE-390', + name: 'Detection of Error Condition Without Action', + status: 'Draft', + }, + { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, + { + id: 'CWE-392', + name: 'Failure to Report Error in Status Code', + status: 'Draft', + }, + { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, + { + id: 'CWE-394', + name: 'Unexpected Status Code or Return Value', + status: 'Draft', + }, + { + id: 'CWE-395', + name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', + status: 'Draft', + }, + { + id: 'CWE-396', + name: 'Declaration of Catch for Generic Exception', + status: 'Draft', + }, + { + id: 'CWE-397', + name: 'Declaration of Throws for Generic Exception', + status: 'Draft', + }, + { id: 'CWE-398', name: 'Indicator of Poor Code Quality', status: 'Draft' }, + { + id: 'CWE-40', + name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", + status: 'Draft', + }, + { + id: 'CWE-400', + name: "Uncontrolled Resource Consumption (aka 'Resource Exhaustion')", + status: 'Incomplete', + }, + { + id: 'CWE-401', + name: "Failure to Release Memory Before Removing Last Reference (aka 'Memory Leak')", + status: 'Draft', + }, + { + id: 'CWE-402', + name: "Transmission of Private Resources into a New Sphere (aka 'Resource Leak')", + status: 'Draft', + }, + { id: 'CWE-403', name: 'UNIX File Descriptor Leak', status: 'Draft' }, + { + id: 'CWE-404', + name: 'Improper Resource Shutdown or Release', + status: 'Draft', + }, + { + id: 'CWE-405', + name: 'Asymmetric Resource Consumption (Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-406', + name: 'Insufficient Control of Network Message Volume (Network Amplification)', + status: 'Incomplete', + }, + { id: 'CWE-407', name: 'Algorithmic Complexity', status: 'Incomplete' }, + { + id: 'CWE-408', + name: 'Incorrect Behavior Order: Early Amplification', + status: 'Draft', + }, + { + id: 'CWE-409', + name: 'Failure to Handle Highly Compressed Data (Data Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-41', + name: 'Failure to Resolve Path Equivalence', + status: 'Incomplete', + }, + { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, + { + id: 'CWE-412', + name: 'Unrestricted Lock on Critical Resource', + status: 'Incomplete', + }, + { id: 'CWE-413', name: 'Insufficient Resource Locking', status: 'Draft' }, + { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, + { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, + { id: 'CWE-416', name: 'Use After Free', status: 'Draft' }, + { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, + { + id: 'CWE-42', + name: "Path Equivalence: 'filename.' (Trailing Dot)", + status: 'Incomplete', + }, + { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, + { + id: 'CWE-421', + name: 'Race Condition During Access to Alternate Channel', + status: 'Draft', + }, + { + id: 'CWE-422', + name: "Unprotected Windows Messaging Channel ('Shatter')", + status: 'Draft', + }, + { + id: 'CWE-423', + name: 'DEPRECATED (Duplicate): Proxied Trusted Channel', + status: 'Deprecated', + }, + { + id: 'CWE-424', + name: 'Failure to Protect Alternate Path', + status: 'Draft', + }, + { + id: 'CWE-425', + name: "Direct Request ('Forced Browsing')", + status: 'Incomplete', + }, + { + id: 'CWE-427', + name: 'Uncontrolled Search Path Element', + status: 'Draft', + }, + { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, + { + id: 'CWE-43', + name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-430', + name: 'Deployment of Wrong Handler', + status: 'Incomplete', + }, + { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, + { + id: 'CWE-432', + name: 'Dangerous Handler not Disabled During Sensitive Operations', + status: 'Draft', + }, + { + id: 'CWE-433', + name: 'Unparsed Raw Web Content Delivery', + status: 'Incomplete', + }, + { id: 'CWE-435', name: 'Interaction Error', status: 'Draft' }, + { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, + { + id: 'CWE-437', + name: 'Incomplete Model of Endpoint Features', + status: 'Incomplete', + }, + { + id: 'CWE-439', + name: 'Behavioral Change in New Version or Environment', + status: 'Draft', + }, + { + id: 'CWE-44', + name: "Path Equivalence: 'file.name' (Internal Dot)", + status: 'Incomplete', + }, + { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, + { id: 'CWE-441', name: 'Unintended Proxy/Intermediary', status: 'Draft' }, + { + id: 'CWE-443', + name: 'DEPRECATED (Duplicate): HTTP response splitting', + status: 'Deprecated', + }, + { + id: 'CWE-444', + name: "Inconsistent Interpretation of HTTP Requests (aka 'HTTP Request Smuggling')", + status: 'Incomplete', + }, + { + id: 'CWE-446', + name: 'UI Discrepancy for Security Feature', + status: 'Incomplete', + }, + { + id: 'CWE-447', + name: 'Unimplemented or Unsupported Feature in UI', + status: 'Draft', + }, + { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, + { + id: 'CWE-449', + name: 'The UI Performs the Wrong Action', + status: 'Incomplete', + }, + { + id: 'CWE-45', + name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-450', + name: 'Multiple Interpretations of UI Input', + status: 'Draft', + }, + { + id: 'CWE-451', + name: 'UI Misrepresentation of Critical Information', + status: 'Draft', + }, + { + id: 'CWE-453', + name: 'Insecure Default Variable Initialization', + status: 'Draft', + }, + { + id: 'CWE-454', + name: 'External Initialization of Trusted Variables', + status: 'Draft', + }, + { + id: 'CWE-455', + name: 'Non-exit on Failed Initialization', + status: 'Draft', + }, + { id: 'CWE-456', name: 'Missing Initialization', status: 'Draft' }, + { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, + { + id: 'CWE-458', + name: 'DEPRECATED: Incorrect Initialization', + status: 'Deprecated', + }, + { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, + { + id: 'CWE-46', + name: "Path Equivalence: 'filename ' (Trailing Space)", + status: 'Incomplete', + }, + { + id: 'CWE-460', + name: 'Improper Cleanup on Thrown Exception', + status: 'Draft', + }, + { + id: 'CWE-462', + name: 'Duplicate Key in Associative List (Alist)', + status: 'Incomplete', + }, + { + id: 'CWE-463', + name: 'Deletion of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-464', + name: 'Addition of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-466', + name: 'Return of Pointer Value Outside of Expected Range', + status: 'Draft', + }, + { + id: 'CWE-467', + name: 'Use of sizeof() on a Pointer Type', + status: 'Draft', + }, + { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, + { + id: 'CWE-469', + name: 'Use of Pointer Subtraction to Determine Size', + status: 'Draft', + }, + { + id: 'CWE-47', + name: "Path Equivalence: ' filename (Leading Space)", + status: 'Incomplete', + }, + { + id: 'CWE-470', + name: "Use of Externally-Controlled Input to Select Classes or Code (aka 'Unsafe Reflection')", + status: 'Draft', + }, + { + id: 'CWE-471', + name: 'Modification of Assumed-Immutable Data (MAID)', + status: 'Draft', + }, + { + id: 'CWE-472', + name: 'External Control of Assumed-Immutable Web Parameter', + status: 'Draft', + }, + { + id: 'CWE-473', + name: 'PHP External Variable Modification', + status: 'Draft', + }, + { + id: 'CWE-474', + name: 'Use of Function with Inconsistent Implementations', + status: 'Draft', + }, + { + id: 'CWE-475', + name: 'Undefined Behavior for Input to API', + status: 'Incomplete', + }, + { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Draft' }, + { id: 'CWE-477', name: 'Use of Obsolete Functions', status: 'Draft' }, + { + id: 'CWE-478', + name: 'Failure to Use Default Case in Switch', + status: 'Draft', + }, + { + id: 'CWE-479', + name: 'Unsafe Function Call from a Signal Handler', + status: 'Draft', + }, + { + id: 'CWE-48', + name: "Path Equivalence: 'file name' (Internal Whitespace)", + status: 'Incomplete', + }, + { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, + { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, + { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, + { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, + { + id: 'CWE-484', + name: 'Omitted Break Statement in Switch', + status: 'Draft', + }, + { id: 'CWE-485', name: 'Insufficient Encapsulation', status: 'Draft' }, + { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, + { + id: 'CWE-487', + name: 'Reliance on Package-level Scope', + status: 'Incomplete', + }, + { id: 'CWE-488', name: 'Data Leak Between Sessions', status: 'Draft' }, + { id: 'CWE-489', name: 'Leftover Debug Code', status: 'Draft' }, + { + id: 'CWE-49', + name: "Path Equivalence: 'filename/' (Trailing Slash)", + status: 'Incomplete', + }, + { + id: 'CWE-491', + name: "Public cloneable() Method Without Final (aka 'Object Hijack')", + status: 'Draft', + }, + { + id: 'CWE-492', + name: 'Use of Inner Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-493', + name: 'Critical Public Variable Without Final Modifier', + status: 'Draft', + }, + { + id: 'CWE-494', + name: 'Download of Code Without Integrity Check', + status: 'Draft', + }, + { + id: 'CWE-495', + name: 'Private Array-Typed Field Returned From A Public Method', + status: 'Draft', + }, + { + id: 'CWE-496', + name: 'Public Data Assigned to Private Array-Typed Field', + status: 'Incomplete', + }, + { + id: 'CWE-497', + name: 'Information Leak of System Data', + status: 'Incomplete', + }, + { + id: 'CWE-498', + name: 'Information Leak through Class Cloning', + status: 'Draft', + }, + { + id: 'CWE-499', + name: 'Serializable Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-5', + name: 'J2EE Misconfiguration: Data Transmission Without Encryption', + status: 'Draft', + }, + { + id: 'CWE-50', + name: "Path Equivalence: '//multiple/leading/slash'", + status: 'Incomplete', + }, + { + id: 'CWE-500', + name: 'Public Static Field Not Marked Final', + status: 'Draft', + }, + { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, + { + id: 'CWE-502', + name: 'Deserialization of Untrusted Data', + status: 'Draft', + }, + { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, + { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, + { + id: 'CWE-508', + name: 'Non-Replicating Malicious Code', + status: 'Incomplete', + }, + { + id: 'CWE-509', + name: 'Replicating Malicious Code (Virus or Worm)', + status: 'Incomplete', + }, + { + id: 'CWE-51', + name: "Path Equivalence: '/multiple//internal/slash'", + status: 'Incomplete', + }, + { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, + { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, + { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, + { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, + { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, + { + id: 'CWE-516', + name: 'DEPRECATED (Duplicate): Covert Timing Channel', + status: 'Deprecated', + }, + { + id: 'CWE-52', + name: "Path Equivalence: '/multiple/trailing/slash//'", + status: 'Incomplete', + }, + { + id: 'CWE-520', + name: '.NET Misconfiguration: Use of Impersonation', + status: 'Incomplete', + }, + { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, + { + id: 'CWE-522', + name: 'Insufficiently Protected Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-523', + name: 'Unprotected Transport of Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-524', + name: 'Information Leak Through Caching', + status: 'Incomplete', + }, + { + id: 'CWE-525', + name: 'Information Leak Through Browser Caching', + status: 'Incomplete', + }, + { + id: 'CWE-526', + name: 'Information Leak Through Environmental Variables', + status: 'Incomplete', + }, + { + id: 'CWE-527', + name: 'Information Leak Through CVS Repository', + status: 'Incomplete', + }, + { + id: 'CWE-528', + name: 'Information Leak Through Core Dump Files', + status: 'Draft', + }, + { + id: 'CWE-529', + name: 'Information Leak Through Access Control List Files', + status: 'Incomplete', + }, + { + id: 'CWE-53', + name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", + status: 'Incomplete', + }, + { + id: 'CWE-530', + name: 'Information Leak Through Backup (.~bk) Files', + status: 'Incomplete', + }, + { + id: 'CWE-531', + name: 'Information Leak Through Test Code', + status: 'Incomplete', + }, + { + id: 'CWE-532', + name: 'Information Leak Through Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-533', + name: 'Information Leak Through Server Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-534', + name: 'Information Leak Through Debug Log Files', + status: 'Draft', + }, + { + id: 'CWE-535', + name: 'Information Leak Through Shell Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-536', + name: 'Information Leak Through Servlet Runtime Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-537', + name: 'Information Leak Through Java Runtime Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-538', + name: 'File and Directory Information Leaks', + status: 'Draft', + }, + { + id: 'CWE-539', + name: 'Information Leak Through Persistent Cookies', + status: 'Incomplete', + }, + { + id: 'CWE-54', + name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", + status: 'Incomplete', + }, + { + id: 'CWE-540', + name: 'Information Leak Through Source Code', + status: 'Incomplete', + }, + { + id: 'CWE-541', + name: 'Information Leak Through Include Source Code', + status: 'Incomplete', + }, + { + id: 'CWE-542', + name: 'Information Leak Through Cleanup Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-543', + name: 'Use of Singleton Pattern in a Non-thread-safe Manner', + status: 'Incomplete', + }, + { + id: 'CWE-544', + name: 'Failure to Use a Standardized Error Handling Mechanism', + status: 'Draft', + }, + { + id: 'CWE-545', + name: 'Use of Dynamic Class Loading', + status: 'Incomplete', + }, + { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, + { + id: 'CWE-547', + name: 'Use of Hard-coded, Security-relevant Constants', + status: 'Draft', + }, + { + id: 'CWE-548', + name: 'Information Leak Through Directory Listing', + status: 'Draft', + }, + { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, + { + id: 'CWE-55', + name: "Path Equivalence: '/./' (Single Dot Directory)", + status: 'Incomplete', + }, + { + id: 'CWE-550', + name: 'Information Leak Through Server Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-551', + name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', + status: 'Incomplete', + }, + { + id: 'CWE-552', + name: 'Files or Directories Accessible to External Parties', + status: 'Draft', + }, + { + id: 'CWE-553', + name: 'Command Shell in Externally Accessible Directory', + status: 'Incomplete', + }, + { + id: 'CWE-554', + name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', + status: 'Draft', + }, + { + id: 'CWE-555', + name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-556', + name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', + status: 'Incomplete', + }, + { + id: 'CWE-558', + name: 'Use of getlogin() in Multithreaded Application', + status: 'Draft', + }, + { + id: 'CWE-56', + name: "Path Equivalence: 'filedir*' (Wildcard)", + status: 'Incomplete', + }, + { + id: 'CWE-560', + name: 'Use of umask() with chmod-style Argument', + status: 'Draft', + }, + { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, + { + id: 'CWE-562', + name: 'Return of Stack Variable Address', + status: 'Draft', + }, + { id: 'CWE-563', name: 'Unused Variable', status: 'Draft' }, + { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, + { + id: 'CWE-565', + name: 'Use of Cookies in Security Decision', + status: 'Incomplete', + }, + { + id: 'CWE-566', + name: 'Access Control Bypass Through User-Controlled SQL Primary Key', + status: 'Incomplete', + }, + { + id: 'CWE-567', + name: 'Unsynchronized Access to Shared Data', + status: 'Draft', + }, + { + id: 'CWE-568', + name: 'finalize() Method Without super.finalize()', + status: 'Draft', + }, + { + id: 'CWE-57', + name: "Path Equivalence: 'fakedir/../realdir/filename'", + status: 'Incomplete', + }, + { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, + { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, + { + id: 'CWE-572', + name: 'Call to Thread run() instead of start()', + status: 'Draft', + }, + { id: 'CWE-573', name: 'Failure to Follow Specification', status: 'Draft' }, + { + id: 'CWE-574', + name: 'EJB Bad Practices: Use of Synchronization Primitives', + status: 'Draft', + }, + { + id: 'CWE-575', + name: 'EJB Bad Practices: Use of AWT Swing', + status: 'Draft', + }, + { + id: 'CWE-576', + name: 'EJB Bad Practices: Use of Java I/O', + status: 'Draft', + }, + { + id: 'CWE-577', + name: 'EJB Bad Practices: Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-578', + name: 'EJB Bad Practices: Use of Class Loader', + status: 'Draft', + }, + { + id: 'CWE-579', + name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', + status: 'Draft', + }, + { + id: 'CWE-58', + name: 'Path Equivalence: Windows 8.3 Filename', + status: 'Incomplete', + }, + { + id: 'CWE-580', + name: 'clone() Method Without super.clone()', + status: 'Draft', + }, + { + id: 'CWE-581', + name: 'Object Model Violation: Just One of Equals and Hashcode Defined', + status: 'Draft', + }, + { + id: 'CWE-582', + name: 'Array Declared Public, Final, and Static', + status: 'Draft', + }, + { + id: 'CWE-583', + name: 'finalize() Method Declared Public', + status: 'Incomplete', + }, + { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, + { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, + { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, + { + id: 'CWE-587', + name: 'Assignment of a Fixed Address to a Pointer', + status: 'Draft', + }, + { + id: 'CWE-588', + name: 'Attempt to Access Child of a Non-structure Pointer', + status: 'Incomplete', + }, + { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, + { + id: 'CWE-59', + name: "Failure to Resolve Links Before File Access (aka 'Link Following')", + status: 'Draft', + }, + { + id: 'CWE-590', + name: 'Free of Invalid Pointer Not on the Heap', + status: 'Incomplete', + }, + { + id: 'CWE-591', + name: 'Sensitive Data Storage in Improperly Locked Memory', + status: 'Draft', + }, + { + id: 'CWE-592', + name: 'Authentication Bypass Issues', + status: 'Incomplete', + }, + { + id: 'CWE-593', + name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', + status: 'Draft', + }, + { + id: 'CWE-594', + name: 'J2EE Framework: Saving Unserializable Objects to Disk', + status: 'Incomplete', + }, + { + id: 'CWE-595', + name: 'Incorrect Syntactic Object Comparison', + status: 'Incomplete', + }, + { + id: 'CWE-596', + name: 'Incorrect Semantic Object Comparison', + status: 'Incomplete', + }, + { + id: 'CWE-597', + name: 'Use of Wrong Operator in String Comparison', + status: 'Draft', + }, + { + id: 'CWE-598', + name: 'Information Leak Through Query Strings in GET Request', + status: 'Draft', + }, + { + id: 'CWE-599', + name: 'Trust of OpenSSL Certificate Without Validation', + status: 'Incomplete', + }, + { + id: 'CWE-6', + name: 'J2EE Misconfiguration: Insufficient Session-ID Length', + status: 'Incomplete', + }, + { + id: 'CWE-600', + name: 'Failure to Catch All Exceptions in Servlet ', + status: 'Draft', + }, + { + id: 'CWE-601', + name: "URL Redirection to Untrusted Site (aka 'Open Redirect')", + status: 'Draft', + }, + { + id: 'CWE-602', + name: 'Client-Side Enforcement of Server-Side Security', + status: 'Draft', + }, + { + id: 'CWE-603', + name: 'Use of Client-Side Authentication', + status: 'Draft', + }, + { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, + { + id: 'CWE-606', + name: 'Unchecked Input for Loop Condition', + status: 'Draft', + }, + { + id: 'CWE-607', + name: 'Public Static Final Field References Mutable Object', + status: 'Draft', + }, + { + id: 'CWE-608', + name: 'Struts: Non-private Field in ActionForm Class', + status: 'Draft', + }, + { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, + { + id: 'CWE-610', + name: 'Externally Controlled Reference to a Resource in Another Sphere', + status: 'Draft', + }, + { + id: 'CWE-611', + name: 'Information Leak Through XML External Entity File Disclosure', + status: 'Draft', + }, + { + id: 'CWE-612', + name: 'Information Leak Through Indexing of Private Data', + status: 'Draft', + }, + { + id: 'CWE-613', + name: 'Insufficient Session Expiration', + status: 'Incomplete', + }, + { + id: 'CWE-614', + name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", + status: 'Draft', + }, + { + id: 'CWE-615', + name: 'Information Leak Through Comments', + status: 'Incomplete', + }, + { + id: 'CWE-616', + name: 'Incomplete Identification of Uploaded File Variables (PHP)', + status: 'Incomplete', + }, + { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, + { + id: 'CWE-618', + name: 'Exposed Unsafe ActiveX Method', + status: 'Incomplete', + }, + { + id: 'CWE-619', + name: "Dangling Database Cursor (aka 'Cursor Injection')", + status: 'Incomplete', + }, + { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, + { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, + { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, + { + id: 'CWE-622', + name: 'Unvalidated Function Hook Arguments', + status: 'Draft', + }, + { + id: 'CWE-623', + name: 'Unsafe ActiveX Control Marked Safe For Scripting', + status: 'Draft', + }, + { + id: 'CWE-624', + name: 'Executable Regular Expression Error', + status: 'Incomplete', + }, + { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, + { + id: 'CWE-626', + name: 'Null Byte Interaction Error (Poison Null Byte)', + status: 'Draft', + }, + { + id: 'CWE-627', + name: 'Dynamic Variable Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-628', + name: 'Function Call with Incorrectly Specified Arguments', + status: 'Draft', + }, + { + id: 'CWE-636', + name: "Not Failing Securely (aka 'Failing Open')", + status: 'Draft', + }, + { + id: 'CWE-637', + name: 'Failure to Use Economy of Mechanism', + status: 'Draft', + }, + { + id: 'CWE-638', + name: 'Failure to Use Complete Mediation', + status: 'Draft', + }, + { + id: 'CWE-639', + name: 'Access Control Bypass Through User-Controlled Key', + status: 'Incomplete', + }, + { + id: 'CWE-64', + name: 'Windows Shortcut Following (.LNK)', + status: 'Incomplete', + }, + { + id: 'CWE-640', + name: 'Weak Password Recovery Mechanism for Forgotten Password', + status: 'Incomplete', + }, + { + id: 'CWE-641', + name: 'Insufficient Filtering of File and Other Resource Names for Executable Content', + status: 'Incomplete', + }, + { + id: 'CWE-642', + name: 'External Control of Critical State Data', + status: 'Draft', + }, + { + id: 'CWE-643', + name: "Failure to Sanitize Data within XPath Expressions (aka 'XPath injection')", + status: 'Incomplete', + }, + { + id: 'CWE-644', + name: 'Insufficient Sanitization of HTTP Headers for Scripting Syntax', + status: 'Incomplete', + }, + { + id: 'CWE-645', + name: 'Overly Restrictive Account Lockout Mechanism', + status: 'Incomplete', + }, + { + id: 'CWE-646', + name: 'Reliance on File Name or Extension of Externally-Supplied File', + status: 'Incomplete', + }, + { + id: 'CWE-647', + name: 'Use of Non-Canonical URL Paths for Authorization Decisions', + status: 'Incomplete', + }, + { + id: 'CWE-648', + name: 'Improper Use of Privileged APIs', + status: 'Incomplete', + }, + { + id: 'CWE-649', + name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', + status: 'Incomplete', + }, + { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, + { + id: 'CWE-650', + name: 'Trusting HTTP Permission Methods on the Server Side', + status: 'Incomplete', + }, + { + id: 'CWE-651', + name: 'Information Leak through WSDL File', + status: 'Incomplete', + }, + { + id: 'CWE-652', + name: "Failure to Sanitize Data within XQuery Expressions (aka 'XQuery Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-653', + name: 'Insufficient Compartmentalization', + status: 'Draft', + }, + { + id: 'CWE-654', + name: 'Reliance on a Single Factor in a Security Decision', + status: 'Draft', + }, + { + id: 'CWE-655', + name: 'Failure to Satisfy Psychological Acceptability', + status: 'Draft', + }, + { + id: 'CWE-656', + name: 'Reliance on Security through Obscurity', + status: 'Draft', + }, + { + id: 'CWE-657', + name: 'Violation of Secure Design Principles', + status: 'Draft', + }, + { + id: 'CWE-66', + name: 'Improper Handling of File Names that Identify Virtual Resources', + status: 'Draft', + }, + { id: 'CWE-662', name: 'Insufficient Synchronization', status: 'Draft' }, + { + id: 'CWE-663', + name: 'Use of a Non-reentrant Function in an Unsynchronized Context', + status: 'Draft', + }, + { + id: 'CWE-664', + name: 'Insufficient Control of a Resource Through its Lifetime', + status: 'Draft', + }, + { id: 'CWE-665', name: 'Improper Initialization', status: 'Draft' }, + { + id: 'CWE-666', + name: 'Operation on Resource in Wrong Phase of Lifetime', + status: 'Draft', + }, + { id: 'CWE-667', name: 'Insufficient Locking', status: 'Draft' }, + { + id: 'CWE-668', + name: 'Exposure of Resource to Wrong Sphere', + status: 'Draft', + }, + { + id: 'CWE-669', + name: 'Incorrect Resource Transfer Between Spheres', + status: 'Draft', + }, + { + id: 'CWE-67', + name: 'Improper Handling of Windows Device Names', + status: 'Incomplete', + }, + { + id: 'CWE-670', + name: 'Always-Incorrect Control Flow Implementation', + status: 'Draft', + }, + { + id: 'CWE-671', + name: 'Lack of Administrator Control over Security', + status: 'Draft', + }, + { + id: 'CWE-672', + name: 'Use of a Resource after Expiration or Release', + status: 'Draft', + }, + { + id: 'CWE-673', + name: 'External Influence of Sphere Definition', + status: 'Draft', + }, + { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, + { + id: 'CWE-675', + name: 'Duplicate Operations on Resource', + status: 'Draft', + }, + { + id: 'CWE-676', + name: 'Use of Potentially Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-681', + name: 'Incorrect Conversion between Numeric Types', + status: 'Draft', + }, + { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, + { + id: 'CWE-683', + name: 'Function Call With Incorrect Order of Arguments', + status: 'Draft', + }, + { + id: 'CWE-684', + name: 'Failure to Provide Specified Functionality', + status: 'Draft', + }, + { + id: 'CWE-685', + name: 'Function Call With Incorrect Number of Arguments', + status: 'Draft', + }, + { + id: 'CWE-686', + name: 'Function Call With Incorrect Argument Type', + status: 'Draft', + }, + { + id: 'CWE-687', + name: 'Function Call With Incorrectly Specified Argument Value', + status: 'Draft', + }, + { + id: 'CWE-688', + name: 'Function Call With Incorrect Variable or Reference as Argument', + status: 'Draft', + }, + { + id: 'CWE-69', + name: 'Failure to Handle Windows ::DATA Alternate Data Stream', + status: 'Incomplete', + }, + { + id: 'CWE-691', + name: 'Insufficient Control Flow Management', + status: 'Draft', + }, + { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, + { + id: 'CWE-694', + name: 'Use of Multiple Resources with Duplicate Identifier', + status: 'Incomplete', + }, + { + id: 'CWE-695', + name: 'Use of Low-Level Functionality', + status: 'Incomplete', + }, + { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, + { id: 'CWE-697', name: 'Insufficient Comparison', status: 'Incomplete' }, + { id: 'CWE-698', name: 'Redirect Without Exit', status: 'Incomplete' }, + { + id: 'CWE-7', + name: 'J2EE Misconfiguration: Missing Custom Error Page', + status: 'Incomplete', + }, + { + id: 'CWE-703', + name: 'Failure to Handle Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-704', + name: 'Incorrect Type Conversion or Cast', + status: 'Incomplete', + }, + { + id: 'CWE-705', + name: 'Incorrect Control Flow Scoping', + status: 'Incomplete', + }, + { + id: 'CWE-706', + name: 'Use of Incorrectly-Resolved Name or Reference', + status: 'Incomplete', + }, + { + id: 'CWE-707', + name: 'Failure to Enforce that Messages or Data are Well-Formed', + status: 'Incomplete', + }, + { + id: 'CWE-708', + name: 'Incorrect Ownership Assignment', + status: 'Incomplete', + }, + { id: 'CWE-71', name: "Apple '.DS_Store'", status: 'Incomplete' }, + { id: 'CWE-710', name: 'Coding Standards Violation', status: 'Incomplete' }, + { + id: 'CWE-72', + name: 'Failure to Handle Apple HFS+ Alternate Data Stream Path', + status: 'Incomplete', + }, + { + id: 'CWE-73', + name: 'External Control of File Name or Path', + status: 'Draft', + }, + { + id: 'CWE-732', + name: 'Insecure Permission Assignment for Critical Resource', + status: 'Draft', + }, + { + id: 'CWE-733', + name: 'Compiler Optimization Removal or Modification of Security-critical Code', + status: 'Incomplete', + }, + { + id: 'CWE-74', + name: "Failure to Sanitize Data into a Different Plane (aka 'Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-749', + name: 'Exposed Dangerous Method or Function', + status: 'Incomplete', + }, + { + id: 'CWE-75', + name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', + status: 'Draft', + }, + { + id: 'CWE-754', + name: 'Improper Check for Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-755', + name: 'Improper Handling of Exceptional Conditions', + status: 'Incomplete', + }, + { id: 'CWE-756', name: 'Missing Custom Error Page', status: 'Incomplete' }, + { + id: 'CWE-757', + name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", + status: 'Incomplete', + }, + { + id: 'CWE-758', + name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', + status: 'Incomplete', + }, + { + id: 'CWE-759', + name: 'Use of a One-Way Hash without a Salt', + status: 'Incomplete', + }, + { + id: 'CWE-76', + name: 'Failure to Resolve Equivalent Special Elements into a Different Plane', + status: 'Draft', + }, + { + id: 'CWE-760', + name: 'Use of a One-Way Hash with a Predictable Salt', + status: 'Incomplete', + }, + { + id: 'CWE-77', + name: "Failure to Sanitize Data into a Control Plane (aka 'Command Injection')", + status: 'Draft', + }, + { + id: 'CWE-78', + name: "Failure to Preserve OS Command Structure (aka 'OS Command Injection')", + status: 'Draft', + }, + { + id: 'CWE-79', + name: "Failure to Preserve Web Page Structure (aka 'Cross-site Scripting')", + status: 'Draft', + }, + { + id: 'CWE-8', + name: 'J2EE Misconfiguration: Entity Bean Declared Remote', + status: 'Incomplete', + }, + { + id: 'CWE-80', + name: 'Failure to Sanitize Script-Related HTML Tags in a Web Page (Basic XSS)', + status: 'Incomplete', + }, + { + id: 'CWE-81', + name: 'Failure to Sanitize Directives in an Error Message Web Page', + status: 'Incomplete', + }, + { + id: 'CWE-82', + name: 'Failure to Sanitize Script in Attributes of IMG Tags in a Web Page', + status: 'Incomplete', + }, + { + id: 'CWE-83', + name: 'Failure to Sanitize Script in Attributes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-84', + name: 'Failure to Resolve Encoded URI Schemes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-85', + name: 'Doubled Character XSS Manipulations', + status: 'Draft', + }, + { + id: 'CWE-86', + name: 'Failure to Sanitize Invalid Characters in Identifiers in Web Pages', + status: 'Draft', + }, + { + id: 'CWE-87', + name: 'Failure to Sanitize Alternate XSS Syntax', + status: 'Draft', + }, + { + id: 'CWE-88', + name: 'Argument Injection or Modification', + status: 'Draft', + }, + { + id: 'CWE-89', + name: "Failure to Preserve SQL Query Structure (aka 'SQL Injection')", + status: 'Draft', + }, + { + id: 'CWE-9', + name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', + status: 'Draft', + }, + { + id: 'CWE-90', + name: "Failure to Sanitize Data into LDAP Queries (aka 'LDAP Injection')", + status: 'Draft', + }, + { + id: 'CWE-91', + name: 'XML Injection (aka Blind XPath Injection)', + status: 'Draft', + }, + { + id: 'CWE-92', + name: 'Insufficient Sanitization of Custom Special Characters', + status: 'Incomplete', + }, + { + id: 'CWE-93', + name: "Failure to Sanitize CRLF Sequences (aka 'CRLF Injection')", + status: 'Draft', + }, + { + id: 'CWE-94', + name: "Failure to Control Generation of Code (aka 'Code Injection')", + status: 'Draft', + }, + { + id: 'CWE-95', + name: "Insufficient Control of Directives in Dynamically Evaluated Code (aka 'Eval Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-96', + name: 'Insufficient Control of Directives in Statically Saved Code (Static Code Injection)', + status: 'Draft', + }, + { + id: 'CWE-97', + name: 'Failure to Sanitize Server-Side Includes (SSI) Within a Web Page', + status: 'Draft', + }, + { + id: 'CWE-99', + name: "Insufficient Control of Resource Identifiers (aka 'Resource Injection')", + status: 'Draft', + }, + ], +} diff --git a/lib/cwec/1.4.js b/lib/cwec/1.4.js new file mode 100644 index 00000000..f09b805a --- /dev/null +++ b/lib/cwec/1.4.js @@ -0,0 +1,2582 @@ +export default { + weaknesses: [ + { + id: 'CWE-100', + name: 'Technology-Specific Input Validation Problems', + status: 'Incomplete', + }, + { + id: 'CWE-102', + name: 'Struts: Duplicate Validation Forms', + status: 'Incomplete', + }, + { + id: 'CWE-103', + name: 'Struts: Incomplete validate() Method Definition', + status: 'Draft', + }, + { + id: 'CWE-104', + name: 'Struts: Form Bean Does Not Extend Validation Class', + status: 'Draft', + }, + { + id: 'CWE-105', + name: 'Struts: Form Field Without Validator', + status: 'Draft', + }, + { + id: 'CWE-106', + name: 'Struts: Plug-in Framework not in Use', + status: 'Draft', + }, + { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, + { + id: 'CWE-108', + name: 'Struts: Unvalidated Action Form', + status: 'Incomplete', + }, + { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, + { + id: 'CWE-11', + name: 'ASP.NET Misconfiguration: Creating Debug Binary', + status: 'Draft', + }, + { + id: 'CWE-110', + name: 'Struts: Validator Without Form Field', + status: 'Draft', + }, + { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, + { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, + { + id: 'CWE-113', + name: "Failure to Sanitize CRLF Sequences in HTTP Headers ('HTTP Response Splitting')", + status: 'Incomplete', + }, + { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, + { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, + { + id: 'CWE-116', + name: 'Improper Encoding or Escaping of Output', + status: 'Draft', + }, + { + id: 'CWE-117', + name: 'Improper Output Sanitization for Logs', + status: 'Draft', + }, + { + id: 'CWE-118', + name: "Improper Access of Indexable Resource ('Range Error')", + status: 'Incomplete', + }, + { + id: 'CWE-119', + name: 'Failure to Constrain Operations within the Bounds of a Memory Buffer', + status: 'Draft', + }, + { + id: 'CWE-12', + name: 'ASP.NET Misconfiguration: Missing Custom Error Page', + status: 'Draft', + }, + { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, + { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, + { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, + { + id: 'CWE-124', + name: "Boundary Beginning Violation ('Buffer Underwrite')", + status: 'Incomplete', + }, + { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, + { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, + { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, + { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, + { id: 'CWE-129', name: 'Unchecked Array Indexing', status: 'Draft' }, + { + id: 'CWE-13', + name: 'ASP.NET Misconfiguration: Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-130', + name: 'Improper Handling of Length Parameter Inconsistency ', + status: 'Incomplete', + }, + { + id: 'CWE-131', + name: 'Incorrect Calculation of Buffer Size', + status: 'Draft', + }, + { + id: 'CWE-132', + name: 'DEPRECATED (Duplicate): Miscalculated Null Termination', + status: 'Deprecated', + }, + { id: 'CWE-134', name: 'Uncontrolled Format String', status: 'Draft' }, + { + id: 'CWE-135', + name: 'Incorrect Calculation of Multi-Byte String Length', + status: 'Draft', + }, + { + id: 'CWE-138', + name: 'Improper Sanitization of Special Elements', + status: 'Draft', + }, + { + id: 'CWE-14', + name: 'Compiler Removal of Code to Clear Buffers', + status: 'Draft', + }, + { id: 'CWE-140', name: 'Failure to Sanitize Delimiters', status: 'Draft' }, + { + id: 'CWE-141', + name: 'Failure to Sanitize Parameter/Argument Delimiters', + status: 'Draft', + }, + { + id: 'CWE-142', + name: 'Failure to Sanitize Value Delimiters', + status: 'Draft', + }, + { + id: 'CWE-143', + name: 'Failure to Sanitize Record Delimiters', + status: 'Draft', + }, + { + id: 'CWE-144', + name: 'Failure to Sanitize Line Delimiters', + status: 'Draft', + }, + { + id: 'CWE-145', + name: 'Failure to Sanitize Section Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-146', + name: 'Failure to Sanitize Expression/Command Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-147', + name: 'Improper Sanitization of Input Terminators', + status: 'Draft', + }, + { + id: 'CWE-148', + name: 'Failure to Sanitize Input Leaders', + status: 'Draft', + }, + { + id: 'CWE-149', + name: 'Failure to Sanitize Quoting Syntax', + status: 'Draft', + }, + { + id: 'CWE-15', + name: 'External Control of System or Configuration Setting', + status: 'Incomplete', + }, + { + id: 'CWE-150', + name: 'Failure to Sanitize Escape, Meta, or Control Sequences', + status: 'Incomplete', + }, + { + id: 'CWE-151', + name: 'Improper Sanitization of Comment Delimiters', + status: 'Draft', + }, + { + id: 'CWE-152', + name: 'Improper Sanitization of Macro Symbols', + status: 'Draft', + }, + { + id: 'CWE-153', + name: 'Improper Sanitization of Substitution Characters', + status: 'Draft', + }, + { + id: 'CWE-154', + name: 'Improper Sanitization of Variable Name Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-155', + name: 'Improper Sanitization of Wildcards or Matching Symbols', + status: 'Draft', + }, + { + id: 'CWE-156', + name: 'Improper Sanitization of Whitespace', + status: 'Draft', + }, + { + id: 'CWE-157', + name: 'Failure to Sanitize Paired Delimiters', + status: 'Draft', + }, + { + id: 'CWE-158', + name: 'Failure to Sanitize Null Byte or NUL Character', + status: 'Incomplete', + }, + { + id: 'CWE-159', + name: 'Failure to Sanitize Special Element', + status: 'Draft', + }, + { + id: 'CWE-160', + name: 'Improper Sanitization of Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-161', + name: 'Improper Sanitization of Multiple Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-162', + name: 'Improper Sanitization of Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-163', + name: 'Improper Sanitization of Multiple Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-164', + name: 'Improper Sanitization of Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-165', + name: 'Improper Sanitization of Multiple Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-166', + name: 'Improper Handling of Missing Special Element', + status: 'Draft', + }, + { + id: 'CWE-167', + name: 'Improper Handling of Additional Special Element', + status: 'Draft', + }, + { + id: 'CWE-168', + name: 'Failure to Resolve Inconsistent Special Elements', + status: 'Draft', + }, + { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, + { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, + { + id: 'CWE-173', + name: 'Failure to Handle Alternate Encoding', + status: 'Draft', + }, + { + id: 'CWE-174', + name: 'Double Decoding of the Same Data', + status: 'Draft', + }, + { + id: 'CWE-175', + name: 'Failure to Handle Mixed Encoding', + status: 'Draft', + }, + { + id: 'CWE-176', + name: 'Failure to Handle Unicode Encoding', + status: 'Draft', + }, + { + id: 'CWE-177', + name: 'Failure to Handle URL Encoding (Hex Encoding)', + status: 'Draft', + }, + { + id: 'CWE-178', + name: 'Failure to Resolve Case Sensitivity', + status: 'Incomplete', + }, + { + id: 'CWE-179', + name: 'Incorrect Behavior Order: Early Validation', + status: 'Incomplete', + }, + { + id: 'CWE-180', + name: 'Incorrect Behavior Order: Validate Before Canonicalize', + status: 'Draft', + }, + { + id: 'CWE-181', + name: 'Incorrect Behavior Order: Validate Before Filter', + status: 'Draft', + }, + { + id: 'CWE-182', + name: 'Collapse of Data Into Unsafe Value', + status: 'Draft', + }, + { id: 'CWE-183', name: 'Permissive Whitelist', status: 'Draft' }, + { id: 'CWE-184', name: 'Incomplete Blacklist', status: 'Draft' }, + { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, + { + id: 'CWE-186', + name: 'Overly Restrictive Regular Expression', + status: 'Draft', + }, + { id: 'CWE-187', name: 'Partial Comparison', status: 'Incomplete' }, + { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, + { + id: 'CWE-190', + name: 'Integer Overflow or Wraparound', + status: 'Incomplete', + }, + { + id: 'CWE-191', + name: 'Integer Underflow (Wrap or Wraparound)', + status: 'Draft', + }, + { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, + { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, + { + id: 'CWE-195', + name: 'Signed to Unsigned Conversion Error', + status: 'Draft', + }, + { + id: 'CWE-196', + name: 'Unsigned to Signed Conversion Error', + status: 'Draft', + }, + { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, + { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, + { id: 'CWE-20', name: 'Improper Input Validation', status: 'Draft' }, + { + id: 'CWE-200', + name: 'Information Leak (Information Disclosure)', + status: 'Incomplete', + }, + { + id: 'CWE-201', + name: 'Information Leak Through Sent Data', + status: 'Draft', + }, + { + id: 'CWE-202', + name: 'Privacy Leak through Data Queries', + status: 'Draft', + }, + { + id: 'CWE-203', + name: 'Discrepancy Information Leaks', + status: 'Incomplete', + }, + { + id: 'CWE-204', + name: 'Response Discrepancy Information Leak', + status: 'Incomplete', + }, + { + id: 'CWE-205', + name: 'Behavioral Discrepancy Information Leak', + status: 'Incomplete', + }, + { + id: 'CWE-206', + name: 'Internal Behavioral Inconsistency Information Leak', + status: 'Incomplete', + }, + { + id: 'CWE-207', + name: 'External Behavioral Inconsistency Information Leak', + status: 'Draft', + }, + { + id: 'CWE-208', + name: 'Timing Discrepancy Information Leak', + status: 'Incomplete', + }, + { id: 'CWE-209', name: 'Error Message Information Leak', status: 'Draft' }, + { + id: 'CWE-210', + name: 'Product-Generated Error Message Information Leak', + status: 'Draft', + }, + { + id: 'CWE-211', + name: 'Product-External Error Message Information Leak', + status: 'Incomplete', + }, + { + id: 'CWE-212', + name: 'Cross-boundary Cleansing Information Leak', + status: 'Incomplete', + }, + { id: 'CWE-213', name: 'Intended Information Leak', status: 'Draft' }, + { + id: 'CWE-214', + name: 'Process Environment Information Leak', + status: 'Incomplete', + }, + { + id: 'CWE-215', + name: 'Information Leak Through Debug Information', + status: 'Draft', + }, + { + id: 'CWE-216', + name: 'Containment Errors (Container Errors)', + status: 'Incomplete', + }, + { + id: 'CWE-217', + name: 'DEPRECATED: Failure to Protect Stored Data from Modification', + status: 'Deprecated', + }, + { + id: 'CWE-218', + name: 'DEPRECATED (Duplicate): Failure to provide confidentiality for stored data', + status: 'Deprecated', + }, + { id: 'CWE-219', name: 'Sensitive Data Under Web Root', status: 'Draft' }, + { id: 'CWE-22', name: 'Path Traversal', status: 'Draft' }, + { id: 'CWE-220', name: 'Sensitive Data Under FTP Root', status: 'Draft' }, + { + id: 'CWE-221', + name: 'Information Loss or Omission', + status: 'Incomplete', + }, + { + id: 'CWE-222', + name: 'Truncation of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-223', + name: 'Omission of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-224', + name: 'Obscured Security-relevant Information by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-225', + name: 'DEPRECATED (Duplicate): General Information Management Problems', + status: 'Deprecated', + }, + { + id: 'CWE-226', + name: 'Sensitive Information Uncleared Before Release', + status: 'Draft', + }, + { + id: 'CWE-227', + name: "Failure to Fulfill API Contract ('API Abuse')", + status: 'Draft', + }, + { + id: 'CWE-228', + name: 'Improper Handling of Syntactically Invalid Structure', + status: 'Incomplete', + }, + { + id: 'CWE-229', + name: 'Improper Handling of Values', + status: 'Incomplete', + }, + { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, + { + id: 'CWE-230', + name: 'Improper Handling of Missing Values', + status: 'Draft', + }, + { + id: 'CWE-231', + name: 'Improper Handling of Extra Values', + status: 'Draft', + }, + { + id: 'CWE-232', + name: 'Improper Handling of Undefined Values', + status: 'Draft', + }, + { id: 'CWE-233', name: 'Parameter Problems', status: 'Incomplete' }, + { + id: 'CWE-234', + name: 'Failure to Handle Missing Parameter', + status: 'Incomplete', + }, + { + id: 'CWE-235', + name: 'Improper Handling of Extra Parameters', + status: 'Draft', + }, + { + id: 'CWE-236', + name: 'Improper Handling of Undefined Parameters', + status: 'Draft', + }, + { + id: 'CWE-237', + name: 'Improper Handling of Structural Elements', + status: 'Incomplete', + }, + { + id: 'CWE-238', + name: 'Improper Handling of Incomplete Structural Elements', + status: 'Draft', + }, + { + id: 'CWE-239', + name: 'Failure to Handle Incomplete Element', + status: 'Draft', + }, + { + id: 'CWE-24', + name: "Path Traversal: '../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-240', + name: 'Improper Handling of Inconsistent Structural Elements', + status: 'Draft', + }, + { + id: 'CWE-241', + name: 'Improper Handling of Unexpected Data Type', + status: 'Draft', + }, + { + id: 'CWE-242', + name: 'Use of Inherently Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-243', + name: 'Failure to Change Working Directory in chroot Jail', + status: 'Draft', + }, + { + id: 'CWE-244', + name: "Failure to Clear Heap Memory Before Release ('Heap Inspection')", + status: 'Draft', + }, + { + id: 'CWE-245', + name: 'J2EE Bad Practices: Direct Management of Connections', + status: 'Draft', + }, + { + id: 'CWE-246', + name: 'J2EE Bad Practices: Direct Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-247', + name: 'Reliance on DNS Lookups in a Security Decision', + status: 'Incomplete', + }, + { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, + { + id: 'CWE-249', + name: 'Often Misused: Path Manipulation', + status: 'Incomplete', + }, + { + id: 'CWE-25', + name: "Path Traversal: '/../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-250', + name: 'Execution with Unnecessary Privileges', + status: 'Draft', + }, + { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, + { + id: 'CWE-253', + name: 'Incorrect Check of Function Return Value', + status: 'Incomplete', + }, + { + id: 'CWE-256', + name: 'Plaintext Storage of a Password', + status: 'Incomplete', + }, + { + id: 'CWE-257', + name: 'Storing Passwords in a Recoverable Format', + status: 'Incomplete', + }, + { + id: 'CWE-258', + name: 'Empty Password in Configuration File', + status: 'Incomplete', + }, + { id: 'CWE-259', name: 'Hard-Coded Password', status: 'Draft' }, + { + id: 'CWE-26', + name: "Path Traversal: '/dir/../filename'", + status: 'Draft', + }, + { + id: 'CWE-260', + name: 'Password in Configuration File', + status: 'Incomplete', + }, + { + id: 'CWE-261', + name: 'Weak Cryptography for Passwords', + status: 'Incomplete', + }, + { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, + { + id: 'CWE-263', + name: 'Password Aging with Long Expiration', + status: 'Draft', + }, + { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, + { + id: 'CWE-267', + name: 'Privilege Defined With Unsafe Actions', + status: 'Incomplete', + }, + { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, + { + id: 'CWE-269', + name: 'Improper Privilege Management', + status: 'Incomplete', + }, + { + id: 'CWE-27', + name: "Path Traversal: 'dir/../../filename'", + status: 'Draft', + }, + { + id: 'CWE-270', + name: 'Privilege Context Switching Error', + status: 'Draft', + }, + { + id: 'CWE-271', + name: 'Privilege Dropping / Lowering Errors', + status: 'Incomplete', + }, + { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, + { + id: 'CWE-273', + name: 'Improper Check for Dropped Privileges', + status: 'Incomplete', + }, + { + id: 'CWE-274', + name: 'Improper Handling of Insufficient Privileges', + status: 'Draft', + }, + { id: 'CWE-276', name: 'Incorrect Default Permissions', status: 'Draft' }, + { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, + { + id: 'CWE-278', + name: 'Insecure Preserved Inherited Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-279', + name: 'Incorrect Execution-Assigned Permissions', + status: 'Draft', + }, + { + id: 'CWE-28', + name: "Path Traversal: '..\\filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-280', + name: 'Improper Handling of Insufficient Permissions or Privileges ', + status: 'Draft', + }, + { + id: 'CWE-281', + name: 'Improper Preservation of Permissions', + status: 'Draft', + }, + { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, + { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, + { + id: 'CWE-284', + name: 'Access Control (Authorization) Issues', + status: 'Incomplete', + }, + { + id: 'CWE-285', + name: 'Improper Access Control (Authorization)', + status: 'Draft', + }, + { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, + { id: 'CWE-287', name: 'Improper Authentication', status: 'Draft' }, + { + id: 'CWE-288', + name: 'Authentication Bypass Using an Alternate Path or Channel', + status: 'Incomplete', + }, + { + id: 'CWE-289', + name: 'Authentication Bypass by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-29', + name: "Path Traversal: '\\..\\filename'", + status: 'Incomplete', + }, + { + id: 'CWE-290', + name: 'Authentication Bypass by Spoofing', + status: 'Incomplete', + }, + { + id: 'CWE-292', + name: 'Trusting Self-reported DNS Name', + status: 'Incomplete', + }, + { + id: 'CWE-293', + name: 'Using Referer Field for Authentication', + status: 'Draft', + }, + { + id: 'CWE-294', + name: 'Authentication Bypass by Capture-replay', + status: 'Incomplete', + }, + { + id: 'CWE-296', + name: 'Improper Following of Chain of Trust for Certificate Validation', + status: 'Draft', + }, + { + id: 'CWE-297', + name: 'Improper Validation of Host-specific Certificate Data', + status: 'Incomplete', + }, + { + id: 'CWE-298', + name: 'Improper Validation of Certificate Expiration', + status: 'Draft', + }, + { + id: 'CWE-299', + name: 'Improper Check for Certificate Revocation', + status: 'Draft', + }, + { + id: 'CWE-30', + name: "Path Traversal: '\\dir\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-300', + name: "Channel Accessible by Non-Endpoint ('Man-in-the-Middle')", + status: 'Draft', + }, + { + id: 'CWE-301', + name: 'Reflection Attack in an Authentication Protocol', + status: 'Draft', + }, + { + id: 'CWE-302', + name: 'Authentication Bypass by Assumed-Immutable Data', + status: 'Incomplete', + }, + { + id: 'CWE-303', + name: 'Incorrect Implementation of Authentication Algorithm', + status: 'Draft', + }, + { + id: 'CWE-304', + name: 'Missing Critical Step in Authentication', + status: 'Draft', + }, + { + id: 'CWE-305', + name: 'Authentication Bypass by Primary Weakness', + status: 'Draft', + }, + { + id: 'CWE-306', + name: 'No Authentication for Critical Function', + status: 'Draft', + }, + { + id: 'CWE-307', + name: 'Failure to Restrict Excessive Authentication Attempts', + status: 'Draft', + }, + { + id: 'CWE-308', + name: 'Use of Single-factor Authentication', + status: 'Draft', + }, + { + id: 'CWE-309', + name: 'Use of Password System for Primary Authentication', + status: 'Draft', + }, + { + id: 'CWE-31', + name: "Path Traversal: 'dir\\..\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-311', + name: 'Failure to Encrypt Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-312', + name: 'Cleartext Storage of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-313', + name: 'Plaintext Storage in a File or on Disk', + status: 'Draft', + }, + { + id: 'CWE-314', + name: 'Plaintext Storage in the Registry', + status: 'Draft', + }, + { id: 'CWE-315', name: 'Plaintext Storage in a Cookie', status: 'Draft' }, + { id: 'CWE-316', name: 'Plaintext Storage in Memory', status: 'Draft' }, + { id: 'CWE-317', name: 'Plaintext Storage in GUI', status: 'Draft' }, + { id: 'CWE-318', name: 'Plaintext Storage in Executable', status: 'Draft' }, + { + id: 'CWE-319', + name: 'Cleartext Transmission of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-32', + name: "Path Traversal: '...' (Triple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-321', + name: 'Use of Hard-coded Cryptographic Key', + status: 'Draft', + }, + { + id: 'CWE-322', + name: 'Key Exchange without Entity Authentication', + status: 'Draft', + }, + { + id: 'CWE-323', + name: 'Reusing a Nonce, Key Pair in Encryption', + status: 'Incomplete', + }, + { + id: 'CWE-324', + name: 'Use of a Key Past its Expiration Date', + status: 'Draft', + }, + { + id: 'CWE-325', + name: 'Missing Required Cryptographic Step', + status: 'Incomplete', + }, + { id: 'CWE-326', name: 'Weak Encryption', status: 'Draft' }, + { + id: 'CWE-327', + name: 'Use of a Broken or Risky Cryptographic Algorithm', + status: 'Draft', + }, + { id: 'CWE-328', name: 'Reversible One-Way Hash', status: 'Draft' }, + { + id: 'CWE-329', + name: 'Not Using a Random IV with CBC Mode', + status: 'Draft', + }, + { + id: 'CWE-33', + name: "Path Traversal: '....' (Multiple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-330', + name: 'Use of Insufficiently Random Values', + status: 'Draft', + }, + { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, + { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, + { + id: 'CWE-333', + name: 'Improper Handling of Insufficient Entropy in TRNG', + status: 'Draft', + }, + { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, + { id: 'CWE-335', name: 'PRNG Seed Error', status: 'Draft' }, + { id: 'CWE-336', name: 'Same Seed in PRNG', status: 'Draft' }, + { id: 'CWE-337', name: 'Predictable Seed in PRNG', status: 'Draft' }, + { + id: 'CWE-338', + name: 'Use of Cryptographically Weak PRNG', + status: 'Draft', + }, + { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, + { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, + { id: 'CWE-340', name: 'Predictability Problems', status: 'Incomplete' }, + { + id: 'CWE-341', + name: 'Predictable from Observable State', + status: 'Draft', + }, + { + id: 'CWE-342', + name: 'Predictable Exact Value from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-343', + name: 'Predictable Value Range from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-344', + name: 'Use of Invariant Value in Dynamically Changing Context', + status: 'Draft', + }, + { + id: 'CWE-345', + name: 'Insufficient Verification of Data Authenticity', + status: 'Draft', + }, + { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, + { + id: 'CWE-347', + name: 'Improper Verification of Cryptographic Signature', + status: 'Draft', + }, + { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, + { + id: 'CWE-349', + name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', + status: 'Draft', + }, + { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, + { id: 'CWE-350', name: 'Improperly Trusted Reverse DNS', status: 'Draft' }, + { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, + { + id: 'CWE-353', + name: 'Failure to Add Integrity Check Value', + status: 'Draft', + }, + { + id: 'CWE-354', + name: 'Improper Validation of Integrity Check Value', + status: 'Draft', + }, + { + id: 'CWE-356', + name: 'Product UI does not Warn User of Unsafe Actions', + status: 'Incomplete', + }, + { + id: 'CWE-357', + name: 'Insufficient UI Warning of Dangerous Operations', + status: 'Draft', + }, + { + id: 'CWE-358', + name: 'Improperly Implemented Security Check for Standard', + status: 'Draft', + }, + { id: 'CWE-359', name: 'Privacy Violation', status: 'Incomplete' }, + { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, + { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, + { id: 'CWE-362', name: 'Race Condition', status: 'Draft' }, + { + id: 'CWE-363', + name: 'Race Condition Enabling Link Following', + status: 'Draft', + }, + { + id: 'CWE-364', + name: 'Signal Handler Race Condition', + status: 'Incomplete', + }, + { id: 'CWE-365', name: 'Race Condition in Switch', status: 'Draft' }, + { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, + { + id: 'CWE-367', + name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', + status: 'Incomplete', + }, + { + id: 'CWE-368', + name: 'Context Switching Race Condition', + status: 'Draft', + }, + { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, + { + id: 'CWE-37', + name: "Path Traversal: '/absolute/pathname/here'", + status: 'Draft', + }, + { + id: 'CWE-370', + name: 'Missing Check for Certificate Revocation after Initial Check', + status: 'Draft', + }, + { + id: 'CWE-372', + name: 'Incomplete Internal State Distinction', + status: 'Draft', + }, + { id: 'CWE-373', name: 'State Synchronization Error', status: 'Draft' }, + { + id: 'CWE-374', + name: 'Mutable Objects Passed by Reference', + status: 'Draft', + }, + { + id: 'CWE-375', + name: 'Passing Mutable Objects to an Untrusted Method', + status: 'Draft', + }, + { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, + { + id: 'CWE-378', + name: 'Creation of Temporary File With Insecure Permissions', + status: 'Draft', + }, + { + id: 'CWE-379', + name: 'Creation of Temporary File in Directory with Incorrect Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-38', + name: "Path Traversal: '\\absolute\\pathname\\here'", + status: 'Draft', + }, + { + id: 'CWE-382', + name: 'J2EE Bad Practices: Use of System.exit()', + status: 'Draft', + }, + { + id: 'CWE-383', + name: 'J2EE Bad Practices: Direct Use of Threads', + status: 'Draft', + }, + { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, + { + id: 'CWE-386', + name: 'Symbolic Name not Mapping to Correct Object', + status: 'Draft', + }, + { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, + { + id: 'CWE-390', + name: 'Detection of Error Condition Without Action', + status: 'Draft', + }, + { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, + { + id: 'CWE-392', + name: 'Failure to Report Error in Status Code', + status: 'Draft', + }, + { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, + { + id: 'CWE-394', + name: 'Unexpected Status Code or Return Value', + status: 'Draft', + }, + { + id: 'CWE-395', + name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', + status: 'Draft', + }, + { + id: 'CWE-396', + name: 'Declaration of Catch for Generic Exception', + status: 'Draft', + }, + { + id: 'CWE-397', + name: 'Declaration of Throws for Generic Exception', + status: 'Draft', + }, + { id: 'CWE-398', name: 'Indicator of Poor Code Quality', status: 'Draft' }, + { + id: 'CWE-40', + name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", + status: 'Draft', + }, + { + id: 'CWE-400', + name: "Uncontrolled Resource Consumption ('Resource Exhaustion')", + status: 'Incomplete', + }, + { + id: 'CWE-401', + name: "Failure to Release Memory Before Removing Last Reference ('Memory Leak')", + status: 'Draft', + }, + { + id: 'CWE-402', + name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", + status: 'Draft', + }, + { id: 'CWE-403', name: 'UNIX File Descriptor Leak', status: 'Draft' }, + { + id: 'CWE-404', + name: 'Improper Resource Shutdown or Release', + status: 'Draft', + }, + { + id: 'CWE-405', + name: 'Asymmetric Resource Consumption (Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-406', + name: 'Insufficient Control of Network Message Volume (Network Amplification)', + status: 'Incomplete', + }, + { id: 'CWE-407', name: 'Algorithmic Complexity', status: 'Incomplete' }, + { + id: 'CWE-408', + name: 'Incorrect Behavior Order: Early Amplification', + status: 'Draft', + }, + { + id: 'CWE-409', + name: 'Improper Handling of Highly Compressed Data (Data Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-41', + name: 'Improper Resolution of Path Equivalence', + status: 'Incomplete', + }, + { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, + { + id: 'CWE-412', + name: 'Unrestricted Lock on Critical Resource', + status: 'Incomplete', + }, + { id: 'CWE-413', name: 'Insufficient Resource Locking', status: 'Draft' }, + { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, + { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, + { id: 'CWE-416', name: 'Use After Free', status: 'Draft' }, + { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, + { + id: 'CWE-42', + name: "Path Equivalence: 'filename.' (Trailing Dot)", + status: 'Incomplete', + }, + { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, + { + id: 'CWE-421', + name: 'Race Condition During Access to Alternate Channel', + status: 'Draft', + }, + { + id: 'CWE-422', + name: "Unprotected Windows Messaging Channel ('Shatter')", + status: 'Draft', + }, + { + id: 'CWE-423', + name: 'DEPRECATED (Duplicate): Proxied Trusted Channel', + status: 'Deprecated', + }, + { + id: 'CWE-424', + name: 'Failure to Protect Alternate Path', + status: 'Draft', + }, + { + id: 'CWE-425', + name: "Direct Request ('Forced Browsing')", + status: 'Incomplete', + }, + { + id: 'CWE-427', + name: 'Uncontrolled Search Path Element', + status: 'Draft', + }, + { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, + { + id: 'CWE-43', + name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-430', + name: 'Deployment of Wrong Handler', + status: 'Incomplete', + }, + { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, + { + id: 'CWE-432', + name: 'Dangerous Handler not Disabled During Sensitive Operations', + status: 'Draft', + }, + { + id: 'CWE-433', + name: 'Unparsed Raw Web Content Delivery', + status: 'Incomplete', + }, + { id: 'CWE-435', name: 'Interaction Error', status: 'Draft' }, + { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, + { + id: 'CWE-437', + name: 'Incomplete Model of Endpoint Features', + status: 'Incomplete', + }, + { + id: 'CWE-439', + name: 'Behavioral Change in New Version or Environment', + status: 'Draft', + }, + { + id: 'CWE-44', + name: "Path Equivalence: 'file.name' (Internal Dot)", + status: 'Incomplete', + }, + { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, + { id: 'CWE-441', name: 'Unintended Proxy/Intermediary', status: 'Draft' }, + { + id: 'CWE-443', + name: 'DEPRECATED (Duplicate): HTTP response splitting', + status: 'Deprecated', + }, + { + id: 'CWE-444', + name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')", + status: 'Incomplete', + }, + { + id: 'CWE-446', + name: 'UI Discrepancy for Security Feature', + status: 'Incomplete', + }, + { + id: 'CWE-447', + name: 'Unimplemented or Unsupported Feature in UI', + status: 'Draft', + }, + { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, + { + id: 'CWE-449', + name: 'The UI Performs the Wrong Action', + status: 'Incomplete', + }, + { + id: 'CWE-45', + name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-450', + name: 'Multiple Interpretations of UI Input', + status: 'Draft', + }, + { + id: 'CWE-451', + name: 'UI Misrepresentation of Critical Information', + status: 'Draft', + }, + { + id: 'CWE-453', + name: 'Insecure Default Variable Initialization', + status: 'Draft', + }, + { + id: 'CWE-454', + name: 'External Initialization of Trusted Variables', + status: 'Draft', + }, + { + id: 'CWE-455', + name: 'Non-exit on Failed Initialization', + status: 'Draft', + }, + { id: 'CWE-456', name: 'Missing Initialization', status: 'Draft' }, + { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, + { + id: 'CWE-458', + name: 'DEPRECATED: Incorrect Initialization', + status: 'Deprecated', + }, + { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, + { + id: 'CWE-46', + name: "Path Equivalence: 'filename ' (Trailing Space)", + status: 'Incomplete', + }, + { + id: 'CWE-460', + name: 'Improper Cleanup on Thrown Exception', + status: 'Draft', + }, + { + id: 'CWE-462', + name: 'Duplicate Key in Associative List (Alist)', + status: 'Incomplete', + }, + { + id: 'CWE-463', + name: 'Deletion of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-464', + name: 'Addition of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-466', + name: 'Return of Pointer Value Outside of Expected Range', + status: 'Draft', + }, + { + id: 'CWE-467', + name: 'Use of sizeof() on a Pointer Type', + status: 'Draft', + }, + { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, + { + id: 'CWE-469', + name: 'Use of Pointer Subtraction to Determine Size', + status: 'Draft', + }, + { + id: 'CWE-47', + name: "Path Equivalence: ' filename (Leading Space)", + status: 'Incomplete', + }, + { + id: 'CWE-470', + name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", + status: 'Draft', + }, + { + id: 'CWE-471', + name: 'Modification of Assumed-Immutable Data (MAID)', + status: 'Draft', + }, + { + id: 'CWE-472', + name: 'External Control of Assumed-Immutable Web Parameter', + status: 'Draft', + }, + { + id: 'CWE-473', + name: 'PHP External Variable Modification', + status: 'Draft', + }, + { + id: 'CWE-474', + name: 'Use of Function with Inconsistent Implementations', + status: 'Draft', + }, + { + id: 'CWE-475', + name: 'Undefined Behavior for Input to API', + status: 'Incomplete', + }, + { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Draft' }, + { id: 'CWE-477', name: 'Use of Obsolete Functions', status: 'Draft' }, + { + id: 'CWE-478', + name: 'Missing Default Case in Switch Statement', + status: 'Draft', + }, + { + id: 'CWE-479', + name: 'Unsafe Function Call from a Signal Handler', + status: 'Draft', + }, + { + id: 'CWE-48', + name: "Path Equivalence: 'file name' (Internal Whitespace)", + status: 'Incomplete', + }, + { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, + { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, + { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, + { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, + { + id: 'CWE-484', + name: 'Omitted Break Statement in Switch', + status: 'Draft', + }, + { id: 'CWE-485', name: 'Insufficient Encapsulation', status: 'Draft' }, + { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, + { + id: 'CWE-487', + name: 'Reliance on Package-level Scope', + status: 'Incomplete', + }, + { id: 'CWE-488', name: 'Data Leak Between Sessions', status: 'Draft' }, + { id: 'CWE-489', name: 'Leftover Debug Code', status: 'Draft' }, + { + id: 'CWE-49', + name: "Path Equivalence: 'filename/' (Trailing Slash)", + status: 'Incomplete', + }, + { + id: 'CWE-491', + name: "Public cloneable() Method Without Final ('Object Hijack')", + status: 'Draft', + }, + { + id: 'CWE-492', + name: 'Use of Inner Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-493', + name: 'Critical Public Variable Without Final Modifier', + status: 'Draft', + }, + { + id: 'CWE-494', + name: 'Download of Code Without Integrity Check', + status: 'Draft', + }, + { + id: 'CWE-495', + name: 'Private Array-Typed Field Returned From A Public Method', + status: 'Draft', + }, + { + id: 'CWE-496', + name: 'Public Data Assigned to Private Array-Typed Field', + status: 'Incomplete', + }, + { + id: 'CWE-497', + name: 'Information Leak of System Data', + status: 'Incomplete', + }, + { + id: 'CWE-498', + name: 'Information Leak through Class Cloning', + status: 'Draft', + }, + { + id: 'CWE-499', + name: 'Serializable Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-5', + name: 'J2EE Misconfiguration: Data Transmission Without Encryption', + status: 'Draft', + }, + { + id: 'CWE-50', + name: "Path Equivalence: '//multiple/leading/slash'", + status: 'Incomplete', + }, + { + id: 'CWE-500', + name: 'Public Static Field Not Marked Final', + status: 'Draft', + }, + { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, + { + id: 'CWE-502', + name: 'Deserialization of Untrusted Data', + status: 'Draft', + }, + { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, + { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, + { + id: 'CWE-508', + name: 'Non-Replicating Malicious Code', + status: 'Incomplete', + }, + { + id: 'CWE-509', + name: 'Replicating Malicious Code (Virus or Worm)', + status: 'Incomplete', + }, + { + id: 'CWE-51', + name: "Path Equivalence: '/multiple//internal/slash'", + status: 'Incomplete', + }, + { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, + { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, + { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, + { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, + { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, + { + id: 'CWE-516', + name: 'DEPRECATED (Duplicate): Covert Timing Channel', + status: 'Deprecated', + }, + { + id: 'CWE-52', + name: "Path Equivalence: '/multiple/trailing/slash//'", + status: 'Incomplete', + }, + { + id: 'CWE-520', + name: '.NET Misconfiguration: Use of Impersonation', + status: 'Incomplete', + }, + { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, + { + id: 'CWE-522', + name: 'Insufficiently Protected Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-523', + name: 'Unprotected Transport of Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-524', + name: 'Information Leak Through Caching', + status: 'Incomplete', + }, + { + id: 'CWE-525', + name: 'Information Leak Through Browser Caching', + status: 'Incomplete', + }, + { + id: 'CWE-526', + name: 'Information Leak Through Environmental Variables', + status: 'Incomplete', + }, + { + id: 'CWE-527', + name: 'Information Leak Through CVS Repository', + status: 'Incomplete', + }, + { + id: 'CWE-528', + name: 'Information Leak Through Core Dump Files', + status: 'Draft', + }, + { + id: 'CWE-529', + name: 'Information Leak Through Access Control List Files', + status: 'Incomplete', + }, + { + id: 'CWE-53', + name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", + status: 'Incomplete', + }, + { + id: 'CWE-530', + name: 'Information Leak Through Backup (.~bk) Files', + status: 'Incomplete', + }, + { + id: 'CWE-531', + name: 'Information Leak Through Test Code', + status: 'Incomplete', + }, + { + id: 'CWE-532', + name: 'Information Leak Through Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-533', + name: 'Information Leak Through Server Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-534', + name: 'Information Leak Through Debug Log Files', + status: 'Draft', + }, + { + id: 'CWE-535', + name: 'Information Leak Through Shell Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-536', + name: 'Information Leak Through Servlet Runtime Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-537', + name: 'Information Leak Through Java Runtime Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-538', + name: 'File and Directory Information Leaks', + status: 'Draft', + }, + { + id: 'CWE-539', + name: 'Information Leak Through Persistent Cookies', + status: 'Incomplete', + }, + { + id: 'CWE-54', + name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", + status: 'Incomplete', + }, + { + id: 'CWE-540', + name: 'Information Leak Through Source Code', + status: 'Incomplete', + }, + { + id: 'CWE-541', + name: 'Information Leak Through Include Source Code', + status: 'Incomplete', + }, + { + id: 'CWE-542', + name: 'Information Leak Through Cleanup Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-543', + name: 'Use of Singleton Pattern in a Non-thread-safe Manner', + status: 'Incomplete', + }, + { + id: 'CWE-544', + name: 'Failure to Use a Standardized Error Handling Mechanism', + status: 'Draft', + }, + { + id: 'CWE-545', + name: 'Use of Dynamic Class Loading', + status: 'Incomplete', + }, + { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, + { + id: 'CWE-547', + name: 'Use of Hard-coded, Security-relevant Constants', + status: 'Draft', + }, + { + id: 'CWE-548', + name: 'Information Leak Through Directory Listing', + status: 'Draft', + }, + { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, + { + id: 'CWE-55', + name: "Path Equivalence: '/./' (Single Dot Directory)", + status: 'Incomplete', + }, + { + id: 'CWE-550', + name: 'Information Leak Through Server Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-551', + name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', + status: 'Incomplete', + }, + { + id: 'CWE-552', + name: 'Files or Directories Accessible to External Parties', + status: 'Draft', + }, + { + id: 'CWE-553', + name: 'Command Shell in Externally Accessible Directory', + status: 'Incomplete', + }, + { + id: 'CWE-554', + name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', + status: 'Draft', + }, + { + id: 'CWE-555', + name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-556', + name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', + status: 'Incomplete', + }, + { + id: 'CWE-558', + name: 'Use of getlogin() in Multithreaded Application', + status: 'Draft', + }, + { + id: 'CWE-56', + name: "Path Equivalence: 'filedir*' (Wildcard)", + status: 'Incomplete', + }, + { + id: 'CWE-560', + name: 'Use of umask() with chmod-style Argument', + status: 'Draft', + }, + { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, + { + id: 'CWE-562', + name: 'Return of Stack Variable Address', + status: 'Draft', + }, + { id: 'CWE-563', name: 'Unused Variable', status: 'Draft' }, + { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, + { + id: 'CWE-565', + name: 'Use of Cookies in Security Decision', + status: 'Incomplete', + }, + { + id: 'CWE-566', + name: 'Access Control Bypass Through User-Controlled SQL Primary Key', + status: 'Incomplete', + }, + { + id: 'CWE-567', + name: 'Unsynchronized Access to Shared Data', + status: 'Draft', + }, + { + id: 'CWE-568', + name: 'finalize() Method Without super.finalize()', + status: 'Draft', + }, + { + id: 'CWE-57', + name: "Path Equivalence: 'fakedir/../realdir/filename'", + status: 'Incomplete', + }, + { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, + { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, + { + id: 'CWE-572', + name: 'Call to Thread run() instead of start()', + status: 'Draft', + }, + { id: 'CWE-573', name: 'Failure to Follow Specification', status: 'Draft' }, + { + id: 'CWE-574', + name: 'EJB Bad Practices: Use of Synchronization Primitives', + status: 'Draft', + }, + { + id: 'CWE-575', + name: 'EJB Bad Practices: Use of AWT Swing', + status: 'Draft', + }, + { + id: 'CWE-576', + name: 'EJB Bad Practices: Use of Java I/O', + status: 'Draft', + }, + { + id: 'CWE-577', + name: 'EJB Bad Practices: Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-578', + name: 'EJB Bad Practices: Use of Class Loader', + status: 'Draft', + }, + { + id: 'CWE-579', + name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', + status: 'Draft', + }, + { + id: 'CWE-58', + name: 'Path Equivalence: Windows 8.3 Filename', + status: 'Incomplete', + }, + { + id: 'CWE-580', + name: 'clone() Method Without super.clone()', + status: 'Draft', + }, + { + id: 'CWE-581', + name: 'Object Model Violation: Just One of Equals and Hashcode Defined', + status: 'Draft', + }, + { + id: 'CWE-582', + name: 'Array Declared Public, Final, and Static', + status: 'Draft', + }, + { + id: 'CWE-583', + name: 'finalize() Method Declared Public', + status: 'Incomplete', + }, + { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, + { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, + { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, + { + id: 'CWE-587', + name: 'Assignment of a Fixed Address to a Pointer', + status: 'Draft', + }, + { + id: 'CWE-588', + name: 'Attempt to Access Child of a Non-structure Pointer', + status: 'Incomplete', + }, + { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, + { + id: 'CWE-59', + name: "Improper Link Resolution Before File Access ('Link Following')", + status: 'Draft', + }, + { + id: 'CWE-590', + name: 'Free of Memory not on the Heap', + status: 'Incomplete', + }, + { + id: 'CWE-591', + name: 'Sensitive Data Storage in Improperly Locked Memory', + status: 'Draft', + }, + { + id: 'CWE-592', + name: 'Authentication Bypass Issues', + status: 'Incomplete', + }, + { + id: 'CWE-593', + name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', + status: 'Draft', + }, + { + id: 'CWE-594', + name: 'J2EE Framework: Saving Unserializable Objects to Disk', + status: 'Incomplete', + }, + { + id: 'CWE-595', + name: 'Comparison of Object References Instead of Object Contents', + status: 'Incomplete', + }, + { + id: 'CWE-596', + name: 'Incorrect Semantic Object Comparison', + status: 'Incomplete', + }, + { + id: 'CWE-597', + name: 'Use of Wrong Operator in String Comparison', + status: 'Draft', + }, + { + id: 'CWE-598', + name: 'Information Leak Through Query Strings in GET Request', + status: 'Draft', + }, + { + id: 'CWE-599', + name: 'Trust of OpenSSL Certificate Without Validation', + status: 'Incomplete', + }, + { + id: 'CWE-6', + name: 'J2EE Misconfiguration: Insufficient Session-ID Length', + status: 'Incomplete', + }, + { + id: 'CWE-600', + name: 'Failure to Catch All Exceptions in Servlet ', + status: 'Draft', + }, + { + id: 'CWE-601', + name: "URL Redirection to Untrusted Site ('Open Redirect')", + status: 'Draft', + }, + { + id: 'CWE-602', + name: 'Client-Side Enforcement of Server-Side Security', + status: 'Draft', + }, + { + id: 'CWE-603', + name: 'Use of Client-Side Authentication', + status: 'Draft', + }, + { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, + { + id: 'CWE-606', + name: 'Unchecked Input for Loop Condition', + status: 'Draft', + }, + { + id: 'CWE-607', + name: 'Public Static Final Field References Mutable Object', + status: 'Draft', + }, + { + id: 'CWE-608', + name: 'Struts: Non-private Field in ActionForm Class', + status: 'Draft', + }, + { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, + { + id: 'CWE-610', + name: 'Externally Controlled Reference to a Resource in Another Sphere', + status: 'Draft', + }, + { + id: 'CWE-611', + name: 'Information Leak Through XML External Entity File Disclosure', + status: 'Draft', + }, + { + id: 'CWE-612', + name: 'Information Leak Through Indexing of Private Data', + status: 'Draft', + }, + { + id: 'CWE-613', + name: 'Insufficient Session Expiration', + status: 'Incomplete', + }, + { + id: 'CWE-614', + name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", + status: 'Draft', + }, + { + id: 'CWE-615', + name: 'Information Leak Through Comments', + status: 'Incomplete', + }, + { + id: 'CWE-616', + name: 'Incomplete Identification of Uploaded File Variables (PHP)', + status: 'Incomplete', + }, + { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, + { + id: 'CWE-618', + name: 'Exposed Unsafe ActiveX Method', + status: 'Incomplete', + }, + { + id: 'CWE-619', + name: "Dangling Database Cursor ('Cursor Injection')", + status: 'Incomplete', + }, + { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, + { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, + { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, + { + id: 'CWE-622', + name: 'Unvalidated Function Hook Arguments', + status: 'Draft', + }, + { + id: 'CWE-623', + name: 'Unsafe ActiveX Control Marked Safe For Scripting', + status: 'Draft', + }, + { + id: 'CWE-624', + name: 'Executable Regular Expression Error', + status: 'Incomplete', + }, + { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, + { + id: 'CWE-626', + name: 'Null Byte Interaction Error (Poison Null Byte)', + status: 'Draft', + }, + { + id: 'CWE-627', + name: 'Dynamic Variable Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-628', + name: 'Function Call with Incorrectly Specified Arguments', + status: 'Draft', + }, + { + id: 'CWE-636', + name: "Not Failing Securely ('Failing Open')", + status: 'Draft', + }, + { + id: 'CWE-637', + name: 'Failure to Use Economy of Mechanism', + status: 'Draft', + }, + { + id: 'CWE-638', + name: 'Failure to Use Complete Mediation', + status: 'Draft', + }, + { + id: 'CWE-639', + name: 'Access Control Bypass Through User-Controlled Key', + status: 'Incomplete', + }, + { + id: 'CWE-64', + name: 'Windows Shortcut Following (.LNK)', + status: 'Incomplete', + }, + { + id: 'CWE-640', + name: 'Weak Password Recovery Mechanism for Forgotten Password', + status: 'Incomplete', + }, + { + id: 'CWE-641', + name: 'Insufficient Filtering of File and Other Resource Names for Executable Content', + status: 'Incomplete', + }, + { + id: 'CWE-642', + name: 'External Control of Critical State Data', + status: 'Draft', + }, + { + id: 'CWE-643', + name: "Failure to Sanitize Data within XPath Expressions ('XPath injection')", + status: 'Incomplete', + }, + { + id: 'CWE-644', + name: 'Improper Sanitization of HTTP Headers for Scripting Syntax', + status: 'Incomplete', + }, + { + id: 'CWE-645', + name: 'Overly Restrictive Account Lockout Mechanism', + status: 'Incomplete', + }, + { + id: 'CWE-646', + name: 'Reliance on File Name or Extension of Externally-Supplied File', + status: 'Incomplete', + }, + { + id: 'CWE-647', + name: 'Use of Non-Canonical URL Paths for Authorization Decisions', + status: 'Incomplete', + }, + { + id: 'CWE-648', + name: 'Incorrect Use of Privileged APIs', + status: 'Incomplete', + }, + { + id: 'CWE-649', + name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', + status: 'Incomplete', + }, + { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, + { + id: 'CWE-650', + name: 'Trusting HTTP Permission Methods on the Server Side', + status: 'Incomplete', + }, + { + id: 'CWE-651', + name: 'Information Leak through WSDL File', + status: 'Incomplete', + }, + { + id: 'CWE-652', + name: "Failure to Sanitize Data within XQuery Expressions ('XQuery Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-653', + name: 'Insufficient Compartmentalization', + status: 'Draft', + }, + { + id: 'CWE-654', + name: 'Reliance on a Single Factor in a Security Decision', + status: 'Draft', + }, + { + id: 'CWE-655', + name: 'Insufficient Psychological Acceptability', + status: 'Draft', + }, + { + id: 'CWE-656', + name: 'Reliance on Security through Obscurity', + status: 'Draft', + }, + { + id: 'CWE-657', + name: 'Violation of Secure Design Principles', + status: 'Draft', + }, + { + id: 'CWE-66', + name: 'Improper Handling of File Names that Identify Virtual Resources', + status: 'Draft', + }, + { id: 'CWE-662', name: 'Insufficient Synchronization', status: 'Draft' }, + { + id: 'CWE-663', + name: 'Use of a Non-reentrant Function in an Unsynchronized Context', + status: 'Draft', + }, + { + id: 'CWE-664', + name: 'Improper Control of a Resource Through its Lifetime', + status: 'Draft', + }, + { id: 'CWE-665', name: 'Improper Initialization', status: 'Draft' }, + { + id: 'CWE-666', + name: 'Operation on Resource in Wrong Phase of Lifetime', + status: 'Draft', + }, + { id: 'CWE-667', name: 'Insufficient Locking', status: 'Draft' }, + { + id: 'CWE-668', + name: 'Exposure of Resource to Wrong Sphere', + status: 'Draft', + }, + { + id: 'CWE-669', + name: 'Incorrect Resource Transfer Between Spheres', + status: 'Draft', + }, + { + id: 'CWE-67', + name: 'Improper Handling of Windows Device Names', + status: 'Incomplete', + }, + { + id: 'CWE-670', + name: 'Always-Incorrect Control Flow Implementation', + status: 'Draft', + }, + { + id: 'CWE-671', + name: 'Lack of Administrator Control over Security', + status: 'Draft', + }, + { + id: 'CWE-672', + name: 'Use of a Resource after Expiration or Release', + status: 'Draft', + }, + { + id: 'CWE-673', + name: 'External Influence of Sphere Definition', + status: 'Draft', + }, + { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, + { + id: 'CWE-675', + name: 'Duplicate Operations on Resource', + status: 'Draft', + }, + { + id: 'CWE-676', + name: 'Use of Potentially Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-681', + name: 'Incorrect Conversion between Numeric Types', + status: 'Draft', + }, + { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, + { + id: 'CWE-683', + name: 'Function Call With Incorrect Order of Arguments', + status: 'Draft', + }, + { + id: 'CWE-684', + name: 'Failure to Provide Specified Functionality', + status: 'Draft', + }, + { + id: 'CWE-685', + name: 'Function Call With Incorrect Number of Arguments', + status: 'Draft', + }, + { + id: 'CWE-686', + name: 'Function Call With Incorrect Argument Type', + status: 'Draft', + }, + { + id: 'CWE-687', + name: 'Function Call With Incorrectly Specified Argument Value', + status: 'Draft', + }, + { + id: 'CWE-688', + name: 'Function Call With Incorrect Variable or Reference as Argument', + status: 'Draft', + }, + { + id: 'CWE-69', + name: 'Failure to Handle Windows ::DATA Alternate Data Stream', + status: 'Incomplete', + }, + { + id: 'CWE-691', + name: 'Insufficient Control Flow Management', + status: 'Draft', + }, + { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, + { + id: 'CWE-694', + name: 'Use of Multiple Resources with Duplicate Identifier', + status: 'Incomplete', + }, + { + id: 'CWE-695', + name: 'Use of Low-Level Functionality', + status: 'Incomplete', + }, + { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, + { id: 'CWE-697', name: 'Insufficient Comparison', status: 'Incomplete' }, + { id: 'CWE-698', name: 'Redirect Without Exit', status: 'Incomplete' }, + { + id: 'CWE-7', + name: 'J2EE Misconfiguration: Missing Custom Error Page', + status: 'Incomplete', + }, + { + id: 'CWE-703', + name: 'Failure to Handle Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-704', + name: 'Incorrect Type Conversion or Cast', + status: 'Incomplete', + }, + { + id: 'CWE-705', + name: 'Incorrect Control Flow Scoping', + status: 'Incomplete', + }, + { + id: 'CWE-706', + name: 'Use of Incorrectly-Resolved Name or Reference', + status: 'Incomplete', + }, + { + id: 'CWE-707', + name: 'Improper Enforcement of Message or Data Structure', + status: 'Incomplete', + }, + { + id: 'CWE-708', + name: 'Incorrect Ownership Assignment', + status: 'Incomplete', + }, + { id: 'CWE-71', name: "Apple '.DS_Store'", status: 'Incomplete' }, + { id: 'CWE-710', name: 'Coding Standards Violation', status: 'Incomplete' }, + { + id: 'CWE-72', + name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', + status: 'Incomplete', + }, + { + id: 'CWE-73', + name: 'External Control of File Name or Path', + status: 'Draft', + }, + { + id: 'CWE-732', + name: 'Incorrect Permission Assignment for Critical Resource', + status: 'Draft', + }, + { + id: 'CWE-733', + name: 'Compiler Optimization Removal or Modification of Security-critical Code', + status: 'Incomplete', + }, + { + id: 'CWE-74', + name: "Failure to Sanitize Data into a Different Plane ('Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-749', + name: 'Exposed Dangerous Method or Function', + status: 'Incomplete', + }, + { + id: 'CWE-75', + name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', + status: 'Draft', + }, + { + id: 'CWE-754', + name: 'Improper Check for Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-755', + name: 'Improper Handling of Exceptional Conditions', + status: 'Incomplete', + }, + { id: 'CWE-756', name: 'Missing Custom Error Page', status: 'Incomplete' }, + { + id: 'CWE-757', + name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", + status: 'Incomplete', + }, + { + id: 'CWE-758', + name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', + status: 'Incomplete', + }, + { + id: 'CWE-759', + name: 'Use of a One-Way Hash without a Salt', + status: 'Incomplete', + }, + { + id: 'CWE-76', + name: 'Failure to Resolve Equivalent Special Elements into a Different Plane', + status: 'Draft', + }, + { + id: 'CWE-760', + name: 'Use of a One-Way Hash with a Predictable Salt', + status: 'Incomplete', + }, + { + id: 'CWE-761', + name: 'Free of Pointer not at Start of Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-762', + name: 'Mismatched Memory Management Routines', + status: 'Incomplete', + }, + { + id: 'CWE-763', + name: 'Release of Invalid Pointer or Reference', + status: 'Incomplete', + }, + { + id: 'CWE-764', + name: 'Multiple Locks of a Critical Resource', + status: 'Incomplete', + }, + { + id: 'CWE-765', + name: 'Multiple Unlocks of a Critical Resource', + status: 'Incomplete', + }, + { + id: 'CWE-766', + name: 'Critical Variable Declared Public', + status: 'Incomplete', + }, + { + id: 'CWE-767', + name: 'Access to Critical Private Variable via Public Method', + status: 'Incomplete', + }, + { + id: 'CWE-768', + name: 'Incorrect Short Circuit Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-77', + name: "Failure to Sanitize Data into a Control Plane ('Command Injection')", + status: 'Draft', + }, + { + id: 'CWE-770', + name: 'Allocation of Resources Without Limits or Throttling', + status: 'Incomplete', + }, + { + id: 'CWE-771', + name: 'Missing Reference to Active Allocated Resource', + status: 'Incomplete', + }, + { + id: 'CWE-772', + name: 'Missing Release of Resource after Effective Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-773', + name: 'Missing Reference to Active File Descriptor or Handle', + status: 'Incomplete', + }, + { + id: 'CWE-774', + name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', + status: 'Incomplete', + }, + { + id: 'CWE-775', + name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-78', + name: "Failure to Preserve OS Command Structure ('OS Command Injection')", + status: 'Draft', + }, + { + id: 'CWE-79', + name: "Failure to Preserve Web Page Structure ('Cross-site Scripting')", + status: 'Draft', + }, + { + id: 'CWE-8', + name: 'J2EE Misconfiguration: Entity Bean Declared Remote', + status: 'Incomplete', + }, + { + id: 'CWE-80', + name: 'Improper Sanitization of Script-Related HTML Tags in a Web Page (Basic XSS)', + status: 'Incomplete', + }, + { + id: 'CWE-81', + name: 'Improper Sanitization of Script in an Error Message Web Page', + status: 'Incomplete', + }, + { + id: 'CWE-82', + name: 'Improper Sanitization of Script in Attributes of IMG Tags in a Web Page', + status: 'Incomplete', + }, + { + id: 'CWE-83', + name: 'Failure to Sanitize Script in Attributes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-84', + name: 'Failure to Resolve Encoded URI Schemes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-85', + name: 'Doubled Character XSS Manipulations', + status: 'Draft', + }, + { + id: 'CWE-86', + name: 'Failure to Sanitize Invalid Characters in Identifiers in Web Pages', + status: 'Draft', + }, + { + id: 'CWE-87', + name: 'Failure to Sanitize Alternate XSS Syntax', + status: 'Draft', + }, + { + id: 'CWE-88', + name: 'Argument Injection or Modification', + status: 'Draft', + }, + { + id: 'CWE-89', + name: "Failure to Preserve SQL Query Structure ('SQL Injection')", + status: 'Draft', + }, + { + id: 'CWE-9', + name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', + status: 'Draft', + }, + { + id: 'CWE-90', + name: "Failure to Sanitize Data into LDAP Queries ('LDAP Injection')", + status: 'Draft', + }, + { + id: 'CWE-91', + name: 'XML Injection (aka Blind XPath Injection)', + status: 'Draft', + }, + { + id: 'CWE-92', + name: 'Improper Sanitization of Custom Special Characters', + status: 'Incomplete', + }, + { + id: 'CWE-93', + name: "Failure to Sanitize CRLF Sequences ('CRLF Injection')", + status: 'Draft', + }, + { + id: 'CWE-94', + name: "Failure to Control Generation of Code ('Code Injection')", + status: 'Draft', + }, + { + id: 'CWE-95', + name: "Improper Sanitization of Directives in Dynamically Evaluated Code ('Eval Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-96', + name: "Improper Sanitization of Directives in Statically Saved Code ('Static Code Injection')", + status: 'Draft', + }, + { + id: 'CWE-97', + name: 'Failure to Sanitize Server-Side Includes (SSI) Within a Web Page', + status: 'Draft', + }, + { + id: 'CWE-99', + name: "Improper Control of Resource Identifiers ('Resource Injection')", + status: 'Draft', + }, + ], +} diff --git a/lib/cwec/1.5.js b/lib/cwec/1.5.js new file mode 100644 index 00000000..9658fe03 --- /dev/null +++ b/lib/cwec/1.5.js @@ -0,0 +1,2620 @@ +export default { + weaknesses: [ + { + id: 'CWE-100', + name: 'Technology-Specific Input Validation Problems', + status: 'Incomplete', + }, + { + id: 'CWE-102', + name: 'Struts: Duplicate Validation Forms', + status: 'Incomplete', + }, + { + id: 'CWE-103', + name: 'Struts: Incomplete validate() Method Definition', + status: 'Draft', + }, + { + id: 'CWE-104', + name: 'Struts: Form Bean Does Not Extend Validation Class', + status: 'Draft', + }, + { + id: 'CWE-105', + name: 'Struts: Form Field Without Validator', + status: 'Draft', + }, + { + id: 'CWE-106', + name: 'Struts: Plug-in Framework not in Use', + status: 'Draft', + }, + { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, + { + id: 'CWE-108', + name: 'Struts: Unvalidated Action Form', + status: 'Incomplete', + }, + { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, + { + id: 'CWE-11', + name: 'ASP.NET Misconfiguration: Creating Debug Binary', + status: 'Draft', + }, + { + id: 'CWE-110', + name: 'Struts: Validator Without Form Field', + status: 'Draft', + }, + { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, + { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, + { + id: 'CWE-113', + name: "Failure to Sanitize CRLF Sequences in HTTP Headers ('HTTP Response Splitting')", + status: 'Incomplete', + }, + { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, + { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, + { + id: 'CWE-116', + name: 'Improper Encoding or Escaping of Output', + status: 'Draft', + }, + { + id: 'CWE-117', + name: 'Improper Output Sanitization for Logs', + status: 'Draft', + }, + { + id: 'CWE-118', + name: "Improper Access of Indexable Resource ('Range Error')", + status: 'Incomplete', + }, + { + id: 'CWE-119', + name: 'Failure to Constrain Operations within the Bounds of a Memory Buffer', + status: 'Draft', + }, + { + id: 'CWE-12', + name: 'ASP.NET Misconfiguration: Missing Custom Error Page', + status: 'Draft', + }, + { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, + { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, + { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, + { + id: 'CWE-124', + name: "Boundary Beginning Violation ('Buffer Underwrite')", + status: 'Incomplete', + }, + { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, + { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, + { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, + { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, + { id: 'CWE-129', name: 'Unchecked Array Indexing', status: 'Draft' }, + { + id: 'CWE-13', + name: 'ASP.NET Misconfiguration: Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-130', + name: 'Improper Handling of Length Parameter Inconsistency ', + status: 'Incomplete', + }, + { + id: 'CWE-131', + name: 'Incorrect Calculation of Buffer Size', + status: 'Draft', + }, + { + id: 'CWE-132', + name: 'DEPRECATED (Duplicate): Miscalculated Null Termination', + status: 'Deprecated', + }, + { id: 'CWE-134', name: 'Uncontrolled Format String', status: 'Draft' }, + { + id: 'CWE-135', + name: 'Incorrect Calculation of Multi-Byte String Length', + status: 'Draft', + }, + { + id: 'CWE-138', + name: 'Improper Sanitization of Special Elements', + status: 'Draft', + }, + { + id: 'CWE-14', + name: 'Compiler Removal of Code to Clear Buffers', + status: 'Draft', + }, + { id: 'CWE-140', name: 'Failure to Sanitize Delimiters', status: 'Draft' }, + { + id: 'CWE-141', + name: 'Failure to Sanitize Parameter/Argument Delimiters', + status: 'Draft', + }, + { + id: 'CWE-142', + name: 'Failure to Sanitize Value Delimiters', + status: 'Draft', + }, + { + id: 'CWE-143', + name: 'Failure to Sanitize Record Delimiters', + status: 'Draft', + }, + { + id: 'CWE-144', + name: 'Failure to Sanitize Line Delimiters', + status: 'Draft', + }, + { + id: 'CWE-145', + name: 'Failure to Sanitize Section Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-146', + name: 'Failure to Sanitize Expression/Command Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-147', + name: 'Improper Sanitization of Input Terminators', + status: 'Draft', + }, + { + id: 'CWE-148', + name: 'Failure to Sanitize Input Leaders', + status: 'Draft', + }, + { + id: 'CWE-149', + name: 'Failure to Sanitize Quoting Syntax', + status: 'Draft', + }, + { + id: 'CWE-15', + name: 'External Control of System or Configuration Setting', + status: 'Incomplete', + }, + { + id: 'CWE-150', + name: 'Failure to Sanitize Escape, Meta, or Control Sequences', + status: 'Incomplete', + }, + { + id: 'CWE-151', + name: 'Improper Sanitization of Comment Delimiters', + status: 'Draft', + }, + { + id: 'CWE-152', + name: 'Improper Sanitization of Macro Symbols', + status: 'Draft', + }, + { + id: 'CWE-153', + name: 'Improper Sanitization of Substitution Characters', + status: 'Draft', + }, + { + id: 'CWE-154', + name: 'Improper Sanitization of Variable Name Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-155', + name: 'Improper Sanitization of Wildcards or Matching Symbols', + status: 'Draft', + }, + { + id: 'CWE-156', + name: 'Improper Sanitization of Whitespace', + status: 'Draft', + }, + { + id: 'CWE-157', + name: 'Failure to Sanitize Paired Delimiters', + status: 'Draft', + }, + { + id: 'CWE-158', + name: 'Failure to Sanitize Null Byte or NUL Character', + status: 'Incomplete', + }, + { + id: 'CWE-159', + name: 'Failure to Sanitize Special Element', + status: 'Draft', + }, + { + id: 'CWE-160', + name: 'Improper Sanitization of Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-161', + name: 'Improper Sanitization of Multiple Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-162', + name: 'Improper Sanitization of Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-163', + name: 'Improper Sanitization of Multiple Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-164', + name: 'Improper Sanitization of Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-165', + name: 'Improper Sanitization of Multiple Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-166', + name: 'Improper Handling of Missing Special Element', + status: 'Draft', + }, + { + id: 'CWE-167', + name: 'Improper Handling of Additional Special Element', + status: 'Draft', + }, + { + id: 'CWE-168', + name: 'Failure to Resolve Inconsistent Special Elements', + status: 'Draft', + }, + { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, + { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, + { + id: 'CWE-173', + name: 'Failure to Handle Alternate Encoding', + status: 'Draft', + }, + { + id: 'CWE-174', + name: 'Double Decoding of the Same Data', + status: 'Draft', + }, + { + id: 'CWE-175', + name: 'Failure to Handle Mixed Encoding', + status: 'Draft', + }, + { + id: 'CWE-176', + name: 'Failure to Handle Unicode Encoding', + status: 'Draft', + }, + { + id: 'CWE-177', + name: 'Failure to Handle URL Encoding (Hex Encoding)', + status: 'Draft', + }, + { + id: 'CWE-178', + name: 'Failure to Resolve Case Sensitivity', + status: 'Incomplete', + }, + { + id: 'CWE-179', + name: 'Incorrect Behavior Order: Early Validation', + status: 'Incomplete', + }, + { + id: 'CWE-180', + name: 'Incorrect Behavior Order: Validate Before Canonicalize', + status: 'Draft', + }, + { + id: 'CWE-181', + name: 'Incorrect Behavior Order: Validate Before Filter', + status: 'Draft', + }, + { + id: 'CWE-182', + name: 'Collapse of Data Into Unsafe Value', + status: 'Draft', + }, + { id: 'CWE-183', name: 'Permissive Whitelist', status: 'Draft' }, + { id: 'CWE-184', name: 'Incomplete Blacklist', status: 'Draft' }, + { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, + { + id: 'CWE-186', + name: 'Overly Restrictive Regular Expression', + status: 'Draft', + }, + { id: 'CWE-187', name: 'Partial Comparison', status: 'Incomplete' }, + { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, + { + id: 'CWE-190', + name: 'Integer Overflow or Wraparound', + status: 'Incomplete', + }, + { + id: 'CWE-191', + name: 'Integer Underflow (Wrap or Wraparound)', + status: 'Draft', + }, + { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, + { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, + { + id: 'CWE-195', + name: 'Signed to Unsigned Conversion Error', + status: 'Draft', + }, + { + id: 'CWE-196', + name: 'Unsigned to Signed Conversion Error', + status: 'Draft', + }, + { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, + { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, + { id: 'CWE-20', name: 'Improper Input Validation', status: 'Draft' }, + { + id: 'CWE-200', + name: 'Information Leak (Information Disclosure)', + status: 'Incomplete', + }, + { + id: 'CWE-201', + name: 'Information Leak Through Sent Data', + status: 'Draft', + }, + { + id: 'CWE-202', + name: 'Privacy Leak through Data Queries', + status: 'Draft', + }, + { + id: 'CWE-203', + name: 'Discrepancy Information Leaks', + status: 'Incomplete', + }, + { + id: 'CWE-204', + name: 'Response Discrepancy Information Leak', + status: 'Incomplete', + }, + { + id: 'CWE-205', + name: 'Behavioral Discrepancy Information Leak', + status: 'Incomplete', + }, + { + id: 'CWE-206', + name: 'Internal Behavioral Inconsistency Information Leak', + status: 'Incomplete', + }, + { + id: 'CWE-207', + name: 'External Behavioral Inconsistency Information Leak', + status: 'Draft', + }, + { + id: 'CWE-208', + name: 'Timing Discrepancy Information Leak', + status: 'Incomplete', + }, + { id: 'CWE-209', name: 'Error Message Information Leak', status: 'Draft' }, + { + id: 'CWE-210', + name: 'Product-Generated Error Message Information Leak', + status: 'Draft', + }, + { + id: 'CWE-211', + name: 'Product-External Error Message Information Leak', + status: 'Incomplete', + }, + { + id: 'CWE-212', + name: 'Cross-boundary Cleansing Information Leak', + status: 'Incomplete', + }, + { id: 'CWE-213', name: 'Intended Information Leak', status: 'Draft' }, + { + id: 'CWE-214', + name: 'Process Environment Information Leak', + status: 'Incomplete', + }, + { + id: 'CWE-215', + name: 'Information Leak Through Debug Information', + status: 'Draft', + }, + { + id: 'CWE-216', + name: 'Containment Errors (Container Errors)', + status: 'Incomplete', + }, + { + id: 'CWE-217', + name: 'DEPRECATED: Failure to Protect Stored Data from Modification', + status: 'Deprecated', + }, + { + id: 'CWE-218', + name: 'DEPRECATED (Duplicate): Failure to provide confidentiality for stored data', + status: 'Deprecated', + }, + { id: 'CWE-219', name: 'Sensitive Data Under Web Root', status: 'Draft' }, + { id: 'CWE-22', name: 'Path Traversal', status: 'Draft' }, + { id: 'CWE-220', name: 'Sensitive Data Under FTP Root', status: 'Draft' }, + { + id: 'CWE-221', + name: 'Information Loss or Omission', + status: 'Incomplete', + }, + { + id: 'CWE-222', + name: 'Truncation of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-223', + name: 'Omission of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-224', + name: 'Obscured Security-relevant Information by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-225', + name: 'DEPRECATED (Duplicate): General Information Management Problems', + status: 'Deprecated', + }, + { + id: 'CWE-226', + name: 'Sensitive Information Uncleared Before Release', + status: 'Draft', + }, + { + id: 'CWE-227', + name: "Failure to Fulfill API Contract ('API Abuse')", + status: 'Draft', + }, + { + id: 'CWE-228', + name: 'Improper Handling of Syntactically Invalid Structure', + status: 'Incomplete', + }, + { + id: 'CWE-229', + name: 'Improper Handling of Values', + status: 'Incomplete', + }, + { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, + { + id: 'CWE-230', + name: 'Improper Handling of Missing Values', + status: 'Draft', + }, + { + id: 'CWE-231', + name: 'Improper Handling of Extra Values', + status: 'Draft', + }, + { + id: 'CWE-232', + name: 'Improper Handling of Undefined Values', + status: 'Draft', + }, + { id: 'CWE-233', name: 'Parameter Problems', status: 'Incomplete' }, + { + id: 'CWE-234', + name: 'Failure to Handle Missing Parameter', + status: 'Incomplete', + }, + { + id: 'CWE-235', + name: 'Improper Handling of Extra Parameters', + status: 'Draft', + }, + { + id: 'CWE-236', + name: 'Improper Handling of Undefined Parameters', + status: 'Draft', + }, + { + id: 'CWE-237', + name: 'Improper Handling of Structural Elements', + status: 'Incomplete', + }, + { + id: 'CWE-238', + name: 'Improper Handling of Incomplete Structural Elements', + status: 'Draft', + }, + { + id: 'CWE-239', + name: 'Failure to Handle Incomplete Element', + status: 'Draft', + }, + { + id: 'CWE-24', + name: "Path Traversal: '../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-240', + name: 'Improper Handling of Inconsistent Structural Elements', + status: 'Draft', + }, + { + id: 'CWE-241', + name: 'Improper Handling of Unexpected Data Type', + status: 'Draft', + }, + { + id: 'CWE-242', + name: 'Use of Inherently Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-243', + name: 'Failure to Change Working Directory in chroot Jail', + status: 'Draft', + }, + { + id: 'CWE-244', + name: "Failure to Clear Heap Memory Before Release ('Heap Inspection')", + status: 'Draft', + }, + { + id: 'CWE-245', + name: 'J2EE Bad Practices: Direct Management of Connections', + status: 'Draft', + }, + { + id: 'CWE-246', + name: 'J2EE Bad Practices: Direct Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-247', + name: 'Reliance on DNS Lookups in a Security Decision', + status: 'Incomplete', + }, + { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, + { + id: 'CWE-249', + name: 'DEPRECATED: Often Misused: Path Manipulation', + status: 'Deprecated', + }, + { + id: 'CWE-25', + name: "Path Traversal: '/../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-250', + name: 'Execution with Unnecessary Privileges', + status: 'Draft', + }, + { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, + { + id: 'CWE-253', + name: 'Incorrect Check of Function Return Value', + status: 'Incomplete', + }, + { + id: 'CWE-256', + name: 'Plaintext Storage of a Password', + status: 'Incomplete', + }, + { + id: 'CWE-257', + name: 'Storing Passwords in a Recoverable Format', + status: 'Incomplete', + }, + { + id: 'CWE-258', + name: 'Empty Password in Configuration File', + status: 'Incomplete', + }, + { id: 'CWE-259', name: 'Hard-Coded Password', status: 'Draft' }, + { + id: 'CWE-26', + name: "Path Traversal: '/dir/../filename'", + status: 'Draft', + }, + { + id: 'CWE-260', + name: 'Password in Configuration File', + status: 'Incomplete', + }, + { + id: 'CWE-261', + name: 'Weak Cryptography for Passwords', + status: 'Incomplete', + }, + { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, + { + id: 'CWE-263', + name: 'Password Aging with Long Expiration', + status: 'Draft', + }, + { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, + { + id: 'CWE-267', + name: 'Privilege Defined With Unsafe Actions', + status: 'Incomplete', + }, + { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, + { + id: 'CWE-269', + name: 'Improper Privilege Management', + status: 'Incomplete', + }, + { + id: 'CWE-27', + name: "Path Traversal: 'dir/../../filename'", + status: 'Draft', + }, + { + id: 'CWE-270', + name: 'Privilege Context Switching Error', + status: 'Draft', + }, + { + id: 'CWE-271', + name: 'Privilege Dropping / Lowering Errors', + status: 'Incomplete', + }, + { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, + { + id: 'CWE-273', + name: 'Improper Check for Dropped Privileges', + status: 'Incomplete', + }, + { + id: 'CWE-274', + name: 'Improper Handling of Insufficient Privileges', + status: 'Draft', + }, + { id: 'CWE-276', name: 'Incorrect Default Permissions', status: 'Draft' }, + { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, + { + id: 'CWE-278', + name: 'Insecure Preserved Inherited Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-279', + name: 'Incorrect Execution-Assigned Permissions', + status: 'Draft', + }, + { + id: 'CWE-28', + name: "Path Traversal: '..\\filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-280', + name: 'Improper Handling of Insufficient Permissions or Privileges ', + status: 'Draft', + }, + { + id: 'CWE-281', + name: 'Improper Preservation of Permissions', + status: 'Draft', + }, + { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, + { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, + { + id: 'CWE-284', + name: 'Access Control (Authorization) Issues', + status: 'Incomplete', + }, + { + id: 'CWE-285', + name: 'Improper Access Control (Authorization)', + status: 'Draft', + }, + { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, + { id: 'CWE-287', name: 'Improper Authentication', status: 'Draft' }, + { + id: 'CWE-288', + name: 'Authentication Bypass Using an Alternate Path or Channel', + status: 'Incomplete', + }, + { + id: 'CWE-289', + name: 'Authentication Bypass by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-29', + name: "Path Traversal: '\\..\\filename'", + status: 'Incomplete', + }, + { + id: 'CWE-290', + name: 'Authentication Bypass by Spoofing', + status: 'Incomplete', + }, + { + id: 'CWE-292', + name: 'Trusting Self-reported DNS Name', + status: 'Incomplete', + }, + { + id: 'CWE-293', + name: 'Using Referer Field for Authentication', + status: 'Draft', + }, + { + id: 'CWE-294', + name: 'Authentication Bypass by Capture-replay', + status: 'Incomplete', + }, + { + id: 'CWE-296', + name: 'Improper Following of Chain of Trust for Certificate Validation', + status: 'Draft', + }, + { + id: 'CWE-297', + name: 'Improper Validation of Host-specific Certificate Data', + status: 'Incomplete', + }, + { + id: 'CWE-298', + name: 'Improper Validation of Certificate Expiration', + status: 'Draft', + }, + { + id: 'CWE-299', + name: 'Improper Check for Certificate Revocation', + status: 'Draft', + }, + { + id: 'CWE-30', + name: "Path Traversal: '\\dir\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-300', + name: "Channel Accessible by Non-Endpoint ('Man-in-the-Middle')", + status: 'Draft', + }, + { + id: 'CWE-301', + name: 'Reflection Attack in an Authentication Protocol', + status: 'Draft', + }, + { + id: 'CWE-302', + name: 'Authentication Bypass by Assumed-Immutable Data', + status: 'Incomplete', + }, + { + id: 'CWE-303', + name: 'Incorrect Implementation of Authentication Algorithm', + status: 'Draft', + }, + { + id: 'CWE-304', + name: 'Missing Critical Step in Authentication', + status: 'Draft', + }, + { + id: 'CWE-305', + name: 'Authentication Bypass by Primary Weakness', + status: 'Draft', + }, + { + id: 'CWE-306', + name: 'No Authentication for Critical Function', + status: 'Draft', + }, + { + id: 'CWE-307', + name: 'Failure to Restrict Excessive Authentication Attempts', + status: 'Draft', + }, + { + id: 'CWE-308', + name: 'Use of Single-factor Authentication', + status: 'Draft', + }, + { + id: 'CWE-309', + name: 'Use of Password System for Primary Authentication', + status: 'Draft', + }, + { + id: 'CWE-31', + name: "Path Traversal: 'dir\\..\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-311', + name: 'Failure to Encrypt Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-312', + name: 'Cleartext Storage of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-313', + name: 'Plaintext Storage in a File or on Disk', + status: 'Draft', + }, + { + id: 'CWE-314', + name: 'Plaintext Storage in the Registry', + status: 'Draft', + }, + { id: 'CWE-315', name: 'Plaintext Storage in a Cookie', status: 'Draft' }, + { id: 'CWE-316', name: 'Plaintext Storage in Memory', status: 'Draft' }, + { id: 'CWE-317', name: 'Plaintext Storage in GUI', status: 'Draft' }, + { id: 'CWE-318', name: 'Plaintext Storage in Executable', status: 'Draft' }, + { + id: 'CWE-319', + name: 'Cleartext Transmission of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-32', + name: "Path Traversal: '...' (Triple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-321', + name: 'Use of Hard-coded Cryptographic Key', + status: 'Draft', + }, + { + id: 'CWE-322', + name: 'Key Exchange without Entity Authentication', + status: 'Draft', + }, + { + id: 'CWE-323', + name: 'Reusing a Nonce, Key Pair in Encryption', + status: 'Incomplete', + }, + { + id: 'CWE-324', + name: 'Use of a Key Past its Expiration Date', + status: 'Draft', + }, + { + id: 'CWE-325', + name: 'Missing Required Cryptographic Step', + status: 'Incomplete', + }, + { id: 'CWE-326', name: 'Inadequate Encryption Strength', status: 'Draft' }, + { + id: 'CWE-327', + name: 'Use of a Broken or Risky Cryptographic Algorithm', + status: 'Draft', + }, + { id: 'CWE-328', name: 'Reversible One-Way Hash', status: 'Draft' }, + { + id: 'CWE-329', + name: 'Not Using a Random IV with CBC Mode', + status: 'Draft', + }, + { + id: 'CWE-33', + name: "Path Traversal: '....' (Multiple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-330', + name: 'Use of Insufficiently Random Values', + status: 'Draft', + }, + { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, + { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, + { + id: 'CWE-333', + name: 'Improper Handling of Insufficient Entropy in TRNG', + status: 'Draft', + }, + { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, + { id: 'CWE-335', name: 'PRNG Seed Error', status: 'Draft' }, + { id: 'CWE-336', name: 'Same Seed in PRNG', status: 'Draft' }, + { id: 'CWE-337', name: 'Predictable Seed in PRNG', status: 'Draft' }, + { + id: 'CWE-338', + name: 'Use of Cryptographically Weak PRNG', + status: 'Draft', + }, + { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, + { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, + { id: 'CWE-340', name: 'Predictability Problems', status: 'Incomplete' }, + { + id: 'CWE-341', + name: 'Predictable from Observable State', + status: 'Draft', + }, + { + id: 'CWE-342', + name: 'Predictable Exact Value from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-343', + name: 'Predictable Value Range from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-344', + name: 'Use of Invariant Value in Dynamically Changing Context', + status: 'Draft', + }, + { + id: 'CWE-345', + name: 'Insufficient Verification of Data Authenticity', + status: 'Draft', + }, + { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, + { + id: 'CWE-347', + name: 'Improper Verification of Cryptographic Signature', + status: 'Draft', + }, + { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, + { + id: 'CWE-349', + name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', + status: 'Draft', + }, + { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, + { id: 'CWE-350', name: 'Improperly Trusted Reverse DNS', status: 'Draft' }, + { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, + { + id: 'CWE-353', + name: 'Failure to Add Integrity Check Value', + status: 'Draft', + }, + { + id: 'CWE-354', + name: 'Improper Validation of Integrity Check Value', + status: 'Draft', + }, + { + id: 'CWE-356', + name: 'Product UI does not Warn User of Unsafe Actions', + status: 'Incomplete', + }, + { + id: 'CWE-357', + name: 'Insufficient UI Warning of Dangerous Operations', + status: 'Draft', + }, + { + id: 'CWE-358', + name: 'Improperly Implemented Security Check for Standard', + status: 'Draft', + }, + { id: 'CWE-359', name: 'Privacy Violation', status: 'Incomplete' }, + { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, + { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, + { id: 'CWE-362', name: 'Race Condition', status: 'Draft' }, + { + id: 'CWE-363', + name: 'Race Condition Enabling Link Following', + status: 'Draft', + }, + { + id: 'CWE-364', + name: 'Signal Handler Race Condition', + status: 'Incomplete', + }, + { id: 'CWE-365', name: 'Race Condition in Switch', status: 'Draft' }, + { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, + { + id: 'CWE-367', + name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', + status: 'Incomplete', + }, + { + id: 'CWE-368', + name: 'Context Switching Race Condition', + status: 'Draft', + }, + { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, + { + id: 'CWE-37', + name: "Path Traversal: '/absolute/pathname/here'", + status: 'Draft', + }, + { + id: 'CWE-370', + name: 'Missing Check for Certificate Revocation after Initial Check', + status: 'Draft', + }, + { + id: 'CWE-372', + name: 'Incomplete Internal State Distinction', + status: 'Draft', + }, + { id: 'CWE-373', name: 'State Synchronization Error', status: 'Draft' }, + { + id: 'CWE-374', + name: 'Mutable Objects Passed by Reference', + status: 'Draft', + }, + { + id: 'CWE-375', + name: 'Passing Mutable Objects to an Untrusted Method', + status: 'Draft', + }, + { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, + { + id: 'CWE-378', + name: 'Creation of Temporary File With Insecure Permissions', + status: 'Draft', + }, + { + id: 'CWE-379', + name: 'Creation of Temporary File in Directory with Incorrect Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-38', + name: "Path Traversal: '\\absolute\\pathname\\here'", + status: 'Draft', + }, + { + id: 'CWE-382', + name: 'J2EE Bad Practices: Use of System.exit()', + status: 'Draft', + }, + { + id: 'CWE-383', + name: 'J2EE Bad Practices: Direct Use of Threads', + status: 'Draft', + }, + { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, + { + id: 'CWE-386', + name: 'Symbolic Name not Mapping to Correct Object', + status: 'Draft', + }, + { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, + { + id: 'CWE-390', + name: 'Detection of Error Condition Without Action', + status: 'Draft', + }, + { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, + { + id: 'CWE-392', + name: 'Failure to Report Error in Status Code', + status: 'Draft', + }, + { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, + { + id: 'CWE-394', + name: 'Unexpected Status Code or Return Value', + status: 'Draft', + }, + { + id: 'CWE-395', + name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', + status: 'Draft', + }, + { + id: 'CWE-396', + name: 'Declaration of Catch for Generic Exception', + status: 'Draft', + }, + { + id: 'CWE-397', + name: 'Declaration of Throws for Generic Exception', + status: 'Draft', + }, + { id: 'CWE-398', name: 'Indicator of Poor Code Quality', status: 'Draft' }, + { + id: 'CWE-40', + name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", + status: 'Draft', + }, + { + id: 'CWE-400', + name: "Uncontrolled Resource Consumption ('Resource Exhaustion')", + status: 'Incomplete', + }, + { + id: 'CWE-401', + name: "Failure to Release Memory Before Removing Last Reference ('Memory Leak')", + status: 'Draft', + }, + { + id: 'CWE-402', + name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", + status: 'Draft', + }, + { id: 'CWE-403', name: 'UNIX File Descriptor Leak', status: 'Draft' }, + { + id: 'CWE-404', + name: 'Improper Resource Shutdown or Release', + status: 'Draft', + }, + { + id: 'CWE-405', + name: 'Asymmetric Resource Consumption (Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-406', + name: 'Insufficient Control of Network Message Volume (Network Amplification)', + status: 'Incomplete', + }, + { id: 'CWE-407', name: 'Algorithmic Complexity', status: 'Incomplete' }, + { + id: 'CWE-408', + name: 'Incorrect Behavior Order: Early Amplification', + status: 'Draft', + }, + { + id: 'CWE-409', + name: 'Improper Handling of Highly Compressed Data (Data Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-41', + name: 'Improper Resolution of Path Equivalence', + status: 'Incomplete', + }, + { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, + { + id: 'CWE-412', + name: 'Unrestricted Externally Accessible Lock', + status: 'Incomplete', + }, + { id: 'CWE-413', name: 'Insufficient Resource Locking', status: 'Draft' }, + { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, + { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, + { id: 'CWE-416', name: 'Use After Free', status: 'Draft' }, + { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, + { + id: 'CWE-42', + name: "Path Equivalence: 'filename.' (Trailing Dot)", + status: 'Incomplete', + }, + { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, + { + id: 'CWE-421', + name: 'Race Condition During Access to Alternate Channel', + status: 'Draft', + }, + { + id: 'CWE-422', + name: "Unprotected Windows Messaging Channel ('Shatter')", + status: 'Draft', + }, + { + id: 'CWE-423', + name: 'DEPRECATED (Duplicate): Proxied Trusted Channel', + status: 'Deprecated', + }, + { + id: 'CWE-424', + name: 'Failure to Protect Alternate Path', + status: 'Draft', + }, + { + id: 'CWE-425', + name: "Direct Request ('Forced Browsing')", + status: 'Incomplete', + }, + { + id: 'CWE-427', + name: 'Uncontrolled Search Path Element', + status: 'Draft', + }, + { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, + { + id: 'CWE-43', + name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-430', + name: 'Deployment of Wrong Handler', + status: 'Incomplete', + }, + { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, + { + id: 'CWE-432', + name: 'Dangerous Handler not Disabled During Sensitive Operations', + status: 'Draft', + }, + { + id: 'CWE-433', + name: 'Unparsed Raw Web Content Delivery', + status: 'Incomplete', + }, + { id: 'CWE-435', name: 'Interaction Error', status: 'Draft' }, + { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, + { + id: 'CWE-437', + name: 'Incomplete Model of Endpoint Features', + status: 'Incomplete', + }, + { + id: 'CWE-439', + name: 'Behavioral Change in New Version or Environment', + status: 'Draft', + }, + { + id: 'CWE-44', + name: "Path Equivalence: 'file.name' (Internal Dot)", + status: 'Incomplete', + }, + { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, + { id: 'CWE-441', name: 'Unintended Proxy/Intermediary', status: 'Draft' }, + { + id: 'CWE-443', + name: 'DEPRECATED (Duplicate): HTTP response splitting', + status: 'Deprecated', + }, + { + id: 'CWE-444', + name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')", + status: 'Incomplete', + }, + { + id: 'CWE-446', + name: 'UI Discrepancy for Security Feature', + status: 'Incomplete', + }, + { + id: 'CWE-447', + name: 'Unimplemented or Unsupported Feature in UI', + status: 'Draft', + }, + { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, + { + id: 'CWE-449', + name: 'The UI Performs the Wrong Action', + status: 'Incomplete', + }, + { + id: 'CWE-45', + name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-450', + name: 'Multiple Interpretations of UI Input', + status: 'Draft', + }, + { + id: 'CWE-451', + name: 'UI Misrepresentation of Critical Information', + status: 'Draft', + }, + { + id: 'CWE-453', + name: 'Insecure Default Variable Initialization', + status: 'Draft', + }, + { + id: 'CWE-454', + name: 'External Initialization of Trusted Variables', + status: 'Draft', + }, + { + id: 'CWE-455', + name: 'Non-exit on Failed Initialization', + status: 'Draft', + }, + { id: 'CWE-456', name: 'Missing Initialization', status: 'Draft' }, + { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, + { + id: 'CWE-458', + name: 'DEPRECATED: Incorrect Initialization', + status: 'Deprecated', + }, + { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, + { + id: 'CWE-46', + name: "Path Equivalence: 'filename ' (Trailing Space)", + status: 'Incomplete', + }, + { + id: 'CWE-460', + name: 'Improper Cleanup on Thrown Exception', + status: 'Draft', + }, + { + id: 'CWE-462', + name: 'Duplicate Key in Associative List (Alist)', + status: 'Incomplete', + }, + { + id: 'CWE-463', + name: 'Deletion of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-464', + name: 'Addition of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-466', + name: 'Return of Pointer Value Outside of Expected Range', + status: 'Draft', + }, + { + id: 'CWE-467', + name: 'Use of sizeof() on a Pointer Type', + status: 'Draft', + }, + { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, + { + id: 'CWE-469', + name: 'Use of Pointer Subtraction to Determine Size', + status: 'Draft', + }, + { + id: 'CWE-47', + name: "Path Equivalence: ' filename (Leading Space)", + status: 'Incomplete', + }, + { + id: 'CWE-470', + name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", + status: 'Draft', + }, + { + id: 'CWE-471', + name: 'Modification of Assumed-Immutable Data (MAID)', + status: 'Draft', + }, + { + id: 'CWE-472', + name: 'External Control of Assumed-Immutable Web Parameter', + status: 'Draft', + }, + { + id: 'CWE-473', + name: 'PHP External Variable Modification', + status: 'Draft', + }, + { + id: 'CWE-474', + name: 'Use of Function with Inconsistent Implementations', + status: 'Draft', + }, + { + id: 'CWE-475', + name: 'Undefined Behavior for Input to API', + status: 'Incomplete', + }, + { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Draft' }, + { id: 'CWE-477', name: 'Use of Obsolete Functions', status: 'Draft' }, + { + id: 'CWE-478', + name: 'Missing Default Case in Switch Statement', + status: 'Draft', + }, + { + id: 'CWE-479', + name: 'Unsafe Function Call from a Signal Handler', + status: 'Draft', + }, + { + id: 'CWE-48', + name: "Path Equivalence: 'file name' (Internal Whitespace)", + status: 'Incomplete', + }, + { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, + { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, + { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, + { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, + { + id: 'CWE-484', + name: 'Omitted Break Statement in Switch', + status: 'Draft', + }, + { id: 'CWE-485', name: 'Insufficient Encapsulation', status: 'Draft' }, + { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, + { + id: 'CWE-487', + name: 'Reliance on Package-level Scope', + status: 'Incomplete', + }, + { id: 'CWE-488', name: 'Data Leak Between Sessions', status: 'Draft' }, + { id: 'CWE-489', name: 'Leftover Debug Code', status: 'Draft' }, + { + id: 'CWE-49', + name: "Path Equivalence: 'filename/' (Trailing Slash)", + status: 'Incomplete', + }, + { + id: 'CWE-491', + name: "Public cloneable() Method Without Final ('Object Hijack')", + status: 'Draft', + }, + { + id: 'CWE-492', + name: 'Use of Inner Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-493', + name: 'Critical Public Variable Without Final Modifier', + status: 'Draft', + }, + { + id: 'CWE-494', + name: 'Download of Code Without Integrity Check', + status: 'Draft', + }, + { + id: 'CWE-495', + name: 'Private Array-Typed Field Returned From A Public Method', + status: 'Draft', + }, + { + id: 'CWE-496', + name: 'Public Data Assigned to Private Array-Typed Field', + status: 'Incomplete', + }, + { + id: 'CWE-497', + name: 'Information Leak of System Data', + status: 'Incomplete', + }, + { + id: 'CWE-498', + name: 'Information Leak through Class Cloning', + status: 'Draft', + }, + { + id: 'CWE-499', + name: 'Serializable Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-5', + name: 'J2EE Misconfiguration: Data Transmission Without Encryption', + status: 'Draft', + }, + { + id: 'CWE-50', + name: "Path Equivalence: '//multiple/leading/slash'", + status: 'Incomplete', + }, + { + id: 'CWE-500', + name: 'Public Static Field Not Marked Final', + status: 'Draft', + }, + { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, + { + id: 'CWE-502', + name: 'Deserialization of Untrusted Data', + status: 'Draft', + }, + { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, + { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, + { + id: 'CWE-508', + name: 'Non-Replicating Malicious Code', + status: 'Incomplete', + }, + { + id: 'CWE-509', + name: 'Replicating Malicious Code (Virus or Worm)', + status: 'Incomplete', + }, + { + id: 'CWE-51', + name: "Path Equivalence: '/multiple//internal/slash'", + status: 'Incomplete', + }, + { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, + { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, + { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, + { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, + { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, + { + id: 'CWE-516', + name: 'DEPRECATED (Duplicate): Covert Timing Channel', + status: 'Deprecated', + }, + { + id: 'CWE-52', + name: "Path Equivalence: '/multiple/trailing/slash//'", + status: 'Incomplete', + }, + { + id: 'CWE-520', + name: '.NET Misconfiguration: Use of Impersonation', + status: 'Incomplete', + }, + { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, + { + id: 'CWE-522', + name: 'Insufficiently Protected Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-523', + name: 'Unprotected Transport of Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-524', + name: 'Information Leak Through Caching', + status: 'Incomplete', + }, + { + id: 'CWE-525', + name: 'Information Leak Through Browser Caching', + status: 'Incomplete', + }, + { + id: 'CWE-526', + name: 'Information Leak Through Environmental Variables', + status: 'Incomplete', + }, + { + id: 'CWE-527', + name: 'Information Leak Through CVS Repository', + status: 'Incomplete', + }, + { + id: 'CWE-528', + name: 'Information Leak Through Core Dump Files', + status: 'Draft', + }, + { + id: 'CWE-529', + name: 'Information Leak Through Access Control List Files', + status: 'Incomplete', + }, + { + id: 'CWE-53', + name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", + status: 'Incomplete', + }, + { + id: 'CWE-530', + name: 'Information Leak Through Backup (.~bk) Files', + status: 'Incomplete', + }, + { + id: 'CWE-531', + name: 'Information Leak Through Test Code', + status: 'Incomplete', + }, + { + id: 'CWE-532', + name: 'Information Leak Through Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-533', + name: 'Information Leak Through Server Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-534', + name: 'Information Leak Through Debug Log Files', + status: 'Draft', + }, + { + id: 'CWE-535', + name: 'Information Leak Through Shell Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-536', + name: 'Information Leak Through Servlet Runtime Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-537', + name: 'Information Leak Through Java Runtime Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-538', + name: 'File and Directory Information Leaks', + status: 'Draft', + }, + { + id: 'CWE-539', + name: 'Information Leak Through Persistent Cookies', + status: 'Incomplete', + }, + { + id: 'CWE-54', + name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", + status: 'Incomplete', + }, + { + id: 'CWE-540', + name: 'Information Leak Through Source Code', + status: 'Incomplete', + }, + { + id: 'CWE-541', + name: 'Information Leak Through Include Source Code', + status: 'Incomplete', + }, + { + id: 'CWE-542', + name: 'Information Leak Through Cleanup Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-543', + name: 'Use of Singleton Pattern in a Non-thread-safe Manner', + status: 'Incomplete', + }, + { + id: 'CWE-544', + name: 'Failure to Use a Standardized Error Handling Mechanism', + status: 'Draft', + }, + { + id: 'CWE-545', + name: 'Use of Dynamic Class Loading', + status: 'Incomplete', + }, + { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, + { + id: 'CWE-547', + name: 'Use of Hard-coded, Security-relevant Constants', + status: 'Draft', + }, + { + id: 'CWE-548', + name: 'Information Leak Through Directory Listing', + status: 'Draft', + }, + { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, + { + id: 'CWE-55', + name: "Path Equivalence: '/./' (Single Dot Directory)", + status: 'Incomplete', + }, + { + id: 'CWE-550', + name: 'Information Leak Through Server Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-551', + name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', + status: 'Incomplete', + }, + { + id: 'CWE-552', + name: 'Files or Directories Accessible to External Parties', + status: 'Draft', + }, + { + id: 'CWE-553', + name: 'Command Shell in Externally Accessible Directory', + status: 'Incomplete', + }, + { + id: 'CWE-554', + name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', + status: 'Draft', + }, + { + id: 'CWE-555', + name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-556', + name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', + status: 'Incomplete', + }, + { + id: 'CWE-558', + name: 'Use of getlogin() in Multithreaded Application', + status: 'Draft', + }, + { + id: 'CWE-56', + name: "Path Equivalence: 'filedir*' (Wildcard)", + status: 'Incomplete', + }, + { + id: 'CWE-560', + name: 'Use of umask() with chmod-style Argument', + status: 'Draft', + }, + { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, + { + id: 'CWE-562', + name: 'Return of Stack Variable Address', + status: 'Draft', + }, + { id: 'CWE-563', name: 'Unused Variable', status: 'Draft' }, + { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, + { + id: 'CWE-565', + name: 'Reliance on Cookies without Validation and Integrity Checking', + status: 'Incomplete', + }, + { + id: 'CWE-566', + name: 'Access Control Bypass Through User-Controlled SQL Primary Key', + status: 'Incomplete', + }, + { + id: 'CWE-567', + name: 'Unsynchronized Access to Shared Data', + status: 'Draft', + }, + { + id: 'CWE-568', + name: 'finalize() Method Without super.finalize()', + status: 'Draft', + }, + { + id: 'CWE-57', + name: "Path Equivalence: 'fakedir/../realdir/filename'", + status: 'Incomplete', + }, + { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, + { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, + { + id: 'CWE-572', + name: 'Call to Thread run() instead of start()', + status: 'Draft', + }, + { id: 'CWE-573', name: 'Failure to Follow Specification', status: 'Draft' }, + { + id: 'CWE-574', + name: 'EJB Bad Practices: Use of Synchronization Primitives', + status: 'Draft', + }, + { + id: 'CWE-575', + name: 'EJB Bad Practices: Use of AWT Swing', + status: 'Draft', + }, + { + id: 'CWE-576', + name: 'EJB Bad Practices: Use of Java I/O', + status: 'Draft', + }, + { + id: 'CWE-577', + name: 'EJB Bad Practices: Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-578', + name: 'EJB Bad Practices: Use of Class Loader', + status: 'Draft', + }, + { + id: 'CWE-579', + name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', + status: 'Draft', + }, + { + id: 'CWE-58', + name: 'Path Equivalence: Windows 8.3 Filename', + status: 'Incomplete', + }, + { + id: 'CWE-580', + name: 'clone() Method Without super.clone()', + status: 'Draft', + }, + { + id: 'CWE-581', + name: 'Object Model Violation: Just One of Equals and Hashcode Defined', + status: 'Draft', + }, + { + id: 'CWE-582', + name: 'Array Declared Public, Final, and Static', + status: 'Draft', + }, + { + id: 'CWE-583', + name: 'finalize() Method Declared Public', + status: 'Incomplete', + }, + { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, + { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, + { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, + { + id: 'CWE-587', + name: 'Assignment of a Fixed Address to a Pointer', + status: 'Draft', + }, + { + id: 'CWE-588', + name: 'Attempt to Access Child of a Non-structure Pointer', + status: 'Incomplete', + }, + { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, + { + id: 'CWE-59', + name: "Improper Link Resolution Before File Access ('Link Following')", + status: 'Draft', + }, + { + id: 'CWE-590', + name: 'Free of Memory not on the Heap', + status: 'Incomplete', + }, + { + id: 'CWE-591', + name: 'Sensitive Data Storage in Improperly Locked Memory', + status: 'Draft', + }, + { + id: 'CWE-592', + name: 'Authentication Bypass Issues', + status: 'Incomplete', + }, + { + id: 'CWE-593', + name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', + status: 'Draft', + }, + { + id: 'CWE-594', + name: 'J2EE Framework: Saving Unserializable Objects to Disk', + status: 'Incomplete', + }, + { + id: 'CWE-595', + name: 'Comparison of Object References Instead of Object Contents', + status: 'Incomplete', + }, + { + id: 'CWE-596', + name: 'Incorrect Semantic Object Comparison', + status: 'Incomplete', + }, + { + id: 'CWE-597', + name: 'Use of Wrong Operator in String Comparison', + status: 'Draft', + }, + { + id: 'CWE-598', + name: 'Information Leak Through Query Strings in GET Request', + status: 'Draft', + }, + { + id: 'CWE-599', + name: 'Trust of OpenSSL Certificate Without Validation', + status: 'Incomplete', + }, + { + id: 'CWE-6', + name: 'J2EE Misconfiguration: Insufficient Session-ID Length', + status: 'Incomplete', + }, + { + id: 'CWE-600', + name: 'Failure to Catch All Exceptions in Servlet ', + status: 'Draft', + }, + { + id: 'CWE-601', + name: "URL Redirection to Untrusted Site ('Open Redirect')", + status: 'Draft', + }, + { + id: 'CWE-602', + name: 'Client-Side Enforcement of Server-Side Security', + status: 'Draft', + }, + { + id: 'CWE-603', + name: 'Use of Client-Side Authentication', + status: 'Draft', + }, + { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, + { + id: 'CWE-606', + name: 'Unchecked Input for Loop Condition', + status: 'Draft', + }, + { + id: 'CWE-607', + name: 'Public Static Final Field References Mutable Object', + status: 'Draft', + }, + { + id: 'CWE-608', + name: 'Struts: Non-private Field in ActionForm Class', + status: 'Draft', + }, + { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, + { + id: 'CWE-610', + name: 'Externally Controlled Reference to a Resource in Another Sphere', + status: 'Draft', + }, + { + id: 'CWE-611', + name: 'Information Leak Through XML External Entity File Disclosure', + status: 'Draft', + }, + { + id: 'CWE-612', + name: 'Information Leak Through Indexing of Private Data', + status: 'Draft', + }, + { + id: 'CWE-613', + name: 'Insufficient Session Expiration', + status: 'Incomplete', + }, + { + id: 'CWE-614', + name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", + status: 'Draft', + }, + { + id: 'CWE-615', + name: 'Information Leak Through Comments', + status: 'Incomplete', + }, + { + id: 'CWE-616', + name: 'Incomplete Identification of Uploaded File Variables (PHP)', + status: 'Incomplete', + }, + { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, + { + id: 'CWE-618', + name: 'Exposed Unsafe ActiveX Method', + status: 'Incomplete', + }, + { + id: 'CWE-619', + name: "Dangling Database Cursor ('Cursor Injection')", + status: 'Incomplete', + }, + { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, + { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, + { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, + { + id: 'CWE-622', + name: 'Unvalidated Function Hook Arguments', + status: 'Draft', + }, + { + id: 'CWE-623', + name: 'Unsafe ActiveX Control Marked Safe For Scripting', + status: 'Draft', + }, + { + id: 'CWE-624', + name: 'Executable Regular Expression Error', + status: 'Incomplete', + }, + { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, + { + id: 'CWE-626', + name: 'Null Byte Interaction Error (Poison Null Byte)', + status: 'Draft', + }, + { + id: 'CWE-627', + name: 'Dynamic Variable Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-628', + name: 'Function Call with Incorrectly Specified Arguments', + status: 'Draft', + }, + { + id: 'CWE-636', + name: "Not Failing Securely ('Failing Open')", + status: 'Draft', + }, + { + id: 'CWE-637', + name: 'Failure to Use Economy of Mechanism', + status: 'Draft', + }, + { + id: 'CWE-638', + name: 'Failure to Use Complete Mediation', + status: 'Draft', + }, + { + id: 'CWE-639', + name: 'Access Control Bypass Through User-Controlled Key', + status: 'Incomplete', + }, + { + id: 'CWE-64', + name: 'Windows Shortcut Following (.LNK)', + status: 'Incomplete', + }, + { + id: 'CWE-640', + name: 'Weak Password Recovery Mechanism for Forgotten Password', + status: 'Incomplete', + }, + { + id: 'CWE-641', + name: 'Insufficient Filtering of File and Other Resource Names for Executable Content', + status: 'Incomplete', + }, + { + id: 'CWE-642', + name: 'External Control of Critical State Data', + status: 'Draft', + }, + { + id: 'CWE-643', + name: "Failure to Sanitize Data within XPath Expressions ('XPath injection')", + status: 'Incomplete', + }, + { + id: 'CWE-644', + name: 'Improper Sanitization of HTTP Headers for Scripting Syntax', + status: 'Incomplete', + }, + { + id: 'CWE-645', + name: 'Overly Restrictive Account Lockout Mechanism', + status: 'Incomplete', + }, + { + id: 'CWE-646', + name: 'Reliance on File Name or Extension of Externally-Supplied File', + status: 'Incomplete', + }, + { + id: 'CWE-647', + name: 'Use of Non-Canonical URL Paths for Authorization Decisions', + status: 'Incomplete', + }, + { + id: 'CWE-648', + name: 'Incorrect Use of Privileged APIs', + status: 'Incomplete', + }, + { + id: 'CWE-649', + name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', + status: 'Incomplete', + }, + { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, + { + id: 'CWE-650', + name: 'Trusting HTTP Permission Methods on the Server Side', + status: 'Incomplete', + }, + { + id: 'CWE-651', + name: 'Information Leak through WSDL File', + status: 'Incomplete', + }, + { + id: 'CWE-652', + name: "Failure to Sanitize Data within XQuery Expressions ('XQuery Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-653', + name: 'Insufficient Compartmentalization', + status: 'Draft', + }, + { + id: 'CWE-654', + name: 'Reliance on a Single Factor in a Security Decision', + status: 'Draft', + }, + { + id: 'CWE-655', + name: 'Insufficient Psychological Acceptability', + status: 'Draft', + }, + { + id: 'CWE-656', + name: 'Reliance on Security through Obscurity', + status: 'Draft', + }, + { + id: 'CWE-657', + name: 'Violation of Secure Design Principles', + status: 'Draft', + }, + { + id: 'CWE-66', + name: 'Improper Handling of File Names that Identify Virtual Resources', + status: 'Draft', + }, + { id: 'CWE-662', name: 'Insufficient Synchronization', status: 'Draft' }, + { + id: 'CWE-663', + name: 'Use of a Non-reentrant Function in an Unsynchronized Context', + status: 'Draft', + }, + { + id: 'CWE-664', + name: 'Improper Control of a Resource Through its Lifetime', + status: 'Draft', + }, + { id: 'CWE-665', name: 'Improper Initialization', status: 'Draft' }, + { + id: 'CWE-666', + name: 'Operation on Resource in Wrong Phase of Lifetime', + status: 'Draft', + }, + { id: 'CWE-667', name: 'Insufficient Locking', status: 'Draft' }, + { + id: 'CWE-668', + name: 'Exposure of Resource to Wrong Sphere', + status: 'Draft', + }, + { + id: 'CWE-669', + name: 'Incorrect Resource Transfer Between Spheres', + status: 'Draft', + }, + { + id: 'CWE-67', + name: 'Improper Handling of Windows Device Names', + status: 'Incomplete', + }, + { + id: 'CWE-670', + name: 'Always-Incorrect Control Flow Implementation', + status: 'Draft', + }, + { + id: 'CWE-671', + name: 'Lack of Administrator Control over Security', + status: 'Draft', + }, + { + id: 'CWE-672', + name: 'Use of a Resource after Expiration or Release', + status: 'Draft', + }, + { + id: 'CWE-673', + name: 'External Influence of Sphere Definition', + status: 'Draft', + }, + { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, + { + id: 'CWE-675', + name: 'Duplicate Operations on Resource', + status: 'Draft', + }, + { + id: 'CWE-676', + name: 'Use of Potentially Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-681', + name: 'Incorrect Conversion between Numeric Types', + status: 'Draft', + }, + { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, + { + id: 'CWE-683', + name: 'Function Call With Incorrect Order of Arguments', + status: 'Draft', + }, + { + id: 'CWE-684', + name: 'Failure to Provide Specified Functionality', + status: 'Draft', + }, + { + id: 'CWE-685', + name: 'Function Call With Incorrect Number of Arguments', + status: 'Draft', + }, + { + id: 'CWE-686', + name: 'Function Call With Incorrect Argument Type', + status: 'Draft', + }, + { + id: 'CWE-687', + name: 'Function Call With Incorrectly Specified Argument Value', + status: 'Draft', + }, + { + id: 'CWE-688', + name: 'Function Call With Incorrect Variable or Reference as Argument', + status: 'Draft', + }, + { + id: 'CWE-69', + name: 'Failure to Handle Windows ::DATA Alternate Data Stream', + status: 'Incomplete', + }, + { + id: 'CWE-691', + name: 'Insufficient Control Flow Management', + status: 'Draft', + }, + { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, + { + id: 'CWE-694', + name: 'Use of Multiple Resources with Duplicate Identifier', + status: 'Incomplete', + }, + { + id: 'CWE-695', + name: 'Use of Low-Level Functionality', + status: 'Incomplete', + }, + { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, + { id: 'CWE-697', name: 'Insufficient Comparison', status: 'Incomplete' }, + { id: 'CWE-698', name: 'Redirect Without Exit', status: 'Incomplete' }, + { + id: 'CWE-7', + name: 'J2EE Misconfiguration: Missing Custom Error Page', + status: 'Incomplete', + }, + { + id: 'CWE-703', + name: 'Failure to Handle Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-704', + name: 'Incorrect Type Conversion or Cast', + status: 'Incomplete', + }, + { + id: 'CWE-705', + name: 'Incorrect Control Flow Scoping', + status: 'Incomplete', + }, + { + id: 'CWE-706', + name: 'Use of Incorrectly-Resolved Name or Reference', + status: 'Incomplete', + }, + { + id: 'CWE-707', + name: 'Improper Enforcement of Message or Data Structure', + status: 'Incomplete', + }, + { + id: 'CWE-708', + name: 'Incorrect Ownership Assignment', + status: 'Incomplete', + }, + { id: 'CWE-71', name: "Apple '.DS_Store'", status: 'Incomplete' }, + { id: 'CWE-710', name: 'Coding Standards Violation', status: 'Incomplete' }, + { + id: 'CWE-72', + name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', + status: 'Incomplete', + }, + { + id: 'CWE-73', + name: 'External Control of File Name or Path', + status: 'Draft', + }, + { + id: 'CWE-732', + name: 'Incorrect Permission Assignment for Critical Resource', + status: 'Draft', + }, + { + id: 'CWE-733', + name: 'Compiler Optimization Removal or Modification of Security-critical Code', + status: 'Incomplete', + }, + { + id: 'CWE-74', + name: "Failure to Sanitize Data into a Different Plane ('Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-749', + name: 'Exposed Dangerous Method or Function', + status: 'Incomplete', + }, + { + id: 'CWE-75', + name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', + status: 'Draft', + }, + { + id: 'CWE-754', + name: 'Improper Check for Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-755', + name: 'Improper Handling of Exceptional Conditions', + status: 'Incomplete', + }, + { id: 'CWE-756', name: 'Missing Custom Error Page', status: 'Incomplete' }, + { + id: 'CWE-757', + name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", + status: 'Incomplete', + }, + { + id: 'CWE-758', + name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', + status: 'Incomplete', + }, + { + id: 'CWE-759', + name: 'Use of a One-Way Hash without a Salt', + status: 'Incomplete', + }, + { + id: 'CWE-76', + name: 'Failure to Resolve Equivalent Special Elements into a Different Plane', + status: 'Draft', + }, + { + id: 'CWE-760', + name: 'Use of a One-Way Hash with a Predictable Salt', + status: 'Incomplete', + }, + { + id: 'CWE-761', + name: 'Free of Pointer not at Start of Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-762', + name: 'Mismatched Memory Management Routines', + status: 'Incomplete', + }, + { + id: 'CWE-763', + name: 'Release of Invalid Pointer or Reference', + status: 'Incomplete', + }, + { + id: 'CWE-764', + name: 'Multiple Locks of a Critical Resource', + status: 'Incomplete', + }, + { + id: 'CWE-765', + name: 'Multiple Unlocks of a Critical Resource', + status: 'Incomplete', + }, + { + id: 'CWE-766', + name: 'Critical Variable Declared Public', + status: 'Incomplete', + }, + { + id: 'CWE-767', + name: 'Access to Critical Private Variable via Public Method', + status: 'Incomplete', + }, + { + id: 'CWE-768', + name: 'Incorrect Short Circuit Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-77', + name: "Improper Sanitization of Special Elements used in a Command ('Command Injection')", + status: 'Draft', + }, + { + id: 'CWE-770', + name: 'Allocation of Resources Without Limits or Throttling', + status: 'Incomplete', + }, + { + id: 'CWE-771', + name: 'Missing Reference to Active Allocated Resource', + status: 'Incomplete', + }, + { + id: 'CWE-772', + name: 'Missing Release of Resource after Effective Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-773', + name: 'Missing Reference to Active File Descriptor or Handle', + status: 'Incomplete', + }, + { + id: 'CWE-774', + name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', + status: 'Incomplete', + }, + { + id: 'CWE-775', + name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-776', + name: "Unrestricted Recursive Entity References in DTDs ('XML Bomb')", + status: 'Draft', + }, + { + id: 'CWE-777', + name: 'Regular Expression without Anchors', + status: 'Incomplete', + }, + { id: 'CWE-778', name: 'Insufficient Logging', status: 'Draft' }, + { id: 'CWE-779', name: 'Logging of Excessive Data', status: 'Draft' }, + { + id: 'CWE-78', + name: "Improper Sanitization of Special Elements used in an OS Command ('OS Command Injection')", + status: 'Draft', + }, + { + id: 'CWE-780', + name: 'Use of RSA Algorithm without OAEP', + status: 'Incomplete', + }, + { + id: 'CWE-781', + name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', + status: 'Draft', + }, + { + id: 'CWE-782', + name: 'Exposed IOCTL with Insufficient Access Control', + status: 'Draft', + }, + { id: 'CWE-783', name: 'Operator Precedence Logic Error', status: 'Draft' }, + { + id: 'CWE-784', + name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', + status: 'Draft', + }, + { + id: 'CWE-785', + name: 'Use of Path Manipulation Function without Maximum-sized Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-79', + name: "Failure to Preserve Web Page Structure ('Cross-site Scripting')", + status: 'Draft', + }, + { + id: 'CWE-8', + name: 'J2EE Misconfiguration: Entity Bean Declared Remote', + status: 'Incomplete', + }, + { + id: 'CWE-80', + name: 'Improper Sanitization of Script-Related HTML Tags in a Web Page (Basic XSS)', + status: 'Incomplete', + }, + { + id: 'CWE-81', + name: 'Improper Sanitization of Script in an Error Message Web Page', + status: 'Incomplete', + }, + { + id: 'CWE-82', + name: 'Improper Sanitization of Script in Attributes of IMG Tags in a Web Page', + status: 'Incomplete', + }, + { + id: 'CWE-83', + name: 'Failure to Sanitize Script in Attributes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-84', + name: 'Failure to Resolve Encoded URI Schemes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-85', + name: 'Doubled Character XSS Manipulations', + status: 'Draft', + }, + { + id: 'CWE-86', + name: 'Failure to Sanitize Invalid Characters in Identifiers in Web Pages', + status: 'Draft', + }, + { + id: 'CWE-87', + name: 'Failure to Sanitize Alternate XSS Syntax', + status: 'Draft', + }, + { + id: 'CWE-88', + name: 'Argument Injection or Modification', + status: 'Draft', + }, + { + id: 'CWE-89', + name: "Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection')", + status: 'Draft', + }, + { + id: 'CWE-9', + name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', + status: 'Draft', + }, + { + id: 'CWE-90', + name: "Failure to Sanitize Data into LDAP Queries ('LDAP Injection')", + status: 'Draft', + }, + { + id: 'CWE-91', + name: 'XML Injection (aka Blind XPath Injection)', + status: 'Draft', + }, + { + id: 'CWE-92', + name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', + status: 'Deprecated', + }, + { + id: 'CWE-93', + name: "Failure to Sanitize CRLF Sequences ('CRLF Injection')", + status: 'Draft', + }, + { + id: 'CWE-94', + name: "Failure to Control Generation of Code ('Code Injection')", + status: 'Draft', + }, + { + id: 'CWE-95', + name: "Improper Sanitization of Directives in Dynamically Evaluated Code ('Eval Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-96', + name: "Improper Sanitization of Directives in Statically Saved Code ('Static Code Injection')", + status: 'Draft', + }, + { + id: 'CWE-97', + name: 'Failure to Sanitize Server-Side Includes (SSI) Within a Web Page', + status: 'Draft', + }, + { + id: 'CWE-99', + name: "Improper Control of Resource Identifiers ('Resource Injection')", + status: 'Draft', + }, + ], +} diff --git a/lib/cwec/1.6.js b/lib/cwec/1.6.js new file mode 100644 index 00000000..514fb4a5 --- /dev/null +++ b/lib/cwec/1.6.js @@ -0,0 +1,2631 @@ +export default { + weaknesses: [ + { + id: 'CWE-102', + name: 'Struts: Duplicate Validation Forms', + status: 'Incomplete', + }, + { + id: 'CWE-103', + name: 'Struts: Incomplete validate() Method Definition', + status: 'Draft', + }, + { + id: 'CWE-104', + name: 'Struts: Form Bean Does Not Extend Validation Class', + status: 'Draft', + }, + { + id: 'CWE-105', + name: 'Struts: Form Field Without Validator', + status: 'Draft', + }, + { + id: 'CWE-106', + name: 'Struts: Plug-in Framework not in Use', + status: 'Draft', + }, + { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, + { + id: 'CWE-108', + name: 'Struts: Unvalidated Action Form', + status: 'Incomplete', + }, + { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, + { + id: 'CWE-11', + name: 'ASP.NET Misconfiguration: Creating Debug Binary', + status: 'Draft', + }, + { + id: 'CWE-110', + name: 'Struts: Validator Without Form Field', + status: 'Draft', + }, + { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, + { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, + { + id: 'CWE-113', + name: "Failure to Sanitize CRLF Sequences in HTTP Headers ('HTTP Response Splitting')", + status: 'Incomplete', + }, + { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, + { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, + { + id: 'CWE-116', + name: 'Improper Encoding or Escaping of Output', + status: 'Draft', + }, + { + id: 'CWE-117', + name: 'Improper Output Sanitization for Logs', + status: 'Draft', + }, + { + id: 'CWE-118', + name: "Improper Access of Indexable Resource ('Range Error')", + status: 'Incomplete', + }, + { + id: 'CWE-119', + name: 'Failure to Constrain Operations within the Bounds of a Memory Buffer', + status: 'Usable', + }, + { + id: 'CWE-12', + name: 'ASP.NET Misconfiguration: Missing Custom Error Page', + status: 'Draft', + }, + { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, + { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, + { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, + { + id: 'CWE-124', + name: "Buffer Underwrite ('Buffer Underflow')", + status: 'Incomplete', + }, + { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, + { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, + { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, + { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, + { + id: 'CWE-129', + name: 'Improper Validation of Array Index', + status: 'Draft', + }, + { + id: 'CWE-13', + name: 'ASP.NET Misconfiguration: Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-130', + name: 'Improper Handling of Length Parameter Inconsistency ', + status: 'Incomplete', + }, + { + id: 'CWE-131', + name: 'Incorrect Calculation of Buffer Size', + status: 'Draft', + }, + { + id: 'CWE-132', + name: 'DEPRECATED (Duplicate): Miscalculated Null Termination', + status: 'Deprecated', + }, + { id: 'CWE-134', name: 'Uncontrolled Format String', status: 'Draft' }, + { + id: 'CWE-135', + name: 'Incorrect Calculation of Multi-Byte String Length', + status: 'Draft', + }, + { + id: 'CWE-138', + name: 'Improper Sanitization of Special Elements', + status: 'Draft', + }, + { + id: 'CWE-14', + name: 'Compiler Removal of Code to Clear Buffers', + status: 'Draft', + }, + { id: 'CWE-140', name: 'Failure to Sanitize Delimiters', status: 'Draft' }, + { + id: 'CWE-141', + name: 'Failure to Sanitize Parameter/Argument Delimiters', + status: 'Draft', + }, + { + id: 'CWE-142', + name: 'Failure to Sanitize Value Delimiters', + status: 'Draft', + }, + { + id: 'CWE-143', + name: 'Failure to Sanitize Record Delimiters', + status: 'Draft', + }, + { + id: 'CWE-144', + name: 'Failure to Sanitize Line Delimiters', + status: 'Draft', + }, + { + id: 'CWE-145', + name: 'Failure to Sanitize Section Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-146', + name: 'Failure to Sanitize Expression/Command Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-147', + name: 'Improper Sanitization of Input Terminators', + status: 'Draft', + }, + { + id: 'CWE-148', + name: 'Failure to Sanitize Input Leaders', + status: 'Draft', + }, + { + id: 'CWE-149', + name: 'Failure to Sanitize Quoting Syntax', + status: 'Draft', + }, + { + id: 'CWE-15', + name: 'External Control of System or Configuration Setting', + status: 'Incomplete', + }, + { + id: 'CWE-150', + name: 'Failure to Sanitize Escape, Meta, or Control Sequences', + status: 'Incomplete', + }, + { + id: 'CWE-151', + name: 'Improper Sanitization of Comment Delimiters', + status: 'Draft', + }, + { + id: 'CWE-152', + name: 'Improper Sanitization of Macro Symbols', + status: 'Draft', + }, + { + id: 'CWE-153', + name: 'Improper Sanitization of Substitution Characters', + status: 'Draft', + }, + { + id: 'CWE-154', + name: 'Improper Sanitization of Variable Name Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-155', + name: 'Improper Sanitization of Wildcards or Matching Symbols', + status: 'Draft', + }, + { + id: 'CWE-156', + name: 'Improper Sanitization of Whitespace', + status: 'Draft', + }, + { + id: 'CWE-157', + name: 'Failure to Sanitize Paired Delimiters', + status: 'Draft', + }, + { + id: 'CWE-158', + name: 'Failure to Sanitize Null Byte or NUL Character', + status: 'Incomplete', + }, + { + id: 'CWE-159', + name: 'Failure to Sanitize Special Element', + status: 'Draft', + }, + { + id: 'CWE-160', + name: 'Improper Sanitization of Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-161', + name: 'Improper Sanitization of Multiple Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-162', + name: 'Improper Sanitization of Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-163', + name: 'Improper Sanitization of Multiple Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-164', + name: 'Improper Sanitization of Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-165', + name: 'Improper Sanitization of Multiple Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-166', + name: 'Improper Handling of Missing Special Element', + status: 'Draft', + }, + { + id: 'CWE-167', + name: 'Improper Handling of Additional Special Element', + status: 'Draft', + }, + { + id: 'CWE-168', + name: 'Failure to Resolve Inconsistent Special Elements', + status: 'Draft', + }, + { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, + { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, + { + id: 'CWE-173', + name: 'Failure to Handle Alternate Encoding', + status: 'Draft', + }, + { + id: 'CWE-174', + name: 'Double Decoding of the Same Data', + status: 'Draft', + }, + { + id: 'CWE-175', + name: 'Failure to Handle Mixed Encoding', + status: 'Draft', + }, + { + id: 'CWE-176', + name: 'Failure to Handle Unicode Encoding', + status: 'Draft', + }, + { + id: 'CWE-177', + name: 'Failure to Handle URL Encoding (Hex Encoding)', + status: 'Draft', + }, + { + id: 'CWE-178', + name: 'Failure to Resolve Case Sensitivity', + status: 'Incomplete', + }, + { + id: 'CWE-179', + name: 'Incorrect Behavior Order: Early Validation', + status: 'Incomplete', + }, + { + id: 'CWE-180', + name: 'Incorrect Behavior Order: Validate Before Canonicalize', + status: 'Draft', + }, + { + id: 'CWE-181', + name: 'Incorrect Behavior Order: Validate Before Filter', + status: 'Draft', + }, + { + id: 'CWE-182', + name: 'Collapse of Data Into Unsafe Value', + status: 'Draft', + }, + { id: 'CWE-183', name: 'Permissive Whitelist', status: 'Draft' }, + { id: 'CWE-184', name: 'Incomplete Blacklist', status: 'Draft' }, + { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, + { + id: 'CWE-186', + name: 'Overly Restrictive Regular Expression', + status: 'Draft', + }, + { id: 'CWE-187', name: 'Partial Comparison', status: 'Incomplete' }, + { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, + { + id: 'CWE-190', + name: 'Integer Overflow or Wraparound', + status: 'Incomplete', + }, + { + id: 'CWE-191', + name: 'Integer Underflow (Wrap or Wraparound)', + status: 'Draft', + }, + { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, + { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, + { + id: 'CWE-195', + name: 'Signed to Unsigned Conversion Error', + status: 'Draft', + }, + { + id: 'CWE-196', + name: 'Unsigned to Signed Conversion Error', + status: 'Draft', + }, + { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, + { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, + { id: 'CWE-20', name: 'Improper Input Validation', status: 'Usable' }, + { + id: 'CWE-200', + name: 'Information Leak (Information Disclosure)', + status: 'Incomplete', + }, + { + id: 'CWE-201', + name: 'Information Leak Through Sent Data', + status: 'Draft', + }, + { + id: 'CWE-202', + name: 'Privacy Leak through Data Queries', + status: 'Draft', + }, + { + id: 'CWE-203', + name: 'Discrepancy Information Leaks', + status: 'Incomplete', + }, + { + id: 'CWE-204', + name: 'Response Discrepancy Information Leak', + status: 'Incomplete', + }, + { + id: 'CWE-205', + name: 'Behavioral Discrepancy Information Leak', + status: 'Incomplete', + }, + { + id: 'CWE-206', + name: 'Internal Behavioral Inconsistency Information Leak', + status: 'Incomplete', + }, + { + id: 'CWE-207', + name: 'External Behavioral Inconsistency Information Leak', + status: 'Draft', + }, + { + id: 'CWE-208', + name: 'Timing Discrepancy Information Leak', + status: 'Incomplete', + }, + { id: 'CWE-209', name: 'Error Message Information Leak', status: 'Draft' }, + { + id: 'CWE-210', + name: 'Product-Generated Error Message Information Leak', + status: 'Draft', + }, + { + id: 'CWE-211', + name: 'Product-External Error Message Information Leak', + status: 'Incomplete', + }, + { + id: 'CWE-212', + name: 'Cross-boundary Cleansing Information Leak', + status: 'Incomplete', + }, + { id: 'CWE-213', name: 'Intended Information Leak', status: 'Draft' }, + { + id: 'CWE-214', + name: 'Process Environment Information Leak', + status: 'Incomplete', + }, + { + id: 'CWE-215', + name: 'Information Leak Through Debug Information', + status: 'Draft', + }, + { + id: 'CWE-216', + name: 'Containment Errors (Container Errors)', + status: 'Incomplete', + }, + { + id: 'CWE-217', + name: 'DEPRECATED: Failure to Protect Stored Data from Modification', + status: 'Deprecated', + }, + { + id: 'CWE-218', + name: 'DEPRECATED (Duplicate): Failure to provide confidentiality for stored data', + status: 'Deprecated', + }, + { id: 'CWE-219', name: 'Sensitive Data Under Web Root', status: 'Draft' }, + { id: 'CWE-22', name: 'Path Traversal', status: 'Draft' }, + { id: 'CWE-220', name: 'Sensitive Data Under FTP Root', status: 'Draft' }, + { + id: 'CWE-221', + name: 'Information Loss or Omission', + status: 'Incomplete', + }, + { + id: 'CWE-222', + name: 'Truncation of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-223', + name: 'Omission of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-224', + name: 'Obscured Security-relevant Information by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-225', + name: 'DEPRECATED (Duplicate): General Information Management Problems', + status: 'Deprecated', + }, + { + id: 'CWE-226', + name: 'Sensitive Information Uncleared Before Release', + status: 'Draft', + }, + { + id: 'CWE-227', + name: "Failure to Fulfill API Contract ('API Abuse')", + status: 'Draft', + }, + { + id: 'CWE-228', + name: 'Improper Handling of Syntactically Invalid Structure', + status: 'Incomplete', + }, + { + id: 'CWE-229', + name: 'Improper Handling of Values', + status: 'Incomplete', + }, + { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, + { + id: 'CWE-230', + name: 'Improper Handling of Missing Values', + status: 'Draft', + }, + { + id: 'CWE-231', + name: 'Improper Handling of Extra Values', + status: 'Draft', + }, + { + id: 'CWE-232', + name: 'Improper Handling of Undefined Values', + status: 'Draft', + }, + { id: 'CWE-233', name: 'Parameter Problems', status: 'Incomplete' }, + { + id: 'CWE-234', + name: 'Failure to Handle Missing Parameter', + status: 'Incomplete', + }, + { + id: 'CWE-235', + name: 'Improper Handling of Extra Parameters', + status: 'Draft', + }, + { + id: 'CWE-236', + name: 'Improper Handling of Undefined Parameters', + status: 'Draft', + }, + { + id: 'CWE-237', + name: 'Improper Handling of Structural Elements', + status: 'Incomplete', + }, + { + id: 'CWE-238', + name: 'Improper Handling of Incomplete Structural Elements', + status: 'Draft', + }, + { + id: 'CWE-239', + name: 'Failure to Handle Incomplete Element', + status: 'Draft', + }, + { + id: 'CWE-24', + name: "Path Traversal: '../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-240', + name: 'Improper Handling of Inconsistent Structural Elements', + status: 'Draft', + }, + { + id: 'CWE-241', + name: 'Improper Handling of Unexpected Data Type', + status: 'Draft', + }, + { + id: 'CWE-242', + name: 'Use of Inherently Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-243', + name: 'Failure to Change Working Directory in chroot Jail', + status: 'Draft', + }, + { + id: 'CWE-244', + name: "Failure to Clear Heap Memory Before Release ('Heap Inspection')", + status: 'Draft', + }, + { + id: 'CWE-245', + name: 'J2EE Bad Practices: Direct Management of Connections', + status: 'Draft', + }, + { + id: 'CWE-246', + name: 'J2EE Bad Practices: Direct Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-247', + name: 'Reliance on DNS Lookups in a Security Decision', + status: 'Incomplete', + }, + { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, + { + id: 'CWE-249', + name: 'DEPRECATED: Often Misused: Path Manipulation', + status: 'Deprecated', + }, + { + id: 'CWE-25', + name: "Path Traversal: '/../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-250', + name: 'Execution with Unnecessary Privileges', + status: 'Draft', + }, + { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, + { + id: 'CWE-253', + name: 'Incorrect Check of Function Return Value', + status: 'Incomplete', + }, + { + id: 'CWE-256', + name: 'Plaintext Storage of a Password', + status: 'Incomplete', + }, + { + id: 'CWE-257', + name: 'Storing Passwords in a Recoverable Format', + status: 'Incomplete', + }, + { + id: 'CWE-258', + name: 'Empty Password in Configuration File', + status: 'Incomplete', + }, + { id: 'CWE-259', name: 'Hard-Coded Password', status: 'Draft' }, + { + id: 'CWE-26', + name: "Path Traversal: '/dir/../filename'", + status: 'Draft', + }, + { + id: 'CWE-260', + name: 'Password in Configuration File', + status: 'Incomplete', + }, + { + id: 'CWE-261', + name: 'Weak Cryptography for Passwords', + status: 'Incomplete', + }, + { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, + { + id: 'CWE-263', + name: 'Password Aging with Long Expiration', + status: 'Draft', + }, + { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, + { + id: 'CWE-267', + name: 'Privilege Defined With Unsafe Actions', + status: 'Incomplete', + }, + { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, + { + id: 'CWE-269', + name: 'Improper Privilege Management', + status: 'Incomplete', + }, + { + id: 'CWE-27', + name: "Path Traversal: 'dir/../../filename'", + status: 'Draft', + }, + { + id: 'CWE-270', + name: 'Privilege Context Switching Error', + status: 'Draft', + }, + { + id: 'CWE-271', + name: 'Privilege Dropping / Lowering Errors', + status: 'Incomplete', + }, + { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, + { + id: 'CWE-273', + name: 'Improper Check for Dropped Privileges', + status: 'Incomplete', + }, + { + id: 'CWE-274', + name: 'Improper Handling of Insufficient Privileges', + status: 'Draft', + }, + { id: 'CWE-276', name: 'Incorrect Default Permissions', status: 'Draft' }, + { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, + { + id: 'CWE-278', + name: 'Insecure Preserved Inherited Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-279', + name: 'Incorrect Execution-Assigned Permissions', + status: 'Draft', + }, + { + id: 'CWE-28', + name: "Path Traversal: '..\\filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-280', + name: 'Improper Handling of Insufficient Permissions or Privileges ', + status: 'Draft', + }, + { + id: 'CWE-281', + name: 'Improper Preservation of Permissions', + status: 'Draft', + }, + { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, + { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, + { + id: 'CWE-284', + name: 'Access Control (Authorization) Issues', + status: 'Incomplete', + }, + { + id: 'CWE-285', + name: 'Improper Access Control (Authorization)', + status: 'Draft', + }, + { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, + { id: 'CWE-287', name: 'Improper Authentication', status: 'Draft' }, + { + id: 'CWE-288', + name: 'Authentication Bypass Using an Alternate Path or Channel', + status: 'Incomplete', + }, + { + id: 'CWE-289', + name: 'Authentication Bypass by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-29', + name: "Path Traversal: '\\..\\filename'", + status: 'Incomplete', + }, + { + id: 'CWE-290', + name: 'Authentication Bypass by Spoofing', + status: 'Incomplete', + }, + { + id: 'CWE-292', + name: 'Trusting Self-reported DNS Name', + status: 'Incomplete', + }, + { + id: 'CWE-293', + name: 'Using Referer Field for Authentication', + status: 'Draft', + }, + { + id: 'CWE-294', + name: 'Authentication Bypass by Capture-replay', + status: 'Incomplete', + }, + { + id: 'CWE-296', + name: 'Improper Following of Chain of Trust for Certificate Validation', + status: 'Draft', + }, + { + id: 'CWE-297', + name: 'Improper Validation of Host-specific Certificate Data', + status: 'Incomplete', + }, + { + id: 'CWE-298', + name: 'Improper Validation of Certificate Expiration', + status: 'Draft', + }, + { + id: 'CWE-299', + name: 'Improper Check for Certificate Revocation', + status: 'Draft', + }, + { + id: 'CWE-30', + name: "Path Traversal: '\\dir\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-300', + name: "Channel Accessible by Non-Endpoint ('Man-in-the-Middle')", + status: 'Draft', + }, + { + id: 'CWE-301', + name: 'Reflection Attack in an Authentication Protocol', + status: 'Draft', + }, + { + id: 'CWE-302', + name: 'Authentication Bypass by Assumed-Immutable Data', + status: 'Incomplete', + }, + { + id: 'CWE-303', + name: 'Incorrect Implementation of Authentication Algorithm', + status: 'Draft', + }, + { + id: 'CWE-304', + name: 'Missing Critical Step in Authentication', + status: 'Draft', + }, + { + id: 'CWE-305', + name: 'Authentication Bypass by Primary Weakness', + status: 'Draft', + }, + { + id: 'CWE-306', + name: 'No Authentication for Critical Function', + status: 'Draft', + }, + { + id: 'CWE-307', + name: 'Failure to Restrict Excessive Authentication Attempts', + status: 'Draft', + }, + { + id: 'CWE-308', + name: 'Use of Single-factor Authentication', + status: 'Draft', + }, + { + id: 'CWE-309', + name: 'Use of Password System for Primary Authentication', + status: 'Draft', + }, + { + id: 'CWE-31', + name: "Path Traversal: 'dir\\..\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-311', + name: 'Failure to Encrypt Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-312', + name: 'Cleartext Storage of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-313', + name: 'Plaintext Storage in a File or on Disk', + status: 'Draft', + }, + { + id: 'CWE-314', + name: 'Plaintext Storage in the Registry', + status: 'Draft', + }, + { id: 'CWE-315', name: 'Plaintext Storage in a Cookie', status: 'Draft' }, + { id: 'CWE-316', name: 'Plaintext Storage in Memory', status: 'Draft' }, + { id: 'CWE-317', name: 'Plaintext Storage in GUI', status: 'Draft' }, + { id: 'CWE-318', name: 'Plaintext Storage in Executable', status: 'Draft' }, + { + id: 'CWE-319', + name: 'Cleartext Transmission of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-32', + name: "Path Traversal: '...' (Triple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-321', + name: 'Use of Hard-coded Cryptographic Key', + status: 'Draft', + }, + { + id: 'CWE-322', + name: 'Key Exchange without Entity Authentication', + status: 'Draft', + }, + { + id: 'CWE-323', + name: 'Reusing a Nonce, Key Pair in Encryption', + status: 'Incomplete', + }, + { + id: 'CWE-324', + name: 'Use of a Key Past its Expiration Date', + status: 'Draft', + }, + { + id: 'CWE-325', + name: 'Missing Required Cryptographic Step', + status: 'Incomplete', + }, + { id: 'CWE-326', name: 'Inadequate Encryption Strength', status: 'Draft' }, + { + id: 'CWE-327', + name: 'Use of a Broken or Risky Cryptographic Algorithm', + status: 'Draft', + }, + { id: 'CWE-328', name: 'Reversible One-Way Hash', status: 'Draft' }, + { + id: 'CWE-329', + name: 'Not Using a Random IV with CBC Mode', + status: 'Draft', + }, + { + id: 'CWE-33', + name: "Path Traversal: '....' (Multiple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-330', + name: 'Use of Insufficiently Random Values', + status: 'Draft', + }, + { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, + { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, + { + id: 'CWE-333', + name: 'Improper Handling of Insufficient Entropy in TRNG', + status: 'Draft', + }, + { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, + { id: 'CWE-335', name: 'PRNG Seed Error', status: 'Draft' }, + { id: 'CWE-336', name: 'Same Seed in PRNG', status: 'Draft' }, + { id: 'CWE-337', name: 'Predictable Seed in PRNG', status: 'Draft' }, + { + id: 'CWE-338', + name: 'Use of Cryptographically Weak PRNG', + status: 'Draft', + }, + { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, + { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, + { id: 'CWE-340', name: 'Predictability Problems', status: 'Incomplete' }, + { + id: 'CWE-341', + name: 'Predictable from Observable State', + status: 'Draft', + }, + { + id: 'CWE-342', + name: 'Predictable Exact Value from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-343', + name: 'Predictable Value Range from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-344', + name: 'Use of Invariant Value in Dynamically Changing Context', + status: 'Draft', + }, + { + id: 'CWE-345', + name: 'Insufficient Verification of Data Authenticity', + status: 'Draft', + }, + { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, + { + id: 'CWE-347', + name: 'Improper Verification of Cryptographic Signature', + status: 'Draft', + }, + { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, + { + id: 'CWE-349', + name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', + status: 'Draft', + }, + { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, + { id: 'CWE-350', name: 'Improperly Trusted Reverse DNS', status: 'Draft' }, + { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, + { + id: 'CWE-353', + name: 'Failure to Add Integrity Check Value', + status: 'Draft', + }, + { + id: 'CWE-354', + name: 'Improper Validation of Integrity Check Value', + status: 'Draft', + }, + { + id: 'CWE-356', + name: 'Product UI does not Warn User of Unsafe Actions', + status: 'Incomplete', + }, + { + id: 'CWE-357', + name: 'Insufficient UI Warning of Dangerous Operations', + status: 'Draft', + }, + { + id: 'CWE-358', + name: 'Improperly Implemented Security Check for Standard', + status: 'Draft', + }, + { id: 'CWE-359', name: 'Privacy Violation', status: 'Incomplete' }, + { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, + { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, + { id: 'CWE-362', name: 'Race Condition', status: 'Draft' }, + { + id: 'CWE-363', + name: 'Race Condition Enabling Link Following', + status: 'Draft', + }, + { + id: 'CWE-364', + name: 'Signal Handler Race Condition', + status: 'Incomplete', + }, + { id: 'CWE-365', name: 'Race Condition in Switch', status: 'Draft' }, + { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, + { + id: 'CWE-367', + name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', + status: 'Incomplete', + }, + { + id: 'CWE-368', + name: 'Context Switching Race Condition', + status: 'Draft', + }, + { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, + { + id: 'CWE-37', + name: "Path Traversal: '/absolute/pathname/here'", + status: 'Draft', + }, + { + id: 'CWE-370', + name: 'Missing Check for Certificate Revocation after Initial Check', + status: 'Draft', + }, + { + id: 'CWE-372', + name: 'Incomplete Internal State Distinction', + status: 'Draft', + }, + { id: 'CWE-373', name: 'State Synchronization Error', status: 'Draft' }, + { + id: 'CWE-374', + name: 'Mutable Objects Passed by Reference', + status: 'Draft', + }, + { + id: 'CWE-375', + name: 'Passing Mutable Objects to an Untrusted Method', + status: 'Draft', + }, + { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, + { + id: 'CWE-378', + name: 'Creation of Temporary File With Insecure Permissions', + status: 'Draft', + }, + { + id: 'CWE-379', + name: 'Creation of Temporary File in Directory with Incorrect Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-38', + name: "Path Traversal: '\\absolute\\pathname\\here'", + status: 'Draft', + }, + { + id: 'CWE-382', + name: 'J2EE Bad Practices: Use of System.exit()', + status: 'Draft', + }, + { + id: 'CWE-383', + name: 'J2EE Bad Practices: Direct Use of Threads', + status: 'Draft', + }, + { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, + { + id: 'CWE-386', + name: 'Symbolic Name not Mapping to Correct Object', + status: 'Draft', + }, + { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, + { + id: 'CWE-390', + name: 'Detection of Error Condition Without Action', + status: 'Draft', + }, + { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, + { + id: 'CWE-392', + name: 'Failure to Report Error in Status Code', + status: 'Draft', + }, + { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, + { + id: 'CWE-394', + name: 'Unexpected Status Code or Return Value', + status: 'Draft', + }, + { + id: 'CWE-395', + name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', + status: 'Draft', + }, + { + id: 'CWE-396', + name: 'Declaration of Catch for Generic Exception', + status: 'Draft', + }, + { + id: 'CWE-397', + name: 'Declaration of Throws for Generic Exception', + status: 'Draft', + }, + { id: 'CWE-398', name: 'Indicator of Poor Code Quality', status: 'Draft' }, + { + id: 'CWE-40', + name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", + status: 'Draft', + }, + { + id: 'CWE-400', + name: "Uncontrolled Resource Consumption ('Resource Exhaustion')", + status: 'Incomplete', + }, + { + id: 'CWE-401', + name: "Failure to Release Memory Before Removing Last Reference ('Memory Leak')", + status: 'Draft', + }, + { + id: 'CWE-402', + name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", + status: 'Draft', + }, + { id: 'CWE-403', name: 'UNIX File Descriptor Leak', status: 'Draft' }, + { + id: 'CWE-404', + name: 'Improper Resource Shutdown or Release', + status: 'Draft', + }, + { + id: 'CWE-405', + name: 'Asymmetric Resource Consumption (Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-406', + name: 'Insufficient Control of Network Message Volume (Network Amplification)', + status: 'Incomplete', + }, + { id: 'CWE-407', name: 'Algorithmic Complexity', status: 'Incomplete' }, + { + id: 'CWE-408', + name: 'Incorrect Behavior Order: Early Amplification', + status: 'Draft', + }, + { + id: 'CWE-409', + name: 'Improper Handling of Highly Compressed Data (Data Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-41', + name: 'Improper Resolution of Path Equivalence', + status: 'Incomplete', + }, + { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, + { + id: 'CWE-412', + name: 'Unrestricted Externally Accessible Lock', + status: 'Incomplete', + }, + { id: 'CWE-413', name: 'Insufficient Resource Locking', status: 'Draft' }, + { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, + { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, + { id: 'CWE-416', name: 'Use After Free', status: 'Draft' }, + { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, + { + id: 'CWE-42', + name: "Path Equivalence: 'filename.' (Trailing Dot)", + status: 'Incomplete', + }, + { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, + { + id: 'CWE-421', + name: 'Race Condition During Access to Alternate Channel', + status: 'Draft', + }, + { + id: 'CWE-422', + name: "Unprotected Windows Messaging Channel ('Shatter')", + status: 'Draft', + }, + { + id: 'CWE-423', + name: 'DEPRECATED (Duplicate): Proxied Trusted Channel', + status: 'Deprecated', + }, + { + id: 'CWE-424', + name: 'Failure to Protect Alternate Path', + status: 'Draft', + }, + { + id: 'CWE-425', + name: "Direct Request ('Forced Browsing')", + status: 'Incomplete', + }, + { + id: 'CWE-427', + name: 'Uncontrolled Search Path Element', + status: 'Draft', + }, + { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, + { + id: 'CWE-43', + name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-430', + name: 'Deployment of Wrong Handler', + status: 'Incomplete', + }, + { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, + { + id: 'CWE-432', + name: 'Dangerous Handler not Disabled During Sensitive Operations', + status: 'Draft', + }, + { + id: 'CWE-433', + name: 'Unparsed Raw Web Content Delivery', + status: 'Incomplete', + }, + { id: 'CWE-435', name: 'Interaction Error', status: 'Draft' }, + { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, + { + id: 'CWE-437', + name: 'Incomplete Model of Endpoint Features', + status: 'Incomplete', + }, + { + id: 'CWE-439', + name: 'Behavioral Change in New Version or Environment', + status: 'Draft', + }, + { + id: 'CWE-44', + name: "Path Equivalence: 'file.name' (Internal Dot)", + status: 'Incomplete', + }, + { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, + { id: 'CWE-441', name: 'Unintended Proxy/Intermediary', status: 'Draft' }, + { + id: 'CWE-443', + name: 'DEPRECATED (Duplicate): HTTP response splitting', + status: 'Deprecated', + }, + { + id: 'CWE-444', + name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')", + status: 'Incomplete', + }, + { + id: 'CWE-446', + name: 'UI Discrepancy for Security Feature', + status: 'Incomplete', + }, + { + id: 'CWE-447', + name: 'Unimplemented or Unsupported Feature in UI', + status: 'Draft', + }, + { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, + { + id: 'CWE-449', + name: 'The UI Performs the Wrong Action', + status: 'Incomplete', + }, + { + id: 'CWE-45', + name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-450', + name: 'Multiple Interpretations of UI Input', + status: 'Draft', + }, + { + id: 'CWE-451', + name: 'UI Misrepresentation of Critical Information', + status: 'Draft', + }, + { + id: 'CWE-453', + name: 'Insecure Default Variable Initialization', + status: 'Draft', + }, + { + id: 'CWE-454', + name: 'External Initialization of Trusted Variables', + status: 'Draft', + }, + { + id: 'CWE-455', + name: 'Non-exit on Failed Initialization', + status: 'Draft', + }, + { id: 'CWE-456', name: 'Missing Initialization', status: 'Draft' }, + { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, + { + id: 'CWE-458', + name: 'DEPRECATED: Incorrect Initialization', + status: 'Deprecated', + }, + { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, + { + id: 'CWE-46', + name: "Path Equivalence: 'filename ' (Trailing Space)", + status: 'Incomplete', + }, + { + id: 'CWE-460', + name: 'Improper Cleanup on Thrown Exception', + status: 'Draft', + }, + { + id: 'CWE-462', + name: 'Duplicate Key in Associative List (Alist)', + status: 'Incomplete', + }, + { + id: 'CWE-463', + name: 'Deletion of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-464', + name: 'Addition of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-466', + name: 'Return of Pointer Value Outside of Expected Range', + status: 'Draft', + }, + { + id: 'CWE-467', + name: 'Use of sizeof() on a Pointer Type', + status: 'Draft', + }, + { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, + { + id: 'CWE-469', + name: 'Use of Pointer Subtraction to Determine Size', + status: 'Draft', + }, + { + id: 'CWE-47', + name: "Path Equivalence: ' filename (Leading Space)", + status: 'Incomplete', + }, + { + id: 'CWE-470', + name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", + status: 'Draft', + }, + { + id: 'CWE-471', + name: 'Modification of Assumed-Immutable Data (MAID)', + status: 'Draft', + }, + { + id: 'CWE-472', + name: 'External Control of Assumed-Immutable Web Parameter', + status: 'Draft', + }, + { + id: 'CWE-473', + name: 'PHP External Variable Modification', + status: 'Draft', + }, + { + id: 'CWE-474', + name: 'Use of Function with Inconsistent Implementations', + status: 'Draft', + }, + { + id: 'CWE-475', + name: 'Undefined Behavior for Input to API', + status: 'Incomplete', + }, + { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Draft' }, + { id: 'CWE-477', name: 'Use of Obsolete Functions', status: 'Draft' }, + { + id: 'CWE-478', + name: 'Missing Default Case in Switch Statement', + status: 'Draft', + }, + { + id: 'CWE-479', + name: 'Unsafe Function Call from a Signal Handler', + status: 'Draft', + }, + { + id: 'CWE-48', + name: "Path Equivalence: 'file name' (Internal Whitespace)", + status: 'Incomplete', + }, + { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, + { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, + { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, + { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, + { + id: 'CWE-484', + name: 'Omitted Break Statement in Switch', + status: 'Draft', + }, + { id: 'CWE-485', name: 'Insufficient Encapsulation', status: 'Draft' }, + { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, + { + id: 'CWE-487', + name: 'Reliance on Package-level Scope', + status: 'Incomplete', + }, + { id: 'CWE-488', name: 'Data Leak Between Sessions', status: 'Draft' }, + { id: 'CWE-489', name: 'Leftover Debug Code', status: 'Draft' }, + { + id: 'CWE-49', + name: "Path Equivalence: 'filename/' (Trailing Slash)", + status: 'Incomplete', + }, + { + id: 'CWE-491', + name: "Public cloneable() Method Without Final ('Object Hijack')", + status: 'Draft', + }, + { + id: 'CWE-492', + name: 'Use of Inner Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-493', + name: 'Critical Public Variable Without Final Modifier', + status: 'Draft', + }, + { + id: 'CWE-494', + name: 'Download of Code Without Integrity Check', + status: 'Draft', + }, + { + id: 'CWE-495', + name: 'Private Array-Typed Field Returned From A Public Method', + status: 'Draft', + }, + { + id: 'CWE-496', + name: 'Public Data Assigned to Private Array-Typed Field', + status: 'Incomplete', + }, + { + id: 'CWE-497', + name: 'Information Leak of System Data', + status: 'Incomplete', + }, + { + id: 'CWE-498', + name: 'Information Leak through Class Cloning', + status: 'Draft', + }, + { + id: 'CWE-499', + name: 'Serializable Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-5', + name: 'J2EE Misconfiguration: Data Transmission Without Encryption', + status: 'Draft', + }, + { + id: 'CWE-50', + name: "Path Equivalence: '//multiple/leading/slash'", + status: 'Incomplete', + }, + { + id: 'CWE-500', + name: 'Public Static Field Not Marked Final', + status: 'Draft', + }, + { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, + { + id: 'CWE-502', + name: 'Deserialization of Untrusted Data', + status: 'Draft', + }, + { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, + { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, + { + id: 'CWE-508', + name: 'Non-Replicating Malicious Code', + status: 'Incomplete', + }, + { + id: 'CWE-509', + name: 'Replicating Malicious Code (Virus or Worm)', + status: 'Incomplete', + }, + { + id: 'CWE-51', + name: "Path Equivalence: '/multiple//internal/slash'", + status: 'Incomplete', + }, + { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, + { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, + { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, + { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, + { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, + { + id: 'CWE-516', + name: 'DEPRECATED (Duplicate): Covert Timing Channel', + status: 'Deprecated', + }, + { + id: 'CWE-52', + name: "Path Equivalence: '/multiple/trailing/slash//'", + status: 'Incomplete', + }, + { + id: 'CWE-520', + name: '.NET Misconfiguration: Use of Impersonation', + status: 'Incomplete', + }, + { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, + { + id: 'CWE-522', + name: 'Insufficiently Protected Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-523', + name: 'Unprotected Transport of Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-524', + name: 'Information Leak Through Caching', + status: 'Incomplete', + }, + { + id: 'CWE-525', + name: 'Information Leak Through Browser Caching', + status: 'Incomplete', + }, + { + id: 'CWE-526', + name: 'Information Leak Through Environmental Variables', + status: 'Incomplete', + }, + { + id: 'CWE-527', + name: 'Information Leak Through CVS Repository', + status: 'Incomplete', + }, + { + id: 'CWE-528', + name: 'Information Leak Through Core Dump Files', + status: 'Draft', + }, + { + id: 'CWE-529', + name: 'Information Leak Through Access Control List Files', + status: 'Incomplete', + }, + { + id: 'CWE-53', + name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", + status: 'Incomplete', + }, + { + id: 'CWE-530', + name: 'Information Leak Through Backup (.~bk) Files', + status: 'Incomplete', + }, + { + id: 'CWE-531', + name: 'Information Leak Through Test Code', + status: 'Incomplete', + }, + { + id: 'CWE-532', + name: 'Information Leak Through Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-533', + name: 'Information Leak Through Server Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-534', + name: 'Information Leak Through Debug Log Files', + status: 'Draft', + }, + { + id: 'CWE-535', + name: 'Information Leak Through Shell Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-536', + name: 'Information Leak Through Servlet Runtime Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-537', + name: 'Information Leak Through Java Runtime Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-538', + name: 'File and Directory Information Leaks', + status: 'Draft', + }, + { + id: 'CWE-539', + name: 'Information Leak Through Persistent Cookies', + status: 'Incomplete', + }, + { + id: 'CWE-54', + name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", + status: 'Incomplete', + }, + { + id: 'CWE-540', + name: 'Information Leak Through Source Code', + status: 'Incomplete', + }, + { + id: 'CWE-541', + name: 'Information Leak Through Include Source Code', + status: 'Incomplete', + }, + { + id: 'CWE-542', + name: 'Information Leak Through Cleanup Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-543', + name: 'Use of Singleton Pattern in a Non-thread-safe Manner', + status: 'Incomplete', + }, + { + id: 'CWE-544', + name: 'Failure to Use a Standardized Error Handling Mechanism', + status: 'Draft', + }, + { + id: 'CWE-545', + name: 'Use of Dynamic Class Loading', + status: 'Incomplete', + }, + { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, + { + id: 'CWE-547', + name: 'Use of Hard-coded, Security-relevant Constants', + status: 'Draft', + }, + { + id: 'CWE-548', + name: 'Information Leak Through Directory Listing', + status: 'Draft', + }, + { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, + { + id: 'CWE-55', + name: "Path Equivalence: '/./' (Single Dot Directory)", + status: 'Incomplete', + }, + { + id: 'CWE-550', + name: 'Information Leak Through Server Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-551', + name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', + status: 'Incomplete', + }, + { + id: 'CWE-552', + name: 'Files or Directories Accessible to External Parties', + status: 'Draft', + }, + { + id: 'CWE-553', + name: 'Command Shell in Externally Accessible Directory', + status: 'Incomplete', + }, + { + id: 'CWE-554', + name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', + status: 'Draft', + }, + { + id: 'CWE-555', + name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-556', + name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', + status: 'Incomplete', + }, + { + id: 'CWE-558', + name: 'Use of getlogin() in Multithreaded Application', + status: 'Draft', + }, + { + id: 'CWE-56', + name: "Path Equivalence: 'filedir*' (Wildcard)", + status: 'Incomplete', + }, + { + id: 'CWE-560', + name: 'Use of umask() with chmod-style Argument', + status: 'Draft', + }, + { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, + { + id: 'CWE-562', + name: 'Return of Stack Variable Address', + status: 'Draft', + }, + { id: 'CWE-563', name: 'Unused Variable', status: 'Draft' }, + { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, + { + id: 'CWE-565', + name: 'Reliance on Cookies without Validation and Integrity Checking', + status: 'Incomplete', + }, + { + id: 'CWE-566', + name: 'Access Control Bypass Through User-Controlled SQL Primary Key', + status: 'Incomplete', + }, + { + id: 'CWE-567', + name: 'Unsynchronized Access to Shared Data', + status: 'Draft', + }, + { + id: 'CWE-568', + name: 'finalize() Method Without super.finalize()', + status: 'Draft', + }, + { + id: 'CWE-57', + name: "Path Equivalence: 'fakedir/../realdir/filename'", + status: 'Incomplete', + }, + { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, + { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, + { + id: 'CWE-572', + name: 'Call to Thread run() instead of start()', + status: 'Draft', + }, + { id: 'CWE-573', name: 'Failure to Follow Specification', status: 'Draft' }, + { + id: 'CWE-574', + name: 'EJB Bad Practices: Use of Synchronization Primitives', + status: 'Draft', + }, + { + id: 'CWE-575', + name: 'EJB Bad Practices: Use of AWT Swing', + status: 'Draft', + }, + { + id: 'CWE-576', + name: 'EJB Bad Practices: Use of Java I/O', + status: 'Draft', + }, + { + id: 'CWE-577', + name: 'EJB Bad Practices: Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-578', + name: 'EJB Bad Practices: Use of Class Loader', + status: 'Draft', + }, + { + id: 'CWE-579', + name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', + status: 'Draft', + }, + { + id: 'CWE-58', + name: 'Path Equivalence: Windows 8.3 Filename', + status: 'Incomplete', + }, + { + id: 'CWE-580', + name: 'clone() Method Without super.clone()', + status: 'Draft', + }, + { + id: 'CWE-581', + name: 'Object Model Violation: Just One of Equals and Hashcode Defined', + status: 'Draft', + }, + { + id: 'CWE-582', + name: 'Array Declared Public, Final, and Static', + status: 'Draft', + }, + { + id: 'CWE-583', + name: 'finalize() Method Declared Public', + status: 'Incomplete', + }, + { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, + { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, + { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, + { + id: 'CWE-587', + name: 'Assignment of a Fixed Address to a Pointer', + status: 'Draft', + }, + { + id: 'CWE-588', + name: 'Attempt to Access Child of a Non-structure Pointer', + status: 'Incomplete', + }, + { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, + { + id: 'CWE-59', + name: "Improper Link Resolution Before File Access ('Link Following')", + status: 'Draft', + }, + { + id: 'CWE-590', + name: 'Free of Memory not on the Heap', + status: 'Incomplete', + }, + { + id: 'CWE-591', + name: 'Sensitive Data Storage in Improperly Locked Memory', + status: 'Draft', + }, + { + id: 'CWE-592', + name: 'Authentication Bypass Issues', + status: 'Incomplete', + }, + { + id: 'CWE-593', + name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', + status: 'Draft', + }, + { + id: 'CWE-594', + name: 'J2EE Framework: Saving Unserializable Objects to Disk', + status: 'Incomplete', + }, + { + id: 'CWE-595', + name: 'Comparison of Object References Instead of Object Contents', + status: 'Incomplete', + }, + { + id: 'CWE-596', + name: 'Incorrect Semantic Object Comparison', + status: 'Incomplete', + }, + { + id: 'CWE-597', + name: 'Use of Wrong Operator in String Comparison', + status: 'Draft', + }, + { + id: 'CWE-598', + name: 'Information Leak Through Query Strings in GET Request', + status: 'Draft', + }, + { + id: 'CWE-599', + name: 'Trust of OpenSSL Certificate Without Validation', + status: 'Incomplete', + }, + { + id: 'CWE-6', + name: 'J2EE Misconfiguration: Insufficient Session-ID Length', + status: 'Incomplete', + }, + { + id: 'CWE-600', + name: 'Failure to Catch All Exceptions in Servlet ', + status: 'Draft', + }, + { + id: 'CWE-601', + name: "URL Redirection to Untrusted Site ('Open Redirect')", + status: 'Draft', + }, + { + id: 'CWE-602', + name: 'Client-Side Enforcement of Server-Side Security', + status: 'Draft', + }, + { + id: 'CWE-603', + name: 'Use of Client-Side Authentication', + status: 'Draft', + }, + { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, + { + id: 'CWE-606', + name: 'Unchecked Input for Loop Condition', + status: 'Draft', + }, + { + id: 'CWE-607', + name: 'Public Static Final Field References Mutable Object', + status: 'Draft', + }, + { + id: 'CWE-608', + name: 'Struts: Non-private Field in ActionForm Class', + status: 'Draft', + }, + { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, + { + id: 'CWE-610', + name: 'Externally Controlled Reference to a Resource in Another Sphere', + status: 'Draft', + }, + { + id: 'CWE-611', + name: 'Information Leak Through XML External Entity File Disclosure', + status: 'Draft', + }, + { + id: 'CWE-612', + name: 'Information Leak Through Indexing of Private Data', + status: 'Draft', + }, + { + id: 'CWE-613', + name: 'Insufficient Session Expiration', + status: 'Incomplete', + }, + { + id: 'CWE-614', + name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", + status: 'Draft', + }, + { + id: 'CWE-615', + name: 'Information Leak Through Comments', + status: 'Incomplete', + }, + { + id: 'CWE-616', + name: 'Incomplete Identification of Uploaded File Variables (PHP)', + status: 'Incomplete', + }, + { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, + { + id: 'CWE-618', + name: 'Exposed Unsafe ActiveX Method', + status: 'Incomplete', + }, + { + id: 'CWE-619', + name: "Dangling Database Cursor ('Cursor Injection')", + status: 'Incomplete', + }, + { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, + { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, + { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, + { + id: 'CWE-622', + name: 'Unvalidated Function Hook Arguments', + status: 'Draft', + }, + { + id: 'CWE-623', + name: 'Unsafe ActiveX Control Marked Safe For Scripting', + status: 'Draft', + }, + { + id: 'CWE-624', + name: 'Executable Regular Expression Error', + status: 'Incomplete', + }, + { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, + { + id: 'CWE-626', + name: 'Null Byte Interaction Error (Poison Null Byte)', + status: 'Draft', + }, + { + id: 'CWE-627', + name: 'Dynamic Variable Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-628', + name: 'Function Call with Incorrectly Specified Arguments', + status: 'Draft', + }, + { + id: 'CWE-636', + name: "Not Failing Securely ('Failing Open')", + status: 'Draft', + }, + { + id: 'CWE-637', + name: 'Failure to Use Economy of Mechanism', + status: 'Draft', + }, + { + id: 'CWE-638', + name: 'Failure to Use Complete Mediation', + status: 'Draft', + }, + { + id: 'CWE-639', + name: 'Access Control Bypass Through User-Controlled Key', + status: 'Incomplete', + }, + { + id: 'CWE-64', + name: 'Windows Shortcut Following (.LNK)', + status: 'Incomplete', + }, + { + id: 'CWE-640', + name: 'Weak Password Recovery Mechanism for Forgotten Password', + status: 'Incomplete', + }, + { + id: 'CWE-641', + name: 'Insufficient Filtering of File and Other Resource Names for Executable Content', + status: 'Incomplete', + }, + { + id: 'CWE-642', + name: 'External Control of Critical State Data', + status: 'Draft', + }, + { + id: 'CWE-643', + name: "Failure to Sanitize Data within XPath Expressions ('XPath injection')", + status: 'Incomplete', + }, + { + id: 'CWE-644', + name: 'Improper Sanitization of HTTP Headers for Scripting Syntax', + status: 'Incomplete', + }, + { + id: 'CWE-645', + name: 'Overly Restrictive Account Lockout Mechanism', + status: 'Incomplete', + }, + { + id: 'CWE-646', + name: 'Reliance on File Name or Extension of Externally-Supplied File', + status: 'Incomplete', + }, + { + id: 'CWE-647', + name: 'Use of Non-Canonical URL Paths for Authorization Decisions', + status: 'Incomplete', + }, + { + id: 'CWE-648', + name: 'Incorrect Use of Privileged APIs', + status: 'Incomplete', + }, + { + id: 'CWE-649', + name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', + status: 'Incomplete', + }, + { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, + { + id: 'CWE-650', + name: 'Trusting HTTP Permission Methods on the Server Side', + status: 'Incomplete', + }, + { + id: 'CWE-651', + name: 'Information Leak through WSDL File', + status: 'Incomplete', + }, + { + id: 'CWE-652', + name: "Failure to Sanitize Data within XQuery Expressions ('XQuery Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-653', + name: 'Insufficient Compartmentalization', + status: 'Draft', + }, + { + id: 'CWE-654', + name: 'Reliance on a Single Factor in a Security Decision', + status: 'Draft', + }, + { + id: 'CWE-655', + name: 'Insufficient Psychological Acceptability', + status: 'Draft', + }, + { + id: 'CWE-656', + name: 'Reliance on Security through Obscurity', + status: 'Draft', + }, + { + id: 'CWE-657', + name: 'Violation of Secure Design Principles', + status: 'Draft', + }, + { + id: 'CWE-66', + name: 'Improper Handling of File Names that Identify Virtual Resources', + status: 'Draft', + }, + { id: 'CWE-662', name: 'Insufficient Synchronization', status: 'Draft' }, + { + id: 'CWE-663', + name: 'Use of a Non-reentrant Function in an Unsynchronized Context', + status: 'Draft', + }, + { + id: 'CWE-664', + name: 'Improper Control of a Resource Through its Lifetime', + status: 'Draft', + }, + { id: 'CWE-665', name: 'Improper Initialization', status: 'Draft' }, + { + id: 'CWE-666', + name: 'Operation on Resource in Wrong Phase of Lifetime', + status: 'Draft', + }, + { id: 'CWE-667', name: 'Insufficient Locking', status: 'Draft' }, + { + id: 'CWE-668', + name: 'Exposure of Resource to Wrong Sphere', + status: 'Draft', + }, + { + id: 'CWE-669', + name: 'Incorrect Resource Transfer Between Spheres', + status: 'Draft', + }, + { + id: 'CWE-67', + name: 'Improper Handling of Windows Device Names', + status: 'Incomplete', + }, + { + id: 'CWE-670', + name: 'Always-Incorrect Control Flow Implementation', + status: 'Draft', + }, + { + id: 'CWE-671', + name: 'Lack of Administrator Control over Security', + status: 'Draft', + }, + { + id: 'CWE-672', + name: 'Use of a Resource after Expiration or Release', + status: 'Draft', + }, + { + id: 'CWE-673', + name: 'External Influence of Sphere Definition', + status: 'Draft', + }, + { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, + { + id: 'CWE-675', + name: 'Duplicate Operations on Resource', + status: 'Draft', + }, + { + id: 'CWE-676', + name: 'Use of Potentially Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-681', + name: 'Incorrect Conversion between Numeric Types', + status: 'Draft', + }, + { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, + { + id: 'CWE-683', + name: 'Function Call With Incorrect Order of Arguments', + status: 'Draft', + }, + { + id: 'CWE-684', + name: 'Failure to Provide Specified Functionality', + status: 'Draft', + }, + { + id: 'CWE-685', + name: 'Function Call With Incorrect Number of Arguments', + status: 'Draft', + }, + { + id: 'CWE-686', + name: 'Function Call With Incorrect Argument Type', + status: 'Draft', + }, + { + id: 'CWE-687', + name: 'Function Call With Incorrectly Specified Argument Value', + status: 'Draft', + }, + { + id: 'CWE-688', + name: 'Function Call With Incorrect Variable or Reference as Argument', + status: 'Draft', + }, + { + id: 'CWE-69', + name: 'Failure to Handle Windows ::DATA Alternate Data Stream', + status: 'Incomplete', + }, + { + id: 'CWE-691', + name: 'Insufficient Control Flow Management', + status: 'Draft', + }, + { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, + { + id: 'CWE-694', + name: 'Use of Multiple Resources with Duplicate Identifier', + status: 'Incomplete', + }, + { + id: 'CWE-695', + name: 'Use of Low-Level Functionality', + status: 'Incomplete', + }, + { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, + { id: 'CWE-697', name: 'Insufficient Comparison', status: 'Incomplete' }, + { id: 'CWE-698', name: 'Redirect Without Exit', status: 'Incomplete' }, + { + id: 'CWE-7', + name: 'J2EE Misconfiguration: Missing Custom Error Page', + status: 'Incomplete', + }, + { + id: 'CWE-703', + name: 'Failure to Handle Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-704', + name: 'Incorrect Type Conversion or Cast', + status: 'Incomplete', + }, + { + id: 'CWE-705', + name: 'Incorrect Control Flow Scoping', + status: 'Incomplete', + }, + { + id: 'CWE-706', + name: 'Use of Incorrectly-Resolved Name or Reference', + status: 'Incomplete', + }, + { + id: 'CWE-707', + name: 'Improper Enforcement of Message or Data Structure', + status: 'Incomplete', + }, + { + id: 'CWE-708', + name: 'Incorrect Ownership Assignment', + status: 'Incomplete', + }, + { id: 'CWE-71', name: "Apple '.DS_Store'", status: 'Incomplete' }, + { id: 'CWE-710', name: 'Coding Standards Violation', status: 'Incomplete' }, + { + id: 'CWE-72', + name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', + status: 'Incomplete', + }, + { + id: 'CWE-73', + name: 'External Control of File Name or Path', + status: 'Draft', + }, + { + id: 'CWE-732', + name: 'Incorrect Permission Assignment for Critical Resource', + status: 'Draft', + }, + { + id: 'CWE-733', + name: 'Compiler Optimization Removal or Modification of Security-critical Code', + status: 'Incomplete', + }, + { + id: 'CWE-74', + name: "Failure to Sanitize Data into a Different Plane ('Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-749', + name: 'Exposed Dangerous Method or Function', + status: 'Incomplete', + }, + { + id: 'CWE-75', + name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', + status: 'Draft', + }, + { + id: 'CWE-754', + name: 'Improper Check for Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-755', + name: 'Improper Handling of Exceptional Conditions', + status: 'Incomplete', + }, + { id: 'CWE-756', name: 'Missing Custom Error Page', status: 'Incomplete' }, + { + id: 'CWE-757', + name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", + status: 'Incomplete', + }, + { + id: 'CWE-758', + name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', + status: 'Incomplete', + }, + { + id: 'CWE-759', + name: 'Use of a One-Way Hash without a Salt', + status: 'Incomplete', + }, + { + id: 'CWE-76', + name: 'Failure to Resolve Equivalent Special Elements into a Different Plane', + status: 'Draft', + }, + { + id: 'CWE-760', + name: 'Use of a One-Way Hash with a Predictable Salt', + status: 'Incomplete', + }, + { + id: 'CWE-761', + name: 'Free of Pointer not at Start of Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-762', + name: 'Mismatched Memory Management Routines', + status: 'Incomplete', + }, + { + id: 'CWE-763', + name: 'Release of Invalid Pointer or Reference', + status: 'Incomplete', + }, + { + id: 'CWE-764', + name: 'Multiple Locks of a Critical Resource', + status: 'Incomplete', + }, + { + id: 'CWE-765', + name: 'Multiple Unlocks of a Critical Resource', + status: 'Incomplete', + }, + { + id: 'CWE-766', + name: 'Critical Variable Declared Public', + status: 'Incomplete', + }, + { + id: 'CWE-767', + name: 'Access to Critical Private Variable via Public Method', + status: 'Incomplete', + }, + { + id: 'CWE-768', + name: 'Incorrect Short Circuit Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-77', + name: "Improper Sanitization of Special Elements used in a Command ('Command Injection')", + status: 'Draft', + }, + { + id: 'CWE-770', + name: 'Allocation of Resources Without Limits or Throttling', + status: 'Incomplete', + }, + { + id: 'CWE-771', + name: 'Missing Reference to Active Allocated Resource', + status: 'Incomplete', + }, + { + id: 'CWE-772', + name: 'Missing Release of Resource after Effective Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-773', + name: 'Missing Reference to Active File Descriptor or Handle', + status: 'Incomplete', + }, + { + id: 'CWE-774', + name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', + status: 'Incomplete', + }, + { + id: 'CWE-775', + name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-776', + name: "Unrestricted Recursive Entity References in DTDs ('XML Bomb')", + status: 'Draft', + }, + { + id: 'CWE-777', + name: 'Regular Expression without Anchors', + status: 'Incomplete', + }, + { id: 'CWE-778', name: 'Insufficient Logging', status: 'Draft' }, + { id: 'CWE-779', name: 'Logging of Excessive Data', status: 'Draft' }, + { + id: 'CWE-78', + name: "Improper Sanitization of Special Elements used in an OS Command ('OS Command Injection')", + status: 'Draft', + }, + { + id: 'CWE-780', + name: 'Use of RSA Algorithm without OAEP', + status: 'Incomplete', + }, + { + id: 'CWE-781', + name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', + status: 'Draft', + }, + { + id: 'CWE-782', + name: 'Exposed IOCTL with Insufficient Access Control', + status: 'Draft', + }, + { id: 'CWE-783', name: 'Operator Precedence Logic Error', status: 'Draft' }, + { + id: 'CWE-784', + name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', + status: 'Draft', + }, + { + id: 'CWE-785', + name: 'Use of Path Manipulation Function without Maximum-sized Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-786', + name: 'Access of Memory Location Before Start of Buffer', + status: 'Incomplete', + }, + { id: 'CWE-787', name: 'Out-of-bounds Write', status: 'Incomplete' }, + { + id: 'CWE-788', + name: 'Access of Memory Location After End of Buffer', + status: 'Incomplete', + }, + { id: 'CWE-789', name: 'Uncontrolled Memory Allocation', status: 'Draft' }, + { + id: 'CWE-79', + name: "Failure to Preserve Web Page Structure ('Cross-site Scripting')", + status: 'Usable', + }, + { + id: 'CWE-8', + name: 'J2EE Misconfiguration: Entity Bean Declared Remote', + status: 'Incomplete', + }, + { + id: 'CWE-80', + name: 'Improper Sanitization of Script-Related HTML Tags in a Web Page (Basic XSS)', + status: 'Incomplete', + }, + { + id: 'CWE-81', + name: 'Improper Sanitization of Script in an Error Message Web Page', + status: 'Incomplete', + }, + { + id: 'CWE-82', + name: 'Improper Sanitization of Script in Attributes of IMG Tags in a Web Page', + status: 'Incomplete', + }, + { + id: 'CWE-83', + name: 'Failure to Sanitize Script in Attributes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-84', + name: 'Failure to Resolve Encoded URI Schemes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-85', + name: 'Doubled Character XSS Manipulations', + status: 'Draft', + }, + { + id: 'CWE-86', + name: 'Failure to Sanitize Invalid Characters in Identifiers in Web Pages', + status: 'Draft', + }, + { + id: 'CWE-87', + name: 'Failure to Sanitize Alternate XSS Syntax', + status: 'Draft', + }, + { + id: 'CWE-88', + name: 'Argument Injection or Modification', + status: 'Draft', + }, + { + id: 'CWE-89', + name: "Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection')", + status: 'Draft', + }, + { + id: 'CWE-9', + name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', + status: 'Draft', + }, + { + id: 'CWE-90', + name: "Failure to Sanitize Data into LDAP Queries ('LDAP Injection')", + status: 'Draft', + }, + { + id: 'CWE-91', + name: 'XML Injection (aka Blind XPath Injection)', + status: 'Draft', + }, + { + id: 'CWE-92', + name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', + status: 'Deprecated', + }, + { + id: 'CWE-93', + name: "Failure to Sanitize CRLF Sequences ('CRLF Injection')", + status: 'Draft', + }, + { + id: 'CWE-94', + name: "Failure to Control Generation of Code ('Code Injection')", + status: 'Draft', + }, + { + id: 'CWE-95', + name: "Improper Sanitization of Directives in Dynamically Evaluated Code ('Eval Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-96', + name: "Improper Sanitization of Directives in Statically Saved Code ('Static Code Injection')", + status: 'Draft', + }, + { + id: 'CWE-97', + name: 'Failure to Sanitize Server-Side Includes (SSI) Within a Web Page', + status: 'Draft', + }, + { + id: 'CWE-99', + name: "Improper Control of Resource Identifiers ('Resource Injection')", + status: 'Draft', + }, + ], +} diff --git a/lib/cwec/1.7.js b/lib/cwec/1.7.js new file mode 100644 index 00000000..65a354b9 --- /dev/null +++ b/lib/cwec/1.7.js @@ -0,0 +1,2671 @@ +export default { + weaknesses: [ + { + id: 'CWE-102', + name: 'Struts: Duplicate Validation Forms', + status: 'Incomplete', + }, + { + id: 'CWE-103', + name: 'Struts: Incomplete validate() Method Definition', + status: 'Draft', + }, + { + id: 'CWE-104', + name: 'Struts: Form Bean Does Not Extend Validation Class', + status: 'Draft', + }, + { + id: 'CWE-105', + name: 'Struts: Form Field Without Validator', + status: 'Draft', + }, + { + id: 'CWE-106', + name: 'Struts: Plug-in Framework not in Use', + status: 'Draft', + }, + { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, + { + id: 'CWE-108', + name: 'Struts: Unvalidated Action Form', + status: 'Incomplete', + }, + { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, + { + id: 'CWE-11', + name: 'ASP.NET Misconfiguration: Creating Debug Binary', + status: 'Draft', + }, + { + id: 'CWE-110', + name: 'Struts: Validator Without Form Field', + status: 'Draft', + }, + { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, + { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, + { + id: 'CWE-113', + name: "Failure to Sanitize CRLF Sequences in HTTP Headers ('HTTP Response Splitting')", + status: 'Incomplete', + }, + { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, + { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, + { + id: 'CWE-116', + name: 'Improper Encoding or Escaping of Output', + status: 'Draft', + }, + { + id: 'CWE-117', + name: 'Improper Output Sanitization for Logs', + status: 'Draft', + }, + { + id: 'CWE-118', + name: "Improper Access of Indexable Resource ('Range Error')", + status: 'Incomplete', + }, + { + id: 'CWE-119', + name: 'Failure to Constrain Operations within the Bounds of a Memory Buffer', + status: 'Usable', + }, + { + id: 'CWE-12', + name: 'ASP.NET Misconfiguration: Missing Custom Error Page', + status: 'Draft', + }, + { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, + { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, + { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, + { + id: 'CWE-124', + name: "Buffer Underwrite ('Buffer Underflow')", + status: 'Incomplete', + }, + { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, + { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, + { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, + { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, + { + id: 'CWE-129', + name: 'Improper Validation of Array Index', + status: 'Draft', + }, + { + id: 'CWE-13', + name: 'ASP.NET Misconfiguration: Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-130', + name: 'Improper Handling of Length Parameter Inconsistency ', + status: 'Incomplete', + }, + { + id: 'CWE-131', + name: 'Incorrect Calculation of Buffer Size', + status: 'Draft', + }, + { + id: 'CWE-132', + name: 'DEPRECATED (Duplicate): Miscalculated Null Termination', + status: 'Deprecated', + }, + { id: 'CWE-134', name: 'Uncontrolled Format String', status: 'Draft' }, + { + id: 'CWE-135', + name: 'Incorrect Calculation of Multi-Byte String Length', + status: 'Draft', + }, + { + id: 'CWE-138', + name: 'Improper Sanitization of Special Elements', + status: 'Draft', + }, + { + id: 'CWE-14', + name: 'Compiler Removal of Code to Clear Buffers', + status: 'Draft', + }, + { id: 'CWE-140', name: 'Failure to Sanitize Delimiters', status: 'Draft' }, + { + id: 'CWE-141', + name: 'Failure to Sanitize Parameter/Argument Delimiters', + status: 'Draft', + }, + { + id: 'CWE-142', + name: 'Failure to Sanitize Value Delimiters', + status: 'Draft', + }, + { + id: 'CWE-143', + name: 'Failure to Sanitize Record Delimiters', + status: 'Draft', + }, + { + id: 'CWE-144', + name: 'Failure to Sanitize Line Delimiters', + status: 'Draft', + }, + { + id: 'CWE-145', + name: 'Failure to Sanitize Section Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-146', + name: 'Failure to Sanitize Expression/Command Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-147', + name: 'Improper Sanitization of Input Terminators', + status: 'Draft', + }, + { + id: 'CWE-148', + name: 'Failure to Sanitize Input Leaders', + status: 'Draft', + }, + { + id: 'CWE-149', + name: 'Failure to Sanitize Quoting Syntax', + status: 'Draft', + }, + { + id: 'CWE-15', + name: 'External Control of System or Configuration Setting', + status: 'Incomplete', + }, + { + id: 'CWE-150', + name: 'Failure to Sanitize Escape, Meta, or Control Sequences', + status: 'Incomplete', + }, + { + id: 'CWE-151', + name: 'Improper Sanitization of Comment Delimiters', + status: 'Draft', + }, + { + id: 'CWE-152', + name: 'Improper Sanitization of Macro Symbols', + status: 'Draft', + }, + { + id: 'CWE-153', + name: 'Improper Sanitization of Substitution Characters', + status: 'Draft', + }, + { + id: 'CWE-154', + name: 'Improper Sanitization of Variable Name Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-155', + name: 'Improper Sanitization of Wildcards or Matching Symbols', + status: 'Draft', + }, + { + id: 'CWE-156', + name: 'Improper Sanitization of Whitespace', + status: 'Draft', + }, + { + id: 'CWE-157', + name: 'Failure to Sanitize Paired Delimiters', + status: 'Draft', + }, + { + id: 'CWE-158', + name: 'Failure to Sanitize Null Byte or NUL Character', + status: 'Incomplete', + }, + { + id: 'CWE-159', + name: 'Failure to Sanitize Special Element', + status: 'Draft', + }, + { + id: 'CWE-160', + name: 'Improper Sanitization of Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-161', + name: 'Improper Sanitization of Multiple Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-162', + name: 'Improper Sanitization of Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-163', + name: 'Improper Sanitization of Multiple Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-164', + name: 'Improper Sanitization of Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-165', + name: 'Improper Sanitization of Multiple Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-166', + name: 'Improper Handling of Missing Special Element', + status: 'Draft', + }, + { + id: 'CWE-167', + name: 'Improper Handling of Additional Special Element', + status: 'Draft', + }, + { + id: 'CWE-168', + name: 'Failure to Resolve Inconsistent Special Elements', + status: 'Draft', + }, + { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, + { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, + { + id: 'CWE-173', + name: 'Failure to Handle Alternate Encoding', + status: 'Draft', + }, + { + id: 'CWE-174', + name: 'Double Decoding of the Same Data', + status: 'Draft', + }, + { + id: 'CWE-175', + name: 'Failure to Handle Mixed Encoding', + status: 'Draft', + }, + { + id: 'CWE-176', + name: 'Failure to Handle Unicode Encoding', + status: 'Draft', + }, + { + id: 'CWE-177', + name: 'Failure to Handle URL Encoding (Hex Encoding)', + status: 'Draft', + }, + { + id: 'CWE-178', + name: 'Failure to Resolve Case Sensitivity', + status: 'Incomplete', + }, + { + id: 'CWE-179', + name: 'Incorrect Behavior Order: Early Validation', + status: 'Incomplete', + }, + { + id: 'CWE-180', + name: 'Incorrect Behavior Order: Validate Before Canonicalize', + status: 'Draft', + }, + { + id: 'CWE-181', + name: 'Incorrect Behavior Order: Validate Before Filter', + status: 'Draft', + }, + { + id: 'CWE-182', + name: 'Collapse of Data Into Unsafe Value', + status: 'Draft', + }, + { id: 'CWE-183', name: 'Permissive Whitelist', status: 'Draft' }, + { id: 'CWE-184', name: 'Incomplete Blacklist', status: 'Draft' }, + { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, + { + id: 'CWE-186', + name: 'Overly Restrictive Regular Expression', + status: 'Draft', + }, + { id: 'CWE-187', name: 'Partial Comparison', status: 'Incomplete' }, + { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, + { + id: 'CWE-190', + name: 'Integer Overflow or Wraparound', + status: 'Incomplete', + }, + { + id: 'CWE-191', + name: 'Integer Underflow (Wrap or Wraparound)', + status: 'Draft', + }, + { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, + { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, + { + id: 'CWE-195', + name: 'Signed to Unsigned Conversion Error', + status: 'Draft', + }, + { + id: 'CWE-196', + name: 'Unsigned to Signed Conversion Error', + status: 'Draft', + }, + { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, + { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, + { id: 'CWE-20', name: 'Improper Input Validation', status: 'Usable' }, + { id: 'CWE-200', name: 'Information Exposure', status: 'Incomplete' }, + { + id: 'CWE-201', + name: 'Information Leak Through Sent Data', + status: 'Draft', + }, + { + id: 'CWE-202', + name: 'Privacy Leak through Data Queries', + status: 'Draft', + }, + { + id: 'CWE-203', + name: 'Information Exposure Through Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-204', + name: 'Response Discrepancy Information Leak', + status: 'Incomplete', + }, + { + id: 'CWE-205', + name: 'Information Exposure Through Behavioral Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-206', + name: 'Internal Behavioral Inconsistency Information Leak', + status: 'Incomplete', + }, + { + id: 'CWE-207', + name: 'Information Exposure Through an External Behavioral Inconsistency', + status: 'Draft', + }, + { + id: 'CWE-208', + name: 'Timing Discrepancy Information Leak', + status: 'Incomplete', + }, + { + id: 'CWE-209', + name: 'Information Exposure Through an Error Message', + status: 'Draft', + }, + { + id: 'CWE-210', + name: 'Product-Generated Error Message Information Leak', + status: 'Draft', + }, + { + id: 'CWE-211', + name: 'Product-External Error Message Information Leak', + status: 'Incomplete', + }, + { + id: 'CWE-212', + name: 'Improper Cross-boundary Cleansing', + status: 'Incomplete', + }, + { id: 'CWE-213', name: 'Intended Information Leak', status: 'Draft' }, + { + id: 'CWE-214', + name: 'Process Environment Information Leak', + status: 'Incomplete', + }, + { + id: 'CWE-215', + name: 'Information Leak Through Debug Information', + status: 'Draft', + }, + { + id: 'CWE-216', + name: 'Containment Errors (Container Errors)', + status: 'Incomplete', + }, + { + id: 'CWE-217', + name: 'DEPRECATED: Failure to Protect Stored Data from Modification', + status: 'Deprecated', + }, + { + id: 'CWE-218', + name: 'DEPRECATED (Duplicate): Failure to provide confidentiality for stored data', + status: 'Deprecated', + }, + { id: 'CWE-219', name: 'Sensitive Data Under Web Root', status: 'Draft' }, + { id: 'CWE-22', name: 'Path Traversal', status: 'Draft' }, + { id: 'CWE-220', name: 'Sensitive Data Under FTP Root', status: 'Draft' }, + { + id: 'CWE-221', + name: 'Information Loss or Omission', + status: 'Incomplete', + }, + { + id: 'CWE-222', + name: 'Truncation of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-223', + name: 'Omission of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-224', + name: 'Obscured Security-relevant Information by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-225', + name: 'DEPRECATED (Duplicate): General Information Management Problems', + status: 'Deprecated', + }, + { + id: 'CWE-226', + name: 'Sensitive Information Uncleared Before Release', + status: 'Draft', + }, + { + id: 'CWE-227', + name: "Failure to Fulfill API Contract ('API Abuse')", + status: 'Draft', + }, + { + id: 'CWE-228', + name: 'Improper Handling of Syntactically Invalid Structure', + status: 'Incomplete', + }, + { + id: 'CWE-229', + name: 'Improper Handling of Values', + status: 'Incomplete', + }, + { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, + { + id: 'CWE-230', + name: 'Improper Handling of Missing Values', + status: 'Draft', + }, + { + id: 'CWE-231', + name: 'Improper Handling of Extra Values', + status: 'Draft', + }, + { + id: 'CWE-232', + name: 'Improper Handling of Undefined Values', + status: 'Draft', + }, + { id: 'CWE-233', name: 'Parameter Problems', status: 'Incomplete' }, + { + id: 'CWE-234', + name: 'Failure to Handle Missing Parameter', + status: 'Incomplete', + }, + { + id: 'CWE-235', + name: 'Improper Handling of Extra Parameters', + status: 'Draft', + }, + { + id: 'CWE-236', + name: 'Improper Handling of Undefined Parameters', + status: 'Draft', + }, + { + id: 'CWE-237', + name: 'Improper Handling of Structural Elements', + status: 'Incomplete', + }, + { + id: 'CWE-238', + name: 'Improper Handling of Incomplete Structural Elements', + status: 'Draft', + }, + { + id: 'CWE-239', + name: 'Failure to Handle Incomplete Element', + status: 'Draft', + }, + { + id: 'CWE-24', + name: "Path Traversal: '../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-240', + name: 'Improper Handling of Inconsistent Structural Elements', + status: 'Draft', + }, + { + id: 'CWE-241', + name: 'Improper Handling of Unexpected Data Type', + status: 'Draft', + }, + { + id: 'CWE-242', + name: 'Use of Inherently Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-243', + name: 'Failure to Change Working Directory in chroot Jail', + status: 'Draft', + }, + { + id: 'CWE-244', + name: "Failure to Clear Heap Memory Before Release ('Heap Inspection')", + status: 'Draft', + }, + { + id: 'CWE-245', + name: 'J2EE Bad Practices: Direct Management of Connections', + status: 'Draft', + }, + { + id: 'CWE-246', + name: 'J2EE Bad Practices: Direct Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-247', + name: 'Reliance on DNS Lookups in a Security Decision', + status: 'Incomplete', + }, + { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, + { + id: 'CWE-249', + name: 'DEPRECATED: Often Misused: Path Manipulation', + status: 'Deprecated', + }, + { + id: 'CWE-25', + name: "Path Traversal: '/../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-250', + name: 'Execution with Unnecessary Privileges', + status: 'Draft', + }, + { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, + { + id: 'CWE-253', + name: 'Incorrect Check of Function Return Value', + status: 'Incomplete', + }, + { + id: 'CWE-256', + name: 'Plaintext Storage of a Password', + status: 'Incomplete', + }, + { + id: 'CWE-257', + name: 'Storing Passwords in a Recoverable Format', + status: 'Incomplete', + }, + { + id: 'CWE-258', + name: 'Empty Password in Configuration File', + status: 'Incomplete', + }, + { id: 'CWE-259', name: 'Hard-Coded Password', status: 'Draft' }, + { + id: 'CWE-26', + name: "Path Traversal: '/dir/../filename'", + status: 'Draft', + }, + { + id: 'CWE-260', + name: 'Password in Configuration File', + status: 'Incomplete', + }, + { + id: 'CWE-261', + name: 'Weak Cryptography for Passwords', + status: 'Incomplete', + }, + { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, + { + id: 'CWE-263', + name: 'Password Aging with Long Expiration', + status: 'Draft', + }, + { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, + { + id: 'CWE-267', + name: 'Privilege Defined With Unsafe Actions', + status: 'Incomplete', + }, + { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, + { + id: 'CWE-269', + name: 'Improper Privilege Management', + status: 'Incomplete', + }, + { + id: 'CWE-27', + name: "Path Traversal: 'dir/../../filename'", + status: 'Draft', + }, + { + id: 'CWE-270', + name: 'Privilege Context Switching Error', + status: 'Draft', + }, + { + id: 'CWE-271', + name: 'Privilege Dropping / Lowering Errors', + status: 'Incomplete', + }, + { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, + { + id: 'CWE-273', + name: 'Improper Check for Dropped Privileges', + status: 'Incomplete', + }, + { + id: 'CWE-274', + name: 'Improper Handling of Insufficient Privileges', + status: 'Draft', + }, + { id: 'CWE-276', name: 'Incorrect Default Permissions', status: 'Draft' }, + { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, + { + id: 'CWE-278', + name: 'Insecure Preserved Inherited Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-279', + name: 'Incorrect Execution-Assigned Permissions', + status: 'Draft', + }, + { + id: 'CWE-28', + name: "Path Traversal: '..\\filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-280', + name: 'Improper Handling of Insufficient Permissions or Privileges ', + status: 'Draft', + }, + { + id: 'CWE-281', + name: 'Improper Preservation of Permissions', + status: 'Draft', + }, + { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, + { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, + { + id: 'CWE-284', + name: 'Access Control (Authorization) Issues', + status: 'Incomplete', + }, + { + id: 'CWE-285', + name: 'Improper Access Control (Authorization)', + status: 'Draft', + }, + { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, + { id: 'CWE-287', name: 'Improper Authentication', status: 'Draft' }, + { + id: 'CWE-288', + name: 'Authentication Bypass Using an Alternate Path or Channel', + status: 'Incomplete', + }, + { + id: 'CWE-289', + name: 'Authentication Bypass by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-29', + name: "Path Traversal: '\\..\\filename'", + status: 'Incomplete', + }, + { + id: 'CWE-290', + name: 'Authentication Bypass by Spoofing', + status: 'Incomplete', + }, + { + id: 'CWE-292', + name: 'Trusting Self-reported DNS Name', + status: 'Incomplete', + }, + { + id: 'CWE-293', + name: 'Using Referer Field for Authentication', + status: 'Draft', + }, + { + id: 'CWE-294', + name: 'Authentication Bypass by Capture-replay', + status: 'Incomplete', + }, + { + id: 'CWE-296', + name: 'Improper Following of Chain of Trust for Certificate Validation', + status: 'Draft', + }, + { + id: 'CWE-297', + name: 'Improper Validation of Host-specific Certificate Data', + status: 'Incomplete', + }, + { + id: 'CWE-298', + name: 'Improper Validation of Certificate Expiration', + status: 'Draft', + }, + { + id: 'CWE-299', + name: 'Improper Check for Certificate Revocation', + status: 'Draft', + }, + { + id: 'CWE-30', + name: "Path Traversal: '\\dir\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-300', + name: "Channel Accessible by Non-Endpoint ('Man-in-the-Middle')", + status: 'Draft', + }, + { + id: 'CWE-301', + name: 'Reflection Attack in an Authentication Protocol', + status: 'Draft', + }, + { + id: 'CWE-302', + name: 'Authentication Bypass by Assumed-Immutable Data', + status: 'Incomplete', + }, + { + id: 'CWE-303', + name: 'Incorrect Implementation of Authentication Algorithm', + status: 'Draft', + }, + { + id: 'CWE-304', + name: 'Missing Critical Step in Authentication', + status: 'Draft', + }, + { + id: 'CWE-305', + name: 'Authentication Bypass by Primary Weakness', + status: 'Draft', + }, + { + id: 'CWE-306', + name: 'No Authentication for Critical Function', + status: 'Draft', + }, + { + id: 'CWE-307', + name: 'Failure to Restrict Excessive Authentication Attempts', + status: 'Draft', + }, + { + id: 'CWE-308', + name: 'Use of Single-factor Authentication', + status: 'Draft', + }, + { + id: 'CWE-309', + name: 'Use of Password System for Primary Authentication', + status: 'Draft', + }, + { + id: 'CWE-31', + name: "Path Traversal: 'dir\\..\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-311', + name: 'Failure to Encrypt Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-312', + name: 'Cleartext Storage of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-313', + name: 'Plaintext Storage in a File or on Disk', + status: 'Draft', + }, + { + id: 'CWE-314', + name: 'Plaintext Storage in the Registry', + status: 'Draft', + }, + { id: 'CWE-315', name: 'Plaintext Storage in a Cookie', status: 'Draft' }, + { id: 'CWE-316', name: 'Plaintext Storage in Memory', status: 'Draft' }, + { id: 'CWE-317', name: 'Plaintext Storage in GUI', status: 'Draft' }, + { id: 'CWE-318', name: 'Plaintext Storage in Executable', status: 'Draft' }, + { + id: 'CWE-319', + name: 'Cleartext Transmission of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-32', + name: "Path Traversal: '...' (Triple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-321', + name: 'Use of Hard-coded Cryptographic Key', + status: 'Draft', + }, + { + id: 'CWE-322', + name: 'Key Exchange without Entity Authentication', + status: 'Draft', + }, + { + id: 'CWE-323', + name: 'Reusing a Nonce, Key Pair in Encryption', + status: 'Incomplete', + }, + { + id: 'CWE-324', + name: 'Use of a Key Past its Expiration Date', + status: 'Draft', + }, + { + id: 'CWE-325', + name: 'Missing Required Cryptographic Step', + status: 'Incomplete', + }, + { id: 'CWE-326', name: 'Inadequate Encryption Strength', status: 'Draft' }, + { + id: 'CWE-327', + name: 'Use of a Broken or Risky Cryptographic Algorithm', + status: 'Draft', + }, + { id: 'CWE-328', name: 'Reversible One-Way Hash', status: 'Draft' }, + { + id: 'CWE-329', + name: 'Not Using a Random IV with CBC Mode', + status: 'Draft', + }, + { + id: 'CWE-33', + name: "Path Traversal: '....' (Multiple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-330', + name: 'Use of Insufficiently Random Values', + status: 'Usable', + }, + { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, + { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, + { + id: 'CWE-333', + name: 'Improper Handling of Insufficient Entropy in TRNG', + status: 'Draft', + }, + { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, + { id: 'CWE-335', name: 'PRNG Seed Error', status: 'Draft' }, + { id: 'CWE-336', name: 'Same Seed in PRNG', status: 'Draft' }, + { id: 'CWE-337', name: 'Predictable Seed in PRNG', status: 'Draft' }, + { + id: 'CWE-338', + name: 'Use of Cryptographically Weak PRNG', + status: 'Draft', + }, + { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, + { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, + { id: 'CWE-340', name: 'Predictability Problems', status: 'Incomplete' }, + { + id: 'CWE-341', + name: 'Predictable from Observable State', + status: 'Draft', + }, + { + id: 'CWE-342', + name: 'Predictable Exact Value from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-343', + name: 'Predictable Value Range from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-344', + name: 'Use of Invariant Value in Dynamically Changing Context', + status: 'Draft', + }, + { + id: 'CWE-345', + name: 'Insufficient Verification of Data Authenticity', + status: 'Draft', + }, + { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, + { + id: 'CWE-347', + name: 'Improper Verification of Cryptographic Signature', + status: 'Draft', + }, + { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, + { + id: 'CWE-349', + name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', + status: 'Draft', + }, + { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, + { id: 'CWE-350', name: 'Improperly Trusted Reverse DNS', status: 'Draft' }, + { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, + { + id: 'CWE-353', + name: 'Failure to Add Integrity Check Value', + status: 'Draft', + }, + { + id: 'CWE-354', + name: 'Improper Validation of Integrity Check Value', + status: 'Draft', + }, + { + id: 'CWE-356', + name: 'Product UI does not Warn User of Unsafe Actions', + status: 'Incomplete', + }, + { + id: 'CWE-357', + name: 'Insufficient UI Warning of Dangerous Operations', + status: 'Draft', + }, + { + id: 'CWE-358', + name: 'Improperly Implemented Security Check for Standard', + status: 'Draft', + }, + { id: 'CWE-359', name: 'Privacy Violation', status: 'Incomplete' }, + { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, + { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, + { id: 'CWE-362', name: 'Race Condition', status: 'Draft' }, + { + id: 'CWE-363', + name: 'Race Condition Enabling Link Following', + status: 'Draft', + }, + { + id: 'CWE-364', + name: 'Signal Handler Race Condition', + status: 'Incomplete', + }, + { id: 'CWE-365', name: 'Race Condition in Switch', status: 'Draft' }, + { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, + { + id: 'CWE-367', + name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', + status: 'Incomplete', + }, + { + id: 'CWE-368', + name: 'Context Switching Race Condition', + status: 'Draft', + }, + { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, + { + id: 'CWE-37', + name: "Path Traversal: '/absolute/pathname/here'", + status: 'Draft', + }, + { + id: 'CWE-370', + name: 'Missing Check for Certificate Revocation after Initial Check', + status: 'Draft', + }, + { + id: 'CWE-372', + name: 'Incomplete Internal State Distinction', + status: 'Draft', + }, + { id: 'CWE-373', name: 'State Synchronization Error', status: 'Draft' }, + { + id: 'CWE-374', + name: 'Mutable Objects Passed by Reference', + status: 'Draft', + }, + { + id: 'CWE-375', + name: 'Passing Mutable Objects to an Untrusted Method', + status: 'Draft', + }, + { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, + { + id: 'CWE-378', + name: 'Creation of Temporary File With Insecure Permissions', + status: 'Draft', + }, + { + id: 'CWE-379', + name: 'Creation of Temporary File in Directory with Incorrect Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-38', + name: "Path Traversal: '\\absolute\\pathname\\here'", + status: 'Draft', + }, + { + id: 'CWE-382', + name: 'J2EE Bad Practices: Use of System.exit()', + status: 'Draft', + }, + { + id: 'CWE-383', + name: 'J2EE Bad Practices: Direct Use of Threads', + status: 'Draft', + }, + { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, + { + id: 'CWE-386', + name: 'Symbolic Name not Mapping to Correct Object', + status: 'Draft', + }, + { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, + { + id: 'CWE-390', + name: 'Detection of Error Condition Without Action', + status: 'Draft', + }, + { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, + { + id: 'CWE-392', + name: 'Failure to Report Error in Status Code', + status: 'Draft', + }, + { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, + { + id: 'CWE-394', + name: 'Unexpected Status Code or Return Value', + status: 'Draft', + }, + { + id: 'CWE-395', + name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', + status: 'Draft', + }, + { + id: 'CWE-396', + name: 'Declaration of Catch for Generic Exception', + status: 'Draft', + }, + { + id: 'CWE-397', + name: 'Declaration of Throws for Generic Exception', + status: 'Draft', + }, + { id: 'CWE-398', name: 'Indicator of Poor Code Quality', status: 'Draft' }, + { + id: 'CWE-40', + name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", + status: 'Draft', + }, + { + id: 'CWE-400', + name: "Uncontrolled Resource Consumption ('Resource Exhaustion')", + status: 'Incomplete', + }, + { + id: 'CWE-401', + name: "Failure to Release Memory Before Removing Last Reference ('Memory Leak')", + status: 'Draft', + }, + { + id: 'CWE-402', + name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", + status: 'Draft', + }, + { id: 'CWE-403', name: 'UNIX File Descriptor Leak', status: 'Draft' }, + { + id: 'CWE-404', + name: 'Improper Resource Shutdown or Release', + status: 'Draft', + }, + { + id: 'CWE-405', + name: 'Asymmetric Resource Consumption (Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-406', + name: 'Insufficient Control of Network Message Volume (Network Amplification)', + status: 'Incomplete', + }, + { id: 'CWE-407', name: 'Algorithmic Complexity', status: 'Incomplete' }, + { + id: 'CWE-408', + name: 'Incorrect Behavior Order: Early Amplification', + status: 'Draft', + }, + { + id: 'CWE-409', + name: 'Improper Handling of Highly Compressed Data (Data Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-41', + name: 'Improper Resolution of Path Equivalence', + status: 'Incomplete', + }, + { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, + { + id: 'CWE-412', + name: 'Unrestricted Externally Accessible Lock', + status: 'Incomplete', + }, + { id: 'CWE-413', name: 'Insufficient Resource Locking', status: 'Draft' }, + { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, + { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, + { id: 'CWE-416', name: 'Use After Free', status: 'Draft' }, + { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, + { + id: 'CWE-42', + name: "Path Equivalence: 'filename.' (Trailing Dot)", + status: 'Incomplete', + }, + { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, + { + id: 'CWE-421', + name: 'Race Condition During Access to Alternate Channel', + status: 'Draft', + }, + { + id: 'CWE-422', + name: "Unprotected Windows Messaging Channel ('Shatter')", + status: 'Draft', + }, + { + id: 'CWE-423', + name: 'DEPRECATED (Duplicate): Proxied Trusted Channel', + status: 'Deprecated', + }, + { + id: 'CWE-424', + name: 'Failure to Protect Alternate Path', + status: 'Draft', + }, + { + id: 'CWE-425', + name: "Direct Request ('Forced Browsing')", + status: 'Incomplete', + }, + { + id: 'CWE-427', + name: 'Uncontrolled Search Path Element', + status: 'Draft', + }, + { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, + { + id: 'CWE-43', + name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-430', + name: 'Deployment of Wrong Handler', + status: 'Incomplete', + }, + { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, + { + id: 'CWE-432', + name: 'Dangerous Handler not Disabled During Sensitive Operations', + status: 'Draft', + }, + { + id: 'CWE-433', + name: 'Unparsed Raw Web Content Delivery', + status: 'Incomplete', + }, + { id: 'CWE-435', name: 'Interaction Error', status: 'Draft' }, + { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, + { + id: 'CWE-437', + name: 'Incomplete Model of Endpoint Features', + status: 'Incomplete', + }, + { + id: 'CWE-439', + name: 'Behavioral Change in New Version or Environment', + status: 'Draft', + }, + { + id: 'CWE-44', + name: "Path Equivalence: 'file.name' (Internal Dot)", + status: 'Incomplete', + }, + { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, + { id: 'CWE-441', name: 'Unintended Proxy/Intermediary', status: 'Draft' }, + { + id: 'CWE-443', + name: 'DEPRECATED (Duplicate): HTTP response splitting', + status: 'Deprecated', + }, + { + id: 'CWE-444', + name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')", + status: 'Incomplete', + }, + { + id: 'CWE-446', + name: 'UI Discrepancy for Security Feature', + status: 'Incomplete', + }, + { + id: 'CWE-447', + name: 'Unimplemented or Unsupported Feature in UI', + status: 'Draft', + }, + { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, + { + id: 'CWE-449', + name: 'The UI Performs the Wrong Action', + status: 'Incomplete', + }, + { + id: 'CWE-45', + name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-450', + name: 'Multiple Interpretations of UI Input', + status: 'Draft', + }, + { + id: 'CWE-451', + name: 'UI Misrepresentation of Critical Information', + status: 'Draft', + }, + { + id: 'CWE-453', + name: 'Insecure Default Variable Initialization', + status: 'Draft', + }, + { + id: 'CWE-454', + name: 'External Initialization of Trusted Variables', + status: 'Draft', + }, + { + id: 'CWE-455', + name: 'Non-exit on Failed Initialization', + status: 'Draft', + }, + { id: 'CWE-456', name: 'Missing Initialization', status: 'Draft' }, + { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, + { + id: 'CWE-458', + name: 'DEPRECATED: Incorrect Initialization', + status: 'Deprecated', + }, + { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, + { + id: 'CWE-46', + name: "Path Equivalence: 'filename ' (Trailing Space)", + status: 'Incomplete', + }, + { + id: 'CWE-460', + name: 'Improper Cleanup on Thrown Exception', + status: 'Draft', + }, + { + id: 'CWE-462', + name: 'Duplicate Key in Associative List (Alist)', + status: 'Incomplete', + }, + { + id: 'CWE-463', + name: 'Deletion of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-464', + name: 'Addition of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-466', + name: 'Return of Pointer Value Outside of Expected Range', + status: 'Draft', + }, + { + id: 'CWE-467', + name: 'Use of sizeof() on a Pointer Type', + status: 'Draft', + }, + { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, + { + id: 'CWE-469', + name: 'Use of Pointer Subtraction to Determine Size', + status: 'Draft', + }, + { + id: 'CWE-47', + name: "Path Equivalence: ' filename (Leading Space)", + status: 'Incomplete', + }, + { + id: 'CWE-470', + name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", + status: 'Draft', + }, + { + id: 'CWE-471', + name: 'Modification of Assumed-Immutable Data (MAID)', + status: 'Draft', + }, + { + id: 'CWE-472', + name: 'External Control of Assumed-Immutable Web Parameter', + status: 'Draft', + }, + { + id: 'CWE-473', + name: 'PHP External Variable Modification', + status: 'Draft', + }, + { + id: 'CWE-474', + name: 'Use of Function with Inconsistent Implementations', + status: 'Draft', + }, + { + id: 'CWE-475', + name: 'Undefined Behavior for Input to API', + status: 'Incomplete', + }, + { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Draft' }, + { id: 'CWE-477', name: 'Use of Obsolete Functions', status: 'Draft' }, + { + id: 'CWE-478', + name: 'Missing Default Case in Switch Statement', + status: 'Draft', + }, + { + id: 'CWE-479', + name: 'Unsafe Function Call from a Signal Handler', + status: 'Draft', + }, + { + id: 'CWE-48', + name: "Path Equivalence: 'file name' (Internal Whitespace)", + status: 'Incomplete', + }, + { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, + { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, + { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, + { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, + { + id: 'CWE-484', + name: 'Omitted Break Statement in Switch', + status: 'Draft', + }, + { id: 'CWE-485', name: 'Insufficient Encapsulation', status: 'Draft' }, + { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, + { + id: 'CWE-487', + name: 'Reliance on Package-level Scope', + status: 'Incomplete', + }, + { id: 'CWE-488', name: 'Data Leak Between Sessions', status: 'Draft' }, + { id: 'CWE-489', name: 'Leftover Debug Code', status: 'Draft' }, + { + id: 'CWE-49', + name: "Path Equivalence: 'filename/' (Trailing Slash)", + status: 'Incomplete', + }, + { + id: 'CWE-491', + name: "Public cloneable() Method Without Final ('Object Hijack')", + status: 'Draft', + }, + { + id: 'CWE-492', + name: 'Use of Inner Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-493', + name: 'Critical Public Variable Without Final Modifier', + status: 'Draft', + }, + { + id: 'CWE-494', + name: 'Download of Code Without Integrity Check', + status: 'Draft', + }, + { + id: 'CWE-495', + name: 'Private Array-Typed Field Returned From A Public Method', + status: 'Draft', + }, + { + id: 'CWE-496', + name: 'Public Data Assigned to Private Array-Typed Field', + status: 'Incomplete', + }, + { + id: 'CWE-497', + name: 'Exposure of System Data to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-498', + name: 'Information Leak through Class Cloning', + status: 'Draft', + }, + { + id: 'CWE-499', + name: 'Serializable Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-5', + name: 'J2EE Misconfiguration: Data Transmission Without Encryption', + status: 'Draft', + }, + { + id: 'CWE-50', + name: "Path Equivalence: '//multiple/leading/slash'", + status: 'Incomplete', + }, + { + id: 'CWE-500', + name: 'Public Static Field Not Marked Final', + status: 'Draft', + }, + { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, + { + id: 'CWE-502', + name: 'Deserialization of Untrusted Data', + status: 'Draft', + }, + { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, + { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, + { + id: 'CWE-508', + name: 'Non-Replicating Malicious Code', + status: 'Incomplete', + }, + { + id: 'CWE-509', + name: 'Replicating Malicious Code (Virus or Worm)', + status: 'Incomplete', + }, + { + id: 'CWE-51', + name: "Path Equivalence: '/multiple//internal/slash'", + status: 'Incomplete', + }, + { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, + { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, + { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, + { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, + { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, + { + id: 'CWE-516', + name: 'DEPRECATED (Duplicate): Covert Timing Channel', + status: 'Deprecated', + }, + { + id: 'CWE-52', + name: "Path Equivalence: '/multiple/trailing/slash//'", + status: 'Incomplete', + }, + { + id: 'CWE-520', + name: '.NET Misconfiguration: Use of Impersonation', + status: 'Incomplete', + }, + { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, + { + id: 'CWE-522', + name: 'Insufficiently Protected Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-523', + name: 'Unprotected Transport of Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-524', + name: 'Information Leak Through Caching', + status: 'Incomplete', + }, + { + id: 'CWE-525', + name: 'Information Leak Through Browser Caching', + status: 'Incomplete', + }, + { + id: 'CWE-526', + name: 'Information Leak Through Environmental Variables', + status: 'Incomplete', + }, + { + id: 'CWE-527', + name: 'Exposure of CVS Repository to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-528', + name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', + status: 'Draft', + }, + { + id: 'CWE-529', + name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-53', + name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", + status: 'Incomplete', + }, + { + id: 'CWE-530', + name: 'Exposure of Backup File to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-531', + name: 'Information Leak Through Test Code', + status: 'Incomplete', + }, + { + id: 'CWE-532', + name: 'Information Leak Through Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-533', + name: 'Information Leak Through Server Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-534', + name: 'Information Leak Through Debug Log Files', + status: 'Draft', + }, + { + id: 'CWE-535', + name: 'Information Leak Through Shell Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-536', + name: 'Information Leak Through Servlet Runtime Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-537', + name: 'Information Leak Through Java Runtime Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-538', + name: 'File and Directory Information Exposure', + status: 'Draft', + }, + { + id: 'CWE-539', + name: 'Information Leak Through Persistent Cookies', + status: 'Incomplete', + }, + { + id: 'CWE-54', + name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", + status: 'Incomplete', + }, + { + id: 'CWE-540', + name: 'Information Leak Through Source Code', + status: 'Incomplete', + }, + { + id: 'CWE-541', + name: 'Information Leak Through Include Source Code', + status: 'Incomplete', + }, + { + id: 'CWE-542', + name: 'Information Leak Through Cleanup Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-543', + name: 'Use of Singleton Pattern in a Non-thread-safe Manner', + status: 'Incomplete', + }, + { + id: 'CWE-544', + name: 'Failure to Use a Standardized Error Handling Mechanism', + status: 'Draft', + }, + { + id: 'CWE-545', + name: 'Use of Dynamic Class Loading', + status: 'Incomplete', + }, + { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, + { + id: 'CWE-547', + name: 'Use of Hard-coded, Security-relevant Constants', + status: 'Draft', + }, + { + id: 'CWE-548', + name: 'Information Leak Through Directory Listing', + status: 'Draft', + }, + { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, + { + id: 'CWE-55', + name: "Path Equivalence: '/./' (Single Dot Directory)", + status: 'Incomplete', + }, + { + id: 'CWE-550', + name: 'Information Leak Through Server Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-551', + name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', + status: 'Incomplete', + }, + { + id: 'CWE-552', + name: 'Files or Directories Accessible to External Parties', + status: 'Draft', + }, + { + id: 'CWE-553', + name: 'Command Shell in Externally Accessible Directory', + status: 'Incomplete', + }, + { + id: 'CWE-554', + name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', + status: 'Draft', + }, + { + id: 'CWE-555', + name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-556', + name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', + status: 'Incomplete', + }, + { + id: 'CWE-558', + name: 'Use of getlogin() in Multithreaded Application', + status: 'Draft', + }, + { + id: 'CWE-56', + name: "Path Equivalence: 'filedir*' (Wildcard)", + status: 'Incomplete', + }, + { + id: 'CWE-560', + name: 'Use of umask() with chmod-style Argument', + status: 'Draft', + }, + { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, + { + id: 'CWE-562', + name: 'Return of Stack Variable Address', + status: 'Draft', + }, + { id: 'CWE-563', name: 'Unused Variable', status: 'Draft' }, + { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, + { + id: 'CWE-565', + name: 'Reliance on Cookies without Validation and Integrity Checking', + status: 'Incomplete', + }, + { + id: 'CWE-566', + name: 'Access Control Bypass Through User-Controlled SQL Primary Key', + status: 'Incomplete', + }, + { + id: 'CWE-567', + name: 'Unsynchronized Access to Shared Data', + status: 'Draft', + }, + { + id: 'CWE-568', + name: 'finalize() Method Without super.finalize()', + status: 'Draft', + }, + { + id: 'CWE-57', + name: "Path Equivalence: 'fakedir/../realdir/filename'", + status: 'Incomplete', + }, + { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, + { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, + { + id: 'CWE-572', + name: 'Call to Thread run() instead of start()', + status: 'Draft', + }, + { id: 'CWE-573', name: 'Failure to Follow Specification', status: 'Draft' }, + { + id: 'CWE-574', + name: 'EJB Bad Practices: Use of Synchronization Primitives', + status: 'Draft', + }, + { + id: 'CWE-575', + name: 'EJB Bad Practices: Use of AWT Swing', + status: 'Draft', + }, + { + id: 'CWE-576', + name: 'EJB Bad Practices: Use of Java I/O', + status: 'Draft', + }, + { + id: 'CWE-577', + name: 'EJB Bad Practices: Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-578', + name: 'EJB Bad Practices: Use of Class Loader', + status: 'Draft', + }, + { + id: 'CWE-579', + name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', + status: 'Draft', + }, + { + id: 'CWE-58', + name: 'Path Equivalence: Windows 8.3 Filename', + status: 'Incomplete', + }, + { + id: 'CWE-580', + name: 'clone() Method Without super.clone()', + status: 'Draft', + }, + { + id: 'CWE-581', + name: 'Object Model Violation: Just One of Equals and Hashcode Defined', + status: 'Draft', + }, + { + id: 'CWE-582', + name: 'Array Declared Public, Final, and Static', + status: 'Draft', + }, + { + id: 'CWE-583', + name: 'finalize() Method Declared Public', + status: 'Incomplete', + }, + { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, + { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, + { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, + { + id: 'CWE-587', + name: 'Assignment of a Fixed Address to a Pointer', + status: 'Draft', + }, + { + id: 'CWE-588', + name: 'Attempt to Access Child of a Non-structure Pointer', + status: 'Incomplete', + }, + { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, + { + id: 'CWE-59', + name: "Improper Link Resolution Before File Access ('Link Following')", + status: 'Draft', + }, + { + id: 'CWE-590', + name: 'Free of Memory not on the Heap', + status: 'Incomplete', + }, + { + id: 'CWE-591', + name: 'Sensitive Data Storage in Improperly Locked Memory', + status: 'Draft', + }, + { + id: 'CWE-592', + name: 'Authentication Bypass Issues', + status: 'Incomplete', + }, + { + id: 'CWE-593', + name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', + status: 'Draft', + }, + { + id: 'CWE-594', + name: 'J2EE Framework: Saving Unserializable Objects to Disk', + status: 'Incomplete', + }, + { + id: 'CWE-595', + name: 'Comparison of Object References Instead of Object Contents', + status: 'Incomplete', + }, + { + id: 'CWE-596', + name: 'Incorrect Semantic Object Comparison', + status: 'Incomplete', + }, + { + id: 'CWE-597', + name: 'Use of Wrong Operator in String Comparison', + status: 'Draft', + }, + { + id: 'CWE-598', + name: 'Information Leak Through Query Strings in GET Request', + status: 'Draft', + }, + { + id: 'CWE-599', + name: 'Trust of OpenSSL Certificate Without Validation', + status: 'Incomplete', + }, + { + id: 'CWE-6', + name: 'J2EE Misconfiguration: Insufficient Session-ID Length', + status: 'Incomplete', + }, + { + id: 'CWE-600', + name: 'Failure to Catch All Exceptions in Servlet ', + status: 'Draft', + }, + { + id: 'CWE-601', + name: "URL Redirection to Untrusted Site ('Open Redirect')", + status: 'Draft', + }, + { + id: 'CWE-602', + name: 'Client-Side Enforcement of Server-Side Security', + status: 'Draft', + }, + { + id: 'CWE-603', + name: 'Use of Client-Side Authentication', + status: 'Draft', + }, + { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, + { + id: 'CWE-606', + name: 'Unchecked Input for Loop Condition', + status: 'Draft', + }, + { + id: 'CWE-607', + name: 'Public Static Final Field References Mutable Object', + status: 'Draft', + }, + { + id: 'CWE-608', + name: 'Struts: Non-private Field in ActionForm Class', + status: 'Draft', + }, + { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, + { + id: 'CWE-610', + name: 'Externally Controlled Reference to a Resource in Another Sphere', + status: 'Draft', + }, + { + id: 'CWE-611', + name: 'Information Leak Through XML External Entity File Disclosure', + status: 'Draft', + }, + { + id: 'CWE-612', + name: 'Information Leak Through Indexing of Private Data', + status: 'Draft', + }, + { + id: 'CWE-613', + name: 'Insufficient Session Expiration', + status: 'Incomplete', + }, + { + id: 'CWE-614', + name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", + status: 'Draft', + }, + { + id: 'CWE-615', + name: 'Information Leak Through Comments', + status: 'Incomplete', + }, + { + id: 'CWE-616', + name: 'Incomplete Identification of Uploaded File Variables (PHP)', + status: 'Incomplete', + }, + { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, + { + id: 'CWE-618', + name: 'Exposed Unsafe ActiveX Method', + status: 'Incomplete', + }, + { + id: 'CWE-619', + name: "Dangling Database Cursor ('Cursor Injection')", + status: 'Incomplete', + }, + { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, + { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, + { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, + { + id: 'CWE-622', + name: 'Unvalidated Function Hook Arguments', + status: 'Draft', + }, + { + id: 'CWE-623', + name: 'Unsafe ActiveX Control Marked Safe For Scripting', + status: 'Draft', + }, + { + id: 'CWE-624', + name: 'Executable Regular Expression Error', + status: 'Incomplete', + }, + { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, + { + id: 'CWE-626', + name: 'Null Byte Interaction Error (Poison Null Byte)', + status: 'Draft', + }, + { + id: 'CWE-627', + name: 'Dynamic Variable Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-628', + name: 'Function Call with Incorrectly Specified Arguments', + status: 'Draft', + }, + { + id: 'CWE-636', + name: "Not Failing Securely ('Failing Open')", + status: 'Draft', + }, + { + id: 'CWE-637', + name: 'Failure to Use Economy of Mechanism', + status: 'Draft', + }, + { + id: 'CWE-638', + name: 'Failure to Use Complete Mediation', + status: 'Draft', + }, + { + id: 'CWE-639', + name: 'Access Control Bypass Through User-Controlled Key', + status: 'Incomplete', + }, + { + id: 'CWE-64', + name: 'Windows Shortcut Following (.LNK)', + status: 'Incomplete', + }, + { + id: 'CWE-640', + name: 'Weak Password Recovery Mechanism for Forgotten Password', + status: 'Incomplete', + }, + { + id: 'CWE-641', + name: 'Insufficient Filtering of File and Other Resource Names for Executable Content', + status: 'Incomplete', + }, + { + id: 'CWE-642', + name: 'External Control of Critical State Data', + status: 'Draft', + }, + { + id: 'CWE-643', + name: "Failure to Sanitize Data within XPath Expressions ('XPath injection')", + status: 'Incomplete', + }, + { + id: 'CWE-644', + name: 'Improper Sanitization of HTTP Headers for Scripting Syntax', + status: 'Incomplete', + }, + { + id: 'CWE-645', + name: 'Overly Restrictive Account Lockout Mechanism', + status: 'Incomplete', + }, + { + id: 'CWE-646', + name: 'Reliance on File Name or Extension of Externally-Supplied File', + status: 'Incomplete', + }, + { + id: 'CWE-647', + name: 'Use of Non-Canonical URL Paths for Authorization Decisions', + status: 'Incomplete', + }, + { + id: 'CWE-648', + name: 'Incorrect Use of Privileged APIs', + status: 'Incomplete', + }, + { + id: 'CWE-649', + name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', + status: 'Incomplete', + }, + { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, + { + id: 'CWE-650', + name: 'Trusting HTTP Permission Methods on the Server Side', + status: 'Incomplete', + }, + { + id: 'CWE-651', + name: 'Information Leak through WSDL File', + status: 'Incomplete', + }, + { + id: 'CWE-652', + name: "Failure to Sanitize Data within XQuery Expressions ('XQuery Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-653', + name: 'Insufficient Compartmentalization', + status: 'Draft', + }, + { + id: 'CWE-654', + name: 'Reliance on a Single Factor in a Security Decision', + status: 'Draft', + }, + { + id: 'CWE-655', + name: 'Insufficient Psychological Acceptability', + status: 'Draft', + }, + { + id: 'CWE-656', + name: 'Reliance on Security through Obscurity', + status: 'Draft', + }, + { + id: 'CWE-657', + name: 'Violation of Secure Design Principles', + status: 'Draft', + }, + { + id: 'CWE-66', + name: 'Improper Handling of File Names that Identify Virtual Resources', + status: 'Draft', + }, + { id: 'CWE-662', name: 'Insufficient Synchronization', status: 'Draft' }, + { + id: 'CWE-663', + name: 'Use of a Non-reentrant Function in an Unsynchronized Context', + status: 'Draft', + }, + { + id: 'CWE-664', + name: 'Improper Control of a Resource Through its Lifetime', + status: 'Draft', + }, + { id: 'CWE-665', name: 'Improper Initialization', status: 'Draft' }, + { + id: 'CWE-666', + name: 'Operation on Resource in Wrong Phase of Lifetime', + status: 'Draft', + }, + { id: 'CWE-667', name: 'Insufficient Locking', status: 'Draft' }, + { + id: 'CWE-668', + name: 'Exposure of Resource to Wrong Sphere', + status: 'Draft', + }, + { + id: 'CWE-669', + name: 'Incorrect Resource Transfer Between Spheres', + status: 'Draft', + }, + { + id: 'CWE-67', + name: 'Improper Handling of Windows Device Names', + status: 'Incomplete', + }, + { + id: 'CWE-670', + name: 'Always-Incorrect Control Flow Implementation', + status: 'Draft', + }, + { + id: 'CWE-671', + name: 'Lack of Administrator Control over Security', + status: 'Draft', + }, + { + id: 'CWE-672', + name: 'Use of a Resource after Expiration or Release', + status: 'Draft', + }, + { + id: 'CWE-673', + name: 'External Influence of Sphere Definition', + status: 'Draft', + }, + { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, + { + id: 'CWE-675', + name: 'Duplicate Operations on Resource', + status: 'Draft', + }, + { + id: 'CWE-676', + name: 'Use of Potentially Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-681', + name: 'Incorrect Conversion between Numeric Types', + status: 'Draft', + }, + { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, + { + id: 'CWE-683', + name: 'Function Call With Incorrect Order of Arguments', + status: 'Draft', + }, + { + id: 'CWE-684', + name: 'Failure to Provide Specified Functionality', + status: 'Draft', + }, + { + id: 'CWE-685', + name: 'Function Call With Incorrect Number of Arguments', + status: 'Draft', + }, + { + id: 'CWE-686', + name: 'Function Call With Incorrect Argument Type', + status: 'Draft', + }, + { + id: 'CWE-687', + name: 'Function Call With Incorrectly Specified Argument Value', + status: 'Draft', + }, + { + id: 'CWE-688', + name: 'Function Call With Incorrect Variable or Reference as Argument', + status: 'Draft', + }, + { + id: 'CWE-69', + name: 'Failure to Handle Windows ::DATA Alternate Data Stream', + status: 'Incomplete', + }, + { + id: 'CWE-691', + name: 'Insufficient Control Flow Management', + status: 'Draft', + }, + { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, + { + id: 'CWE-694', + name: 'Use of Multiple Resources with Duplicate Identifier', + status: 'Incomplete', + }, + { + id: 'CWE-695', + name: 'Use of Low-Level Functionality', + status: 'Incomplete', + }, + { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, + { id: 'CWE-697', name: 'Insufficient Comparison', status: 'Incomplete' }, + { id: 'CWE-698', name: 'Redirect Without Exit', status: 'Incomplete' }, + { + id: 'CWE-7', + name: 'J2EE Misconfiguration: Missing Custom Error Page', + status: 'Incomplete', + }, + { + id: 'CWE-703', + name: 'Failure to Handle Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-704', + name: 'Incorrect Type Conversion or Cast', + status: 'Incomplete', + }, + { + id: 'CWE-705', + name: 'Incorrect Control Flow Scoping', + status: 'Incomplete', + }, + { + id: 'CWE-706', + name: 'Use of Incorrectly-Resolved Name or Reference', + status: 'Incomplete', + }, + { + id: 'CWE-707', + name: 'Improper Enforcement of Message or Data Structure', + status: 'Incomplete', + }, + { + id: 'CWE-708', + name: 'Incorrect Ownership Assignment', + status: 'Incomplete', + }, + { id: 'CWE-71', name: "Apple '.DS_Store'", status: 'Incomplete' }, + { id: 'CWE-710', name: 'Coding Standards Violation', status: 'Incomplete' }, + { + id: 'CWE-72', + name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', + status: 'Incomplete', + }, + { + id: 'CWE-73', + name: 'External Control of File Name or Path', + status: 'Draft', + }, + { + id: 'CWE-732', + name: 'Incorrect Permission Assignment for Critical Resource', + status: 'Draft', + }, + { + id: 'CWE-733', + name: 'Compiler Optimization Removal or Modification of Security-critical Code', + status: 'Incomplete', + }, + { + id: 'CWE-74', + name: "Failure to Sanitize Data into a Different Plane ('Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-749', + name: 'Exposed Dangerous Method or Function', + status: 'Incomplete', + }, + { + id: 'CWE-75', + name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', + status: 'Draft', + }, + { + id: 'CWE-754', + name: 'Improper Check for Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-755', + name: 'Improper Handling of Exceptional Conditions', + status: 'Incomplete', + }, + { id: 'CWE-756', name: 'Missing Custom Error Page', status: 'Incomplete' }, + { + id: 'CWE-757', + name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", + status: 'Incomplete', + }, + { + id: 'CWE-758', + name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', + status: 'Incomplete', + }, + { + id: 'CWE-759', + name: 'Use of a One-Way Hash without a Salt', + status: 'Incomplete', + }, + { + id: 'CWE-76', + name: 'Failure to Resolve Equivalent Special Elements into a Different Plane', + status: 'Draft', + }, + { + id: 'CWE-760', + name: 'Use of a One-Way Hash with a Predictable Salt', + status: 'Incomplete', + }, + { + id: 'CWE-761', + name: 'Free of Pointer not at Start of Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-762', + name: 'Mismatched Memory Management Routines', + status: 'Incomplete', + }, + { + id: 'CWE-763', + name: 'Release of Invalid Pointer or Reference', + status: 'Incomplete', + }, + { + id: 'CWE-764', + name: 'Multiple Locks of a Critical Resource', + status: 'Incomplete', + }, + { + id: 'CWE-765', + name: 'Multiple Unlocks of a Critical Resource', + status: 'Incomplete', + }, + { + id: 'CWE-766', + name: 'Critical Variable Declared Public', + status: 'Incomplete', + }, + { + id: 'CWE-767', + name: 'Access to Critical Private Variable via Public Method', + status: 'Incomplete', + }, + { + id: 'CWE-768', + name: 'Incorrect Short Circuit Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-77', + name: "Improper Sanitization of Special Elements used in a Command ('Command Injection')", + status: 'Draft', + }, + { + id: 'CWE-770', + name: 'Allocation of Resources Without Limits or Throttling', + status: 'Incomplete', + }, + { + id: 'CWE-771', + name: 'Missing Reference to Active Allocated Resource', + status: 'Incomplete', + }, + { + id: 'CWE-772', + name: 'Missing Release of Resource after Effective Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-773', + name: 'Missing Reference to Active File Descriptor or Handle', + status: 'Incomplete', + }, + { + id: 'CWE-774', + name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', + status: 'Incomplete', + }, + { + id: 'CWE-775', + name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-776', + name: "Unrestricted Recursive Entity References in DTDs ('XML Bomb')", + status: 'Draft', + }, + { + id: 'CWE-777', + name: 'Regular Expression without Anchors', + status: 'Incomplete', + }, + { id: 'CWE-778', name: 'Insufficient Logging', status: 'Draft' }, + { id: 'CWE-779', name: 'Logging of Excessive Data', status: 'Draft' }, + { + id: 'CWE-78', + name: "Improper Sanitization of Special Elements used in an OS Command ('OS Command Injection')", + status: 'Draft', + }, + { + id: 'CWE-780', + name: 'Use of RSA Algorithm without OAEP', + status: 'Incomplete', + }, + { + id: 'CWE-781', + name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', + status: 'Draft', + }, + { + id: 'CWE-782', + name: 'Exposed IOCTL with Insufficient Access Control', + status: 'Draft', + }, + { id: 'CWE-783', name: 'Operator Precedence Logic Error', status: 'Draft' }, + { + id: 'CWE-784', + name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', + status: 'Draft', + }, + { + id: 'CWE-785', + name: 'Use of Path Manipulation Function without Maximum-sized Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-786', + name: 'Access of Memory Location Before Start of Buffer', + status: 'Incomplete', + }, + { id: 'CWE-787', name: 'Out-of-bounds Write', status: 'Incomplete' }, + { + id: 'CWE-788', + name: 'Access of Memory Location After End of Buffer', + status: 'Incomplete', + }, + { id: 'CWE-789', name: 'Uncontrolled Memory Allocation', status: 'Draft' }, + { + id: 'CWE-79', + name: "Failure to Preserve Web Page Structure ('Cross-site Scripting')", + status: 'Usable', + }, + { + id: 'CWE-790', + name: 'Improper Filtering of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-791', + name: 'Incomplete Filtering of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-792', + name: 'Incomplete Filtering of One or More Instances of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-793', + name: 'Only Filtering One Instance of a Special Element', + status: 'Incomplete', + }, + { + id: 'CWE-794', + name: 'Incomplete Filtering of Multiple Instances of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-795', + name: 'Only Filtering Special Elements at a Specified Location', + status: 'Incomplete', + }, + { + id: 'CWE-796', + name: 'Only Filtering Special Elements Relative to a Marker', + status: 'Incomplete', + }, + { + id: 'CWE-797', + name: 'Only Filtering Special Elements at an Absolute Position', + status: 'Incomplete', + }, + { + id: 'CWE-8', + name: 'J2EE Misconfiguration: Entity Bean Declared Remote', + status: 'Incomplete', + }, + { + id: 'CWE-80', + name: 'Improper Sanitization of Script-Related HTML Tags in a Web Page (Basic XSS)', + status: 'Incomplete', + }, + { + id: 'CWE-81', + name: 'Improper Sanitization of Script in an Error Message Web Page', + status: 'Incomplete', + }, + { + id: 'CWE-82', + name: 'Improper Sanitization of Script in Attributes of IMG Tags in a Web Page', + status: 'Incomplete', + }, + { + id: 'CWE-83', + name: 'Failure to Sanitize Script in Attributes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-84', + name: 'Failure to Resolve Encoded URI Schemes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-85', + name: 'Doubled Character XSS Manipulations', + status: 'Draft', + }, + { + id: 'CWE-86', + name: 'Failure to Sanitize Invalid Characters in Identifiers in Web Pages', + status: 'Draft', + }, + { + id: 'CWE-87', + name: 'Failure to Sanitize Alternate XSS Syntax', + status: 'Draft', + }, + { + id: 'CWE-88', + name: 'Argument Injection or Modification', + status: 'Draft', + }, + { + id: 'CWE-89', + name: "Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection')", + status: 'Draft', + }, + { + id: 'CWE-9', + name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', + status: 'Draft', + }, + { + id: 'CWE-90', + name: "Failure to Sanitize Data into LDAP Queries ('LDAP Injection')", + status: 'Draft', + }, + { + id: 'CWE-91', + name: 'XML Injection (aka Blind XPath Injection)', + status: 'Draft', + }, + { + id: 'CWE-92', + name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', + status: 'Deprecated', + }, + { + id: 'CWE-93', + name: "Failure to Sanitize CRLF Sequences ('CRLF Injection')", + status: 'Draft', + }, + { + id: 'CWE-94', + name: "Failure to Control Generation of Code ('Code Injection')", + status: 'Draft', + }, + { + id: 'CWE-95', + name: "Improper Sanitization of Directives in Dynamically Evaluated Code ('Eval Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-96', + name: "Improper Sanitization of Directives in Statically Saved Code ('Static Code Injection')", + status: 'Draft', + }, + { + id: 'CWE-97', + name: 'Failure to Sanitize Server-Side Includes (SSI) Within a Web Page', + status: 'Draft', + }, + { + id: 'CWE-99', + name: "Improper Control of Resource Identifiers ('Resource Injection')", + status: 'Draft', + }, + ], +} diff --git a/lib/cwec/1.8.1.js b/lib/cwec/1.8.1.js new file mode 100644 index 00000000..5d0c12dd --- /dev/null +++ b/lib/cwec/1.8.1.js @@ -0,0 +1,2716 @@ +export default { + weaknesses: [ + { + id: 'CWE-102', + name: 'Struts: Duplicate Validation Forms', + status: 'Incomplete', + }, + { + id: 'CWE-103', + name: 'Struts: Incomplete validate() Method Definition', + status: 'Draft', + }, + { + id: 'CWE-104', + name: 'Struts: Form Bean Does Not Extend Validation Class', + status: 'Draft', + }, + { + id: 'CWE-105', + name: 'Struts: Form Field Without Validator', + status: 'Draft', + }, + { + id: 'CWE-106', + name: 'Struts: Plug-in Framework not in Use', + status: 'Draft', + }, + { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, + { + id: 'CWE-108', + name: 'Struts: Unvalidated Action Form', + status: 'Incomplete', + }, + { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, + { + id: 'CWE-11', + name: 'ASP.NET Misconfiguration: Creating Debug Binary', + status: 'Draft', + }, + { + id: 'CWE-110', + name: 'Struts: Validator Without Form Field', + status: 'Draft', + }, + { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, + { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, + { + id: 'CWE-113', + name: "Failure to Sanitize CRLF Sequences in HTTP Headers ('HTTP Response Splitting')", + status: 'Incomplete', + }, + { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, + { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, + { + id: 'CWE-116', + name: 'Improper Encoding or Escaping of Output', + status: 'Draft', + }, + { + id: 'CWE-117', + name: 'Improper Output Sanitization for Logs', + status: 'Draft', + }, + { + id: 'CWE-118', + name: "Improper Access of Indexable Resource ('Range Error')", + status: 'Incomplete', + }, + { + id: 'CWE-119', + name: 'Failure to Constrain Operations within the Bounds of a Memory Buffer', + status: 'Usable', + }, + { + id: 'CWE-12', + name: 'ASP.NET Misconfiguration: Missing Custom Error Page', + status: 'Draft', + }, + { + id: 'CWE-120', + name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", + status: 'Incomplete', + }, + { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, + { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, + { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, + { + id: 'CWE-124', + name: "Buffer Underwrite ('Buffer Underflow')", + status: 'Incomplete', + }, + { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, + { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, + { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, + { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, + { + id: 'CWE-129', + name: 'Improper Validation of Array Index', + status: 'Draft', + }, + { + id: 'CWE-13', + name: 'ASP.NET Misconfiguration: Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-130', + name: 'Improper Handling of Length Parameter Inconsistency ', + status: 'Incomplete', + }, + { + id: 'CWE-131', + name: 'Incorrect Calculation of Buffer Size', + status: 'Draft', + }, + { + id: 'CWE-132', + name: 'DEPRECATED (Duplicate): Miscalculated Null Termination', + status: 'Deprecated', + }, + { id: 'CWE-134', name: 'Uncontrolled Format String', status: 'Draft' }, + { + id: 'CWE-135', + name: 'Incorrect Calculation of Multi-Byte String Length', + status: 'Draft', + }, + { + id: 'CWE-138', + name: 'Improper Neutralization of Special Elements', + status: 'Draft', + }, + { + id: 'CWE-14', + name: 'Compiler Removal of Code to Clear Buffers', + status: 'Draft', + }, + { id: 'CWE-140', name: 'Failure to Sanitize Delimiters', status: 'Draft' }, + { + id: 'CWE-141', + name: 'Improper Neutralization of Parameter/Argument Delimiters', + status: 'Draft', + }, + { + id: 'CWE-142', + name: 'Improper Neutralization of Value Delimiters', + status: 'Draft', + }, + { + id: 'CWE-143', + name: 'Improper Neutralization of Record Delimiters', + status: 'Draft', + }, + { + id: 'CWE-144', + name: 'Improper Neutralization of Line Delimiters', + status: 'Draft', + }, + { + id: 'CWE-145', + name: 'Improper Neutralization of Section Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-146', + name: 'Improper Neutralization of Expression/Command Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-147', + name: 'Improper Neutralization of Input Terminators', + status: 'Draft', + }, + { + id: 'CWE-148', + name: 'Failure to Sanitize Input Leaders', + status: 'Draft', + }, + { + id: 'CWE-149', + name: 'Failure to Sanitize Quoting Syntax', + status: 'Draft', + }, + { + id: 'CWE-15', + name: 'External Control of System or Configuration Setting', + status: 'Incomplete', + }, + { + id: 'CWE-150', + name: 'Improper Neutralization of Escape, Meta, or Control Sequences', + status: 'Incomplete', + }, + { + id: 'CWE-151', + name: 'Improper Neutralization of Comment Delimiters', + status: 'Draft', + }, + { + id: 'CWE-152', + name: 'Improper Neutralization of Macro Symbols', + status: 'Draft', + }, + { + id: 'CWE-153', + name: 'Improper Neutralization of Substitution Characters', + status: 'Draft', + }, + { + id: 'CWE-154', + name: 'Improper Neutralization of Variable Name Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-155', + name: 'Improper Neutralization of Wildcards or Matching Symbols', + status: 'Draft', + }, + { + id: 'CWE-156', + name: 'Improper Neutralization of Whitespace', + status: 'Draft', + }, + { + id: 'CWE-157', + name: 'Failure to Sanitize Paired Delimiters', + status: 'Draft', + }, + { + id: 'CWE-158', + name: 'Improper Neutralization of Null Byte or NUL Character', + status: 'Incomplete', + }, + { + id: 'CWE-159', + name: 'Failure to Sanitize Special Element', + status: 'Draft', + }, + { + id: 'CWE-160', + name: 'Improper Neutralization of Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-161', + name: 'Improper Neutralization of Multiple Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-162', + name: 'Improper Neutralization of Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-163', + name: 'Improper Neutralization of Multiple Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-164', + name: 'Improper Neutralization of Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-165', + name: 'Improper Neutralization of Multiple Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-166', + name: 'Improper Handling of Missing Special Element', + status: 'Draft', + }, + { + id: 'CWE-167', + name: 'Improper Handling of Additional Special Element', + status: 'Draft', + }, + { + id: 'CWE-168', + name: 'Failure to Resolve Inconsistent Special Elements', + status: 'Draft', + }, + { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, + { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, + { + id: 'CWE-173', + name: 'Failure to Handle Alternate Encoding', + status: 'Draft', + }, + { + id: 'CWE-174', + name: 'Double Decoding of the Same Data', + status: 'Draft', + }, + { + id: 'CWE-175', + name: 'Failure to Handle Mixed Encoding', + status: 'Draft', + }, + { + id: 'CWE-176', + name: 'Failure to Handle Unicode Encoding', + status: 'Draft', + }, + { + id: 'CWE-177', + name: 'Failure to Handle URL Encoding (Hex Encoding)', + status: 'Draft', + }, + { + id: 'CWE-178', + name: 'Failure to Resolve Case Sensitivity', + status: 'Incomplete', + }, + { + id: 'CWE-179', + name: 'Incorrect Behavior Order: Early Validation', + status: 'Incomplete', + }, + { + id: 'CWE-180', + name: 'Incorrect Behavior Order: Validate Before Canonicalize', + status: 'Draft', + }, + { + id: 'CWE-181', + name: 'Incorrect Behavior Order: Validate Before Filter', + status: 'Draft', + }, + { + id: 'CWE-182', + name: 'Collapse of Data Into Unsafe Value', + status: 'Draft', + }, + { id: 'CWE-183', name: 'Permissive Whitelist', status: 'Draft' }, + { id: 'CWE-184', name: 'Incomplete Blacklist', status: 'Draft' }, + { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, + { + id: 'CWE-186', + name: 'Overly Restrictive Regular Expression', + status: 'Draft', + }, + { id: 'CWE-187', name: 'Partial Comparison', status: 'Incomplete' }, + { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, + { + id: 'CWE-190', + name: 'Integer Overflow or Wraparound', + status: 'Incomplete', + }, + { + id: 'CWE-191', + name: 'Integer Underflow (Wrap or Wraparound)', + status: 'Draft', + }, + { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, + { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, + { + id: 'CWE-195', + name: 'Signed to Unsigned Conversion Error', + status: 'Draft', + }, + { + id: 'CWE-196', + name: 'Unsigned to Signed Conversion Error', + status: 'Draft', + }, + { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, + { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, + { id: 'CWE-20', name: 'Improper Input Validation', status: 'Usable' }, + { id: 'CWE-200', name: 'Information Exposure', status: 'Incomplete' }, + { + id: 'CWE-201', + name: 'Information Leak Through Sent Data', + status: 'Draft', + }, + { + id: 'CWE-202', + name: 'Privacy Leak through Data Queries', + status: 'Draft', + }, + { + id: 'CWE-203', + name: 'Information Exposure Through Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-204', + name: 'Response Discrepancy Information Leak', + status: 'Incomplete', + }, + { + id: 'CWE-205', + name: 'Information Exposure Through Behavioral Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-206', + name: 'Internal Behavioral Inconsistency Information Leak', + status: 'Incomplete', + }, + { + id: 'CWE-207', + name: 'Information Exposure Through an External Behavioral Inconsistency', + status: 'Draft', + }, + { + id: 'CWE-208', + name: 'Timing Discrepancy Information Leak', + status: 'Incomplete', + }, + { + id: 'CWE-209', + name: 'Information Exposure Through an Error Message', + status: 'Draft', + }, + { + id: 'CWE-210', + name: 'Product-Generated Error Message Information Leak', + status: 'Draft', + }, + { + id: 'CWE-211', + name: 'Product-External Error Message Information Leak', + status: 'Incomplete', + }, + { + id: 'CWE-212', + name: 'Improper Cross-boundary Removal of Sensitive Data', + status: 'Incomplete', + }, + { id: 'CWE-213', name: 'Intended Information Leak', status: 'Draft' }, + { + id: 'CWE-214', + name: 'Process Environment Information Leak', + status: 'Incomplete', + }, + { + id: 'CWE-215', + name: 'Information Leak Through Debug Information', + status: 'Draft', + }, + { + id: 'CWE-216', + name: 'Containment Errors (Container Errors)', + status: 'Incomplete', + }, + { + id: 'CWE-217', + name: 'DEPRECATED: Failure to Protect Stored Data from Modification', + status: 'Deprecated', + }, + { + id: 'CWE-218', + name: 'DEPRECATED (Duplicate): Failure to provide confidentiality for stored data', + status: 'Deprecated', + }, + { id: 'CWE-219', name: 'Sensitive Data Under Web Root', status: 'Draft' }, + { + id: 'CWE-22', + name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + status: 'Draft', + }, + { id: 'CWE-220', name: 'Sensitive Data Under FTP Root', status: 'Draft' }, + { + id: 'CWE-221', + name: 'Information Loss or Omission', + status: 'Incomplete', + }, + { + id: 'CWE-222', + name: 'Truncation of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-223', + name: 'Omission of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-224', + name: 'Obscured Security-relevant Information by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-225', + name: 'DEPRECATED (Duplicate): General Information Management Problems', + status: 'Deprecated', + }, + { + id: 'CWE-226', + name: 'Sensitive Information Uncleared Before Release', + status: 'Draft', + }, + { + id: 'CWE-227', + name: "Failure to Fulfill API Contract ('API Abuse')", + status: 'Draft', + }, + { + id: 'CWE-228', + name: 'Improper Handling of Syntactically Invalid Structure', + status: 'Incomplete', + }, + { + id: 'CWE-229', + name: 'Improper Handling of Values', + status: 'Incomplete', + }, + { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, + { + id: 'CWE-230', + name: 'Improper Handling of Missing Values', + status: 'Draft', + }, + { + id: 'CWE-231', + name: 'Improper Handling of Extra Values', + status: 'Draft', + }, + { + id: 'CWE-232', + name: 'Improper Handling of Undefined Values', + status: 'Draft', + }, + { id: 'CWE-233', name: 'Parameter Problems', status: 'Incomplete' }, + { + id: 'CWE-234', + name: 'Failure to Handle Missing Parameter', + status: 'Incomplete', + }, + { + id: 'CWE-235', + name: 'Improper Handling of Extra Parameters', + status: 'Draft', + }, + { + id: 'CWE-236', + name: 'Improper Handling of Undefined Parameters', + status: 'Draft', + }, + { + id: 'CWE-237', + name: 'Improper Handling of Structural Elements', + status: 'Incomplete', + }, + { + id: 'CWE-238', + name: 'Improper Handling of Incomplete Structural Elements', + status: 'Draft', + }, + { + id: 'CWE-239', + name: 'Failure to Handle Incomplete Element', + status: 'Draft', + }, + { + id: 'CWE-24', + name: "Path Traversal: '../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-240', + name: 'Improper Handling of Inconsistent Structural Elements', + status: 'Draft', + }, + { + id: 'CWE-241', + name: 'Improper Handling of Unexpected Data Type', + status: 'Draft', + }, + { + id: 'CWE-242', + name: 'Use of Inherently Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-243', + name: 'Failure to Change Working Directory in chroot Jail', + status: 'Draft', + }, + { + id: 'CWE-244', + name: "Failure to Clear Heap Memory Before Release ('Heap Inspection')", + status: 'Draft', + }, + { + id: 'CWE-245', + name: 'J2EE Bad Practices: Direct Management of Connections', + status: 'Draft', + }, + { + id: 'CWE-246', + name: 'J2EE Bad Practices: Direct Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-247', + name: 'Reliance on DNS Lookups in a Security Decision', + status: 'Incomplete', + }, + { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, + { + id: 'CWE-249', + name: 'DEPRECATED: Often Misused: Path Manipulation', + status: 'Deprecated', + }, + { + id: 'CWE-25', + name: "Path Traversal: '/../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-250', + name: 'Execution with Unnecessary Privileges', + status: 'Draft', + }, + { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, + { + id: 'CWE-253', + name: 'Incorrect Check of Function Return Value', + status: 'Incomplete', + }, + { + id: 'CWE-256', + name: 'Plaintext Storage of a Password', + status: 'Incomplete', + }, + { + id: 'CWE-257', + name: 'Storing Passwords in a Recoverable Format', + status: 'Incomplete', + }, + { + id: 'CWE-258', + name: 'Empty Password in Configuration File', + status: 'Incomplete', + }, + { id: 'CWE-259', name: 'Use of Hard-coded Password', status: 'Draft' }, + { + id: 'CWE-26', + name: "Path Traversal: '/dir/../filename'", + status: 'Draft', + }, + { + id: 'CWE-260', + name: 'Password in Configuration File', + status: 'Incomplete', + }, + { + id: 'CWE-261', + name: 'Weak Cryptography for Passwords', + status: 'Incomplete', + }, + { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, + { + id: 'CWE-263', + name: 'Password Aging with Long Expiration', + status: 'Draft', + }, + { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, + { + id: 'CWE-267', + name: 'Privilege Defined With Unsafe Actions', + status: 'Incomplete', + }, + { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, + { + id: 'CWE-269', + name: 'Improper Privilege Management', + status: 'Incomplete', + }, + { + id: 'CWE-27', + name: "Path Traversal: 'dir/../../filename'", + status: 'Draft', + }, + { + id: 'CWE-270', + name: 'Privilege Context Switching Error', + status: 'Draft', + }, + { + id: 'CWE-271', + name: 'Privilege Dropping / Lowering Errors', + status: 'Incomplete', + }, + { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, + { + id: 'CWE-273', + name: 'Improper Check for Dropped Privileges', + status: 'Incomplete', + }, + { + id: 'CWE-274', + name: 'Improper Handling of Insufficient Privileges', + status: 'Draft', + }, + { id: 'CWE-276', name: 'Incorrect Default Permissions', status: 'Draft' }, + { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, + { + id: 'CWE-278', + name: 'Insecure Preserved Inherited Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-279', + name: 'Incorrect Execution-Assigned Permissions', + status: 'Draft', + }, + { + id: 'CWE-28', + name: "Path Traversal: '..\\filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-280', + name: 'Improper Handling of Insufficient Permissions or Privileges ', + status: 'Draft', + }, + { + id: 'CWE-281', + name: 'Improper Preservation of Permissions', + status: 'Draft', + }, + { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, + { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, + { + id: 'CWE-284', + name: 'Access Control (Authorization) Issues', + status: 'Incomplete', + }, + { + id: 'CWE-285', + name: 'Improper Access Control (Authorization)', + status: 'Draft', + }, + { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, + { id: 'CWE-287', name: 'Improper Authentication', status: 'Draft' }, + { + id: 'CWE-288', + name: 'Authentication Bypass Using an Alternate Path or Channel', + status: 'Incomplete', + }, + { + id: 'CWE-289', + name: 'Authentication Bypass by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-29', + name: "Path Traversal: '\\..\\filename'", + status: 'Incomplete', + }, + { + id: 'CWE-290', + name: 'Authentication Bypass by Spoofing', + status: 'Incomplete', + }, + { + id: 'CWE-292', + name: 'Trusting Self-reported DNS Name', + status: 'Incomplete', + }, + { + id: 'CWE-293', + name: 'Using Referer Field for Authentication', + status: 'Draft', + }, + { + id: 'CWE-294', + name: 'Authentication Bypass by Capture-replay', + status: 'Incomplete', + }, + { + id: 'CWE-296', + name: 'Improper Following of Chain of Trust for Certificate Validation', + status: 'Draft', + }, + { + id: 'CWE-297', + name: 'Improper Validation of Host-specific Certificate Data', + status: 'Incomplete', + }, + { + id: 'CWE-298', + name: 'Improper Validation of Certificate Expiration', + status: 'Draft', + }, + { + id: 'CWE-299', + name: 'Improper Check for Certificate Revocation', + status: 'Draft', + }, + { + id: 'CWE-30', + name: "Path Traversal: '\\dir\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-300', + name: "Channel Accessible by Non-Endpoint ('Man-in-the-Middle')", + status: 'Draft', + }, + { + id: 'CWE-301', + name: 'Reflection Attack in an Authentication Protocol', + status: 'Draft', + }, + { + id: 'CWE-302', + name: 'Authentication Bypass by Assumed-Immutable Data', + status: 'Incomplete', + }, + { + id: 'CWE-303', + name: 'Incorrect Implementation of Authentication Algorithm', + status: 'Draft', + }, + { + id: 'CWE-304', + name: 'Missing Critical Step in Authentication', + status: 'Draft', + }, + { + id: 'CWE-305', + name: 'Authentication Bypass by Primary Weakness', + status: 'Draft', + }, + { + id: 'CWE-306', + name: 'Missing Authentication for Critical Function', + status: 'Draft', + }, + { + id: 'CWE-307', + name: 'Improper Restriction of Excessive Authentication Attempts', + status: 'Draft', + }, + { + id: 'CWE-308', + name: 'Use of Single-factor Authentication', + status: 'Draft', + }, + { + id: 'CWE-309', + name: 'Use of Password System for Primary Authentication', + status: 'Draft', + }, + { + id: 'CWE-31', + name: "Path Traversal: 'dir\\..\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-311', + name: 'Missing Encryption of Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-312', + name: 'Cleartext Storage of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-313', + name: 'Plaintext Storage in a File or on Disk', + status: 'Draft', + }, + { + id: 'CWE-314', + name: 'Plaintext Storage in the Registry', + status: 'Draft', + }, + { id: 'CWE-315', name: 'Plaintext Storage in a Cookie', status: 'Draft' }, + { id: 'CWE-316', name: 'Plaintext Storage in Memory', status: 'Draft' }, + { id: 'CWE-317', name: 'Plaintext Storage in GUI', status: 'Draft' }, + { id: 'CWE-318', name: 'Plaintext Storage in Executable', status: 'Draft' }, + { + id: 'CWE-319', + name: 'Cleartext Transmission of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-32', + name: "Path Traversal: '...' (Triple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-321', + name: 'Use of Hard-coded Cryptographic Key', + status: 'Draft', + }, + { + id: 'CWE-322', + name: 'Key Exchange without Entity Authentication', + status: 'Draft', + }, + { + id: 'CWE-323', + name: 'Reusing a Nonce, Key Pair in Encryption', + status: 'Incomplete', + }, + { + id: 'CWE-324', + name: 'Use of a Key Past its Expiration Date', + status: 'Draft', + }, + { + id: 'CWE-325', + name: 'Missing Required Cryptographic Step', + status: 'Incomplete', + }, + { id: 'CWE-326', name: 'Inadequate Encryption Strength', status: 'Draft' }, + { + id: 'CWE-327', + name: 'Use of a Broken or Risky Cryptographic Algorithm', + status: 'Draft', + }, + { id: 'CWE-328', name: 'Reversible One-Way Hash', status: 'Draft' }, + { + id: 'CWE-329', + name: 'Not Using a Random IV with CBC Mode', + status: 'Draft', + }, + { + id: 'CWE-33', + name: "Path Traversal: '....' (Multiple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-330', + name: 'Use of Insufficiently Random Values', + status: 'Usable', + }, + { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, + { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, + { + id: 'CWE-333', + name: 'Improper Handling of Insufficient Entropy in TRNG', + status: 'Draft', + }, + { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, + { id: 'CWE-335', name: 'PRNG Seed Error', status: 'Draft' }, + { id: 'CWE-336', name: 'Same Seed in PRNG', status: 'Draft' }, + { id: 'CWE-337', name: 'Predictable Seed in PRNG', status: 'Draft' }, + { + id: 'CWE-338', + name: 'Use of Cryptographically Weak PRNG', + status: 'Draft', + }, + { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, + { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, + { id: 'CWE-340', name: 'Predictability Problems', status: 'Incomplete' }, + { + id: 'CWE-341', + name: 'Predictable from Observable State', + status: 'Draft', + }, + { + id: 'CWE-342', + name: 'Predictable Exact Value from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-343', + name: 'Predictable Value Range from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-344', + name: 'Use of Invariant Value in Dynamically Changing Context', + status: 'Draft', + }, + { + id: 'CWE-345', + name: 'Insufficient Verification of Data Authenticity', + status: 'Draft', + }, + { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, + { + id: 'CWE-347', + name: 'Improper Verification of Cryptographic Signature', + status: 'Draft', + }, + { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, + { + id: 'CWE-349', + name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', + status: 'Draft', + }, + { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, + { id: 'CWE-350', name: 'Improperly Trusted Reverse DNS', status: 'Draft' }, + { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, + { + id: 'CWE-353', + name: 'Failure to Add Integrity Check Value', + status: 'Draft', + }, + { + id: 'CWE-354', + name: 'Improper Validation of Integrity Check Value', + status: 'Draft', + }, + { + id: 'CWE-356', + name: 'Product UI does not Warn User of Unsafe Actions', + status: 'Incomplete', + }, + { + id: 'CWE-357', + name: 'Insufficient UI Warning of Dangerous Operations', + status: 'Draft', + }, + { + id: 'CWE-358', + name: 'Improperly Implemented Security Check for Standard', + status: 'Draft', + }, + { id: 'CWE-359', name: 'Privacy Violation', status: 'Incomplete' }, + { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, + { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, + { id: 'CWE-362', name: 'Race Condition', status: 'Draft' }, + { + id: 'CWE-363', + name: 'Race Condition Enabling Link Following', + status: 'Draft', + }, + { + id: 'CWE-364', + name: 'Signal Handler Race Condition', + status: 'Incomplete', + }, + { id: 'CWE-365', name: 'Race Condition in Switch', status: 'Draft' }, + { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, + { + id: 'CWE-367', + name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', + status: 'Incomplete', + }, + { + id: 'CWE-368', + name: 'Context Switching Race Condition', + status: 'Draft', + }, + { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, + { + id: 'CWE-37', + name: "Path Traversal: '/absolute/pathname/here'", + status: 'Draft', + }, + { + id: 'CWE-370', + name: 'Missing Check for Certificate Revocation after Initial Check', + status: 'Draft', + }, + { + id: 'CWE-372', + name: 'Incomplete Internal State Distinction', + status: 'Draft', + }, + { id: 'CWE-373', name: 'State Synchronization Error', status: 'Draft' }, + { + id: 'CWE-374', + name: 'Mutable Objects Passed by Reference', + status: 'Draft', + }, + { + id: 'CWE-375', + name: 'Passing Mutable Objects to an Untrusted Method', + status: 'Draft', + }, + { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, + { + id: 'CWE-378', + name: 'Creation of Temporary File With Insecure Permissions', + status: 'Draft', + }, + { + id: 'CWE-379', + name: 'Creation of Temporary File in Directory with Incorrect Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-38', + name: "Path Traversal: '\\absolute\\pathname\\here'", + status: 'Draft', + }, + { + id: 'CWE-382', + name: 'J2EE Bad Practices: Use of System.exit()', + status: 'Draft', + }, + { + id: 'CWE-383', + name: 'J2EE Bad Practices: Direct Use of Threads', + status: 'Draft', + }, + { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, + { + id: 'CWE-386', + name: 'Symbolic Name not Mapping to Correct Object', + status: 'Draft', + }, + { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, + { + id: 'CWE-390', + name: 'Detection of Error Condition Without Action', + status: 'Draft', + }, + { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, + { + id: 'CWE-392', + name: 'Failure to Report Error in Status Code', + status: 'Draft', + }, + { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, + { + id: 'CWE-394', + name: 'Unexpected Status Code or Return Value', + status: 'Draft', + }, + { + id: 'CWE-395', + name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', + status: 'Draft', + }, + { + id: 'CWE-396', + name: 'Declaration of Catch for Generic Exception', + status: 'Draft', + }, + { + id: 'CWE-397', + name: 'Declaration of Throws for Generic Exception', + status: 'Draft', + }, + { id: 'CWE-398', name: 'Indicator of Poor Code Quality', status: 'Draft' }, + { + id: 'CWE-40', + name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", + status: 'Draft', + }, + { + id: 'CWE-400', + name: "Uncontrolled Resource Consumption ('Resource Exhaustion')", + status: 'Incomplete', + }, + { + id: 'CWE-401', + name: "Failure to Release Memory Before Removing Last Reference ('Memory Leak')", + status: 'Draft', + }, + { + id: 'CWE-402', + name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", + status: 'Draft', + }, + { id: 'CWE-403', name: 'UNIX File Descriptor Leak', status: 'Draft' }, + { + id: 'CWE-404', + name: 'Improper Resource Shutdown or Release', + status: 'Draft', + }, + { + id: 'CWE-405', + name: 'Asymmetric Resource Consumption (Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-406', + name: 'Insufficient Control of Network Message Volume (Network Amplification)', + status: 'Incomplete', + }, + { id: 'CWE-407', name: 'Algorithmic Complexity', status: 'Incomplete' }, + { + id: 'CWE-408', + name: 'Incorrect Behavior Order: Early Amplification', + status: 'Draft', + }, + { + id: 'CWE-409', + name: 'Improper Handling of Highly Compressed Data (Data Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-41', + name: 'Improper Resolution of Path Equivalence', + status: 'Incomplete', + }, + { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, + { + id: 'CWE-412', + name: 'Unrestricted Externally Accessible Lock', + status: 'Incomplete', + }, + { id: 'CWE-413', name: 'Insufficient Resource Locking', status: 'Draft' }, + { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, + { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, + { id: 'CWE-416', name: 'Use After Free', status: 'Draft' }, + { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, + { + id: 'CWE-42', + name: "Path Equivalence: 'filename.' (Trailing Dot)", + status: 'Incomplete', + }, + { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, + { + id: 'CWE-421', + name: 'Race Condition During Access to Alternate Channel', + status: 'Draft', + }, + { + id: 'CWE-422', + name: "Unprotected Windows Messaging Channel ('Shatter')", + status: 'Draft', + }, + { + id: 'CWE-423', + name: 'DEPRECATED (Duplicate): Proxied Trusted Channel', + status: 'Deprecated', + }, + { + id: 'CWE-424', + name: 'Failure to Protect Alternate Path', + status: 'Draft', + }, + { + id: 'CWE-425', + name: "Direct Request ('Forced Browsing')", + status: 'Incomplete', + }, + { + id: 'CWE-427', + name: 'Uncontrolled Search Path Element', + status: 'Draft', + }, + { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, + { + id: 'CWE-43', + name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-430', + name: 'Deployment of Wrong Handler', + status: 'Incomplete', + }, + { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, + { + id: 'CWE-432', + name: 'Dangerous Handler not Disabled During Sensitive Operations', + status: 'Draft', + }, + { + id: 'CWE-433', + name: 'Unparsed Raw Web Content Delivery', + status: 'Incomplete', + }, + { + id: 'CWE-434', + name: 'Unrestricted Upload of File with Dangerous Type', + status: 'Draft', + }, + { id: 'CWE-435', name: 'Interaction Error', status: 'Draft' }, + { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, + { + id: 'CWE-437', + name: 'Incomplete Model of Endpoint Features', + status: 'Incomplete', + }, + { + id: 'CWE-439', + name: 'Behavioral Change in New Version or Environment', + status: 'Draft', + }, + { + id: 'CWE-44', + name: "Path Equivalence: 'file.name' (Internal Dot)", + status: 'Incomplete', + }, + { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, + { id: 'CWE-441', name: 'Unintended Proxy/Intermediary', status: 'Draft' }, + { + id: 'CWE-443', + name: 'DEPRECATED (Duplicate): HTTP response splitting', + status: 'Deprecated', + }, + { + id: 'CWE-444', + name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')", + status: 'Incomplete', + }, + { + id: 'CWE-446', + name: 'UI Discrepancy for Security Feature', + status: 'Incomplete', + }, + { + id: 'CWE-447', + name: 'Unimplemented or Unsupported Feature in UI', + status: 'Draft', + }, + { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, + { + id: 'CWE-449', + name: 'The UI Performs the Wrong Action', + status: 'Incomplete', + }, + { + id: 'CWE-45', + name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-450', + name: 'Multiple Interpretations of UI Input', + status: 'Draft', + }, + { + id: 'CWE-451', + name: 'UI Misrepresentation of Critical Information', + status: 'Draft', + }, + { + id: 'CWE-453', + name: 'Insecure Default Variable Initialization', + status: 'Draft', + }, + { + id: 'CWE-454', + name: 'External Initialization of Trusted Variables or Data Stores', + status: 'Draft', + }, + { + id: 'CWE-455', + name: 'Non-exit on Failed Initialization', + status: 'Draft', + }, + { id: 'CWE-456', name: 'Missing Initialization', status: 'Draft' }, + { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, + { + id: 'CWE-458', + name: 'DEPRECATED: Incorrect Initialization', + status: 'Deprecated', + }, + { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, + { + id: 'CWE-46', + name: "Path Equivalence: 'filename ' (Trailing Space)", + status: 'Incomplete', + }, + { + id: 'CWE-460', + name: 'Improper Cleanup on Thrown Exception', + status: 'Draft', + }, + { + id: 'CWE-462', + name: 'Duplicate Key in Associative List (Alist)', + status: 'Incomplete', + }, + { + id: 'CWE-463', + name: 'Deletion of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-464', + name: 'Addition of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-466', + name: 'Return of Pointer Value Outside of Expected Range', + status: 'Draft', + }, + { + id: 'CWE-467', + name: 'Use of sizeof() on a Pointer Type', + status: 'Draft', + }, + { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, + { + id: 'CWE-469', + name: 'Use of Pointer Subtraction to Determine Size', + status: 'Draft', + }, + { + id: 'CWE-47', + name: "Path Equivalence: ' filename (Leading Space)", + status: 'Incomplete', + }, + { + id: 'CWE-470', + name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", + status: 'Draft', + }, + { + id: 'CWE-471', + name: 'Modification of Assumed-Immutable Data (MAID)', + status: 'Draft', + }, + { + id: 'CWE-472', + name: 'External Control of Assumed-Immutable Web Parameter', + status: 'Draft', + }, + { + id: 'CWE-473', + name: 'PHP External Variable Modification', + status: 'Draft', + }, + { + id: 'CWE-474', + name: 'Use of Function with Inconsistent Implementations', + status: 'Draft', + }, + { + id: 'CWE-475', + name: 'Undefined Behavior for Input to API', + status: 'Incomplete', + }, + { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Draft' }, + { id: 'CWE-477', name: 'Use of Obsolete Functions', status: 'Draft' }, + { + id: 'CWE-478', + name: 'Missing Default Case in Switch Statement', + status: 'Draft', + }, + { + id: 'CWE-479', + name: 'Unsafe Function Call from a Signal Handler', + status: 'Draft', + }, + { + id: 'CWE-48', + name: "Path Equivalence: 'file name' (Internal Whitespace)", + status: 'Incomplete', + }, + { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, + { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, + { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, + { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, + { + id: 'CWE-484', + name: 'Omitted Break Statement in Switch', + status: 'Draft', + }, + { id: 'CWE-485', name: 'Insufficient Encapsulation', status: 'Draft' }, + { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, + { + id: 'CWE-487', + name: 'Reliance on Package-level Scope', + status: 'Incomplete', + }, + { id: 'CWE-488', name: 'Data Leak Between Sessions', status: 'Draft' }, + { id: 'CWE-489', name: 'Leftover Debug Code', status: 'Draft' }, + { + id: 'CWE-49', + name: "Path Equivalence: 'filename/' (Trailing Slash)", + status: 'Incomplete', + }, + { + id: 'CWE-491', + name: "Public cloneable() Method Without Final ('Object Hijack')", + status: 'Draft', + }, + { + id: 'CWE-492', + name: 'Use of Inner Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-493', + name: 'Critical Public Variable Without Final Modifier', + status: 'Draft', + }, + { + id: 'CWE-494', + name: 'Download of Code Without Integrity Check', + status: 'Draft', + }, + { + id: 'CWE-495', + name: 'Private Array-Typed Field Returned From A Public Method', + status: 'Draft', + }, + { + id: 'CWE-496', + name: 'Public Data Assigned to Private Array-Typed Field', + status: 'Incomplete', + }, + { + id: 'CWE-497', + name: 'Exposure of System Data to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-498', + name: 'Information Leak through Class Cloning', + status: 'Draft', + }, + { + id: 'CWE-499', + name: 'Serializable Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-5', + name: 'J2EE Misconfiguration: Data Transmission Without Encryption', + status: 'Draft', + }, + { + id: 'CWE-50', + name: "Path Equivalence: '//multiple/leading/slash'", + status: 'Incomplete', + }, + { + id: 'CWE-500', + name: 'Public Static Field Not Marked Final', + status: 'Draft', + }, + { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, + { + id: 'CWE-502', + name: 'Deserialization of Untrusted Data', + status: 'Draft', + }, + { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, + { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, + { + id: 'CWE-508', + name: 'Non-Replicating Malicious Code', + status: 'Incomplete', + }, + { + id: 'CWE-509', + name: 'Replicating Malicious Code (Virus or Worm)', + status: 'Incomplete', + }, + { + id: 'CWE-51', + name: "Path Equivalence: '/multiple//internal/slash'", + status: 'Incomplete', + }, + { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, + { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, + { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, + { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, + { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, + { + id: 'CWE-516', + name: 'DEPRECATED (Duplicate): Covert Timing Channel', + status: 'Deprecated', + }, + { + id: 'CWE-52', + name: "Path Equivalence: '/multiple/trailing/slash//'", + status: 'Incomplete', + }, + { + id: 'CWE-520', + name: '.NET Misconfiguration: Use of Impersonation', + status: 'Incomplete', + }, + { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, + { + id: 'CWE-522', + name: 'Insufficiently Protected Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-523', + name: 'Unprotected Transport of Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-524', + name: 'Information Leak Through Caching', + status: 'Incomplete', + }, + { + id: 'CWE-525', + name: 'Information Leak Through Browser Caching', + status: 'Incomplete', + }, + { + id: 'CWE-526', + name: 'Information Leak Through Environmental Variables', + status: 'Incomplete', + }, + { + id: 'CWE-527', + name: 'Exposure of CVS Repository to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-528', + name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', + status: 'Draft', + }, + { + id: 'CWE-529', + name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-53', + name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", + status: 'Incomplete', + }, + { + id: 'CWE-530', + name: 'Exposure of Backup File to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-531', + name: 'Information Leak Through Test Code', + status: 'Incomplete', + }, + { + id: 'CWE-532', + name: 'Information Leak Through Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-533', + name: 'Information Leak Through Server Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-534', + name: 'Information Leak Through Debug Log Files', + status: 'Draft', + }, + { + id: 'CWE-535', + name: 'Information Leak Through Shell Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-536', + name: 'Information Leak Through Servlet Runtime Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-537', + name: 'Information Leak Through Java Runtime Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-538', + name: 'File and Directory Information Exposure', + status: 'Draft', + }, + { + id: 'CWE-539', + name: 'Information Leak Through Persistent Cookies', + status: 'Incomplete', + }, + { + id: 'CWE-54', + name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", + status: 'Incomplete', + }, + { + id: 'CWE-540', + name: 'Information Leak Through Source Code', + status: 'Incomplete', + }, + { + id: 'CWE-541', + name: 'Information Leak Through Include Source Code', + status: 'Incomplete', + }, + { + id: 'CWE-542', + name: 'Information Leak Through Cleanup Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-543', + name: 'Use of Singleton Pattern in a Non-thread-safe Manner', + status: 'Incomplete', + }, + { + id: 'CWE-544', + name: 'Failure to Use a Standardized Error Handling Mechanism', + status: 'Draft', + }, + { + id: 'CWE-545', + name: 'Use of Dynamic Class Loading', + status: 'Incomplete', + }, + { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, + { + id: 'CWE-547', + name: 'Use of Hard-coded, Security-relevant Constants', + status: 'Draft', + }, + { + id: 'CWE-548', + name: 'Information Leak Through Directory Listing', + status: 'Draft', + }, + { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, + { + id: 'CWE-55', + name: "Path Equivalence: '/./' (Single Dot Directory)", + status: 'Incomplete', + }, + { + id: 'CWE-550', + name: 'Information Leak Through Server Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-551', + name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', + status: 'Incomplete', + }, + { + id: 'CWE-552', + name: 'Files or Directories Accessible to External Parties', + status: 'Draft', + }, + { + id: 'CWE-553', + name: 'Command Shell in Externally Accessible Directory', + status: 'Incomplete', + }, + { + id: 'CWE-554', + name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', + status: 'Draft', + }, + { + id: 'CWE-555', + name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-556', + name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', + status: 'Incomplete', + }, + { + id: 'CWE-558', + name: 'Use of getlogin() in Multithreaded Application', + status: 'Draft', + }, + { + id: 'CWE-56', + name: "Path Equivalence: 'filedir*' (Wildcard)", + status: 'Incomplete', + }, + { + id: 'CWE-560', + name: 'Use of umask() with chmod-style Argument', + status: 'Draft', + }, + { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, + { + id: 'CWE-562', + name: 'Return of Stack Variable Address', + status: 'Draft', + }, + { id: 'CWE-563', name: 'Unused Variable', status: 'Draft' }, + { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, + { + id: 'CWE-565', + name: 'Reliance on Cookies without Validation and Integrity Checking', + status: 'Incomplete', + }, + { + id: 'CWE-566', + name: 'Access Control Bypass Through User-Controlled SQL Primary Key', + status: 'Incomplete', + }, + { + id: 'CWE-567', + name: 'Unsynchronized Access to Shared Data', + status: 'Draft', + }, + { + id: 'CWE-568', + name: 'finalize() Method Without super.finalize()', + status: 'Draft', + }, + { + id: 'CWE-57', + name: "Path Equivalence: 'fakedir/../realdir/filename'", + status: 'Incomplete', + }, + { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, + { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, + { + id: 'CWE-572', + name: 'Call to Thread run() instead of start()', + status: 'Draft', + }, + { id: 'CWE-573', name: 'Failure to Follow Specification', status: 'Draft' }, + { + id: 'CWE-574', + name: 'EJB Bad Practices: Use of Synchronization Primitives', + status: 'Draft', + }, + { + id: 'CWE-575', + name: 'EJB Bad Practices: Use of AWT Swing', + status: 'Draft', + }, + { + id: 'CWE-576', + name: 'EJB Bad Practices: Use of Java I/O', + status: 'Draft', + }, + { + id: 'CWE-577', + name: 'EJB Bad Practices: Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-578', + name: 'EJB Bad Practices: Use of Class Loader', + status: 'Draft', + }, + { + id: 'CWE-579', + name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', + status: 'Draft', + }, + { + id: 'CWE-58', + name: 'Path Equivalence: Windows 8.3 Filename', + status: 'Incomplete', + }, + { + id: 'CWE-580', + name: 'clone() Method Without super.clone()', + status: 'Draft', + }, + { + id: 'CWE-581', + name: 'Object Model Violation: Just One of Equals and Hashcode Defined', + status: 'Draft', + }, + { + id: 'CWE-582', + name: 'Array Declared Public, Final, and Static', + status: 'Draft', + }, + { + id: 'CWE-583', + name: 'finalize() Method Declared Public', + status: 'Incomplete', + }, + { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, + { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, + { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, + { + id: 'CWE-587', + name: 'Assignment of a Fixed Address to a Pointer', + status: 'Draft', + }, + { + id: 'CWE-588', + name: 'Attempt to Access Child of a Non-structure Pointer', + status: 'Incomplete', + }, + { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, + { + id: 'CWE-59', + name: "Improper Link Resolution Before File Access ('Link Following')", + status: 'Draft', + }, + { + id: 'CWE-590', + name: 'Free of Memory not on the Heap', + status: 'Incomplete', + }, + { + id: 'CWE-591', + name: 'Sensitive Data Storage in Improperly Locked Memory', + status: 'Draft', + }, + { + id: 'CWE-592', + name: 'Authentication Bypass Issues', + status: 'Incomplete', + }, + { + id: 'CWE-593', + name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', + status: 'Draft', + }, + { + id: 'CWE-594', + name: 'J2EE Framework: Saving Unserializable Objects to Disk', + status: 'Incomplete', + }, + { + id: 'CWE-595', + name: 'Comparison of Object References Instead of Object Contents', + status: 'Incomplete', + }, + { + id: 'CWE-596', + name: 'Incorrect Semantic Object Comparison', + status: 'Incomplete', + }, + { + id: 'CWE-597', + name: 'Use of Wrong Operator in String Comparison', + status: 'Draft', + }, + { + id: 'CWE-598', + name: 'Information Leak Through Query Strings in GET Request', + status: 'Draft', + }, + { + id: 'CWE-599', + name: 'Trust of OpenSSL Certificate Without Validation', + status: 'Incomplete', + }, + { + id: 'CWE-6', + name: 'J2EE Misconfiguration: Insufficient Session-ID Length', + status: 'Incomplete', + }, + { + id: 'CWE-600', + name: 'Failure to Catch All Exceptions in Servlet ', + status: 'Draft', + }, + { + id: 'CWE-601', + name: "URL Redirection to Untrusted Site ('Open Redirect')", + status: 'Draft', + }, + { + id: 'CWE-602', + name: 'Client-Side Enforcement of Server-Side Security', + status: 'Draft', + }, + { + id: 'CWE-603', + name: 'Use of Client-Side Authentication', + status: 'Draft', + }, + { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, + { + id: 'CWE-606', + name: 'Unchecked Input for Loop Condition', + status: 'Draft', + }, + { + id: 'CWE-607', + name: 'Public Static Final Field References Mutable Object', + status: 'Draft', + }, + { + id: 'CWE-608', + name: 'Struts: Non-private Field in ActionForm Class', + status: 'Draft', + }, + { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, + { + id: 'CWE-610', + name: 'Externally Controlled Reference to a Resource in Another Sphere', + status: 'Draft', + }, + { + id: 'CWE-611', + name: 'Information Leak Through XML External Entity File Disclosure', + status: 'Draft', + }, + { + id: 'CWE-612', + name: 'Information Leak Through Indexing of Private Data', + status: 'Draft', + }, + { + id: 'CWE-613', + name: 'Insufficient Session Expiration', + status: 'Incomplete', + }, + { + id: 'CWE-614', + name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", + status: 'Draft', + }, + { + id: 'CWE-615', + name: 'Information Leak Through Comments', + status: 'Incomplete', + }, + { + id: 'CWE-616', + name: 'Incomplete Identification of Uploaded File Variables (PHP)', + status: 'Incomplete', + }, + { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, + { + id: 'CWE-618', + name: 'Exposed Unsafe ActiveX Method', + status: 'Incomplete', + }, + { + id: 'CWE-619', + name: "Dangling Database Cursor ('Cursor Injection')", + status: 'Incomplete', + }, + { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, + { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, + { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, + { + id: 'CWE-622', + name: 'Unvalidated Function Hook Arguments', + status: 'Draft', + }, + { + id: 'CWE-623', + name: 'Unsafe ActiveX Control Marked Safe For Scripting', + status: 'Draft', + }, + { + id: 'CWE-624', + name: 'Executable Regular Expression Error', + status: 'Incomplete', + }, + { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, + { + id: 'CWE-626', + name: 'Null Byte Interaction Error (Poison Null Byte)', + status: 'Draft', + }, + { + id: 'CWE-627', + name: 'Dynamic Variable Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-628', + name: 'Function Call with Incorrectly Specified Arguments', + status: 'Draft', + }, + { + id: 'CWE-636', + name: "Not Failing Securely ('Failing Open')", + status: 'Draft', + }, + { + id: 'CWE-637', + name: 'Failure to Use Economy of Mechanism', + status: 'Draft', + }, + { + id: 'CWE-638', + name: 'Failure to Use Complete Mediation', + status: 'Draft', + }, + { + id: 'CWE-639', + name: 'Access Control Bypass Through User-Controlled Key', + status: 'Incomplete', + }, + { + id: 'CWE-64', + name: 'Windows Shortcut Following (.LNK)', + status: 'Incomplete', + }, + { + id: 'CWE-640', + name: 'Weak Password Recovery Mechanism for Forgotten Password', + status: 'Incomplete', + }, + { + id: 'CWE-641', + name: 'Insufficient Filtering of File and Other Resource Names for Executable Content', + status: 'Incomplete', + }, + { + id: 'CWE-642', + name: 'External Control of Critical State Data', + status: 'Draft', + }, + { + id: 'CWE-643', + name: "Improper Neutralization of Data within XPath Expressions ('XPath injection')", + status: 'Incomplete', + }, + { + id: 'CWE-644', + name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', + status: 'Incomplete', + }, + { + id: 'CWE-645', + name: 'Overly Restrictive Account Lockout Mechanism', + status: 'Incomplete', + }, + { + id: 'CWE-646', + name: 'Reliance on File Name or Extension of Externally-Supplied File', + status: 'Incomplete', + }, + { + id: 'CWE-647', + name: 'Use of Non-Canonical URL Paths for Authorization Decisions', + status: 'Incomplete', + }, + { + id: 'CWE-648', + name: 'Incorrect Use of Privileged APIs', + status: 'Incomplete', + }, + { + id: 'CWE-649', + name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', + status: 'Incomplete', + }, + { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, + { + id: 'CWE-650', + name: 'Trusting HTTP Permission Methods on the Server Side', + status: 'Incomplete', + }, + { + id: 'CWE-651', + name: 'Information Leak through WSDL File', + status: 'Incomplete', + }, + { + id: 'CWE-652', + name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-653', + name: 'Insufficient Compartmentalization', + status: 'Draft', + }, + { + id: 'CWE-654', + name: 'Reliance on a Single Factor in a Security Decision', + status: 'Draft', + }, + { + id: 'CWE-655', + name: 'Insufficient Psychological Acceptability', + status: 'Draft', + }, + { + id: 'CWE-656', + name: 'Reliance on Security through Obscurity', + status: 'Draft', + }, + { + id: 'CWE-657', + name: 'Violation of Secure Design Principles', + status: 'Draft', + }, + { + id: 'CWE-66', + name: 'Improper Handling of File Names that Identify Virtual Resources', + status: 'Draft', + }, + { id: 'CWE-662', name: 'Insufficient Synchronization', status: 'Draft' }, + { + id: 'CWE-663', + name: 'Use of a Non-reentrant Function in an Unsynchronized Context', + status: 'Draft', + }, + { + id: 'CWE-664', + name: 'Improper Control of a Resource Through its Lifetime', + status: 'Draft', + }, + { id: 'CWE-665', name: 'Improper Initialization', status: 'Draft' }, + { + id: 'CWE-666', + name: 'Operation on Resource in Wrong Phase of Lifetime', + status: 'Draft', + }, + { id: 'CWE-667', name: 'Insufficient Locking', status: 'Draft' }, + { + id: 'CWE-668', + name: 'Exposure of Resource to Wrong Sphere', + status: 'Draft', + }, + { + id: 'CWE-669', + name: 'Incorrect Resource Transfer Between Spheres', + status: 'Draft', + }, + { + id: 'CWE-67', + name: 'Improper Handling of Windows Device Names', + status: 'Incomplete', + }, + { + id: 'CWE-670', + name: 'Always-Incorrect Control Flow Implementation', + status: 'Draft', + }, + { + id: 'CWE-671', + name: 'Lack of Administrator Control over Security', + status: 'Draft', + }, + { + id: 'CWE-672', + name: 'Operation on a Resource after Expiration or Release', + status: 'Draft', + }, + { + id: 'CWE-673', + name: 'External Influence of Sphere Definition', + status: 'Draft', + }, + { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, + { + id: 'CWE-675', + name: 'Duplicate Operations on Resource', + status: 'Draft', + }, + { + id: 'CWE-676', + name: 'Use of Potentially Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-681', + name: 'Incorrect Conversion between Numeric Types', + status: 'Draft', + }, + { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, + { + id: 'CWE-683', + name: 'Function Call With Incorrect Order of Arguments', + status: 'Draft', + }, + { + id: 'CWE-684', + name: 'Failure to Provide Specified Functionality', + status: 'Draft', + }, + { + id: 'CWE-685', + name: 'Function Call With Incorrect Number of Arguments', + status: 'Draft', + }, + { + id: 'CWE-686', + name: 'Function Call With Incorrect Argument Type', + status: 'Draft', + }, + { + id: 'CWE-687', + name: 'Function Call With Incorrectly Specified Argument Value', + status: 'Draft', + }, + { + id: 'CWE-688', + name: 'Function Call With Incorrect Variable or Reference as Argument', + status: 'Draft', + }, + { + id: 'CWE-69', + name: 'Failure to Handle Windows ::DATA Alternate Data Stream', + status: 'Incomplete', + }, + { + id: 'CWE-691', + name: 'Insufficient Control Flow Management', + status: 'Draft', + }, + { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, + { + id: 'CWE-694', + name: 'Use of Multiple Resources with Duplicate Identifier', + status: 'Incomplete', + }, + { + id: 'CWE-695', + name: 'Use of Low-Level Functionality', + status: 'Incomplete', + }, + { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, + { id: 'CWE-697', name: 'Insufficient Comparison', status: 'Incomplete' }, + { id: 'CWE-698', name: 'Redirect Without Exit', status: 'Incomplete' }, + { + id: 'CWE-7', + name: 'J2EE Misconfiguration: Missing Custom Error Page', + status: 'Incomplete', + }, + { + id: 'CWE-703', + name: 'Failure to Handle Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-704', + name: 'Incorrect Type Conversion or Cast', + status: 'Incomplete', + }, + { + id: 'CWE-705', + name: 'Incorrect Control Flow Scoping', + status: 'Incomplete', + }, + { + id: 'CWE-706', + name: 'Use of Incorrectly-Resolved Name or Reference', + status: 'Incomplete', + }, + { + id: 'CWE-707', + name: 'Improper Enforcement of Message or Data Structure', + status: 'Incomplete', + }, + { + id: 'CWE-708', + name: 'Incorrect Ownership Assignment', + status: 'Incomplete', + }, + { id: 'CWE-71', name: "Apple '.DS_Store'", status: 'Incomplete' }, + { id: 'CWE-710', name: 'Coding Standards Violation', status: 'Incomplete' }, + { + id: 'CWE-72', + name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', + status: 'Incomplete', + }, + { + id: 'CWE-73', + name: 'External Control of File Name or Path', + status: 'Draft', + }, + { + id: 'CWE-732', + name: 'Incorrect Permission Assignment for Critical Resource', + status: 'Draft', + }, + { + id: 'CWE-733', + name: 'Compiler Optimization Removal or Modification of Security-critical Code', + status: 'Incomplete', + }, + { + id: 'CWE-74', + name: "Failure to Sanitize Data into a Different Plane ('Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-749', + name: 'Exposed Dangerous Method or Function', + status: 'Incomplete', + }, + { + id: 'CWE-75', + name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', + status: 'Draft', + }, + { + id: 'CWE-754', + name: 'Improper Check for Unusual or Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-755', + name: 'Improper Handling of Exceptional Conditions', + status: 'Incomplete', + }, + { id: 'CWE-756', name: 'Missing Custom Error Page', status: 'Incomplete' }, + { + id: 'CWE-757', + name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", + status: 'Incomplete', + }, + { + id: 'CWE-758', + name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', + status: 'Incomplete', + }, + { + id: 'CWE-759', + name: 'Use of a One-Way Hash without a Salt', + status: 'Incomplete', + }, + { + id: 'CWE-76', + name: 'Failure to Resolve Equivalent Special Elements into a Different Plane', + status: 'Draft', + }, + { + id: 'CWE-760', + name: 'Use of a One-Way Hash with a Predictable Salt', + status: 'Incomplete', + }, + { + id: 'CWE-761', + name: 'Free of Pointer not at Start of Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-762', + name: 'Mismatched Memory Management Routines', + status: 'Incomplete', + }, + { + id: 'CWE-763', + name: 'Release of Invalid Pointer or Reference', + status: 'Incomplete', + }, + { + id: 'CWE-764', + name: 'Multiple Locks of a Critical Resource', + status: 'Incomplete', + }, + { + id: 'CWE-765', + name: 'Multiple Unlocks of a Critical Resource', + status: 'Incomplete', + }, + { + id: 'CWE-766', + name: 'Critical Variable Declared Public', + status: 'Incomplete', + }, + { + id: 'CWE-767', + name: 'Access to Critical Private Variable via Public Method', + status: 'Incomplete', + }, + { + id: 'CWE-768', + name: 'Incorrect Short Circuit Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-77', + name: "Improper Sanitization of Special Elements used in a Command ('Command Injection')", + status: 'Draft', + }, + { + id: 'CWE-770', + name: 'Allocation of Resources Without Limits or Throttling', + status: 'Incomplete', + }, + { + id: 'CWE-771', + name: 'Missing Reference to Active Allocated Resource', + status: 'Incomplete', + }, + { + id: 'CWE-772', + name: 'Missing Release of Resource after Effective Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-773', + name: 'Missing Reference to Active File Descriptor or Handle', + status: 'Incomplete', + }, + { + id: 'CWE-774', + name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', + status: 'Incomplete', + }, + { + id: 'CWE-775', + name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-776', + name: "Unrestricted Recursive Entity References in DTDs ('XML Bomb')", + status: 'Draft', + }, + { + id: 'CWE-777', + name: 'Regular Expression without Anchors', + status: 'Incomplete', + }, + { id: 'CWE-778', name: 'Insufficient Logging', status: 'Draft' }, + { id: 'CWE-779', name: 'Logging of Excessive Data', status: 'Draft' }, + { + id: 'CWE-78', + name: "Improper Sanitization of Special Elements used in an OS Command ('OS Command Injection')", + status: 'Draft', + }, + { + id: 'CWE-780', + name: 'Use of RSA Algorithm without OAEP', + status: 'Incomplete', + }, + { + id: 'CWE-781', + name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', + status: 'Draft', + }, + { + id: 'CWE-782', + name: 'Exposed IOCTL with Insufficient Access Control', + status: 'Draft', + }, + { id: 'CWE-783', name: 'Operator Precedence Logic Error', status: 'Draft' }, + { + id: 'CWE-784', + name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', + status: 'Draft', + }, + { + id: 'CWE-785', + name: 'Use of Path Manipulation Function without Maximum-sized Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-786', + name: 'Access of Memory Location Before Start of Buffer', + status: 'Incomplete', + }, + { id: 'CWE-787', name: 'Out-of-bounds Write', status: 'Incomplete' }, + { + id: 'CWE-788', + name: 'Access of Memory Location After End of Buffer', + status: 'Incomplete', + }, + { id: 'CWE-789', name: 'Uncontrolled Memory Allocation', status: 'Draft' }, + { + id: 'CWE-79', + name: "Failure to Preserve Web Page Structure ('Cross-site Scripting')", + status: 'Usable', + }, + { + id: 'CWE-790', + name: 'Improper Filtering of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-791', + name: 'Incomplete Filtering of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-792', + name: 'Incomplete Filtering of One or More Instances of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-793', + name: 'Only Filtering One Instance of a Special Element', + status: 'Incomplete', + }, + { + id: 'CWE-794', + name: 'Incomplete Filtering of Multiple Instances of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-795', + name: 'Only Filtering Special Elements at a Specified Location', + status: 'Incomplete', + }, + { + id: 'CWE-796', + name: 'Only Filtering Special Elements Relative to a Marker', + status: 'Incomplete', + }, + { + id: 'CWE-797', + name: 'Only Filtering Special Elements at an Absolute Position', + status: 'Incomplete', + }, + { + id: 'CWE-798', + name: 'Use of Hard-coded Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-799', + name: 'Improper Control of Interaction Frequency', + status: 'Incomplete', + }, + { + id: 'CWE-8', + name: 'J2EE Misconfiguration: Entity Bean Declared Remote', + status: 'Incomplete', + }, + { + id: 'CWE-80', + name: 'Improper Sanitization of Script-Related HTML Tags in a Web Page (Basic XSS)', + status: 'Incomplete', + }, + { id: 'CWE-804', name: 'Guessable CAPTCHA', status: 'Incomplete' }, + { + id: 'CWE-805', + name: 'Buffer Access with Incorrect Length Value', + status: 'Incomplete', + }, + { + id: 'CWE-806', + name: 'Buffer Access Using Size of Source Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-807', + name: 'Reliance on Untrusted Inputs in a Security Decision', + status: 'Incomplete', + }, + { + id: 'CWE-81', + name: 'Improper Sanitization of Script in an Error Message Web Page', + status: 'Incomplete', + }, + { + id: 'CWE-82', + name: 'Improper Sanitization of Script in Attributes of IMG Tags in a Web Page', + status: 'Incomplete', + }, + { + id: 'CWE-83', + name: 'Improper Neutralization of Script in Attributes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-84', + name: 'Failure to Resolve Encoded URI Schemes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-85', + name: 'Doubled Character XSS Manipulations', + status: 'Draft', + }, + { + id: 'CWE-86', + name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', + status: 'Draft', + }, + { + id: 'CWE-87', + name: 'Failure to Sanitize Alternate XSS Syntax', + status: 'Draft', + }, + { + id: 'CWE-88', + name: 'Argument Injection or Modification', + status: 'Draft', + }, + { + id: 'CWE-89', + name: "Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection')", + status: 'Draft', + }, + { + id: 'CWE-9', + name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', + status: 'Draft', + }, + { + id: 'CWE-90', + name: "Failure to Sanitize Data into LDAP Queries ('LDAP Injection')", + status: 'Draft', + }, + { + id: 'CWE-91', + name: 'XML Injection (aka Blind XPath Injection)', + status: 'Draft', + }, + { + id: 'CWE-92', + name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', + status: 'Deprecated', + }, + { + id: 'CWE-93', + name: "Failure to Sanitize CRLF Sequences ('CRLF Injection')", + status: 'Draft', + }, + { + id: 'CWE-94', + name: "Failure to Control Generation of Code ('Code Injection')", + status: 'Draft', + }, + { + id: 'CWE-95', + name: "Improper Sanitization of Directives in Dynamically Evaluated Code ('Eval Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-96', + name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", + status: 'Draft', + }, + { + id: 'CWE-97', + name: 'Failure to Sanitize Server-Side Includes (SSI) Within a Web Page', + status: 'Draft', + }, + { + id: 'CWE-98', + name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP File Inclusion')", + status: 'Draft', + }, + { + id: 'CWE-99', + name: "Improper Control of Resource Identifiers ('Resource Injection')", + status: 'Draft', + }, + ], +} diff --git a/lib/cwec/1.8.js b/lib/cwec/1.8.js new file mode 100644 index 00000000..e3b92e1e --- /dev/null +++ b/lib/cwec/1.8.js @@ -0,0 +1,2716 @@ +export default { + weaknesses: [ + { + id: 'CWE-102', + name: 'Struts: Duplicate Validation Forms', + status: 'Incomplete', + }, + { + id: 'CWE-103', + name: 'Struts: Incomplete validate() Method Definition', + status: 'Draft', + }, + { + id: 'CWE-104', + name: 'Struts: Form Bean Does Not Extend Validation Class', + status: 'Draft', + }, + { + id: 'CWE-105', + name: 'Struts: Form Field Without Validator', + status: 'Draft', + }, + { + id: 'CWE-106', + name: 'Struts: Plug-in Framework not in Use', + status: 'Draft', + }, + { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, + { + id: 'CWE-108', + name: 'Struts: Unvalidated Action Form', + status: 'Incomplete', + }, + { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, + { + id: 'CWE-11', + name: 'ASP.NET Misconfiguration: Creating Debug Binary', + status: 'Draft', + }, + { + id: 'CWE-110', + name: 'Struts: Validator Without Form Field', + status: 'Draft', + }, + { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, + { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, + { + id: 'CWE-113', + name: "Failure to Sanitize CRLF Sequences in HTTP Headers ('HTTP Response Splitting')", + status: 'Incomplete', + }, + { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, + { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, + { + id: 'CWE-116', + name: 'Improper Encoding or Escaping of Output', + status: 'Draft', + }, + { + id: 'CWE-117', + name: 'Improper Output Sanitization for Logs', + status: 'Draft', + }, + { + id: 'CWE-118', + name: "Improper Access of Indexable Resource ('Range Error')", + status: 'Incomplete', + }, + { + id: 'CWE-119', + name: 'Failure to Constrain Operations within the Bounds of a Memory Buffer', + status: 'Usable', + }, + { + id: 'CWE-12', + name: 'ASP.NET Misconfiguration: Missing Custom Error Page', + status: 'Draft', + }, + { + id: 'CWE-120', + name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", + status: 'Incomplete', + }, + { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, + { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, + { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, + { + id: 'CWE-124', + name: "Buffer Underwrite ('Buffer Underflow')", + status: 'Incomplete', + }, + { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, + { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, + { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, + { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, + { + id: 'CWE-129', + name: 'Improper Validation of Array Index', + status: 'Draft', + }, + { + id: 'CWE-13', + name: 'ASP.NET Misconfiguration: Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-130', + name: 'Improper Handling of Length Parameter Inconsistency ', + status: 'Incomplete', + }, + { + id: 'CWE-131', + name: 'Incorrect Calculation of Buffer Size', + status: 'Draft', + }, + { + id: 'CWE-132', + name: 'DEPRECATED (Duplicate): Miscalculated Null Termination', + status: 'Deprecated', + }, + { id: 'CWE-134', name: 'Uncontrolled Format String', status: 'Draft' }, + { + id: 'CWE-135', + name: 'Incorrect Calculation of Multi-Byte String Length', + status: 'Draft', + }, + { + id: 'CWE-138', + name: 'Improper Sanitization of Special Elements', + status: 'Draft', + }, + { + id: 'CWE-14', + name: 'Compiler Removal of Code to Clear Buffers', + status: 'Draft', + }, + { id: 'CWE-140', name: 'Failure to Sanitize Delimiters', status: 'Draft' }, + { + id: 'CWE-141', + name: 'Failure to Sanitize Parameter/Argument Delimiters', + status: 'Draft', + }, + { + id: 'CWE-142', + name: 'Failure to Sanitize Value Delimiters', + status: 'Draft', + }, + { + id: 'CWE-143', + name: 'Failure to Sanitize Record Delimiters', + status: 'Draft', + }, + { + id: 'CWE-144', + name: 'Failure to Sanitize Line Delimiters', + status: 'Draft', + }, + { + id: 'CWE-145', + name: 'Failure to Sanitize Section Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-146', + name: 'Failure to Sanitize Expression/Command Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-147', + name: 'Improper Sanitization of Input Terminators', + status: 'Draft', + }, + { + id: 'CWE-148', + name: 'Failure to Sanitize Input Leaders', + status: 'Draft', + }, + { + id: 'CWE-149', + name: 'Failure to Sanitize Quoting Syntax', + status: 'Draft', + }, + { + id: 'CWE-15', + name: 'External Control of System or Configuration Setting', + status: 'Incomplete', + }, + { + id: 'CWE-150', + name: 'Failure to Sanitize Escape, Meta, or Control Sequences', + status: 'Incomplete', + }, + { + id: 'CWE-151', + name: 'Improper Sanitization of Comment Delimiters', + status: 'Draft', + }, + { + id: 'CWE-152', + name: 'Improper Sanitization of Macro Symbols', + status: 'Draft', + }, + { + id: 'CWE-153', + name: 'Improper Sanitization of Substitution Characters', + status: 'Draft', + }, + { + id: 'CWE-154', + name: 'Improper Sanitization of Variable Name Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-155', + name: 'Improper Sanitization of Wildcards or Matching Symbols', + status: 'Draft', + }, + { + id: 'CWE-156', + name: 'Improper Sanitization of Whitespace', + status: 'Draft', + }, + { + id: 'CWE-157', + name: 'Failure to Sanitize Paired Delimiters', + status: 'Draft', + }, + { + id: 'CWE-158', + name: 'Failure to Sanitize Null Byte or NUL Character', + status: 'Incomplete', + }, + { + id: 'CWE-159', + name: 'Failure to Sanitize Special Element', + status: 'Draft', + }, + { + id: 'CWE-160', + name: 'Improper Sanitization of Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-161', + name: 'Improper Sanitization of Multiple Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-162', + name: 'Improper Sanitization of Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-163', + name: 'Improper Sanitization of Multiple Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-164', + name: 'Improper Sanitization of Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-165', + name: 'Improper Sanitization of Multiple Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-166', + name: 'Improper Handling of Missing Special Element', + status: 'Draft', + }, + { + id: 'CWE-167', + name: 'Improper Handling of Additional Special Element', + status: 'Draft', + }, + { + id: 'CWE-168', + name: 'Failure to Resolve Inconsistent Special Elements', + status: 'Draft', + }, + { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, + { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, + { + id: 'CWE-173', + name: 'Failure to Handle Alternate Encoding', + status: 'Draft', + }, + { + id: 'CWE-174', + name: 'Double Decoding of the Same Data', + status: 'Draft', + }, + { + id: 'CWE-175', + name: 'Failure to Handle Mixed Encoding', + status: 'Draft', + }, + { + id: 'CWE-176', + name: 'Failure to Handle Unicode Encoding', + status: 'Draft', + }, + { + id: 'CWE-177', + name: 'Failure to Handle URL Encoding (Hex Encoding)', + status: 'Draft', + }, + { + id: 'CWE-178', + name: 'Failure to Resolve Case Sensitivity', + status: 'Incomplete', + }, + { + id: 'CWE-179', + name: 'Incorrect Behavior Order: Early Validation', + status: 'Incomplete', + }, + { + id: 'CWE-180', + name: 'Incorrect Behavior Order: Validate Before Canonicalize', + status: 'Draft', + }, + { + id: 'CWE-181', + name: 'Incorrect Behavior Order: Validate Before Filter', + status: 'Draft', + }, + { + id: 'CWE-182', + name: 'Collapse of Data Into Unsafe Value', + status: 'Draft', + }, + { id: 'CWE-183', name: 'Permissive Whitelist', status: 'Draft' }, + { id: 'CWE-184', name: 'Incomplete Blacklist', status: 'Draft' }, + { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, + { + id: 'CWE-186', + name: 'Overly Restrictive Regular Expression', + status: 'Draft', + }, + { id: 'CWE-187', name: 'Partial Comparison', status: 'Incomplete' }, + { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, + { + id: 'CWE-190', + name: 'Integer Overflow or Wraparound', + status: 'Incomplete', + }, + { + id: 'CWE-191', + name: 'Integer Underflow (Wrap or Wraparound)', + status: 'Draft', + }, + { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, + { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, + { + id: 'CWE-195', + name: 'Signed to Unsigned Conversion Error', + status: 'Draft', + }, + { + id: 'CWE-196', + name: 'Unsigned to Signed Conversion Error', + status: 'Draft', + }, + { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, + { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, + { id: 'CWE-20', name: 'Improper Input Validation', status: 'Usable' }, + { id: 'CWE-200', name: 'Information Exposure', status: 'Incomplete' }, + { + id: 'CWE-201', + name: 'Information Leak Through Sent Data', + status: 'Draft', + }, + { + id: 'CWE-202', + name: 'Privacy Leak through Data Queries', + status: 'Draft', + }, + { + id: 'CWE-203', + name: 'Information Exposure Through Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-204', + name: 'Response Discrepancy Information Leak', + status: 'Incomplete', + }, + { + id: 'CWE-205', + name: 'Information Exposure Through Behavioral Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-206', + name: 'Internal Behavioral Inconsistency Information Leak', + status: 'Incomplete', + }, + { + id: 'CWE-207', + name: 'Information Exposure Through an External Behavioral Inconsistency', + status: 'Draft', + }, + { + id: 'CWE-208', + name: 'Timing Discrepancy Information Leak', + status: 'Incomplete', + }, + { + id: 'CWE-209', + name: 'Information Exposure Through an Error Message', + status: 'Draft', + }, + { + id: 'CWE-210', + name: 'Product-Generated Error Message Information Leak', + status: 'Draft', + }, + { + id: 'CWE-211', + name: 'Product-External Error Message Information Leak', + status: 'Incomplete', + }, + { + id: 'CWE-212', + name: 'Improper Cross-boundary Removal of Sensitive Data', + status: 'Incomplete', + }, + { id: 'CWE-213', name: 'Intended Information Leak', status: 'Draft' }, + { + id: 'CWE-214', + name: 'Process Environment Information Leak', + status: 'Incomplete', + }, + { + id: 'CWE-215', + name: 'Information Leak Through Debug Information', + status: 'Draft', + }, + { + id: 'CWE-216', + name: 'Containment Errors (Container Errors)', + status: 'Incomplete', + }, + { + id: 'CWE-217', + name: 'DEPRECATED: Failure to Protect Stored Data from Modification', + status: 'Deprecated', + }, + { + id: 'CWE-218', + name: 'DEPRECATED (Duplicate): Failure to provide confidentiality for stored data', + status: 'Deprecated', + }, + { id: 'CWE-219', name: 'Sensitive Data Under Web Root', status: 'Draft' }, + { + id: 'CWE-22', + name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + status: 'Draft', + }, + { id: 'CWE-220', name: 'Sensitive Data Under FTP Root', status: 'Draft' }, + { + id: 'CWE-221', + name: 'Information Loss or Omission', + status: 'Incomplete', + }, + { + id: 'CWE-222', + name: 'Truncation of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-223', + name: 'Omission of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-224', + name: 'Obscured Security-relevant Information by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-225', + name: 'DEPRECATED (Duplicate): General Information Management Problems', + status: 'Deprecated', + }, + { + id: 'CWE-226', + name: 'Sensitive Information Uncleared Before Release', + status: 'Draft', + }, + { + id: 'CWE-227', + name: "Failure to Fulfill API Contract ('API Abuse')", + status: 'Draft', + }, + { + id: 'CWE-228', + name: 'Improper Handling of Syntactically Invalid Structure', + status: 'Incomplete', + }, + { + id: 'CWE-229', + name: 'Improper Handling of Values', + status: 'Incomplete', + }, + { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, + { + id: 'CWE-230', + name: 'Improper Handling of Missing Values', + status: 'Draft', + }, + { + id: 'CWE-231', + name: 'Improper Handling of Extra Values', + status: 'Draft', + }, + { + id: 'CWE-232', + name: 'Improper Handling of Undefined Values', + status: 'Draft', + }, + { id: 'CWE-233', name: 'Parameter Problems', status: 'Incomplete' }, + { + id: 'CWE-234', + name: 'Failure to Handle Missing Parameter', + status: 'Incomplete', + }, + { + id: 'CWE-235', + name: 'Improper Handling of Extra Parameters', + status: 'Draft', + }, + { + id: 'CWE-236', + name: 'Improper Handling of Undefined Parameters', + status: 'Draft', + }, + { + id: 'CWE-237', + name: 'Improper Handling of Structural Elements', + status: 'Incomplete', + }, + { + id: 'CWE-238', + name: 'Improper Handling of Incomplete Structural Elements', + status: 'Draft', + }, + { + id: 'CWE-239', + name: 'Failure to Handle Incomplete Element', + status: 'Draft', + }, + { + id: 'CWE-24', + name: "Path Traversal: '../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-240', + name: 'Improper Handling of Inconsistent Structural Elements', + status: 'Draft', + }, + { + id: 'CWE-241', + name: 'Improper Handling of Unexpected Data Type', + status: 'Draft', + }, + { + id: 'CWE-242', + name: 'Use of Inherently Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-243', + name: 'Failure to Change Working Directory in chroot Jail', + status: 'Draft', + }, + { + id: 'CWE-244', + name: "Failure to Clear Heap Memory Before Release ('Heap Inspection')", + status: 'Draft', + }, + { + id: 'CWE-245', + name: 'J2EE Bad Practices: Direct Management of Connections', + status: 'Draft', + }, + { + id: 'CWE-246', + name: 'J2EE Bad Practices: Direct Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-247', + name: 'Reliance on DNS Lookups in a Security Decision', + status: 'Incomplete', + }, + { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, + { + id: 'CWE-249', + name: 'DEPRECATED: Often Misused: Path Manipulation', + status: 'Deprecated', + }, + { + id: 'CWE-25', + name: "Path Traversal: '/../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-250', + name: 'Execution with Unnecessary Privileges', + status: 'Draft', + }, + { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, + { + id: 'CWE-253', + name: 'Incorrect Check of Function Return Value', + status: 'Incomplete', + }, + { + id: 'CWE-256', + name: 'Plaintext Storage of a Password', + status: 'Incomplete', + }, + { + id: 'CWE-257', + name: 'Storing Passwords in a Recoverable Format', + status: 'Incomplete', + }, + { + id: 'CWE-258', + name: 'Empty Password in Configuration File', + status: 'Incomplete', + }, + { id: 'CWE-259', name: 'Use of Hard-coded Password', status: 'Draft' }, + { + id: 'CWE-26', + name: "Path Traversal: '/dir/../filename'", + status: 'Draft', + }, + { + id: 'CWE-260', + name: 'Password in Configuration File', + status: 'Incomplete', + }, + { + id: 'CWE-261', + name: 'Weak Cryptography for Passwords', + status: 'Incomplete', + }, + { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, + { + id: 'CWE-263', + name: 'Password Aging with Long Expiration', + status: 'Draft', + }, + { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, + { + id: 'CWE-267', + name: 'Privilege Defined With Unsafe Actions', + status: 'Incomplete', + }, + { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, + { + id: 'CWE-269', + name: 'Improper Privilege Management', + status: 'Incomplete', + }, + { + id: 'CWE-27', + name: "Path Traversal: 'dir/../../filename'", + status: 'Draft', + }, + { + id: 'CWE-270', + name: 'Privilege Context Switching Error', + status: 'Draft', + }, + { + id: 'CWE-271', + name: 'Privilege Dropping / Lowering Errors', + status: 'Incomplete', + }, + { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, + { + id: 'CWE-273', + name: 'Improper Check for Dropped Privileges', + status: 'Incomplete', + }, + { + id: 'CWE-274', + name: 'Improper Handling of Insufficient Privileges', + status: 'Draft', + }, + { id: 'CWE-276', name: 'Incorrect Default Permissions', status: 'Draft' }, + { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, + { + id: 'CWE-278', + name: 'Insecure Preserved Inherited Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-279', + name: 'Incorrect Execution-Assigned Permissions', + status: 'Draft', + }, + { + id: 'CWE-28', + name: "Path Traversal: '..\\filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-280', + name: 'Improper Handling of Insufficient Permissions or Privileges ', + status: 'Draft', + }, + { + id: 'CWE-281', + name: 'Improper Preservation of Permissions', + status: 'Draft', + }, + { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, + { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, + { + id: 'CWE-284', + name: 'Access Control (Authorization) Issues', + status: 'Incomplete', + }, + { + id: 'CWE-285', + name: 'Improper Access Control (Authorization)', + status: 'Draft', + }, + { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, + { id: 'CWE-287', name: 'Improper Authentication', status: 'Draft' }, + { + id: 'CWE-288', + name: 'Authentication Bypass Using an Alternate Path or Channel', + status: 'Incomplete', + }, + { + id: 'CWE-289', + name: 'Authentication Bypass by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-29', + name: "Path Traversal: '\\..\\filename'", + status: 'Incomplete', + }, + { + id: 'CWE-290', + name: 'Authentication Bypass by Spoofing', + status: 'Incomplete', + }, + { + id: 'CWE-292', + name: 'Trusting Self-reported DNS Name', + status: 'Incomplete', + }, + { + id: 'CWE-293', + name: 'Using Referer Field for Authentication', + status: 'Draft', + }, + { + id: 'CWE-294', + name: 'Authentication Bypass by Capture-replay', + status: 'Incomplete', + }, + { + id: 'CWE-296', + name: 'Improper Following of Chain of Trust for Certificate Validation', + status: 'Draft', + }, + { + id: 'CWE-297', + name: 'Improper Validation of Host-specific Certificate Data', + status: 'Incomplete', + }, + { + id: 'CWE-298', + name: 'Improper Validation of Certificate Expiration', + status: 'Draft', + }, + { + id: 'CWE-299', + name: 'Improper Check for Certificate Revocation', + status: 'Draft', + }, + { + id: 'CWE-30', + name: "Path Traversal: '\\dir\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-300', + name: "Channel Accessible by Non-Endpoint ('Man-in-the-Middle')", + status: 'Draft', + }, + { + id: 'CWE-301', + name: 'Reflection Attack in an Authentication Protocol', + status: 'Draft', + }, + { + id: 'CWE-302', + name: 'Authentication Bypass by Assumed-Immutable Data', + status: 'Incomplete', + }, + { + id: 'CWE-303', + name: 'Incorrect Implementation of Authentication Algorithm', + status: 'Draft', + }, + { + id: 'CWE-304', + name: 'Missing Critical Step in Authentication', + status: 'Draft', + }, + { + id: 'CWE-305', + name: 'Authentication Bypass by Primary Weakness', + status: 'Draft', + }, + { + id: 'CWE-306', + name: 'Missing Authentication for Critical Function', + status: 'Draft', + }, + { + id: 'CWE-307', + name: 'Improper Restriction of Excessive Authentication Attempts', + status: 'Draft', + }, + { + id: 'CWE-308', + name: 'Use of Single-factor Authentication', + status: 'Draft', + }, + { + id: 'CWE-309', + name: 'Use of Password System for Primary Authentication', + status: 'Draft', + }, + { + id: 'CWE-31', + name: "Path Traversal: 'dir\\..\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-311', + name: 'Missing Encryption of Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-312', + name: 'Cleartext Storage of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-313', + name: 'Plaintext Storage in a File or on Disk', + status: 'Draft', + }, + { + id: 'CWE-314', + name: 'Plaintext Storage in the Registry', + status: 'Draft', + }, + { id: 'CWE-315', name: 'Plaintext Storage in a Cookie', status: 'Draft' }, + { id: 'CWE-316', name: 'Plaintext Storage in Memory', status: 'Draft' }, + { id: 'CWE-317', name: 'Plaintext Storage in GUI', status: 'Draft' }, + { id: 'CWE-318', name: 'Plaintext Storage in Executable', status: 'Draft' }, + { + id: 'CWE-319', + name: 'Cleartext Transmission of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-32', + name: "Path Traversal: '...' (Triple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-321', + name: 'Use of Hard-coded Cryptographic Key', + status: 'Draft', + }, + { + id: 'CWE-322', + name: 'Key Exchange without Entity Authentication', + status: 'Draft', + }, + { + id: 'CWE-323', + name: 'Reusing a Nonce, Key Pair in Encryption', + status: 'Incomplete', + }, + { + id: 'CWE-324', + name: 'Use of a Key Past its Expiration Date', + status: 'Draft', + }, + { + id: 'CWE-325', + name: 'Missing Required Cryptographic Step', + status: 'Incomplete', + }, + { id: 'CWE-326', name: 'Inadequate Encryption Strength', status: 'Draft' }, + { + id: 'CWE-327', + name: 'Use of a Broken or Risky Cryptographic Algorithm', + status: 'Draft', + }, + { id: 'CWE-328', name: 'Reversible One-Way Hash', status: 'Draft' }, + { + id: 'CWE-329', + name: 'Not Using a Random IV with CBC Mode', + status: 'Draft', + }, + { + id: 'CWE-33', + name: "Path Traversal: '....' (Multiple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-330', + name: 'Use of Insufficiently Random Values', + status: 'Usable', + }, + { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, + { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, + { + id: 'CWE-333', + name: 'Improper Handling of Insufficient Entropy in TRNG', + status: 'Draft', + }, + { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, + { id: 'CWE-335', name: 'PRNG Seed Error', status: 'Draft' }, + { id: 'CWE-336', name: 'Same Seed in PRNG', status: 'Draft' }, + { id: 'CWE-337', name: 'Predictable Seed in PRNG', status: 'Draft' }, + { + id: 'CWE-338', + name: 'Use of Cryptographically Weak PRNG', + status: 'Draft', + }, + { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, + { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, + { id: 'CWE-340', name: 'Predictability Problems', status: 'Incomplete' }, + { + id: 'CWE-341', + name: 'Predictable from Observable State', + status: 'Draft', + }, + { + id: 'CWE-342', + name: 'Predictable Exact Value from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-343', + name: 'Predictable Value Range from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-344', + name: 'Use of Invariant Value in Dynamically Changing Context', + status: 'Draft', + }, + { + id: 'CWE-345', + name: 'Insufficient Verification of Data Authenticity', + status: 'Draft', + }, + { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, + { + id: 'CWE-347', + name: 'Improper Verification of Cryptographic Signature', + status: 'Draft', + }, + { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, + { + id: 'CWE-349', + name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', + status: 'Draft', + }, + { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, + { id: 'CWE-350', name: 'Improperly Trusted Reverse DNS', status: 'Draft' }, + { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, + { + id: 'CWE-353', + name: 'Failure to Add Integrity Check Value', + status: 'Draft', + }, + { + id: 'CWE-354', + name: 'Improper Validation of Integrity Check Value', + status: 'Draft', + }, + { + id: 'CWE-356', + name: 'Product UI does not Warn User of Unsafe Actions', + status: 'Incomplete', + }, + { + id: 'CWE-357', + name: 'Insufficient UI Warning of Dangerous Operations', + status: 'Draft', + }, + { + id: 'CWE-358', + name: 'Improperly Implemented Security Check for Standard', + status: 'Draft', + }, + { id: 'CWE-359', name: 'Privacy Violation', status: 'Incomplete' }, + { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, + { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, + { id: 'CWE-362', name: 'Race Condition', status: 'Draft' }, + { + id: 'CWE-363', + name: 'Race Condition Enabling Link Following', + status: 'Draft', + }, + { + id: 'CWE-364', + name: 'Signal Handler Race Condition', + status: 'Incomplete', + }, + { id: 'CWE-365', name: 'Race Condition in Switch', status: 'Draft' }, + { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, + { + id: 'CWE-367', + name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', + status: 'Incomplete', + }, + { + id: 'CWE-368', + name: 'Context Switching Race Condition', + status: 'Draft', + }, + { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, + { + id: 'CWE-37', + name: "Path Traversal: '/absolute/pathname/here'", + status: 'Draft', + }, + { + id: 'CWE-370', + name: 'Missing Check for Certificate Revocation after Initial Check', + status: 'Draft', + }, + { + id: 'CWE-372', + name: 'Incomplete Internal State Distinction', + status: 'Draft', + }, + { id: 'CWE-373', name: 'State Synchronization Error', status: 'Draft' }, + { + id: 'CWE-374', + name: 'Mutable Objects Passed by Reference', + status: 'Draft', + }, + { + id: 'CWE-375', + name: 'Passing Mutable Objects to an Untrusted Method', + status: 'Draft', + }, + { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, + { + id: 'CWE-378', + name: 'Creation of Temporary File With Insecure Permissions', + status: 'Draft', + }, + { + id: 'CWE-379', + name: 'Creation of Temporary File in Directory with Incorrect Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-38', + name: "Path Traversal: '\\absolute\\pathname\\here'", + status: 'Draft', + }, + { + id: 'CWE-382', + name: 'J2EE Bad Practices: Use of System.exit()', + status: 'Draft', + }, + { + id: 'CWE-383', + name: 'J2EE Bad Practices: Direct Use of Threads', + status: 'Draft', + }, + { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, + { + id: 'CWE-386', + name: 'Symbolic Name not Mapping to Correct Object', + status: 'Draft', + }, + { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, + { + id: 'CWE-390', + name: 'Detection of Error Condition Without Action', + status: 'Draft', + }, + { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, + { + id: 'CWE-392', + name: 'Failure to Report Error in Status Code', + status: 'Draft', + }, + { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, + { + id: 'CWE-394', + name: 'Unexpected Status Code or Return Value', + status: 'Draft', + }, + { + id: 'CWE-395', + name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', + status: 'Draft', + }, + { + id: 'CWE-396', + name: 'Declaration of Catch for Generic Exception', + status: 'Draft', + }, + { + id: 'CWE-397', + name: 'Declaration of Throws for Generic Exception', + status: 'Draft', + }, + { id: 'CWE-398', name: 'Indicator of Poor Code Quality', status: 'Draft' }, + { + id: 'CWE-40', + name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", + status: 'Draft', + }, + { + id: 'CWE-400', + name: "Uncontrolled Resource Consumption ('Resource Exhaustion')", + status: 'Incomplete', + }, + { + id: 'CWE-401', + name: "Failure to Release Memory Before Removing Last Reference ('Memory Leak')", + status: 'Draft', + }, + { + id: 'CWE-402', + name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", + status: 'Draft', + }, + { id: 'CWE-403', name: 'UNIX File Descriptor Leak', status: 'Draft' }, + { + id: 'CWE-404', + name: 'Improper Resource Shutdown or Release', + status: 'Draft', + }, + { + id: 'CWE-405', + name: 'Asymmetric Resource Consumption (Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-406', + name: 'Insufficient Control of Network Message Volume (Network Amplification)', + status: 'Incomplete', + }, + { id: 'CWE-407', name: 'Algorithmic Complexity', status: 'Incomplete' }, + { + id: 'CWE-408', + name: 'Incorrect Behavior Order: Early Amplification', + status: 'Draft', + }, + { + id: 'CWE-409', + name: 'Improper Handling of Highly Compressed Data (Data Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-41', + name: 'Improper Resolution of Path Equivalence', + status: 'Incomplete', + }, + { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, + { + id: 'CWE-412', + name: 'Unrestricted Externally Accessible Lock', + status: 'Incomplete', + }, + { id: 'CWE-413', name: 'Insufficient Resource Locking', status: 'Draft' }, + { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, + { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, + { id: 'CWE-416', name: 'Use After Free', status: 'Draft' }, + { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, + { + id: 'CWE-42', + name: "Path Equivalence: 'filename.' (Trailing Dot)", + status: 'Incomplete', + }, + { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, + { + id: 'CWE-421', + name: 'Race Condition During Access to Alternate Channel', + status: 'Draft', + }, + { + id: 'CWE-422', + name: "Unprotected Windows Messaging Channel ('Shatter')", + status: 'Draft', + }, + { + id: 'CWE-423', + name: 'DEPRECATED (Duplicate): Proxied Trusted Channel', + status: 'Deprecated', + }, + { + id: 'CWE-424', + name: 'Failure to Protect Alternate Path', + status: 'Draft', + }, + { + id: 'CWE-425', + name: "Direct Request ('Forced Browsing')", + status: 'Incomplete', + }, + { + id: 'CWE-427', + name: 'Uncontrolled Search Path Element', + status: 'Draft', + }, + { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, + { + id: 'CWE-43', + name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-430', + name: 'Deployment of Wrong Handler', + status: 'Incomplete', + }, + { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, + { + id: 'CWE-432', + name: 'Dangerous Handler not Disabled During Sensitive Operations', + status: 'Draft', + }, + { + id: 'CWE-433', + name: 'Unparsed Raw Web Content Delivery', + status: 'Incomplete', + }, + { + id: 'CWE-434', + name: 'Unrestricted Upload of File with Dangerous Type', + status: 'Draft', + }, + { id: 'CWE-435', name: 'Interaction Error', status: 'Draft' }, + { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, + { + id: 'CWE-437', + name: 'Incomplete Model of Endpoint Features', + status: 'Incomplete', + }, + { + id: 'CWE-439', + name: 'Behavioral Change in New Version or Environment', + status: 'Draft', + }, + { + id: 'CWE-44', + name: "Path Equivalence: 'file.name' (Internal Dot)", + status: 'Incomplete', + }, + { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, + { id: 'CWE-441', name: 'Unintended Proxy/Intermediary', status: 'Draft' }, + { + id: 'CWE-443', + name: 'DEPRECATED (Duplicate): HTTP response splitting', + status: 'Deprecated', + }, + { + id: 'CWE-444', + name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')", + status: 'Incomplete', + }, + { + id: 'CWE-446', + name: 'UI Discrepancy for Security Feature', + status: 'Incomplete', + }, + { + id: 'CWE-447', + name: 'Unimplemented or Unsupported Feature in UI', + status: 'Draft', + }, + { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, + { + id: 'CWE-449', + name: 'The UI Performs the Wrong Action', + status: 'Incomplete', + }, + { + id: 'CWE-45', + name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-450', + name: 'Multiple Interpretations of UI Input', + status: 'Draft', + }, + { + id: 'CWE-451', + name: 'UI Misrepresentation of Critical Information', + status: 'Draft', + }, + { + id: 'CWE-453', + name: 'Insecure Default Variable Initialization', + status: 'Draft', + }, + { + id: 'CWE-454', + name: 'External Initialization of Trusted Variables or Data Stores', + status: 'Draft', + }, + { + id: 'CWE-455', + name: 'Non-exit on Failed Initialization', + status: 'Draft', + }, + { id: 'CWE-456', name: 'Missing Initialization', status: 'Draft' }, + { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, + { + id: 'CWE-458', + name: 'DEPRECATED: Incorrect Initialization', + status: 'Deprecated', + }, + { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, + { + id: 'CWE-46', + name: "Path Equivalence: 'filename ' (Trailing Space)", + status: 'Incomplete', + }, + { + id: 'CWE-460', + name: 'Improper Cleanup on Thrown Exception', + status: 'Draft', + }, + { + id: 'CWE-462', + name: 'Duplicate Key in Associative List (Alist)', + status: 'Incomplete', + }, + { + id: 'CWE-463', + name: 'Deletion of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-464', + name: 'Addition of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-466', + name: 'Return of Pointer Value Outside of Expected Range', + status: 'Draft', + }, + { + id: 'CWE-467', + name: 'Use of sizeof() on a Pointer Type', + status: 'Draft', + }, + { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, + { + id: 'CWE-469', + name: 'Use of Pointer Subtraction to Determine Size', + status: 'Draft', + }, + { + id: 'CWE-47', + name: "Path Equivalence: ' filename (Leading Space)", + status: 'Incomplete', + }, + { + id: 'CWE-470', + name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", + status: 'Draft', + }, + { + id: 'CWE-471', + name: 'Modification of Assumed-Immutable Data (MAID)', + status: 'Draft', + }, + { + id: 'CWE-472', + name: 'External Control of Assumed-Immutable Web Parameter', + status: 'Draft', + }, + { + id: 'CWE-473', + name: 'PHP External Variable Modification', + status: 'Draft', + }, + { + id: 'CWE-474', + name: 'Use of Function with Inconsistent Implementations', + status: 'Draft', + }, + { + id: 'CWE-475', + name: 'Undefined Behavior for Input to API', + status: 'Incomplete', + }, + { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Draft' }, + { id: 'CWE-477', name: 'Use of Obsolete Functions', status: 'Draft' }, + { + id: 'CWE-478', + name: 'Missing Default Case in Switch Statement', + status: 'Draft', + }, + { + id: 'CWE-479', + name: 'Unsafe Function Call from a Signal Handler', + status: 'Draft', + }, + { + id: 'CWE-48', + name: "Path Equivalence: 'file name' (Internal Whitespace)", + status: 'Incomplete', + }, + { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, + { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, + { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, + { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, + { + id: 'CWE-484', + name: 'Omitted Break Statement in Switch', + status: 'Draft', + }, + { id: 'CWE-485', name: 'Insufficient Encapsulation', status: 'Draft' }, + { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, + { + id: 'CWE-487', + name: 'Reliance on Package-level Scope', + status: 'Incomplete', + }, + { id: 'CWE-488', name: 'Data Leak Between Sessions', status: 'Draft' }, + { id: 'CWE-489', name: 'Leftover Debug Code', status: 'Draft' }, + { + id: 'CWE-49', + name: "Path Equivalence: 'filename/' (Trailing Slash)", + status: 'Incomplete', + }, + { + id: 'CWE-491', + name: "Public cloneable() Method Without Final ('Object Hijack')", + status: 'Draft', + }, + { + id: 'CWE-492', + name: 'Use of Inner Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-493', + name: 'Critical Public Variable Without Final Modifier', + status: 'Draft', + }, + { + id: 'CWE-494', + name: 'Download of Code Without Integrity Check', + status: 'Draft', + }, + { + id: 'CWE-495', + name: 'Private Array-Typed Field Returned From A Public Method', + status: 'Draft', + }, + { + id: 'CWE-496', + name: 'Public Data Assigned to Private Array-Typed Field', + status: 'Incomplete', + }, + { + id: 'CWE-497', + name: 'Exposure of System Data to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-498', + name: 'Information Leak through Class Cloning', + status: 'Draft', + }, + { + id: 'CWE-499', + name: 'Serializable Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-5', + name: 'J2EE Misconfiguration: Data Transmission Without Encryption', + status: 'Draft', + }, + { + id: 'CWE-50', + name: "Path Equivalence: '//multiple/leading/slash'", + status: 'Incomplete', + }, + { + id: 'CWE-500', + name: 'Public Static Field Not Marked Final', + status: 'Draft', + }, + { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, + { + id: 'CWE-502', + name: 'Deserialization of Untrusted Data', + status: 'Draft', + }, + { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, + { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, + { + id: 'CWE-508', + name: 'Non-Replicating Malicious Code', + status: 'Incomplete', + }, + { + id: 'CWE-509', + name: 'Replicating Malicious Code (Virus or Worm)', + status: 'Incomplete', + }, + { + id: 'CWE-51', + name: "Path Equivalence: '/multiple//internal/slash'", + status: 'Incomplete', + }, + { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, + { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, + { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, + { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, + { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, + { + id: 'CWE-516', + name: 'DEPRECATED (Duplicate): Covert Timing Channel', + status: 'Deprecated', + }, + { + id: 'CWE-52', + name: "Path Equivalence: '/multiple/trailing/slash//'", + status: 'Incomplete', + }, + { + id: 'CWE-520', + name: '.NET Misconfiguration: Use of Impersonation', + status: 'Incomplete', + }, + { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, + { + id: 'CWE-522', + name: 'Insufficiently Protected Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-523', + name: 'Unprotected Transport of Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-524', + name: 'Information Leak Through Caching', + status: 'Incomplete', + }, + { + id: 'CWE-525', + name: 'Information Leak Through Browser Caching', + status: 'Incomplete', + }, + { + id: 'CWE-526', + name: 'Information Leak Through Environmental Variables', + status: 'Incomplete', + }, + { + id: 'CWE-527', + name: 'Exposure of CVS Repository to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-528', + name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', + status: 'Draft', + }, + { + id: 'CWE-529', + name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-53', + name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", + status: 'Incomplete', + }, + { + id: 'CWE-530', + name: 'Exposure of Backup File to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-531', + name: 'Information Leak Through Test Code', + status: 'Incomplete', + }, + { + id: 'CWE-532', + name: 'Information Leak Through Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-533', + name: 'Information Leak Through Server Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-534', + name: 'Information Leak Through Debug Log Files', + status: 'Draft', + }, + { + id: 'CWE-535', + name: 'Information Leak Through Shell Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-536', + name: 'Information Leak Through Servlet Runtime Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-537', + name: 'Information Leak Through Java Runtime Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-538', + name: 'File and Directory Information Exposure', + status: 'Draft', + }, + { + id: 'CWE-539', + name: 'Information Leak Through Persistent Cookies', + status: 'Incomplete', + }, + { + id: 'CWE-54', + name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", + status: 'Incomplete', + }, + { + id: 'CWE-540', + name: 'Information Leak Through Source Code', + status: 'Incomplete', + }, + { + id: 'CWE-541', + name: 'Information Leak Through Include Source Code', + status: 'Incomplete', + }, + { + id: 'CWE-542', + name: 'Information Leak Through Cleanup Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-543', + name: 'Use of Singleton Pattern in a Non-thread-safe Manner', + status: 'Incomplete', + }, + { + id: 'CWE-544', + name: 'Failure to Use a Standardized Error Handling Mechanism', + status: 'Draft', + }, + { + id: 'CWE-545', + name: 'Use of Dynamic Class Loading', + status: 'Incomplete', + }, + { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, + { + id: 'CWE-547', + name: 'Use of Hard-coded, Security-relevant Constants', + status: 'Draft', + }, + { + id: 'CWE-548', + name: 'Information Leak Through Directory Listing', + status: 'Draft', + }, + { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, + { + id: 'CWE-55', + name: "Path Equivalence: '/./' (Single Dot Directory)", + status: 'Incomplete', + }, + { + id: 'CWE-550', + name: 'Information Leak Through Server Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-551', + name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', + status: 'Incomplete', + }, + { + id: 'CWE-552', + name: 'Files or Directories Accessible to External Parties', + status: 'Draft', + }, + { + id: 'CWE-553', + name: 'Command Shell in Externally Accessible Directory', + status: 'Incomplete', + }, + { + id: 'CWE-554', + name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', + status: 'Draft', + }, + { + id: 'CWE-555', + name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-556', + name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', + status: 'Incomplete', + }, + { + id: 'CWE-558', + name: 'Use of getlogin() in Multithreaded Application', + status: 'Draft', + }, + { + id: 'CWE-56', + name: "Path Equivalence: 'filedir*' (Wildcard)", + status: 'Incomplete', + }, + { + id: 'CWE-560', + name: 'Use of umask() with chmod-style Argument', + status: 'Draft', + }, + { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, + { + id: 'CWE-562', + name: 'Return of Stack Variable Address', + status: 'Draft', + }, + { id: 'CWE-563', name: 'Unused Variable', status: 'Draft' }, + { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, + { + id: 'CWE-565', + name: 'Reliance on Cookies without Validation and Integrity Checking', + status: 'Incomplete', + }, + { + id: 'CWE-566', + name: 'Access Control Bypass Through User-Controlled SQL Primary Key', + status: 'Incomplete', + }, + { + id: 'CWE-567', + name: 'Unsynchronized Access to Shared Data', + status: 'Draft', + }, + { + id: 'CWE-568', + name: 'finalize() Method Without super.finalize()', + status: 'Draft', + }, + { + id: 'CWE-57', + name: "Path Equivalence: 'fakedir/../realdir/filename'", + status: 'Incomplete', + }, + { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, + { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, + { + id: 'CWE-572', + name: 'Call to Thread run() instead of start()', + status: 'Draft', + }, + { id: 'CWE-573', name: 'Failure to Follow Specification', status: 'Draft' }, + { + id: 'CWE-574', + name: 'EJB Bad Practices: Use of Synchronization Primitives', + status: 'Draft', + }, + { + id: 'CWE-575', + name: 'EJB Bad Practices: Use of AWT Swing', + status: 'Draft', + }, + { + id: 'CWE-576', + name: 'EJB Bad Practices: Use of Java I/O', + status: 'Draft', + }, + { + id: 'CWE-577', + name: 'EJB Bad Practices: Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-578', + name: 'EJB Bad Practices: Use of Class Loader', + status: 'Draft', + }, + { + id: 'CWE-579', + name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', + status: 'Draft', + }, + { + id: 'CWE-58', + name: 'Path Equivalence: Windows 8.3 Filename', + status: 'Incomplete', + }, + { + id: 'CWE-580', + name: 'clone() Method Without super.clone()', + status: 'Draft', + }, + { + id: 'CWE-581', + name: 'Object Model Violation: Just One of Equals and Hashcode Defined', + status: 'Draft', + }, + { + id: 'CWE-582', + name: 'Array Declared Public, Final, and Static', + status: 'Draft', + }, + { + id: 'CWE-583', + name: 'finalize() Method Declared Public', + status: 'Incomplete', + }, + { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, + { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, + { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, + { + id: 'CWE-587', + name: 'Assignment of a Fixed Address to a Pointer', + status: 'Draft', + }, + { + id: 'CWE-588', + name: 'Attempt to Access Child of a Non-structure Pointer', + status: 'Incomplete', + }, + { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, + { + id: 'CWE-59', + name: "Improper Link Resolution Before File Access ('Link Following')", + status: 'Draft', + }, + { + id: 'CWE-590', + name: 'Free of Memory not on the Heap', + status: 'Incomplete', + }, + { + id: 'CWE-591', + name: 'Sensitive Data Storage in Improperly Locked Memory', + status: 'Draft', + }, + { + id: 'CWE-592', + name: 'Authentication Bypass Issues', + status: 'Incomplete', + }, + { + id: 'CWE-593', + name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', + status: 'Draft', + }, + { + id: 'CWE-594', + name: 'J2EE Framework: Saving Unserializable Objects to Disk', + status: 'Incomplete', + }, + { + id: 'CWE-595', + name: 'Comparison of Object References Instead of Object Contents', + status: 'Incomplete', + }, + { + id: 'CWE-596', + name: 'Incorrect Semantic Object Comparison', + status: 'Incomplete', + }, + { + id: 'CWE-597', + name: 'Use of Wrong Operator in String Comparison', + status: 'Draft', + }, + { + id: 'CWE-598', + name: 'Information Leak Through Query Strings in GET Request', + status: 'Draft', + }, + { + id: 'CWE-599', + name: 'Trust of OpenSSL Certificate Without Validation', + status: 'Incomplete', + }, + { + id: 'CWE-6', + name: 'J2EE Misconfiguration: Insufficient Session-ID Length', + status: 'Incomplete', + }, + { + id: 'CWE-600', + name: 'Failure to Catch All Exceptions in Servlet ', + status: 'Draft', + }, + { + id: 'CWE-601', + name: "URL Redirection to Untrusted Site ('Open Redirect')", + status: 'Draft', + }, + { + id: 'CWE-602', + name: 'Client-Side Enforcement of Server-Side Security', + status: 'Draft', + }, + { + id: 'CWE-603', + name: 'Use of Client-Side Authentication', + status: 'Draft', + }, + { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, + { + id: 'CWE-606', + name: 'Unchecked Input for Loop Condition', + status: 'Draft', + }, + { + id: 'CWE-607', + name: 'Public Static Final Field References Mutable Object', + status: 'Draft', + }, + { + id: 'CWE-608', + name: 'Struts: Non-private Field in ActionForm Class', + status: 'Draft', + }, + { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, + { + id: 'CWE-610', + name: 'Externally Controlled Reference to a Resource in Another Sphere', + status: 'Draft', + }, + { + id: 'CWE-611', + name: 'Information Leak Through XML External Entity File Disclosure', + status: 'Draft', + }, + { + id: 'CWE-612', + name: 'Information Leak Through Indexing of Private Data', + status: 'Draft', + }, + { + id: 'CWE-613', + name: 'Insufficient Session Expiration', + status: 'Incomplete', + }, + { + id: 'CWE-614', + name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", + status: 'Draft', + }, + { + id: 'CWE-615', + name: 'Information Leak Through Comments', + status: 'Incomplete', + }, + { + id: 'CWE-616', + name: 'Incomplete Identification of Uploaded File Variables (PHP)', + status: 'Incomplete', + }, + { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, + { + id: 'CWE-618', + name: 'Exposed Unsafe ActiveX Method', + status: 'Incomplete', + }, + { + id: 'CWE-619', + name: "Dangling Database Cursor ('Cursor Injection')", + status: 'Incomplete', + }, + { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, + { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, + { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, + { + id: 'CWE-622', + name: 'Unvalidated Function Hook Arguments', + status: 'Draft', + }, + { + id: 'CWE-623', + name: 'Unsafe ActiveX Control Marked Safe For Scripting', + status: 'Draft', + }, + { + id: 'CWE-624', + name: 'Executable Regular Expression Error', + status: 'Incomplete', + }, + { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, + { + id: 'CWE-626', + name: 'Null Byte Interaction Error (Poison Null Byte)', + status: 'Draft', + }, + { + id: 'CWE-627', + name: 'Dynamic Variable Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-628', + name: 'Function Call with Incorrectly Specified Arguments', + status: 'Draft', + }, + { + id: 'CWE-636', + name: "Not Failing Securely ('Failing Open')", + status: 'Draft', + }, + { + id: 'CWE-637', + name: 'Failure to Use Economy of Mechanism', + status: 'Draft', + }, + { + id: 'CWE-638', + name: 'Failure to Use Complete Mediation', + status: 'Draft', + }, + { + id: 'CWE-639', + name: 'Access Control Bypass Through User-Controlled Key', + status: 'Incomplete', + }, + { + id: 'CWE-64', + name: 'Windows Shortcut Following (.LNK)', + status: 'Incomplete', + }, + { + id: 'CWE-640', + name: 'Weak Password Recovery Mechanism for Forgotten Password', + status: 'Incomplete', + }, + { + id: 'CWE-641', + name: 'Insufficient Filtering of File and Other Resource Names for Executable Content', + status: 'Incomplete', + }, + { + id: 'CWE-642', + name: 'External Control of Critical State Data', + status: 'Draft', + }, + { + id: 'CWE-643', + name: "Failure to Sanitize Data within XPath Expressions ('XPath injection')", + status: 'Incomplete', + }, + { + id: 'CWE-644', + name: 'Improper Sanitization of HTTP Headers for Scripting Syntax', + status: 'Incomplete', + }, + { + id: 'CWE-645', + name: 'Overly Restrictive Account Lockout Mechanism', + status: 'Incomplete', + }, + { + id: 'CWE-646', + name: 'Reliance on File Name or Extension of Externally-Supplied File', + status: 'Incomplete', + }, + { + id: 'CWE-647', + name: 'Use of Non-Canonical URL Paths for Authorization Decisions', + status: 'Incomplete', + }, + { + id: 'CWE-648', + name: 'Incorrect Use of Privileged APIs', + status: 'Incomplete', + }, + { + id: 'CWE-649', + name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', + status: 'Incomplete', + }, + { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, + { + id: 'CWE-650', + name: 'Trusting HTTP Permission Methods on the Server Side', + status: 'Incomplete', + }, + { + id: 'CWE-651', + name: 'Information Leak through WSDL File', + status: 'Incomplete', + }, + { + id: 'CWE-652', + name: "Failure to Sanitize Data within XQuery Expressions ('XQuery Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-653', + name: 'Insufficient Compartmentalization', + status: 'Draft', + }, + { + id: 'CWE-654', + name: 'Reliance on a Single Factor in a Security Decision', + status: 'Draft', + }, + { + id: 'CWE-655', + name: 'Insufficient Psychological Acceptability', + status: 'Draft', + }, + { + id: 'CWE-656', + name: 'Reliance on Security through Obscurity', + status: 'Draft', + }, + { + id: 'CWE-657', + name: 'Violation of Secure Design Principles', + status: 'Draft', + }, + { + id: 'CWE-66', + name: 'Improper Handling of File Names that Identify Virtual Resources', + status: 'Draft', + }, + { id: 'CWE-662', name: 'Insufficient Synchronization', status: 'Draft' }, + { + id: 'CWE-663', + name: 'Use of a Non-reentrant Function in an Unsynchronized Context', + status: 'Draft', + }, + { + id: 'CWE-664', + name: 'Improper Control of a Resource Through its Lifetime', + status: 'Draft', + }, + { id: 'CWE-665', name: 'Improper Initialization', status: 'Draft' }, + { + id: 'CWE-666', + name: 'Operation on Resource in Wrong Phase of Lifetime', + status: 'Draft', + }, + { id: 'CWE-667', name: 'Insufficient Locking', status: 'Draft' }, + { + id: 'CWE-668', + name: 'Exposure of Resource to Wrong Sphere', + status: 'Draft', + }, + { + id: 'CWE-669', + name: 'Incorrect Resource Transfer Between Spheres', + status: 'Draft', + }, + { + id: 'CWE-67', + name: 'Improper Handling of Windows Device Names', + status: 'Incomplete', + }, + { + id: 'CWE-670', + name: 'Always-Incorrect Control Flow Implementation', + status: 'Draft', + }, + { + id: 'CWE-671', + name: 'Lack of Administrator Control over Security', + status: 'Draft', + }, + { + id: 'CWE-672', + name: 'Operation on a Resource after Expiration or Release', + status: 'Draft', + }, + { + id: 'CWE-673', + name: 'External Influence of Sphere Definition', + status: 'Draft', + }, + { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, + { + id: 'CWE-675', + name: 'Duplicate Operations on Resource', + status: 'Draft', + }, + { + id: 'CWE-676', + name: 'Use of Potentially Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-681', + name: 'Incorrect Conversion between Numeric Types', + status: 'Draft', + }, + { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, + { + id: 'CWE-683', + name: 'Function Call With Incorrect Order of Arguments', + status: 'Draft', + }, + { + id: 'CWE-684', + name: 'Failure to Provide Specified Functionality', + status: 'Draft', + }, + { + id: 'CWE-685', + name: 'Function Call With Incorrect Number of Arguments', + status: 'Draft', + }, + { + id: 'CWE-686', + name: 'Function Call With Incorrect Argument Type', + status: 'Draft', + }, + { + id: 'CWE-687', + name: 'Function Call With Incorrectly Specified Argument Value', + status: 'Draft', + }, + { + id: 'CWE-688', + name: 'Function Call With Incorrect Variable or Reference as Argument', + status: 'Draft', + }, + { + id: 'CWE-69', + name: 'Failure to Handle Windows ::DATA Alternate Data Stream', + status: 'Incomplete', + }, + { + id: 'CWE-691', + name: 'Insufficient Control Flow Management', + status: 'Draft', + }, + { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, + { + id: 'CWE-694', + name: 'Use of Multiple Resources with Duplicate Identifier', + status: 'Incomplete', + }, + { + id: 'CWE-695', + name: 'Use of Low-Level Functionality', + status: 'Incomplete', + }, + { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, + { id: 'CWE-697', name: 'Insufficient Comparison', status: 'Incomplete' }, + { id: 'CWE-698', name: 'Redirect Without Exit', status: 'Incomplete' }, + { + id: 'CWE-7', + name: 'J2EE Misconfiguration: Missing Custom Error Page', + status: 'Incomplete', + }, + { + id: 'CWE-703', + name: 'Failure to Handle Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-704', + name: 'Incorrect Type Conversion or Cast', + status: 'Incomplete', + }, + { + id: 'CWE-705', + name: 'Incorrect Control Flow Scoping', + status: 'Incomplete', + }, + { + id: 'CWE-706', + name: 'Use of Incorrectly-Resolved Name or Reference', + status: 'Incomplete', + }, + { + id: 'CWE-707', + name: 'Improper Enforcement of Message or Data Structure', + status: 'Incomplete', + }, + { + id: 'CWE-708', + name: 'Incorrect Ownership Assignment', + status: 'Incomplete', + }, + { id: 'CWE-71', name: "Apple '.DS_Store'", status: 'Incomplete' }, + { id: 'CWE-710', name: 'Coding Standards Violation', status: 'Incomplete' }, + { + id: 'CWE-72', + name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', + status: 'Incomplete', + }, + { + id: 'CWE-73', + name: 'External Control of File Name or Path', + status: 'Draft', + }, + { + id: 'CWE-732', + name: 'Incorrect Permission Assignment for Critical Resource', + status: 'Draft', + }, + { + id: 'CWE-733', + name: 'Compiler Optimization Removal or Modification of Security-critical Code', + status: 'Incomplete', + }, + { + id: 'CWE-74', + name: "Failure to Sanitize Data into a Different Plane ('Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-749', + name: 'Exposed Dangerous Method or Function', + status: 'Incomplete', + }, + { + id: 'CWE-75', + name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', + status: 'Draft', + }, + { + id: 'CWE-754', + name: 'Improper Check for Unusual or Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-755', + name: 'Improper Handling of Exceptional Conditions', + status: 'Incomplete', + }, + { id: 'CWE-756', name: 'Missing Custom Error Page', status: 'Incomplete' }, + { + id: 'CWE-757', + name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", + status: 'Incomplete', + }, + { + id: 'CWE-758', + name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', + status: 'Incomplete', + }, + { + id: 'CWE-759', + name: 'Use of a One-Way Hash without a Salt', + status: 'Incomplete', + }, + { + id: 'CWE-76', + name: 'Failure to Resolve Equivalent Special Elements into a Different Plane', + status: 'Draft', + }, + { + id: 'CWE-760', + name: 'Use of a One-Way Hash with a Predictable Salt', + status: 'Incomplete', + }, + { + id: 'CWE-761', + name: 'Free of Pointer not at Start of Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-762', + name: 'Mismatched Memory Management Routines', + status: 'Incomplete', + }, + { + id: 'CWE-763', + name: 'Release of Invalid Pointer or Reference', + status: 'Incomplete', + }, + { + id: 'CWE-764', + name: 'Multiple Locks of a Critical Resource', + status: 'Incomplete', + }, + { + id: 'CWE-765', + name: 'Multiple Unlocks of a Critical Resource', + status: 'Incomplete', + }, + { + id: 'CWE-766', + name: 'Critical Variable Declared Public', + status: 'Incomplete', + }, + { + id: 'CWE-767', + name: 'Access to Critical Private Variable via Public Method', + status: 'Incomplete', + }, + { + id: 'CWE-768', + name: 'Incorrect Short Circuit Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-77', + name: "Improper Sanitization of Special Elements used in a Command ('Command Injection')", + status: 'Draft', + }, + { + id: 'CWE-770', + name: 'Allocation of Resources Without Limits or Throttling', + status: 'Incomplete', + }, + { + id: 'CWE-771', + name: 'Missing Reference to Active Allocated Resource', + status: 'Incomplete', + }, + { + id: 'CWE-772', + name: 'Missing Release of Resource after Effective Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-773', + name: 'Missing Reference to Active File Descriptor or Handle', + status: 'Incomplete', + }, + { + id: 'CWE-774', + name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', + status: 'Incomplete', + }, + { + id: 'CWE-775', + name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-776', + name: "Unrestricted Recursive Entity References in DTDs ('XML Bomb')", + status: 'Draft', + }, + { + id: 'CWE-777', + name: 'Regular Expression without Anchors', + status: 'Incomplete', + }, + { id: 'CWE-778', name: 'Insufficient Logging', status: 'Draft' }, + { id: 'CWE-779', name: 'Logging of Excessive Data', status: 'Draft' }, + { + id: 'CWE-78', + name: "Improper Sanitization of Special Elements used in an OS Command ('OS Command Injection')", + status: 'Draft', + }, + { + id: 'CWE-780', + name: 'Use of RSA Algorithm without OAEP', + status: 'Incomplete', + }, + { + id: 'CWE-781', + name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', + status: 'Draft', + }, + { + id: 'CWE-782', + name: 'Exposed IOCTL with Insufficient Access Control', + status: 'Draft', + }, + { id: 'CWE-783', name: 'Operator Precedence Logic Error', status: 'Draft' }, + { + id: 'CWE-784', + name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', + status: 'Draft', + }, + { + id: 'CWE-785', + name: 'Use of Path Manipulation Function without Maximum-sized Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-786', + name: 'Access of Memory Location Before Start of Buffer', + status: 'Incomplete', + }, + { id: 'CWE-787', name: 'Out-of-bounds Write', status: 'Incomplete' }, + { + id: 'CWE-788', + name: 'Access of Memory Location After End of Buffer', + status: 'Incomplete', + }, + { id: 'CWE-789', name: 'Uncontrolled Memory Allocation', status: 'Draft' }, + { + id: 'CWE-79', + name: "Failure to Preserve Web Page Structure ('Cross-site Scripting')", + status: 'Usable', + }, + { + id: 'CWE-790', + name: 'Improper Filtering of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-791', + name: 'Incomplete Filtering of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-792', + name: 'Incomplete Filtering of One or More Instances of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-793', + name: 'Only Filtering One Instance of a Special Element', + status: 'Incomplete', + }, + { + id: 'CWE-794', + name: 'Incomplete Filtering of Multiple Instances of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-795', + name: 'Only Filtering Special Elements at a Specified Location', + status: 'Incomplete', + }, + { + id: 'CWE-796', + name: 'Only Filtering Special Elements Relative to a Marker', + status: 'Incomplete', + }, + { + id: 'CWE-797', + name: 'Only Filtering Special Elements at an Absolute Position', + status: 'Incomplete', + }, + { + id: 'CWE-798', + name: 'Use of Hard-coded Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-799', + name: 'Improper Control of Interaction Frequency', + status: 'Incomplete', + }, + { + id: 'CWE-8', + name: 'J2EE Misconfiguration: Entity Bean Declared Remote', + status: 'Incomplete', + }, + { + id: 'CWE-80', + name: 'Improper Sanitization of Script-Related HTML Tags in a Web Page (Basic XSS)', + status: 'Incomplete', + }, + { id: 'CWE-804', name: 'Guessable CAPTCHA', status: 'Incomplete' }, + { + id: 'CWE-805', + name: 'Buffer Access with Incorrect Length Value', + status: 'Incomplete', + }, + { + id: 'CWE-806', + name: 'Buffer Access Using Size of Source Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-807', + name: 'Reliance on Untrusted Inputs in a Security Decision', + status: 'Incomplete', + }, + { + id: 'CWE-81', + name: 'Improper Sanitization of Script in an Error Message Web Page', + status: 'Incomplete', + }, + { + id: 'CWE-82', + name: 'Improper Sanitization of Script in Attributes of IMG Tags in a Web Page', + status: 'Incomplete', + }, + { + id: 'CWE-83', + name: 'Failure to Sanitize Script in Attributes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-84', + name: 'Failure to Resolve Encoded URI Schemes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-85', + name: 'Doubled Character XSS Manipulations', + status: 'Draft', + }, + { + id: 'CWE-86', + name: 'Failure to Sanitize Invalid Characters in Identifiers in Web Pages', + status: 'Draft', + }, + { + id: 'CWE-87', + name: 'Failure to Sanitize Alternate XSS Syntax', + status: 'Draft', + }, + { + id: 'CWE-88', + name: 'Argument Injection or Modification', + status: 'Draft', + }, + { + id: 'CWE-89', + name: "Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection')", + status: 'Draft', + }, + { + id: 'CWE-9', + name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', + status: 'Draft', + }, + { + id: 'CWE-90', + name: "Failure to Sanitize Data into LDAP Queries ('LDAP Injection')", + status: 'Draft', + }, + { + id: 'CWE-91', + name: 'XML Injection (aka Blind XPath Injection)', + status: 'Draft', + }, + { + id: 'CWE-92', + name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', + status: 'Deprecated', + }, + { + id: 'CWE-93', + name: "Failure to Sanitize CRLF Sequences ('CRLF Injection')", + status: 'Draft', + }, + { + id: 'CWE-94', + name: "Failure to Control Generation of Code ('Code Injection')", + status: 'Draft', + }, + { + id: 'CWE-95', + name: "Improper Sanitization of Directives in Dynamically Evaluated Code ('Eval Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-96', + name: "Improper Sanitization of Directives in Statically Saved Code ('Static Code Injection')", + status: 'Draft', + }, + { + id: 'CWE-97', + name: 'Failure to Sanitize Server-Side Includes (SSI) Within a Web Page', + status: 'Draft', + }, + { + id: 'CWE-98', + name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP File Inclusion')", + status: 'Draft', + }, + { + id: 'CWE-99', + name: "Improper Control of Resource Identifiers ('Resource Injection')", + status: 'Draft', + }, + ], +} diff --git a/lib/cwec/1.9.js b/lib/cwec/1.9.js new file mode 100644 index 00000000..94d6a212 --- /dev/null +++ b/lib/cwec/1.9.js @@ -0,0 +1,2720 @@ +export default { + weaknesses: [ + { + id: 'CWE-102', + name: 'Struts: Duplicate Validation Forms', + status: 'Incomplete', + }, + { + id: 'CWE-103', + name: 'Struts: Incomplete validate() Method Definition', + status: 'Draft', + }, + { + id: 'CWE-104', + name: 'Struts: Form Bean Does Not Extend Validation Class', + status: 'Draft', + }, + { + id: 'CWE-105', + name: 'Struts: Form Field Without Validator', + status: 'Draft', + }, + { + id: 'CWE-106', + name: 'Struts: Plug-in Framework not in Use', + status: 'Draft', + }, + { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, + { + id: 'CWE-108', + name: 'Struts: Unvalidated Action Form', + status: 'Incomplete', + }, + { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, + { + id: 'CWE-11', + name: 'ASP.NET Misconfiguration: Creating Debug Binary', + status: 'Draft', + }, + { + id: 'CWE-110', + name: 'Struts: Validator Without Form Field', + status: 'Draft', + }, + { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, + { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, + { + id: 'CWE-113', + name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')", + status: 'Incomplete', + }, + { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, + { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, + { + id: 'CWE-116', + name: 'Improper Encoding or Escaping of Output', + status: 'Draft', + }, + { + id: 'CWE-117', + name: 'Improper Output Neutralization for Logs', + status: 'Draft', + }, + { + id: 'CWE-118', + name: "Improper Access of Indexable Resource ('Range Error')", + status: 'Incomplete', + }, + { + id: 'CWE-119', + name: 'Failure to Constrain Operations within the Bounds of a Memory Buffer', + status: 'Usable', + }, + { + id: 'CWE-12', + name: 'ASP.NET Misconfiguration: Missing Custom Error Page', + status: 'Draft', + }, + { + id: 'CWE-120', + name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", + status: 'Incomplete', + }, + { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, + { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, + { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, + { + id: 'CWE-124', + name: "Buffer Underwrite ('Buffer Underflow')", + status: 'Incomplete', + }, + { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, + { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, + { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, + { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, + { + id: 'CWE-129', + name: 'Improper Validation of Array Index', + status: 'Draft', + }, + { + id: 'CWE-13', + name: 'ASP.NET Misconfiguration: Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-130', + name: 'Improper Handling of Length Parameter Inconsistency ', + status: 'Incomplete', + }, + { + id: 'CWE-131', + name: 'Incorrect Calculation of Buffer Size', + status: 'Draft', + }, + { + id: 'CWE-132', + name: 'DEPRECATED (Duplicate): Miscalculated Null Termination', + status: 'Deprecated', + }, + { id: 'CWE-134', name: 'Uncontrolled Format String', status: 'Draft' }, + { + id: 'CWE-135', + name: 'Incorrect Calculation of Multi-Byte String Length', + status: 'Draft', + }, + { + id: 'CWE-138', + name: 'Improper Neutralization of Special Elements', + status: 'Draft', + }, + { + id: 'CWE-14', + name: 'Compiler Removal of Code to Clear Buffers', + status: 'Draft', + }, + { + id: 'CWE-140', + name: 'Improper Neutralization of Delimiters', + status: 'Draft', + }, + { + id: 'CWE-141', + name: 'Improper Neutralization of Parameter/Argument Delimiters', + status: 'Draft', + }, + { + id: 'CWE-142', + name: 'Improper Neutralization of Value Delimiters', + status: 'Draft', + }, + { + id: 'CWE-143', + name: 'Improper Neutralization of Record Delimiters', + status: 'Draft', + }, + { + id: 'CWE-144', + name: 'Improper Neutralization of Line Delimiters', + status: 'Draft', + }, + { + id: 'CWE-145', + name: 'Improper Neutralization of Section Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-146', + name: 'Improper Neutralization of Expression/Command Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-147', + name: 'Improper Neutralization of Input Terminators', + status: 'Draft', + }, + { + id: 'CWE-148', + name: 'Improper Neutralization of Input Leaders', + status: 'Draft', + }, + { + id: 'CWE-149', + name: 'Improper Neutralization of Quoting Syntax', + status: 'Draft', + }, + { + id: 'CWE-15', + name: 'External Control of System or Configuration Setting', + status: 'Incomplete', + }, + { + id: 'CWE-150', + name: 'Improper Neutralization of Escape, Meta, or Control Sequences', + status: 'Incomplete', + }, + { + id: 'CWE-151', + name: 'Improper Neutralization of Comment Delimiters', + status: 'Draft', + }, + { + id: 'CWE-152', + name: 'Improper Neutralization of Macro Symbols', + status: 'Draft', + }, + { + id: 'CWE-153', + name: 'Improper Neutralization of Substitution Characters', + status: 'Draft', + }, + { + id: 'CWE-154', + name: 'Improper Neutralization of Variable Name Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-155', + name: 'Improper Neutralization of Wildcards or Matching Symbols', + status: 'Draft', + }, + { + id: 'CWE-156', + name: 'Improper Neutralization of Whitespace', + status: 'Draft', + }, + { + id: 'CWE-157', + name: 'Failure to Sanitize Paired Delimiters', + status: 'Draft', + }, + { + id: 'CWE-158', + name: 'Improper Neutralization of Null Byte or NUL Character', + status: 'Incomplete', + }, + { + id: 'CWE-159', + name: 'Failure to Sanitize Special Element', + status: 'Draft', + }, + { + id: 'CWE-160', + name: 'Improper Neutralization of Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-161', + name: 'Improper Neutralization of Multiple Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-162', + name: 'Improper Neutralization of Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-163', + name: 'Improper Neutralization of Multiple Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-164', + name: 'Improper Neutralization of Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-165', + name: 'Improper Neutralization of Multiple Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-166', + name: 'Improper Handling of Missing Special Element', + status: 'Draft', + }, + { + id: 'CWE-167', + name: 'Improper Handling of Additional Special Element', + status: 'Draft', + }, + { + id: 'CWE-168', + name: 'Failure to Resolve Inconsistent Special Elements', + status: 'Draft', + }, + { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, + { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, + { + id: 'CWE-173', + name: 'Failure to Handle Alternate Encoding', + status: 'Draft', + }, + { + id: 'CWE-174', + name: 'Double Decoding of the Same Data', + status: 'Draft', + }, + { + id: 'CWE-175', + name: 'Failure to Handle Mixed Encoding', + status: 'Draft', + }, + { + id: 'CWE-176', + name: 'Failure to Handle Unicode Encoding', + status: 'Draft', + }, + { + id: 'CWE-177', + name: 'Failure to Handle URL Encoding (Hex Encoding)', + status: 'Draft', + }, + { + id: 'CWE-178', + name: 'Failure to Resolve Case Sensitivity', + status: 'Incomplete', + }, + { + id: 'CWE-179', + name: 'Incorrect Behavior Order: Early Validation', + status: 'Incomplete', + }, + { + id: 'CWE-180', + name: 'Incorrect Behavior Order: Validate Before Canonicalize', + status: 'Draft', + }, + { + id: 'CWE-181', + name: 'Incorrect Behavior Order: Validate Before Filter', + status: 'Draft', + }, + { + id: 'CWE-182', + name: 'Collapse of Data into Unsafe Value', + status: 'Draft', + }, + { id: 'CWE-183', name: 'Permissive Whitelist', status: 'Draft' }, + { id: 'CWE-184', name: 'Incomplete Blacklist', status: 'Draft' }, + { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, + { + id: 'CWE-186', + name: 'Overly Restrictive Regular Expression', + status: 'Draft', + }, + { id: 'CWE-187', name: 'Partial Comparison', status: 'Incomplete' }, + { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, + { + id: 'CWE-190', + name: 'Integer Overflow or Wraparound', + status: 'Incomplete', + }, + { + id: 'CWE-191', + name: 'Integer Underflow (Wrap or Wraparound)', + status: 'Draft', + }, + { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, + { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, + { + id: 'CWE-195', + name: 'Signed to Unsigned Conversion Error', + status: 'Draft', + }, + { + id: 'CWE-196', + name: 'Unsigned to Signed Conversion Error', + status: 'Draft', + }, + { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, + { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, + { id: 'CWE-20', name: 'Improper Input Validation', status: 'Usable' }, + { id: 'CWE-200', name: 'Information Exposure', status: 'Incomplete' }, + { + id: 'CWE-201', + name: 'Information Leak Through Sent Data', + status: 'Draft', + }, + { + id: 'CWE-202', + name: 'Privacy Leak through Data Queries', + status: 'Draft', + }, + { + id: 'CWE-203', + name: 'Information Exposure Through Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-204', + name: 'Response Discrepancy Information Leak', + status: 'Incomplete', + }, + { + id: 'CWE-205', + name: 'Information Exposure Through Behavioral Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-206', + name: 'Internal Behavioral Inconsistency Information Leak', + status: 'Incomplete', + }, + { + id: 'CWE-207', + name: 'Information Exposure Through an External Behavioral Inconsistency', + status: 'Draft', + }, + { + id: 'CWE-208', + name: 'Timing Discrepancy Information Leak', + status: 'Incomplete', + }, + { + id: 'CWE-209', + name: 'Information Exposure Through an Error Message', + status: 'Draft', + }, + { + id: 'CWE-210', + name: 'Product-Generated Error Message Information Leak', + status: 'Draft', + }, + { + id: 'CWE-211', + name: 'Product-External Error Message Information Leak', + status: 'Incomplete', + }, + { + id: 'CWE-212', + name: 'Improper Cross-boundary Removal of Sensitive Data', + status: 'Incomplete', + }, + { id: 'CWE-213', name: 'Intended Information Leak', status: 'Draft' }, + { + id: 'CWE-214', + name: 'Process Environment Information Leak', + status: 'Incomplete', + }, + { + id: 'CWE-215', + name: 'Information Leak Through Debug Information', + status: 'Draft', + }, + { + id: 'CWE-216', + name: 'Containment Errors (Container Errors)', + status: 'Incomplete', + }, + { + id: 'CWE-217', + name: 'DEPRECATED: Failure to Protect Stored Data from Modification', + status: 'Deprecated', + }, + { + id: 'CWE-218', + name: 'DEPRECATED (Duplicate): Failure to provide confidentiality for stored data', + status: 'Deprecated', + }, + { id: 'CWE-219', name: 'Sensitive Data Under Web Root', status: 'Draft' }, + { + id: 'CWE-22', + name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + status: 'Draft', + }, + { id: 'CWE-220', name: 'Sensitive Data Under FTP Root', status: 'Draft' }, + { + id: 'CWE-221', + name: 'Information Loss or Omission', + status: 'Incomplete', + }, + { + id: 'CWE-222', + name: 'Truncation of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-223', + name: 'Omission of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-224', + name: 'Obscured Security-relevant Information by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-225', + name: 'DEPRECATED (Duplicate): General Information Management Problems', + status: 'Deprecated', + }, + { + id: 'CWE-226', + name: 'Sensitive Information Uncleared Before Release', + status: 'Draft', + }, + { + id: 'CWE-227', + name: "Failure to Fulfill API Contract ('API Abuse')", + status: 'Draft', + }, + { + id: 'CWE-228', + name: 'Improper Handling of Syntactically Invalid Structure', + status: 'Incomplete', + }, + { + id: 'CWE-229', + name: 'Improper Handling of Values', + status: 'Incomplete', + }, + { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, + { + id: 'CWE-230', + name: 'Improper Handling of Missing Values', + status: 'Draft', + }, + { + id: 'CWE-231', + name: 'Improper Handling of Extra Values', + status: 'Draft', + }, + { + id: 'CWE-232', + name: 'Improper Handling of Undefined Values', + status: 'Draft', + }, + { id: 'CWE-233', name: 'Parameter Problems', status: 'Incomplete' }, + { + id: 'CWE-234', + name: 'Failure to Handle Missing Parameter', + status: 'Incomplete', + }, + { + id: 'CWE-235', + name: 'Improper Handling of Extra Parameters', + status: 'Draft', + }, + { + id: 'CWE-236', + name: 'Improper Handling of Undefined Parameters', + status: 'Draft', + }, + { + id: 'CWE-237', + name: 'Improper Handling of Structural Elements', + status: 'Incomplete', + }, + { + id: 'CWE-238', + name: 'Improper Handling of Incomplete Structural Elements', + status: 'Draft', + }, + { + id: 'CWE-239', + name: 'Failure to Handle Incomplete Element', + status: 'Draft', + }, + { + id: 'CWE-24', + name: "Path Traversal: '../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-240', + name: 'Improper Handling of Inconsistent Structural Elements', + status: 'Draft', + }, + { + id: 'CWE-241', + name: 'Improper Handling of Unexpected Data Type', + status: 'Draft', + }, + { + id: 'CWE-242', + name: 'Use of Inherently Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-243', + name: 'Failure to Change Working Directory in chroot Jail', + status: 'Draft', + }, + { + id: 'CWE-244', + name: "Failure to Clear Heap Memory Before Release ('Heap Inspection')", + status: 'Draft', + }, + { + id: 'CWE-245', + name: 'J2EE Bad Practices: Direct Management of Connections', + status: 'Draft', + }, + { + id: 'CWE-246', + name: 'J2EE Bad Practices: Direct Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-247', + name: 'Reliance on DNS Lookups in a Security Decision', + status: 'Incomplete', + }, + { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, + { + id: 'CWE-249', + name: 'DEPRECATED: Often Misused: Path Manipulation', + status: 'Deprecated', + }, + { + id: 'CWE-25', + name: "Path Traversal: '/../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-250', + name: 'Execution with Unnecessary Privileges', + status: 'Draft', + }, + { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, + { + id: 'CWE-253', + name: 'Incorrect Check of Function Return Value', + status: 'Incomplete', + }, + { + id: 'CWE-256', + name: 'Plaintext Storage of a Password', + status: 'Incomplete', + }, + { + id: 'CWE-257', + name: 'Storing Passwords in a Recoverable Format', + status: 'Incomplete', + }, + { + id: 'CWE-258', + name: 'Empty Password in Configuration File', + status: 'Incomplete', + }, + { id: 'CWE-259', name: 'Use of Hard-coded Password', status: 'Draft' }, + { + id: 'CWE-26', + name: "Path Traversal: '/dir/../filename'", + status: 'Draft', + }, + { + id: 'CWE-260', + name: 'Password in Configuration File', + status: 'Incomplete', + }, + { + id: 'CWE-261', + name: 'Weak Cryptography for Passwords', + status: 'Incomplete', + }, + { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, + { + id: 'CWE-263', + name: 'Password Aging with Long Expiration', + status: 'Draft', + }, + { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, + { + id: 'CWE-267', + name: 'Privilege Defined With Unsafe Actions', + status: 'Incomplete', + }, + { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, + { + id: 'CWE-269', + name: 'Improper Privilege Management', + status: 'Incomplete', + }, + { + id: 'CWE-27', + name: "Path Traversal: 'dir/../../filename'", + status: 'Draft', + }, + { + id: 'CWE-270', + name: 'Privilege Context Switching Error', + status: 'Draft', + }, + { + id: 'CWE-271', + name: 'Privilege Dropping / Lowering Errors', + status: 'Incomplete', + }, + { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, + { + id: 'CWE-273', + name: 'Improper Check for Dropped Privileges', + status: 'Incomplete', + }, + { + id: 'CWE-274', + name: 'Improper Handling of Insufficient Privileges', + status: 'Draft', + }, + { id: 'CWE-276', name: 'Incorrect Default Permissions', status: 'Draft' }, + { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, + { + id: 'CWE-278', + name: 'Insecure Preserved Inherited Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-279', + name: 'Incorrect Execution-Assigned Permissions', + status: 'Draft', + }, + { + id: 'CWE-28', + name: "Path Traversal: '..\\filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-280', + name: 'Improper Handling of Insufficient Permissions or Privileges ', + status: 'Draft', + }, + { + id: 'CWE-281', + name: 'Improper Preservation of Permissions', + status: 'Draft', + }, + { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, + { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, + { + id: 'CWE-284', + name: 'Access Control (Authorization) Issues', + status: 'Incomplete', + }, + { + id: 'CWE-285', + name: 'Improper Access Control (Authorization)', + status: 'Draft', + }, + { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, + { id: 'CWE-287', name: 'Improper Authentication', status: 'Draft' }, + { + id: 'CWE-288', + name: 'Authentication Bypass Using an Alternate Path or Channel', + status: 'Incomplete', + }, + { + id: 'CWE-289', + name: 'Authentication Bypass by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-29', + name: "Path Traversal: '\\..\\filename'", + status: 'Incomplete', + }, + { + id: 'CWE-290', + name: 'Authentication Bypass by Spoofing', + status: 'Incomplete', + }, + { + id: 'CWE-292', + name: 'Trusting Self-reported DNS Name', + status: 'Incomplete', + }, + { + id: 'CWE-293', + name: 'Using Referer Field for Authentication', + status: 'Draft', + }, + { + id: 'CWE-294', + name: 'Authentication Bypass by Capture-replay', + status: 'Incomplete', + }, + { + id: 'CWE-296', + name: 'Improper Following of Chain of Trust for Certificate Validation', + status: 'Draft', + }, + { + id: 'CWE-297', + name: 'Improper Validation of Host-specific Certificate Data', + status: 'Incomplete', + }, + { + id: 'CWE-298', + name: 'Improper Validation of Certificate Expiration', + status: 'Draft', + }, + { + id: 'CWE-299', + name: 'Improper Check for Certificate Revocation', + status: 'Draft', + }, + { + id: 'CWE-30', + name: "Path Traversal: '\\dir\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-300', + name: "Channel Accessible by Non-Endpoint ('Man-in-the-Middle')", + status: 'Draft', + }, + { + id: 'CWE-301', + name: 'Reflection Attack in an Authentication Protocol', + status: 'Draft', + }, + { + id: 'CWE-302', + name: 'Authentication Bypass by Assumed-Immutable Data', + status: 'Incomplete', + }, + { + id: 'CWE-303', + name: 'Incorrect Implementation of Authentication Algorithm', + status: 'Draft', + }, + { + id: 'CWE-304', + name: 'Missing Critical Step in Authentication', + status: 'Draft', + }, + { + id: 'CWE-305', + name: 'Authentication Bypass by Primary Weakness', + status: 'Draft', + }, + { + id: 'CWE-306', + name: 'Missing Authentication for Critical Function', + status: 'Draft', + }, + { + id: 'CWE-307', + name: 'Improper Restriction of Excessive Authentication Attempts', + status: 'Draft', + }, + { + id: 'CWE-308', + name: 'Use of Single-factor Authentication', + status: 'Draft', + }, + { + id: 'CWE-309', + name: 'Use of Password System for Primary Authentication', + status: 'Draft', + }, + { + id: 'CWE-31', + name: "Path Traversal: 'dir\\..\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-311', + name: 'Missing Encryption of Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-312', + name: 'Cleartext Storage of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-313', + name: 'Plaintext Storage in a File or on Disk', + status: 'Draft', + }, + { + id: 'CWE-314', + name: 'Plaintext Storage in the Registry', + status: 'Draft', + }, + { id: 'CWE-315', name: 'Plaintext Storage in a Cookie', status: 'Draft' }, + { id: 'CWE-316', name: 'Plaintext Storage in Memory', status: 'Draft' }, + { id: 'CWE-317', name: 'Plaintext Storage in GUI', status: 'Draft' }, + { id: 'CWE-318', name: 'Plaintext Storage in Executable', status: 'Draft' }, + { + id: 'CWE-319', + name: 'Cleartext Transmission of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-32', + name: "Path Traversal: '...' (Triple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-321', + name: 'Use of Hard-coded Cryptographic Key', + status: 'Draft', + }, + { + id: 'CWE-322', + name: 'Key Exchange without Entity Authentication', + status: 'Draft', + }, + { + id: 'CWE-323', + name: 'Reusing a Nonce, Key Pair in Encryption', + status: 'Incomplete', + }, + { + id: 'CWE-324', + name: 'Use of a Key Past its Expiration Date', + status: 'Draft', + }, + { + id: 'CWE-325', + name: 'Missing Required Cryptographic Step', + status: 'Incomplete', + }, + { id: 'CWE-326', name: 'Inadequate Encryption Strength', status: 'Draft' }, + { + id: 'CWE-327', + name: 'Use of a Broken or Risky Cryptographic Algorithm', + status: 'Draft', + }, + { id: 'CWE-328', name: 'Reversible One-Way Hash', status: 'Draft' }, + { + id: 'CWE-329', + name: 'Not Using a Random IV with CBC Mode', + status: 'Draft', + }, + { + id: 'CWE-33', + name: "Path Traversal: '....' (Multiple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-330', + name: 'Use of Insufficiently Random Values', + status: 'Usable', + }, + { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, + { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, + { + id: 'CWE-333', + name: 'Improper Handling of Insufficient Entropy in TRNG', + status: 'Draft', + }, + { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, + { id: 'CWE-335', name: 'PRNG Seed Error', status: 'Draft' }, + { id: 'CWE-336', name: 'Same Seed in PRNG', status: 'Draft' }, + { id: 'CWE-337', name: 'Predictable Seed in PRNG', status: 'Draft' }, + { + id: 'CWE-338', + name: 'Use of Cryptographically Weak PRNG', + status: 'Draft', + }, + { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, + { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, + { id: 'CWE-340', name: 'Predictability Problems', status: 'Incomplete' }, + { + id: 'CWE-341', + name: 'Predictable from Observable State', + status: 'Draft', + }, + { + id: 'CWE-342', + name: 'Predictable Exact Value from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-343', + name: 'Predictable Value Range from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-344', + name: 'Use of Invariant Value in Dynamically Changing Context', + status: 'Draft', + }, + { + id: 'CWE-345', + name: 'Insufficient Verification of Data Authenticity', + status: 'Draft', + }, + { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, + { + id: 'CWE-347', + name: 'Improper Verification of Cryptographic Signature', + status: 'Draft', + }, + { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, + { + id: 'CWE-349', + name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', + status: 'Draft', + }, + { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, + { id: 'CWE-350', name: 'Improperly Trusted Reverse DNS', status: 'Draft' }, + { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, + { + id: 'CWE-353', + name: 'Failure to Add Integrity Check Value', + status: 'Draft', + }, + { + id: 'CWE-354', + name: 'Improper Validation of Integrity Check Value', + status: 'Draft', + }, + { + id: 'CWE-356', + name: 'Product UI does not Warn User of Unsafe Actions', + status: 'Incomplete', + }, + { + id: 'CWE-357', + name: 'Insufficient UI Warning of Dangerous Operations', + status: 'Draft', + }, + { + id: 'CWE-358', + name: 'Improperly Implemented Security Check for Standard', + status: 'Draft', + }, + { id: 'CWE-359', name: 'Privacy Violation', status: 'Incomplete' }, + { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, + { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, + { id: 'CWE-362', name: 'Race Condition', status: 'Draft' }, + { + id: 'CWE-363', + name: 'Race Condition Enabling Link Following', + status: 'Draft', + }, + { + id: 'CWE-364', + name: 'Signal Handler Race Condition', + status: 'Incomplete', + }, + { id: 'CWE-365', name: 'Race Condition in Switch', status: 'Draft' }, + { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, + { + id: 'CWE-367', + name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', + status: 'Incomplete', + }, + { + id: 'CWE-368', + name: 'Context Switching Race Condition', + status: 'Draft', + }, + { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, + { + id: 'CWE-37', + name: "Path Traversal: '/absolute/pathname/here'", + status: 'Draft', + }, + { + id: 'CWE-370', + name: 'Missing Check for Certificate Revocation after Initial Check', + status: 'Draft', + }, + { + id: 'CWE-372', + name: 'Incomplete Internal State Distinction', + status: 'Draft', + }, + { id: 'CWE-373', name: 'State Synchronization Error', status: 'Draft' }, + { + id: 'CWE-374', + name: 'Passing Mutable Objects to an Untrusted Method', + status: 'Draft', + }, + { + id: 'CWE-375', + name: 'Passing Mutable Objects to an Untrusted Method', + status: 'Draft', + }, + { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, + { + id: 'CWE-378', + name: 'Creation of Temporary File With Insecure Permissions', + status: 'Draft', + }, + { + id: 'CWE-379', + name: 'Creation of Temporary File in Directory with Incorrect Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-38', + name: "Path Traversal: '\\absolute\\pathname\\here'", + status: 'Draft', + }, + { + id: 'CWE-382', + name: 'J2EE Bad Practices: Use of System.exit()', + status: 'Draft', + }, + { + id: 'CWE-383', + name: 'J2EE Bad Practices: Direct Use of Threads', + status: 'Draft', + }, + { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, + { + id: 'CWE-386', + name: 'Symbolic Name not Mapping to Correct Object', + status: 'Draft', + }, + { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, + { + id: 'CWE-390', + name: 'Detection of Error Condition Without Action', + status: 'Draft', + }, + { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, + { + id: 'CWE-392', + name: 'Failure to Report Error in Status Code', + status: 'Draft', + }, + { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, + { + id: 'CWE-394', + name: 'Unexpected Status Code or Return Value', + status: 'Draft', + }, + { + id: 'CWE-395', + name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', + status: 'Draft', + }, + { + id: 'CWE-396', + name: 'Declaration of Catch for Generic Exception', + status: 'Draft', + }, + { + id: 'CWE-397', + name: 'Declaration of Throws for Generic Exception', + status: 'Draft', + }, + { id: 'CWE-398', name: 'Indicator of Poor Code Quality', status: 'Draft' }, + { + id: 'CWE-40', + name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", + status: 'Draft', + }, + { + id: 'CWE-400', + name: "Uncontrolled Resource Consumption ('Resource Exhaustion')", + status: 'Incomplete', + }, + { + id: 'CWE-401', + name: "Failure to Release Memory Before Removing Last Reference ('Memory Leak')", + status: 'Draft', + }, + { + id: 'CWE-402', + name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", + status: 'Draft', + }, + { id: 'CWE-403', name: 'UNIX File Descriptor Leak', status: 'Draft' }, + { + id: 'CWE-404', + name: 'Improper Resource Shutdown or Release', + status: 'Draft', + }, + { + id: 'CWE-405', + name: 'Asymmetric Resource Consumption (Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-406', + name: 'Insufficient Control of Network Message Volume (Network Amplification)', + status: 'Incomplete', + }, + { id: 'CWE-407', name: 'Algorithmic Complexity', status: 'Incomplete' }, + { + id: 'CWE-408', + name: 'Incorrect Behavior Order: Early Amplification', + status: 'Draft', + }, + { + id: 'CWE-409', + name: 'Improper Handling of Highly Compressed Data (Data Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-41', + name: 'Improper Resolution of Path Equivalence', + status: 'Incomplete', + }, + { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, + { + id: 'CWE-412', + name: 'Unrestricted Externally Accessible Lock', + status: 'Incomplete', + }, + { id: 'CWE-413', name: 'Insufficient Resource Locking', status: 'Draft' }, + { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, + { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, + { id: 'CWE-416', name: 'Use After Free', status: 'Draft' }, + { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, + { + id: 'CWE-42', + name: "Path Equivalence: 'filename.' (Trailing Dot)", + status: 'Incomplete', + }, + { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, + { + id: 'CWE-421', + name: 'Race Condition During Access to Alternate Channel', + status: 'Draft', + }, + { + id: 'CWE-422', + name: "Unprotected Windows Messaging Channel ('Shatter')", + status: 'Draft', + }, + { + id: 'CWE-423', + name: 'DEPRECATED (Duplicate): Proxied Trusted Channel', + status: 'Deprecated', + }, + { + id: 'CWE-424', + name: 'Failure to Protect Alternate Path', + status: 'Draft', + }, + { + id: 'CWE-425', + name: "Direct Request ('Forced Browsing')", + status: 'Incomplete', + }, + { + id: 'CWE-427', + name: 'Uncontrolled Search Path Element', + status: 'Draft', + }, + { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, + { + id: 'CWE-43', + name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-430', + name: 'Deployment of Wrong Handler', + status: 'Incomplete', + }, + { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, + { + id: 'CWE-432', + name: 'Dangerous Handler not Disabled During Sensitive Operations', + status: 'Draft', + }, + { + id: 'CWE-433', + name: 'Unparsed Raw Web Content Delivery', + status: 'Incomplete', + }, + { + id: 'CWE-434', + name: 'Unrestricted Upload of File with Dangerous Type', + status: 'Draft', + }, + { id: 'CWE-435', name: 'Interaction Error', status: 'Draft' }, + { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, + { + id: 'CWE-437', + name: 'Incomplete Model of Endpoint Features', + status: 'Incomplete', + }, + { + id: 'CWE-439', + name: 'Behavioral Change in New Version or Environment', + status: 'Draft', + }, + { + id: 'CWE-44', + name: "Path Equivalence: 'file.name' (Internal Dot)", + status: 'Incomplete', + }, + { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, + { id: 'CWE-441', name: 'Unintended Proxy/Intermediary', status: 'Draft' }, + { + id: 'CWE-443', + name: 'DEPRECATED (Duplicate): HTTP response splitting', + status: 'Deprecated', + }, + { + id: 'CWE-444', + name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')", + status: 'Incomplete', + }, + { + id: 'CWE-446', + name: 'UI Discrepancy for Security Feature', + status: 'Incomplete', + }, + { + id: 'CWE-447', + name: 'Unimplemented or Unsupported Feature in UI', + status: 'Draft', + }, + { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, + { + id: 'CWE-449', + name: 'The UI Performs the Wrong Action', + status: 'Incomplete', + }, + { + id: 'CWE-45', + name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-450', + name: 'Multiple Interpretations of UI Input', + status: 'Draft', + }, + { + id: 'CWE-451', + name: 'UI Misrepresentation of Critical Information', + status: 'Draft', + }, + { + id: 'CWE-453', + name: 'Insecure Default Variable Initialization', + status: 'Draft', + }, + { + id: 'CWE-454', + name: 'External Initialization of Trusted Variables or Data Stores', + status: 'Draft', + }, + { + id: 'CWE-455', + name: 'Non-exit on Failed Initialization', + status: 'Draft', + }, + { id: 'CWE-456', name: 'Missing Initialization', status: 'Draft' }, + { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, + { + id: 'CWE-458', + name: 'DEPRECATED: Incorrect Initialization', + status: 'Deprecated', + }, + { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, + { + id: 'CWE-46', + name: "Path Equivalence: 'filename ' (Trailing Space)", + status: 'Incomplete', + }, + { + id: 'CWE-460', + name: 'Improper Cleanup on Thrown Exception', + status: 'Draft', + }, + { + id: 'CWE-462', + name: 'Duplicate Key in Associative List (Alist)', + status: 'Incomplete', + }, + { + id: 'CWE-463', + name: 'Deletion of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-464', + name: 'Addition of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-466', + name: 'Return of Pointer Value Outside of Expected Range', + status: 'Draft', + }, + { + id: 'CWE-467', + name: 'Use of sizeof() on a Pointer Type', + status: 'Draft', + }, + { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, + { + id: 'CWE-469', + name: 'Use of Pointer Subtraction to Determine Size', + status: 'Draft', + }, + { + id: 'CWE-47', + name: "Path Equivalence: ' filename (Leading Space)", + status: 'Incomplete', + }, + { + id: 'CWE-470', + name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", + status: 'Draft', + }, + { + id: 'CWE-471', + name: 'Modification of Assumed-Immutable Data (MAID)', + status: 'Draft', + }, + { + id: 'CWE-472', + name: 'External Control of Assumed-Immutable Web Parameter', + status: 'Draft', + }, + { + id: 'CWE-473', + name: 'PHP External Variable Modification', + status: 'Draft', + }, + { + id: 'CWE-474', + name: 'Use of Function with Inconsistent Implementations', + status: 'Draft', + }, + { + id: 'CWE-475', + name: 'Undefined Behavior for Input to API', + status: 'Incomplete', + }, + { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Draft' }, + { id: 'CWE-477', name: 'Use of Obsolete Functions', status: 'Draft' }, + { + id: 'CWE-478', + name: 'Missing Default Case in Switch Statement', + status: 'Draft', + }, + { + id: 'CWE-479', + name: 'Unsafe Function Call from a Signal Handler', + status: 'Draft', + }, + { + id: 'CWE-48', + name: "Path Equivalence: 'file name' (Internal Whitespace)", + status: 'Incomplete', + }, + { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, + { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, + { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, + { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, + { + id: 'CWE-484', + name: 'Omitted Break Statement in Switch', + status: 'Draft', + }, + { id: 'CWE-485', name: 'Insufficient Encapsulation', status: 'Draft' }, + { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, + { + id: 'CWE-487', + name: 'Reliance on Package-level Scope', + status: 'Incomplete', + }, + { id: 'CWE-488', name: 'Data Leak Between Sessions', status: 'Draft' }, + { id: 'CWE-489', name: 'Leftover Debug Code', status: 'Draft' }, + { + id: 'CWE-49', + name: "Path Equivalence: 'filename/' (Trailing Slash)", + status: 'Incomplete', + }, + { + id: 'CWE-491', + name: "Public cloneable() Method Without Final ('Object Hijack')", + status: 'Draft', + }, + { + id: 'CWE-492', + name: 'Use of Inner Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-493', + name: 'Critical Public Variable Without Final Modifier', + status: 'Draft', + }, + { + id: 'CWE-494', + name: 'Download of Code Without Integrity Check', + status: 'Draft', + }, + { + id: 'CWE-495', + name: 'Private Array-Typed Field Returned From A Public Method', + status: 'Draft', + }, + { + id: 'CWE-496', + name: 'Public Data Assigned to Private Array-Typed Field', + status: 'Incomplete', + }, + { + id: 'CWE-497', + name: 'Exposure of System Data to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-498', + name: 'Information Leak through Class Cloning', + status: 'Draft', + }, + { + id: 'CWE-499', + name: 'Serializable Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-5', + name: 'J2EE Misconfiguration: Data Transmission Without Encryption', + status: 'Draft', + }, + { + id: 'CWE-50', + name: "Path Equivalence: '//multiple/leading/slash'", + status: 'Incomplete', + }, + { + id: 'CWE-500', + name: 'Public Static Field Not Marked Final', + status: 'Draft', + }, + { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, + { + id: 'CWE-502', + name: 'Deserialization of Untrusted Data', + status: 'Draft', + }, + { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, + { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, + { + id: 'CWE-508', + name: 'Non-Replicating Malicious Code', + status: 'Incomplete', + }, + { + id: 'CWE-509', + name: 'Replicating Malicious Code (Virus or Worm)', + status: 'Incomplete', + }, + { + id: 'CWE-51', + name: "Path Equivalence: '/multiple//internal/slash'", + status: 'Incomplete', + }, + { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, + { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, + { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, + { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, + { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, + { + id: 'CWE-516', + name: 'DEPRECATED (Duplicate): Covert Timing Channel', + status: 'Deprecated', + }, + { + id: 'CWE-52', + name: "Path Equivalence: '/multiple/trailing/slash//'", + status: 'Incomplete', + }, + { + id: 'CWE-520', + name: '.NET Misconfiguration: Use of Impersonation', + status: 'Incomplete', + }, + { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, + { + id: 'CWE-522', + name: 'Insufficiently Protected Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-523', + name: 'Unprotected Transport of Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-524', + name: 'Information Leak Through Caching', + status: 'Incomplete', + }, + { + id: 'CWE-525', + name: 'Information Leak Through Browser Caching', + status: 'Incomplete', + }, + { + id: 'CWE-526', + name: 'Information Leak Through Environmental Variables', + status: 'Incomplete', + }, + { + id: 'CWE-527', + name: 'Exposure of CVS Repository to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-528', + name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', + status: 'Draft', + }, + { + id: 'CWE-529', + name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-53', + name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", + status: 'Incomplete', + }, + { + id: 'CWE-530', + name: 'Exposure of Backup File to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-531', + name: 'Information Leak Through Test Code', + status: 'Incomplete', + }, + { + id: 'CWE-532', + name: 'Information Leak Through Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-533', + name: 'Information Leak Through Server Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-534', + name: 'Information Leak Through Debug Log Files', + status: 'Draft', + }, + { + id: 'CWE-535', + name: 'Information Leak Through Shell Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-536', + name: 'Information Leak Through Servlet Runtime Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-537', + name: 'Information Leak Through Java Runtime Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-538', + name: 'File and Directory Information Exposure', + status: 'Draft', + }, + { + id: 'CWE-539', + name: 'Information Leak Through Persistent Cookies', + status: 'Incomplete', + }, + { + id: 'CWE-54', + name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", + status: 'Incomplete', + }, + { + id: 'CWE-540', + name: 'Information Leak Through Source Code', + status: 'Incomplete', + }, + { + id: 'CWE-541', + name: 'Information Leak Through Include Source Code', + status: 'Incomplete', + }, + { + id: 'CWE-542', + name: 'Information Leak Through Cleanup Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-543', + name: 'Use of Singleton Pattern in a Non-thread-safe Manner', + status: 'Incomplete', + }, + { + id: 'CWE-544', + name: 'Failure to Use a Standardized Error Handling Mechanism', + status: 'Draft', + }, + { + id: 'CWE-545', + name: 'Use of Dynamic Class Loading', + status: 'Incomplete', + }, + { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, + { + id: 'CWE-547', + name: 'Use of Hard-coded, Security-relevant Constants', + status: 'Draft', + }, + { + id: 'CWE-548', + name: 'Information Leak Through Directory Listing', + status: 'Draft', + }, + { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, + { + id: 'CWE-55', + name: "Path Equivalence: '/./' (Single Dot Directory)", + status: 'Incomplete', + }, + { + id: 'CWE-550', + name: 'Information Leak Through Server Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-551', + name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', + status: 'Incomplete', + }, + { + id: 'CWE-552', + name: 'Files or Directories Accessible to External Parties', + status: 'Draft', + }, + { + id: 'CWE-553', + name: 'Command Shell in Externally Accessible Directory', + status: 'Incomplete', + }, + { + id: 'CWE-554', + name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', + status: 'Draft', + }, + { + id: 'CWE-555', + name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-556', + name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', + status: 'Incomplete', + }, + { + id: 'CWE-558', + name: 'Use of getlogin() in Multithreaded Application', + status: 'Draft', + }, + { + id: 'CWE-56', + name: "Path Equivalence: 'filedir*' (Wildcard)", + status: 'Incomplete', + }, + { + id: 'CWE-560', + name: 'Use of umask() with chmod-style Argument', + status: 'Draft', + }, + { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, + { + id: 'CWE-562', + name: 'Return of Stack Variable Address', + status: 'Draft', + }, + { id: 'CWE-563', name: 'Unused Variable', status: 'Draft' }, + { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, + { + id: 'CWE-565', + name: 'Reliance on Cookies without Validation and Integrity Checking', + status: 'Incomplete', + }, + { + id: 'CWE-566', + name: 'Access Control Bypass Through User-Controlled SQL Primary Key', + status: 'Incomplete', + }, + { + id: 'CWE-567', + name: 'Unsynchronized Access to Shared Data', + status: 'Draft', + }, + { + id: 'CWE-568', + name: 'finalize() Method Without super.finalize()', + status: 'Draft', + }, + { + id: 'CWE-57', + name: "Path Equivalence: 'fakedir/../realdir/filename'", + status: 'Incomplete', + }, + { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, + { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, + { + id: 'CWE-572', + name: 'Call to Thread run() instead of start()', + status: 'Draft', + }, + { id: 'CWE-573', name: 'Failure to Follow Specification', status: 'Draft' }, + { + id: 'CWE-574', + name: 'EJB Bad Practices: Use of Synchronization Primitives', + status: 'Draft', + }, + { + id: 'CWE-575', + name: 'EJB Bad Practices: Use of AWT Swing', + status: 'Draft', + }, + { + id: 'CWE-576', + name: 'EJB Bad Practices: Use of Java I/O', + status: 'Draft', + }, + { + id: 'CWE-577', + name: 'EJB Bad Practices: Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-578', + name: 'EJB Bad Practices: Use of Class Loader', + status: 'Draft', + }, + { + id: 'CWE-579', + name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', + status: 'Draft', + }, + { + id: 'CWE-58', + name: 'Path Equivalence: Windows 8.3 Filename', + status: 'Incomplete', + }, + { + id: 'CWE-580', + name: 'clone() Method Without super.clone()', + status: 'Draft', + }, + { + id: 'CWE-581', + name: 'Object Model Violation: Just One of Equals and Hashcode Defined', + status: 'Draft', + }, + { + id: 'CWE-582', + name: 'Array Declared Public, Final, and Static', + status: 'Draft', + }, + { + id: 'CWE-583', + name: 'finalize() Method Declared Public', + status: 'Incomplete', + }, + { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, + { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, + { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, + { + id: 'CWE-587', + name: 'Assignment of a Fixed Address to a Pointer', + status: 'Draft', + }, + { + id: 'CWE-588', + name: 'Attempt to Access Child of a Non-structure Pointer', + status: 'Incomplete', + }, + { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, + { + id: 'CWE-59', + name: "Improper Link Resolution Before File Access ('Link Following')", + status: 'Draft', + }, + { + id: 'CWE-590', + name: 'Free of Memory not on the Heap', + status: 'Incomplete', + }, + { + id: 'CWE-591', + name: 'Sensitive Data Storage in Improperly Locked Memory', + status: 'Draft', + }, + { + id: 'CWE-592', + name: 'Authentication Bypass Issues', + status: 'Incomplete', + }, + { + id: 'CWE-593', + name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', + status: 'Draft', + }, + { + id: 'CWE-594', + name: 'J2EE Framework: Saving Unserializable Objects to Disk', + status: 'Incomplete', + }, + { + id: 'CWE-595', + name: 'Comparison of Object References Instead of Object Contents', + status: 'Incomplete', + }, + { + id: 'CWE-596', + name: 'Incorrect Semantic Object Comparison', + status: 'Incomplete', + }, + { + id: 'CWE-597', + name: 'Use of Wrong Operator in String Comparison', + status: 'Draft', + }, + { + id: 'CWE-598', + name: 'Information Leak Through Query Strings in GET Request', + status: 'Draft', + }, + { + id: 'CWE-599', + name: 'Trust of OpenSSL Certificate Without Validation', + status: 'Incomplete', + }, + { + id: 'CWE-6', + name: 'J2EE Misconfiguration: Insufficient Session-ID Length', + status: 'Incomplete', + }, + { + id: 'CWE-600', + name: 'Failure to Catch All Exceptions in Servlet ', + status: 'Draft', + }, + { + id: 'CWE-601', + name: "URL Redirection to Untrusted Site ('Open Redirect')", + status: 'Draft', + }, + { + id: 'CWE-602', + name: 'Client-Side Enforcement of Server-Side Security', + status: 'Draft', + }, + { + id: 'CWE-603', + name: 'Use of Client-Side Authentication', + status: 'Draft', + }, + { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, + { + id: 'CWE-606', + name: 'Unchecked Input for Loop Condition', + status: 'Draft', + }, + { + id: 'CWE-607', + name: 'Public Static Final Field References Mutable Object', + status: 'Draft', + }, + { + id: 'CWE-608', + name: 'Struts: Non-private Field in ActionForm Class', + status: 'Draft', + }, + { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, + { + id: 'CWE-610', + name: 'Externally Controlled Reference to a Resource in Another Sphere', + status: 'Draft', + }, + { + id: 'CWE-611', + name: 'Information Leak Through XML External Entity File Disclosure', + status: 'Draft', + }, + { + id: 'CWE-612', + name: 'Information Leak Through Indexing of Private Data', + status: 'Draft', + }, + { + id: 'CWE-613', + name: 'Insufficient Session Expiration', + status: 'Incomplete', + }, + { + id: 'CWE-614', + name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", + status: 'Draft', + }, + { + id: 'CWE-615', + name: 'Information Leak Through Comments', + status: 'Incomplete', + }, + { + id: 'CWE-616', + name: 'Incomplete Identification of Uploaded File Variables (PHP)', + status: 'Incomplete', + }, + { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, + { + id: 'CWE-618', + name: 'Exposed Unsafe ActiveX Method', + status: 'Incomplete', + }, + { + id: 'CWE-619', + name: "Dangling Database Cursor ('Cursor Injection')", + status: 'Incomplete', + }, + { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, + { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, + { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, + { + id: 'CWE-622', + name: 'Unvalidated Function Hook Arguments', + status: 'Draft', + }, + { + id: 'CWE-623', + name: 'Unsafe ActiveX Control Marked Safe For Scripting', + status: 'Draft', + }, + { + id: 'CWE-624', + name: 'Executable Regular Expression Error', + status: 'Incomplete', + }, + { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, + { + id: 'CWE-626', + name: 'Null Byte Interaction Error (Poison Null Byte)', + status: 'Draft', + }, + { + id: 'CWE-627', + name: 'Dynamic Variable Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-628', + name: 'Function Call with Incorrectly Specified Arguments', + status: 'Draft', + }, + { + id: 'CWE-636', + name: "Not Failing Securely ('Failing Open')", + status: 'Draft', + }, + { + id: 'CWE-637', + name: 'Failure to Use Economy of Mechanism', + status: 'Draft', + }, + { + id: 'CWE-638', + name: 'Failure to Use Complete Mediation', + status: 'Draft', + }, + { + id: 'CWE-639', + name: 'Access Control Bypass Through User-Controlled Key', + status: 'Incomplete', + }, + { + id: 'CWE-64', + name: 'Windows Shortcut Following (.LNK)', + status: 'Incomplete', + }, + { + id: 'CWE-640', + name: 'Weak Password Recovery Mechanism for Forgotten Password', + status: 'Incomplete', + }, + { + id: 'CWE-641', + name: 'Improper Restriction of Names for Files and Other Resources', + status: 'Incomplete', + }, + { + id: 'CWE-642', + name: 'External Control of Critical State Data', + status: 'Draft', + }, + { + id: 'CWE-643', + name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-644', + name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', + status: 'Incomplete', + }, + { + id: 'CWE-645', + name: 'Overly Restrictive Account Lockout Mechanism', + status: 'Incomplete', + }, + { + id: 'CWE-646', + name: 'Reliance on File Name or Extension of Externally-Supplied File', + status: 'Incomplete', + }, + { + id: 'CWE-647', + name: 'Use of Non-Canonical URL Paths for Authorization Decisions', + status: 'Incomplete', + }, + { + id: 'CWE-648', + name: 'Incorrect Use of Privileged APIs', + status: 'Incomplete', + }, + { + id: 'CWE-649', + name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', + status: 'Incomplete', + }, + { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, + { + id: 'CWE-650', + name: 'Trusting HTTP Permission Methods on the Server Side', + status: 'Incomplete', + }, + { + id: 'CWE-651', + name: 'Information Leak through WSDL File', + status: 'Incomplete', + }, + { + id: 'CWE-652', + name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-653', + name: 'Insufficient Compartmentalization', + status: 'Draft', + }, + { + id: 'CWE-654', + name: 'Reliance on a Single Factor in a Security Decision', + status: 'Draft', + }, + { + id: 'CWE-655', + name: 'Insufficient Psychological Acceptability', + status: 'Draft', + }, + { + id: 'CWE-656', + name: 'Reliance on Security through Obscurity', + status: 'Draft', + }, + { + id: 'CWE-657', + name: 'Violation of Secure Design Principles', + status: 'Draft', + }, + { + id: 'CWE-66', + name: 'Improper Handling of File Names that Identify Virtual Resources', + status: 'Draft', + }, + { id: 'CWE-662', name: 'Insufficient Synchronization', status: 'Draft' }, + { + id: 'CWE-663', + name: 'Use of a Non-reentrant Function in an Unsynchronized Context', + status: 'Draft', + }, + { + id: 'CWE-664', + name: 'Improper Control of a Resource Through its Lifetime', + status: 'Draft', + }, + { id: 'CWE-665', name: 'Improper Initialization', status: 'Draft' }, + { + id: 'CWE-666', + name: 'Operation on Resource in Wrong Phase of Lifetime', + status: 'Draft', + }, + { id: 'CWE-667', name: 'Insufficient Locking', status: 'Draft' }, + { + id: 'CWE-668', + name: 'Exposure of Resource to Wrong Sphere', + status: 'Draft', + }, + { + id: 'CWE-669', + name: 'Incorrect Resource Transfer Between Spheres', + status: 'Draft', + }, + { + id: 'CWE-67', + name: 'Improper Handling of Windows Device Names', + status: 'Incomplete', + }, + { + id: 'CWE-670', + name: 'Always-Incorrect Control Flow Implementation', + status: 'Draft', + }, + { + id: 'CWE-671', + name: 'Lack of Administrator Control over Security', + status: 'Draft', + }, + { + id: 'CWE-672', + name: 'Operation on a Resource after Expiration or Release', + status: 'Draft', + }, + { + id: 'CWE-673', + name: 'External Influence of Sphere Definition', + status: 'Draft', + }, + { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, + { + id: 'CWE-675', + name: 'Duplicate Operations on Resource', + status: 'Draft', + }, + { + id: 'CWE-676', + name: 'Use of Potentially Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-681', + name: 'Incorrect Conversion between Numeric Types', + status: 'Draft', + }, + { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, + { + id: 'CWE-683', + name: 'Function Call With Incorrect Order of Arguments', + status: 'Draft', + }, + { + id: 'CWE-684', + name: 'Failure to Provide Specified Functionality', + status: 'Draft', + }, + { + id: 'CWE-685', + name: 'Function Call With Incorrect Number of Arguments', + status: 'Draft', + }, + { + id: 'CWE-686', + name: 'Function Call With Incorrect Argument Type', + status: 'Draft', + }, + { + id: 'CWE-687', + name: 'Function Call With Incorrectly Specified Argument Value', + status: 'Draft', + }, + { + id: 'CWE-688', + name: 'Function Call With Incorrect Variable or Reference as Argument', + status: 'Draft', + }, + { + id: 'CWE-69', + name: 'Failure to Handle Windows ::DATA Alternate Data Stream', + status: 'Incomplete', + }, + { + id: 'CWE-691', + name: 'Insufficient Control Flow Management', + status: 'Draft', + }, + { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, + { + id: 'CWE-694', + name: 'Use of Multiple Resources with Duplicate Identifier', + status: 'Incomplete', + }, + { + id: 'CWE-695', + name: 'Use of Low-Level Functionality', + status: 'Incomplete', + }, + { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, + { id: 'CWE-697', name: 'Insufficient Comparison', status: 'Incomplete' }, + { id: 'CWE-698', name: 'Redirect Without Exit', status: 'Incomplete' }, + { + id: 'CWE-7', + name: 'J2EE Misconfiguration: Missing Custom Error Page', + status: 'Incomplete', + }, + { + id: 'CWE-703', + name: 'Failure to Handle Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-704', + name: 'Incorrect Type Conversion or Cast', + status: 'Incomplete', + }, + { + id: 'CWE-705', + name: 'Incorrect Control Flow Scoping', + status: 'Incomplete', + }, + { + id: 'CWE-706', + name: 'Use of Incorrectly-Resolved Name or Reference', + status: 'Incomplete', + }, + { + id: 'CWE-707', + name: 'Improper Enforcement of Message or Data Structure', + status: 'Incomplete', + }, + { + id: 'CWE-708', + name: 'Incorrect Ownership Assignment', + status: 'Incomplete', + }, + { id: 'CWE-71', name: "Apple '.DS_Store'", status: 'Incomplete' }, + { id: 'CWE-710', name: 'Coding Standards Violation', status: 'Incomplete' }, + { + id: 'CWE-72', + name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', + status: 'Incomplete', + }, + { + id: 'CWE-73', + name: 'External Control of File Name or Path', + status: 'Draft', + }, + { + id: 'CWE-732', + name: 'Incorrect Permission Assignment for Critical Resource', + status: 'Draft', + }, + { + id: 'CWE-733', + name: 'Compiler Optimization Removal or Modification of Security-critical Code', + status: 'Incomplete', + }, + { + id: 'CWE-74', + name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-749', + name: 'Exposed Dangerous Method or Function', + status: 'Incomplete', + }, + { + id: 'CWE-75', + name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', + status: 'Draft', + }, + { + id: 'CWE-754', + name: 'Improper Check for Unusual or Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-755', + name: 'Improper Handling of Exceptional Conditions', + status: 'Incomplete', + }, + { id: 'CWE-756', name: 'Missing Custom Error Page', status: 'Incomplete' }, + { + id: 'CWE-757', + name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", + status: 'Incomplete', + }, + { + id: 'CWE-758', + name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', + status: 'Incomplete', + }, + { + id: 'CWE-759', + name: 'Use of a One-Way Hash without a Salt', + status: 'Incomplete', + }, + { + id: 'CWE-76', + name: 'Improper Neutralization of Equivalent Special Elements', + status: 'Draft', + }, + { + id: 'CWE-760', + name: 'Use of a One-Way Hash with a Predictable Salt', + status: 'Incomplete', + }, + { + id: 'CWE-761', + name: 'Free of Pointer not at Start of Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-762', + name: 'Mismatched Memory Management Routines', + status: 'Incomplete', + }, + { + id: 'CWE-763', + name: 'Release of Invalid Pointer or Reference', + status: 'Incomplete', + }, + { + id: 'CWE-764', + name: 'Multiple Locks of a Critical Resource', + status: 'Incomplete', + }, + { + id: 'CWE-765', + name: 'Multiple Unlocks of a Critical Resource', + status: 'Incomplete', + }, + { + id: 'CWE-766', + name: 'Critical Variable Declared Public', + status: 'Incomplete', + }, + { + id: 'CWE-767', + name: 'Access to Critical Private Variable via Public Method', + status: 'Incomplete', + }, + { + id: 'CWE-768', + name: 'Incorrect Short Circuit Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-77', + name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", + status: 'Draft', + }, + { + id: 'CWE-770', + name: 'Allocation of Resources Without Limits or Throttling', + status: 'Incomplete', + }, + { + id: 'CWE-771', + name: 'Missing Reference to Active Allocated Resource', + status: 'Incomplete', + }, + { + id: 'CWE-772', + name: 'Missing Release of Resource after Effective Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-773', + name: 'Missing Reference to Active File Descriptor or Handle', + status: 'Incomplete', + }, + { + id: 'CWE-774', + name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', + status: 'Incomplete', + }, + { + id: 'CWE-775', + name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-776', + name: "Unrestricted Recursive Entity References in DTDs ('XML Bomb')", + status: 'Draft', + }, + { + id: 'CWE-777', + name: 'Regular Expression without Anchors', + status: 'Incomplete', + }, + { id: 'CWE-778', name: 'Insufficient Logging', status: 'Draft' }, + { id: 'CWE-779', name: 'Logging of Excessive Data', status: 'Draft' }, + { + id: 'CWE-78', + name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", + status: 'Draft', + }, + { + id: 'CWE-780', + name: 'Use of RSA Algorithm without OAEP', + status: 'Incomplete', + }, + { + id: 'CWE-781', + name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', + status: 'Draft', + }, + { + id: 'CWE-782', + name: 'Exposed IOCTL with Insufficient Access Control', + status: 'Draft', + }, + { id: 'CWE-783', name: 'Operator Precedence Logic Error', status: 'Draft' }, + { + id: 'CWE-784', + name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', + status: 'Draft', + }, + { + id: 'CWE-785', + name: 'Use of Path Manipulation Function without Maximum-sized Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-786', + name: 'Access of Memory Location Before Start of Buffer', + status: 'Incomplete', + }, + { id: 'CWE-787', name: 'Out-of-bounds Write', status: 'Incomplete' }, + { + id: 'CWE-788', + name: 'Access of Memory Location After End of Buffer', + status: 'Incomplete', + }, + { id: 'CWE-789', name: 'Uncontrolled Memory Allocation', status: 'Draft' }, + { + id: 'CWE-79', + name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + status: 'Usable', + }, + { + id: 'CWE-790', + name: 'Improper Filtering of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-791', + name: 'Incomplete Filtering of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-792', + name: 'Incomplete Filtering of One or More Instances of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-793', + name: 'Only Filtering One Instance of a Special Element', + status: 'Incomplete', + }, + { + id: 'CWE-794', + name: 'Incomplete Filtering of Multiple Instances of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-795', + name: 'Only Filtering Special Elements at a Specified Location', + status: 'Incomplete', + }, + { + id: 'CWE-796', + name: 'Only Filtering Special Elements Relative to a Marker', + status: 'Incomplete', + }, + { + id: 'CWE-797', + name: 'Only Filtering Special Elements at an Absolute Position', + status: 'Incomplete', + }, + { + id: 'CWE-798', + name: 'Use of Hard-coded Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-799', + name: 'Improper Control of Interaction Frequency', + status: 'Incomplete', + }, + { + id: 'CWE-8', + name: 'J2EE Misconfiguration: Entity Bean Declared Remote', + status: 'Incomplete', + }, + { + id: 'CWE-80', + name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', + status: 'Incomplete', + }, + { id: 'CWE-804', name: 'Guessable CAPTCHA', status: 'Incomplete' }, + { + id: 'CWE-805', + name: 'Buffer Access with Incorrect Length Value', + status: 'Incomplete', + }, + { + id: 'CWE-806', + name: 'Buffer Access Using Size of Source Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-807', + name: 'Reliance on Untrusted Inputs in a Security Decision', + status: 'Incomplete', + }, + { + id: 'CWE-81', + name: 'Improper Neutralization of Script in an Error Message Web Page', + status: 'Incomplete', + }, + { + id: 'CWE-82', + name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', + status: 'Incomplete', + }, + { + id: 'CWE-83', + name: 'Improper Neutralization of Script in Attributes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-84', + name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-85', + name: 'Doubled Character XSS Manipulations', + status: 'Draft', + }, + { + id: 'CWE-86', + name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', + status: 'Draft', + }, + { + id: 'CWE-87', + name: 'Improper Neutralization of Alternate XSS Syntax', + status: 'Draft', + }, + { + id: 'CWE-88', + name: 'Argument Injection or Modification', + status: 'Draft', + }, + { + id: 'CWE-89', + name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + status: 'Draft', + }, + { + id: 'CWE-9', + name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', + status: 'Draft', + }, + { + id: 'CWE-90', + name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", + status: 'Draft', + }, + { + id: 'CWE-91', + name: 'XML Injection (aka Blind XPath Injection)', + status: 'Draft', + }, + { + id: 'CWE-92', + name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', + status: 'Deprecated', + }, + { + id: 'CWE-93', + name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", + status: 'Draft', + }, + { + id: 'CWE-94', + name: "Failure to Control Generation of Code ('Code Injection')", + status: 'Draft', + }, + { + id: 'CWE-95', + name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-96', + name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", + status: 'Draft', + }, + { + id: 'CWE-97', + name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', + status: 'Draft', + }, + { + id: 'CWE-98', + name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP File Inclusion')", + status: 'Draft', + }, + { + id: 'CWE-99', + name: "Improper Control of Resource Identifiers ('Resource Injection')", + status: 'Draft', + }, + ], +} diff --git a/lib/cwec/2.0.js b/lib/cwec/2.0.js new file mode 100644 index 00000000..fd9b0642 --- /dev/null +++ b/lib/cwec/2.0.js @@ -0,0 +1,2829 @@ +export default { + weaknesses: [ + { + id: 'CWE-102', + name: 'Struts: Duplicate Validation Forms', + status: 'Incomplete', + }, + { + id: 'CWE-103', + name: 'Struts: Incomplete validate() Method Definition', + status: 'Draft', + }, + { + id: 'CWE-104', + name: 'Struts: Form Bean Does Not Extend Validation Class', + status: 'Draft', + }, + { + id: 'CWE-105', + name: 'Struts: Form Field Without Validator', + status: 'Draft', + }, + { + id: 'CWE-106', + name: 'Struts: Plug-in Framework not in Use', + status: 'Draft', + }, + { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, + { + id: 'CWE-108', + name: 'Struts: Unvalidated Action Form', + status: 'Incomplete', + }, + { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, + { + id: 'CWE-11', + name: 'ASP.NET Misconfiguration: Creating Debug Binary', + status: 'Draft', + }, + { + id: 'CWE-110', + name: 'Struts: Validator Without Form Field', + status: 'Draft', + }, + { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, + { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, + { + id: 'CWE-113', + name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')", + status: 'Incomplete', + }, + { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, + { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, + { + id: 'CWE-116', + name: 'Improper Encoding or Escaping of Output', + status: 'Draft', + }, + { + id: 'CWE-117', + name: 'Improper Output Neutralization for Logs', + status: 'Draft', + }, + { + id: 'CWE-118', + name: "Improper Access of Indexable Resource ('Range Error')", + status: 'Incomplete', + }, + { + id: 'CWE-119', + name: 'Improper Restriction of Operations within the Bounds of a Memory Buffer', + status: 'Usable', + }, + { + id: 'CWE-12', + name: 'ASP.NET Misconfiguration: Missing Custom Error Page', + status: 'Draft', + }, + { + id: 'CWE-120', + name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", + status: 'Incomplete', + }, + { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, + { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, + { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, + { + id: 'CWE-124', + name: "Buffer Underwrite ('Buffer Underflow')", + status: 'Incomplete', + }, + { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, + { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, + { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, + { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, + { + id: 'CWE-129', + name: 'Improper Validation of Array Index', + status: 'Draft', + }, + { + id: 'CWE-13', + name: 'ASP.NET Misconfiguration: Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-130', + name: 'Improper Handling of Length Parameter Inconsistency ', + status: 'Incomplete', + }, + { + id: 'CWE-131', + name: 'Incorrect Calculation of Buffer Size', + status: 'Draft', + }, + { + id: 'CWE-132', + name: 'DEPRECATED (Duplicate): Miscalculated Null Termination', + status: 'Deprecated', + }, + { id: 'CWE-134', name: 'Uncontrolled Format String', status: 'Draft' }, + { + id: 'CWE-135', + name: 'Incorrect Calculation of Multi-Byte String Length', + status: 'Draft', + }, + { + id: 'CWE-138', + name: 'Improper Neutralization of Special Elements', + status: 'Draft', + }, + { + id: 'CWE-14', + name: 'Compiler Removal of Code to Clear Buffers', + status: 'Draft', + }, + { + id: 'CWE-140', + name: 'Improper Neutralization of Delimiters', + status: 'Draft', + }, + { + id: 'CWE-141', + name: 'Improper Neutralization of Parameter/Argument Delimiters', + status: 'Draft', + }, + { + id: 'CWE-142', + name: 'Improper Neutralization of Value Delimiters', + status: 'Draft', + }, + { + id: 'CWE-143', + name: 'Improper Neutralization of Record Delimiters', + status: 'Draft', + }, + { + id: 'CWE-144', + name: 'Improper Neutralization of Line Delimiters', + status: 'Draft', + }, + { + id: 'CWE-145', + name: 'Improper Neutralization of Section Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-146', + name: 'Improper Neutralization of Expression/Command Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-147', + name: 'Improper Neutralization of Input Terminators', + status: 'Draft', + }, + { + id: 'CWE-148', + name: 'Improper Neutralization of Input Leaders', + status: 'Draft', + }, + { + id: 'CWE-149', + name: 'Improper Neutralization of Quoting Syntax', + status: 'Draft', + }, + { + id: 'CWE-15', + name: 'External Control of System or Configuration Setting', + status: 'Incomplete', + }, + { + id: 'CWE-150', + name: 'Improper Neutralization of Escape, Meta, or Control Sequences', + status: 'Incomplete', + }, + { + id: 'CWE-151', + name: 'Improper Neutralization of Comment Delimiters', + status: 'Draft', + }, + { + id: 'CWE-152', + name: 'Improper Neutralization of Macro Symbols', + status: 'Draft', + }, + { + id: 'CWE-153', + name: 'Improper Neutralization of Substitution Characters', + status: 'Draft', + }, + { + id: 'CWE-154', + name: 'Improper Neutralization of Variable Name Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-155', + name: 'Improper Neutralization of Wildcards or Matching Symbols', + status: 'Draft', + }, + { + id: 'CWE-156', + name: 'Improper Neutralization of Whitespace', + status: 'Draft', + }, + { + id: 'CWE-157', + name: 'Failure to Sanitize Paired Delimiters', + status: 'Draft', + }, + { + id: 'CWE-158', + name: 'Improper Neutralization of Null Byte or NUL Character', + status: 'Incomplete', + }, + { + id: 'CWE-159', + name: 'Failure to Sanitize Special Element', + status: 'Draft', + }, + { + id: 'CWE-160', + name: 'Improper Neutralization of Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-161', + name: 'Improper Neutralization of Multiple Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-162', + name: 'Improper Neutralization of Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-163', + name: 'Improper Neutralization of Multiple Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-164', + name: 'Improper Neutralization of Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-165', + name: 'Improper Neutralization of Multiple Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-166', + name: 'Improper Handling of Missing Special Element', + status: 'Draft', + }, + { + id: 'CWE-167', + name: 'Improper Handling of Additional Special Element', + status: 'Draft', + }, + { + id: 'CWE-168', + name: 'Improper Handling of Inconsistent Special Elements', + status: 'Draft', + }, + { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, + { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, + { + id: 'CWE-173', + name: 'Improper Handling of Alternate Encoding', + status: 'Draft', + }, + { + id: 'CWE-174', + name: 'Double Decoding of the Same Data', + status: 'Draft', + }, + { + id: 'CWE-175', + name: 'Improper Handling of Mixed Encoding', + status: 'Draft', + }, + { + id: 'CWE-176', + name: 'Improper Handling of Unicode Encoding', + status: 'Draft', + }, + { + id: 'CWE-177', + name: 'Improper Handling of URL Encoding (Hex Encoding)', + status: 'Draft', + }, + { + id: 'CWE-178', + name: 'Improper Handling of Case Sensitivity', + status: 'Incomplete', + }, + { + id: 'CWE-179', + name: 'Incorrect Behavior Order: Early Validation', + status: 'Incomplete', + }, + { + id: 'CWE-180', + name: 'Incorrect Behavior Order: Validate Before Canonicalize', + status: 'Draft', + }, + { + id: 'CWE-181', + name: 'Incorrect Behavior Order: Validate Before Filter', + status: 'Draft', + }, + { + id: 'CWE-182', + name: 'Collapse of Data into Unsafe Value', + status: 'Draft', + }, + { id: 'CWE-183', name: 'Permissive Whitelist', status: 'Draft' }, + { id: 'CWE-184', name: 'Incomplete Blacklist', status: 'Draft' }, + { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, + { + id: 'CWE-186', + name: 'Overly Restrictive Regular Expression', + status: 'Draft', + }, + { id: 'CWE-187', name: 'Partial Comparison', status: 'Incomplete' }, + { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, + { + id: 'CWE-190', + name: 'Integer Overflow or Wraparound', + status: 'Incomplete', + }, + { + id: 'CWE-191', + name: 'Integer Underflow (Wrap or Wraparound)', + status: 'Draft', + }, + { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, + { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, + { + id: 'CWE-195', + name: 'Signed to Unsigned Conversion Error', + status: 'Draft', + }, + { + id: 'CWE-196', + name: 'Unsigned to Signed Conversion Error', + status: 'Draft', + }, + { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, + { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, + { id: 'CWE-20', name: 'Improper Input Validation', status: 'Usable' }, + { id: 'CWE-200', name: 'Information Exposure', status: 'Incomplete' }, + { + id: 'CWE-201', + name: 'Information Exposure Through Sent Data', + status: 'Draft', + }, + { + id: 'CWE-202', + name: 'Exposure of Sensitive Data Through Data Queries', + status: 'Draft', + }, + { + id: 'CWE-203', + name: 'Information Exposure Through Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-204', + name: 'Response Discrepancy Information Exposure', + status: 'Incomplete', + }, + { + id: 'CWE-205', + name: 'Information Exposure Through Behavioral Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-206', + name: 'Information Exposure of Internal State Through Behavioral Inconsistency', + status: 'Incomplete', + }, + { + id: 'CWE-207', + name: 'Information Exposure Through an External Behavioral Inconsistency', + status: 'Draft', + }, + { + id: 'CWE-208', + name: 'Information Exposure Through Timing Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-209', + name: 'Information Exposure Through an Error Message', + status: 'Draft', + }, + { + id: 'CWE-210', + name: 'Information Exposure Through Generated Error Message', + status: 'Draft', + }, + { + id: 'CWE-211', + name: 'Information Exposure Through External Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-212', + name: 'Improper Cross-boundary Removal of Sensitive Data', + status: 'Incomplete', + }, + { + id: 'CWE-213', + name: 'Intentional Information Exposure', + status: 'Draft', + }, + { + id: 'CWE-214', + name: 'Information Exposure Through Process Environment', + status: 'Incomplete', + }, + { + id: 'CWE-215', + name: 'Information Exposure Through Debug Information', + status: 'Draft', + }, + { + id: 'CWE-216', + name: 'Containment Errors (Container Errors)', + status: 'Incomplete', + }, + { + id: 'CWE-217', + name: 'DEPRECATED: Failure to Protect Stored Data from Modification', + status: 'Deprecated', + }, + { + id: 'CWE-218', + name: 'DEPRECATED (Duplicate): Failure to provide confidentiality for stored data', + status: 'Deprecated', + }, + { id: 'CWE-219', name: 'Sensitive Data Under Web Root', status: 'Draft' }, + { + id: 'CWE-22', + name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + status: 'Draft', + }, + { id: 'CWE-220', name: 'Sensitive Data Under FTP Root', status: 'Draft' }, + { + id: 'CWE-221', + name: 'Information Loss or Omission', + status: 'Incomplete', + }, + { + id: 'CWE-222', + name: 'Truncation of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-223', + name: 'Omission of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-224', + name: 'Obscured Security-relevant Information by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-225', + name: 'DEPRECATED (Duplicate): General Information Management Problems', + status: 'Deprecated', + }, + { + id: 'CWE-226', + name: 'Sensitive Information Uncleared Before Release', + status: 'Draft', + }, + { + id: 'CWE-227', + name: "Improper Fulfillment of API Contract ('API Abuse')", + status: 'Draft', + }, + { + id: 'CWE-228', + name: 'Improper Handling of Syntactically Invalid Structure', + status: 'Incomplete', + }, + { + id: 'CWE-229', + name: 'Improper Handling of Values', + status: 'Incomplete', + }, + { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, + { + id: 'CWE-230', + name: 'Improper Handling of Missing Values', + status: 'Draft', + }, + { + id: 'CWE-231', + name: 'Improper Handling of Extra Values', + status: 'Draft', + }, + { + id: 'CWE-232', + name: 'Improper Handling of Undefined Values', + status: 'Draft', + }, + { id: 'CWE-233', name: 'Parameter Problems', status: 'Incomplete' }, + { + id: 'CWE-234', + name: 'Failure to Handle Missing Parameter', + status: 'Incomplete', + }, + { + id: 'CWE-235', + name: 'Improper Handling of Extra Parameters', + status: 'Draft', + }, + { + id: 'CWE-236', + name: 'Improper Handling of Undefined Parameters', + status: 'Draft', + }, + { + id: 'CWE-237', + name: 'Improper Handling of Structural Elements', + status: 'Incomplete', + }, + { + id: 'CWE-238', + name: 'Improper Handling of Incomplete Structural Elements', + status: 'Draft', + }, + { + id: 'CWE-239', + name: 'Failure to Handle Incomplete Element', + status: 'Draft', + }, + { + id: 'CWE-24', + name: "Path Traversal: '../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-240', + name: 'Improper Handling of Inconsistent Structural Elements', + status: 'Draft', + }, + { + id: 'CWE-241', + name: 'Improper Handling of Unexpected Data Type', + status: 'Draft', + }, + { + id: 'CWE-242', + name: 'Use of Inherently Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-243', + name: 'Creation of chroot Jail Without Changing Working Directory', + status: 'Draft', + }, + { + id: 'CWE-244', + name: "Improper Clearing of Heap Memory Before Release ('Heap Inspection')", + status: 'Draft', + }, + { + id: 'CWE-245', + name: 'J2EE Bad Practices: Direct Management of Connections', + status: 'Draft', + }, + { + id: 'CWE-246', + name: 'J2EE Bad Practices: Direct Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-247', + name: 'Reliance on DNS Lookups in a Security Decision', + status: 'Incomplete', + }, + { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, + { + id: 'CWE-249', + name: 'DEPRECATED: Often Misused: Path Manipulation', + status: 'Deprecated', + }, + { + id: 'CWE-25', + name: "Path Traversal: '/../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-250', + name: 'Execution with Unnecessary Privileges', + status: 'Draft', + }, + { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, + { + id: 'CWE-253', + name: 'Incorrect Check of Function Return Value', + status: 'Incomplete', + }, + { + id: 'CWE-256', + name: 'Plaintext Storage of a Password', + status: 'Incomplete', + }, + { + id: 'CWE-257', + name: 'Storing Passwords in a Recoverable Format', + status: 'Incomplete', + }, + { + id: 'CWE-258', + name: 'Empty Password in Configuration File', + status: 'Incomplete', + }, + { id: 'CWE-259', name: 'Use of Hard-coded Password', status: 'Draft' }, + { + id: 'CWE-26', + name: "Path Traversal: '/dir/../filename'", + status: 'Draft', + }, + { + id: 'CWE-260', + name: 'Password in Configuration File', + status: 'Incomplete', + }, + { + id: 'CWE-261', + name: 'Weak Cryptography for Passwords', + status: 'Incomplete', + }, + { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, + { + id: 'CWE-263', + name: 'Password Aging with Long Expiration', + status: 'Draft', + }, + { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, + { + id: 'CWE-267', + name: 'Privilege Defined With Unsafe Actions', + status: 'Incomplete', + }, + { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, + { + id: 'CWE-269', + name: 'Improper Privilege Management', + status: 'Incomplete', + }, + { + id: 'CWE-27', + name: "Path Traversal: 'dir/../../filename'", + status: 'Draft', + }, + { + id: 'CWE-270', + name: 'Privilege Context Switching Error', + status: 'Draft', + }, + { + id: 'CWE-271', + name: 'Privilege Dropping / Lowering Errors', + status: 'Incomplete', + }, + { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, + { + id: 'CWE-273', + name: 'Improper Check for Dropped Privileges', + status: 'Incomplete', + }, + { + id: 'CWE-274', + name: 'Improper Handling of Insufficient Privileges', + status: 'Draft', + }, + { id: 'CWE-276', name: 'Incorrect Default Permissions', status: 'Draft' }, + { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, + { + id: 'CWE-278', + name: 'Insecure Preserved Inherited Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-279', + name: 'Incorrect Execution-Assigned Permissions', + status: 'Draft', + }, + { + id: 'CWE-28', + name: "Path Traversal: '..\\filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-280', + name: 'Improper Handling of Insufficient Permissions or Privileges ', + status: 'Draft', + }, + { + id: 'CWE-281', + name: 'Improper Preservation of Permissions', + status: 'Draft', + }, + { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, + { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, + { id: 'CWE-284', name: 'Improper Access Control', status: 'Incomplete' }, + { id: 'CWE-285', name: 'Improper Authorization', status: 'Draft' }, + { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, + { id: 'CWE-287', name: 'Improper Authentication', status: 'Draft' }, + { + id: 'CWE-288', + name: 'Authentication Bypass Using an Alternate Path or Channel', + status: 'Incomplete', + }, + { + id: 'CWE-289', + name: 'Authentication Bypass by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-29', + name: "Path Traversal: '\\..\\filename'", + status: 'Incomplete', + }, + { + id: 'CWE-290', + name: 'Authentication Bypass by Spoofing', + status: 'Incomplete', + }, + { + id: 'CWE-292', + name: 'Trusting Self-reported DNS Name', + status: 'Incomplete', + }, + { + id: 'CWE-293', + name: 'Using Referer Field for Authentication', + status: 'Draft', + }, + { + id: 'CWE-294', + name: 'Authentication Bypass by Capture-replay', + status: 'Incomplete', + }, + { + id: 'CWE-296', + name: 'Improper Following of Chain of Trust for Certificate Validation', + status: 'Draft', + }, + { + id: 'CWE-297', + name: 'Improper Validation of Host-specific Certificate Data', + status: 'Incomplete', + }, + { + id: 'CWE-298', + name: 'Improper Validation of Certificate Expiration', + status: 'Draft', + }, + { + id: 'CWE-299', + name: 'Improper Check for Certificate Revocation', + status: 'Draft', + }, + { + id: 'CWE-30', + name: "Path Traversal: '\\dir\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-300', + name: "Channel Accessible by Non-Endpoint ('Man-in-the-Middle')", + status: 'Draft', + }, + { + id: 'CWE-301', + name: 'Reflection Attack in an Authentication Protocol', + status: 'Draft', + }, + { + id: 'CWE-302', + name: 'Authentication Bypass by Assumed-Immutable Data', + status: 'Incomplete', + }, + { + id: 'CWE-303', + name: 'Incorrect Implementation of Authentication Algorithm', + status: 'Draft', + }, + { + id: 'CWE-304', + name: 'Missing Critical Step in Authentication', + status: 'Draft', + }, + { + id: 'CWE-305', + name: 'Authentication Bypass by Primary Weakness', + status: 'Draft', + }, + { + id: 'CWE-306', + name: 'Missing Authentication for Critical Function', + status: 'Draft', + }, + { + id: 'CWE-307', + name: 'Improper Restriction of Excessive Authentication Attempts', + status: 'Draft', + }, + { + id: 'CWE-308', + name: 'Use of Single-factor Authentication', + status: 'Draft', + }, + { + id: 'CWE-309', + name: 'Use of Password System for Primary Authentication', + status: 'Draft', + }, + { + id: 'CWE-31', + name: "Path Traversal: 'dir\\..\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-311', + name: 'Missing Encryption of Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-312', + name: 'Cleartext Storage of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-313', + name: 'Plaintext Storage in a File or on Disk', + status: 'Draft', + }, + { + id: 'CWE-314', + name: 'Plaintext Storage in the Registry', + status: 'Draft', + }, + { id: 'CWE-315', name: 'Plaintext Storage in a Cookie', status: 'Draft' }, + { id: 'CWE-316', name: 'Plaintext Storage in Memory', status: 'Draft' }, + { id: 'CWE-317', name: 'Plaintext Storage in GUI', status: 'Draft' }, + { id: 'CWE-318', name: 'Plaintext Storage in Executable', status: 'Draft' }, + { + id: 'CWE-319', + name: 'Cleartext Transmission of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-32', + name: "Path Traversal: '...' (Triple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-321', + name: 'Use of Hard-coded Cryptographic Key', + status: 'Draft', + }, + { + id: 'CWE-322', + name: 'Key Exchange without Entity Authentication', + status: 'Draft', + }, + { + id: 'CWE-323', + name: 'Reusing a Nonce, Key Pair in Encryption', + status: 'Incomplete', + }, + { + id: 'CWE-324', + name: 'Use of a Key Past its Expiration Date', + status: 'Draft', + }, + { + id: 'CWE-325', + name: 'Missing Required Cryptographic Step', + status: 'Incomplete', + }, + { id: 'CWE-326', name: 'Inadequate Encryption Strength', status: 'Draft' }, + { + id: 'CWE-327', + name: 'Use of a Broken or Risky Cryptographic Algorithm', + status: 'Draft', + }, + { id: 'CWE-328', name: 'Reversible One-Way Hash', status: 'Draft' }, + { + id: 'CWE-329', + name: 'Not Using a Random IV with CBC Mode', + status: 'Draft', + }, + { + id: 'CWE-33', + name: "Path Traversal: '....' (Multiple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-330', + name: 'Use of Insufficiently Random Values', + status: 'Usable', + }, + { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, + { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, + { + id: 'CWE-333', + name: 'Improper Handling of Insufficient Entropy in TRNG', + status: 'Draft', + }, + { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, + { id: 'CWE-335', name: 'PRNG Seed Error', status: 'Draft' }, + { id: 'CWE-336', name: 'Same Seed in PRNG', status: 'Draft' }, + { id: 'CWE-337', name: 'Predictable Seed in PRNG', status: 'Draft' }, + { + id: 'CWE-338', + name: 'Use of Cryptographically Weak PRNG', + status: 'Draft', + }, + { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, + { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, + { id: 'CWE-340', name: 'Predictability Problems', status: 'Incomplete' }, + { + id: 'CWE-341', + name: 'Predictable from Observable State', + status: 'Draft', + }, + { + id: 'CWE-342', + name: 'Predictable Exact Value from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-343', + name: 'Predictable Value Range from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-344', + name: 'Use of Invariant Value in Dynamically Changing Context', + status: 'Draft', + }, + { + id: 'CWE-345', + name: 'Insufficient Verification of Data Authenticity', + status: 'Draft', + }, + { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, + { + id: 'CWE-347', + name: 'Improper Verification of Cryptographic Signature', + status: 'Draft', + }, + { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, + { + id: 'CWE-349', + name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', + status: 'Draft', + }, + { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, + { id: 'CWE-350', name: 'Improperly Trusted Reverse DNS', status: 'Draft' }, + { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, + { + id: 'CWE-353', + name: 'Missing Support for Integrity Check', + status: 'Draft', + }, + { + id: 'CWE-354', + name: 'Improper Validation of Integrity Check Value', + status: 'Draft', + }, + { + id: 'CWE-356', + name: 'Product UI does not Warn User of Unsafe Actions', + status: 'Incomplete', + }, + { + id: 'CWE-357', + name: 'Insufficient UI Warning of Dangerous Operations', + status: 'Draft', + }, + { + id: 'CWE-358', + name: 'Improperly Implemented Security Check for Standard', + status: 'Draft', + }, + { id: 'CWE-359', name: 'Privacy Violation', status: 'Incomplete' }, + { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, + { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, + { + id: 'CWE-362', + name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", + status: 'Draft', + }, + { + id: 'CWE-363', + name: 'Race Condition Enabling Link Following', + status: 'Draft', + }, + { + id: 'CWE-364', + name: 'Signal Handler Race Condition', + status: 'Incomplete', + }, + { id: 'CWE-365', name: 'Race Condition in Switch', status: 'Draft' }, + { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, + { + id: 'CWE-367', + name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', + status: 'Incomplete', + }, + { + id: 'CWE-368', + name: 'Context Switching Race Condition', + status: 'Draft', + }, + { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, + { + id: 'CWE-37', + name: "Path Traversal: '/absolute/pathname/here'", + status: 'Draft', + }, + { + id: 'CWE-370', + name: 'Missing Check for Certificate Revocation after Initial Check', + status: 'Draft', + }, + { + id: 'CWE-372', + name: 'Incomplete Internal State Distinction', + status: 'Draft', + }, + { + id: 'CWE-373', + name: 'DEPRECATED: State Synchronization Error', + status: 'Deprecated', + }, + { + id: 'CWE-374', + name: 'Passing Mutable Objects to an Untrusted Method', + status: 'Draft', + }, + { + id: 'CWE-375', + name: 'Returning a Mutable Object to an Untrusted Caller', + status: 'Draft', + }, + { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, + { + id: 'CWE-378', + name: 'Creation of Temporary File With Insecure Permissions', + status: 'Draft', + }, + { + id: 'CWE-379', + name: 'Creation of Temporary File in Directory with Incorrect Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-38', + name: "Path Traversal: '\\absolute\\pathname\\here'", + status: 'Draft', + }, + { + id: 'CWE-382', + name: 'J2EE Bad Practices: Use of System.exit()', + status: 'Draft', + }, + { + id: 'CWE-383', + name: 'J2EE Bad Practices: Direct Use of Threads', + status: 'Draft', + }, + { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, + { + id: 'CWE-386', + name: 'Symbolic Name not Mapping to Correct Object', + status: 'Draft', + }, + { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, + { + id: 'CWE-390', + name: 'Detection of Error Condition Without Action', + status: 'Draft', + }, + { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, + { + id: 'CWE-392', + name: 'Missing Report of Error Condition', + status: 'Draft', + }, + { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, + { + id: 'CWE-394', + name: 'Unexpected Status Code or Return Value', + status: 'Draft', + }, + { + id: 'CWE-395', + name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', + status: 'Draft', + }, + { + id: 'CWE-396', + name: 'Declaration of Catch for Generic Exception', + status: 'Draft', + }, + { + id: 'CWE-397', + name: 'Declaration of Throws for Generic Exception', + status: 'Draft', + }, + { id: 'CWE-398', name: 'Indicator of Poor Code Quality', status: 'Draft' }, + { + id: 'CWE-40', + name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", + status: 'Draft', + }, + { + id: 'CWE-400', + name: "Uncontrolled Resource Consumption ('Resource Exhaustion')", + status: 'Incomplete', + }, + { + id: 'CWE-401', + name: "Improper Release of Memory Before Removing Last Reference ('Memory Leak')", + status: 'Draft', + }, + { + id: 'CWE-402', + name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", + status: 'Draft', + }, + { + id: 'CWE-403', + name: 'Exposure of File Descriptor to Unintended Control Sphere', + status: 'Draft', + }, + { + id: 'CWE-404', + name: 'Improper Resource Shutdown or Release', + status: 'Draft', + }, + { + id: 'CWE-405', + name: 'Asymmetric Resource Consumption (Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-406', + name: 'Insufficient Control of Network Message Volume (Network Amplification)', + status: 'Incomplete', + }, + { id: 'CWE-407', name: 'Algorithmic Complexity', status: 'Incomplete' }, + { + id: 'CWE-408', + name: 'Incorrect Behavior Order: Early Amplification', + status: 'Draft', + }, + { + id: 'CWE-409', + name: 'Improper Handling of Highly Compressed Data (Data Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-41', + name: 'Improper Resolution of Path Equivalence', + status: 'Incomplete', + }, + { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, + { + id: 'CWE-412', + name: 'Unrestricted Externally Accessible Lock', + status: 'Incomplete', + }, + { id: 'CWE-413', name: 'Improper Resource Locking', status: 'Draft' }, + { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, + { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, + { id: 'CWE-416', name: 'Use After Free', status: 'Draft' }, + { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, + { + id: 'CWE-42', + name: "Path Equivalence: 'filename.' (Trailing Dot)", + status: 'Incomplete', + }, + { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, + { + id: 'CWE-421', + name: 'Race Condition During Access to Alternate Channel', + status: 'Draft', + }, + { + id: 'CWE-422', + name: "Unprotected Windows Messaging Channel ('Shatter')", + status: 'Draft', + }, + { + id: 'CWE-423', + name: 'DEPRECATED (Duplicate): Proxied Trusted Channel', + status: 'Deprecated', + }, + { + id: 'CWE-424', + name: 'Improper Protection of Alternate Path', + status: 'Draft', + }, + { + id: 'CWE-425', + name: "Direct Request ('Forced Browsing')", + status: 'Incomplete', + }, + { + id: 'CWE-427', + name: 'Uncontrolled Search Path Element', + status: 'Draft', + }, + { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, + { + id: 'CWE-43', + name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-430', + name: 'Deployment of Wrong Handler', + status: 'Incomplete', + }, + { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, + { + id: 'CWE-432', + name: 'Dangerous Signal Handler not Disabled During Sensitive Operations', + status: 'Draft', + }, + { + id: 'CWE-433', + name: 'Unparsed Raw Web Content Delivery', + status: 'Incomplete', + }, + { + id: 'CWE-434', + name: 'Unrestricted Upload of File with Dangerous Type', + status: 'Draft', + }, + { id: 'CWE-435', name: 'Interaction Error', status: 'Draft' }, + { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, + { + id: 'CWE-437', + name: 'Incomplete Model of Endpoint Features', + status: 'Incomplete', + }, + { + id: 'CWE-439', + name: 'Behavioral Change in New Version or Environment', + status: 'Draft', + }, + { + id: 'CWE-44', + name: "Path Equivalence: 'file.name' (Internal Dot)", + status: 'Incomplete', + }, + { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, + { id: 'CWE-441', name: 'Unintended Proxy/Intermediary', status: 'Draft' }, + { + id: 'CWE-443', + name: 'DEPRECATED (Duplicate): HTTP response splitting', + status: 'Deprecated', + }, + { + id: 'CWE-444', + name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')", + status: 'Incomplete', + }, + { + id: 'CWE-446', + name: 'UI Discrepancy for Security Feature', + status: 'Incomplete', + }, + { + id: 'CWE-447', + name: 'Unimplemented or Unsupported Feature in UI', + status: 'Draft', + }, + { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, + { + id: 'CWE-449', + name: 'The UI Performs the Wrong Action', + status: 'Incomplete', + }, + { + id: 'CWE-45', + name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-450', + name: 'Multiple Interpretations of UI Input', + status: 'Draft', + }, + { + id: 'CWE-451', + name: 'UI Misrepresentation of Critical Information', + status: 'Draft', + }, + { + id: 'CWE-453', + name: 'Insecure Default Variable Initialization', + status: 'Draft', + }, + { + id: 'CWE-454', + name: 'External Initialization of Trusted Variables or Data Stores', + status: 'Draft', + }, + { + id: 'CWE-455', + name: 'Non-exit on Failed Initialization', + status: 'Draft', + }, + { id: 'CWE-456', name: 'Missing Initialization', status: 'Draft' }, + { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, + { + id: 'CWE-458', + name: 'DEPRECATED: Incorrect Initialization', + status: 'Deprecated', + }, + { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, + { + id: 'CWE-46', + name: "Path Equivalence: 'filename ' (Trailing Space)", + status: 'Incomplete', + }, + { + id: 'CWE-460', + name: 'Improper Cleanup on Thrown Exception', + status: 'Draft', + }, + { + id: 'CWE-462', + name: 'Duplicate Key in Associative List (Alist)', + status: 'Incomplete', + }, + { + id: 'CWE-463', + name: 'Deletion of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-464', + name: 'Addition of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-466', + name: 'Return of Pointer Value Outside of Expected Range', + status: 'Draft', + }, + { + id: 'CWE-467', + name: 'Use of sizeof() on a Pointer Type', + status: 'Draft', + }, + { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, + { + id: 'CWE-469', + name: 'Use of Pointer Subtraction to Determine Size', + status: 'Draft', + }, + { + id: 'CWE-47', + name: "Path Equivalence: ' filename' (Leading Space)", + status: 'Incomplete', + }, + { + id: 'CWE-470', + name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", + status: 'Draft', + }, + { + id: 'CWE-471', + name: 'Modification of Assumed-Immutable Data (MAID)', + status: 'Draft', + }, + { + id: 'CWE-472', + name: 'External Control of Assumed-Immutable Web Parameter', + status: 'Draft', + }, + { + id: 'CWE-473', + name: 'PHP External Variable Modification', + status: 'Draft', + }, + { + id: 'CWE-474', + name: 'Use of Function with Inconsistent Implementations', + status: 'Draft', + }, + { + id: 'CWE-475', + name: 'Undefined Behavior for Input to API', + status: 'Incomplete', + }, + { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Draft' }, + { id: 'CWE-477', name: 'Use of Obsolete Functions', status: 'Draft' }, + { + id: 'CWE-478', + name: 'Missing Default Case in Switch Statement', + status: 'Draft', + }, + { + id: 'CWE-479', + name: 'Signal Handler Use of a Non-reentrant Function', + status: 'Draft', + }, + { + id: 'CWE-48', + name: "Path Equivalence: 'file name' (Internal Whitespace)", + status: 'Incomplete', + }, + { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, + { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, + { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, + { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, + { + id: 'CWE-484', + name: 'Omitted Break Statement in Switch', + status: 'Draft', + }, + { id: 'CWE-485', name: 'Insufficient Encapsulation', status: 'Draft' }, + { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, + { + id: 'CWE-487', + name: 'Reliance on Package-level Scope', + status: 'Incomplete', + }, + { + id: 'CWE-488', + name: 'Exposure of Data Element to Wrong Session', + status: 'Draft', + }, + { id: 'CWE-489', name: 'Leftover Debug Code', status: 'Draft' }, + { + id: 'CWE-49', + name: "Path Equivalence: 'filename/' (Trailing Slash)", + status: 'Incomplete', + }, + { + id: 'CWE-491', + name: "Public cloneable() Method Without Final ('Object Hijack')", + status: 'Draft', + }, + { + id: 'CWE-492', + name: 'Use of Inner Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-493', + name: 'Critical Public Variable Without Final Modifier', + status: 'Draft', + }, + { + id: 'CWE-494', + name: 'Download of Code Without Integrity Check', + status: 'Draft', + }, + { + id: 'CWE-495', + name: 'Private Array-Typed Field Returned From A Public Method', + status: 'Draft', + }, + { + id: 'CWE-496', + name: 'Public Data Assigned to Private Array-Typed Field', + status: 'Incomplete', + }, + { + id: 'CWE-497', + name: 'Exposure of System Data to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-498', + name: 'Cloneable Class Containing Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-499', + name: 'Serializable Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-5', + name: 'J2EE Misconfiguration: Data Transmission Without Encryption', + status: 'Draft', + }, + { + id: 'CWE-50', + name: "Path Equivalence: '//multiple/leading/slash'", + status: 'Incomplete', + }, + { + id: 'CWE-500', + name: 'Public Static Field Not Marked Final', + status: 'Draft', + }, + { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, + { + id: 'CWE-502', + name: 'Deserialization of Untrusted Data', + status: 'Draft', + }, + { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, + { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, + { + id: 'CWE-508', + name: 'Non-Replicating Malicious Code', + status: 'Incomplete', + }, + { + id: 'CWE-509', + name: 'Replicating Malicious Code (Virus or Worm)', + status: 'Incomplete', + }, + { + id: 'CWE-51', + name: "Path Equivalence: '/multiple//internal/slash'", + status: 'Incomplete', + }, + { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, + { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, + { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, + { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, + { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, + { + id: 'CWE-516', + name: 'DEPRECATED (Duplicate): Covert Timing Channel', + status: 'Deprecated', + }, + { + id: 'CWE-52', + name: "Path Equivalence: '/multiple/trailing/slash//'", + status: 'Incomplete', + }, + { + id: 'CWE-520', + name: '.NET Misconfiguration: Use of Impersonation', + status: 'Incomplete', + }, + { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, + { + id: 'CWE-522', + name: 'Insufficiently Protected Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-523', + name: 'Unprotected Transport of Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-524', + name: 'Information Exposure Through Caching', + status: 'Incomplete', + }, + { + id: 'CWE-525', + name: 'Information Exposure Through Browser Caching', + status: 'Incomplete', + }, + { + id: 'CWE-526', + name: 'Information Exposure Through Environmental Variables', + status: 'Incomplete', + }, + { + id: 'CWE-527', + name: 'Exposure of CVS Repository to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-528', + name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', + status: 'Draft', + }, + { + id: 'CWE-529', + name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-53', + name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", + status: 'Incomplete', + }, + { + id: 'CWE-530', + name: 'Exposure of Backup File to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-531', + name: 'Information Exposure Through Test Code', + status: 'Incomplete', + }, + { + id: 'CWE-532', + name: 'Information Exposure Through Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-533', + name: 'Information Exposure Through Server Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-534', + name: 'Information Exposure Through Debug Log Files', + status: 'Draft', + }, + { + id: 'CWE-535', + name: 'Information Exposure Through Shell Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-536', + name: 'Information Exposure Through Servlet Runtime Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-537', + name: 'Information Exposure Through Java Runtime Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-538', + name: 'File and Directory Information Exposure', + status: 'Draft', + }, + { + id: 'CWE-539', + name: 'Information Exposure Through Persistent Cookies', + status: 'Incomplete', + }, + { + id: 'CWE-54', + name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", + status: 'Incomplete', + }, + { + id: 'CWE-540', + name: 'Information Exposure Through Source Code', + status: 'Incomplete', + }, + { + id: 'CWE-541', + name: 'Information Exposure Through Include Source Code', + status: 'Incomplete', + }, + { + id: 'CWE-542', + name: 'Information Exposure Through Cleanup Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-543', + name: 'Use of Singleton Pattern Without Synchronization in a Multithreaded Context', + status: 'Incomplete', + }, + { + id: 'CWE-544', + name: 'Missing Standardized Error Handling Mechanism', + status: 'Draft', + }, + { + id: 'CWE-545', + name: 'Use of Dynamic Class Loading', + status: 'Incomplete', + }, + { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, + { + id: 'CWE-547', + name: 'Use of Hard-coded, Security-relevant Constants', + status: 'Draft', + }, + { + id: 'CWE-548', + name: 'Information Exposure Through Directory Listing', + status: 'Draft', + }, + { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, + { + id: 'CWE-55', + name: "Path Equivalence: '/./' (Single Dot Directory)", + status: 'Incomplete', + }, + { + id: 'CWE-550', + name: 'Information Exposure Through Server Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-551', + name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', + status: 'Incomplete', + }, + { + id: 'CWE-552', + name: 'Files or Directories Accessible to External Parties', + status: 'Draft', + }, + { + id: 'CWE-553', + name: 'Command Shell in Externally Accessible Directory', + status: 'Incomplete', + }, + { + id: 'CWE-554', + name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', + status: 'Draft', + }, + { + id: 'CWE-555', + name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-556', + name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', + status: 'Incomplete', + }, + { + id: 'CWE-558', + name: 'Use of getlogin() in Multithreaded Application', + status: 'Draft', + }, + { + id: 'CWE-56', + name: "Path Equivalence: 'filedir*' (Wildcard)", + status: 'Incomplete', + }, + { + id: 'CWE-560', + name: 'Use of umask() with chmod-style Argument', + status: 'Draft', + }, + { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, + { + id: 'CWE-562', + name: 'Return of Stack Variable Address', + status: 'Draft', + }, + { id: 'CWE-563', name: 'Unused Variable', status: 'Draft' }, + { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, + { + id: 'CWE-565', + name: 'Reliance on Cookies without Validation and Integrity Checking', + status: 'Incomplete', + }, + { + id: 'CWE-566', + name: 'Authorization Bypass Through User-Controlled SQL Primary Key', + status: 'Incomplete', + }, + { + id: 'CWE-567', + name: 'Unsynchronized Access to Shared Data in a Multithreaded Context', + status: 'Draft', + }, + { + id: 'CWE-568', + name: 'finalize() Method Without super.finalize()', + status: 'Draft', + }, + { + id: 'CWE-57', + name: "Path Equivalence: 'fakedir/../realdir/filename'", + status: 'Incomplete', + }, + { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, + { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, + { + id: 'CWE-572', + name: 'Call to Thread run() instead of start()', + status: 'Draft', + }, + { + id: 'CWE-573', + name: 'Improper Following of Specification by Caller', + status: 'Draft', + }, + { + id: 'CWE-574', + name: 'EJB Bad Practices: Use of Synchronization Primitives', + status: 'Draft', + }, + { + id: 'CWE-575', + name: 'EJB Bad Practices: Use of AWT Swing', + status: 'Draft', + }, + { + id: 'CWE-576', + name: 'EJB Bad Practices: Use of Java I/O', + status: 'Draft', + }, + { + id: 'CWE-577', + name: 'EJB Bad Practices: Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-578', + name: 'EJB Bad Practices: Use of Class Loader', + status: 'Draft', + }, + { + id: 'CWE-579', + name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', + status: 'Draft', + }, + { + id: 'CWE-58', + name: 'Path Equivalence: Windows 8.3 Filename', + status: 'Incomplete', + }, + { + id: 'CWE-580', + name: 'clone() Method Without super.clone()', + status: 'Draft', + }, + { + id: 'CWE-581', + name: 'Object Model Violation: Just One of Equals and Hashcode Defined', + status: 'Draft', + }, + { + id: 'CWE-582', + name: 'Array Declared Public, Final, and Static', + status: 'Draft', + }, + { + id: 'CWE-583', + name: 'finalize() Method Declared Public', + status: 'Incomplete', + }, + { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, + { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, + { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, + { + id: 'CWE-587', + name: 'Assignment of a Fixed Address to a Pointer', + status: 'Draft', + }, + { + id: 'CWE-588', + name: 'Attempt to Access Child of a Non-structure Pointer', + status: 'Incomplete', + }, + { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, + { + id: 'CWE-59', + name: "Improper Link Resolution Before File Access ('Link Following')", + status: 'Draft', + }, + { + id: 'CWE-590', + name: 'Free of Memory not on the Heap', + status: 'Incomplete', + }, + { + id: 'CWE-591', + name: 'Sensitive Data Storage in Improperly Locked Memory', + status: 'Draft', + }, + { + id: 'CWE-592', + name: 'Authentication Bypass Issues', + status: 'Incomplete', + }, + { + id: 'CWE-593', + name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', + status: 'Draft', + }, + { + id: 'CWE-594', + name: 'J2EE Framework: Saving Unserializable Objects to Disk', + status: 'Incomplete', + }, + { + id: 'CWE-595', + name: 'Comparison of Object References Instead of Object Contents', + status: 'Incomplete', + }, + { + id: 'CWE-596', + name: 'Incorrect Semantic Object Comparison', + status: 'Incomplete', + }, + { + id: 'CWE-597', + name: 'Use of Wrong Operator in String Comparison', + status: 'Draft', + }, + { + id: 'CWE-598', + name: 'Information Exposure Through Query Strings in GET Request', + status: 'Draft', + }, + { + id: 'CWE-599', + name: 'Trust of OpenSSL Certificate Without Validation', + status: 'Incomplete', + }, + { + id: 'CWE-6', + name: 'J2EE Misconfiguration: Insufficient Session-ID Length', + status: 'Incomplete', + }, + { id: 'CWE-600', name: 'Uncaught Exception in Servlet ', status: 'Draft' }, + { + id: 'CWE-601', + name: "URL Redirection to Untrusted Site ('Open Redirect')", + status: 'Draft', + }, + { + id: 'CWE-602', + name: 'Client-Side Enforcement of Server-Side Security', + status: 'Draft', + }, + { + id: 'CWE-603', + name: 'Use of Client-Side Authentication', + status: 'Draft', + }, + { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, + { + id: 'CWE-606', + name: 'Unchecked Input for Loop Condition', + status: 'Draft', + }, + { + id: 'CWE-607', + name: 'Public Static Final Field References Mutable Object', + status: 'Draft', + }, + { + id: 'CWE-608', + name: 'Struts: Non-private Field in ActionForm Class', + status: 'Draft', + }, + { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, + { + id: 'CWE-610', + name: 'Externally Controlled Reference to a Resource in Another Sphere', + status: 'Draft', + }, + { + id: 'CWE-611', + name: 'Information Exposure Through XML External Entity Reference', + status: 'Draft', + }, + { + id: 'CWE-612', + name: 'Information Exposure Through Indexing of Private Data', + status: 'Draft', + }, + { + id: 'CWE-613', + name: 'Insufficient Session Expiration', + status: 'Incomplete', + }, + { + id: 'CWE-614', + name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", + status: 'Draft', + }, + { + id: 'CWE-615', + name: 'Information Exposure Through Comments', + status: 'Incomplete', + }, + { + id: 'CWE-616', + name: 'Incomplete Identification of Uploaded File Variables (PHP)', + status: 'Incomplete', + }, + { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, + { + id: 'CWE-618', + name: 'Exposed Unsafe ActiveX Method', + status: 'Incomplete', + }, + { + id: 'CWE-619', + name: "Dangling Database Cursor ('Cursor Injection')", + status: 'Incomplete', + }, + { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, + { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, + { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, + { + id: 'CWE-622', + name: 'Unvalidated Function Hook Arguments', + status: 'Draft', + }, + { + id: 'CWE-623', + name: 'Unsafe ActiveX Control Marked Safe For Scripting', + status: 'Draft', + }, + { + id: 'CWE-624', + name: 'Executable Regular Expression Error', + status: 'Incomplete', + }, + { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, + { + id: 'CWE-626', + name: 'Null Byte Interaction Error (Poison Null Byte)', + status: 'Draft', + }, + { + id: 'CWE-627', + name: 'Dynamic Variable Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-628', + name: 'Function Call with Incorrectly Specified Arguments', + status: 'Draft', + }, + { + id: 'CWE-636', + name: "Not Failing Securely ('Failing Open')", + status: 'Draft', + }, + { + id: 'CWE-637', + name: "Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')", + status: 'Draft', + }, + { id: 'CWE-638', name: 'Not Using Complete Mediation', status: 'Draft' }, + { + id: 'CWE-639', + name: 'Authorization Bypass Through User-Controlled Key', + status: 'Incomplete', + }, + { + id: 'CWE-64', + name: 'Windows Shortcut Following (.LNK)', + status: 'Incomplete', + }, + { + id: 'CWE-640', + name: 'Weak Password Recovery Mechanism for Forgotten Password', + status: 'Incomplete', + }, + { + id: 'CWE-641', + name: 'Improper Restriction of Names for Files and Other Resources', + status: 'Incomplete', + }, + { + id: 'CWE-642', + name: 'External Control of Critical State Data', + status: 'Draft', + }, + { + id: 'CWE-643', + name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-644', + name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', + status: 'Incomplete', + }, + { + id: 'CWE-645', + name: 'Overly Restrictive Account Lockout Mechanism', + status: 'Incomplete', + }, + { + id: 'CWE-646', + name: 'Reliance on File Name or Extension of Externally-Supplied File', + status: 'Incomplete', + }, + { + id: 'CWE-647', + name: 'Use of Non-Canonical URL Paths for Authorization Decisions', + status: 'Incomplete', + }, + { + id: 'CWE-648', + name: 'Incorrect Use of Privileged APIs', + status: 'Incomplete', + }, + { + id: 'CWE-649', + name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', + status: 'Incomplete', + }, + { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, + { + id: 'CWE-650', + name: 'Trusting HTTP Permission Methods on the Server Side', + status: 'Incomplete', + }, + { + id: 'CWE-651', + name: 'Information Exposure Through WSDL File', + status: 'Incomplete', + }, + { + id: 'CWE-652', + name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-653', + name: 'Insufficient Compartmentalization', + status: 'Draft', + }, + { + id: 'CWE-654', + name: 'Reliance on a Single Factor in a Security Decision', + status: 'Draft', + }, + { + id: 'CWE-655', + name: 'Insufficient Psychological Acceptability', + status: 'Draft', + }, + { + id: 'CWE-656', + name: 'Reliance on Security Through Obscurity', + status: 'Draft', + }, + { + id: 'CWE-657', + name: 'Violation of Secure Design Principles', + status: 'Draft', + }, + { + id: 'CWE-66', + name: 'Improper Handling of File Names that Identify Virtual Resources', + status: 'Draft', + }, + { id: 'CWE-662', name: 'Improper Synchronization', status: 'Draft' }, + { + id: 'CWE-663', + name: 'Use of a Non-reentrant Function in a Concurrent Context', + status: 'Draft', + }, + { + id: 'CWE-664', + name: 'Improper Control of a Resource Through its Lifetime', + status: 'Draft', + }, + { id: 'CWE-665', name: 'Improper Initialization', status: 'Draft' }, + { + id: 'CWE-666', + name: 'Operation on Resource in Wrong Phase of Lifetime', + status: 'Draft', + }, + { id: 'CWE-667', name: 'Improper Locking', status: 'Draft' }, + { + id: 'CWE-668', + name: 'Exposure of Resource to Wrong Sphere', + status: 'Draft', + }, + { + id: 'CWE-669', + name: 'Incorrect Resource Transfer Between Spheres', + status: 'Draft', + }, + { + id: 'CWE-67', + name: 'Improper Handling of Windows Device Names', + status: 'Incomplete', + }, + { + id: 'CWE-670', + name: 'Always-Incorrect Control Flow Implementation', + status: 'Draft', + }, + { + id: 'CWE-671', + name: 'Lack of Administrator Control over Security', + status: 'Draft', + }, + { + id: 'CWE-672', + name: 'Operation on a Resource after Expiration or Release', + status: 'Draft', + }, + { + id: 'CWE-673', + name: 'External Influence of Sphere Definition', + status: 'Draft', + }, + { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, + { + id: 'CWE-675', + name: 'Duplicate Operations on Resource', + status: 'Draft', + }, + { + id: 'CWE-676', + name: 'Use of Potentially Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-681', + name: 'Incorrect Conversion between Numeric Types', + status: 'Draft', + }, + { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, + { + id: 'CWE-683', + name: 'Function Call With Incorrect Order of Arguments', + status: 'Draft', + }, + { + id: 'CWE-684', + name: 'Incorrect Provision of Specified Functionality', + status: 'Draft', + }, + { + id: 'CWE-685', + name: 'Function Call With Incorrect Number of Arguments', + status: 'Draft', + }, + { + id: 'CWE-686', + name: 'Function Call With Incorrect Argument Type', + status: 'Draft', + }, + { + id: 'CWE-687', + name: 'Function Call With Incorrectly Specified Argument Value', + status: 'Draft', + }, + { + id: 'CWE-688', + name: 'Function Call With Incorrect Variable or Reference as Argument', + status: 'Draft', + }, + { + id: 'CWE-69', + name: 'Improper Handling of Windows ::DATA Alternate Data Stream', + status: 'Incomplete', + }, + { + id: 'CWE-691', + name: 'Insufficient Control Flow Management', + status: 'Draft', + }, + { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, + { + id: 'CWE-694', + name: 'Use of Multiple Resources with Duplicate Identifier', + status: 'Incomplete', + }, + { + id: 'CWE-695', + name: 'Use of Low-Level Functionality', + status: 'Incomplete', + }, + { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, + { id: 'CWE-697', name: 'Insufficient Comparison', status: 'Incomplete' }, + { id: 'CWE-698', name: 'Redirect Without Exit', status: 'Incomplete' }, + { + id: 'CWE-7', + name: 'J2EE Misconfiguration: Missing Custom Error Page', + status: 'Incomplete', + }, + { + id: 'CWE-703', + name: 'Improper Check or Handling of Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-704', + name: 'Incorrect Type Conversion or Cast', + status: 'Incomplete', + }, + { + id: 'CWE-705', + name: 'Incorrect Control Flow Scoping', + status: 'Incomplete', + }, + { + id: 'CWE-706', + name: 'Use of Incorrectly-Resolved Name or Reference', + status: 'Incomplete', + }, + { + id: 'CWE-707', + name: 'Improper Enforcement of Message or Data Structure', + status: 'Incomplete', + }, + { + id: 'CWE-708', + name: 'Incorrect Ownership Assignment', + status: 'Incomplete', + }, + { id: 'CWE-71', name: "Apple '.DS_Store'", status: 'Incomplete' }, + { id: 'CWE-710', name: 'Coding Standards Violation', status: 'Incomplete' }, + { + id: 'CWE-72', + name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', + status: 'Incomplete', + }, + { + id: 'CWE-73', + name: 'External Control of File Name or Path', + status: 'Draft', + }, + { + id: 'CWE-732', + name: 'Incorrect Permission Assignment for Critical Resource', + status: 'Draft', + }, + { + id: 'CWE-733', + name: 'Compiler Optimization Removal or Modification of Security-critical Code', + status: 'Incomplete', + }, + { + id: 'CWE-74', + name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-749', + name: 'Exposed Dangerous Method or Function', + status: 'Incomplete', + }, + { + id: 'CWE-75', + name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', + status: 'Draft', + }, + { + id: 'CWE-754', + name: 'Improper Check for Unusual or Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-755', + name: 'Improper Handling of Exceptional Conditions', + status: 'Incomplete', + }, + { id: 'CWE-756', name: 'Missing Custom Error Page', status: 'Incomplete' }, + { + id: 'CWE-757', + name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", + status: 'Incomplete', + }, + { + id: 'CWE-758', + name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', + status: 'Incomplete', + }, + { + id: 'CWE-759', + name: 'Use of a One-Way Hash without a Salt', + status: 'Incomplete', + }, + { + id: 'CWE-76', + name: 'Improper Neutralization of Equivalent Special Elements', + status: 'Draft', + }, + { + id: 'CWE-760', + name: 'Use of a One-Way Hash with a Predictable Salt', + status: 'Incomplete', + }, + { + id: 'CWE-761', + name: 'Free of Pointer not at Start of Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-762', + name: 'Mismatched Memory Management Routines', + status: 'Incomplete', + }, + { + id: 'CWE-763', + name: 'Release of Invalid Pointer or Reference', + status: 'Incomplete', + }, + { + id: 'CWE-764', + name: 'Multiple Locks of a Critical Resource', + status: 'Incomplete', + }, + { + id: 'CWE-765', + name: 'Multiple Unlocks of a Critical Resource', + status: 'Incomplete', + }, + { + id: 'CWE-766', + name: 'Critical Variable Declared Public', + status: 'Incomplete', + }, + { + id: 'CWE-767', + name: 'Access to Critical Private Variable via Public Method', + status: 'Incomplete', + }, + { + id: 'CWE-768', + name: 'Incorrect Short Circuit Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-77', + name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", + status: 'Draft', + }, + { + id: 'CWE-770', + name: 'Allocation of Resources Without Limits or Throttling', + status: 'Incomplete', + }, + { + id: 'CWE-771', + name: 'Missing Reference to Active Allocated Resource', + status: 'Incomplete', + }, + { + id: 'CWE-772', + name: 'Missing Release of Resource after Effective Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-773', + name: 'Missing Reference to Active File Descriptor or Handle', + status: 'Incomplete', + }, + { + id: 'CWE-774', + name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', + status: 'Incomplete', + }, + { + id: 'CWE-775', + name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-776', + name: "Unrestricted Recursive Entity References in DTDs ('XML Bomb')", + status: 'Draft', + }, + { + id: 'CWE-777', + name: 'Regular Expression without Anchors', + status: 'Incomplete', + }, + { id: 'CWE-778', name: 'Insufficient Logging', status: 'Draft' }, + { id: 'CWE-779', name: 'Logging of Excessive Data', status: 'Draft' }, + { + id: 'CWE-78', + name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", + status: 'Draft', + }, + { + id: 'CWE-780', + name: 'Use of RSA Algorithm without OAEP', + status: 'Incomplete', + }, + { + id: 'CWE-781', + name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', + status: 'Draft', + }, + { + id: 'CWE-782', + name: 'Exposed IOCTL with Insufficient Access Control', + status: 'Draft', + }, + { id: 'CWE-783', name: 'Operator Precedence Logic Error', status: 'Draft' }, + { + id: 'CWE-784', + name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', + status: 'Draft', + }, + { + id: 'CWE-785', + name: 'Use of Path Manipulation Function without Maximum-sized Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-786', + name: 'Access of Memory Location Before Start of Buffer', + status: 'Incomplete', + }, + { id: 'CWE-787', name: 'Out-of-bounds Write', status: 'Incomplete' }, + { + id: 'CWE-788', + name: 'Access of Memory Location After End of Buffer', + status: 'Incomplete', + }, + { id: 'CWE-789', name: 'Uncontrolled Memory Allocation', status: 'Draft' }, + { + id: 'CWE-79', + name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + status: 'Usable', + }, + { + id: 'CWE-790', + name: 'Improper Filtering of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-791', + name: 'Incomplete Filtering of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-792', + name: 'Incomplete Filtering of One or More Instances of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-793', + name: 'Only Filtering One Instance of a Special Element', + status: 'Incomplete', + }, + { + id: 'CWE-794', + name: 'Incomplete Filtering of Multiple Instances of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-795', + name: 'Only Filtering Special Elements at a Specified Location', + status: 'Incomplete', + }, + { + id: 'CWE-796', + name: 'Only Filtering Special Elements Relative to a Marker', + status: 'Incomplete', + }, + { + id: 'CWE-797', + name: 'Only Filtering Special Elements at an Absolute Position', + status: 'Incomplete', + }, + { + id: 'CWE-798', + name: 'Use of Hard-coded Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-799', + name: 'Improper Control of Interaction Frequency', + status: 'Incomplete', + }, + { + id: 'CWE-8', + name: 'J2EE Misconfiguration: Entity Bean Declared Remote', + status: 'Incomplete', + }, + { + id: 'CWE-80', + name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', + status: 'Incomplete', + }, + { id: 'CWE-804', name: 'Guessable CAPTCHA', status: 'Incomplete' }, + { + id: 'CWE-805', + name: 'Buffer Access with Incorrect Length Value', + status: 'Incomplete', + }, + { + id: 'CWE-806', + name: 'Buffer Access Using Size of Source Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-807', + name: 'Reliance on Untrusted Inputs in a Security Decision', + status: 'Incomplete', + }, + { + id: 'CWE-81', + name: 'Improper Neutralization of Script in an Error Message Web Page', + status: 'Incomplete', + }, + { + id: 'CWE-82', + name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', + status: 'Incomplete', + }, + { id: 'CWE-820', name: 'Missing Synchronization', status: 'Incomplete' }, + { id: 'CWE-821', name: 'Incorrect Synchronization', status: 'Incomplete' }, + { + id: 'CWE-822', + name: 'Untrusted Pointer Dereference', + status: 'Incomplete', + }, + { + id: 'CWE-823', + name: 'Use of Out-of-range Pointer Offset', + status: 'Incomplete', + }, + { + id: 'CWE-824', + name: 'Access of Uninitialized Pointer', + status: 'Incomplete', + }, + { + id: 'CWE-825', + name: 'Expired Pointer Dereference', + status: 'Incomplete', + }, + { + id: 'CWE-826', + name: 'Premature Release of Resource During Expected Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-827', + name: 'Improper Control of Document Type Definition', + status: 'Incomplete', + }, + { + id: 'CWE-828', + name: 'Signal Handler with Functionality that is not Asynchronous-Safe', + status: 'Incomplete', + }, + { + id: 'CWE-829', + name: 'Inclusion of Functionality from Untrusted Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-83', + name: 'Improper Neutralization of Script in Attributes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-830', + name: 'Inclusion of Web Functionality from an Untrusted Source', + status: 'Incomplete', + }, + { + id: 'CWE-831', + name: 'Signal Handler Function Associated with Multiple Signals', + status: 'Incomplete', + }, + { + id: 'CWE-832', + name: 'Unlock of a Resource that is not Locked', + status: 'Incomplete', + }, + { id: 'CWE-833', name: 'Deadlock', status: 'Incomplete' }, + { id: 'CWE-834', name: 'Excessive Iteration', status: 'Incomplete' }, + { + id: 'CWE-835', + name: "Loop with Unreachable Exit Condition ('Infinite Loop')", + status: 'Incomplete', + }, + { + id: 'CWE-836', + name: 'Use of Password Hash Instead of Password for Authentication', + status: 'Incomplete', + }, + { + id: 'CWE-837', + name: 'Improper Enforcement of a Single, Unique Action', + status: 'Incomplete', + }, + { + id: 'CWE-838', + name: 'Inappropriate Encoding for Output Context', + status: 'Incomplete', + }, + { + id: 'CWE-839', + name: 'Numeric Range Comparison Without Minimum Check', + status: 'Incomplete', + }, + { + id: 'CWE-84', + name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-841', + name: 'Improper Enforcement of Behavioral Workflow', + status: 'Incomplete', + }, + { + id: 'CWE-842', + name: 'Placement of User into Incorrect Group', + status: 'Incomplete', + }, + { + id: 'CWE-843', + name: "Access of Resource Using Incompatible Type ('Type Confusion')", + status: 'Incomplete', + }, + { + id: 'CWE-85', + name: 'Doubled Character XSS Manipulations', + status: 'Draft', + }, + { + id: 'CWE-86', + name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', + status: 'Draft', + }, + { id: 'CWE-862', name: 'Missing Authorization', status: 'Incomplete' }, + { id: 'CWE-863', name: 'Incorrect Authorization', status: 'Incomplete' }, + { + id: 'CWE-87', + name: 'Improper Neutralization of Alternate XSS Syntax', + status: 'Draft', + }, + { + id: 'CWE-88', + name: 'Argument Injection or Modification', + status: 'Draft', + }, + { + id: 'CWE-89', + name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + status: 'Draft', + }, + { + id: 'CWE-9', + name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', + status: 'Draft', + }, + { + id: 'CWE-90', + name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", + status: 'Draft', + }, + { + id: 'CWE-91', + name: 'XML Injection (aka Blind XPath Injection)', + status: 'Draft', + }, + { + id: 'CWE-92', + name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', + status: 'Deprecated', + }, + { + id: 'CWE-93', + name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", + status: 'Draft', + }, + { + id: 'CWE-94', + name: "Improper Control of Generation of Code ('Code Injection')", + status: 'Draft', + }, + { + id: 'CWE-95', + name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-96', + name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", + status: 'Draft', + }, + { + id: 'CWE-97', + name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', + status: 'Draft', + }, + { + id: 'CWE-98', + name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP File Inclusion')", + status: 'Draft', + }, + { + id: 'CWE-99', + name: "Improper Control of Resource Identifiers ('Resource Injection')", + status: 'Draft', + }, + ], +} diff --git a/lib/cwec/2.1.js b/lib/cwec/2.1.js new file mode 100644 index 00000000..fd9b0642 --- /dev/null +++ b/lib/cwec/2.1.js @@ -0,0 +1,2829 @@ +export default { + weaknesses: [ + { + id: 'CWE-102', + name: 'Struts: Duplicate Validation Forms', + status: 'Incomplete', + }, + { + id: 'CWE-103', + name: 'Struts: Incomplete validate() Method Definition', + status: 'Draft', + }, + { + id: 'CWE-104', + name: 'Struts: Form Bean Does Not Extend Validation Class', + status: 'Draft', + }, + { + id: 'CWE-105', + name: 'Struts: Form Field Without Validator', + status: 'Draft', + }, + { + id: 'CWE-106', + name: 'Struts: Plug-in Framework not in Use', + status: 'Draft', + }, + { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, + { + id: 'CWE-108', + name: 'Struts: Unvalidated Action Form', + status: 'Incomplete', + }, + { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, + { + id: 'CWE-11', + name: 'ASP.NET Misconfiguration: Creating Debug Binary', + status: 'Draft', + }, + { + id: 'CWE-110', + name: 'Struts: Validator Without Form Field', + status: 'Draft', + }, + { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, + { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, + { + id: 'CWE-113', + name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')", + status: 'Incomplete', + }, + { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, + { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, + { + id: 'CWE-116', + name: 'Improper Encoding or Escaping of Output', + status: 'Draft', + }, + { + id: 'CWE-117', + name: 'Improper Output Neutralization for Logs', + status: 'Draft', + }, + { + id: 'CWE-118', + name: "Improper Access of Indexable Resource ('Range Error')", + status: 'Incomplete', + }, + { + id: 'CWE-119', + name: 'Improper Restriction of Operations within the Bounds of a Memory Buffer', + status: 'Usable', + }, + { + id: 'CWE-12', + name: 'ASP.NET Misconfiguration: Missing Custom Error Page', + status: 'Draft', + }, + { + id: 'CWE-120', + name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", + status: 'Incomplete', + }, + { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, + { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, + { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, + { + id: 'CWE-124', + name: "Buffer Underwrite ('Buffer Underflow')", + status: 'Incomplete', + }, + { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, + { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, + { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, + { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, + { + id: 'CWE-129', + name: 'Improper Validation of Array Index', + status: 'Draft', + }, + { + id: 'CWE-13', + name: 'ASP.NET Misconfiguration: Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-130', + name: 'Improper Handling of Length Parameter Inconsistency ', + status: 'Incomplete', + }, + { + id: 'CWE-131', + name: 'Incorrect Calculation of Buffer Size', + status: 'Draft', + }, + { + id: 'CWE-132', + name: 'DEPRECATED (Duplicate): Miscalculated Null Termination', + status: 'Deprecated', + }, + { id: 'CWE-134', name: 'Uncontrolled Format String', status: 'Draft' }, + { + id: 'CWE-135', + name: 'Incorrect Calculation of Multi-Byte String Length', + status: 'Draft', + }, + { + id: 'CWE-138', + name: 'Improper Neutralization of Special Elements', + status: 'Draft', + }, + { + id: 'CWE-14', + name: 'Compiler Removal of Code to Clear Buffers', + status: 'Draft', + }, + { + id: 'CWE-140', + name: 'Improper Neutralization of Delimiters', + status: 'Draft', + }, + { + id: 'CWE-141', + name: 'Improper Neutralization of Parameter/Argument Delimiters', + status: 'Draft', + }, + { + id: 'CWE-142', + name: 'Improper Neutralization of Value Delimiters', + status: 'Draft', + }, + { + id: 'CWE-143', + name: 'Improper Neutralization of Record Delimiters', + status: 'Draft', + }, + { + id: 'CWE-144', + name: 'Improper Neutralization of Line Delimiters', + status: 'Draft', + }, + { + id: 'CWE-145', + name: 'Improper Neutralization of Section Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-146', + name: 'Improper Neutralization of Expression/Command Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-147', + name: 'Improper Neutralization of Input Terminators', + status: 'Draft', + }, + { + id: 'CWE-148', + name: 'Improper Neutralization of Input Leaders', + status: 'Draft', + }, + { + id: 'CWE-149', + name: 'Improper Neutralization of Quoting Syntax', + status: 'Draft', + }, + { + id: 'CWE-15', + name: 'External Control of System or Configuration Setting', + status: 'Incomplete', + }, + { + id: 'CWE-150', + name: 'Improper Neutralization of Escape, Meta, or Control Sequences', + status: 'Incomplete', + }, + { + id: 'CWE-151', + name: 'Improper Neutralization of Comment Delimiters', + status: 'Draft', + }, + { + id: 'CWE-152', + name: 'Improper Neutralization of Macro Symbols', + status: 'Draft', + }, + { + id: 'CWE-153', + name: 'Improper Neutralization of Substitution Characters', + status: 'Draft', + }, + { + id: 'CWE-154', + name: 'Improper Neutralization of Variable Name Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-155', + name: 'Improper Neutralization of Wildcards or Matching Symbols', + status: 'Draft', + }, + { + id: 'CWE-156', + name: 'Improper Neutralization of Whitespace', + status: 'Draft', + }, + { + id: 'CWE-157', + name: 'Failure to Sanitize Paired Delimiters', + status: 'Draft', + }, + { + id: 'CWE-158', + name: 'Improper Neutralization of Null Byte or NUL Character', + status: 'Incomplete', + }, + { + id: 'CWE-159', + name: 'Failure to Sanitize Special Element', + status: 'Draft', + }, + { + id: 'CWE-160', + name: 'Improper Neutralization of Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-161', + name: 'Improper Neutralization of Multiple Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-162', + name: 'Improper Neutralization of Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-163', + name: 'Improper Neutralization of Multiple Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-164', + name: 'Improper Neutralization of Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-165', + name: 'Improper Neutralization of Multiple Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-166', + name: 'Improper Handling of Missing Special Element', + status: 'Draft', + }, + { + id: 'CWE-167', + name: 'Improper Handling of Additional Special Element', + status: 'Draft', + }, + { + id: 'CWE-168', + name: 'Improper Handling of Inconsistent Special Elements', + status: 'Draft', + }, + { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, + { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, + { + id: 'CWE-173', + name: 'Improper Handling of Alternate Encoding', + status: 'Draft', + }, + { + id: 'CWE-174', + name: 'Double Decoding of the Same Data', + status: 'Draft', + }, + { + id: 'CWE-175', + name: 'Improper Handling of Mixed Encoding', + status: 'Draft', + }, + { + id: 'CWE-176', + name: 'Improper Handling of Unicode Encoding', + status: 'Draft', + }, + { + id: 'CWE-177', + name: 'Improper Handling of URL Encoding (Hex Encoding)', + status: 'Draft', + }, + { + id: 'CWE-178', + name: 'Improper Handling of Case Sensitivity', + status: 'Incomplete', + }, + { + id: 'CWE-179', + name: 'Incorrect Behavior Order: Early Validation', + status: 'Incomplete', + }, + { + id: 'CWE-180', + name: 'Incorrect Behavior Order: Validate Before Canonicalize', + status: 'Draft', + }, + { + id: 'CWE-181', + name: 'Incorrect Behavior Order: Validate Before Filter', + status: 'Draft', + }, + { + id: 'CWE-182', + name: 'Collapse of Data into Unsafe Value', + status: 'Draft', + }, + { id: 'CWE-183', name: 'Permissive Whitelist', status: 'Draft' }, + { id: 'CWE-184', name: 'Incomplete Blacklist', status: 'Draft' }, + { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, + { + id: 'CWE-186', + name: 'Overly Restrictive Regular Expression', + status: 'Draft', + }, + { id: 'CWE-187', name: 'Partial Comparison', status: 'Incomplete' }, + { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, + { + id: 'CWE-190', + name: 'Integer Overflow or Wraparound', + status: 'Incomplete', + }, + { + id: 'CWE-191', + name: 'Integer Underflow (Wrap or Wraparound)', + status: 'Draft', + }, + { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, + { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, + { + id: 'CWE-195', + name: 'Signed to Unsigned Conversion Error', + status: 'Draft', + }, + { + id: 'CWE-196', + name: 'Unsigned to Signed Conversion Error', + status: 'Draft', + }, + { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, + { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, + { id: 'CWE-20', name: 'Improper Input Validation', status: 'Usable' }, + { id: 'CWE-200', name: 'Information Exposure', status: 'Incomplete' }, + { + id: 'CWE-201', + name: 'Information Exposure Through Sent Data', + status: 'Draft', + }, + { + id: 'CWE-202', + name: 'Exposure of Sensitive Data Through Data Queries', + status: 'Draft', + }, + { + id: 'CWE-203', + name: 'Information Exposure Through Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-204', + name: 'Response Discrepancy Information Exposure', + status: 'Incomplete', + }, + { + id: 'CWE-205', + name: 'Information Exposure Through Behavioral Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-206', + name: 'Information Exposure of Internal State Through Behavioral Inconsistency', + status: 'Incomplete', + }, + { + id: 'CWE-207', + name: 'Information Exposure Through an External Behavioral Inconsistency', + status: 'Draft', + }, + { + id: 'CWE-208', + name: 'Information Exposure Through Timing Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-209', + name: 'Information Exposure Through an Error Message', + status: 'Draft', + }, + { + id: 'CWE-210', + name: 'Information Exposure Through Generated Error Message', + status: 'Draft', + }, + { + id: 'CWE-211', + name: 'Information Exposure Through External Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-212', + name: 'Improper Cross-boundary Removal of Sensitive Data', + status: 'Incomplete', + }, + { + id: 'CWE-213', + name: 'Intentional Information Exposure', + status: 'Draft', + }, + { + id: 'CWE-214', + name: 'Information Exposure Through Process Environment', + status: 'Incomplete', + }, + { + id: 'CWE-215', + name: 'Information Exposure Through Debug Information', + status: 'Draft', + }, + { + id: 'CWE-216', + name: 'Containment Errors (Container Errors)', + status: 'Incomplete', + }, + { + id: 'CWE-217', + name: 'DEPRECATED: Failure to Protect Stored Data from Modification', + status: 'Deprecated', + }, + { + id: 'CWE-218', + name: 'DEPRECATED (Duplicate): Failure to provide confidentiality for stored data', + status: 'Deprecated', + }, + { id: 'CWE-219', name: 'Sensitive Data Under Web Root', status: 'Draft' }, + { + id: 'CWE-22', + name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + status: 'Draft', + }, + { id: 'CWE-220', name: 'Sensitive Data Under FTP Root', status: 'Draft' }, + { + id: 'CWE-221', + name: 'Information Loss or Omission', + status: 'Incomplete', + }, + { + id: 'CWE-222', + name: 'Truncation of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-223', + name: 'Omission of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-224', + name: 'Obscured Security-relevant Information by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-225', + name: 'DEPRECATED (Duplicate): General Information Management Problems', + status: 'Deprecated', + }, + { + id: 'CWE-226', + name: 'Sensitive Information Uncleared Before Release', + status: 'Draft', + }, + { + id: 'CWE-227', + name: "Improper Fulfillment of API Contract ('API Abuse')", + status: 'Draft', + }, + { + id: 'CWE-228', + name: 'Improper Handling of Syntactically Invalid Structure', + status: 'Incomplete', + }, + { + id: 'CWE-229', + name: 'Improper Handling of Values', + status: 'Incomplete', + }, + { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, + { + id: 'CWE-230', + name: 'Improper Handling of Missing Values', + status: 'Draft', + }, + { + id: 'CWE-231', + name: 'Improper Handling of Extra Values', + status: 'Draft', + }, + { + id: 'CWE-232', + name: 'Improper Handling of Undefined Values', + status: 'Draft', + }, + { id: 'CWE-233', name: 'Parameter Problems', status: 'Incomplete' }, + { + id: 'CWE-234', + name: 'Failure to Handle Missing Parameter', + status: 'Incomplete', + }, + { + id: 'CWE-235', + name: 'Improper Handling of Extra Parameters', + status: 'Draft', + }, + { + id: 'CWE-236', + name: 'Improper Handling of Undefined Parameters', + status: 'Draft', + }, + { + id: 'CWE-237', + name: 'Improper Handling of Structural Elements', + status: 'Incomplete', + }, + { + id: 'CWE-238', + name: 'Improper Handling of Incomplete Structural Elements', + status: 'Draft', + }, + { + id: 'CWE-239', + name: 'Failure to Handle Incomplete Element', + status: 'Draft', + }, + { + id: 'CWE-24', + name: "Path Traversal: '../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-240', + name: 'Improper Handling of Inconsistent Structural Elements', + status: 'Draft', + }, + { + id: 'CWE-241', + name: 'Improper Handling of Unexpected Data Type', + status: 'Draft', + }, + { + id: 'CWE-242', + name: 'Use of Inherently Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-243', + name: 'Creation of chroot Jail Without Changing Working Directory', + status: 'Draft', + }, + { + id: 'CWE-244', + name: "Improper Clearing of Heap Memory Before Release ('Heap Inspection')", + status: 'Draft', + }, + { + id: 'CWE-245', + name: 'J2EE Bad Practices: Direct Management of Connections', + status: 'Draft', + }, + { + id: 'CWE-246', + name: 'J2EE Bad Practices: Direct Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-247', + name: 'Reliance on DNS Lookups in a Security Decision', + status: 'Incomplete', + }, + { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, + { + id: 'CWE-249', + name: 'DEPRECATED: Often Misused: Path Manipulation', + status: 'Deprecated', + }, + { + id: 'CWE-25', + name: "Path Traversal: '/../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-250', + name: 'Execution with Unnecessary Privileges', + status: 'Draft', + }, + { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, + { + id: 'CWE-253', + name: 'Incorrect Check of Function Return Value', + status: 'Incomplete', + }, + { + id: 'CWE-256', + name: 'Plaintext Storage of a Password', + status: 'Incomplete', + }, + { + id: 'CWE-257', + name: 'Storing Passwords in a Recoverable Format', + status: 'Incomplete', + }, + { + id: 'CWE-258', + name: 'Empty Password in Configuration File', + status: 'Incomplete', + }, + { id: 'CWE-259', name: 'Use of Hard-coded Password', status: 'Draft' }, + { + id: 'CWE-26', + name: "Path Traversal: '/dir/../filename'", + status: 'Draft', + }, + { + id: 'CWE-260', + name: 'Password in Configuration File', + status: 'Incomplete', + }, + { + id: 'CWE-261', + name: 'Weak Cryptography for Passwords', + status: 'Incomplete', + }, + { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, + { + id: 'CWE-263', + name: 'Password Aging with Long Expiration', + status: 'Draft', + }, + { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, + { + id: 'CWE-267', + name: 'Privilege Defined With Unsafe Actions', + status: 'Incomplete', + }, + { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, + { + id: 'CWE-269', + name: 'Improper Privilege Management', + status: 'Incomplete', + }, + { + id: 'CWE-27', + name: "Path Traversal: 'dir/../../filename'", + status: 'Draft', + }, + { + id: 'CWE-270', + name: 'Privilege Context Switching Error', + status: 'Draft', + }, + { + id: 'CWE-271', + name: 'Privilege Dropping / Lowering Errors', + status: 'Incomplete', + }, + { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, + { + id: 'CWE-273', + name: 'Improper Check for Dropped Privileges', + status: 'Incomplete', + }, + { + id: 'CWE-274', + name: 'Improper Handling of Insufficient Privileges', + status: 'Draft', + }, + { id: 'CWE-276', name: 'Incorrect Default Permissions', status: 'Draft' }, + { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, + { + id: 'CWE-278', + name: 'Insecure Preserved Inherited Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-279', + name: 'Incorrect Execution-Assigned Permissions', + status: 'Draft', + }, + { + id: 'CWE-28', + name: "Path Traversal: '..\\filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-280', + name: 'Improper Handling of Insufficient Permissions or Privileges ', + status: 'Draft', + }, + { + id: 'CWE-281', + name: 'Improper Preservation of Permissions', + status: 'Draft', + }, + { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, + { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, + { id: 'CWE-284', name: 'Improper Access Control', status: 'Incomplete' }, + { id: 'CWE-285', name: 'Improper Authorization', status: 'Draft' }, + { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, + { id: 'CWE-287', name: 'Improper Authentication', status: 'Draft' }, + { + id: 'CWE-288', + name: 'Authentication Bypass Using an Alternate Path or Channel', + status: 'Incomplete', + }, + { + id: 'CWE-289', + name: 'Authentication Bypass by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-29', + name: "Path Traversal: '\\..\\filename'", + status: 'Incomplete', + }, + { + id: 'CWE-290', + name: 'Authentication Bypass by Spoofing', + status: 'Incomplete', + }, + { + id: 'CWE-292', + name: 'Trusting Self-reported DNS Name', + status: 'Incomplete', + }, + { + id: 'CWE-293', + name: 'Using Referer Field for Authentication', + status: 'Draft', + }, + { + id: 'CWE-294', + name: 'Authentication Bypass by Capture-replay', + status: 'Incomplete', + }, + { + id: 'CWE-296', + name: 'Improper Following of Chain of Trust for Certificate Validation', + status: 'Draft', + }, + { + id: 'CWE-297', + name: 'Improper Validation of Host-specific Certificate Data', + status: 'Incomplete', + }, + { + id: 'CWE-298', + name: 'Improper Validation of Certificate Expiration', + status: 'Draft', + }, + { + id: 'CWE-299', + name: 'Improper Check for Certificate Revocation', + status: 'Draft', + }, + { + id: 'CWE-30', + name: "Path Traversal: '\\dir\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-300', + name: "Channel Accessible by Non-Endpoint ('Man-in-the-Middle')", + status: 'Draft', + }, + { + id: 'CWE-301', + name: 'Reflection Attack in an Authentication Protocol', + status: 'Draft', + }, + { + id: 'CWE-302', + name: 'Authentication Bypass by Assumed-Immutable Data', + status: 'Incomplete', + }, + { + id: 'CWE-303', + name: 'Incorrect Implementation of Authentication Algorithm', + status: 'Draft', + }, + { + id: 'CWE-304', + name: 'Missing Critical Step in Authentication', + status: 'Draft', + }, + { + id: 'CWE-305', + name: 'Authentication Bypass by Primary Weakness', + status: 'Draft', + }, + { + id: 'CWE-306', + name: 'Missing Authentication for Critical Function', + status: 'Draft', + }, + { + id: 'CWE-307', + name: 'Improper Restriction of Excessive Authentication Attempts', + status: 'Draft', + }, + { + id: 'CWE-308', + name: 'Use of Single-factor Authentication', + status: 'Draft', + }, + { + id: 'CWE-309', + name: 'Use of Password System for Primary Authentication', + status: 'Draft', + }, + { + id: 'CWE-31', + name: "Path Traversal: 'dir\\..\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-311', + name: 'Missing Encryption of Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-312', + name: 'Cleartext Storage of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-313', + name: 'Plaintext Storage in a File or on Disk', + status: 'Draft', + }, + { + id: 'CWE-314', + name: 'Plaintext Storage in the Registry', + status: 'Draft', + }, + { id: 'CWE-315', name: 'Plaintext Storage in a Cookie', status: 'Draft' }, + { id: 'CWE-316', name: 'Plaintext Storage in Memory', status: 'Draft' }, + { id: 'CWE-317', name: 'Plaintext Storage in GUI', status: 'Draft' }, + { id: 'CWE-318', name: 'Plaintext Storage in Executable', status: 'Draft' }, + { + id: 'CWE-319', + name: 'Cleartext Transmission of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-32', + name: "Path Traversal: '...' (Triple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-321', + name: 'Use of Hard-coded Cryptographic Key', + status: 'Draft', + }, + { + id: 'CWE-322', + name: 'Key Exchange without Entity Authentication', + status: 'Draft', + }, + { + id: 'CWE-323', + name: 'Reusing a Nonce, Key Pair in Encryption', + status: 'Incomplete', + }, + { + id: 'CWE-324', + name: 'Use of a Key Past its Expiration Date', + status: 'Draft', + }, + { + id: 'CWE-325', + name: 'Missing Required Cryptographic Step', + status: 'Incomplete', + }, + { id: 'CWE-326', name: 'Inadequate Encryption Strength', status: 'Draft' }, + { + id: 'CWE-327', + name: 'Use of a Broken or Risky Cryptographic Algorithm', + status: 'Draft', + }, + { id: 'CWE-328', name: 'Reversible One-Way Hash', status: 'Draft' }, + { + id: 'CWE-329', + name: 'Not Using a Random IV with CBC Mode', + status: 'Draft', + }, + { + id: 'CWE-33', + name: "Path Traversal: '....' (Multiple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-330', + name: 'Use of Insufficiently Random Values', + status: 'Usable', + }, + { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, + { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, + { + id: 'CWE-333', + name: 'Improper Handling of Insufficient Entropy in TRNG', + status: 'Draft', + }, + { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, + { id: 'CWE-335', name: 'PRNG Seed Error', status: 'Draft' }, + { id: 'CWE-336', name: 'Same Seed in PRNG', status: 'Draft' }, + { id: 'CWE-337', name: 'Predictable Seed in PRNG', status: 'Draft' }, + { + id: 'CWE-338', + name: 'Use of Cryptographically Weak PRNG', + status: 'Draft', + }, + { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, + { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, + { id: 'CWE-340', name: 'Predictability Problems', status: 'Incomplete' }, + { + id: 'CWE-341', + name: 'Predictable from Observable State', + status: 'Draft', + }, + { + id: 'CWE-342', + name: 'Predictable Exact Value from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-343', + name: 'Predictable Value Range from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-344', + name: 'Use of Invariant Value in Dynamically Changing Context', + status: 'Draft', + }, + { + id: 'CWE-345', + name: 'Insufficient Verification of Data Authenticity', + status: 'Draft', + }, + { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, + { + id: 'CWE-347', + name: 'Improper Verification of Cryptographic Signature', + status: 'Draft', + }, + { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, + { + id: 'CWE-349', + name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', + status: 'Draft', + }, + { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, + { id: 'CWE-350', name: 'Improperly Trusted Reverse DNS', status: 'Draft' }, + { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, + { + id: 'CWE-353', + name: 'Missing Support for Integrity Check', + status: 'Draft', + }, + { + id: 'CWE-354', + name: 'Improper Validation of Integrity Check Value', + status: 'Draft', + }, + { + id: 'CWE-356', + name: 'Product UI does not Warn User of Unsafe Actions', + status: 'Incomplete', + }, + { + id: 'CWE-357', + name: 'Insufficient UI Warning of Dangerous Operations', + status: 'Draft', + }, + { + id: 'CWE-358', + name: 'Improperly Implemented Security Check for Standard', + status: 'Draft', + }, + { id: 'CWE-359', name: 'Privacy Violation', status: 'Incomplete' }, + { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, + { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, + { + id: 'CWE-362', + name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", + status: 'Draft', + }, + { + id: 'CWE-363', + name: 'Race Condition Enabling Link Following', + status: 'Draft', + }, + { + id: 'CWE-364', + name: 'Signal Handler Race Condition', + status: 'Incomplete', + }, + { id: 'CWE-365', name: 'Race Condition in Switch', status: 'Draft' }, + { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, + { + id: 'CWE-367', + name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', + status: 'Incomplete', + }, + { + id: 'CWE-368', + name: 'Context Switching Race Condition', + status: 'Draft', + }, + { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, + { + id: 'CWE-37', + name: "Path Traversal: '/absolute/pathname/here'", + status: 'Draft', + }, + { + id: 'CWE-370', + name: 'Missing Check for Certificate Revocation after Initial Check', + status: 'Draft', + }, + { + id: 'CWE-372', + name: 'Incomplete Internal State Distinction', + status: 'Draft', + }, + { + id: 'CWE-373', + name: 'DEPRECATED: State Synchronization Error', + status: 'Deprecated', + }, + { + id: 'CWE-374', + name: 'Passing Mutable Objects to an Untrusted Method', + status: 'Draft', + }, + { + id: 'CWE-375', + name: 'Returning a Mutable Object to an Untrusted Caller', + status: 'Draft', + }, + { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, + { + id: 'CWE-378', + name: 'Creation of Temporary File With Insecure Permissions', + status: 'Draft', + }, + { + id: 'CWE-379', + name: 'Creation of Temporary File in Directory with Incorrect Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-38', + name: "Path Traversal: '\\absolute\\pathname\\here'", + status: 'Draft', + }, + { + id: 'CWE-382', + name: 'J2EE Bad Practices: Use of System.exit()', + status: 'Draft', + }, + { + id: 'CWE-383', + name: 'J2EE Bad Practices: Direct Use of Threads', + status: 'Draft', + }, + { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, + { + id: 'CWE-386', + name: 'Symbolic Name not Mapping to Correct Object', + status: 'Draft', + }, + { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, + { + id: 'CWE-390', + name: 'Detection of Error Condition Without Action', + status: 'Draft', + }, + { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, + { + id: 'CWE-392', + name: 'Missing Report of Error Condition', + status: 'Draft', + }, + { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, + { + id: 'CWE-394', + name: 'Unexpected Status Code or Return Value', + status: 'Draft', + }, + { + id: 'CWE-395', + name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', + status: 'Draft', + }, + { + id: 'CWE-396', + name: 'Declaration of Catch for Generic Exception', + status: 'Draft', + }, + { + id: 'CWE-397', + name: 'Declaration of Throws for Generic Exception', + status: 'Draft', + }, + { id: 'CWE-398', name: 'Indicator of Poor Code Quality', status: 'Draft' }, + { + id: 'CWE-40', + name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", + status: 'Draft', + }, + { + id: 'CWE-400', + name: "Uncontrolled Resource Consumption ('Resource Exhaustion')", + status: 'Incomplete', + }, + { + id: 'CWE-401', + name: "Improper Release of Memory Before Removing Last Reference ('Memory Leak')", + status: 'Draft', + }, + { + id: 'CWE-402', + name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", + status: 'Draft', + }, + { + id: 'CWE-403', + name: 'Exposure of File Descriptor to Unintended Control Sphere', + status: 'Draft', + }, + { + id: 'CWE-404', + name: 'Improper Resource Shutdown or Release', + status: 'Draft', + }, + { + id: 'CWE-405', + name: 'Asymmetric Resource Consumption (Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-406', + name: 'Insufficient Control of Network Message Volume (Network Amplification)', + status: 'Incomplete', + }, + { id: 'CWE-407', name: 'Algorithmic Complexity', status: 'Incomplete' }, + { + id: 'CWE-408', + name: 'Incorrect Behavior Order: Early Amplification', + status: 'Draft', + }, + { + id: 'CWE-409', + name: 'Improper Handling of Highly Compressed Data (Data Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-41', + name: 'Improper Resolution of Path Equivalence', + status: 'Incomplete', + }, + { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, + { + id: 'CWE-412', + name: 'Unrestricted Externally Accessible Lock', + status: 'Incomplete', + }, + { id: 'CWE-413', name: 'Improper Resource Locking', status: 'Draft' }, + { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, + { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, + { id: 'CWE-416', name: 'Use After Free', status: 'Draft' }, + { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, + { + id: 'CWE-42', + name: "Path Equivalence: 'filename.' (Trailing Dot)", + status: 'Incomplete', + }, + { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, + { + id: 'CWE-421', + name: 'Race Condition During Access to Alternate Channel', + status: 'Draft', + }, + { + id: 'CWE-422', + name: "Unprotected Windows Messaging Channel ('Shatter')", + status: 'Draft', + }, + { + id: 'CWE-423', + name: 'DEPRECATED (Duplicate): Proxied Trusted Channel', + status: 'Deprecated', + }, + { + id: 'CWE-424', + name: 'Improper Protection of Alternate Path', + status: 'Draft', + }, + { + id: 'CWE-425', + name: "Direct Request ('Forced Browsing')", + status: 'Incomplete', + }, + { + id: 'CWE-427', + name: 'Uncontrolled Search Path Element', + status: 'Draft', + }, + { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, + { + id: 'CWE-43', + name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-430', + name: 'Deployment of Wrong Handler', + status: 'Incomplete', + }, + { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, + { + id: 'CWE-432', + name: 'Dangerous Signal Handler not Disabled During Sensitive Operations', + status: 'Draft', + }, + { + id: 'CWE-433', + name: 'Unparsed Raw Web Content Delivery', + status: 'Incomplete', + }, + { + id: 'CWE-434', + name: 'Unrestricted Upload of File with Dangerous Type', + status: 'Draft', + }, + { id: 'CWE-435', name: 'Interaction Error', status: 'Draft' }, + { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, + { + id: 'CWE-437', + name: 'Incomplete Model of Endpoint Features', + status: 'Incomplete', + }, + { + id: 'CWE-439', + name: 'Behavioral Change in New Version or Environment', + status: 'Draft', + }, + { + id: 'CWE-44', + name: "Path Equivalence: 'file.name' (Internal Dot)", + status: 'Incomplete', + }, + { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, + { id: 'CWE-441', name: 'Unintended Proxy/Intermediary', status: 'Draft' }, + { + id: 'CWE-443', + name: 'DEPRECATED (Duplicate): HTTP response splitting', + status: 'Deprecated', + }, + { + id: 'CWE-444', + name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')", + status: 'Incomplete', + }, + { + id: 'CWE-446', + name: 'UI Discrepancy for Security Feature', + status: 'Incomplete', + }, + { + id: 'CWE-447', + name: 'Unimplemented or Unsupported Feature in UI', + status: 'Draft', + }, + { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, + { + id: 'CWE-449', + name: 'The UI Performs the Wrong Action', + status: 'Incomplete', + }, + { + id: 'CWE-45', + name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-450', + name: 'Multiple Interpretations of UI Input', + status: 'Draft', + }, + { + id: 'CWE-451', + name: 'UI Misrepresentation of Critical Information', + status: 'Draft', + }, + { + id: 'CWE-453', + name: 'Insecure Default Variable Initialization', + status: 'Draft', + }, + { + id: 'CWE-454', + name: 'External Initialization of Trusted Variables or Data Stores', + status: 'Draft', + }, + { + id: 'CWE-455', + name: 'Non-exit on Failed Initialization', + status: 'Draft', + }, + { id: 'CWE-456', name: 'Missing Initialization', status: 'Draft' }, + { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, + { + id: 'CWE-458', + name: 'DEPRECATED: Incorrect Initialization', + status: 'Deprecated', + }, + { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, + { + id: 'CWE-46', + name: "Path Equivalence: 'filename ' (Trailing Space)", + status: 'Incomplete', + }, + { + id: 'CWE-460', + name: 'Improper Cleanup on Thrown Exception', + status: 'Draft', + }, + { + id: 'CWE-462', + name: 'Duplicate Key in Associative List (Alist)', + status: 'Incomplete', + }, + { + id: 'CWE-463', + name: 'Deletion of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-464', + name: 'Addition of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-466', + name: 'Return of Pointer Value Outside of Expected Range', + status: 'Draft', + }, + { + id: 'CWE-467', + name: 'Use of sizeof() on a Pointer Type', + status: 'Draft', + }, + { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, + { + id: 'CWE-469', + name: 'Use of Pointer Subtraction to Determine Size', + status: 'Draft', + }, + { + id: 'CWE-47', + name: "Path Equivalence: ' filename' (Leading Space)", + status: 'Incomplete', + }, + { + id: 'CWE-470', + name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", + status: 'Draft', + }, + { + id: 'CWE-471', + name: 'Modification of Assumed-Immutable Data (MAID)', + status: 'Draft', + }, + { + id: 'CWE-472', + name: 'External Control of Assumed-Immutable Web Parameter', + status: 'Draft', + }, + { + id: 'CWE-473', + name: 'PHP External Variable Modification', + status: 'Draft', + }, + { + id: 'CWE-474', + name: 'Use of Function with Inconsistent Implementations', + status: 'Draft', + }, + { + id: 'CWE-475', + name: 'Undefined Behavior for Input to API', + status: 'Incomplete', + }, + { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Draft' }, + { id: 'CWE-477', name: 'Use of Obsolete Functions', status: 'Draft' }, + { + id: 'CWE-478', + name: 'Missing Default Case in Switch Statement', + status: 'Draft', + }, + { + id: 'CWE-479', + name: 'Signal Handler Use of a Non-reentrant Function', + status: 'Draft', + }, + { + id: 'CWE-48', + name: "Path Equivalence: 'file name' (Internal Whitespace)", + status: 'Incomplete', + }, + { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, + { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, + { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, + { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, + { + id: 'CWE-484', + name: 'Omitted Break Statement in Switch', + status: 'Draft', + }, + { id: 'CWE-485', name: 'Insufficient Encapsulation', status: 'Draft' }, + { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, + { + id: 'CWE-487', + name: 'Reliance on Package-level Scope', + status: 'Incomplete', + }, + { + id: 'CWE-488', + name: 'Exposure of Data Element to Wrong Session', + status: 'Draft', + }, + { id: 'CWE-489', name: 'Leftover Debug Code', status: 'Draft' }, + { + id: 'CWE-49', + name: "Path Equivalence: 'filename/' (Trailing Slash)", + status: 'Incomplete', + }, + { + id: 'CWE-491', + name: "Public cloneable() Method Without Final ('Object Hijack')", + status: 'Draft', + }, + { + id: 'CWE-492', + name: 'Use of Inner Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-493', + name: 'Critical Public Variable Without Final Modifier', + status: 'Draft', + }, + { + id: 'CWE-494', + name: 'Download of Code Without Integrity Check', + status: 'Draft', + }, + { + id: 'CWE-495', + name: 'Private Array-Typed Field Returned From A Public Method', + status: 'Draft', + }, + { + id: 'CWE-496', + name: 'Public Data Assigned to Private Array-Typed Field', + status: 'Incomplete', + }, + { + id: 'CWE-497', + name: 'Exposure of System Data to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-498', + name: 'Cloneable Class Containing Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-499', + name: 'Serializable Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-5', + name: 'J2EE Misconfiguration: Data Transmission Without Encryption', + status: 'Draft', + }, + { + id: 'CWE-50', + name: "Path Equivalence: '//multiple/leading/slash'", + status: 'Incomplete', + }, + { + id: 'CWE-500', + name: 'Public Static Field Not Marked Final', + status: 'Draft', + }, + { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, + { + id: 'CWE-502', + name: 'Deserialization of Untrusted Data', + status: 'Draft', + }, + { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, + { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, + { + id: 'CWE-508', + name: 'Non-Replicating Malicious Code', + status: 'Incomplete', + }, + { + id: 'CWE-509', + name: 'Replicating Malicious Code (Virus or Worm)', + status: 'Incomplete', + }, + { + id: 'CWE-51', + name: "Path Equivalence: '/multiple//internal/slash'", + status: 'Incomplete', + }, + { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, + { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, + { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, + { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, + { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, + { + id: 'CWE-516', + name: 'DEPRECATED (Duplicate): Covert Timing Channel', + status: 'Deprecated', + }, + { + id: 'CWE-52', + name: "Path Equivalence: '/multiple/trailing/slash//'", + status: 'Incomplete', + }, + { + id: 'CWE-520', + name: '.NET Misconfiguration: Use of Impersonation', + status: 'Incomplete', + }, + { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, + { + id: 'CWE-522', + name: 'Insufficiently Protected Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-523', + name: 'Unprotected Transport of Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-524', + name: 'Information Exposure Through Caching', + status: 'Incomplete', + }, + { + id: 'CWE-525', + name: 'Information Exposure Through Browser Caching', + status: 'Incomplete', + }, + { + id: 'CWE-526', + name: 'Information Exposure Through Environmental Variables', + status: 'Incomplete', + }, + { + id: 'CWE-527', + name: 'Exposure of CVS Repository to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-528', + name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', + status: 'Draft', + }, + { + id: 'CWE-529', + name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-53', + name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", + status: 'Incomplete', + }, + { + id: 'CWE-530', + name: 'Exposure of Backup File to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-531', + name: 'Information Exposure Through Test Code', + status: 'Incomplete', + }, + { + id: 'CWE-532', + name: 'Information Exposure Through Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-533', + name: 'Information Exposure Through Server Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-534', + name: 'Information Exposure Through Debug Log Files', + status: 'Draft', + }, + { + id: 'CWE-535', + name: 'Information Exposure Through Shell Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-536', + name: 'Information Exposure Through Servlet Runtime Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-537', + name: 'Information Exposure Through Java Runtime Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-538', + name: 'File and Directory Information Exposure', + status: 'Draft', + }, + { + id: 'CWE-539', + name: 'Information Exposure Through Persistent Cookies', + status: 'Incomplete', + }, + { + id: 'CWE-54', + name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", + status: 'Incomplete', + }, + { + id: 'CWE-540', + name: 'Information Exposure Through Source Code', + status: 'Incomplete', + }, + { + id: 'CWE-541', + name: 'Information Exposure Through Include Source Code', + status: 'Incomplete', + }, + { + id: 'CWE-542', + name: 'Information Exposure Through Cleanup Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-543', + name: 'Use of Singleton Pattern Without Synchronization in a Multithreaded Context', + status: 'Incomplete', + }, + { + id: 'CWE-544', + name: 'Missing Standardized Error Handling Mechanism', + status: 'Draft', + }, + { + id: 'CWE-545', + name: 'Use of Dynamic Class Loading', + status: 'Incomplete', + }, + { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, + { + id: 'CWE-547', + name: 'Use of Hard-coded, Security-relevant Constants', + status: 'Draft', + }, + { + id: 'CWE-548', + name: 'Information Exposure Through Directory Listing', + status: 'Draft', + }, + { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, + { + id: 'CWE-55', + name: "Path Equivalence: '/./' (Single Dot Directory)", + status: 'Incomplete', + }, + { + id: 'CWE-550', + name: 'Information Exposure Through Server Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-551', + name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', + status: 'Incomplete', + }, + { + id: 'CWE-552', + name: 'Files or Directories Accessible to External Parties', + status: 'Draft', + }, + { + id: 'CWE-553', + name: 'Command Shell in Externally Accessible Directory', + status: 'Incomplete', + }, + { + id: 'CWE-554', + name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', + status: 'Draft', + }, + { + id: 'CWE-555', + name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-556', + name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', + status: 'Incomplete', + }, + { + id: 'CWE-558', + name: 'Use of getlogin() in Multithreaded Application', + status: 'Draft', + }, + { + id: 'CWE-56', + name: "Path Equivalence: 'filedir*' (Wildcard)", + status: 'Incomplete', + }, + { + id: 'CWE-560', + name: 'Use of umask() with chmod-style Argument', + status: 'Draft', + }, + { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, + { + id: 'CWE-562', + name: 'Return of Stack Variable Address', + status: 'Draft', + }, + { id: 'CWE-563', name: 'Unused Variable', status: 'Draft' }, + { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, + { + id: 'CWE-565', + name: 'Reliance on Cookies without Validation and Integrity Checking', + status: 'Incomplete', + }, + { + id: 'CWE-566', + name: 'Authorization Bypass Through User-Controlled SQL Primary Key', + status: 'Incomplete', + }, + { + id: 'CWE-567', + name: 'Unsynchronized Access to Shared Data in a Multithreaded Context', + status: 'Draft', + }, + { + id: 'CWE-568', + name: 'finalize() Method Without super.finalize()', + status: 'Draft', + }, + { + id: 'CWE-57', + name: "Path Equivalence: 'fakedir/../realdir/filename'", + status: 'Incomplete', + }, + { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, + { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, + { + id: 'CWE-572', + name: 'Call to Thread run() instead of start()', + status: 'Draft', + }, + { + id: 'CWE-573', + name: 'Improper Following of Specification by Caller', + status: 'Draft', + }, + { + id: 'CWE-574', + name: 'EJB Bad Practices: Use of Synchronization Primitives', + status: 'Draft', + }, + { + id: 'CWE-575', + name: 'EJB Bad Practices: Use of AWT Swing', + status: 'Draft', + }, + { + id: 'CWE-576', + name: 'EJB Bad Practices: Use of Java I/O', + status: 'Draft', + }, + { + id: 'CWE-577', + name: 'EJB Bad Practices: Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-578', + name: 'EJB Bad Practices: Use of Class Loader', + status: 'Draft', + }, + { + id: 'CWE-579', + name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', + status: 'Draft', + }, + { + id: 'CWE-58', + name: 'Path Equivalence: Windows 8.3 Filename', + status: 'Incomplete', + }, + { + id: 'CWE-580', + name: 'clone() Method Without super.clone()', + status: 'Draft', + }, + { + id: 'CWE-581', + name: 'Object Model Violation: Just One of Equals and Hashcode Defined', + status: 'Draft', + }, + { + id: 'CWE-582', + name: 'Array Declared Public, Final, and Static', + status: 'Draft', + }, + { + id: 'CWE-583', + name: 'finalize() Method Declared Public', + status: 'Incomplete', + }, + { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, + { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, + { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, + { + id: 'CWE-587', + name: 'Assignment of a Fixed Address to a Pointer', + status: 'Draft', + }, + { + id: 'CWE-588', + name: 'Attempt to Access Child of a Non-structure Pointer', + status: 'Incomplete', + }, + { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, + { + id: 'CWE-59', + name: "Improper Link Resolution Before File Access ('Link Following')", + status: 'Draft', + }, + { + id: 'CWE-590', + name: 'Free of Memory not on the Heap', + status: 'Incomplete', + }, + { + id: 'CWE-591', + name: 'Sensitive Data Storage in Improperly Locked Memory', + status: 'Draft', + }, + { + id: 'CWE-592', + name: 'Authentication Bypass Issues', + status: 'Incomplete', + }, + { + id: 'CWE-593', + name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', + status: 'Draft', + }, + { + id: 'CWE-594', + name: 'J2EE Framework: Saving Unserializable Objects to Disk', + status: 'Incomplete', + }, + { + id: 'CWE-595', + name: 'Comparison of Object References Instead of Object Contents', + status: 'Incomplete', + }, + { + id: 'CWE-596', + name: 'Incorrect Semantic Object Comparison', + status: 'Incomplete', + }, + { + id: 'CWE-597', + name: 'Use of Wrong Operator in String Comparison', + status: 'Draft', + }, + { + id: 'CWE-598', + name: 'Information Exposure Through Query Strings in GET Request', + status: 'Draft', + }, + { + id: 'CWE-599', + name: 'Trust of OpenSSL Certificate Without Validation', + status: 'Incomplete', + }, + { + id: 'CWE-6', + name: 'J2EE Misconfiguration: Insufficient Session-ID Length', + status: 'Incomplete', + }, + { id: 'CWE-600', name: 'Uncaught Exception in Servlet ', status: 'Draft' }, + { + id: 'CWE-601', + name: "URL Redirection to Untrusted Site ('Open Redirect')", + status: 'Draft', + }, + { + id: 'CWE-602', + name: 'Client-Side Enforcement of Server-Side Security', + status: 'Draft', + }, + { + id: 'CWE-603', + name: 'Use of Client-Side Authentication', + status: 'Draft', + }, + { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, + { + id: 'CWE-606', + name: 'Unchecked Input for Loop Condition', + status: 'Draft', + }, + { + id: 'CWE-607', + name: 'Public Static Final Field References Mutable Object', + status: 'Draft', + }, + { + id: 'CWE-608', + name: 'Struts: Non-private Field in ActionForm Class', + status: 'Draft', + }, + { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, + { + id: 'CWE-610', + name: 'Externally Controlled Reference to a Resource in Another Sphere', + status: 'Draft', + }, + { + id: 'CWE-611', + name: 'Information Exposure Through XML External Entity Reference', + status: 'Draft', + }, + { + id: 'CWE-612', + name: 'Information Exposure Through Indexing of Private Data', + status: 'Draft', + }, + { + id: 'CWE-613', + name: 'Insufficient Session Expiration', + status: 'Incomplete', + }, + { + id: 'CWE-614', + name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", + status: 'Draft', + }, + { + id: 'CWE-615', + name: 'Information Exposure Through Comments', + status: 'Incomplete', + }, + { + id: 'CWE-616', + name: 'Incomplete Identification of Uploaded File Variables (PHP)', + status: 'Incomplete', + }, + { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, + { + id: 'CWE-618', + name: 'Exposed Unsafe ActiveX Method', + status: 'Incomplete', + }, + { + id: 'CWE-619', + name: "Dangling Database Cursor ('Cursor Injection')", + status: 'Incomplete', + }, + { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, + { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, + { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, + { + id: 'CWE-622', + name: 'Unvalidated Function Hook Arguments', + status: 'Draft', + }, + { + id: 'CWE-623', + name: 'Unsafe ActiveX Control Marked Safe For Scripting', + status: 'Draft', + }, + { + id: 'CWE-624', + name: 'Executable Regular Expression Error', + status: 'Incomplete', + }, + { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, + { + id: 'CWE-626', + name: 'Null Byte Interaction Error (Poison Null Byte)', + status: 'Draft', + }, + { + id: 'CWE-627', + name: 'Dynamic Variable Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-628', + name: 'Function Call with Incorrectly Specified Arguments', + status: 'Draft', + }, + { + id: 'CWE-636', + name: "Not Failing Securely ('Failing Open')", + status: 'Draft', + }, + { + id: 'CWE-637', + name: "Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')", + status: 'Draft', + }, + { id: 'CWE-638', name: 'Not Using Complete Mediation', status: 'Draft' }, + { + id: 'CWE-639', + name: 'Authorization Bypass Through User-Controlled Key', + status: 'Incomplete', + }, + { + id: 'CWE-64', + name: 'Windows Shortcut Following (.LNK)', + status: 'Incomplete', + }, + { + id: 'CWE-640', + name: 'Weak Password Recovery Mechanism for Forgotten Password', + status: 'Incomplete', + }, + { + id: 'CWE-641', + name: 'Improper Restriction of Names for Files and Other Resources', + status: 'Incomplete', + }, + { + id: 'CWE-642', + name: 'External Control of Critical State Data', + status: 'Draft', + }, + { + id: 'CWE-643', + name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-644', + name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', + status: 'Incomplete', + }, + { + id: 'CWE-645', + name: 'Overly Restrictive Account Lockout Mechanism', + status: 'Incomplete', + }, + { + id: 'CWE-646', + name: 'Reliance on File Name or Extension of Externally-Supplied File', + status: 'Incomplete', + }, + { + id: 'CWE-647', + name: 'Use of Non-Canonical URL Paths for Authorization Decisions', + status: 'Incomplete', + }, + { + id: 'CWE-648', + name: 'Incorrect Use of Privileged APIs', + status: 'Incomplete', + }, + { + id: 'CWE-649', + name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', + status: 'Incomplete', + }, + { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, + { + id: 'CWE-650', + name: 'Trusting HTTP Permission Methods on the Server Side', + status: 'Incomplete', + }, + { + id: 'CWE-651', + name: 'Information Exposure Through WSDL File', + status: 'Incomplete', + }, + { + id: 'CWE-652', + name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-653', + name: 'Insufficient Compartmentalization', + status: 'Draft', + }, + { + id: 'CWE-654', + name: 'Reliance on a Single Factor in a Security Decision', + status: 'Draft', + }, + { + id: 'CWE-655', + name: 'Insufficient Psychological Acceptability', + status: 'Draft', + }, + { + id: 'CWE-656', + name: 'Reliance on Security Through Obscurity', + status: 'Draft', + }, + { + id: 'CWE-657', + name: 'Violation of Secure Design Principles', + status: 'Draft', + }, + { + id: 'CWE-66', + name: 'Improper Handling of File Names that Identify Virtual Resources', + status: 'Draft', + }, + { id: 'CWE-662', name: 'Improper Synchronization', status: 'Draft' }, + { + id: 'CWE-663', + name: 'Use of a Non-reentrant Function in a Concurrent Context', + status: 'Draft', + }, + { + id: 'CWE-664', + name: 'Improper Control of a Resource Through its Lifetime', + status: 'Draft', + }, + { id: 'CWE-665', name: 'Improper Initialization', status: 'Draft' }, + { + id: 'CWE-666', + name: 'Operation on Resource in Wrong Phase of Lifetime', + status: 'Draft', + }, + { id: 'CWE-667', name: 'Improper Locking', status: 'Draft' }, + { + id: 'CWE-668', + name: 'Exposure of Resource to Wrong Sphere', + status: 'Draft', + }, + { + id: 'CWE-669', + name: 'Incorrect Resource Transfer Between Spheres', + status: 'Draft', + }, + { + id: 'CWE-67', + name: 'Improper Handling of Windows Device Names', + status: 'Incomplete', + }, + { + id: 'CWE-670', + name: 'Always-Incorrect Control Flow Implementation', + status: 'Draft', + }, + { + id: 'CWE-671', + name: 'Lack of Administrator Control over Security', + status: 'Draft', + }, + { + id: 'CWE-672', + name: 'Operation on a Resource after Expiration or Release', + status: 'Draft', + }, + { + id: 'CWE-673', + name: 'External Influence of Sphere Definition', + status: 'Draft', + }, + { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, + { + id: 'CWE-675', + name: 'Duplicate Operations on Resource', + status: 'Draft', + }, + { + id: 'CWE-676', + name: 'Use of Potentially Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-681', + name: 'Incorrect Conversion between Numeric Types', + status: 'Draft', + }, + { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, + { + id: 'CWE-683', + name: 'Function Call With Incorrect Order of Arguments', + status: 'Draft', + }, + { + id: 'CWE-684', + name: 'Incorrect Provision of Specified Functionality', + status: 'Draft', + }, + { + id: 'CWE-685', + name: 'Function Call With Incorrect Number of Arguments', + status: 'Draft', + }, + { + id: 'CWE-686', + name: 'Function Call With Incorrect Argument Type', + status: 'Draft', + }, + { + id: 'CWE-687', + name: 'Function Call With Incorrectly Specified Argument Value', + status: 'Draft', + }, + { + id: 'CWE-688', + name: 'Function Call With Incorrect Variable or Reference as Argument', + status: 'Draft', + }, + { + id: 'CWE-69', + name: 'Improper Handling of Windows ::DATA Alternate Data Stream', + status: 'Incomplete', + }, + { + id: 'CWE-691', + name: 'Insufficient Control Flow Management', + status: 'Draft', + }, + { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, + { + id: 'CWE-694', + name: 'Use of Multiple Resources with Duplicate Identifier', + status: 'Incomplete', + }, + { + id: 'CWE-695', + name: 'Use of Low-Level Functionality', + status: 'Incomplete', + }, + { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, + { id: 'CWE-697', name: 'Insufficient Comparison', status: 'Incomplete' }, + { id: 'CWE-698', name: 'Redirect Without Exit', status: 'Incomplete' }, + { + id: 'CWE-7', + name: 'J2EE Misconfiguration: Missing Custom Error Page', + status: 'Incomplete', + }, + { + id: 'CWE-703', + name: 'Improper Check or Handling of Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-704', + name: 'Incorrect Type Conversion or Cast', + status: 'Incomplete', + }, + { + id: 'CWE-705', + name: 'Incorrect Control Flow Scoping', + status: 'Incomplete', + }, + { + id: 'CWE-706', + name: 'Use of Incorrectly-Resolved Name or Reference', + status: 'Incomplete', + }, + { + id: 'CWE-707', + name: 'Improper Enforcement of Message or Data Structure', + status: 'Incomplete', + }, + { + id: 'CWE-708', + name: 'Incorrect Ownership Assignment', + status: 'Incomplete', + }, + { id: 'CWE-71', name: "Apple '.DS_Store'", status: 'Incomplete' }, + { id: 'CWE-710', name: 'Coding Standards Violation', status: 'Incomplete' }, + { + id: 'CWE-72', + name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', + status: 'Incomplete', + }, + { + id: 'CWE-73', + name: 'External Control of File Name or Path', + status: 'Draft', + }, + { + id: 'CWE-732', + name: 'Incorrect Permission Assignment for Critical Resource', + status: 'Draft', + }, + { + id: 'CWE-733', + name: 'Compiler Optimization Removal or Modification of Security-critical Code', + status: 'Incomplete', + }, + { + id: 'CWE-74', + name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-749', + name: 'Exposed Dangerous Method or Function', + status: 'Incomplete', + }, + { + id: 'CWE-75', + name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', + status: 'Draft', + }, + { + id: 'CWE-754', + name: 'Improper Check for Unusual or Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-755', + name: 'Improper Handling of Exceptional Conditions', + status: 'Incomplete', + }, + { id: 'CWE-756', name: 'Missing Custom Error Page', status: 'Incomplete' }, + { + id: 'CWE-757', + name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", + status: 'Incomplete', + }, + { + id: 'CWE-758', + name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', + status: 'Incomplete', + }, + { + id: 'CWE-759', + name: 'Use of a One-Way Hash without a Salt', + status: 'Incomplete', + }, + { + id: 'CWE-76', + name: 'Improper Neutralization of Equivalent Special Elements', + status: 'Draft', + }, + { + id: 'CWE-760', + name: 'Use of a One-Way Hash with a Predictable Salt', + status: 'Incomplete', + }, + { + id: 'CWE-761', + name: 'Free of Pointer not at Start of Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-762', + name: 'Mismatched Memory Management Routines', + status: 'Incomplete', + }, + { + id: 'CWE-763', + name: 'Release of Invalid Pointer or Reference', + status: 'Incomplete', + }, + { + id: 'CWE-764', + name: 'Multiple Locks of a Critical Resource', + status: 'Incomplete', + }, + { + id: 'CWE-765', + name: 'Multiple Unlocks of a Critical Resource', + status: 'Incomplete', + }, + { + id: 'CWE-766', + name: 'Critical Variable Declared Public', + status: 'Incomplete', + }, + { + id: 'CWE-767', + name: 'Access to Critical Private Variable via Public Method', + status: 'Incomplete', + }, + { + id: 'CWE-768', + name: 'Incorrect Short Circuit Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-77', + name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", + status: 'Draft', + }, + { + id: 'CWE-770', + name: 'Allocation of Resources Without Limits or Throttling', + status: 'Incomplete', + }, + { + id: 'CWE-771', + name: 'Missing Reference to Active Allocated Resource', + status: 'Incomplete', + }, + { + id: 'CWE-772', + name: 'Missing Release of Resource after Effective Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-773', + name: 'Missing Reference to Active File Descriptor or Handle', + status: 'Incomplete', + }, + { + id: 'CWE-774', + name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', + status: 'Incomplete', + }, + { + id: 'CWE-775', + name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-776', + name: "Unrestricted Recursive Entity References in DTDs ('XML Bomb')", + status: 'Draft', + }, + { + id: 'CWE-777', + name: 'Regular Expression without Anchors', + status: 'Incomplete', + }, + { id: 'CWE-778', name: 'Insufficient Logging', status: 'Draft' }, + { id: 'CWE-779', name: 'Logging of Excessive Data', status: 'Draft' }, + { + id: 'CWE-78', + name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", + status: 'Draft', + }, + { + id: 'CWE-780', + name: 'Use of RSA Algorithm without OAEP', + status: 'Incomplete', + }, + { + id: 'CWE-781', + name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', + status: 'Draft', + }, + { + id: 'CWE-782', + name: 'Exposed IOCTL with Insufficient Access Control', + status: 'Draft', + }, + { id: 'CWE-783', name: 'Operator Precedence Logic Error', status: 'Draft' }, + { + id: 'CWE-784', + name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', + status: 'Draft', + }, + { + id: 'CWE-785', + name: 'Use of Path Manipulation Function without Maximum-sized Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-786', + name: 'Access of Memory Location Before Start of Buffer', + status: 'Incomplete', + }, + { id: 'CWE-787', name: 'Out-of-bounds Write', status: 'Incomplete' }, + { + id: 'CWE-788', + name: 'Access of Memory Location After End of Buffer', + status: 'Incomplete', + }, + { id: 'CWE-789', name: 'Uncontrolled Memory Allocation', status: 'Draft' }, + { + id: 'CWE-79', + name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + status: 'Usable', + }, + { + id: 'CWE-790', + name: 'Improper Filtering of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-791', + name: 'Incomplete Filtering of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-792', + name: 'Incomplete Filtering of One or More Instances of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-793', + name: 'Only Filtering One Instance of a Special Element', + status: 'Incomplete', + }, + { + id: 'CWE-794', + name: 'Incomplete Filtering of Multiple Instances of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-795', + name: 'Only Filtering Special Elements at a Specified Location', + status: 'Incomplete', + }, + { + id: 'CWE-796', + name: 'Only Filtering Special Elements Relative to a Marker', + status: 'Incomplete', + }, + { + id: 'CWE-797', + name: 'Only Filtering Special Elements at an Absolute Position', + status: 'Incomplete', + }, + { + id: 'CWE-798', + name: 'Use of Hard-coded Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-799', + name: 'Improper Control of Interaction Frequency', + status: 'Incomplete', + }, + { + id: 'CWE-8', + name: 'J2EE Misconfiguration: Entity Bean Declared Remote', + status: 'Incomplete', + }, + { + id: 'CWE-80', + name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', + status: 'Incomplete', + }, + { id: 'CWE-804', name: 'Guessable CAPTCHA', status: 'Incomplete' }, + { + id: 'CWE-805', + name: 'Buffer Access with Incorrect Length Value', + status: 'Incomplete', + }, + { + id: 'CWE-806', + name: 'Buffer Access Using Size of Source Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-807', + name: 'Reliance on Untrusted Inputs in a Security Decision', + status: 'Incomplete', + }, + { + id: 'CWE-81', + name: 'Improper Neutralization of Script in an Error Message Web Page', + status: 'Incomplete', + }, + { + id: 'CWE-82', + name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', + status: 'Incomplete', + }, + { id: 'CWE-820', name: 'Missing Synchronization', status: 'Incomplete' }, + { id: 'CWE-821', name: 'Incorrect Synchronization', status: 'Incomplete' }, + { + id: 'CWE-822', + name: 'Untrusted Pointer Dereference', + status: 'Incomplete', + }, + { + id: 'CWE-823', + name: 'Use of Out-of-range Pointer Offset', + status: 'Incomplete', + }, + { + id: 'CWE-824', + name: 'Access of Uninitialized Pointer', + status: 'Incomplete', + }, + { + id: 'CWE-825', + name: 'Expired Pointer Dereference', + status: 'Incomplete', + }, + { + id: 'CWE-826', + name: 'Premature Release of Resource During Expected Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-827', + name: 'Improper Control of Document Type Definition', + status: 'Incomplete', + }, + { + id: 'CWE-828', + name: 'Signal Handler with Functionality that is not Asynchronous-Safe', + status: 'Incomplete', + }, + { + id: 'CWE-829', + name: 'Inclusion of Functionality from Untrusted Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-83', + name: 'Improper Neutralization of Script in Attributes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-830', + name: 'Inclusion of Web Functionality from an Untrusted Source', + status: 'Incomplete', + }, + { + id: 'CWE-831', + name: 'Signal Handler Function Associated with Multiple Signals', + status: 'Incomplete', + }, + { + id: 'CWE-832', + name: 'Unlock of a Resource that is not Locked', + status: 'Incomplete', + }, + { id: 'CWE-833', name: 'Deadlock', status: 'Incomplete' }, + { id: 'CWE-834', name: 'Excessive Iteration', status: 'Incomplete' }, + { + id: 'CWE-835', + name: "Loop with Unreachable Exit Condition ('Infinite Loop')", + status: 'Incomplete', + }, + { + id: 'CWE-836', + name: 'Use of Password Hash Instead of Password for Authentication', + status: 'Incomplete', + }, + { + id: 'CWE-837', + name: 'Improper Enforcement of a Single, Unique Action', + status: 'Incomplete', + }, + { + id: 'CWE-838', + name: 'Inappropriate Encoding for Output Context', + status: 'Incomplete', + }, + { + id: 'CWE-839', + name: 'Numeric Range Comparison Without Minimum Check', + status: 'Incomplete', + }, + { + id: 'CWE-84', + name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-841', + name: 'Improper Enforcement of Behavioral Workflow', + status: 'Incomplete', + }, + { + id: 'CWE-842', + name: 'Placement of User into Incorrect Group', + status: 'Incomplete', + }, + { + id: 'CWE-843', + name: "Access of Resource Using Incompatible Type ('Type Confusion')", + status: 'Incomplete', + }, + { + id: 'CWE-85', + name: 'Doubled Character XSS Manipulations', + status: 'Draft', + }, + { + id: 'CWE-86', + name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', + status: 'Draft', + }, + { id: 'CWE-862', name: 'Missing Authorization', status: 'Incomplete' }, + { id: 'CWE-863', name: 'Incorrect Authorization', status: 'Incomplete' }, + { + id: 'CWE-87', + name: 'Improper Neutralization of Alternate XSS Syntax', + status: 'Draft', + }, + { + id: 'CWE-88', + name: 'Argument Injection or Modification', + status: 'Draft', + }, + { + id: 'CWE-89', + name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + status: 'Draft', + }, + { + id: 'CWE-9', + name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', + status: 'Draft', + }, + { + id: 'CWE-90', + name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", + status: 'Draft', + }, + { + id: 'CWE-91', + name: 'XML Injection (aka Blind XPath Injection)', + status: 'Draft', + }, + { + id: 'CWE-92', + name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', + status: 'Deprecated', + }, + { + id: 'CWE-93', + name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", + status: 'Draft', + }, + { + id: 'CWE-94', + name: "Improper Control of Generation of Code ('Code Injection')", + status: 'Draft', + }, + { + id: 'CWE-95', + name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-96', + name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", + status: 'Draft', + }, + { + id: 'CWE-97', + name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', + status: 'Draft', + }, + { + id: 'CWE-98', + name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP File Inclusion')", + status: 'Draft', + }, + { + id: 'CWE-99', + name: "Improper Control of Resource Identifiers ('Resource Injection')", + status: 'Draft', + }, + ], +} diff --git a/lib/cwec/2.10.js b/lib/cwec/2.10.js new file mode 100644 index 00000000..4598ad19 --- /dev/null +++ b/lib/cwec/2.10.js @@ -0,0 +1,3008 @@ +export default { + weaknesses: [ + { + id: 'CWE-1004', + name: "Sensitive Cookie Without 'HttpOnly' Flag", + status: 'Incomplete', + }, + { + id: 'CWE-102', + name: 'Struts: Duplicate Validation Forms', + status: 'Incomplete', + }, + { + id: 'CWE-103', + name: 'Struts: Incomplete validate() Method Definition', + status: 'Draft', + }, + { + id: 'CWE-104', + name: 'Struts: Form Bean Does Not Extend Validation Class', + status: 'Draft', + }, + { + id: 'CWE-105', + name: 'Struts: Form Field Without Validator', + status: 'Draft', + }, + { + id: 'CWE-106', + name: 'Struts: Plug-in Framework not in Use', + status: 'Draft', + }, + { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, + { + id: 'CWE-108', + name: 'Struts: Unvalidated Action Form', + status: 'Incomplete', + }, + { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, + { + id: 'CWE-11', + name: 'ASP.NET Misconfiguration: Creating Debug Binary', + status: 'Draft', + }, + { + id: 'CWE-110', + name: 'Struts: Validator Without Form Field', + status: 'Draft', + }, + { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, + { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, + { + id: 'CWE-113', + name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')", + status: 'Incomplete', + }, + { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, + { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, + { + id: 'CWE-116', + name: 'Improper Encoding or Escaping of Output', + status: 'Draft', + }, + { + id: 'CWE-117', + name: 'Improper Output Neutralization for Logs', + status: 'Draft', + }, + { + id: 'CWE-118', + name: "Improper Access of Indexable Resource ('Range Error')", + status: 'Incomplete', + }, + { + id: 'CWE-119', + name: 'Improper Restriction of Operations within the Bounds of a Memory Buffer', + status: 'Usable', + }, + { + id: 'CWE-12', + name: 'ASP.NET Misconfiguration: Missing Custom Error Page', + status: 'Draft', + }, + { + id: 'CWE-120', + name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", + status: 'Incomplete', + }, + { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, + { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, + { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, + { + id: 'CWE-124', + name: "Buffer Underwrite ('Buffer Underflow')", + status: 'Incomplete', + }, + { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, + { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, + { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, + { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, + { + id: 'CWE-129', + name: 'Improper Validation of Array Index', + status: 'Draft', + }, + { + id: 'CWE-13', + name: 'ASP.NET Misconfiguration: Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-130', + name: 'Improper Handling of Length Parameter Inconsistency ', + status: 'Incomplete', + }, + { + id: 'CWE-131', + name: 'Incorrect Calculation of Buffer Size', + status: 'Draft', + }, + { + id: 'CWE-132', + name: 'DEPRECATED (Duplicate): Miscalculated Null Termination', + status: 'Deprecated', + }, + { + id: 'CWE-134', + name: 'Use of Externally-Controlled Format String', + status: 'Draft', + }, + { + id: 'CWE-135', + name: 'Incorrect Calculation of Multi-Byte String Length', + status: 'Draft', + }, + { + id: 'CWE-138', + name: 'Improper Neutralization of Special Elements', + status: 'Draft', + }, + { + id: 'CWE-14', + name: 'Compiler Removal of Code to Clear Buffers', + status: 'Draft', + }, + { + id: 'CWE-140', + name: 'Improper Neutralization of Delimiters', + status: 'Draft', + }, + { + id: 'CWE-141', + name: 'Improper Neutralization of Parameter/Argument Delimiters', + status: 'Draft', + }, + { + id: 'CWE-142', + name: 'Improper Neutralization of Value Delimiters', + status: 'Draft', + }, + { + id: 'CWE-143', + name: 'Improper Neutralization of Record Delimiters', + status: 'Draft', + }, + { + id: 'CWE-144', + name: 'Improper Neutralization of Line Delimiters', + status: 'Draft', + }, + { + id: 'CWE-145', + name: 'Improper Neutralization of Section Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-146', + name: 'Improper Neutralization of Expression/Command Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-147', + name: 'Improper Neutralization of Input Terminators', + status: 'Draft', + }, + { + id: 'CWE-148', + name: 'Improper Neutralization of Input Leaders', + status: 'Draft', + }, + { + id: 'CWE-149', + name: 'Improper Neutralization of Quoting Syntax', + status: 'Draft', + }, + { + id: 'CWE-15', + name: 'External Control of System or Configuration Setting', + status: 'Incomplete', + }, + { + id: 'CWE-150', + name: 'Improper Neutralization of Escape, Meta, or Control Sequences', + status: 'Incomplete', + }, + { + id: 'CWE-151', + name: 'Improper Neutralization of Comment Delimiters', + status: 'Draft', + }, + { + id: 'CWE-152', + name: 'Improper Neutralization of Macro Symbols', + status: 'Draft', + }, + { + id: 'CWE-153', + name: 'Improper Neutralization of Substitution Characters', + status: 'Draft', + }, + { + id: 'CWE-154', + name: 'Improper Neutralization of Variable Name Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-155', + name: 'Improper Neutralization of Wildcards or Matching Symbols', + status: 'Draft', + }, + { + id: 'CWE-156', + name: 'Improper Neutralization of Whitespace', + status: 'Draft', + }, + { + id: 'CWE-157', + name: 'Failure to Sanitize Paired Delimiters', + status: 'Draft', + }, + { + id: 'CWE-158', + name: 'Improper Neutralization of Null Byte or NUL Character', + status: 'Incomplete', + }, + { + id: 'CWE-159', + name: 'Failure to Sanitize Special Element', + status: 'Draft', + }, + { + id: 'CWE-160', + name: 'Improper Neutralization of Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-161', + name: 'Improper Neutralization of Multiple Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-162', + name: 'Improper Neutralization of Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-163', + name: 'Improper Neutralization of Multiple Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-164', + name: 'Improper Neutralization of Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-165', + name: 'Improper Neutralization of Multiple Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-166', + name: 'Improper Handling of Missing Special Element', + status: 'Draft', + }, + { + id: 'CWE-167', + name: 'Improper Handling of Additional Special Element', + status: 'Draft', + }, + { + id: 'CWE-168', + name: 'Improper Handling of Inconsistent Special Elements', + status: 'Draft', + }, + { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, + { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, + { + id: 'CWE-173', + name: 'Improper Handling of Alternate Encoding', + status: 'Draft', + }, + { + id: 'CWE-174', + name: 'Double Decoding of the Same Data', + status: 'Draft', + }, + { + id: 'CWE-175', + name: 'Improper Handling of Mixed Encoding', + status: 'Draft', + }, + { + id: 'CWE-176', + name: 'Improper Handling of Unicode Encoding', + status: 'Draft', + }, + { + id: 'CWE-177', + name: 'Improper Handling of URL Encoding (Hex Encoding)', + status: 'Draft', + }, + { + id: 'CWE-178', + name: 'Improper Handling of Case Sensitivity', + status: 'Incomplete', + }, + { + id: 'CWE-179', + name: 'Incorrect Behavior Order: Early Validation', + status: 'Incomplete', + }, + { + id: 'CWE-180', + name: 'Incorrect Behavior Order: Validate Before Canonicalize', + status: 'Draft', + }, + { + id: 'CWE-181', + name: 'Incorrect Behavior Order: Validate Before Filter', + status: 'Draft', + }, + { + id: 'CWE-182', + name: 'Collapse of Data into Unsafe Value', + status: 'Draft', + }, + { id: 'CWE-183', name: 'Permissive Whitelist', status: 'Draft' }, + { id: 'CWE-184', name: 'Incomplete Blacklist', status: 'Draft' }, + { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, + { + id: 'CWE-186', + name: 'Overly Restrictive Regular Expression', + status: 'Draft', + }, + { id: 'CWE-187', name: 'Partial Comparison', status: 'Incomplete' }, + { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, + { + id: 'CWE-190', + name: 'Integer Overflow or Wraparound', + status: 'Incomplete', + }, + { + id: 'CWE-191', + name: 'Integer Underflow (Wrap or Wraparound)', + status: 'Draft', + }, + { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, + { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, + { + id: 'CWE-195', + name: 'Signed to Unsigned Conversion Error', + status: 'Draft', + }, + { + id: 'CWE-196', + name: 'Unsigned to Signed Conversion Error', + status: 'Draft', + }, + { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, + { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, + { id: 'CWE-20', name: 'Improper Input Validation', status: 'Usable' }, + { id: 'CWE-200', name: 'Information Exposure', status: 'Incomplete' }, + { + id: 'CWE-201', + name: 'Information Exposure Through Sent Data', + status: 'Draft', + }, + { + id: 'CWE-202', + name: 'Exposure of Sensitive Data Through Data Queries', + status: 'Draft', + }, + { + id: 'CWE-203', + name: 'Information Exposure Through Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-204', + name: 'Response Discrepancy Information Exposure', + status: 'Incomplete', + }, + { + id: 'CWE-205', + name: 'Information Exposure Through Behavioral Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-206', + name: 'Information Exposure of Internal State Through Behavioral Inconsistency', + status: 'Incomplete', + }, + { + id: 'CWE-207', + name: 'Information Exposure Through an External Behavioral Inconsistency', + status: 'Draft', + }, + { + id: 'CWE-208', + name: 'Information Exposure Through Timing Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-209', + name: 'Information Exposure Through an Error Message', + status: 'Draft', + }, + { + id: 'CWE-210', + name: 'Information Exposure Through Self-generated Error Message', + status: 'Draft', + }, + { + id: 'CWE-211', + name: 'Information Exposure Through Externally-generated Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-212', + name: 'Improper Cross-boundary Removal of Sensitive Data', + status: 'Incomplete', + }, + { + id: 'CWE-213', + name: 'Intentional Information Exposure', + status: 'Draft', + }, + { + id: 'CWE-214', + name: 'Information Exposure Through Process Environment', + status: 'Incomplete', + }, + { + id: 'CWE-215', + name: 'Information Exposure Through Debug Information', + status: 'Draft', + }, + { + id: 'CWE-216', + name: 'Containment Errors (Container Errors)', + status: 'Incomplete', + }, + { + id: 'CWE-217', + name: 'DEPRECATED: Failure to Protect Stored Data from Modification', + status: 'Deprecated', + }, + { + id: 'CWE-218', + name: 'DEPRECATED (Duplicate): Failure to provide confidentiality for stored data', + status: 'Deprecated', + }, + { id: 'CWE-219', name: 'Sensitive Data Under Web Root', status: 'Draft' }, + { + id: 'CWE-22', + name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + status: 'Draft', + }, + { id: 'CWE-220', name: 'Sensitive Data Under FTP Root', status: 'Draft' }, + { + id: 'CWE-221', + name: 'Information Loss or Omission', + status: 'Incomplete', + }, + { + id: 'CWE-222', + name: 'Truncation of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-223', + name: 'Omission of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-224', + name: 'Obscured Security-relevant Information by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-225', + name: 'DEPRECATED (Duplicate): General Information Management Problems', + status: 'Deprecated', + }, + { + id: 'CWE-226', + name: 'Sensitive Information Uncleared Before Release', + status: 'Draft', + }, + { + id: 'CWE-227', + name: "Improper Fulfillment of API Contract ('API Abuse')", + status: 'Draft', + }, + { + id: 'CWE-228', + name: 'Improper Handling of Syntactically Invalid Structure', + status: 'Incomplete', + }, + { + id: 'CWE-229', + name: 'Improper Handling of Values', + status: 'Incomplete', + }, + { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, + { + id: 'CWE-230', + name: 'Improper Handling of Missing Values', + status: 'Draft', + }, + { + id: 'CWE-231', + name: 'Improper Handling of Extra Values', + status: 'Draft', + }, + { + id: 'CWE-232', + name: 'Improper Handling of Undefined Values', + status: 'Draft', + }, + { + id: 'CWE-233', + name: 'Improper Handling of Parameters', + status: 'Incomplete', + }, + { + id: 'CWE-234', + name: 'Failure to Handle Missing Parameter', + status: 'Incomplete', + }, + { + id: 'CWE-235', + name: 'Improper Handling of Extra Parameters', + status: 'Draft', + }, + { + id: 'CWE-236', + name: 'Improper Handling of Undefined Parameters', + status: 'Draft', + }, + { + id: 'CWE-237', + name: 'Improper Handling of Structural Elements', + status: 'Incomplete', + }, + { + id: 'CWE-238', + name: 'Improper Handling of Incomplete Structural Elements', + status: 'Draft', + }, + { + id: 'CWE-239', + name: 'Failure to Handle Incomplete Element', + status: 'Draft', + }, + { + id: 'CWE-24', + name: "Path Traversal: '../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-240', + name: 'Improper Handling of Inconsistent Structural Elements', + status: 'Draft', + }, + { + id: 'CWE-241', + name: 'Improper Handling of Unexpected Data Type', + status: 'Draft', + }, + { + id: 'CWE-242', + name: 'Use of Inherently Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-243', + name: 'Creation of chroot Jail Without Changing Working Directory', + status: 'Draft', + }, + { + id: 'CWE-244', + name: "Improper Clearing of Heap Memory Before Release ('Heap Inspection')", + status: 'Draft', + }, + { + id: 'CWE-245', + name: 'J2EE Bad Practices: Direct Management of Connections', + status: 'Draft', + }, + { + id: 'CWE-246', + name: 'J2EE Bad Practices: Direct Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-247', + name: 'DEPRECATED (Duplicate): Reliance on DNS Lookups in a Security Decision', + status: 'Deprecated', + }, + { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, + { + id: 'CWE-249', + name: 'DEPRECATED: Often Misused: Path Manipulation', + status: 'Deprecated', + }, + { + id: 'CWE-25', + name: "Path Traversal: '/../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-250', + name: 'Execution with Unnecessary Privileges', + status: 'Draft', + }, + { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, + { + id: 'CWE-253', + name: 'Incorrect Check of Function Return Value', + status: 'Incomplete', + }, + { + id: 'CWE-256', + name: 'Plaintext Storage of a Password', + status: 'Incomplete', + }, + { + id: 'CWE-257', + name: 'Storing Passwords in a Recoverable Format', + status: 'Incomplete', + }, + { + id: 'CWE-258', + name: 'Empty Password in Configuration File', + status: 'Incomplete', + }, + { id: 'CWE-259', name: 'Use of Hard-coded Password', status: 'Draft' }, + { + id: 'CWE-26', + name: "Path Traversal: '/dir/../filename'", + status: 'Draft', + }, + { + id: 'CWE-260', + name: 'Password in Configuration File', + status: 'Incomplete', + }, + { + id: 'CWE-261', + name: 'Weak Cryptography for Passwords', + status: 'Incomplete', + }, + { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, + { + id: 'CWE-263', + name: 'Password Aging with Long Expiration', + status: 'Draft', + }, + { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, + { + id: 'CWE-267', + name: 'Privilege Defined With Unsafe Actions', + status: 'Incomplete', + }, + { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, + { + id: 'CWE-269', + name: 'Improper Privilege Management', + status: 'Incomplete', + }, + { + id: 'CWE-27', + name: "Path Traversal: 'dir/../../filename'", + status: 'Draft', + }, + { + id: 'CWE-270', + name: 'Privilege Context Switching Error', + status: 'Draft', + }, + { + id: 'CWE-271', + name: 'Privilege Dropping / Lowering Errors', + status: 'Incomplete', + }, + { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, + { + id: 'CWE-273', + name: 'Improper Check for Dropped Privileges', + status: 'Incomplete', + }, + { + id: 'CWE-274', + name: 'Improper Handling of Insufficient Privileges', + status: 'Draft', + }, + { id: 'CWE-276', name: 'Incorrect Default Permissions', status: 'Draft' }, + { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, + { + id: 'CWE-278', + name: 'Insecure Preserved Inherited Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-279', + name: 'Incorrect Execution-Assigned Permissions', + status: 'Draft', + }, + { + id: 'CWE-28', + name: "Path Traversal: '..\\filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-280', + name: 'Improper Handling of Insufficient Permissions or Privileges ', + status: 'Draft', + }, + { + id: 'CWE-281', + name: 'Improper Preservation of Permissions', + status: 'Draft', + }, + { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, + { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, + { id: 'CWE-284', name: 'Improper Access Control', status: 'Incomplete' }, + { id: 'CWE-285', name: 'Improper Authorization', status: 'Draft' }, + { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, + { id: 'CWE-287', name: 'Improper Authentication', status: 'Draft' }, + { + id: 'CWE-288', + name: 'Authentication Bypass Using an Alternate Path or Channel', + status: 'Incomplete', + }, + { + id: 'CWE-289', + name: 'Authentication Bypass by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-29', + name: "Path Traversal: '\\..\\filename'", + status: 'Incomplete', + }, + { + id: 'CWE-290', + name: 'Authentication Bypass by Spoofing', + status: 'Incomplete', + }, + { + id: 'CWE-291', + name: 'Reliance on IP Address for Authentication', + status: 'Incomplete', + }, + { + id: 'CWE-292', + name: 'DEPRECATED (Duplicate): Trusting Self-reported DNS Name', + status: 'Deprecated', + }, + { + id: 'CWE-293', + name: 'Using Referer Field for Authentication', + status: 'Draft', + }, + { + id: 'CWE-294', + name: 'Authentication Bypass by Capture-replay', + status: 'Incomplete', + }, + { + id: 'CWE-295', + name: 'Improper Certificate Validation', + status: 'Incomplete', + }, + { + id: 'CWE-296', + name: "Improper Following of a Certificate's Chain of Trust", + status: 'Draft', + }, + { + id: 'CWE-297', + name: 'Improper Validation of Certificate with Host Mismatch', + status: 'Incomplete', + }, + { + id: 'CWE-298', + name: 'Improper Validation of Certificate Expiration', + status: 'Draft', + }, + { + id: 'CWE-299', + name: 'Improper Check for Certificate Revocation', + status: 'Draft', + }, + { + id: 'CWE-30', + name: "Path Traversal: '\\dir\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-300', + name: "Channel Accessible by Non-Endpoint ('Man-in-the-Middle')", + status: 'Draft', + }, + { + id: 'CWE-301', + name: 'Reflection Attack in an Authentication Protocol', + status: 'Draft', + }, + { + id: 'CWE-302', + name: 'Authentication Bypass by Assumed-Immutable Data', + status: 'Incomplete', + }, + { + id: 'CWE-303', + name: 'Incorrect Implementation of Authentication Algorithm', + status: 'Draft', + }, + { + id: 'CWE-304', + name: 'Missing Critical Step in Authentication', + status: 'Draft', + }, + { + id: 'CWE-305', + name: 'Authentication Bypass by Primary Weakness', + status: 'Draft', + }, + { + id: 'CWE-306', + name: 'Missing Authentication for Critical Function', + status: 'Draft', + }, + { + id: 'CWE-307', + name: 'Improper Restriction of Excessive Authentication Attempts', + status: 'Draft', + }, + { + id: 'CWE-308', + name: 'Use of Single-factor Authentication', + status: 'Draft', + }, + { + id: 'CWE-309', + name: 'Use of Password System for Primary Authentication', + status: 'Draft', + }, + { + id: 'CWE-31', + name: "Path Traversal: 'dir\\..\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-311', + name: 'Missing Encryption of Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-312', + name: 'Cleartext Storage of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-313', + name: 'Cleartext Storage in a File or on Disk', + status: 'Draft', + }, + { + id: 'CWE-314', + name: 'Cleartext Storage in the Registry', + status: 'Draft', + }, + { + id: 'CWE-315', + name: 'Cleartext Storage of Sensitive Information in a Cookie', + status: 'Draft', + }, + { + id: 'CWE-316', + name: 'Cleartext Storage of Sensitive Information in Memory', + status: 'Draft', + }, + { + id: 'CWE-317', + name: 'Cleartext Storage of Sensitive Information in GUI', + status: 'Draft', + }, + { + id: 'CWE-318', + name: 'Cleartext Storage of Sensitive Information in Executable', + status: 'Draft', + }, + { + id: 'CWE-319', + name: 'Cleartext Transmission of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-32', + name: "Path Traversal: '...' (Triple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-321', + name: 'Use of Hard-coded Cryptographic Key', + status: 'Draft', + }, + { + id: 'CWE-322', + name: 'Key Exchange without Entity Authentication', + status: 'Draft', + }, + { + id: 'CWE-323', + name: 'Reusing a Nonce, Key Pair in Encryption', + status: 'Incomplete', + }, + { + id: 'CWE-324', + name: 'Use of a Key Past its Expiration Date', + status: 'Draft', + }, + { + id: 'CWE-325', + name: 'Missing Required Cryptographic Step', + status: 'Incomplete', + }, + { id: 'CWE-326', name: 'Inadequate Encryption Strength', status: 'Draft' }, + { + id: 'CWE-327', + name: 'Use of a Broken or Risky Cryptographic Algorithm', + status: 'Draft', + }, + { id: 'CWE-328', name: 'Reversible One-Way Hash', status: 'Draft' }, + { + id: 'CWE-329', + name: 'Not Using a Random IV with CBC Mode', + status: 'Draft', + }, + { + id: 'CWE-33', + name: "Path Traversal: '....' (Multiple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-330', + name: 'Use of Insufficiently Random Values', + status: 'Usable', + }, + { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, + { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, + { + id: 'CWE-333', + name: 'Improper Handling of Insufficient Entropy in TRNG', + status: 'Draft', + }, + { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, + { id: 'CWE-335', name: 'PRNG Seed Error', status: 'Draft' }, + { id: 'CWE-336', name: 'Same Seed in PRNG', status: 'Draft' }, + { id: 'CWE-337', name: 'Predictable Seed in PRNG', status: 'Draft' }, + { + id: 'CWE-338', + name: 'Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + }, + { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, + { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, + { id: 'CWE-340', name: 'Predictability Problems', status: 'Incomplete' }, + { + id: 'CWE-341', + name: 'Predictable from Observable State', + status: 'Draft', + }, + { + id: 'CWE-342', + name: 'Predictable Exact Value from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-343', + name: 'Predictable Value Range from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-344', + name: 'Use of Invariant Value in Dynamically Changing Context', + status: 'Draft', + }, + { + id: 'CWE-345', + name: 'Insufficient Verification of Data Authenticity', + status: 'Draft', + }, + { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, + { + id: 'CWE-347', + name: 'Improper Verification of Cryptographic Signature', + status: 'Draft', + }, + { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, + { + id: 'CWE-349', + name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', + status: 'Draft', + }, + { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, + { + id: 'CWE-350', + name: 'Reliance on Reverse DNS Resolution for a Security-Critical Action', + status: 'Draft', + }, + { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, + { + id: 'CWE-353', + name: 'Missing Support for Integrity Check', + status: 'Draft', + }, + { + id: 'CWE-354', + name: 'Improper Validation of Integrity Check Value', + status: 'Draft', + }, + { + id: 'CWE-356', + name: 'Product UI does not Warn User of Unsafe Actions', + status: 'Incomplete', + }, + { + id: 'CWE-357', + name: 'Insufficient UI Warning of Dangerous Operations', + status: 'Draft', + }, + { + id: 'CWE-358', + name: 'Improperly Implemented Security Check for Standard', + status: 'Draft', + }, + { + id: 'CWE-359', + name: "Exposure of Private Information ('Privacy Violation')", + status: 'Incomplete', + }, + { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, + { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, + { + id: 'CWE-362', + name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", + status: 'Draft', + }, + { + id: 'CWE-363', + name: 'Race Condition Enabling Link Following', + status: 'Draft', + }, + { + id: 'CWE-364', + name: 'Signal Handler Race Condition', + status: 'Incomplete', + }, + { id: 'CWE-365', name: 'Race Condition in Switch', status: 'Draft' }, + { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, + { + id: 'CWE-367', + name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', + status: 'Incomplete', + }, + { + id: 'CWE-368', + name: 'Context Switching Race Condition', + status: 'Draft', + }, + { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, + { + id: 'CWE-37', + name: "Path Traversal: '/absolute/pathname/here'", + status: 'Draft', + }, + { + id: 'CWE-370', + name: 'Missing Check for Certificate Revocation after Initial Check', + status: 'Draft', + }, + { + id: 'CWE-372', + name: 'Incomplete Internal State Distinction', + status: 'Draft', + }, + { + id: 'CWE-373', + name: 'DEPRECATED: State Synchronization Error', + status: 'Deprecated', + }, + { + id: 'CWE-374', + name: 'Passing Mutable Objects to an Untrusted Method', + status: 'Draft', + }, + { + id: 'CWE-375', + name: 'Returning a Mutable Object to an Untrusted Caller', + status: 'Draft', + }, + { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, + { + id: 'CWE-378', + name: 'Creation of Temporary File With Insecure Permissions', + status: 'Draft', + }, + { + id: 'CWE-379', + name: 'Creation of Temporary File in Directory with Incorrect Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-38', + name: "Path Traversal: '\\absolute\\pathname\\here'", + status: 'Draft', + }, + { + id: 'CWE-382', + name: 'J2EE Bad Practices: Use of System.exit()', + status: 'Draft', + }, + { + id: 'CWE-383', + name: 'J2EE Bad Practices: Direct Use of Threads', + status: 'Draft', + }, + { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, + { + id: 'CWE-386', + name: 'Symbolic Name not Mapping to Correct Object', + status: 'Draft', + }, + { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, + { + id: 'CWE-390', + name: 'Detection of Error Condition Without Action', + status: 'Draft', + }, + { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, + { + id: 'CWE-392', + name: 'Missing Report of Error Condition', + status: 'Draft', + }, + { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, + { + id: 'CWE-394', + name: 'Unexpected Status Code or Return Value', + status: 'Draft', + }, + { + id: 'CWE-395', + name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', + status: 'Draft', + }, + { + id: 'CWE-396', + name: 'Declaration of Catch for Generic Exception', + status: 'Draft', + }, + { + id: 'CWE-397', + name: 'Declaration of Throws for Generic Exception', + status: 'Draft', + }, + { id: 'CWE-398', name: 'Indicator of Poor Code Quality', status: 'Draft' }, + { + id: 'CWE-40', + name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", + status: 'Draft', + }, + { + id: 'CWE-400', + name: "Uncontrolled Resource Consumption ('Resource Exhaustion')", + status: 'Incomplete', + }, + { + id: 'CWE-401', + name: "Improper Release of Memory Before Removing Last Reference ('Memory Leak')", + status: 'Draft', + }, + { + id: 'CWE-402', + name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", + status: 'Draft', + }, + { + id: 'CWE-403', + name: "Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')", + status: 'Draft', + }, + { + id: 'CWE-404', + name: 'Improper Resource Shutdown or Release', + status: 'Draft', + }, + { + id: 'CWE-405', + name: 'Asymmetric Resource Consumption (Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-406', + name: 'Insufficient Control of Network Message Volume (Network Amplification)', + status: 'Incomplete', + }, + { id: 'CWE-407', name: 'Algorithmic Complexity', status: 'Incomplete' }, + { + id: 'CWE-408', + name: 'Incorrect Behavior Order: Early Amplification', + status: 'Draft', + }, + { + id: 'CWE-409', + name: 'Improper Handling of Highly Compressed Data (Data Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-41', + name: 'Improper Resolution of Path Equivalence', + status: 'Incomplete', + }, + { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, + { + id: 'CWE-412', + name: 'Unrestricted Externally Accessible Lock', + status: 'Incomplete', + }, + { id: 'CWE-413', name: 'Improper Resource Locking', status: 'Draft' }, + { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, + { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, + { id: 'CWE-416', name: 'Use After Free', status: 'Draft' }, + { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, + { + id: 'CWE-42', + name: "Path Equivalence: 'filename.' (Trailing Dot)", + status: 'Incomplete', + }, + { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, + { + id: 'CWE-421', + name: 'Race Condition During Access to Alternate Channel', + status: 'Draft', + }, + { + id: 'CWE-422', + name: "Unprotected Windows Messaging Channel ('Shatter')", + status: 'Draft', + }, + { + id: 'CWE-423', + name: 'DEPRECATED (Duplicate): Proxied Trusted Channel', + status: 'Deprecated', + }, + { + id: 'CWE-424', + name: 'Improper Protection of Alternate Path', + status: 'Draft', + }, + { + id: 'CWE-425', + name: "Direct Request ('Forced Browsing')", + status: 'Incomplete', + }, + { + id: 'CWE-427', + name: 'Uncontrolled Search Path Element', + status: 'Draft', + }, + { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, + { + id: 'CWE-43', + name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-430', + name: 'Deployment of Wrong Handler', + status: 'Incomplete', + }, + { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, + { + id: 'CWE-432', + name: 'Dangerous Signal Handler not Disabled During Sensitive Operations', + status: 'Draft', + }, + { + id: 'CWE-433', + name: 'Unparsed Raw Web Content Delivery', + status: 'Incomplete', + }, + { + id: 'CWE-434', + name: 'Unrestricted Upload of File with Dangerous Type', + status: 'Draft', + }, + { id: 'CWE-435', name: 'Interaction Error', status: 'Draft' }, + { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, + { + id: 'CWE-437', + name: 'Incomplete Model of Endpoint Features', + status: 'Incomplete', + }, + { + id: 'CWE-439', + name: 'Behavioral Change in New Version or Environment', + status: 'Draft', + }, + { + id: 'CWE-44', + name: "Path Equivalence: 'file.name' (Internal Dot)", + status: 'Incomplete', + }, + { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, + { + id: 'CWE-441', + name: "Unintended Proxy or Intermediary ('Confused Deputy')", + status: 'Draft', + }, + { + id: 'CWE-443', + name: 'DEPRECATED (Duplicate): HTTP response splitting', + status: 'Deprecated', + }, + { + id: 'CWE-444', + name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')", + status: 'Incomplete', + }, + { + id: 'CWE-446', + name: 'UI Discrepancy for Security Feature', + status: 'Incomplete', + }, + { + id: 'CWE-447', + name: 'Unimplemented or Unsupported Feature in UI', + status: 'Draft', + }, + { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, + { + id: 'CWE-449', + name: 'The UI Performs the Wrong Action', + status: 'Incomplete', + }, + { + id: 'CWE-45', + name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-450', + name: 'Multiple Interpretations of UI Input', + status: 'Draft', + }, + { + id: 'CWE-451', + name: 'User Interface (UI) Misrepresentation of Critical Information', + status: 'Draft', + }, + { + id: 'CWE-453', + name: 'Insecure Default Variable Initialization', + status: 'Draft', + }, + { + id: 'CWE-454', + name: 'External Initialization of Trusted Variables or Data Stores', + status: 'Draft', + }, + { + id: 'CWE-455', + name: 'Non-exit on Failed Initialization', + status: 'Draft', + }, + { + id: 'CWE-456', + name: 'Missing Initialization of a Variable', + status: 'Draft', + }, + { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, + { + id: 'CWE-458', + name: 'DEPRECATED: Incorrect Initialization', + status: 'Deprecated', + }, + { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, + { + id: 'CWE-46', + name: "Path Equivalence: 'filename ' (Trailing Space)", + status: 'Incomplete', + }, + { + id: 'CWE-460', + name: 'Improper Cleanup on Thrown Exception', + status: 'Draft', + }, + { + id: 'CWE-462', + name: 'Duplicate Key in Associative List (Alist)', + status: 'Incomplete', + }, + { + id: 'CWE-463', + name: 'Deletion of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-464', + name: 'Addition of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-466', + name: 'Return of Pointer Value Outside of Expected Range', + status: 'Draft', + }, + { + id: 'CWE-467', + name: 'Use of sizeof() on a Pointer Type', + status: 'Draft', + }, + { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, + { + id: 'CWE-469', + name: 'Use of Pointer Subtraction to Determine Size', + status: 'Draft', + }, + { + id: 'CWE-47', + name: "Path Equivalence: ' filename' (Leading Space)", + status: 'Incomplete', + }, + { + id: 'CWE-470', + name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", + status: 'Draft', + }, + { + id: 'CWE-471', + name: 'Modification of Assumed-Immutable Data (MAID)', + status: 'Draft', + }, + { + id: 'CWE-472', + name: 'External Control of Assumed-Immutable Web Parameter', + status: 'Draft', + }, + { + id: 'CWE-473', + name: 'PHP External Variable Modification', + status: 'Draft', + }, + { + id: 'CWE-474', + name: 'Use of Function with Inconsistent Implementations', + status: 'Draft', + }, + { + id: 'CWE-475', + name: 'Undefined Behavior for Input to API', + status: 'Incomplete', + }, + { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Draft' }, + { id: 'CWE-477', name: 'Use of Obsolete Functions', status: 'Draft' }, + { + id: 'CWE-478', + name: 'Missing Default Case in Switch Statement', + status: 'Draft', + }, + { + id: 'CWE-479', + name: 'Signal Handler Use of a Non-reentrant Function', + status: 'Draft', + }, + { + id: 'CWE-48', + name: "Path Equivalence: 'file name' (Internal Whitespace)", + status: 'Incomplete', + }, + { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, + { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, + { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, + { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, + { + id: 'CWE-484', + name: 'Omitted Break Statement in Switch', + status: 'Draft', + }, + { id: 'CWE-485', name: 'Insufficient Encapsulation', status: 'Draft' }, + { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, + { + id: 'CWE-487', + name: 'Reliance on Package-level Scope', + status: 'Incomplete', + }, + { + id: 'CWE-488', + name: 'Exposure of Data Element to Wrong Session', + status: 'Draft', + }, + { id: 'CWE-489', name: 'Leftover Debug Code', status: 'Draft' }, + { + id: 'CWE-49', + name: "Path Equivalence: 'filename/' (Trailing Slash)", + status: 'Incomplete', + }, + { + id: 'CWE-491', + name: "Public cloneable() Method Without Final ('Object Hijack')", + status: 'Draft', + }, + { + id: 'CWE-492', + name: 'Use of Inner Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-493', + name: 'Critical Public Variable Without Final Modifier', + status: 'Draft', + }, + { + id: 'CWE-494', + name: 'Download of Code Without Integrity Check', + status: 'Draft', + }, + { + id: 'CWE-495', + name: 'Private Array-Typed Field Returned From A Public Method', + status: 'Draft', + }, + { + id: 'CWE-496', + name: 'Public Data Assigned to Private Array-Typed Field', + status: 'Incomplete', + }, + { + id: 'CWE-497', + name: 'Exposure of System Data to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-498', + name: 'Cloneable Class Containing Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-499', + name: 'Serializable Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-5', + name: 'J2EE Misconfiguration: Data Transmission Without Encryption', + status: 'Draft', + }, + { + id: 'CWE-50', + name: "Path Equivalence: '//multiple/leading/slash'", + status: 'Incomplete', + }, + { + id: 'CWE-500', + name: 'Public Static Field Not Marked Final', + status: 'Draft', + }, + { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, + { + id: 'CWE-502', + name: 'Deserialization of Untrusted Data', + status: 'Draft', + }, + { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, + { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, + { + id: 'CWE-508', + name: 'Non-Replicating Malicious Code', + status: 'Incomplete', + }, + { + id: 'CWE-509', + name: 'Replicating Malicious Code (Virus or Worm)', + status: 'Incomplete', + }, + { + id: 'CWE-51', + name: "Path Equivalence: '/multiple//internal/slash'", + status: 'Incomplete', + }, + { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, + { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, + { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, + { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, + { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, + { + id: 'CWE-516', + name: 'DEPRECATED (Duplicate): Covert Timing Channel', + status: 'Deprecated', + }, + { + id: 'CWE-52', + name: "Path Equivalence: '/multiple/trailing/slash//'", + status: 'Incomplete', + }, + { + id: 'CWE-520', + name: '.NET Misconfiguration: Use of Impersonation', + status: 'Incomplete', + }, + { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, + { + id: 'CWE-522', + name: 'Insufficiently Protected Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-523', + name: 'Unprotected Transport of Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-524', + name: 'Information Exposure Through Caching', + status: 'Incomplete', + }, + { + id: 'CWE-525', + name: 'Information Exposure Through Browser Caching', + status: 'Incomplete', + }, + { + id: 'CWE-526', + name: 'Information Exposure Through Environmental Variables', + status: 'Incomplete', + }, + { + id: 'CWE-527', + name: 'Exposure of CVS Repository to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-528', + name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', + status: 'Draft', + }, + { + id: 'CWE-529', + name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-53', + name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", + status: 'Incomplete', + }, + { + id: 'CWE-530', + name: 'Exposure of Backup File to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-531', + name: 'Information Exposure Through Test Code', + status: 'Incomplete', + }, + { + id: 'CWE-532', + name: 'Information Exposure Through Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-533', + name: 'Information Exposure Through Server Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-534', + name: 'Information Exposure Through Debug Log Files', + status: 'Draft', + }, + { + id: 'CWE-535', + name: 'Information Exposure Through Shell Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-536', + name: 'Information Exposure Through Servlet Runtime Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-537', + name: 'Information Exposure Through Java Runtime Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-538', + name: 'File and Directory Information Exposure', + status: 'Draft', + }, + { + id: 'CWE-539', + name: 'Information Exposure Through Persistent Cookies', + status: 'Incomplete', + }, + { + id: 'CWE-54', + name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", + status: 'Incomplete', + }, + { + id: 'CWE-540', + name: 'Information Exposure Through Source Code', + status: 'Incomplete', + }, + { + id: 'CWE-541', + name: 'Information Exposure Through Include Source Code', + status: 'Incomplete', + }, + { + id: 'CWE-542', + name: 'Information Exposure Through Cleanup Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-543', + name: 'Use of Singleton Pattern Without Synchronization in a Multithreaded Context', + status: 'Incomplete', + }, + { + id: 'CWE-544', + name: 'Missing Standardized Error Handling Mechanism', + status: 'Draft', + }, + { + id: 'CWE-545', + name: 'Use of Dynamic Class Loading', + status: 'Incomplete', + }, + { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, + { + id: 'CWE-547', + name: 'Use of Hard-coded, Security-relevant Constants', + status: 'Draft', + }, + { + id: 'CWE-548', + name: 'Information Exposure Through Directory Listing', + status: 'Draft', + }, + { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, + { + id: 'CWE-55', + name: "Path Equivalence: '/./' (Single Dot Directory)", + status: 'Incomplete', + }, + { + id: 'CWE-550', + name: 'Information Exposure Through Server Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-551', + name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', + status: 'Incomplete', + }, + { + id: 'CWE-552', + name: 'Files or Directories Accessible to External Parties', + status: 'Draft', + }, + { + id: 'CWE-553', + name: 'Command Shell in Externally Accessible Directory', + status: 'Incomplete', + }, + { + id: 'CWE-554', + name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', + status: 'Draft', + }, + { + id: 'CWE-555', + name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-556', + name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', + status: 'Incomplete', + }, + { + id: 'CWE-558', + name: 'Use of getlogin() in Multithreaded Application', + status: 'Draft', + }, + { + id: 'CWE-56', + name: "Path Equivalence: 'filedir*' (Wildcard)", + status: 'Incomplete', + }, + { + id: 'CWE-560', + name: 'Use of umask() with chmod-style Argument', + status: 'Draft', + }, + { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, + { + id: 'CWE-562', + name: 'Return of Stack Variable Address', + status: 'Draft', + }, + { + id: 'CWE-563', + name: "Assignment to Variable without Use ('Unused Variable')", + status: 'Draft', + }, + { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, + { + id: 'CWE-565', + name: 'Reliance on Cookies without Validation and Integrity Checking', + status: 'Incomplete', + }, + { + id: 'CWE-566', + name: 'Authorization Bypass Through User-Controlled SQL Primary Key', + status: 'Incomplete', + }, + { + id: 'CWE-567', + name: 'Unsynchronized Access to Shared Data in a Multithreaded Context', + status: 'Draft', + }, + { + id: 'CWE-568', + name: 'finalize() Method Without super.finalize()', + status: 'Draft', + }, + { + id: 'CWE-57', + name: "Path Equivalence: 'fakedir/../realdir/filename'", + status: 'Incomplete', + }, + { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, + { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, + { + id: 'CWE-572', + name: 'Call to Thread run() instead of start()', + status: 'Draft', + }, + { + id: 'CWE-573', + name: 'Improper Following of Specification by Caller', + status: 'Draft', + }, + { + id: 'CWE-574', + name: 'EJB Bad Practices: Use of Synchronization Primitives', + status: 'Draft', + }, + { + id: 'CWE-575', + name: 'EJB Bad Practices: Use of AWT Swing', + status: 'Draft', + }, + { + id: 'CWE-576', + name: 'EJB Bad Practices: Use of Java I/O', + status: 'Draft', + }, + { + id: 'CWE-577', + name: 'EJB Bad Practices: Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-578', + name: 'EJB Bad Practices: Use of Class Loader', + status: 'Draft', + }, + { + id: 'CWE-579', + name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', + status: 'Draft', + }, + { + id: 'CWE-58', + name: 'Path Equivalence: Windows 8.3 Filename', + status: 'Incomplete', + }, + { + id: 'CWE-580', + name: 'clone() Method Without super.clone()', + status: 'Draft', + }, + { + id: 'CWE-581', + name: 'Object Model Violation: Just One of Equals and Hashcode Defined', + status: 'Draft', + }, + { + id: 'CWE-582', + name: 'Array Declared Public, Final, and Static', + status: 'Draft', + }, + { + id: 'CWE-583', + name: 'finalize() Method Declared Public', + status: 'Incomplete', + }, + { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, + { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, + { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, + { + id: 'CWE-587', + name: 'Assignment of a Fixed Address to a Pointer', + status: 'Draft', + }, + { + id: 'CWE-588', + name: 'Attempt to Access Child of a Non-structure Pointer', + status: 'Incomplete', + }, + { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, + { + id: 'CWE-59', + name: "Improper Link Resolution Before File Access ('Link Following')", + status: 'Draft', + }, + { + id: 'CWE-590', + name: 'Free of Memory not on the Heap', + status: 'Incomplete', + }, + { + id: 'CWE-591', + name: 'Sensitive Data Storage in Improperly Locked Memory', + status: 'Draft', + }, + { + id: 'CWE-592', + name: 'Authentication Bypass Issues', + status: 'Incomplete', + }, + { + id: 'CWE-593', + name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', + status: 'Draft', + }, + { + id: 'CWE-594', + name: 'J2EE Framework: Saving Unserializable Objects to Disk', + status: 'Incomplete', + }, + { + id: 'CWE-595', + name: 'Comparison of Object References Instead of Object Contents', + status: 'Incomplete', + }, + { + id: 'CWE-596', + name: 'Incorrect Semantic Object Comparison', + status: 'Incomplete', + }, + { + id: 'CWE-597', + name: 'Use of Wrong Operator in String Comparison', + status: 'Draft', + }, + { + id: 'CWE-598', + name: 'Information Exposure Through Query Strings in GET Request', + status: 'Draft', + }, + { + id: 'CWE-599', + name: 'Missing Validation of OpenSSL Certificate', + status: 'Incomplete', + }, + { + id: 'CWE-6', + name: 'J2EE Misconfiguration: Insufficient Session-ID Length', + status: 'Incomplete', + }, + { id: 'CWE-600', name: 'Uncaught Exception in Servlet ', status: 'Draft' }, + { + id: 'CWE-601', + name: "URL Redirection to Untrusted Site ('Open Redirect')", + status: 'Draft', + }, + { + id: 'CWE-602', + name: 'Client-Side Enforcement of Server-Side Security', + status: 'Draft', + }, + { + id: 'CWE-603', + name: 'Use of Client-Side Authentication', + status: 'Draft', + }, + { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, + { + id: 'CWE-606', + name: 'Unchecked Input for Loop Condition', + status: 'Draft', + }, + { + id: 'CWE-607', + name: 'Public Static Final Field References Mutable Object', + status: 'Draft', + }, + { + id: 'CWE-608', + name: 'Struts: Non-private Field in ActionForm Class', + status: 'Draft', + }, + { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, + { + id: 'CWE-610', + name: 'Externally Controlled Reference to a Resource in Another Sphere', + status: 'Draft', + }, + { + id: 'CWE-611', + name: "Improper Restriction of XML External Entity Reference ('XXE')", + status: 'Draft', + }, + { + id: 'CWE-612', + name: 'Information Exposure Through Indexing of Private Data', + status: 'Draft', + }, + { + id: 'CWE-613', + name: 'Insufficient Session Expiration', + status: 'Incomplete', + }, + { + id: 'CWE-614', + name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", + status: 'Draft', + }, + { + id: 'CWE-615', + name: 'Information Exposure Through Comments', + status: 'Incomplete', + }, + { + id: 'CWE-616', + name: 'Incomplete Identification of Uploaded File Variables (PHP)', + status: 'Incomplete', + }, + { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, + { + id: 'CWE-618', + name: 'Exposed Unsafe ActiveX Method', + status: 'Incomplete', + }, + { + id: 'CWE-619', + name: "Dangling Database Cursor ('Cursor Injection')", + status: 'Incomplete', + }, + { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, + { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, + { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, + { + id: 'CWE-622', + name: 'Improper Validation of Function Hook Arguments', + status: 'Draft', + }, + { + id: 'CWE-623', + name: 'Unsafe ActiveX Control Marked Safe For Scripting', + status: 'Draft', + }, + { + id: 'CWE-624', + name: 'Executable Regular Expression Error', + status: 'Incomplete', + }, + { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, + { + id: 'CWE-626', + name: 'Null Byte Interaction Error (Poison Null Byte)', + status: 'Draft', + }, + { + id: 'CWE-627', + name: 'Dynamic Variable Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-628', + name: 'Function Call with Incorrectly Specified Arguments', + status: 'Draft', + }, + { + id: 'CWE-636', + name: "Not Failing Securely ('Failing Open')", + status: 'Draft', + }, + { + id: 'CWE-637', + name: "Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')", + status: 'Draft', + }, + { id: 'CWE-638', name: 'Not Using Complete Mediation', status: 'Draft' }, + { + id: 'CWE-639', + name: 'Authorization Bypass Through User-Controlled Key', + status: 'Incomplete', + }, + { + id: 'CWE-64', + name: 'Windows Shortcut Following (.LNK)', + status: 'Incomplete', + }, + { + id: 'CWE-640', + name: 'Weak Password Recovery Mechanism for Forgotten Password', + status: 'Incomplete', + }, + { + id: 'CWE-641', + name: 'Improper Restriction of Names for Files and Other Resources', + status: 'Incomplete', + }, + { + id: 'CWE-642', + name: 'External Control of Critical State Data', + status: 'Draft', + }, + { + id: 'CWE-643', + name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-644', + name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', + status: 'Incomplete', + }, + { + id: 'CWE-645', + name: 'Overly Restrictive Account Lockout Mechanism', + status: 'Incomplete', + }, + { + id: 'CWE-646', + name: 'Reliance on File Name or Extension of Externally-Supplied File', + status: 'Incomplete', + }, + { + id: 'CWE-647', + name: 'Use of Non-Canonical URL Paths for Authorization Decisions', + status: 'Incomplete', + }, + { + id: 'CWE-648', + name: 'Incorrect Use of Privileged APIs', + status: 'Incomplete', + }, + { + id: 'CWE-649', + name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', + status: 'Incomplete', + }, + { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, + { + id: 'CWE-650', + name: 'Trusting HTTP Permission Methods on the Server Side', + status: 'Incomplete', + }, + { + id: 'CWE-651', + name: 'Information Exposure Through WSDL File', + status: 'Incomplete', + }, + { + id: 'CWE-652', + name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-653', + name: 'Insufficient Compartmentalization', + status: 'Draft', + }, + { + id: 'CWE-654', + name: 'Reliance on a Single Factor in a Security Decision', + status: 'Draft', + }, + { + id: 'CWE-655', + name: 'Insufficient Psychological Acceptability', + status: 'Draft', + }, + { + id: 'CWE-656', + name: 'Reliance on Security Through Obscurity', + status: 'Draft', + }, + { + id: 'CWE-657', + name: 'Violation of Secure Design Principles', + status: 'Draft', + }, + { + id: 'CWE-66', + name: 'Improper Handling of File Names that Identify Virtual Resources', + status: 'Draft', + }, + { id: 'CWE-662', name: 'Improper Synchronization', status: 'Draft' }, + { + id: 'CWE-663', + name: 'Use of a Non-reentrant Function in a Concurrent Context', + status: 'Draft', + }, + { + id: 'CWE-664', + name: 'Improper Control of a Resource Through its Lifetime', + status: 'Draft', + }, + { id: 'CWE-665', name: 'Improper Initialization', status: 'Draft' }, + { + id: 'CWE-666', + name: 'Operation on Resource in Wrong Phase of Lifetime', + status: 'Draft', + }, + { id: 'CWE-667', name: 'Improper Locking', status: 'Draft' }, + { + id: 'CWE-668', + name: 'Exposure of Resource to Wrong Sphere', + status: 'Draft', + }, + { + id: 'CWE-669', + name: 'Incorrect Resource Transfer Between Spheres', + status: 'Draft', + }, + { + id: 'CWE-67', + name: 'Improper Handling of Windows Device Names', + status: 'Incomplete', + }, + { + id: 'CWE-670', + name: 'Always-Incorrect Control Flow Implementation', + status: 'Draft', + }, + { + id: 'CWE-671', + name: 'Lack of Administrator Control over Security', + status: 'Draft', + }, + { + id: 'CWE-672', + name: 'Operation on a Resource after Expiration or Release', + status: 'Draft', + }, + { + id: 'CWE-673', + name: 'External Influence of Sphere Definition', + status: 'Draft', + }, + { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, + { + id: 'CWE-675', + name: 'Duplicate Operations on Resource', + status: 'Draft', + }, + { + id: 'CWE-676', + name: 'Use of Potentially Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-681', + name: 'Incorrect Conversion between Numeric Types', + status: 'Draft', + }, + { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, + { + id: 'CWE-683', + name: 'Function Call With Incorrect Order of Arguments', + status: 'Draft', + }, + { + id: 'CWE-684', + name: 'Incorrect Provision of Specified Functionality', + status: 'Draft', + }, + { + id: 'CWE-685', + name: 'Function Call With Incorrect Number of Arguments', + status: 'Draft', + }, + { + id: 'CWE-686', + name: 'Function Call With Incorrect Argument Type', + status: 'Draft', + }, + { + id: 'CWE-687', + name: 'Function Call With Incorrectly Specified Argument Value', + status: 'Draft', + }, + { + id: 'CWE-688', + name: 'Function Call With Incorrect Variable or Reference as Argument', + status: 'Draft', + }, + { + id: 'CWE-69', + name: 'Improper Handling of Windows ::DATA Alternate Data Stream', + status: 'Incomplete', + }, + { + id: 'CWE-691', + name: 'Insufficient Control Flow Management', + status: 'Draft', + }, + { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, + { + id: 'CWE-694', + name: 'Use of Multiple Resources with Duplicate Identifier', + status: 'Incomplete', + }, + { + id: 'CWE-695', + name: 'Use of Low-Level Functionality', + status: 'Incomplete', + }, + { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, + { id: 'CWE-697', name: 'Insufficient Comparison', status: 'Incomplete' }, + { + id: 'CWE-698', + name: 'Execution After Redirect (EAR)', + status: 'Incomplete', + }, + { + id: 'CWE-7', + name: 'J2EE Misconfiguration: Missing Custom Error Page', + status: 'Incomplete', + }, + { + id: 'CWE-703', + name: 'Improper Check or Handling of Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-704', + name: 'Incorrect Type Conversion or Cast', + status: 'Incomplete', + }, + { + id: 'CWE-705', + name: 'Incorrect Control Flow Scoping', + status: 'Incomplete', + }, + { + id: 'CWE-706', + name: 'Use of Incorrectly-Resolved Name or Reference', + status: 'Incomplete', + }, + { + id: 'CWE-707', + name: 'Improper Enforcement of Message or Data Structure', + status: 'Incomplete', + }, + { + id: 'CWE-708', + name: 'Incorrect Ownership Assignment', + status: 'Incomplete', + }, + { id: 'CWE-71', name: "Apple '.DS_Store'", status: 'Incomplete' }, + { id: 'CWE-710', name: 'Coding Standards Violation', status: 'Incomplete' }, + { + id: 'CWE-72', + name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', + status: 'Incomplete', + }, + { + id: 'CWE-73', + name: 'External Control of File Name or Path', + status: 'Draft', + }, + { + id: 'CWE-732', + name: 'Incorrect Permission Assignment for Critical Resource', + status: 'Draft', + }, + { + id: 'CWE-733', + name: 'Compiler Optimization Removal or Modification of Security-critical Code', + status: 'Incomplete', + }, + { + id: 'CWE-74', + name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-749', + name: 'Exposed Dangerous Method or Function', + status: 'Incomplete', + }, + { + id: 'CWE-75', + name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', + status: 'Draft', + }, + { + id: 'CWE-754', + name: 'Improper Check for Unusual or Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-755', + name: 'Improper Handling of Exceptional Conditions', + status: 'Incomplete', + }, + { id: 'CWE-756', name: 'Missing Custom Error Page', status: 'Incomplete' }, + { + id: 'CWE-757', + name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", + status: 'Incomplete', + }, + { + id: 'CWE-758', + name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', + status: 'Incomplete', + }, + { + id: 'CWE-759', + name: 'Use of a One-Way Hash without a Salt', + status: 'Incomplete', + }, + { + id: 'CWE-76', + name: 'Improper Neutralization of Equivalent Special Elements', + status: 'Draft', + }, + { + id: 'CWE-760', + name: 'Use of a One-Way Hash with a Predictable Salt', + status: 'Incomplete', + }, + { + id: 'CWE-761', + name: 'Free of Pointer not at Start of Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-762', + name: 'Mismatched Memory Management Routines', + status: 'Incomplete', + }, + { + id: 'CWE-763', + name: 'Release of Invalid Pointer or Reference', + status: 'Incomplete', + }, + { + id: 'CWE-764', + name: 'Multiple Locks of a Critical Resource', + status: 'Incomplete', + }, + { + id: 'CWE-765', + name: 'Multiple Unlocks of a Critical Resource', + status: 'Incomplete', + }, + { + id: 'CWE-766', + name: 'Critical Variable Declared Public', + status: 'Incomplete', + }, + { + id: 'CWE-767', + name: 'Access to Critical Private Variable via Public Method', + status: 'Incomplete', + }, + { + id: 'CWE-768', + name: 'Incorrect Short Circuit Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-77', + name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", + status: 'Draft', + }, + { + id: 'CWE-770', + name: 'Allocation of Resources Without Limits or Throttling', + status: 'Incomplete', + }, + { + id: 'CWE-771', + name: 'Missing Reference to Active Allocated Resource', + status: 'Incomplete', + }, + { + id: 'CWE-772', + name: 'Missing Release of Resource after Effective Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-773', + name: 'Missing Reference to Active File Descriptor or Handle', + status: 'Incomplete', + }, + { + id: 'CWE-774', + name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', + status: 'Incomplete', + }, + { + id: 'CWE-775', + name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-776', + name: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", + status: 'Draft', + }, + { + id: 'CWE-777', + name: 'Regular Expression without Anchors', + status: 'Incomplete', + }, + { id: 'CWE-778', name: 'Insufficient Logging', status: 'Draft' }, + { id: 'CWE-779', name: 'Logging of Excessive Data', status: 'Draft' }, + { + id: 'CWE-78', + name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", + status: 'Draft', + }, + { + id: 'CWE-780', + name: 'Use of RSA Algorithm without OAEP', + status: 'Incomplete', + }, + { + id: 'CWE-781', + name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', + status: 'Draft', + }, + { + id: 'CWE-782', + name: 'Exposed IOCTL with Insufficient Access Control', + status: 'Draft', + }, + { id: 'CWE-783', name: 'Operator Precedence Logic Error', status: 'Draft' }, + { + id: 'CWE-784', + name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', + status: 'Draft', + }, + { + id: 'CWE-785', + name: 'Use of Path Manipulation Function without Maximum-sized Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-786', + name: 'Access of Memory Location Before Start of Buffer', + status: 'Incomplete', + }, + { id: 'CWE-787', name: 'Out-of-bounds Write', status: 'Incomplete' }, + { + id: 'CWE-788', + name: 'Access of Memory Location After End of Buffer', + status: 'Incomplete', + }, + { id: 'CWE-789', name: 'Uncontrolled Memory Allocation', status: 'Draft' }, + { + id: 'CWE-79', + name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + status: 'Usable', + }, + { + id: 'CWE-790', + name: 'Improper Filtering of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-791', + name: 'Incomplete Filtering of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-792', + name: 'Incomplete Filtering of One or More Instances of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-793', + name: 'Only Filtering One Instance of a Special Element', + status: 'Incomplete', + }, + { + id: 'CWE-794', + name: 'Incomplete Filtering of Multiple Instances of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-795', + name: 'Only Filtering Special Elements at a Specified Location', + status: 'Incomplete', + }, + { + id: 'CWE-796', + name: 'Only Filtering Special Elements Relative to a Marker', + status: 'Incomplete', + }, + { + id: 'CWE-797', + name: 'Only Filtering Special Elements at an Absolute Position', + status: 'Incomplete', + }, + { + id: 'CWE-798', + name: 'Use of Hard-coded Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-799', + name: 'Improper Control of Interaction Frequency', + status: 'Incomplete', + }, + { + id: 'CWE-8', + name: 'J2EE Misconfiguration: Entity Bean Declared Remote', + status: 'Incomplete', + }, + { + id: 'CWE-80', + name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', + status: 'Incomplete', + }, + { id: 'CWE-804', name: 'Guessable CAPTCHA', status: 'Incomplete' }, + { + id: 'CWE-805', + name: 'Buffer Access with Incorrect Length Value', + status: 'Incomplete', + }, + { + id: 'CWE-806', + name: 'Buffer Access Using Size of Source Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-807', + name: 'Reliance on Untrusted Inputs in a Security Decision', + status: 'Incomplete', + }, + { + id: 'CWE-81', + name: 'Improper Neutralization of Script in an Error Message Web Page', + status: 'Incomplete', + }, + { + id: 'CWE-82', + name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', + status: 'Incomplete', + }, + { id: 'CWE-820', name: 'Missing Synchronization', status: 'Incomplete' }, + { id: 'CWE-821', name: 'Incorrect Synchronization', status: 'Incomplete' }, + { + id: 'CWE-822', + name: 'Untrusted Pointer Dereference', + status: 'Incomplete', + }, + { + id: 'CWE-823', + name: 'Use of Out-of-range Pointer Offset', + status: 'Incomplete', + }, + { + id: 'CWE-824', + name: 'Access of Uninitialized Pointer', + status: 'Incomplete', + }, + { + id: 'CWE-825', + name: 'Expired Pointer Dereference', + status: 'Incomplete', + }, + { + id: 'CWE-826', + name: 'Premature Release of Resource During Expected Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-827', + name: 'Improper Control of Document Type Definition', + status: 'Incomplete', + }, + { + id: 'CWE-828', + name: 'Signal Handler with Functionality that is not Asynchronous-Safe', + status: 'Incomplete', + }, + { + id: 'CWE-829', + name: 'Inclusion of Functionality from Untrusted Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-83', + name: 'Improper Neutralization of Script in Attributes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-830', + name: 'Inclusion of Web Functionality from an Untrusted Source', + status: 'Incomplete', + }, + { + id: 'CWE-831', + name: 'Signal Handler Function Associated with Multiple Signals', + status: 'Incomplete', + }, + { + id: 'CWE-832', + name: 'Unlock of a Resource that is not Locked', + status: 'Incomplete', + }, + { id: 'CWE-833', name: 'Deadlock', status: 'Incomplete' }, + { id: 'CWE-834', name: 'Excessive Iteration', status: 'Incomplete' }, + { + id: 'CWE-835', + name: "Loop with Unreachable Exit Condition ('Infinite Loop')", + status: 'Incomplete', + }, + { + id: 'CWE-836', + name: 'Use of Password Hash Instead of Password for Authentication', + status: 'Incomplete', + }, + { + id: 'CWE-837', + name: 'Improper Enforcement of a Single, Unique Action', + status: 'Incomplete', + }, + { + id: 'CWE-838', + name: 'Inappropriate Encoding for Output Context', + status: 'Incomplete', + }, + { + id: 'CWE-839', + name: 'Numeric Range Comparison Without Minimum Check', + status: 'Incomplete', + }, + { + id: 'CWE-84', + name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-841', + name: 'Improper Enforcement of Behavioral Workflow', + status: 'Incomplete', + }, + { + id: 'CWE-842', + name: 'Placement of User into Incorrect Group', + status: 'Incomplete', + }, + { + id: 'CWE-843', + name: "Access of Resource Using Incompatible Type ('Type Confusion')", + status: 'Incomplete', + }, + { + id: 'CWE-85', + name: 'Doubled Character XSS Manipulations', + status: 'Draft', + }, + { + id: 'CWE-86', + name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', + status: 'Draft', + }, + { id: 'CWE-862', name: 'Missing Authorization', status: 'Incomplete' }, + { id: 'CWE-863', name: 'Incorrect Authorization', status: 'Incomplete' }, + { + id: 'CWE-87', + name: 'Improper Neutralization of Alternate XSS Syntax', + status: 'Draft', + }, + { + id: 'CWE-88', + name: 'Argument Injection or Modification', + status: 'Draft', + }, + { + id: 'CWE-89', + name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + status: 'Draft', + }, + { + id: 'CWE-9', + name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', + status: 'Draft', + }, + { + id: 'CWE-90', + name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", + status: 'Draft', + }, + { + id: 'CWE-908', + name: 'Use of Uninitialized Resource', + status: 'Incomplete', + }, + { + id: 'CWE-909', + name: 'Missing Initialization of Resource', + status: 'Incomplete', + }, + { + id: 'CWE-91', + name: 'XML Injection (aka Blind XPath Injection)', + status: 'Draft', + }, + { + id: 'CWE-910', + name: 'Use of Expired File Descriptor', + status: 'Incomplete', + }, + { + id: 'CWE-911', + name: 'Improper Update of Reference Count', + status: 'Incomplete', + }, + { id: 'CWE-912', name: 'Hidden Functionality', status: 'Incomplete' }, + { + id: 'CWE-913', + name: 'Improper Control of Dynamically-Managed Code Resources', + status: 'Incomplete', + }, + { + id: 'CWE-914', + name: 'Improper Control of Dynamically-Identified Variables', + status: 'Incomplete', + }, + { + id: 'CWE-915', + name: 'Improperly Controlled Modification of Dynamically-Determined Object Attributes', + status: 'Incomplete', + }, + { + id: 'CWE-916', + name: 'Use of Password Hash With Insufficient Computational Effort', + status: 'Incomplete', + }, + { + id: 'CWE-917', + name: "Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-918', + name: 'Server-Side Request Forgery (SSRF)', + status: 'Incomplete', + }, + { + id: 'CWE-92', + name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', + status: 'Deprecated', + }, + { + id: 'CWE-920', + name: 'Improper Restriction of Power Consumption', + status: 'Incomplete', + }, + { + id: 'CWE-921', + name: 'Storage of Sensitive Data in a Mechanism without Access Control', + status: 'Incomplete', + }, + { + id: 'CWE-922', + name: 'Insecure Storage of Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-923', + name: 'Improper Restriction of Communication Channel to Intended Endpoints', + status: 'Incomplete', + }, + { + id: 'CWE-924', + name: 'Improper Enforcement of Message Integrity During Transmission in a Communication Channel', + status: 'Incomplete', + }, + { + id: 'CWE-925', + name: 'Improper Verification of Intent by Broadcast Receiver', + status: 'Incomplete', + }, + { + id: 'CWE-926', + name: 'Improper Export of Android Application Components', + status: 'Incomplete', + }, + { + id: 'CWE-927', + name: 'Use of Implicit Intent for Sensitive Communication', + status: 'Incomplete', + }, + { + id: 'CWE-93', + name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", + status: 'Draft', + }, + { + id: 'CWE-939', + name: 'Improper Authorization in Handler for Custom URL Scheme', + status: 'Incomplete', + }, + { + id: 'CWE-94', + name: "Improper Control of Generation of Code ('Code Injection')", + status: 'Draft', + }, + { + id: 'CWE-940', + name: 'Improper Verification of Source of a Communication Channel', + status: 'Incomplete', + }, + { + id: 'CWE-941', + name: 'Incorrectly Specified Destination in a Communication Channel', + status: 'Incomplete', + }, + { + id: 'CWE-942', + name: 'Overly Permissive Cross-domain Whitelist', + status: 'Incomplete', + }, + { + id: 'CWE-943', + name: 'Improper Neutralization of Special Elements in Data Query Logic', + status: 'Incomplete', + }, + { + id: 'CWE-95', + name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-96', + name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", + status: 'Draft', + }, + { + id: 'CWE-97', + name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', + status: 'Draft', + }, + { + id: 'CWE-98', + name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", + status: 'Draft', + }, + { + id: 'CWE-99', + name: "Improper Control of Resource Identifiers ('Resource Injection')", + status: 'Draft', + }, + ], +} diff --git a/lib/cwec/2.11.js b/lib/cwec/2.11.js new file mode 100644 index 00000000..19ab2f39 --- /dev/null +++ b/lib/cwec/2.11.js @@ -0,0 +1,3040 @@ +export default { + weaknesses: [ + { + id: 'CWE-1004', + name: "Sensitive Cookie Without 'HttpOnly' Flag", + status: 'Incomplete', + }, + { + id: 'CWE-102', + name: 'Struts: Duplicate Validation Forms', + status: 'Incomplete', + }, + { + id: 'CWE-103', + name: 'Struts: Incomplete validate() Method Definition', + status: 'Draft', + }, + { + id: 'CWE-104', + name: 'Struts: Form Bean Does Not Extend Validation Class', + status: 'Draft', + }, + { + id: 'CWE-105', + name: 'Struts: Form Field Without Validator', + status: 'Draft', + }, + { + id: 'CWE-106', + name: 'Struts: Plug-in Framework not in Use', + status: 'Draft', + }, + { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, + { + id: 'CWE-108', + name: 'Struts: Unvalidated Action Form', + status: 'Incomplete', + }, + { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, + { + id: 'CWE-11', + name: 'ASP.NET Misconfiguration: Creating Debug Binary', + status: 'Draft', + }, + { + id: 'CWE-110', + name: 'Struts: Validator Without Form Field', + status: 'Draft', + }, + { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, + { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, + { + id: 'CWE-113', + name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')", + status: 'Incomplete', + }, + { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, + { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, + { + id: 'CWE-116', + name: 'Improper Encoding or Escaping of Output', + status: 'Draft', + }, + { + id: 'CWE-117', + name: 'Improper Output Neutralization for Logs', + status: 'Draft', + }, + { + id: 'CWE-118', + name: "Incorrect Access of Indexable Resource ('Range Error')", + status: 'Incomplete', + }, + { + id: 'CWE-119', + name: 'Improper Restriction of Operations within the Bounds of a Memory Buffer', + status: 'Usable', + }, + { + id: 'CWE-12', + name: 'ASP.NET Misconfiguration: Missing Custom Error Page', + status: 'Draft', + }, + { + id: 'CWE-120', + name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", + status: 'Incomplete', + }, + { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, + { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, + { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, + { + id: 'CWE-124', + name: "Buffer Underwrite ('Buffer Underflow')", + status: 'Incomplete', + }, + { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, + { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, + { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, + { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, + { + id: 'CWE-129', + name: 'Improper Validation of Array Index', + status: 'Draft', + }, + { + id: 'CWE-13', + name: 'ASP.NET Misconfiguration: Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-130', + name: 'Improper Handling of Length Parameter Inconsistency ', + status: 'Incomplete', + }, + { + id: 'CWE-131', + name: 'Incorrect Calculation of Buffer Size', + status: 'Draft', + }, + { + id: 'CWE-132', + name: 'DEPRECATED (Duplicate): Miscalculated Null Termination', + status: 'Deprecated', + }, + { + id: 'CWE-134', + name: 'Use of Externally-Controlled Format String', + status: 'Draft', + }, + { + id: 'CWE-135', + name: 'Incorrect Calculation of Multi-Byte String Length', + status: 'Draft', + }, + { + id: 'CWE-138', + name: 'Improper Neutralization of Special Elements', + status: 'Draft', + }, + { + id: 'CWE-14', + name: 'Compiler Removal of Code to Clear Buffers', + status: 'Draft', + }, + { + id: 'CWE-140', + name: 'Improper Neutralization of Delimiters', + status: 'Draft', + }, + { + id: 'CWE-141', + name: 'Improper Neutralization of Parameter/Argument Delimiters', + status: 'Draft', + }, + { + id: 'CWE-142', + name: 'Improper Neutralization of Value Delimiters', + status: 'Draft', + }, + { + id: 'CWE-143', + name: 'Improper Neutralization of Record Delimiters', + status: 'Draft', + }, + { + id: 'CWE-144', + name: 'Improper Neutralization of Line Delimiters', + status: 'Draft', + }, + { + id: 'CWE-145', + name: 'Improper Neutralization of Section Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-146', + name: 'Improper Neutralization of Expression/Command Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-147', + name: 'Improper Neutralization of Input Terminators', + status: 'Draft', + }, + { + id: 'CWE-148', + name: 'Improper Neutralization of Input Leaders', + status: 'Draft', + }, + { + id: 'CWE-149', + name: 'Improper Neutralization of Quoting Syntax', + status: 'Draft', + }, + { + id: 'CWE-15', + name: 'External Control of System or Configuration Setting', + status: 'Incomplete', + }, + { + id: 'CWE-150', + name: 'Improper Neutralization of Escape, Meta, or Control Sequences', + status: 'Incomplete', + }, + { + id: 'CWE-151', + name: 'Improper Neutralization of Comment Delimiters', + status: 'Draft', + }, + { + id: 'CWE-152', + name: 'Improper Neutralization of Macro Symbols', + status: 'Draft', + }, + { + id: 'CWE-153', + name: 'Improper Neutralization of Substitution Characters', + status: 'Draft', + }, + { + id: 'CWE-154', + name: 'Improper Neutralization of Variable Name Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-155', + name: 'Improper Neutralization of Wildcards or Matching Symbols', + status: 'Draft', + }, + { + id: 'CWE-156', + name: 'Improper Neutralization of Whitespace', + status: 'Draft', + }, + { + id: 'CWE-157', + name: 'Failure to Sanitize Paired Delimiters', + status: 'Draft', + }, + { + id: 'CWE-158', + name: 'Improper Neutralization of Null Byte or NUL Character', + status: 'Incomplete', + }, + { + id: 'CWE-159', + name: 'Failure to Sanitize Special Element', + status: 'Draft', + }, + { + id: 'CWE-160', + name: 'Improper Neutralization of Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-161', + name: 'Improper Neutralization of Multiple Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-162', + name: 'Improper Neutralization of Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-163', + name: 'Improper Neutralization of Multiple Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-164', + name: 'Improper Neutralization of Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-165', + name: 'Improper Neutralization of Multiple Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-166', + name: 'Improper Handling of Missing Special Element', + status: 'Draft', + }, + { + id: 'CWE-167', + name: 'Improper Handling of Additional Special Element', + status: 'Draft', + }, + { + id: 'CWE-168', + name: 'Improper Handling of Inconsistent Special Elements', + status: 'Draft', + }, + { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, + { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, + { + id: 'CWE-173', + name: 'Improper Handling of Alternate Encoding', + status: 'Draft', + }, + { + id: 'CWE-174', + name: 'Double Decoding of the Same Data', + status: 'Draft', + }, + { + id: 'CWE-175', + name: 'Improper Handling of Mixed Encoding', + status: 'Draft', + }, + { + id: 'CWE-176', + name: 'Improper Handling of Unicode Encoding', + status: 'Draft', + }, + { + id: 'CWE-177', + name: 'Improper Handling of URL Encoding (Hex Encoding)', + status: 'Draft', + }, + { + id: 'CWE-178', + name: 'Improper Handling of Case Sensitivity', + status: 'Incomplete', + }, + { + id: 'CWE-179', + name: 'Incorrect Behavior Order: Early Validation', + status: 'Incomplete', + }, + { + id: 'CWE-180', + name: 'Incorrect Behavior Order: Validate Before Canonicalize', + status: 'Draft', + }, + { + id: 'CWE-181', + name: 'Incorrect Behavior Order: Validate Before Filter', + status: 'Draft', + }, + { + id: 'CWE-182', + name: 'Collapse of Data into Unsafe Value', + status: 'Draft', + }, + { id: 'CWE-183', name: 'Permissive Whitelist', status: 'Draft' }, + { id: 'CWE-184', name: 'Incomplete Blacklist', status: 'Draft' }, + { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, + { + id: 'CWE-186', + name: 'Overly Restrictive Regular Expression', + status: 'Draft', + }, + { id: 'CWE-187', name: 'Partial Comparison', status: 'Incomplete' }, + { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, + { + id: 'CWE-190', + name: 'Integer Overflow or Wraparound', + status: 'Incomplete', + }, + { + id: 'CWE-191', + name: 'Integer Underflow (Wrap or Wraparound)', + status: 'Draft', + }, + { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, + { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, + { + id: 'CWE-195', + name: 'Signed to Unsigned Conversion Error', + status: 'Draft', + }, + { + id: 'CWE-196', + name: 'Unsigned to Signed Conversion Error', + status: 'Draft', + }, + { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, + { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, + { id: 'CWE-20', name: 'Improper Input Validation', status: 'Usable' }, + { id: 'CWE-200', name: 'Information Exposure', status: 'Incomplete' }, + { + id: 'CWE-201', + name: 'Information Exposure Through Sent Data', + status: 'Draft', + }, + { + id: 'CWE-202', + name: 'Exposure of Sensitive Data Through Data Queries', + status: 'Draft', + }, + { + id: 'CWE-203', + name: 'Information Exposure Through Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-204', + name: 'Response Discrepancy Information Exposure', + status: 'Incomplete', + }, + { + id: 'CWE-205', + name: 'Information Exposure Through Behavioral Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-206', + name: 'Information Exposure of Internal State Through Behavioral Inconsistency', + status: 'Incomplete', + }, + { + id: 'CWE-207', + name: 'Information Exposure Through an External Behavioral Inconsistency', + status: 'Draft', + }, + { + id: 'CWE-208', + name: 'Information Exposure Through Timing Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-209', + name: 'Information Exposure Through an Error Message', + status: 'Draft', + }, + { + id: 'CWE-210', + name: 'Information Exposure Through Self-generated Error Message', + status: 'Draft', + }, + { + id: 'CWE-211', + name: 'Information Exposure Through Externally-generated Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-212', + name: 'Improper Cross-boundary Removal of Sensitive Data', + status: 'Incomplete', + }, + { + id: 'CWE-213', + name: 'Intentional Information Exposure', + status: 'Draft', + }, + { + id: 'CWE-214', + name: 'Information Exposure Through Process Environment', + status: 'Incomplete', + }, + { + id: 'CWE-215', + name: 'Information Exposure Through Debug Information', + status: 'Draft', + }, + { + id: 'CWE-216', + name: 'Containment Errors (Container Errors)', + status: 'Incomplete', + }, + { + id: 'CWE-217', + name: 'DEPRECATED: Failure to Protect Stored Data from Modification', + status: 'Deprecated', + }, + { + id: 'CWE-218', + name: 'DEPRECATED (Duplicate): Failure to provide confidentiality for stored data', + status: 'Deprecated', + }, + { id: 'CWE-219', name: 'Sensitive Data Under Web Root', status: 'Draft' }, + { + id: 'CWE-22', + name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + status: 'Draft', + }, + { id: 'CWE-220', name: 'Sensitive Data Under FTP Root', status: 'Draft' }, + { + id: 'CWE-221', + name: 'Information Loss or Omission', + status: 'Incomplete', + }, + { + id: 'CWE-222', + name: 'Truncation of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-223', + name: 'Omission of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-224', + name: 'Obscured Security-relevant Information by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-225', + name: 'DEPRECATED (Duplicate): General Information Management Problems', + status: 'Deprecated', + }, + { + id: 'CWE-226', + name: 'Sensitive Information Uncleared Before Release', + status: 'Draft', + }, + { + id: 'CWE-227', + name: "Improper Fulfillment of API Contract ('API Abuse')", + status: 'Draft', + }, + { + id: 'CWE-228', + name: 'Improper Handling of Syntactically Invalid Structure', + status: 'Incomplete', + }, + { + id: 'CWE-229', + name: 'Improper Handling of Values', + status: 'Incomplete', + }, + { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, + { + id: 'CWE-230', + name: 'Improper Handling of Missing Values', + status: 'Draft', + }, + { + id: 'CWE-231', + name: 'Improper Handling of Extra Values', + status: 'Draft', + }, + { + id: 'CWE-232', + name: 'Improper Handling of Undefined Values', + status: 'Draft', + }, + { + id: 'CWE-233', + name: 'Improper Handling of Parameters', + status: 'Incomplete', + }, + { + id: 'CWE-234', + name: 'Failure to Handle Missing Parameter', + status: 'Incomplete', + }, + { + id: 'CWE-235', + name: 'Improper Handling of Extra Parameters', + status: 'Draft', + }, + { + id: 'CWE-236', + name: 'Improper Handling of Undefined Parameters', + status: 'Draft', + }, + { + id: 'CWE-237', + name: 'Improper Handling of Structural Elements', + status: 'Incomplete', + }, + { + id: 'CWE-238', + name: 'Improper Handling of Incomplete Structural Elements', + status: 'Draft', + }, + { + id: 'CWE-239', + name: 'Failure to Handle Incomplete Element', + status: 'Draft', + }, + { + id: 'CWE-24', + name: "Path Traversal: '../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-240', + name: 'Improper Handling of Inconsistent Structural Elements', + status: 'Draft', + }, + { + id: 'CWE-241', + name: 'Improper Handling of Unexpected Data Type', + status: 'Draft', + }, + { + id: 'CWE-242', + name: 'Use of Inherently Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-243', + name: 'Creation of chroot Jail Without Changing Working Directory', + status: 'Draft', + }, + { + id: 'CWE-244', + name: "Improper Clearing of Heap Memory Before Release ('Heap Inspection')", + status: 'Draft', + }, + { + id: 'CWE-245', + name: 'J2EE Bad Practices: Direct Management of Connections', + status: 'Draft', + }, + { + id: 'CWE-246', + name: 'J2EE Bad Practices: Direct Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-247', + name: 'DEPRECATED (Duplicate): Reliance on DNS Lookups in a Security Decision', + status: 'Deprecated', + }, + { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, + { + id: 'CWE-249', + name: 'DEPRECATED: Often Misused: Path Manipulation', + status: 'Deprecated', + }, + { + id: 'CWE-25', + name: "Path Traversal: '/../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-250', + name: 'Execution with Unnecessary Privileges', + status: 'Draft', + }, + { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, + { + id: 'CWE-253', + name: 'Incorrect Check of Function Return Value', + status: 'Incomplete', + }, + { + id: 'CWE-256', + name: 'Plaintext Storage of a Password', + status: 'Incomplete', + }, + { + id: 'CWE-257', + name: 'Storing Passwords in a Recoverable Format', + status: 'Incomplete', + }, + { + id: 'CWE-258', + name: 'Empty Password in Configuration File', + status: 'Incomplete', + }, + { id: 'CWE-259', name: 'Use of Hard-coded Password', status: 'Draft' }, + { + id: 'CWE-26', + name: "Path Traversal: '/dir/../filename'", + status: 'Draft', + }, + { + id: 'CWE-260', + name: 'Password in Configuration File', + status: 'Incomplete', + }, + { + id: 'CWE-261', + name: 'Weak Cryptography for Passwords', + status: 'Incomplete', + }, + { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, + { + id: 'CWE-263', + name: 'Password Aging with Long Expiration', + status: 'Draft', + }, + { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, + { + id: 'CWE-267', + name: 'Privilege Defined With Unsafe Actions', + status: 'Incomplete', + }, + { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, + { + id: 'CWE-269', + name: 'Improper Privilege Management', + status: 'Incomplete', + }, + { + id: 'CWE-27', + name: "Path Traversal: 'dir/../../filename'", + status: 'Draft', + }, + { + id: 'CWE-270', + name: 'Privilege Context Switching Error', + status: 'Draft', + }, + { + id: 'CWE-271', + name: 'Privilege Dropping / Lowering Errors', + status: 'Incomplete', + }, + { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, + { + id: 'CWE-273', + name: 'Improper Check for Dropped Privileges', + status: 'Incomplete', + }, + { + id: 'CWE-274', + name: 'Improper Handling of Insufficient Privileges', + status: 'Draft', + }, + { id: 'CWE-276', name: 'Incorrect Default Permissions', status: 'Draft' }, + { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, + { + id: 'CWE-278', + name: 'Insecure Preserved Inherited Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-279', + name: 'Incorrect Execution-Assigned Permissions', + status: 'Draft', + }, + { + id: 'CWE-28', + name: "Path Traversal: '..\\filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-280', + name: 'Improper Handling of Insufficient Permissions or Privileges ', + status: 'Draft', + }, + { + id: 'CWE-281', + name: 'Improper Preservation of Permissions', + status: 'Draft', + }, + { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, + { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, + { id: 'CWE-284', name: 'Improper Access Control', status: 'Incomplete' }, + { id: 'CWE-285', name: 'Improper Authorization', status: 'Draft' }, + { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, + { id: 'CWE-287', name: 'Improper Authentication', status: 'Draft' }, + { + id: 'CWE-288', + name: 'Authentication Bypass Using an Alternate Path or Channel', + status: 'Incomplete', + }, + { + id: 'CWE-289', + name: 'Authentication Bypass by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-29', + name: "Path Traversal: '\\..\\filename'", + status: 'Incomplete', + }, + { + id: 'CWE-290', + name: 'Authentication Bypass by Spoofing', + status: 'Incomplete', + }, + { + id: 'CWE-291', + name: 'Reliance on IP Address for Authentication', + status: 'Incomplete', + }, + { + id: 'CWE-292', + name: 'DEPRECATED (Duplicate): Trusting Self-reported DNS Name', + status: 'Deprecated', + }, + { + id: 'CWE-293', + name: 'Using Referer Field for Authentication', + status: 'Draft', + }, + { + id: 'CWE-294', + name: 'Authentication Bypass by Capture-replay', + status: 'Incomplete', + }, + { + id: 'CWE-295', + name: 'Improper Certificate Validation', + status: 'Incomplete', + }, + { + id: 'CWE-296', + name: "Improper Following of a Certificate's Chain of Trust", + status: 'Draft', + }, + { + id: 'CWE-297', + name: 'Improper Validation of Certificate with Host Mismatch', + status: 'Incomplete', + }, + { + id: 'CWE-298', + name: 'Improper Validation of Certificate Expiration', + status: 'Draft', + }, + { + id: 'CWE-299', + name: 'Improper Check for Certificate Revocation', + status: 'Draft', + }, + { + id: 'CWE-30', + name: "Path Traversal: '\\dir\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-300', + name: "Channel Accessible by Non-Endpoint ('Man-in-the-Middle')", + status: 'Draft', + }, + { + id: 'CWE-301', + name: 'Reflection Attack in an Authentication Protocol', + status: 'Draft', + }, + { + id: 'CWE-302', + name: 'Authentication Bypass by Assumed-Immutable Data', + status: 'Incomplete', + }, + { + id: 'CWE-303', + name: 'Incorrect Implementation of Authentication Algorithm', + status: 'Draft', + }, + { + id: 'CWE-304', + name: 'Missing Critical Step in Authentication', + status: 'Draft', + }, + { + id: 'CWE-305', + name: 'Authentication Bypass by Primary Weakness', + status: 'Draft', + }, + { + id: 'CWE-306', + name: 'Missing Authentication for Critical Function', + status: 'Draft', + }, + { + id: 'CWE-307', + name: 'Improper Restriction of Excessive Authentication Attempts', + status: 'Draft', + }, + { + id: 'CWE-308', + name: 'Use of Single-factor Authentication', + status: 'Draft', + }, + { + id: 'CWE-309', + name: 'Use of Password System for Primary Authentication', + status: 'Draft', + }, + { + id: 'CWE-31', + name: "Path Traversal: 'dir\\..\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-311', + name: 'Missing Encryption of Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-312', + name: 'Cleartext Storage of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-313', + name: 'Cleartext Storage in a File or on Disk', + status: 'Draft', + }, + { + id: 'CWE-314', + name: 'Cleartext Storage in the Registry', + status: 'Draft', + }, + { + id: 'CWE-315', + name: 'Cleartext Storage of Sensitive Information in a Cookie', + status: 'Draft', + }, + { + id: 'CWE-316', + name: 'Cleartext Storage of Sensitive Information in Memory', + status: 'Draft', + }, + { + id: 'CWE-317', + name: 'Cleartext Storage of Sensitive Information in GUI', + status: 'Draft', + }, + { + id: 'CWE-318', + name: 'Cleartext Storage of Sensitive Information in Executable', + status: 'Draft', + }, + { + id: 'CWE-319', + name: 'Cleartext Transmission of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-32', + name: "Path Traversal: '...' (Triple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-321', + name: 'Use of Hard-coded Cryptographic Key', + status: 'Draft', + }, + { + id: 'CWE-322', + name: 'Key Exchange without Entity Authentication', + status: 'Draft', + }, + { + id: 'CWE-323', + name: 'Reusing a Nonce, Key Pair in Encryption', + status: 'Incomplete', + }, + { + id: 'CWE-324', + name: 'Use of a Key Past its Expiration Date', + status: 'Draft', + }, + { + id: 'CWE-325', + name: 'Missing Required Cryptographic Step', + status: 'Incomplete', + }, + { id: 'CWE-326', name: 'Inadequate Encryption Strength', status: 'Draft' }, + { + id: 'CWE-327', + name: 'Use of a Broken or Risky Cryptographic Algorithm', + status: 'Draft', + }, + { id: 'CWE-328', name: 'Reversible One-Way Hash', status: 'Draft' }, + { + id: 'CWE-329', + name: 'Not Using a Random IV with CBC Mode', + status: 'Draft', + }, + { + id: 'CWE-33', + name: "Path Traversal: '....' (Multiple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-330', + name: 'Use of Insufficiently Random Values', + status: 'Usable', + }, + { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, + { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, + { + id: 'CWE-333', + name: 'Improper Handling of Insufficient Entropy in TRNG', + status: 'Draft', + }, + { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, + { id: 'CWE-335', name: 'PRNG Seed Error', status: 'Draft' }, + { id: 'CWE-336', name: 'Same Seed in PRNG', status: 'Draft' }, + { id: 'CWE-337', name: 'Predictable Seed in PRNG', status: 'Draft' }, + { + id: 'CWE-338', + name: 'Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + }, + { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, + { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, + { id: 'CWE-340', name: 'Predictability Problems', status: 'Incomplete' }, + { + id: 'CWE-341', + name: 'Predictable from Observable State', + status: 'Draft', + }, + { + id: 'CWE-342', + name: 'Predictable Exact Value from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-343', + name: 'Predictable Value Range from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-344', + name: 'Use of Invariant Value in Dynamically Changing Context', + status: 'Draft', + }, + { + id: 'CWE-345', + name: 'Insufficient Verification of Data Authenticity', + status: 'Draft', + }, + { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, + { + id: 'CWE-347', + name: 'Improper Verification of Cryptographic Signature', + status: 'Draft', + }, + { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, + { + id: 'CWE-349', + name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', + status: 'Draft', + }, + { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, + { + id: 'CWE-350', + name: 'Reliance on Reverse DNS Resolution for a Security-Critical Action', + status: 'Draft', + }, + { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, + { + id: 'CWE-352', + name: 'Cross-Site Request Forgery (CSRF)', + status: 'Draft', + }, + { + id: 'CWE-353', + name: 'Missing Support for Integrity Check', + status: 'Draft', + }, + { + id: 'CWE-354', + name: 'Improper Validation of Integrity Check Value', + status: 'Draft', + }, + { + id: 'CWE-356', + name: 'Product UI does not Warn User of Unsafe Actions', + status: 'Incomplete', + }, + { + id: 'CWE-357', + name: 'Insufficient UI Warning of Dangerous Operations', + status: 'Draft', + }, + { + id: 'CWE-358', + name: 'Improperly Implemented Security Check for Standard', + status: 'Draft', + }, + { + id: 'CWE-359', + name: "Exposure of Private Information ('Privacy Violation')", + status: 'Incomplete', + }, + { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, + { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, + { + id: 'CWE-362', + name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", + status: 'Draft', + }, + { + id: 'CWE-363', + name: 'Race Condition Enabling Link Following', + status: 'Draft', + }, + { + id: 'CWE-364', + name: 'Signal Handler Race Condition', + status: 'Incomplete', + }, + { id: 'CWE-365', name: 'Race Condition in Switch', status: 'Draft' }, + { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, + { + id: 'CWE-367', + name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', + status: 'Incomplete', + }, + { + id: 'CWE-368', + name: 'Context Switching Race Condition', + status: 'Draft', + }, + { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, + { + id: 'CWE-37', + name: "Path Traversal: '/absolute/pathname/here'", + status: 'Draft', + }, + { + id: 'CWE-370', + name: 'Missing Check for Certificate Revocation after Initial Check', + status: 'Draft', + }, + { + id: 'CWE-372', + name: 'Incomplete Internal State Distinction', + status: 'Draft', + }, + { + id: 'CWE-373', + name: 'DEPRECATED: State Synchronization Error', + status: 'Deprecated', + }, + { + id: 'CWE-374', + name: 'Passing Mutable Objects to an Untrusted Method', + status: 'Draft', + }, + { + id: 'CWE-375', + name: 'Returning a Mutable Object to an Untrusted Caller', + status: 'Draft', + }, + { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, + { + id: 'CWE-378', + name: 'Creation of Temporary File With Insecure Permissions', + status: 'Draft', + }, + { + id: 'CWE-379', + name: 'Creation of Temporary File in Directory with Incorrect Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-38', + name: "Path Traversal: '\\absolute\\pathname\\here'", + status: 'Draft', + }, + { + id: 'CWE-382', + name: 'J2EE Bad Practices: Use of System.exit()', + status: 'Draft', + }, + { + id: 'CWE-383', + name: 'J2EE Bad Practices: Direct Use of Threads', + status: 'Draft', + }, + { id: 'CWE-384', name: 'Session Fixation', status: 'Incomplete' }, + { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, + { + id: 'CWE-386', + name: 'Symbolic Name not Mapping to Correct Object', + status: 'Draft', + }, + { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, + { + id: 'CWE-390', + name: 'Detection of Error Condition Without Action', + status: 'Draft', + }, + { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, + { + id: 'CWE-392', + name: 'Missing Report of Error Condition', + status: 'Draft', + }, + { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, + { + id: 'CWE-394', + name: 'Unexpected Status Code or Return Value', + status: 'Draft', + }, + { + id: 'CWE-395', + name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', + status: 'Draft', + }, + { + id: 'CWE-396', + name: 'Declaration of Catch for Generic Exception', + status: 'Draft', + }, + { + id: 'CWE-397', + name: 'Declaration of Throws for Generic Exception', + status: 'Draft', + }, + { id: 'CWE-398', name: 'Indicator of Poor Code Quality', status: 'Draft' }, + { + id: 'CWE-40', + name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", + status: 'Draft', + }, + { + id: 'CWE-400', + name: "Uncontrolled Resource Consumption ('Resource Exhaustion')", + status: 'Incomplete', + }, + { + id: 'CWE-401', + name: "Improper Release of Memory Before Removing Last Reference ('Memory Leak')", + status: 'Draft', + }, + { + id: 'CWE-402', + name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", + status: 'Draft', + }, + { + id: 'CWE-403', + name: "Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')", + status: 'Draft', + }, + { + id: 'CWE-404', + name: 'Improper Resource Shutdown or Release', + status: 'Draft', + }, + { + id: 'CWE-405', + name: 'Asymmetric Resource Consumption (Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-406', + name: 'Insufficient Control of Network Message Volume (Network Amplification)', + status: 'Incomplete', + }, + { id: 'CWE-407', name: 'Algorithmic Complexity', status: 'Incomplete' }, + { + id: 'CWE-408', + name: 'Incorrect Behavior Order: Early Amplification', + status: 'Draft', + }, + { + id: 'CWE-409', + name: 'Improper Handling of Highly Compressed Data (Data Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-41', + name: 'Improper Resolution of Path Equivalence', + status: 'Incomplete', + }, + { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, + { + id: 'CWE-412', + name: 'Unrestricted Externally Accessible Lock', + status: 'Incomplete', + }, + { id: 'CWE-413', name: 'Improper Resource Locking', status: 'Draft' }, + { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, + { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, + { id: 'CWE-416', name: 'Use After Free', status: 'Draft' }, + { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, + { + id: 'CWE-42', + name: "Path Equivalence: 'filename.' (Trailing Dot)", + status: 'Incomplete', + }, + { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, + { + id: 'CWE-421', + name: 'Race Condition During Access to Alternate Channel', + status: 'Draft', + }, + { + id: 'CWE-422', + name: "Unprotected Windows Messaging Channel ('Shatter')", + status: 'Draft', + }, + { + id: 'CWE-423', + name: 'DEPRECATED (Duplicate): Proxied Trusted Channel', + status: 'Deprecated', + }, + { + id: 'CWE-424', + name: 'Improper Protection of Alternate Path', + status: 'Draft', + }, + { + id: 'CWE-425', + name: "Direct Request ('Forced Browsing')", + status: 'Incomplete', + }, + { id: 'CWE-426', name: 'Untrusted Search Path', status: 'Draft' }, + { + id: 'CWE-427', + name: 'Uncontrolled Search Path Element', + status: 'Draft', + }, + { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, + { + id: 'CWE-43', + name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-430', + name: 'Deployment of Wrong Handler', + status: 'Incomplete', + }, + { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, + { + id: 'CWE-432', + name: 'Dangerous Signal Handler not Disabled During Sensitive Operations', + status: 'Draft', + }, + { + id: 'CWE-433', + name: 'Unparsed Raw Web Content Delivery', + status: 'Incomplete', + }, + { + id: 'CWE-434', + name: 'Unrestricted Upload of File with Dangerous Type', + status: 'Draft', + }, + { id: 'CWE-435', name: 'Interaction Error', status: 'Draft' }, + { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, + { + id: 'CWE-437', + name: 'Incomplete Model of Endpoint Features', + status: 'Incomplete', + }, + { + id: 'CWE-439', + name: 'Behavioral Change in New Version or Environment', + status: 'Draft', + }, + { + id: 'CWE-44', + name: "Path Equivalence: 'file.name' (Internal Dot)", + status: 'Incomplete', + }, + { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, + { + id: 'CWE-441', + name: "Unintended Proxy or Intermediary ('Confused Deputy')", + status: 'Draft', + }, + { + id: 'CWE-443', + name: 'DEPRECATED (Duplicate): HTTP response splitting', + status: 'Deprecated', + }, + { + id: 'CWE-444', + name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')", + status: 'Incomplete', + }, + { + id: 'CWE-446', + name: 'UI Discrepancy for Security Feature', + status: 'Incomplete', + }, + { + id: 'CWE-447', + name: 'Unimplemented or Unsupported Feature in UI', + status: 'Draft', + }, + { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, + { + id: 'CWE-449', + name: 'The UI Performs the Wrong Action', + status: 'Incomplete', + }, + { + id: 'CWE-45', + name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-450', + name: 'Multiple Interpretations of UI Input', + status: 'Draft', + }, + { + id: 'CWE-451', + name: 'User Interface (UI) Misrepresentation of Critical Information', + status: 'Draft', + }, + { + id: 'CWE-453', + name: 'Insecure Default Variable Initialization', + status: 'Draft', + }, + { + id: 'CWE-454', + name: 'External Initialization of Trusted Variables or Data Stores', + status: 'Draft', + }, + { + id: 'CWE-455', + name: 'Non-exit on Failed Initialization', + status: 'Draft', + }, + { + id: 'CWE-456', + name: 'Missing Initialization of a Variable', + status: 'Draft', + }, + { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, + { + id: 'CWE-458', + name: 'DEPRECATED: Incorrect Initialization', + status: 'Deprecated', + }, + { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, + { + id: 'CWE-46', + name: "Path Equivalence: 'filename ' (Trailing Space)", + status: 'Incomplete', + }, + { + id: 'CWE-460', + name: 'Improper Cleanup on Thrown Exception', + status: 'Draft', + }, + { + id: 'CWE-462', + name: 'Duplicate Key in Associative List (Alist)', + status: 'Incomplete', + }, + { + id: 'CWE-463', + name: 'Deletion of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-464', + name: 'Addition of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-466', + name: 'Return of Pointer Value Outside of Expected Range', + status: 'Draft', + }, + { + id: 'CWE-467', + name: 'Use of sizeof() on a Pointer Type', + status: 'Draft', + }, + { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, + { + id: 'CWE-469', + name: 'Use of Pointer Subtraction to Determine Size', + status: 'Draft', + }, + { + id: 'CWE-47', + name: "Path Equivalence: ' filename' (Leading Space)", + status: 'Incomplete', + }, + { + id: 'CWE-470', + name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", + status: 'Draft', + }, + { + id: 'CWE-471', + name: 'Modification of Assumed-Immutable Data (MAID)', + status: 'Draft', + }, + { + id: 'CWE-472', + name: 'External Control of Assumed-Immutable Web Parameter', + status: 'Draft', + }, + { + id: 'CWE-473', + name: 'PHP External Variable Modification', + status: 'Draft', + }, + { + id: 'CWE-474', + name: 'Use of Function with Inconsistent Implementations', + status: 'Draft', + }, + { + id: 'CWE-475', + name: 'Undefined Behavior for Input to API', + status: 'Incomplete', + }, + { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Draft' }, + { id: 'CWE-477', name: 'Use of Obsolete Functions', status: 'Draft' }, + { + id: 'CWE-478', + name: 'Missing Default Case in Switch Statement', + status: 'Draft', + }, + { + id: 'CWE-479', + name: 'Signal Handler Use of a Non-reentrant Function', + status: 'Draft', + }, + { + id: 'CWE-48', + name: "Path Equivalence: 'file name' (Internal Whitespace)", + status: 'Incomplete', + }, + { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, + { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, + { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, + { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, + { + id: 'CWE-484', + name: 'Omitted Break Statement in Switch', + status: 'Draft', + }, + { id: 'CWE-485', name: 'Insufficient Encapsulation', status: 'Draft' }, + { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, + { + id: 'CWE-487', + name: 'Reliance on Package-level Scope', + status: 'Incomplete', + }, + { + id: 'CWE-488', + name: 'Exposure of Data Element to Wrong Session', + status: 'Draft', + }, + { id: 'CWE-489', name: 'Leftover Debug Code', status: 'Draft' }, + { + id: 'CWE-49', + name: "Path Equivalence: 'filename/' (Trailing Slash)", + status: 'Incomplete', + }, + { + id: 'CWE-491', + name: "Public cloneable() Method Without Final ('Object Hijack')", + status: 'Draft', + }, + { + id: 'CWE-492', + name: 'Use of Inner Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-493', + name: 'Critical Public Variable Without Final Modifier', + status: 'Draft', + }, + { + id: 'CWE-494', + name: 'Download of Code Without Integrity Check', + status: 'Draft', + }, + { + id: 'CWE-495', + name: 'Private Array-Typed Field Returned From A Public Method', + status: 'Draft', + }, + { + id: 'CWE-496', + name: 'Public Data Assigned to Private Array-Typed Field', + status: 'Incomplete', + }, + { + id: 'CWE-497', + name: 'Exposure of System Data to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-498', + name: 'Cloneable Class Containing Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-499', + name: 'Serializable Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-5', + name: 'J2EE Misconfiguration: Data Transmission Without Encryption', + status: 'Draft', + }, + { + id: 'CWE-50', + name: "Path Equivalence: '//multiple/leading/slash'", + status: 'Incomplete', + }, + { + id: 'CWE-500', + name: 'Public Static Field Not Marked Final', + status: 'Draft', + }, + { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, + { + id: 'CWE-502', + name: 'Deserialization of Untrusted Data', + status: 'Draft', + }, + { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, + { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, + { + id: 'CWE-508', + name: 'Non-Replicating Malicious Code', + status: 'Incomplete', + }, + { + id: 'CWE-509', + name: 'Replicating Malicious Code (Virus or Worm)', + status: 'Incomplete', + }, + { + id: 'CWE-51', + name: "Path Equivalence: '/multiple//internal/slash'", + status: 'Incomplete', + }, + { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, + { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, + { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, + { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, + { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, + { + id: 'CWE-516', + name: 'DEPRECATED (Duplicate): Covert Timing Channel', + status: 'Deprecated', + }, + { + id: 'CWE-52', + name: "Path Equivalence: '/multiple/trailing/slash//'", + status: 'Incomplete', + }, + { + id: 'CWE-520', + name: '.NET Misconfiguration: Use of Impersonation', + status: 'Incomplete', + }, + { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, + { + id: 'CWE-522', + name: 'Insufficiently Protected Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-523', + name: 'Unprotected Transport of Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-524', + name: 'Information Exposure Through Caching', + status: 'Incomplete', + }, + { + id: 'CWE-525', + name: 'Information Exposure Through Browser Caching', + status: 'Incomplete', + }, + { + id: 'CWE-526', + name: 'Information Exposure Through Environmental Variables', + status: 'Incomplete', + }, + { + id: 'CWE-527', + name: 'Exposure of CVS Repository to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-528', + name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', + status: 'Draft', + }, + { + id: 'CWE-529', + name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-53', + name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", + status: 'Incomplete', + }, + { + id: 'CWE-530', + name: 'Exposure of Backup File to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-531', + name: 'Information Exposure Through Test Code', + status: 'Incomplete', + }, + { + id: 'CWE-532', + name: 'Information Exposure Through Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-533', + name: 'Information Exposure Through Server Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-534', + name: 'Information Exposure Through Debug Log Files', + status: 'Draft', + }, + { + id: 'CWE-535', + name: 'Information Exposure Through Shell Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-536', + name: 'Information Exposure Through Servlet Runtime Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-537', + name: 'Information Exposure Through Java Runtime Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-538', + name: 'File and Directory Information Exposure', + status: 'Draft', + }, + { + id: 'CWE-539', + name: 'Information Exposure Through Persistent Cookies', + status: 'Incomplete', + }, + { + id: 'CWE-54', + name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", + status: 'Incomplete', + }, + { + id: 'CWE-540', + name: 'Information Exposure Through Source Code', + status: 'Incomplete', + }, + { + id: 'CWE-541', + name: 'Information Exposure Through Include Source Code', + status: 'Incomplete', + }, + { + id: 'CWE-542', + name: 'Information Exposure Through Cleanup Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-543', + name: 'Use of Singleton Pattern Without Synchronization in a Multithreaded Context', + status: 'Incomplete', + }, + { + id: 'CWE-544', + name: 'Missing Standardized Error Handling Mechanism', + status: 'Draft', + }, + { + id: 'CWE-545', + name: 'DEPRECATED: Use of Dynamic Class Loading', + status: 'Deprecated', + }, + { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, + { + id: 'CWE-547', + name: 'Use of Hard-coded, Security-relevant Constants', + status: 'Draft', + }, + { + id: 'CWE-548', + name: 'Information Exposure Through Directory Listing', + status: 'Draft', + }, + { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, + { + id: 'CWE-55', + name: "Path Equivalence: '/./' (Single Dot Directory)", + status: 'Incomplete', + }, + { + id: 'CWE-550', + name: 'Information Exposure Through Server Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-551', + name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', + status: 'Incomplete', + }, + { + id: 'CWE-552', + name: 'Files or Directories Accessible to External Parties', + status: 'Draft', + }, + { + id: 'CWE-553', + name: 'Command Shell in Externally Accessible Directory', + status: 'Incomplete', + }, + { + id: 'CWE-554', + name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', + status: 'Draft', + }, + { + id: 'CWE-555', + name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-556', + name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', + status: 'Incomplete', + }, + { + id: 'CWE-558', + name: 'Use of getlogin() in Multithreaded Application', + status: 'Draft', + }, + { + id: 'CWE-56', + name: "Path Equivalence: 'filedir*' (Wildcard)", + status: 'Incomplete', + }, + { + id: 'CWE-560', + name: 'Use of umask() with chmod-style Argument', + status: 'Draft', + }, + { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, + { + id: 'CWE-562', + name: 'Return of Stack Variable Address', + status: 'Draft', + }, + { + id: 'CWE-563', + name: "Assignment to Variable without Use ('Unused Variable')", + status: 'Draft', + }, + { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, + { + id: 'CWE-565', + name: 'Reliance on Cookies without Validation and Integrity Checking', + status: 'Incomplete', + }, + { + id: 'CWE-566', + name: 'Authorization Bypass Through User-Controlled SQL Primary Key', + status: 'Incomplete', + }, + { + id: 'CWE-567', + name: 'Unsynchronized Access to Shared Data in a Multithreaded Context', + status: 'Draft', + }, + { + id: 'CWE-568', + name: 'finalize() Method Without super.finalize()', + status: 'Draft', + }, + { + id: 'CWE-57', + name: "Path Equivalence: 'fakedir/../realdir/filename'", + status: 'Incomplete', + }, + { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, + { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, + { + id: 'CWE-572', + name: 'Call to Thread run() instead of start()', + status: 'Draft', + }, + { + id: 'CWE-573', + name: 'Improper Following of Specification by Caller', + status: 'Draft', + }, + { + id: 'CWE-574', + name: 'EJB Bad Practices: Use of Synchronization Primitives', + status: 'Draft', + }, + { + id: 'CWE-575', + name: 'EJB Bad Practices: Use of AWT Swing', + status: 'Draft', + }, + { + id: 'CWE-576', + name: 'EJB Bad Practices: Use of Java I/O', + status: 'Draft', + }, + { + id: 'CWE-577', + name: 'EJB Bad Practices: Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-578', + name: 'EJB Bad Practices: Use of Class Loader', + status: 'Draft', + }, + { + id: 'CWE-579', + name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', + status: 'Draft', + }, + { + id: 'CWE-58', + name: 'Path Equivalence: Windows 8.3 Filename', + status: 'Incomplete', + }, + { + id: 'CWE-580', + name: 'clone() Method Without super.clone()', + status: 'Draft', + }, + { + id: 'CWE-581', + name: 'Object Model Violation: Just One of Equals and Hashcode Defined', + status: 'Draft', + }, + { + id: 'CWE-582', + name: 'Array Declared Public, Final, and Static', + status: 'Draft', + }, + { + id: 'CWE-583', + name: 'finalize() Method Declared Public', + status: 'Incomplete', + }, + { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, + { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, + { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, + { + id: 'CWE-587', + name: 'Assignment of a Fixed Address to a Pointer', + status: 'Draft', + }, + { + id: 'CWE-588', + name: 'Attempt to Access Child of a Non-structure Pointer', + status: 'Incomplete', + }, + { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, + { + id: 'CWE-59', + name: "Improper Link Resolution Before File Access ('Link Following')", + status: 'Draft', + }, + { + id: 'CWE-590', + name: 'Free of Memory not on the Heap', + status: 'Incomplete', + }, + { + id: 'CWE-591', + name: 'Sensitive Data Storage in Improperly Locked Memory', + status: 'Draft', + }, + { + id: 'CWE-592', + name: 'DEPRECATED: Authentication Bypass Issues', + status: 'Deprecated', + }, + { + id: 'CWE-593', + name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', + status: 'Draft', + }, + { + id: 'CWE-594', + name: 'J2EE Framework: Saving Unserializable Objects to Disk', + status: 'Incomplete', + }, + { + id: 'CWE-595', + name: 'Comparison of Object References Instead of Object Contents', + status: 'Incomplete', + }, + { + id: 'CWE-596', + name: 'Incorrect Semantic Object Comparison', + status: 'Incomplete', + }, + { + id: 'CWE-597', + name: 'Use of Wrong Operator in String Comparison', + status: 'Draft', + }, + { + id: 'CWE-598', + name: 'Information Exposure Through Query Strings in GET Request', + status: 'Draft', + }, + { + id: 'CWE-599', + name: 'Missing Validation of OpenSSL Certificate', + status: 'Incomplete', + }, + { + id: 'CWE-6', + name: 'J2EE Misconfiguration: Insufficient Session-ID Length', + status: 'Incomplete', + }, + { id: 'CWE-600', name: 'Uncaught Exception in Servlet ', status: 'Draft' }, + { + id: 'CWE-601', + name: "URL Redirection to Untrusted Site ('Open Redirect')", + status: 'Draft', + }, + { + id: 'CWE-602', + name: 'Client-Side Enforcement of Server-Side Security', + status: 'Draft', + }, + { + id: 'CWE-603', + name: 'Use of Client-Side Authentication', + status: 'Draft', + }, + { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, + { + id: 'CWE-606', + name: 'Unchecked Input for Loop Condition', + status: 'Draft', + }, + { + id: 'CWE-607', + name: 'Public Static Final Field References Mutable Object', + status: 'Draft', + }, + { + id: 'CWE-608', + name: 'Struts: Non-private Field in ActionForm Class', + status: 'Draft', + }, + { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, + { + id: 'CWE-61', + name: 'UNIX Symbolic Link (Symlink) Following', + status: 'Incomplete', + }, + { + id: 'CWE-610', + name: 'Externally Controlled Reference to a Resource in Another Sphere', + status: 'Draft', + }, + { + id: 'CWE-611', + name: "Improper Restriction of XML External Entity Reference ('XXE')", + status: 'Draft', + }, + { + id: 'CWE-612', + name: 'Information Exposure Through Indexing of Private Data', + status: 'Draft', + }, + { + id: 'CWE-613', + name: 'Insufficient Session Expiration', + status: 'Incomplete', + }, + { + id: 'CWE-614', + name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", + status: 'Draft', + }, + { + id: 'CWE-615', + name: 'Information Exposure Through Comments', + status: 'Incomplete', + }, + { + id: 'CWE-616', + name: 'Incomplete Identification of Uploaded File Variables (PHP)', + status: 'Incomplete', + }, + { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, + { + id: 'CWE-618', + name: 'Exposed Unsafe ActiveX Method', + status: 'Incomplete', + }, + { + id: 'CWE-619', + name: "Dangling Database Cursor ('Cursor Injection')", + status: 'Incomplete', + }, + { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, + { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, + { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, + { + id: 'CWE-622', + name: 'Improper Validation of Function Hook Arguments', + status: 'Draft', + }, + { + id: 'CWE-623', + name: 'Unsafe ActiveX Control Marked Safe For Scripting', + status: 'Draft', + }, + { + id: 'CWE-624', + name: 'Executable Regular Expression Error', + status: 'Incomplete', + }, + { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, + { + id: 'CWE-626', + name: 'Null Byte Interaction Error (Poison Null Byte)', + status: 'Draft', + }, + { + id: 'CWE-627', + name: 'Dynamic Variable Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-628', + name: 'Function Call with Incorrectly Specified Arguments', + status: 'Draft', + }, + { + id: 'CWE-636', + name: "Not Failing Securely ('Failing Open')", + status: 'Draft', + }, + { + id: 'CWE-637', + name: "Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')", + status: 'Draft', + }, + { id: 'CWE-638', name: 'Not Using Complete Mediation', status: 'Draft' }, + { + id: 'CWE-639', + name: 'Authorization Bypass Through User-Controlled Key', + status: 'Incomplete', + }, + { + id: 'CWE-64', + name: 'Windows Shortcut Following (.LNK)', + status: 'Incomplete', + }, + { + id: 'CWE-640', + name: 'Weak Password Recovery Mechanism for Forgotten Password', + status: 'Incomplete', + }, + { + id: 'CWE-641', + name: 'Improper Restriction of Names for Files and Other Resources', + status: 'Incomplete', + }, + { + id: 'CWE-642', + name: 'External Control of Critical State Data', + status: 'Draft', + }, + { + id: 'CWE-643', + name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-644', + name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', + status: 'Incomplete', + }, + { + id: 'CWE-645', + name: 'Overly Restrictive Account Lockout Mechanism', + status: 'Incomplete', + }, + { + id: 'CWE-646', + name: 'Reliance on File Name or Extension of Externally-Supplied File', + status: 'Incomplete', + }, + { + id: 'CWE-647', + name: 'Use of Non-Canonical URL Paths for Authorization Decisions', + status: 'Incomplete', + }, + { + id: 'CWE-648', + name: 'Incorrect Use of Privileged APIs', + status: 'Incomplete', + }, + { + id: 'CWE-649', + name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', + status: 'Incomplete', + }, + { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, + { + id: 'CWE-650', + name: 'Trusting HTTP Permission Methods on the Server Side', + status: 'Incomplete', + }, + { + id: 'CWE-651', + name: 'Information Exposure Through WSDL File', + status: 'Incomplete', + }, + { + id: 'CWE-652', + name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-653', + name: 'Insufficient Compartmentalization', + status: 'Draft', + }, + { + id: 'CWE-654', + name: 'Reliance on a Single Factor in a Security Decision', + status: 'Draft', + }, + { + id: 'CWE-655', + name: 'Insufficient Psychological Acceptability', + status: 'Draft', + }, + { + id: 'CWE-656', + name: 'Reliance on Security Through Obscurity', + status: 'Draft', + }, + { + id: 'CWE-657', + name: 'Violation of Secure Design Principles', + status: 'Draft', + }, + { + id: 'CWE-66', + name: 'Improper Handling of File Names that Identify Virtual Resources', + status: 'Draft', + }, + { id: 'CWE-662', name: 'Improper Synchronization', status: 'Draft' }, + { + id: 'CWE-663', + name: 'Use of a Non-reentrant Function in a Concurrent Context', + status: 'Draft', + }, + { + id: 'CWE-664', + name: 'Improper Control of a Resource Through its Lifetime', + status: 'Draft', + }, + { id: 'CWE-665', name: 'Improper Initialization', status: 'Draft' }, + { + id: 'CWE-666', + name: 'Operation on Resource in Wrong Phase of Lifetime', + status: 'Draft', + }, + { id: 'CWE-667', name: 'Improper Locking', status: 'Draft' }, + { + id: 'CWE-668', + name: 'Exposure of Resource to Wrong Sphere', + status: 'Draft', + }, + { + id: 'CWE-669', + name: 'Incorrect Resource Transfer Between Spheres', + status: 'Draft', + }, + { + id: 'CWE-67', + name: 'Improper Handling of Windows Device Names', + status: 'Incomplete', + }, + { + id: 'CWE-670', + name: 'Always-Incorrect Control Flow Implementation', + status: 'Draft', + }, + { + id: 'CWE-671', + name: 'Lack of Administrator Control over Security', + status: 'Draft', + }, + { + id: 'CWE-672', + name: 'Operation on a Resource after Expiration or Release', + status: 'Draft', + }, + { + id: 'CWE-673', + name: 'External Influence of Sphere Definition', + status: 'Draft', + }, + { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, + { + id: 'CWE-675', + name: 'Duplicate Operations on Resource', + status: 'Draft', + }, + { + id: 'CWE-676', + name: 'Use of Potentially Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-680', + name: 'Integer Overflow to Buffer Overflow', + status: 'Draft', + }, + { + id: 'CWE-681', + name: 'Incorrect Conversion between Numeric Types', + status: 'Draft', + }, + { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, + { + id: 'CWE-683', + name: 'Function Call With Incorrect Order of Arguments', + status: 'Draft', + }, + { + id: 'CWE-684', + name: 'Incorrect Provision of Specified Functionality', + status: 'Draft', + }, + { + id: 'CWE-685', + name: 'Function Call With Incorrect Number of Arguments', + status: 'Draft', + }, + { + id: 'CWE-686', + name: 'Function Call With Incorrect Argument Type', + status: 'Draft', + }, + { + id: 'CWE-687', + name: 'Function Call With Incorrectly Specified Argument Value', + status: 'Draft', + }, + { + id: 'CWE-688', + name: 'Function Call With Incorrect Variable or Reference as Argument', + status: 'Draft', + }, + { + id: 'CWE-689', + name: 'Permission Race Condition During Resource Copy', + status: 'Draft', + }, + { + id: 'CWE-69', + name: 'Improper Handling of Windows ::DATA Alternate Data Stream', + status: 'Incomplete', + }, + { + id: 'CWE-690', + name: 'Unchecked Return Value to NULL Pointer Dereference', + status: 'Draft', + }, + { + id: 'CWE-691', + name: 'Insufficient Control Flow Management', + status: 'Draft', + }, + { + id: 'CWE-692', + name: 'Incomplete Blacklist to Cross-Site Scripting', + status: 'Draft', + }, + { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, + { + id: 'CWE-694', + name: 'Use of Multiple Resources with Duplicate Identifier', + status: 'Incomplete', + }, + { + id: 'CWE-695', + name: 'Use of Low-Level Functionality', + status: 'Incomplete', + }, + { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, + { id: 'CWE-697', name: 'Insufficient Comparison', status: 'Incomplete' }, + { + id: 'CWE-698', + name: 'Execution After Redirect (EAR)', + status: 'Incomplete', + }, + { + id: 'CWE-7', + name: 'J2EE Misconfiguration: Missing Custom Error Page', + status: 'Incomplete', + }, + { + id: 'CWE-703', + name: 'Improper Check or Handling of Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-704', + name: 'Incorrect Type Conversion or Cast', + status: 'Incomplete', + }, + { + id: 'CWE-705', + name: 'Incorrect Control Flow Scoping', + status: 'Incomplete', + }, + { + id: 'CWE-706', + name: 'Use of Incorrectly-Resolved Name or Reference', + status: 'Incomplete', + }, + { + id: 'CWE-707', + name: 'Improper Enforcement of Message or Data Structure', + status: 'Incomplete', + }, + { + id: 'CWE-708', + name: 'Incorrect Ownership Assignment', + status: 'Incomplete', + }, + { id: 'CWE-71', name: "Apple '.DS_Store'", status: 'Incomplete' }, + { id: 'CWE-710', name: 'Coding Standards Violation', status: 'Incomplete' }, + { + id: 'CWE-72', + name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', + status: 'Incomplete', + }, + { + id: 'CWE-73', + name: 'External Control of File Name or Path', + status: 'Draft', + }, + { + id: 'CWE-732', + name: 'Incorrect Permission Assignment for Critical Resource', + status: 'Draft', + }, + { + id: 'CWE-733', + name: 'Compiler Optimization Removal or Modification of Security-critical Code', + status: 'Incomplete', + }, + { + id: 'CWE-74', + name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-749', + name: 'Exposed Dangerous Method or Function', + status: 'Incomplete', + }, + { + id: 'CWE-75', + name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', + status: 'Draft', + }, + { + id: 'CWE-754', + name: 'Improper Check for Unusual or Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-755', + name: 'Improper Handling of Exceptional Conditions', + status: 'Incomplete', + }, + { id: 'CWE-756', name: 'Missing Custom Error Page', status: 'Incomplete' }, + { + id: 'CWE-757', + name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", + status: 'Incomplete', + }, + { + id: 'CWE-758', + name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', + status: 'Incomplete', + }, + { + id: 'CWE-759', + name: 'Use of a One-Way Hash without a Salt', + status: 'Incomplete', + }, + { + id: 'CWE-76', + name: 'Improper Neutralization of Equivalent Special Elements', + status: 'Draft', + }, + { + id: 'CWE-760', + name: 'Use of a One-Way Hash with a Predictable Salt', + status: 'Incomplete', + }, + { + id: 'CWE-761', + name: 'Free of Pointer not at Start of Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-762', + name: 'Mismatched Memory Management Routines', + status: 'Incomplete', + }, + { + id: 'CWE-763', + name: 'Release of Invalid Pointer or Reference', + status: 'Incomplete', + }, + { + id: 'CWE-764', + name: 'Multiple Locks of a Critical Resource', + status: 'Incomplete', + }, + { + id: 'CWE-765', + name: 'Multiple Unlocks of a Critical Resource', + status: 'Incomplete', + }, + { + id: 'CWE-766', + name: 'Critical Variable Declared Public', + status: 'Incomplete', + }, + { + id: 'CWE-767', + name: 'Access to Critical Private Variable via Public Method', + status: 'Incomplete', + }, + { + id: 'CWE-768', + name: 'Incorrect Short Circuit Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-77', + name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", + status: 'Draft', + }, + { + id: 'CWE-770', + name: 'Allocation of Resources Without Limits or Throttling', + status: 'Incomplete', + }, + { + id: 'CWE-771', + name: 'Missing Reference to Active Allocated Resource', + status: 'Incomplete', + }, + { + id: 'CWE-772', + name: 'Missing Release of Resource after Effective Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-773', + name: 'Missing Reference to Active File Descriptor or Handle', + status: 'Incomplete', + }, + { + id: 'CWE-774', + name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', + status: 'Incomplete', + }, + { + id: 'CWE-775', + name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-776', + name: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", + status: 'Draft', + }, + { + id: 'CWE-777', + name: 'Regular Expression without Anchors', + status: 'Incomplete', + }, + { id: 'CWE-778', name: 'Insufficient Logging', status: 'Draft' }, + { id: 'CWE-779', name: 'Logging of Excessive Data', status: 'Draft' }, + { + id: 'CWE-78', + name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", + status: 'Draft', + }, + { + id: 'CWE-780', + name: 'Use of RSA Algorithm without OAEP', + status: 'Incomplete', + }, + { + id: 'CWE-781', + name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', + status: 'Draft', + }, + { + id: 'CWE-782', + name: 'Exposed IOCTL with Insufficient Access Control', + status: 'Draft', + }, + { id: 'CWE-783', name: 'Operator Precedence Logic Error', status: 'Draft' }, + { + id: 'CWE-784', + name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', + status: 'Draft', + }, + { + id: 'CWE-785', + name: 'Use of Path Manipulation Function without Maximum-sized Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-786', + name: 'Access of Memory Location Before Start of Buffer', + status: 'Incomplete', + }, + { id: 'CWE-787', name: 'Out-of-bounds Write', status: 'Incomplete' }, + { + id: 'CWE-788', + name: 'Access of Memory Location After End of Buffer', + status: 'Incomplete', + }, + { id: 'CWE-789', name: 'Uncontrolled Memory Allocation', status: 'Draft' }, + { + id: 'CWE-79', + name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + status: 'Usable', + }, + { + id: 'CWE-790', + name: 'Improper Filtering of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-791', + name: 'Incomplete Filtering of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-792', + name: 'Incomplete Filtering of One or More Instances of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-793', + name: 'Only Filtering One Instance of a Special Element', + status: 'Incomplete', + }, + { + id: 'CWE-794', + name: 'Incomplete Filtering of Multiple Instances of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-795', + name: 'Only Filtering Special Elements at a Specified Location', + status: 'Incomplete', + }, + { + id: 'CWE-796', + name: 'Only Filtering Special Elements Relative to a Marker', + status: 'Incomplete', + }, + { + id: 'CWE-797', + name: 'Only Filtering Special Elements at an Absolute Position', + status: 'Incomplete', + }, + { + id: 'CWE-798', + name: 'Use of Hard-coded Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-799', + name: 'Improper Control of Interaction Frequency', + status: 'Incomplete', + }, + { + id: 'CWE-8', + name: 'J2EE Misconfiguration: Entity Bean Declared Remote', + status: 'Incomplete', + }, + { + id: 'CWE-80', + name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', + status: 'Incomplete', + }, + { id: 'CWE-804', name: 'Guessable CAPTCHA', status: 'Incomplete' }, + { + id: 'CWE-805', + name: 'Buffer Access with Incorrect Length Value', + status: 'Incomplete', + }, + { + id: 'CWE-806', + name: 'Buffer Access Using Size of Source Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-807', + name: 'Reliance on Untrusted Inputs in a Security Decision', + status: 'Incomplete', + }, + { + id: 'CWE-81', + name: 'Improper Neutralization of Script in an Error Message Web Page', + status: 'Incomplete', + }, + { + id: 'CWE-82', + name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', + status: 'Incomplete', + }, + { id: 'CWE-820', name: 'Missing Synchronization', status: 'Incomplete' }, + { id: 'CWE-821', name: 'Incorrect Synchronization', status: 'Incomplete' }, + { + id: 'CWE-822', + name: 'Untrusted Pointer Dereference', + status: 'Incomplete', + }, + { + id: 'CWE-823', + name: 'Use of Out-of-range Pointer Offset', + status: 'Incomplete', + }, + { + id: 'CWE-824', + name: 'Access of Uninitialized Pointer', + status: 'Incomplete', + }, + { + id: 'CWE-825', + name: 'Expired Pointer Dereference', + status: 'Incomplete', + }, + { + id: 'CWE-826', + name: 'Premature Release of Resource During Expected Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-827', + name: 'Improper Control of Document Type Definition', + status: 'Incomplete', + }, + { + id: 'CWE-828', + name: 'Signal Handler with Functionality that is not Asynchronous-Safe', + status: 'Incomplete', + }, + { + id: 'CWE-829', + name: 'Inclusion of Functionality from Untrusted Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-83', + name: 'Improper Neutralization of Script in Attributes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-830', + name: 'Inclusion of Web Functionality from an Untrusted Source', + status: 'Incomplete', + }, + { + id: 'CWE-831', + name: 'Signal Handler Function Associated with Multiple Signals', + status: 'Incomplete', + }, + { + id: 'CWE-832', + name: 'Unlock of a Resource that is not Locked', + status: 'Incomplete', + }, + { id: 'CWE-833', name: 'Deadlock', status: 'Incomplete' }, + { id: 'CWE-834', name: 'Excessive Iteration', status: 'Incomplete' }, + { + id: 'CWE-835', + name: "Loop with Unreachable Exit Condition ('Infinite Loop')", + status: 'Incomplete', + }, + { + id: 'CWE-836', + name: 'Use of Password Hash Instead of Password for Authentication', + status: 'Incomplete', + }, + { + id: 'CWE-837', + name: 'Improper Enforcement of a Single, Unique Action', + status: 'Incomplete', + }, + { + id: 'CWE-838', + name: 'Inappropriate Encoding for Output Context', + status: 'Incomplete', + }, + { + id: 'CWE-839', + name: 'Numeric Range Comparison Without Minimum Check', + status: 'Incomplete', + }, + { + id: 'CWE-84', + name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-841', + name: 'Improper Enforcement of Behavioral Workflow', + status: 'Incomplete', + }, + { + id: 'CWE-842', + name: 'Placement of User into Incorrect Group', + status: 'Incomplete', + }, + { + id: 'CWE-843', + name: "Access of Resource Using Incompatible Type ('Type Confusion')", + status: 'Incomplete', + }, + { + id: 'CWE-85', + name: 'Doubled Character XSS Manipulations', + status: 'Draft', + }, + { + id: 'CWE-86', + name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', + status: 'Draft', + }, + { id: 'CWE-862', name: 'Missing Authorization', status: 'Incomplete' }, + { id: 'CWE-863', name: 'Incorrect Authorization', status: 'Incomplete' }, + { + id: 'CWE-87', + name: 'Improper Neutralization of Alternate XSS Syntax', + status: 'Draft', + }, + { + id: 'CWE-88', + name: 'Argument Injection or Modification', + status: 'Draft', + }, + { + id: 'CWE-89', + name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + status: 'Draft', + }, + { + id: 'CWE-9', + name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', + status: 'Draft', + }, + { + id: 'CWE-90', + name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", + status: 'Draft', + }, + { + id: 'CWE-908', + name: 'Use of Uninitialized Resource', + status: 'Incomplete', + }, + { + id: 'CWE-909', + name: 'Missing Initialization of Resource', + status: 'Incomplete', + }, + { + id: 'CWE-91', + name: 'XML Injection (aka Blind XPath Injection)', + status: 'Draft', + }, + { + id: 'CWE-910', + name: 'Use of Expired File Descriptor', + status: 'Incomplete', + }, + { + id: 'CWE-911', + name: 'Improper Update of Reference Count', + status: 'Incomplete', + }, + { id: 'CWE-912', name: 'Hidden Functionality', status: 'Incomplete' }, + { + id: 'CWE-913', + name: 'Improper Control of Dynamically-Managed Code Resources', + status: 'Incomplete', + }, + { + id: 'CWE-914', + name: 'Improper Control of Dynamically-Identified Variables', + status: 'Incomplete', + }, + { + id: 'CWE-915', + name: 'Improperly Controlled Modification of Dynamically-Determined Object Attributes', + status: 'Incomplete', + }, + { + id: 'CWE-916', + name: 'Use of Password Hash With Insufficient Computational Effort', + status: 'Incomplete', + }, + { + id: 'CWE-917', + name: "Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-918', + name: 'Server-Side Request Forgery (SSRF)', + status: 'Incomplete', + }, + { + id: 'CWE-92', + name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', + status: 'Deprecated', + }, + { + id: 'CWE-920', + name: 'Improper Restriction of Power Consumption', + status: 'Incomplete', + }, + { + id: 'CWE-921', + name: 'Storage of Sensitive Data in a Mechanism without Access Control', + status: 'Incomplete', + }, + { + id: 'CWE-922', + name: 'Insecure Storage of Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-923', + name: 'Improper Restriction of Communication Channel to Intended Endpoints', + status: 'Incomplete', + }, + { + id: 'CWE-924', + name: 'Improper Enforcement of Message Integrity During Transmission in a Communication Channel', + status: 'Incomplete', + }, + { + id: 'CWE-925', + name: 'Improper Verification of Intent by Broadcast Receiver', + status: 'Incomplete', + }, + { + id: 'CWE-926', + name: 'Improper Export of Android Application Components', + status: 'Incomplete', + }, + { + id: 'CWE-927', + name: 'Use of Implicit Intent for Sensitive Communication', + status: 'Incomplete', + }, + { + id: 'CWE-93', + name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", + status: 'Draft', + }, + { + id: 'CWE-939', + name: 'Improper Authorization in Handler for Custom URL Scheme', + status: 'Incomplete', + }, + { + id: 'CWE-94', + name: "Improper Control of Generation of Code ('Code Injection')", + status: 'Draft', + }, + { + id: 'CWE-940', + name: 'Improper Verification of Source of a Communication Channel', + status: 'Incomplete', + }, + { + id: 'CWE-941', + name: 'Incorrectly Specified Destination in a Communication Channel', + status: 'Incomplete', + }, + { + id: 'CWE-942', + name: 'Overly Permissive Cross-domain Whitelist', + status: 'Incomplete', + }, + { + id: 'CWE-943', + name: 'Improper Neutralization of Special Elements in Data Query Logic', + status: 'Incomplete', + }, + { + id: 'CWE-95', + name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-96', + name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", + status: 'Draft', + }, + { + id: 'CWE-97', + name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', + status: 'Draft', + }, + { + id: 'CWE-98', + name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", + status: 'Draft', + }, + { + id: 'CWE-99', + name: "Improper Control of Resource Identifiers ('Resource Injection')", + status: 'Draft', + }, + ], +} diff --git a/lib/cwec/2.12.js b/lib/cwec/2.12.js new file mode 100644 index 00000000..8f90f802 --- /dev/null +++ b/lib/cwec/2.12.js @@ -0,0 +1,3046 @@ +export default { + weaknesses: [ + { + id: 'CWE-1004', + name: "Sensitive Cookie Without 'HttpOnly' Flag", + status: 'Incomplete', + }, + { + id: 'CWE-1007', + name: 'Insufficient Visual Distinction of Homoglyphs Presented to User', + status: 'Incomplete', + }, + { + id: 'CWE-102', + name: 'Struts: Duplicate Validation Forms', + status: 'Incomplete', + }, + { + id: 'CWE-1021', + name: 'Improper Restriction of Rendered UI Layers or Frames', + status: 'Incomplete', + }, + { + id: 'CWE-1022', + name: 'Improper Restriction of Cross-Origin Permission to window.opener.location', + status: 'Draft', + }, + { + id: 'CWE-103', + name: 'Struts: Incomplete validate() Method Definition', + status: 'Draft', + }, + { + id: 'CWE-104', + name: 'Struts: Form Bean Does Not Extend Validation Class', + status: 'Draft', + }, + { + id: 'CWE-105', + name: 'Struts: Form Field Without Validator', + status: 'Draft', + }, + { + id: 'CWE-106', + name: 'Struts: Plug-in Framework not in Use', + status: 'Draft', + }, + { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, + { + id: 'CWE-108', + name: 'Struts: Unvalidated Action Form', + status: 'Incomplete', + }, + { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, + { + id: 'CWE-11', + name: 'ASP.NET Misconfiguration: Creating Debug Binary', + status: 'Draft', + }, + { + id: 'CWE-110', + name: 'Struts: Validator Without Form Field', + status: 'Draft', + }, + { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, + { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, + { + id: 'CWE-113', + name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')", + status: 'Incomplete', + }, + { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, + { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, + { + id: 'CWE-116', + name: 'Improper Encoding or Escaping of Output', + status: 'Draft', + }, + { + id: 'CWE-117', + name: 'Improper Output Neutralization for Logs', + status: 'Draft', + }, + { + id: 'CWE-118', + name: "Incorrect Access of Indexable Resource ('Range Error')", + status: 'Incomplete', + }, + { + id: 'CWE-119', + name: 'Improper Restriction of Operations within the Bounds of a Memory Buffer', + status: 'Usable', + }, + { + id: 'CWE-12', + name: 'ASP.NET Misconfiguration: Missing Custom Error Page', + status: 'Draft', + }, + { + id: 'CWE-120', + name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", + status: 'Incomplete', + }, + { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, + { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, + { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, + { + id: 'CWE-124', + name: "Buffer Underwrite ('Buffer Underflow')", + status: 'Incomplete', + }, + { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, + { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, + { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, + { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, + { + id: 'CWE-129', + name: 'Improper Validation of Array Index', + status: 'Draft', + }, + { + id: 'CWE-13', + name: 'ASP.NET Misconfiguration: Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-130', + name: 'Improper Handling of Length Parameter Inconsistency ', + status: 'Incomplete', + }, + { + id: 'CWE-131', + name: 'Incorrect Calculation of Buffer Size', + status: 'Draft', + }, + { + id: 'CWE-132', + name: 'DEPRECATED (Duplicate): Miscalculated Null Termination', + status: 'Deprecated', + }, + { + id: 'CWE-134', + name: 'Use of Externally-Controlled Format String', + status: 'Draft', + }, + { + id: 'CWE-135', + name: 'Incorrect Calculation of Multi-Byte String Length', + status: 'Draft', + }, + { + id: 'CWE-138', + name: 'Improper Neutralization of Special Elements', + status: 'Draft', + }, + { + id: 'CWE-14', + name: 'Compiler Removal of Code to Clear Buffers', + status: 'Draft', + }, + { + id: 'CWE-140', + name: 'Improper Neutralization of Delimiters', + status: 'Draft', + }, + { + id: 'CWE-141', + name: 'Improper Neutralization of Parameter/Argument Delimiters', + status: 'Draft', + }, + { + id: 'CWE-142', + name: 'Improper Neutralization of Value Delimiters', + status: 'Draft', + }, + { + id: 'CWE-143', + name: 'Improper Neutralization of Record Delimiters', + status: 'Draft', + }, + { + id: 'CWE-144', + name: 'Improper Neutralization of Line Delimiters', + status: 'Draft', + }, + { + id: 'CWE-145', + name: 'Improper Neutralization of Section Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-146', + name: 'Improper Neutralization of Expression/Command Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-147', + name: 'Improper Neutralization of Input Terminators', + status: 'Draft', + }, + { + id: 'CWE-148', + name: 'Improper Neutralization of Input Leaders', + status: 'Draft', + }, + { + id: 'CWE-149', + name: 'Improper Neutralization of Quoting Syntax', + status: 'Draft', + }, + { + id: 'CWE-15', + name: 'External Control of System or Configuration Setting', + status: 'Incomplete', + }, + { + id: 'CWE-150', + name: 'Improper Neutralization of Escape, Meta, or Control Sequences', + status: 'Incomplete', + }, + { + id: 'CWE-151', + name: 'Improper Neutralization of Comment Delimiters', + status: 'Draft', + }, + { + id: 'CWE-152', + name: 'Improper Neutralization of Macro Symbols', + status: 'Draft', + }, + { + id: 'CWE-153', + name: 'Improper Neutralization of Substitution Characters', + status: 'Draft', + }, + { + id: 'CWE-154', + name: 'Improper Neutralization of Variable Name Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-155', + name: 'Improper Neutralization of Wildcards or Matching Symbols', + status: 'Draft', + }, + { + id: 'CWE-156', + name: 'Improper Neutralization of Whitespace', + status: 'Draft', + }, + { + id: 'CWE-157', + name: 'Failure to Sanitize Paired Delimiters', + status: 'Draft', + }, + { + id: 'CWE-158', + name: 'Improper Neutralization of Null Byte or NUL Character', + status: 'Incomplete', + }, + { + id: 'CWE-159', + name: 'Failure to Sanitize Special Element', + status: 'Draft', + }, + { + id: 'CWE-160', + name: 'Improper Neutralization of Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-161', + name: 'Improper Neutralization of Multiple Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-162', + name: 'Improper Neutralization of Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-163', + name: 'Improper Neutralization of Multiple Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-164', + name: 'Improper Neutralization of Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-165', + name: 'Improper Neutralization of Multiple Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-166', + name: 'Improper Handling of Missing Special Element', + status: 'Draft', + }, + { + id: 'CWE-167', + name: 'Improper Handling of Additional Special Element', + status: 'Draft', + }, + { + id: 'CWE-168', + name: 'Improper Handling of Inconsistent Special Elements', + status: 'Draft', + }, + { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, + { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, + { + id: 'CWE-173', + name: 'Improper Handling of Alternate Encoding', + status: 'Draft', + }, + { + id: 'CWE-174', + name: 'Double Decoding of the Same Data', + status: 'Draft', + }, + { + id: 'CWE-175', + name: 'Improper Handling of Mixed Encoding', + status: 'Draft', + }, + { + id: 'CWE-176', + name: 'Improper Handling of Unicode Encoding', + status: 'Draft', + }, + { + id: 'CWE-177', + name: 'Improper Handling of URL Encoding (Hex Encoding)', + status: 'Draft', + }, + { + id: 'CWE-178', + name: 'Improper Handling of Case Sensitivity', + status: 'Incomplete', + }, + { + id: 'CWE-179', + name: 'Incorrect Behavior Order: Early Validation', + status: 'Incomplete', + }, + { + id: 'CWE-180', + name: 'Incorrect Behavior Order: Validate Before Canonicalize', + status: 'Draft', + }, + { + id: 'CWE-181', + name: 'Incorrect Behavior Order: Validate Before Filter', + status: 'Draft', + }, + { + id: 'CWE-182', + name: 'Collapse of Data into Unsafe Value', + status: 'Draft', + }, + { id: 'CWE-183', name: 'Permissive Whitelist', status: 'Draft' }, + { id: 'CWE-184', name: 'Incomplete Blacklist', status: 'Draft' }, + { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, + { + id: 'CWE-186', + name: 'Overly Restrictive Regular Expression', + status: 'Draft', + }, + { id: 'CWE-187', name: 'Partial Comparison', status: 'Incomplete' }, + { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, + { + id: 'CWE-190', + name: 'Integer Overflow or Wraparound', + status: 'Incomplete', + }, + { + id: 'CWE-191', + name: 'Integer Underflow (Wrap or Wraparound)', + status: 'Draft', + }, + { id: 'CWE-192', name: 'Integer Coercion Error', status: 'Incomplete' }, + { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, + { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, + { + id: 'CWE-195', + name: 'Signed to Unsigned Conversion Error', + status: 'Draft', + }, + { + id: 'CWE-196', + name: 'Unsigned to Signed Conversion Error', + status: 'Draft', + }, + { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, + { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, + { id: 'CWE-20', name: 'Improper Input Validation', status: 'Usable' }, + { id: 'CWE-200', name: 'Information Exposure', status: 'Incomplete' }, + { + id: 'CWE-201', + name: 'Information Exposure Through Sent Data', + status: 'Draft', + }, + { + id: 'CWE-202', + name: 'Exposure of Sensitive Data Through Data Queries', + status: 'Draft', + }, + { + id: 'CWE-203', + name: 'Information Exposure Through Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-204', + name: 'Response Discrepancy Information Exposure', + status: 'Incomplete', + }, + { + id: 'CWE-205', + name: 'Information Exposure Through Behavioral Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-206', + name: 'Information Exposure of Internal State Through Behavioral Inconsistency', + status: 'Incomplete', + }, + { + id: 'CWE-207', + name: 'Information Exposure Through an External Behavioral Inconsistency', + status: 'Draft', + }, + { + id: 'CWE-208', + name: 'Information Exposure Through Timing Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-209', + name: 'Information Exposure Through an Error Message', + status: 'Draft', + }, + { + id: 'CWE-210', + name: 'Information Exposure Through Self-generated Error Message', + status: 'Draft', + }, + { + id: 'CWE-211', + name: 'Information Exposure Through Externally-Generated Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-212', + name: 'Improper Cross-boundary Removal of Sensitive Data', + status: 'Incomplete', + }, + { + id: 'CWE-213', + name: 'Intentional Information Exposure', + status: 'Draft', + }, + { + id: 'CWE-214', + name: 'Information Exposure Through Process Environment', + status: 'Incomplete', + }, + { + id: 'CWE-215', + name: 'Information Exposure Through Debug Information', + status: 'Draft', + }, + { + id: 'CWE-216', + name: 'Containment Errors (Container Errors)', + status: 'Incomplete', + }, + { + id: 'CWE-217', + name: 'DEPRECATED: Failure to Protect Stored Data from Modification', + status: 'Deprecated', + }, + { + id: 'CWE-218', + name: 'DEPRECATED (Duplicate): Failure to provide confidentiality for stored data', + status: 'Deprecated', + }, + { id: 'CWE-219', name: 'Sensitive Data Under Web Root', status: 'Draft' }, + { + id: 'CWE-22', + name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + status: 'Draft', + }, + { id: 'CWE-220', name: 'Sensitive Data Under FTP Root', status: 'Draft' }, + { + id: 'CWE-221', + name: 'Information Loss or Omission', + status: 'Incomplete', + }, + { + id: 'CWE-222', + name: 'Truncation of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-223', + name: 'Omission of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-224', + name: 'Obscured Security-relevant Information by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-225', + name: 'DEPRECATED (Duplicate): General Information Management Problems', + status: 'Deprecated', + }, + { + id: 'CWE-226', + name: 'Sensitive Information Uncleared Before Release', + status: 'Draft', + }, + { + id: 'CWE-228', + name: 'Improper Handling of Syntactically Invalid Structure', + status: 'Incomplete', + }, + { + id: 'CWE-229', + name: 'Improper Handling of Values', + status: 'Incomplete', + }, + { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, + { + id: 'CWE-230', + name: 'Improper Handling of Missing Values', + status: 'Draft', + }, + { + id: 'CWE-231', + name: 'Improper Handling of Extra Values', + status: 'Draft', + }, + { + id: 'CWE-232', + name: 'Improper Handling of Undefined Values', + status: 'Draft', + }, + { + id: 'CWE-233', + name: 'Improper Handling of Parameters', + status: 'Incomplete', + }, + { + id: 'CWE-234', + name: 'Failure to Handle Missing Parameter', + status: 'Incomplete', + }, + { + id: 'CWE-235', + name: 'Improper Handling of Extra Parameters', + status: 'Draft', + }, + { + id: 'CWE-236', + name: 'Improper Handling of Undefined Parameters', + status: 'Draft', + }, + { + id: 'CWE-237', + name: 'Improper Handling of Structural Elements', + status: 'Incomplete', + }, + { + id: 'CWE-238', + name: 'Improper Handling of Incomplete Structural Elements', + status: 'Draft', + }, + { + id: 'CWE-239', + name: 'Failure to Handle Incomplete Element', + status: 'Draft', + }, + { + id: 'CWE-24', + name: "Path Traversal: '../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-240', + name: 'Improper Handling of Inconsistent Structural Elements', + status: 'Draft', + }, + { + id: 'CWE-241', + name: 'Improper Handling of Unexpected Data Type', + status: 'Draft', + }, + { + id: 'CWE-242', + name: 'Use of Inherently Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-243', + name: 'Creation of chroot Jail Without Changing Working Directory', + status: 'Draft', + }, + { + id: 'CWE-244', + name: "Improper Clearing of Heap Memory Before Release ('Heap Inspection')", + status: 'Draft', + }, + { + id: 'CWE-245', + name: 'J2EE Bad Practices: Direct Management of Connections', + status: 'Draft', + }, + { + id: 'CWE-246', + name: 'J2EE Bad Practices: Direct Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-247', + name: 'DEPRECATED (Duplicate): Reliance on DNS Lookups in a Security Decision', + status: 'Deprecated', + }, + { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, + { + id: 'CWE-249', + name: 'DEPRECATED: Often Misused: Path Manipulation', + status: 'Deprecated', + }, + { + id: 'CWE-25', + name: "Path Traversal: '/../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-250', + name: 'Execution with Unnecessary Privileges', + status: 'Draft', + }, + { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, + { + id: 'CWE-253', + name: 'Incorrect Check of Function Return Value', + status: 'Incomplete', + }, + { + id: 'CWE-256', + name: 'Plaintext Storage of a Password', + status: 'Incomplete', + }, + { + id: 'CWE-257', + name: 'Storing Passwords in a Recoverable Format', + status: 'Incomplete', + }, + { + id: 'CWE-258', + name: 'Empty Password in Configuration File', + status: 'Incomplete', + }, + { id: 'CWE-259', name: 'Use of Hard-coded Password', status: 'Draft' }, + { + id: 'CWE-26', + name: "Path Traversal: '/dir/../filename'", + status: 'Draft', + }, + { + id: 'CWE-260', + name: 'Password in Configuration File', + status: 'Incomplete', + }, + { + id: 'CWE-261', + name: 'Weak Cryptography for Passwords', + status: 'Incomplete', + }, + { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, + { + id: 'CWE-263', + name: 'Password Aging with Long Expiration', + status: 'Draft', + }, + { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, + { + id: 'CWE-267', + name: 'Privilege Defined With Unsafe Actions', + status: 'Incomplete', + }, + { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, + { + id: 'CWE-269', + name: 'Improper Privilege Management', + status: 'Incomplete', + }, + { + id: 'CWE-27', + name: "Path Traversal: 'dir/../../filename'", + status: 'Draft', + }, + { + id: 'CWE-270', + name: 'Privilege Context Switching Error', + status: 'Draft', + }, + { + id: 'CWE-271', + name: 'Privilege Dropping / Lowering Errors', + status: 'Incomplete', + }, + { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, + { + id: 'CWE-273', + name: 'Improper Check for Dropped Privileges', + status: 'Incomplete', + }, + { + id: 'CWE-274', + name: 'Improper Handling of Insufficient Privileges', + status: 'Draft', + }, + { id: 'CWE-276', name: 'Incorrect Default Permissions', status: 'Draft' }, + { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, + { + id: 'CWE-278', + name: 'Insecure Preserved Inherited Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-279', + name: 'Incorrect Execution-Assigned Permissions', + status: 'Draft', + }, + { + id: 'CWE-28', + name: "Path Traversal: '..\\filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-280', + name: 'Improper Handling of Insufficient Permissions or Privileges ', + status: 'Draft', + }, + { + id: 'CWE-281', + name: 'Improper Preservation of Permissions', + status: 'Draft', + }, + { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, + { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, + { id: 'CWE-284', name: 'Improper Access Control', status: 'Incomplete' }, + { id: 'CWE-285', name: 'Improper Authorization', status: 'Draft' }, + { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, + { id: 'CWE-287', name: 'Improper Authentication', status: 'Draft' }, + { + id: 'CWE-288', + name: 'Authentication Bypass Using an Alternate Path or Channel', + status: 'Incomplete', + }, + { + id: 'CWE-289', + name: 'Authentication Bypass by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-29', + name: "Path Traversal: '\\..\\filename'", + status: 'Incomplete', + }, + { + id: 'CWE-290', + name: 'Authentication Bypass by Spoofing', + status: 'Incomplete', + }, + { + id: 'CWE-291', + name: 'Reliance on IP Address for Authentication', + status: 'Incomplete', + }, + { + id: 'CWE-292', + name: 'DEPRECATED (Duplicate): Trusting Self-reported DNS Name', + status: 'Deprecated', + }, + { + id: 'CWE-293', + name: 'Using Referer Field for Authentication', + status: 'Draft', + }, + { + id: 'CWE-294', + name: 'Authentication Bypass by Capture-replay', + status: 'Incomplete', + }, + { + id: 'CWE-295', + name: 'Improper Certificate Validation', + status: 'Incomplete', + }, + { + id: 'CWE-296', + name: "Improper Following of a Certificate's Chain of Trust", + status: 'Draft', + }, + { + id: 'CWE-297', + name: 'Improper Validation of Certificate with Host Mismatch', + status: 'Incomplete', + }, + { + id: 'CWE-298', + name: 'Improper Validation of Certificate Expiration', + status: 'Draft', + }, + { + id: 'CWE-299', + name: 'Improper Check for Certificate Revocation', + status: 'Draft', + }, + { + id: 'CWE-30', + name: "Path Traversal: '\\dir\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-300', + name: "Channel Accessible by Non-Endpoint ('Man-in-the-Middle')", + status: 'Draft', + }, + { + id: 'CWE-301', + name: 'Reflection Attack in an Authentication Protocol', + status: 'Draft', + }, + { + id: 'CWE-302', + name: 'Authentication Bypass by Assumed-Immutable Data', + status: 'Incomplete', + }, + { + id: 'CWE-303', + name: 'Incorrect Implementation of Authentication Algorithm', + status: 'Draft', + }, + { + id: 'CWE-304', + name: 'Missing Critical Step in Authentication', + status: 'Draft', + }, + { + id: 'CWE-305', + name: 'Authentication Bypass by Primary Weakness', + status: 'Draft', + }, + { + id: 'CWE-306', + name: 'Missing Authentication for Critical Function', + status: 'Draft', + }, + { + id: 'CWE-307', + name: 'Improper Restriction of Excessive Authentication Attempts', + status: 'Draft', + }, + { + id: 'CWE-308', + name: 'Use of Single-factor Authentication', + status: 'Draft', + }, + { + id: 'CWE-309', + name: 'Use of Password System for Primary Authentication', + status: 'Draft', + }, + { + id: 'CWE-31', + name: "Path Traversal: 'dir\\..\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-311', + name: 'Missing Encryption of Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-312', + name: 'Cleartext Storage of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-313', + name: 'Cleartext Storage in a File or on Disk', + status: 'Draft', + }, + { + id: 'CWE-314', + name: 'Cleartext Storage in the Registry', + status: 'Draft', + }, + { + id: 'CWE-315', + name: 'Cleartext Storage of Sensitive Information in a Cookie', + status: 'Draft', + }, + { + id: 'CWE-316', + name: 'Cleartext Storage of Sensitive Information in Memory', + status: 'Draft', + }, + { + id: 'CWE-317', + name: 'Cleartext Storage of Sensitive Information in GUI', + status: 'Draft', + }, + { + id: 'CWE-318', + name: 'Cleartext Storage of Sensitive Information in Executable', + status: 'Draft', + }, + { + id: 'CWE-319', + name: 'Cleartext Transmission of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-32', + name: "Path Traversal: '...' (Triple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-321', + name: 'Use of Hard-coded Cryptographic Key', + status: 'Draft', + }, + { + id: 'CWE-322', + name: 'Key Exchange without Entity Authentication', + status: 'Draft', + }, + { + id: 'CWE-323', + name: 'Reusing a Nonce, Key Pair in Encryption', + status: 'Incomplete', + }, + { + id: 'CWE-324', + name: 'Use of a Key Past its Expiration Date', + status: 'Draft', + }, + { + id: 'CWE-325', + name: 'Missing Required Cryptographic Step', + status: 'Incomplete', + }, + { id: 'CWE-326', name: 'Inadequate Encryption Strength', status: 'Draft' }, + { + id: 'CWE-327', + name: 'Use of a Broken or Risky Cryptographic Algorithm', + status: 'Draft', + }, + { id: 'CWE-328', name: 'Reversible One-Way Hash', status: 'Draft' }, + { + id: 'CWE-329', + name: 'Not Using a Random IV with CBC Mode', + status: 'Draft', + }, + { + id: 'CWE-33', + name: "Path Traversal: '....' (Multiple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-330', + name: 'Use of Insufficiently Random Values', + status: 'Usable', + }, + { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, + { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, + { + id: 'CWE-333', + name: 'Improper Handling of Insufficient Entropy in TRNG', + status: 'Draft', + }, + { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, + { + id: 'CWE-335', + name: 'Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + }, + { + id: 'CWE-336', + name: 'Same Seed in Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + }, + { + id: 'CWE-337', + name: 'Predictable Seed in Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + }, + { + id: 'CWE-338', + name: 'Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + }, + { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, + { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, + { id: 'CWE-340', name: 'Predictability Problems', status: 'Incomplete' }, + { + id: 'CWE-341', + name: 'Predictable from Observable State', + status: 'Draft', + }, + { + id: 'CWE-342', + name: 'Predictable Exact Value from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-343', + name: 'Predictable Value Range from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-344', + name: 'Use of Invariant Value in Dynamically Changing Context', + status: 'Draft', + }, + { + id: 'CWE-345', + name: 'Insufficient Verification of Data Authenticity', + status: 'Draft', + }, + { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, + { + id: 'CWE-347', + name: 'Improper Verification of Cryptographic Signature', + status: 'Draft', + }, + { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, + { + id: 'CWE-349', + name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', + status: 'Draft', + }, + { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, + { + id: 'CWE-350', + name: 'Reliance on Reverse DNS Resolution for a Security-Critical Action', + status: 'Draft', + }, + { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, + { + id: 'CWE-353', + name: 'Missing Support for Integrity Check', + status: 'Draft', + }, + { + id: 'CWE-354', + name: 'Improper Validation of Integrity Check Value', + status: 'Draft', + }, + { + id: 'CWE-356', + name: 'Product UI does not Warn User of Unsafe Actions', + status: 'Incomplete', + }, + { + id: 'CWE-357', + name: 'Insufficient UI Warning of Dangerous Operations', + status: 'Draft', + }, + { + id: 'CWE-358', + name: 'Improperly Implemented Security Check for Standard', + status: 'Draft', + }, + { + id: 'CWE-359', + name: "Exposure of Private Information ('Privacy Violation')", + status: 'Incomplete', + }, + { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, + { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, + { + id: 'CWE-362', + name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", + status: 'Draft', + }, + { + id: 'CWE-363', + name: 'Race Condition Enabling Link Following', + status: 'Draft', + }, + { + id: 'CWE-364', + name: 'Signal Handler Race Condition', + status: 'Incomplete', + }, + { id: 'CWE-365', name: 'Race Condition in Switch', status: 'Draft' }, + { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, + { + id: 'CWE-367', + name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', + status: 'Incomplete', + }, + { + id: 'CWE-368', + name: 'Context Switching Race Condition', + status: 'Draft', + }, + { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, + { + id: 'CWE-37', + name: "Path Traversal: '/absolute/pathname/here'", + status: 'Draft', + }, + { + id: 'CWE-370', + name: 'Missing Check for Certificate Revocation after Initial Check', + status: 'Draft', + }, + { + id: 'CWE-372', + name: 'Incomplete Internal State Distinction', + status: 'Draft', + }, + { + id: 'CWE-373', + name: 'DEPRECATED: State Synchronization Error', + status: 'Deprecated', + }, + { + id: 'CWE-374', + name: 'Passing Mutable Objects to an Untrusted Method', + status: 'Draft', + }, + { + id: 'CWE-375', + name: 'Returning a Mutable Object to an Untrusted Caller', + status: 'Draft', + }, + { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, + { + id: 'CWE-378', + name: 'Creation of Temporary File With Insecure Permissions', + status: 'Draft', + }, + { + id: 'CWE-379', + name: 'Creation of Temporary File in Directory with Incorrect Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-38', + name: "Path Traversal: '\\absolute\\pathname\\here'", + status: 'Draft', + }, + { + id: 'CWE-382', + name: 'J2EE Bad Practices: Use of System.exit()', + status: 'Draft', + }, + { + id: 'CWE-383', + name: 'J2EE Bad Practices: Direct Use of Threads', + status: 'Draft', + }, + { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, + { + id: 'CWE-386', + name: 'Symbolic Name not Mapping to Correct Object', + status: 'Draft', + }, + { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, + { + id: 'CWE-390', + name: 'Detection of Error Condition Without Action', + status: 'Draft', + }, + { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, + { + id: 'CWE-392', + name: 'Missing Report of Error Condition', + status: 'Draft', + }, + { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, + { + id: 'CWE-394', + name: 'Unexpected Status Code or Return Value', + status: 'Draft', + }, + { + id: 'CWE-395', + name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', + status: 'Draft', + }, + { + id: 'CWE-396', + name: 'Declaration of Catch for Generic Exception', + status: 'Draft', + }, + { + id: 'CWE-397', + name: 'Declaration of Throws for Generic Exception', + status: 'Draft', + }, + { + id: 'CWE-40', + name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", + status: 'Draft', + }, + { + id: 'CWE-400', + name: "Uncontrolled Resource Consumption ('Resource Exhaustion')", + status: 'Incomplete', + }, + { + id: 'CWE-401', + name: "Improper Release of Memory Before Removing Last Reference ('Memory Leak')", + status: 'Draft', + }, + { + id: 'CWE-402', + name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", + status: 'Draft', + }, + { + id: 'CWE-403', + name: "Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')", + status: 'Draft', + }, + { + id: 'CWE-404', + name: 'Improper Resource Shutdown or Release', + status: 'Draft', + }, + { + id: 'CWE-405', + name: 'Asymmetric Resource Consumption (Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-406', + name: 'Insufficient Control of Network Message Volume (Network Amplification)', + status: 'Incomplete', + }, + { id: 'CWE-407', name: 'Algorithmic Complexity', status: 'Incomplete' }, + { + id: 'CWE-408', + name: 'Incorrect Behavior Order: Early Amplification', + status: 'Draft', + }, + { + id: 'CWE-409', + name: 'Improper Handling of Highly Compressed Data (Data Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-41', + name: 'Improper Resolution of Path Equivalence', + status: 'Incomplete', + }, + { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, + { + id: 'CWE-412', + name: 'Unrestricted Externally Accessible Lock', + status: 'Incomplete', + }, + { id: 'CWE-413', name: 'Improper Resource Locking', status: 'Draft' }, + { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, + { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, + { id: 'CWE-416', name: 'Use After Free', status: 'Draft' }, + { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, + { + id: 'CWE-42', + name: "Path Equivalence: 'filename.' (Trailing Dot)", + status: 'Incomplete', + }, + { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, + { + id: 'CWE-421', + name: 'Race Condition During Access to Alternate Channel', + status: 'Draft', + }, + { + id: 'CWE-422', + name: "Unprotected Windows Messaging Channel ('Shatter')", + status: 'Draft', + }, + { + id: 'CWE-423', + name: 'DEPRECATED (Duplicate): Proxied Trusted Channel', + status: 'Deprecated', + }, + { + id: 'CWE-424', + name: 'Improper Protection of Alternate Path', + status: 'Draft', + }, + { + id: 'CWE-425', + name: "Direct Request ('Forced Browsing')", + status: 'Incomplete', + }, + { + id: 'CWE-427', + name: 'Uncontrolled Search Path Element', + status: 'Draft', + }, + { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, + { + id: 'CWE-43', + name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-430', + name: 'Deployment of Wrong Handler', + status: 'Incomplete', + }, + { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, + { + id: 'CWE-432', + name: 'Dangerous Signal Handler not Disabled During Sensitive Operations', + status: 'Draft', + }, + { + id: 'CWE-433', + name: 'Unparsed Raw Web Content Delivery', + status: 'Incomplete', + }, + { + id: 'CWE-434', + name: 'Unrestricted Upload of File with Dangerous Type', + status: 'Draft', + }, + { + id: 'CWE-435', + name: 'Improper Interaction Between Multiple Entities', + status: 'Draft', + }, + { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, + { + id: 'CWE-437', + name: 'Incomplete Model of Endpoint Features', + status: 'Incomplete', + }, + { + id: 'CWE-439', + name: 'Behavioral Change in New Version or Environment', + status: 'Draft', + }, + { + id: 'CWE-44', + name: "Path Equivalence: 'file.name' (Internal Dot)", + status: 'Incomplete', + }, + { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, + { + id: 'CWE-441', + name: "Unintended Proxy or Intermediary ('Confused Deputy')", + status: 'Draft', + }, + { + id: 'CWE-443', + name: 'DEPRECATED (Duplicate): HTTP response splitting', + status: 'Deprecated', + }, + { + id: 'CWE-444', + name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')", + status: 'Incomplete', + }, + { + id: 'CWE-446', + name: 'UI Discrepancy for Security Feature', + status: 'Incomplete', + }, + { + id: 'CWE-447', + name: 'Unimplemented or Unsupported Feature in UI', + status: 'Draft', + }, + { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, + { + id: 'CWE-449', + name: 'The UI Performs the Wrong Action', + status: 'Incomplete', + }, + { + id: 'CWE-45', + name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-450', + name: 'Multiple Interpretations of UI Input', + status: 'Draft', + }, + { + id: 'CWE-451', + name: 'User Interface (UI) Misrepresentation of Critical Information', + status: 'Draft', + }, + { + id: 'CWE-453', + name: 'Insecure Default Variable Initialization', + status: 'Draft', + }, + { + id: 'CWE-454', + name: 'External Initialization of Trusted Variables or Data Stores', + status: 'Draft', + }, + { + id: 'CWE-455', + name: 'Non-exit on Failed Initialization', + status: 'Draft', + }, + { + id: 'CWE-456', + name: 'Missing Initialization of a Variable', + status: 'Draft', + }, + { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, + { + id: 'CWE-458', + name: 'DEPRECATED: Incorrect Initialization', + status: 'Deprecated', + }, + { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, + { + id: 'CWE-46', + name: "Path Equivalence: 'filename ' (Trailing Space)", + status: 'Incomplete', + }, + { + id: 'CWE-460', + name: 'Improper Cleanup on Thrown Exception', + status: 'Draft', + }, + { + id: 'CWE-462', + name: 'Duplicate Key in Associative List (Alist)', + status: 'Incomplete', + }, + { + id: 'CWE-463', + name: 'Deletion of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-464', + name: 'Addition of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-466', + name: 'Return of Pointer Value Outside of Expected Range', + status: 'Draft', + }, + { + id: 'CWE-467', + name: 'Use of sizeof() on a Pointer Type', + status: 'Draft', + }, + { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, + { + id: 'CWE-469', + name: 'Use of Pointer Subtraction to Determine Size', + status: 'Draft', + }, + { + id: 'CWE-47', + name: "Path Equivalence: ' filename' (Leading Space)", + status: 'Incomplete', + }, + { + id: 'CWE-470', + name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", + status: 'Draft', + }, + { + id: 'CWE-471', + name: 'Modification of Assumed-Immutable Data (MAID)', + status: 'Draft', + }, + { + id: 'CWE-472', + name: 'External Control of Assumed-Immutable Web Parameter', + status: 'Draft', + }, + { + id: 'CWE-473', + name: 'PHP External Variable Modification', + status: 'Draft', + }, + { + id: 'CWE-474', + name: 'Use of Function with Inconsistent Implementations', + status: 'Draft', + }, + { + id: 'CWE-475', + name: 'Undefined Behavior for Input to API', + status: 'Incomplete', + }, + { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Draft' }, + { id: 'CWE-477', name: 'Use of Obsolete Function', status: 'Draft' }, + { + id: 'CWE-478', + name: 'Missing Default Case in Switch Statement', + status: 'Draft', + }, + { + id: 'CWE-479', + name: 'Signal Handler Use of a Non-reentrant Function', + status: 'Draft', + }, + { + id: 'CWE-48', + name: "Path Equivalence: 'file name' (Internal Whitespace)", + status: 'Incomplete', + }, + { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, + { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, + { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, + { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, + { + id: 'CWE-484', + name: 'Omitted Break Statement in Switch', + status: 'Draft', + }, + { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, + { + id: 'CWE-487', + name: 'Reliance on Package-level Scope', + status: 'Incomplete', + }, + { + id: 'CWE-488', + name: 'Exposure of Data Element to Wrong Session', + status: 'Draft', + }, + { id: 'CWE-489', name: 'Leftover Debug Code', status: 'Draft' }, + { + id: 'CWE-49', + name: "Path Equivalence: 'filename/' (Trailing Slash)", + status: 'Incomplete', + }, + { + id: 'CWE-491', + name: "Public cloneable() Method Without Final ('Object Hijack')", + status: 'Draft', + }, + { + id: 'CWE-492', + name: 'Use of Inner Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-493', + name: 'Critical Public Variable Without Final Modifier', + status: 'Draft', + }, + { + id: 'CWE-494', + name: 'Download of Code Without Integrity Check', + status: 'Draft', + }, + { + id: 'CWE-495', + name: 'Private Array-Typed Field Returned From A Public Method', + status: 'Draft', + }, + { + id: 'CWE-496', + name: 'Public Data Assigned to Private Array-Typed Field', + status: 'Incomplete', + }, + { + id: 'CWE-497', + name: 'Exposure of System Data to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-498', + name: 'Cloneable Class Containing Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-499', + name: 'Serializable Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-5', + name: 'J2EE Misconfiguration: Data Transmission Without Encryption', + status: 'Draft', + }, + { + id: 'CWE-50', + name: "Path Equivalence: '//multiple/leading/slash'", + status: 'Incomplete', + }, + { + id: 'CWE-500', + name: 'Public Static Field Not Marked Final', + status: 'Draft', + }, + { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, + { + id: 'CWE-502', + name: 'Deserialization of Untrusted Data', + status: 'Draft', + }, + { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, + { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, + { + id: 'CWE-508', + name: 'Non-Replicating Malicious Code', + status: 'Incomplete', + }, + { + id: 'CWE-509', + name: 'Replicating Malicious Code (Virus or Worm)', + status: 'Incomplete', + }, + { + id: 'CWE-51', + name: "Path Equivalence: '/multiple//internal/slash'", + status: 'Incomplete', + }, + { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, + { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, + { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, + { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, + { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, + { + id: 'CWE-516', + name: 'DEPRECATED (Duplicate): Covert Timing Channel', + status: 'Deprecated', + }, + { + id: 'CWE-52', + name: "Path Equivalence: '/multiple/trailing/slash//'", + status: 'Incomplete', + }, + { + id: 'CWE-520', + name: '.NET Misconfiguration: Use of Impersonation', + status: 'Incomplete', + }, + { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, + { + id: 'CWE-522', + name: 'Insufficiently Protected Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-523', + name: 'Unprotected Transport of Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-524', + name: 'Information Exposure Through Caching', + status: 'Incomplete', + }, + { + id: 'CWE-525', + name: 'Information Exposure Through Browser Caching', + status: 'Incomplete', + }, + { + id: 'CWE-526', + name: 'Information Exposure Through Environmental Variables', + status: 'Incomplete', + }, + { + id: 'CWE-527', + name: 'Exposure of CVS Repository to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-528', + name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', + status: 'Draft', + }, + { + id: 'CWE-529', + name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-53', + name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", + status: 'Incomplete', + }, + { + id: 'CWE-530', + name: 'Exposure of Backup File to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-531', + name: 'Information Exposure Through Test Code', + status: 'Incomplete', + }, + { + id: 'CWE-532', + name: 'Information Exposure Through Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-533', + name: 'Information Exposure Through Server Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-534', + name: 'Information Exposure Through Debug Log Files', + status: 'Draft', + }, + { + id: 'CWE-535', + name: 'Information Exposure Through Shell Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-536', + name: 'Information Exposure Through Servlet Runtime Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-537', + name: 'Information Exposure Through Java Runtime Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-538', + name: 'File and Directory Information Exposure', + status: 'Draft', + }, + { + id: 'CWE-539', + name: 'Information Exposure Through Persistent Cookies', + status: 'Incomplete', + }, + { + id: 'CWE-54', + name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", + status: 'Incomplete', + }, + { + id: 'CWE-540', + name: 'Information Exposure Through Source Code', + status: 'Incomplete', + }, + { + id: 'CWE-541', + name: 'Information Exposure Through Include Source Code', + status: 'Incomplete', + }, + { + id: 'CWE-542', + name: 'Information Exposure Through Cleanup Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-543', + name: 'Use of Singleton Pattern Without Synchronization in a Multithreaded Context', + status: 'Incomplete', + }, + { + id: 'CWE-544', + name: 'Missing Standardized Error Handling Mechanism', + status: 'Draft', + }, + { + id: 'CWE-545', + name: 'DEPRECATED: Use of Dynamic Class Loading', + status: 'Deprecated', + }, + { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, + { + id: 'CWE-547', + name: 'Use of Hard-coded, Security-relevant Constants', + status: 'Draft', + }, + { + id: 'CWE-548', + name: 'Information Exposure Through Directory Listing', + status: 'Draft', + }, + { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, + { + id: 'CWE-55', + name: "Path Equivalence: '/./' (Single Dot Directory)", + status: 'Incomplete', + }, + { + id: 'CWE-550', + name: 'Information Exposure Through Server Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-551', + name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', + status: 'Incomplete', + }, + { + id: 'CWE-552', + name: 'Files or Directories Accessible to External Parties', + status: 'Draft', + }, + { + id: 'CWE-553', + name: 'Command Shell in Externally Accessible Directory', + status: 'Incomplete', + }, + { + id: 'CWE-554', + name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', + status: 'Draft', + }, + { + id: 'CWE-555', + name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-556', + name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', + status: 'Incomplete', + }, + { + id: 'CWE-558', + name: 'Use of getlogin() in Multithreaded Application', + status: 'Draft', + }, + { + id: 'CWE-56', + name: "Path Equivalence: 'filedir*' (Wildcard)", + status: 'Incomplete', + }, + { + id: 'CWE-560', + name: 'Use of umask() with chmod-style Argument', + status: 'Draft', + }, + { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, + { + id: 'CWE-562', + name: 'Return of Stack Variable Address', + status: 'Draft', + }, + { + id: 'CWE-563', + name: 'Assignment to Variable without Use', + status: 'Draft', + }, + { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, + { + id: 'CWE-565', + name: 'Reliance on Cookies without Validation and Integrity Checking', + status: 'Incomplete', + }, + { + id: 'CWE-566', + name: 'Authorization Bypass Through User-Controlled SQL Primary Key', + status: 'Incomplete', + }, + { + id: 'CWE-567', + name: 'Unsynchronized Access to Shared Data in a Multithreaded Context', + status: 'Draft', + }, + { + id: 'CWE-568', + name: 'finalize() Method Without super.finalize()', + status: 'Draft', + }, + { + id: 'CWE-57', + name: "Path Equivalence: 'fakedir/../realdir/filename'", + status: 'Incomplete', + }, + { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, + { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, + { + id: 'CWE-572', + name: 'Call to Thread run() instead of start()', + status: 'Draft', + }, + { + id: 'CWE-573', + name: 'Improper Following of Specification by Caller', + status: 'Draft', + }, + { + id: 'CWE-574', + name: 'EJB Bad Practices: Use of Synchronization Primitives', + status: 'Draft', + }, + { + id: 'CWE-575', + name: 'EJB Bad Practices: Use of AWT Swing', + status: 'Draft', + }, + { + id: 'CWE-576', + name: 'EJB Bad Practices: Use of Java I/O', + status: 'Draft', + }, + { + id: 'CWE-577', + name: 'EJB Bad Practices: Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-578', + name: 'EJB Bad Practices: Use of Class Loader', + status: 'Draft', + }, + { + id: 'CWE-579', + name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', + status: 'Draft', + }, + { + id: 'CWE-58', + name: 'Path Equivalence: Windows 8.3 Filename', + status: 'Incomplete', + }, + { + id: 'CWE-580', + name: 'clone() Method Without super.clone()', + status: 'Draft', + }, + { + id: 'CWE-581', + name: 'Object Model Violation: Just One of Equals and Hashcode Defined', + status: 'Draft', + }, + { + id: 'CWE-582', + name: 'Array Declared Public, Final, and Static', + status: 'Draft', + }, + { + id: 'CWE-583', + name: 'finalize() Method Declared Public', + status: 'Incomplete', + }, + { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, + { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, + { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, + { + id: 'CWE-587', + name: 'Assignment of a Fixed Address to a Pointer', + status: 'Draft', + }, + { + id: 'CWE-588', + name: 'Attempt to Access Child of a Non-structure Pointer', + status: 'Incomplete', + }, + { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, + { + id: 'CWE-59', + name: "Improper Link Resolution Before File Access ('Link Following')", + status: 'Draft', + }, + { + id: 'CWE-590', + name: 'Free of Memory not on the Heap', + status: 'Incomplete', + }, + { + id: 'CWE-591', + name: 'Sensitive Data Storage in Improperly Locked Memory', + status: 'Draft', + }, + { + id: 'CWE-592', + name: 'DEPRECATED: Authentication Bypass Issues', + status: 'Deprecated', + }, + { + id: 'CWE-593', + name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', + status: 'Draft', + }, + { + id: 'CWE-594', + name: 'J2EE Framework: Saving Unserializable Objects to Disk', + status: 'Incomplete', + }, + { + id: 'CWE-595', + name: 'Comparison of Object References Instead of Object Contents', + status: 'Incomplete', + }, + { + id: 'CWE-596', + name: 'Incorrect Semantic Object Comparison', + status: 'Incomplete', + }, + { + id: 'CWE-597', + name: 'Use of Wrong Operator in String Comparison', + status: 'Draft', + }, + { + id: 'CWE-598', + name: 'Information Exposure Through Query Strings in GET Request', + status: 'Draft', + }, + { + id: 'CWE-599', + name: 'Missing Validation of OpenSSL Certificate', + status: 'Incomplete', + }, + { + id: 'CWE-6', + name: 'J2EE Misconfiguration: Insufficient Session-ID Length', + status: 'Incomplete', + }, + { id: 'CWE-600', name: 'Uncaught Exception in Servlet ', status: 'Draft' }, + { + id: 'CWE-601', + name: "URL Redirection to Untrusted Site ('Open Redirect')", + status: 'Draft', + }, + { + id: 'CWE-602', + name: 'Client-Side Enforcement of Server-Side Security', + status: 'Draft', + }, + { + id: 'CWE-603', + name: 'Use of Client-Side Authentication', + status: 'Draft', + }, + { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, + { + id: 'CWE-606', + name: 'Unchecked Input for Loop Condition', + status: 'Draft', + }, + { + id: 'CWE-607', + name: 'Public Static Final Field References Mutable Object', + status: 'Draft', + }, + { + id: 'CWE-608', + name: 'Struts: Non-private Field in ActionForm Class', + status: 'Draft', + }, + { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, + { + id: 'CWE-610', + name: 'Externally Controlled Reference to a Resource in Another Sphere', + status: 'Draft', + }, + { + id: 'CWE-611', + name: "Improper Restriction of XML External Entity Reference ('XXE')", + status: 'Draft', + }, + { + id: 'CWE-612', + name: 'Information Exposure Through Indexing of Private Data', + status: 'Draft', + }, + { + id: 'CWE-613', + name: 'Insufficient Session Expiration', + status: 'Incomplete', + }, + { + id: 'CWE-614', + name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", + status: 'Draft', + }, + { + id: 'CWE-615', + name: 'Information Exposure Through Comments', + status: 'Incomplete', + }, + { + id: 'CWE-616', + name: 'Incomplete Identification of Uploaded File Variables (PHP)', + status: 'Incomplete', + }, + { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, + { + id: 'CWE-618', + name: 'Exposed Unsafe ActiveX Method', + status: 'Incomplete', + }, + { + id: 'CWE-619', + name: "Dangling Database Cursor ('Cursor Injection')", + status: 'Incomplete', + }, + { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, + { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, + { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, + { + id: 'CWE-622', + name: 'Improper Validation of Function Hook Arguments', + status: 'Draft', + }, + { + id: 'CWE-623', + name: 'Unsafe ActiveX Control Marked Safe For Scripting', + status: 'Draft', + }, + { + id: 'CWE-624', + name: 'Executable Regular Expression Error', + status: 'Incomplete', + }, + { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, + { + id: 'CWE-626', + name: 'Null Byte Interaction Error (Poison Null Byte)', + status: 'Draft', + }, + { + id: 'CWE-627', + name: 'Dynamic Variable Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-628', + name: 'Function Call with Incorrectly Specified Arguments', + status: 'Draft', + }, + { + id: 'CWE-636', + name: "Not Failing Securely ('Failing Open')", + status: 'Draft', + }, + { + id: 'CWE-637', + name: "Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')", + status: 'Draft', + }, + { id: 'CWE-638', name: 'Not Using Complete Mediation', status: 'Draft' }, + { + id: 'CWE-639', + name: 'Authorization Bypass Through User-Controlled Key', + status: 'Incomplete', + }, + { + id: 'CWE-64', + name: 'Windows Shortcut Following (.LNK)', + status: 'Incomplete', + }, + { + id: 'CWE-640', + name: 'Weak Password Recovery Mechanism for Forgotten Password', + status: 'Incomplete', + }, + { + id: 'CWE-641', + name: 'Improper Restriction of Names for Files and Other Resources', + status: 'Incomplete', + }, + { + id: 'CWE-642', + name: 'External Control of Critical State Data', + status: 'Draft', + }, + { + id: 'CWE-643', + name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-644', + name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', + status: 'Incomplete', + }, + { + id: 'CWE-645', + name: 'Overly Restrictive Account Lockout Mechanism', + status: 'Incomplete', + }, + { + id: 'CWE-646', + name: 'Reliance on File Name or Extension of Externally-Supplied File', + status: 'Incomplete', + }, + { + id: 'CWE-647', + name: 'Use of Non-Canonical URL Paths for Authorization Decisions', + status: 'Incomplete', + }, + { + id: 'CWE-648', + name: 'Incorrect Use of Privileged APIs', + status: 'Incomplete', + }, + { + id: 'CWE-649', + name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', + status: 'Incomplete', + }, + { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, + { + id: 'CWE-650', + name: 'Trusting HTTP Permission Methods on the Server Side', + status: 'Incomplete', + }, + { + id: 'CWE-651', + name: 'Information Exposure Through WSDL File', + status: 'Incomplete', + }, + { + id: 'CWE-652', + name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-653', + name: 'Insufficient Compartmentalization', + status: 'Draft', + }, + { + id: 'CWE-654', + name: 'Reliance on a Single Factor in a Security Decision', + status: 'Draft', + }, + { + id: 'CWE-655', + name: 'Insufficient Psychological Acceptability', + status: 'Draft', + }, + { + id: 'CWE-656', + name: 'Reliance on Security Through Obscurity', + status: 'Draft', + }, + { + id: 'CWE-657', + name: 'Violation of Secure Design Principles', + status: 'Draft', + }, + { + id: 'CWE-66', + name: 'Improper Handling of File Names that Identify Virtual Resources', + status: 'Draft', + }, + { id: 'CWE-662', name: 'Improper Synchronization', status: 'Draft' }, + { + id: 'CWE-663', + name: 'Use of a Non-reentrant Function in a Concurrent Context', + status: 'Draft', + }, + { + id: 'CWE-664', + name: 'Improper Control of a Resource Through its Lifetime', + status: 'Draft', + }, + { id: 'CWE-665', name: 'Improper Initialization', status: 'Draft' }, + { + id: 'CWE-666', + name: 'Operation on Resource in Wrong Phase of Lifetime', + status: 'Draft', + }, + { id: 'CWE-667', name: 'Improper Locking', status: 'Draft' }, + { + id: 'CWE-668', + name: 'Exposure of Resource to Wrong Sphere', + status: 'Draft', + }, + { + id: 'CWE-669', + name: 'Incorrect Resource Transfer Between Spheres', + status: 'Draft', + }, + { + id: 'CWE-67', + name: 'Improper Handling of Windows Device Names', + status: 'Incomplete', + }, + { + id: 'CWE-670', + name: 'Always-Incorrect Control Flow Implementation', + status: 'Draft', + }, + { + id: 'CWE-671', + name: 'Lack of Administrator Control over Security', + status: 'Draft', + }, + { + id: 'CWE-672', + name: 'Operation on a Resource after Expiration or Release', + status: 'Draft', + }, + { + id: 'CWE-673', + name: 'External Influence of Sphere Definition', + status: 'Draft', + }, + { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, + { + id: 'CWE-675', + name: 'Duplicate Operations on Resource', + status: 'Draft', + }, + { + id: 'CWE-676', + name: 'Use of Potentially Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-681', + name: 'Incorrect Conversion between Numeric Types', + status: 'Draft', + }, + { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, + { + id: 'CWE-683', + name: 'Function Call With Incorrect Order of Arguments', + status: 'Draft', + }, + { + id: 'CWE-684', + name: 'Incorrect Provision of Specified Functionality', + status: 'Draft', + }, + { + id: 'CWE-685', + name: 'Function Call With Incorrect Number of Arguments', + status: 'Draft', + }, + { + id: 'CWE-686', + name: 'Function Call With Incorrect Argument Type', + status: 'Draft', + }, + { + id: 'CWE-687', + name: 'Function Call With Incorrectly Specified Argument Value', + status: 'Draft', + }, + { + id: 'CWE-688', + name: 'Function Call With Incorrect Variable or Reference as Argument', + status: 'Draft', + }, + { + id: 'CWE-69', + name: 'Improper Handling of Windows ::DATA Alternate Data Stream', + status: 'Incomplete', + }, + { + id: 'CWE-691', + name: 'Insufficient Control Flow Management', + status: 'Draft', + }, + { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, + { + id: 'CWE-694', + name: 'Use of Multiple Resources with Duplicate Identifier', + status: 'Incomplete', + }, + { + id: 'CWE-695', + name: 'Use of Low-Level Functionality', + status: 'Incomplete', + }, + { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, + { id: 'CWE-697', name: 'Insufficient Comparison', status: 'Incomplete' }, + { + id: 'CWE-698', + name: 'Execution After Redirect (EAR)', + status: 'Incomplete', + }, + { + id: 'CWE-7', + name: 'J2EE Misconfiguration: Missing Custom Error Page', + status: 'Incomplete', + }, + { + id: 'CWE-703', + name: 'Improper Check or Handling of Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-704', + name: 'Incorrect Type Conversion or Cast', + status: 'Incomplete', + }, + { + id: 'CWE-705', + name: 'Incorrect Control Flow Scoping', + status: 'Incomplete', + }, + { + id: 'CWE-706', + name: 'Use of Incorrectly-Resolved Name or Reference', + status: 'Incomplete', + }, + { + id: 'CWE-707', + name: 'Improper Enforcement of Message or Data Structure', + status: 'Incomplete', + }, + { + id: 'CWE-708', + name: 'Incorrect Ownership Assignment', + status: 'Incomplete', + }, + { + id: 'CWE-71', + name: "DEPRECATED: Apple '.DS_Store'", + status: 'Deprecated', + }, + { + id: 'CWE-710', + name: 'Improper Adherence to Coding Standards', + status: 'Incomplete', + }, + { + id: 'CWE-72', + name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', + status: 'Incomplete', + }, + { + id: 'CWE-73', + name: 'External Control of File Name or Path', + status: 'Draft', + }, + { + id: 'CWE-732', + name: 'Incorrect Permission Assignment for Critical Resource', + status: 'Draft', + }, + { + id: 'CWE-733', + name: 'Compiler Optimization Removal or Modification of Security-critical Code', + status: 'Incomplete', + }, + { + id: 'CWE-74', + name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-749', + name: 'Exposed Dangerous Method or Function', + status: 'Incomplete', + }, + { + id: 'CWE-75', + name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', + status: 'Draft', + }, + { + id: 'CWE-754', + name: 'Improper Check for Unusual or Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-755', + name: 'Improper Handling of Exceptional Conditions', + status: 'Incomplete', + }, + { id: 'CWE-756', name: 'Missing Custom Error Page', status: 'Incomplete' }, + { + id: 'CWE-757', + name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", + status: 'Incomplete', + }, + { + id: 'CWE-758', + name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', + status: 'Incomplete', + }, + { + id: 'CWE-759', + name: 'Use of a One-Way Hash without a Salt', + status: 'Incomplete', + }, + { + id: 'CWE-76', + name: 'Improper Neutralization of Equivalent Special Elements', + status: 'Draft', + }, + { + id: 'CWE-760', + name: 'Use of a One-Way Hash with a Predictable Salt', + status: 'Incomplete', + }, + { + id: 'CWE-761', + name: 'Free of Pointer not at Start of Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-762', + name: 'Mismatched Memory Management Routines', + status: 'Incomplete', + }, + { + id: 'CWE-763', + name: 'Release of Invalid Pointer or Reference', + status: 'Incomplete', + }, + { + id: 'CWE-764', + name: 'Multiple Locks of a Critical Resource', + status: 'Incomplete', + }, + { + id: 'CWE-765', + name: 'Multiple Unlocks of a Critical Resource', + status: 'Incomplete', + }, + { + id: 'CWE-766', + name: 'Critical Variable Declared Public', + status: 'Incomplete', + }, + { + id: 'CWE-767', + name: 'Access to Critical Private Variable via Public Method', + status: 'Incomplete', + }, + { + id: 'CWE-768', + name: 'Incorrect Short Circuit Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-769', + name: 'Uncontrolled File Descriptor Consumption', + status: 'Incomplete', + }, + { + id: 'CWE-77', + name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", + status: 'Draft', + }, + { + id: 'CWE-770', + name: 'Allocation of Resources Without Limits or Throttling', + status: 'Incomplete', + }, + { + id: 'CWE-771', + name: 'Missing Reference to Active Allocated Resource', + status: 'Incomplete', + }, + { + id: 'CWE-772', + name: 'Missing Release of Resource after Effective Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-773', + name: 'Missing Reference to Active File Descriptor or Handle', + status: 'Incomplete', + }, + { + id: 'CWE-774', + name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', + status: 'Incomplete', + }, + { + id: 'CWE-775', + name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-776', + name: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", + status: 'Draft', + }, + { + id: 'CWE-777', + name: 'Regular Expression without Anchors', + status: 'Incomplete', + }, + { id: 'CWE-778', name: 'Insufficient Logging', status: 'Draft' }, + { id: 'CWE-779', name: 'Logging of Excessive Data', status: 'Draft' }, + { + id: 'CWE-78', + name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", + status: 'Draft', + }, + { + id: 'CWE-780', + name: 'Use of RSA Algorithm without OAEP', + status: 'Incomplete', + }, + { + id: 'CWE-781', + name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', + status: 'Draft', + }, + { + id: 'CWE-782', + name: 'Exposed IOCTL with Insufficient Access Control', + status: 'Draft', + }, + { id: 'CWE-783', name: 'Operator Precedence Logic Error', status: 'Draft' }, + { + id: 'CWE-784', + name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', + status: 'Draft', + }, + { + id: 'CWE-785', + name: 'Use of Path Manipulation Function without Maximum-sized Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-786', + name: 'Access of Memory Location Before Start of Buffer', + status: 'Incomplete', + }, + { id: 'CWE-787', name: 'Out-of-bounds Write', status: 'Incomplete' }, + { + id: 'CWE-788', + name: 'Access of Memory Location After End of Buffer', + status: 'Incomplete', + }, + { id: 'CWE-789', name: 'Uncontrolled Memory Allocation', status: 'Draft' }, + { + id: 'CWE-79', + name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + status: 'Usable', + }, + { + id: 'CWE-790', + name: 'Improper Filtering of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-791', + name: 'Incomplete Filtering of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-792', + name: 'Incomplete Filtering of One or More Instances of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-793', + name: 'Only Filtering One Instance of a Special Element', + status: 'Incomplete', + }, + { + id: 'CWE-794', + name: 'Incomplete Filtering of Multiple Instances of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-795', + name: 'Only Filtering Special Elements at a Specified Location', + status: 'Incomplete', + }, + { + id: 'CWE-796', + name: 'Only Filtering Special Elements Relative to a Marker', + status: 'Incomplete', + }, + { + id: 'CWE-797', + name: 'Only Filtering Special Elements at an Absolute Position', + status: 'Incomplete', + }, + { + id: 'CWE-798', + name: 'Use of Hard-coded Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-799', + name: 'Improper Control of Interaction Frequency', + status: 'Incomplete', + }, + { + id: 'CWE-8', + name: 'J2EE Misconfiguration: Entity Bean Declared Remote', + status: 'Incomplete', + }, + { + id: 'CWE-80', + name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', + status: 'Incomplete', + }, + { id: 'CWE-804', name: 'Guessable CAPTCHA', status: 'Incomplete' }, + { + id: 'CWE-805', + name: 'Buffer Access with Incorrect Length Value', + status: 'Incomplete', + }, + { + id: 'CWE-806', + name: 'Buffer Access Using Size of Source Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-807', + name: 'Reliance on Untrusted Inputs in a Security Decision', + status: 'Incomplete', + }, + { + id: 'CWE-81', + name: 'Improper Neutralization of Script in an Error Message Web Page', + status: 'Incomplete', + }, + { + id: 'CWE-82', + name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', + status: 'Incomplete', + }, + { id: 'CWE-820', name: 'Missing Synchronization', status: 'Incomplete' }, + { id: 'CWE-821', name: 'Incorrect Synchronization', status: 'Incomplete' }, + { + id: 'CWE-822', + name: 'Untrusted Pointer Dereference', + status: 'Incomplete', + }, + { + id: 'CWE-823', + name: 'Use of Out-of-range Pointer Offset', + status: 'Incomplete', + }, + { + id: 'CWE-824', + name: 'Access of Uninitialized Pointer', + status: 'Incomplete', + }, + { + id: 'CWE-825', + name: 'Expired Pointer Dereference', + status: 'Incomplete', + }, + { + id: 'CWE-826', + name: 'Premature Release of Resource During Expected Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-827', + name: 'Improper Control of Document Type Definition', + status: 'Incomplete', + }, + { + id: 'CWE-828', + name: 'Signal Handler with Functionality that is not Asynchronous-Safe', + status: 'Incomplete', + }, + { + id: 'CWE-829', + name: 'Inclusion of Functionality from Untrusted Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-83', + name: 'Improper Neutralization of Script in Attributes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-830', + name: 'Inclusion of Web Functionality from an Untrusted Source', + status: 'Incomplete', + }, + { + id: 'CWE-831', + name: 'Signal Handler Function Associated with Multiple Signals', + status: 'Incomplete', + }, + { + id: 'CWE-832', + name: 'Unlock of a Resource that is not Locked', + status: 'Incomplete', + }, + { id: 'CWE-833', name: 'Deadlock', status: 'Incomplete' }, + { id: 'CWE-834', name: 'Excessive Iteration', status: 'Incomplete' }, + { + id: 'CWE-835', + name: "Loop with Unreachable Exit Condition ('Infinite Loop')", + status: 'Incomplete', + }, + { + id: 'CWE-836', + name: 'Use of Password Hash Instead of Password for Authentication', + status: 'Incomplete', + }, + { + id: 'CWE-837', + name: 'Improper Enforcement of a Single, Unique Action', + status: 'Incomplete', + }, + { + id: 'CWE-838', + name: 'Inappropriate Encoding for Output Context', + status: 'Incomplete', + }, + { + id: 'CWE-839', + name: 'Numeric Range Comparison Without Minimum Check', + status: 'Incomplete', + }, + { + id: 'CWE-84', + name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-841', + name: 'Improper Enforcement of Behavioral Workflow', + status: 'Incomplete', + }, + { + id: 'CWE-842', + name: 'Placement of User into Incorrect Group', + status: 'Incomplete', + }, + { + id: 'CWE-843', + name: "Access of Resource Using Incompatible Type ('Type Confusion')", + status: 'Incomplete', + }, + { + id: 'CWE-85', + name: 'Doubled Character XSS Manipulations', + status: 'Draft', + }, + { + id: 'CWE-86', + name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', + status: 'Draft', + }, + { id: 'CWE-862', name: 'Missing Authorization', status: 'Incomplete' }, + { id: 'CWE-863', name: 'Incorrect Authorization', status: 'Incomplete' }, + { + id: 'CWE-87', + name: 'Improper Neutralization of Alternate XSS Syntax', + status: 'Draft', + }, + { + id: 'CWE-88', + name: 'Argument Injection or Modification', + status: 'Draft', + }, + { + id: 'CWE-89', + name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + status: 'Draft', + }, + { + id: 'CWE-9', + name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', + status: 'Draft', + }, + { + id: 'CWE-90', + name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", + status: 'Draft', + }, + { + id: 'CWE-908', + name: 'Use of Uninitialized Resource', + status: 'Incomplete', + }, + { + id: 'CWE-909', + name: 'Missing Initialization of Resource', + status: 'Incomplete', + }, + { + id: 'CWE-91', + name: 'XML Injection (aka Blind XPath Injection)', + status: 'Draft', + }, + { + id: 'CWE-910', + name: 'Use of Expired File Descriptor', + status: 'Incomplete', + }, + { + id: 'CWE-911', + name: 'Improper Update of Reference Count', + status: 'Incomplete', + }, + { id: 'CWE-912', name: 'Hidden Functionality', status: 'Incomplete' }, + { + id: 'CWE-913', + name: 'Improper Control of Dynamically-Managed Code Resources', + status: 'Incomplete', + }, + { + id: 'CWE-914', + name: 'Improper Control of Dynamically-Identified Variables', + status: 'Incomplete', + }, + { + id: 'CWE-915', + name: 'Improperly Controlled Modification of Dynamically-Determined Object Attributes', + status: 'Incomplete', + }, + { + id: 'CWE-916', + name: 'Use of Password Hash With Insufficient Computational Effort', + status: 'Incomplete', + }, + { + id: 'CWE-917', + name: "Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-918', + name: 'Server-Side Request Forgery (SSRF)', + status: 'Incomplete', + }, + { + id: 'CWE-92', + name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', + status: 'Deprecated', + }, + { + id: 'CWE-920', + name: 'Improper Restriction of Power Consumption', + status: 'Incomplete', + }, + { + id: 'CWE-921', + name: 'Storage of Sensitive Data in a Mechanism without Access Control', + status: 'Incomplete', + }, + { + id: 'CWE-922', + name: 'Insecure Storage of Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-923', + name: 'Improper Restriction of Communication Channel to Intended Endpoints', + status: 'Incomplete', + }, + { + id: 'CWE-924', + name: 'Improper Enforcement of Message Integrity During Transmission in a Communication Channel', + status: 'Incomplete', + }, + { + id: 'CWE-925', + name: 'Improper Verification of Intent by Broadcast Receiver', + status: 'Incomplete', + }, + { + id: 'CWE-926', + name: 'Improper Export of Android Application Components', + status: 'Incomplete', + }, + { + id: 'CWE-927', + name: 'Use of Implicit Intent for Sensitive Communication', + status: 'Incomplete', + }, + { + id: 'CWE-93', + name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", + status: 'Draft', + }, + { + id: 'CWE-939', + name: 'Improper Authorization in Handler for Custom URL Scheme', + status: 'Incomplete', + }, + { + id: 'CWE-94', + name: "Improper Control of Generation of Code ('Code Injection')", + status: 'Draft', + }, + { + id: 'CWE-940', + name: 'Improper Verification of Source of a Communication Channel', + status: 'Incomplete', + }, + { + id: 'CWE-941', + name: 'Incorrectly Specified Destination in a Communication Channel', + status: 'Incomplete', + }, + { + id: 'CWE-942', + name: 'Overly Permissive Cross-domain Whitelist', + status: 'Incomplete', + }, + { + id: 'CWE-943', + name: 'Improper Neutralization of Special Elements in Data Query Logic', + status: 'Incomplete', + }, + { + id: 'CWE-95', + name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-96', + name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", + status: 'Draft', + }, + { + id: 'CWE-97', + name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', + status: 'Draft', + }, + { + id: 'CWE-98', + name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", + status: 'Draft', + }, + { + id: 'CWE-99', + name: "Improper Control of Resource Identifiers ('Resource Injection')", + status: 'Draft', + }, + ], +} diff --git a/lib/cwec/2.2.js b/lib/cwec/2.2.js new file mode 100644 index 00000000..fd9b0642 --- /dev/null +++ b/lib/cwec/2.2.js @@ -0,0 +1,2829 @@ +export default { + weaknesses: [ + { + id: 'CWE-102', + name: 'Struts: Duplicate Validation Forms', + status: 'Incomplete', + }, + { + id: 'CWE-103', + name: 'Struts: Incomplete validate() Method Definition', + status: 'Draft', + }, + { + id: 'CWE-104', + name: 'Struts: Form Bean Does Not Extend Validation Class', + status: 'Draft', + }, + { + id: 'CWE-105', + name: 'Struts: Form Field Without Validator', + status: 'Draft', + }, + { + id: 'CWE-106', + name: 'Struts: Plug-in Framework not in Use', + status: 'Draft', + }, + { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, + { + id: 'CWE-108', + name: 'Struts: Unvalidated Action Form', + status: 'Incomplete', + }, + { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, + { + id: 'CWE-11', + name: 'ASP.NET Misconfiguration: Creating Debug Binary', + status: 'Draft', + }, + { + id: 'CWE-110', + name: 'Struts: Validator Without Form Field', + status: 'Draft', + }, + { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, + { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, + { + id: 'CWE-113', + name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')", + status: 'Incomplete', + }, + { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, + { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, + { + id: 'CWE-116', + name: 'Improper Encoding or Escaping of Output', + status: 'Draft', + }, + { + id: 'CWE-117', + name: 'Improper Output Neutralization for Logs', + status: 'Draft', + }, + { + id: 'CWE-118', + name: "Improper Access of Indexable Resource ('Range Error')", + status: 'Incomplete', + }, + { + id: 'CWE-119', + name: 'Improper Restriction of Operations within the Bounds of a Memory Buffer', + status: 'Usable', + }, + { + id: 'CWE-12', + name: 'ASP.NET Misconfiguration: Missing Custom Error Page', + status: 'Draft', + }, + { + id: 'CWE-120', + name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", + status: 'Incomplete', + }, + { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, + { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, + { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, + { + id: 'CWE-124', + name: "Buffer Underwrite ('Buffer Underflow')", + status: 'Incomplete', + }, + { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, + { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, + { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, + { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, + { + id: 'CWE-129', + name: 'Improper Validation of Array Index', + status: 'Draft', + }, + { + id: 'CWE-13', + name: 'ASP.NET Misconfiguration: Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-130', + name: 'Improper Handling of Length Parameter Inconsistency ', + status: 'Incomplete', + }, + { + id: 'CWE-131', + name: 'Incorrect Calculation of Buffer Size', + status: 'Draft', + }, + { + id: 'CWE-132', + name: 'DEPRECATED (Duplicate): Miscalculated Null Termination', + status: 'Deprecated', + }, + { id: 'CWE-134', name: 'Uncontrolled Format String', status: 'Draft' }, + { + id: 'CWE-135', + name: 'Incorrect Calculation of Multi-Byte String Length', + status: 'Draft', + }, + { + id: 'CWE-138', + name: 'Improper Neutralization of Special Elements', + status: 'Draft', + }, + { + id: 'CWE-14', + name: 'Compiler Removal of Code to Clear Buffers', + status: 'Draft', + }, + { + id: 'CWE-140', + name: 'Improper Neutralization of Delimiters', + status: 'Draft', + }, + { + id: 'CWE-141', + name: 'Improper Neutralization of Parameter/Argument Delimiters', + status: 'Draft', + }, + { + id: 'CWE-142', + name: 'Improper Neutralization of Value Delimiters', + status: 'Draft', + }, + { + id: 'CWE-143', + name: 'Improper Neutralization of Record Delimiters', + status: 'Draft', + }, + { + id: 'CWE-144', + name: 'Improper Neutralization of Line Delimiters', + status: 'Draft', + }, + { + id: 'CWE-145', + name: 'Improper Neutralization of Section Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-146', + name: 'Improper Neutralization of Expression/Command Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-147', + name: 'Improper Neutralization of Input Terminators', + status: 'Draft', + }, + { + id: 'CWE-148', + name: 'Improper Neutralization of Input Leaders', + status: 'Draft', + }, + { + id: 'CWE-149', + name: 'Improper Neutralization of Quoting Syntax', + status: 'Draft', + }, + { + id: 'CWE-15', + name: 'External Control of System or Configuration Setting', + status: 'Incomplete', + }, + { + id: 'CWE-150', + name: 'Improper Neutralization of Escape, Meta, or Control Sequences', + status: 'Incomplete', + }, + { + id: 'CWE-151', + name: 'Improper Neutralization of Comment Delimiters', + status: 'Draft', + }, + { + id: 'CWE-152', + name: 'Improper Neutralization of Macro Symbols', + status: 'Draft', + }, + { + id: 'CWE-153', + name: 'Improper Neutralization of Substitution Characters', + status: 'Draft', + }, + { + id: 'CWE-154', + name: 'Improper Neutralization of Variable Name Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-155', + name: 'Improper Neutralization of Wildcards or Matching Symbols', + status: 'Draft', + }, + { + id: 'CWE-156', + name: 'Improper Neutralization of Whitespace', + status: 'Draft', + }, + { + id: 'CWE-157', + name: 'Failure to Sanitize Paired Delimiters', + status: 'Draft', + }, + { + id: 'CWE-158', + name: 'Improper Neutralization of Null Byte or NUL Character', + status: 'Incomplete', + }, + { + id: 'CWE-159', + name: 'Failure to Sanitize Special Element', + status: 'Draft', + }, + { + id: 'CWE-160', + name: 'Improper Neutralization of Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-161', + name: 'Improper Neutralization of Multiple Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-162', + name: 'Improper Neutralization of Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-163', + name: 'Improper Neutralization of Multiple Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-164', + name: 'Improper Neutralization of Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-165', + name: 'Improper Neutralization of Multiple Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-166', + name: 'Improper Handling of Missing Special Element', + status: 'Draft', + }, + { + id: 'CWE-167', + name: 'Improper Handling of Additional Special Element', + status: 'Draft', + }, + { + id: 'CWE-168', + name: 'Improper Handling of Inconsistent Special Elements', + status: 'Draft', + }, + { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, + { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, + { + id: 'CWE-173', + name: 'Improper Handling of Alternate Encoding', + status: 'Draft', + }, + { + id: 'CWE-174', + name: 'Double Decoding of the Same Data', + status: 'Draft', + }, + { + id: 'CWE-175', + name: 'Improper Handling of Mixed Encoding', + status: 'Draft', + }, + { + id: 'CWE-176', + name: 'Improper Handling of Unicode Encoding', + status: 'Draft', + }, + { + id: 'CWE-177', + name: 'Improper Handling of URL Encoding (Hex Encoding)', + status: 'Draft', + }, + { + id: 'CWE-178', + name: 'Improper Handling of Case Sensitivity', + status: 'Incomplete', + }, + { + id: 'CWE-179', + name: 'Incorrect Behavior Order: Early Validation', + status: 'Incomplete', + }, + { + id: 'CWE-180', + name: 'Incorrect Behavior Order: Validate Before Canonicalize', + status: 'Draft', + }, + { + id: 'CWE-181', + name: 'Incorrect Behavior Order: Validate Before Filter', + status: 'Draft', + }, + { + id: 'CWE-182', + name: 'Collapse of Data into Unsafe Value', + status: 'Draft', + }, + { id: 'CWE-183', name: 'Permissive Whitelist', status: 'Draft' }, + { id: 'CWE-184', name: 'Incomplete Blacklist', status: 'Draft' }, + { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, + { + id: 'CWE-186', + name: 'Overly Restrictive Regular Expression', + status: 'Draft', + }, + { id: 'CWE-187', name: 'Partial Comparison', status: 'Incomplete' }, + { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, + { + id: 'CWE-190', + name: 'Integer Overflow or Wraparound', + status: 'Incomplete', + }, + { + id: 'CWE-191', + name: 'Integer Underflow (Wrap or Wraparound)', + status: 'Draft', + }, + { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, + { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, + { + id: 'CWE-195', + name: 'Signed to Unsigned Conversion Error', + status: 'Draft', + }, + { + id: 'CWE-196', + name: 'Unsigned to Signed Conversion Error', + status: 'Draft', + }, + { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, + { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, + { id: 'CWE-20', name: 'Improper Input Validation', status: 'Usable' }, + { id: 'CWE-200', name: 'Information Exposure', status: 'Incomplete' }, + { + id: 'CWE-201', + name: 'Information Exposure Through Sent Data', + status: 'Draft', + }, + { + id: 'CWE-202', + name: 'Exposure of Sensitive Data Through Data Queries', + status: 'Draft', + }, + { + id: 'CWE-203', + name: 'Information Exposure Through Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-204', + name: 'Response Discrepancy Information Exposure', + status: 'Incomplete', + }, + { + id: 'CWE-205', + name: 'Information Exposure Through Behavioral Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-206', + name: 'Information Exposure of Internal State Through Behavioral Inconsistency', + status: 'Incomplete', + }, + { + id: 'CWE-207', + name: 'Information Exposure Through an External Behavioral Inconsistency', + status: 'Draft', + }, + { + id: 'CWE-208', + name: 'Information Exposure Through Timing Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-209', + name: 'Information Exposure Through an Error Message', + status: 'Draft', + }, + { + id: 'CWE-210', + name: 'Information Exposure Through Generated Error Message', + status: 'Draft', + }, + { + id: 'CWE-211', + name: 'Information Exposure Through External Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-212', + name: 'Improper Cross-boundary Removal of Sensitive Data', + status: 'Incomplete', + }, + { + id: 'CWE-213', + name: 'Intentional Information Exposure', + status: 'Draft', + }, + { + id: 'CWE-214', + name: 'Information Exposure Through Process Environment', + status: 'Incomplete', + }, + { + id: 'CWE-215', + name: 'Information Exposure Through Debug Information', + status: 'Draft', + }, + { + id: 'CWE-216', + name: 'Containment Errors (Container Errors)', + status: 'Incomplete', + }, + { + id: 'CWE-217', + name: 'DEPRECATED: Failure to Protect Stored Data from Modification', + status: 'Deprecated', + }, + { + id: 'CWE-218', + name: 'DEPRECATED (Duplicate): Failure to provide confidentiality for stored data', + status: 'Deprecated', + }, + { id: 'CWE-219', name: 'Sensitive Data Under Web Root', status: 'Draft' }, + { + id: 'CWE-22', + name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + status: 'Draft', + }, + { id: 'CWE-220', name: 'Sensitive Data Under FTP Root', status: 'Draft' }, + { + id: 'CWE-221', + name: 'Information Loss or Omission', + status: 'Incomplete', + }, + { + id: 'CWE-222', + name: 'Truncation of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-223', + name: 'Omission of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-224', + name: 'Obscured Security-relevant Information by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-225', + name: 'DEPRECATED (Duplicate): General Information Management Problems', + status: 'Deprecated', + }, + { + id: 'CWE-226', + name: 'Sensitive Information Uncleared Before Release', + status: 'Draft', + }, + { + id: 'CWE-227', + name: "Improper Fulfillment of API Contract ('API Abuse')", + status: 'Draft', + }, + { + id: 'CWE-228', + name: 'Improper Handling of Syntactically Invalid Structure', + status: 'Incomplete', + }, + { + id: 'CWE-229', + name: 'Improper Handling of Values', + status: 'Incomplete', + }, + { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, + { + id: 'CWE-230', + name: 'Improper Handling of Missing Values', + status: 'Draft', + }, + { + id: 'CWE-231', + name: 'Improper Handling of Extra Values', + status: 'Draft', + }, + { + id: 'CWE-232', + name: 'Improper Handling of Undefined Values', + status: 'Draft', + }, + { id: 'CWE-233', name: 'Parameter Problems', status: 'Incomplete' }, + { + id: 'CWE-234', + name: 'Failure to Handle Missing Parameter', + status: 'Incomplete', + }, + { + id: 'CWE-235', + name: 'Improper Handling of Extra Parameters', + status: 'Draft', + }, + { + id: 'CWE-236', + name: 'Improper Handling of Undefined Parameters', + status: 'Draft', + }, + { + id: 'CWE-237', + name: 'Improper Handling of Structural Elements', + status: 'Incomplete', + }, + { + id: 'CWE-238', + name: 'Improper Handling of Incomplete Structural Elements', + status: 'Draft', + }, + { + id: 'CWE-239', + name: 'Failure to Handle Incomplete Element', + status: 'Draft', + }, + { + id: 'CWE-24', + name: "Path Traversal: '../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-240', + name: 'Improper Handling of Inconsistent Structural Elements', + status: 'Draft', + }, + { + id: 'CWE-241', + name: 'Improper Handling of Unexpected Data Type', + status: 'Draft', + }, + { + id: 'CWE-242', + name: 'Use of Inherently Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-243', + name: 'Creation of chroot Jail Without Changing Working Directory', + status: 'Draft', + }, + { + id: 'CWE-244', + name: "Improper Clearing of Heap Memory Before Release ('Heap Inspection')", + status: 'Draft', + }, + { + id: 'CWE-245', + name: 'J2EE Bad Practices: Direct Management of Connections', + status: 'Draft', + }, + { + id: 'CWE-246', + name: 'J2EE Bad Practices: Direct Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-247', + name: 'Reliance on DNS Lookups in a Security Decision', + status: 'Incomplete', + }, + { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, + { + id: 'CWE-249', + name: 'DEPRECATED: Often Misused: Path Manipulation', + status: 'Deprecated', + }, + { + id: 'CWE-25', + name: "Path Traversal: '/../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-250', + name: 'Execution with Unnecessary Privileges', + status: 'Draft', + }, + { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, + { + id: 'CWE-253', + name: 'Incorrect Check of Function Return Value', + status: 'Incomplete', + }, + { + id: 'CWE-256', + name: 'Plaintext Storage of a Password', + status: 'Incomplete', + }, + { + id: 'CWE-257', + name: 'Storing Passwords in a Recoverable Format', + status: 'Incomplete', + }, + { + id: 'CWE-258', + name: 'Empty Password in Configuration File', + status: 'Incomplete', + }, + { id: 'CWE-259', name: 'Use of Hard-coded Password', status: 'Draft' }, + { + id: 'CWE-26', + name: "Path Traversal: '/dir/../filename'", + status: 'Draft', + }, + { + id: 'CWE-260', + name: 'Password in Configuration File', + status: 'Incomplete', + }, + { + id: 'CWE-261', + name: 'Weak Cryptography for Passwords', + status: 'Incomplete', + }, + { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, + { + id: 'CWE-263', + name: 'Password Aging with Long Expiration', + status: 'Draft', + }, + { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, + { + id: 'CWE-267', + name: 'Privilege Defined With Unsafe Actions', + status: 'Incomplete', + }, + { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, + { + id: 'CWE-269', + name: 'Improper Privilege Management', + status: 'Incomplete', + }, + { + id: 'CWE-27', + name: "Path Traversal: 'dir/../../filename'", + status: 'Draft', + }, + { + id: 'CWE-270', + name: 'Privilege Context Switching Error', + status: 'Draft', + }, + { + id: 'CWE-271', + name: 'Privilege Dropping / Lowering Errors', + status: 'Incomplete', + }, + { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, + { + id: 'CWE-273', + name: 'Improper Check for Dropped Privileges', + status: 'Incomplete', + }, + { + id: 'CWE-274', + name: 'Improper Handling of Insufficient Privileges', + status: 'Draft', + }, + { id: 'CWE-276', name: 'Incorrect Default Permissions', status: 'Draft' }, + { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, + { + id: 'CWE-278', + name: 'Insecure Preserved Inherited Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-279', + name: 'Incorrect Execution-Assigned Permissions', + status: 'Draft', + }, + { + id: 'CWE-28', + name: "Path Traversal: '..\\filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-280', + name: 'Improper Handling of Insufficient Permissions or Privileges ', + status: 'Draft', + }, + { + id: 'CWE-281', + name: 'Improper Preservation of Permissions', + status: 'Draft', + }, + { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, + { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, + { id: 'CWE-284', name: 'Improper Access Control', status: 'Incomplete' }, + { id: 'CWE-285', name: 'Improper Authorization', status: 'Draft' }, + { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, + { id: 'CWE-287', name: 'Improper Authentication', status: 'Draft' }, + { + id: 'CWE-288', + name: 'Authentication Bypass Using an Alternate Path or Channel', + status: 'Incomplete', + }, + { + id: 'CWE-289', + name: 'Authentication Bypass by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-29', + name: "Path Traversal: '\\..\\filename'", + status: 'Incomplete', + }, + { + id: 'CWE-290', + name: 'Authentication Bypass by Spoofing', + status: 'Incomplete', + }, + { + id: 'CWE-292', + name: 'Trusting Self-reported DNS Name', + status: 'Incomplete', + }, + { + id: 'CWE-293', + name: 'Using Referer Field for Authentication', + status: 'Draft', + }, + { + id: 'CWE-294', + name: 'Authentication Bypass by Capture-replay', + status: 'Incomplete', + }, + { + id: 'CWE-296', + name: 'Improper Following of Chain of Trust for Certificate Validation', + status: 'Draft', + }, + { + id: 'CWE-297', + name: 'Improper Validation of Host-specific Certificate Data', + status: 'Incomplete', + }, + { + id: 'CWE-298', + name: 'Improper Validation of Certificate Expiration', + status: 'Draft', + }, + { + id: 'CWE-299', + name: 'Improper Check for Certificate Revocation', + status: 'Draft', + }, + { + id: 'CWE-30', + name: "Path Traversal: '\\dir\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-300', + name: "Channel Accessible by Non-Endpoint ('Man-in-the-Middle')", + status: 'Draft', + }, + { + id: 'CWE-301', + name: 'Reflection Attack in an Authentication Protocol', + status: 'Draft', + }, + { + id: 'CWE-302', + name: 'Authentication Bypass by Assumed-Immutable Data', + status: 'Incomplete', + }, + { + id: 'CWE-303', + name: 'Incorrect Implementation of Authentication Algorithm', + status: 'Draft', + }, + { + id: 'CWE-304', + name: 'Missing Critical Step in Authentication', + status: 'Draft', + }, + { + id: 'CWE-305', + name: 'Authentication Bypass by Primary Weakness', + status: 'Draft', + }, + { + id: 'CWE-306', + name: 'Missing Authentication for Critical Function', + status: 'Draft', + }, + { + id: 'CWE-307', + name: 'Improper Restriction of Excessive Authentication Attempts', + status: 'Draft', + }, + { + id: 'CWE-308', + name: 'Use of Single-factor Authentication', + status: 'Draft', + }, + { + id: 'CWE-309', + name: 'Use of Password System for Primary Authentication', + status: 'Draft', + }, + { + id: 'CWE-31', + name: "Path Traversal: 'dir\\..\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-311', + name: 'Missing Encryption of Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-312', + name: 'Cleartext Storage of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-313', + name: 'Plaintext Storage in a File or on Disk', + status: 'Draft', + }, + { + id: 'CWE-314', + name: 'Plaintext Storage in the Registry', + status: 'Draft', + }, + { id: 'CWE-315', name: 'Plaintext Storage in a Cookie', status: 'Draft' }, + { id: 'CWE-316', name: 'Plaintext Storage in Memory', status: 'Draft' }, + { id: 'CWE-317', name: 'Plaintext Storage in GUI', status: 'Draft' }, + { id: 'CWE-318', name: 'Plaintext Storage in Executable', status: 'Draft' }, + { + id: 'CWE-319', + name: 'Cleartext Transmission of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-32', + name: "Path Traversal: '...' (Triple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-321', + name: 'Use of Hard-coded Cryptographic Key', + status: 'Draft', + }, + { + id: 'CWE-322', + name: 'Key Exchange without Entity Authentication', + status: 'Draft', + }, + { + id: 'CWE-323', + name: 'Reusing a Nonce, Key Pair in Encryption', + status: 'Incomplete', + }, + { + id: 'CWE-324', + name: 'Use of a Key Past its Expiration Date', + status: 'Draft', + }, + { + id: 'CWE-325', + name: 'Missing Required Cryptographic Step', + status: 'Incomplete', + }, + { id: 'CWE-326', name: 'Inadequate Encryption Strength', status: 'Draft' }, + { + id: 'CWE-327', + name: 'Use of a Broken or Risky Cryptographic Algorithm', + status: 'Draft', + }, + { id: 'CWE-328', name: 'Reversible One-Way Hash', status: 'Draft' }, + { + id: 'CWE-329', + name: 'Not Using a Random IV with CBC Mode', + status: 'Draft', + }, + { + id: 'CWE-33', + name: "Path Traversal: '....' (Multiple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-330', + name: 'Use of Insufficiently Random Values', + status: 'Usable', + }, + { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, + { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, + { + id: 'CWE-333', + name: 'Improper Handling of Insufficient Entropy in TRNG', + status: 'Draft', + }, + { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, + { id: 'CWE-335', name: 'PRNG Seed Error', status: 'Draft' }, + { id: 'CWE-336', name: 'Same Seed in PRNG', status: 'Draft' }, + { id: 'CWE-337', name: 'Predictable Seed in PRNG', status: 'Draft' }, + { + id: 'CWE-338', + name: 'Use of Cryptographically Weak PRNG', + status: 'Draft', + }, + { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, + { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, + { id: 'CWE-340', name: 'Predictability Problems', status: 'Incomplete' }, + { + id: 'CWE-341', + name: 'Predictable from Observable State', + status: 'Draft', + }, + { + id: 'CWE-342', + name: 'Predictable Exact Value from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-343', + name: 'Predictable Value Range from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-344', + name: 'Use of Invariant Value in Dynamically Changing Context', + status: 'Draft', + }, + { + id: 'CWE-345', + name: 'Insufficient Verification of Data Authenticity', + status: 'Draft', + }, + { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, + { + id: 'CWE-347', + name: 'Improper Verification of Cryptographic Signature', + status: 'Draft', + }, + { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, + { + id: 'CWE-349', + name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', + status: 'Draft', + }, + { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, + { id: 'CWE-350', name: 'Improperly Trusted Reverse DNS', status: 'Draft' }, + { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, + { + id: 'CWE-353', + name: 'Missing Support for Integrity Check', + status: 'Draft', + }, + { + id: 'CWE-354', + name: 'Improper Validation of Integrity Check Value', + status: 'Draft', + }, + { + id: 'CWE-356', + name: 'Product UI does not Warn User of Unsafe Actions', + status: 'Incomplete', + }, + { + id: 'CWE-357', + name: 'Insufficient UI Warning of Dangerous Operations', + status: 'Draft', + }, + { + id: 'CWE-358', + name: 'Improperly Implemented Security Check for Standard', + status: 'Draft', + }, + { id: 'CWE-359', name: 'Privacy Violation', status: 'Incomplete' }, + { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, + { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, + { + id: 'CWE-362', + name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", + status: 'Draft', + }, + { + id: 'CWE-363', + name: 'Race Condition Enabling Link Following', + status: 'Draft', + }, + { + id: 'CWE-364', + name: 'Signal Handler Race Condition', + status: 'Incomplete', + }, + { id: 'CWE-365', name: 'Race Condition in Switch', status: 'Draft' }, + { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, + { + id: 'CWE-367', + name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', + status: 'Incomplete', + }, + { + id: 'CWE-368', + name: 'Context Switching Race Condition', + status: 'Draft', + }, + { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, + { + id: 'CWE-37', + name: "Path Traversal: '/absolute/pathname/here'", + status: 'Draft', + }, + { + id: 'CWE-370', + name: 'Missing Check for Certificate Revocation after Initial Check', + status: 'Draft', + }, + { + id: 'CWE-372', + name: 'Incomplete Internal State Distinction', + status: 'Draft', + }, + { + id: 'CWE-373', + name: 'DEPRECATED: State Synchronization Error', + status: 'Deprecated', + }, + { + id: 'CWE-374', + name: 'Passing Mutable Objects to an Untrusted Method', + status: 'Draft', + }, + { + id: 'CWE-375', + name: 'Returning a Mutable Object to an Untrusted Caller', + status: 'Draft', + }, + { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, + { + id: 'CWE-378', + name: 'Creation of Temporary File With Insecure Permissions', + status: 'Draft', + }, + { + id: 'CWE-379', + name: 'Creation of Temporary File in Directory with Incorrect Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-38', + name: "Path Traversal: '\\absolute\\pathname\\here'", + status: 'Draft', + }, + { + id: 'CWE-382', + name: 'J2EE Bad Practices: Use of System.exit()', + status: 'Draft', + }, + { + id: 'CWE-383', + name: 'J2EE Bad Practices: Direct Use of Threads', + status: 'Draft', + }, + { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, + { + id: 'CWE-386', + name: 'Symbolic Name not Mapping to Correct Object', + status: 'Draft', + }, + { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, + { + id: 'CWE-390', + name: 'Detection of Error Condition Without Action', + status: 'Draft', + }, + { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, + { + id: 'CWE-392', + name: 'Missing Report of Error Condition', + status: 'Draft', + }, + { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, + { + id: 'CWE-394', + name: 'Unexpected Status Code or Return Value', + status: 'Draft', + }, + { + id: 'CWE-395', + name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', + status: 'Draft', + }, + { + id: 'CWE-396', + name: 'Declaration of Catch for Generic Exception', + status: 'Draft', + }, + { + id: 'CWE-397', + name: 'Declaration of Throws for Generic Exception', + status: 'Draft', + }, + { id: 'CWE-398', name: 'Indicator of Poor Code Quality', status: 'Draft' }, + { + id: 'CWE-40', + name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", + status: 'Draft', + }, + { + id: 'CWE-400', + name: "Uncontrolled Resource Consumption ('Resource Exhaustion')", + status: 'Incomplete', + }, + { + id: 'CWE-401', + name: "Improper Release of Memory Before Removing Last Reference ('Memory Leak')", + status: 'Draft', + }, + { + id: 'CWE-402', + name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", + status: 'Draft', + }, + { + id: 'CWE-403', + name: 'Exposure of File Descriptor to Unintended Control Sphere', + status: 'Draft', + }, + { + id: 'CWE-404', + name: 'Improper Resource Shutdown or Release', + status: 'Draft', + }, + { + id: 'CWE-405', + name: 'Asymmetric Resource Consumption (Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-406', + name: 'Insufficient Control of Network Message Volume (Network Amplification)', + status: 'Incomplete', + }, + { id: 'CWE-407', name: 'Algorithmic Complexity', status: 'Incomplete' }, + { + id: 'CWE-408', + name: 'Incorrect Behavior Order: Early Amplification', + status: 'Draft', + }, + { + id: 'CWE-409', + name: 'Improper Handling of Highly Compressed Data (Data Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-41', + name: 'Improper Resolution of Path Equivalence', + status: 'Incomplete', + }, + { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, + { + id: 'CWE-412', + name: 'Unrestricted Externally Accessible Lock', + status: 'Incomplete', + }, + { id: 'CWE-413', name: 'Improper Resource Locking', status: 'Draft' }, + { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, + { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, + { id: 'CWE-416', name: 'Use After Free', status: 'Draft' }, + { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, + { + id: 'CWE-42', + name: "Path Equivalence: 'filename.' (Trailing Dot)", + status: 'Incomplete', + }, + { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, + { + id: 'CWE-421', + name: 'Race Condition During Access to Alternate Channel', + status: 'Draft', + }, + { + id: 'CWE-422', + name: "Unprotected Windows Messaging Channel ('Shatter')", + status: 'Draft', + }, + { + id: 'CWE-423', + name: 'DEPRECATED (Duplicate): Proxied Trusted Channel', + status: 'Deprecated', + }, + { + id: 'CWE-424', + name: 'Improper Protection of Alternate Path', + status: 'Draft', + }, + { + id: 'CWE-425', + name: "Direct Request ('Forced Browsing')", + status: 'Incomplete', + }, + { + id: 'CWE-427', + name: 'Uncontrolled Search Path Element', + status: 'Draft', + }, + { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, + { + id: 'CWE-43', + name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-430', + name: 'Deployment of Wrong Handler', + status: 'Incomplete', + }, + { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, + { + id: 'CWE-432', + name: 'Dangerous Signal Handler not Disabled During Sensitive Operations', + status: 'Draft', + }, + { + id: 'CWE-433', + name: 'Unparsed Raw Web Content Delivery', + status: 'Incomplete', + }, + { + id: 'CWE-434', + name: 'Unrestricted Upload of File with Dangerous Type', + status: 'Draft', + }, + { id: 'CWE-435', name: 'Interaction Error', status: 'Draft' }, + { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, + { + id: 'CWE-437', + name: 'Incomplete Model of Endpoint Features', + status: 'Incomplete', + }, + { + id: 'CWE-439', + name: 'Behavioral Change in New Version or Environment', + status: 'Draft', + }, + { + id: 'CWE-44', + name: "Path Equivalence: 'file.name' (Internal Dot)", + status: 'Incomplete', + }, + { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, + { id: 'CWE-441', name: 'Unintended Proxy/Intermediary', status: 'Draft' }, + { + id: 'CWE-443', + name: 'DEPRECATED (Duplicate): HTTP response splitting', + status: 'Deprecated', + }, + { + id: 'CWE-444', + name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')", + status: 'Incomplete', + }, + { + id: 'CWE-446', + name: 'UI Discrepancy for Security Feature', + status: 'Incomplete', + }, + { + id: 'CWE-447', + name: 'Unimplemented or Unsupported Feature in UI', + status: 'Draft', + }, + { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, + { + id: 'CWE-449', + name: 'The UI Performs the Wrong Action', + status: 'Incomplete', + }, + { + id: 'CWE-45', + name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-450', + name: 'Multiple Interpretations of UI Input', + status: 'Draft', + }, + { + id: 'CWE-451', + name: 'UI Misrepresentation of Critical Information', + status: 'Draft', + }, + { + id: 'CWE-453', + name: 'Insecure Default Variable Initialization', + status: 'Draft', + }, + { + id: 'CWE-454', + name: 'External Initialization of Trusted Variables or Data Stores', + status: 'Draft', + }, + { + id: 'CWE-455', + name: 'Non-exit on Failed Initialization', + status: 'Draft', + }, + { id: 'CWE-456', name: 'Missing Initialization', status: 'Draft' }, + { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, + { + id: 'CWE-458', + name: 'DEPRECATED: Incorrect Initialization', + status: 'Deprecated', + }, + { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, + { + id: 'CWE-46', + name: "Path Equivalence: 'filename ' (Trailing Space)", + status: 'Incomplete', + }, + { + id: 'CWE-460', + name: 'Improper Cleanup on Thrown Exception', + status: 'Draft', + }, + { + id: 'CWE-462', + name: 'Duplicate Key in Associative List (Alist)', + status: 'Incomplete', + }, + { + id: 'CWE-463', + name: 'Deletion of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-464', + name: 'Addition of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-466', + name: 'Return of Pointer Value Outside of Expected Range', + status: 'Draft', + }, + { + id: 'CWE-467', + name: 'Use of sizeof() on a Pointer Type', + status: 'Draft', + }, + { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, + { + id: 'CWE-469', + name: 'Use of Pointer Subtraction to Determine Size', + status: 'Draft', + }, + { + id: 'CWE-47', + name: "Path Equivalence: ' filename' (Leading Space)", + status: 'Incomplete', + }, + { + id: 'CWE-470', + name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", + status: 'Draft', + }, + { + id: 'CWE-471', + name: 'Modification of Assumed-Immutable Data (MAID)', + status: 'Draft', + }, + { + id: 'CWE-472', + name: 'External Control of Assumed-Immutable Web Parameter', + status: 'Draft', + }, + { + id: 'CWE-473', + name: 'PHP External Variable Modification', + status: 'Draft', + }, + { + id: 'CWE-474', + name: 'Use of Function with Inconsistent Implementations', + status: 'Draft', + }, + { + id: 'CWE-475', + name: 'Undefined Behavior for Input to API', + status: 'Incomplete', + }, + { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Draft' }, + { id: 'CWE-477', name: 'Use of Obsolete Functions', status: 'Draft' }, + { + id: 'CWE-478', + name: 'Missing Default Case in Switch Statement', + status: 'Draft', + }, + { + id: 'CWE-479', + name: 'Signal Handler Use of a Non-reentrant Function', + status: 'Draft', + }, + { + id: 'CWE-48', + name: "Path Equivalence: 'file name' (Internal Whitespace)", + status: 'Incomplete', + }, + { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, + { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, + { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, + { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, + { + id: 'CWE-484', + name: 'Omitted Break Statement in Switch', + status: 'Draft', + }, + { id: 'CWE-485', name: 'Insufficient Encapsulation', status: 'Draft' }, + { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, + { + id: 'CWE-487', + name: 'Reliance on Package-level Scope', + status: 'Incomplete', + }, + { + id: 'CWE-488', + name: 'Exposure of Data Element to Wrong Session', + status: 'Draft', + }, + { id: 'CWE-489', name: 'Leftover Debug Code', status: 'Draft' }, + { + id: 'CWE-49', + name: "Path Equivalence: 'filename/' (Trailing Slash)", + status: 'Incomplete', + }, + { + id: 'CWE-491', + name: "Public cloneable() Method Without Final ('Object Hijack')", + status: 'Draft', + }, + { + id: 'CWE-492', + name: 'Use of Inner Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-493', + name: 'Critical Public Variable Without Final Modifier', + status: 'Draft', + }, + { + id: 'CWE-494', + name: 'Download of Code Without Integrity Check', + status: 'Draft', + }, + { + id: 'CWE-495', + name: 'Private Array-Typed Field Returned From A Public Method', + status: 'Draft', + }, + { + id: 'CWE-496', + name: 'Public Data Assigned to Private Array-Typed Field', + status: 'Incomplete', + }, + { + id: 'CWE-497', + name: 'Exposure of System Data to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-498', + name: 'Cloneable Class Containing Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-499', + name: 'Serializable Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-5', + name: 'J2EE Misconfiguration: Data Transmission Without Encryption', + status: 'Draft', + }, + { + id: 'CWE-50', + name: "Path Equivalence: '//multiple/leading/slash'", + status: 'Incomplete', + }, + { + id: 'CWE-500', + name: 'Public Static Field Not Marked Final', + status: 'Draft', + }, + { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, + { + id: 'CWE-502', + name: 'Deserialization of Untrusted Data', + status: 'Draft', + }, + { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, + { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, + { + id: 'CWE-508', + name: 'Non-Replicating Malicious Code', + status: 'Incomplete', + }, + { + id: 'CWE-509', + name: 'Replicating Malicious Code (Virus or Worm)', + status: 'Incomplete', + }, + { + id: 'CWE-51', + name: "Path Equivalence: '/multiple//internal/slash'", + status: 'Incomplete', + }, + { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, + { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, + { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, + { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, + { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, + { + id: 'CWE-516', + name: 'DEPRECATED (Duplicate): Covert Timing Channel', + status: 'Deprecated', + }, + { + id: 'CWE-52', + name: "Path Equivalence: '/multiple/trailing/slash//'", + status: 'Incomplete', + }, + { + id: 'CWE-520', + name: '.NET Misconfiguration: Use of Impersonation', + status: 'Incomplete', + }, + { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, + { + id: 'CWE-522', + name: 'Insufficiently Protected Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-523', + name: 'Unprotected Transport of Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-524', + name: 'Information Exposure Through Caching', + status: 'Incomplete', + }, + { + id: 'CWE-525', + name: 'Information Exposure Through Browser Caching', + status: 'Incomplete', + }, + { + id: 'CWE-526', + name: 'Information Exposure Through Environmental Variables', + status: 'Incomplete', + }, + { + id: 'CWE-527', + name: 'Exposure of CVS Repository to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-528', + name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', + status: 'Draft', + }, + { + id: 'CWE-529', + name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-53', + name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", + status: 'Incomplete', + }, + { + id: 'CWE-530', + name: 'Exposure of Backup File to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-531', + name: 'Information Exposure Through Test Code', + status: 'Incomplete', + }, + { + id: 'CWE-532', + name: 'Information Exposure Through Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-533', + name: 'Information Exposure Through Server Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-534', + name: 'Information Exposure Through Debug Log Files', + status: 'Draft', + }, + { + id: 'CWE-535', + name: 'Information Exposure Through Shell Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-536', + name: 'Information Exposure Through Servlet Runtime Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-537', + name: 'Information Exposure Through Java Runtime Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-538', + name: 'File and Directory Information Exposure', + status: 'Draft', + }, + { + id: 'CWE-539', + name: 'Information Exposure Through Persistent Cookies', + status: 'Incomplete', + }, + { + id: 'CWE-54', + name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", + status: 'Incomplete', + }, + { + id: 'CWE-540', + name: 'Information Exposure Through Source Code', + status: 'Incomplete', + }, + { + id: 'CWE-541', + name: 'Information Exposure Through Include Source Code', + status: 'Incomplete', + }, + { + id: 'CWE-542', + name: 'Information Exposure Through Cleanup Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-543', + name: 'Use of Singleton Pattern Without Synchronization in a Multithreaded Context', + status: 'Incomplete', + }, + { + id: 'CWE-544', + name: 'Missing Standardized Error Handling Mechanism', + status: 'Draft', + }, + { + id: 'CWE-545', + name: 'Use of Dynamic Class Loading', + status: 'Incomplete', + }, + { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, + { + id: 'CWE-547', + name: 'Use of Hard-coded, Security-relevant Constants', + status: 'Draft', + }, + { + id: 'CWE-548', + name: 'Information Exposure Through Directory Listing', + status: 'Draft', + }, + { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, + { + id: 'CWE-55', + name: "Path Equivalence: '/./' (Single Dot Directory)", + status: 'Incomplete', + }, + { + id: 'CWE-550', + name: 'Information Exposure Through Server Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-551', + name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', + status: 'Incomplete', + }, + { + id: 'CWE-552', + name: 'Files or Directories Accessible to External Parties', + status: 'Draft', + }, + { + id: 'CWE-553', + name: 'Command Shell in Externally Accessible Directory', + status: 'Incomplete', + }, + { + id: 'CWE-554', + name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', + status: 'Draft', + }, + { + id: 'CWE-555', + name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-556', + name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', + status: 'Incomplete', + }, + { + id: 'CWE-558', + name: 'Use of getlogin() in Multithreaded Application', + status: 'Draft', + }, + { + id: 'CWE-56', + name: "Path Equivalence: 'filedir*' (Wildcard)", + status: 'Incomplete', + }, + { + id: 'CWE-560', + name: 'Use of umask() with chmod-style Argument', + status: 'Draft', + }, + { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, + { + id: 'CWE-562', + name: 'Return of Stack Variable Address', + status: 'Draft', + }, + { id: 'CWE-563', name: 'Unused Variable', status: 'Draft' }, + { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, + { + id: 'CWE-565', + name: 'Reliance on Cookies without Validation and Integrity Checking', + status: 'Incomplete', + }, + { + id: 'CWE-566', + name: 'Authorization Bypass Through User-Controlled SQL Primary Key', + status: 'Incomplete', + }, + { + id: 'CWE-567', + name: 'Unsynchronized Access to Shared Data in a Multithreaded Context', + status: 'Draft', + }, + { + id: 'CWE-568', + name: 'finalize() Method Without super.finalize()', + status: 'Draft', + }, + { + id: 'CWE-57', + name: "Path Equivalence: 'fakedir/../realdir/filename'", + status: 'Incomplete', + }, + { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, + { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, + { + id: 'CWE-572', + name: 'Call to Thread run() instead of start()', + status: 'Draft', + }, + { + id: 'CWE-573', + name: 'Improper Following of Specification by Caller', + status: 'Draft', + }, + { + id: 'CWE-574', + name: 'EJB Bad Practices: Use of Synchronization Primitives', + status: 'Draft', + }, + { + id: 'CWE-575', + name: 'EJB Bad Practices: Use of AWT Swing', + status: 'Draft', + }, + { + id: 'CWE-576', + name: 'EJB Bad Practices: Use of Java I/O', + status: 'Draft', + }, + { + id: 'CWE-577', + name: 'EJB Bad Practices: Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-578', + name: 'EJB Bad Practices: Use of Class Loader', + status: 'Draft', + }, + { + id: 'CWE-579', + name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', + status: 'Draft', + }, + { + id: 'CWE-58', + name: 'Path Equivalence: Windows 8.3 Filename', + status: 'Incomplete', + }, + { + id: 'CWE-580', + name: 'clone() Method Without super.clone()', + status: 'Draft', + }, + { + id: 'CWE-581', + name: 'Object Model Violation: Just One of Equals and Hashcode Defined', + status: 'Draft', + }, + { + id: 'CWE-582', + name: 'Array Declared Public, Final, and Static', + status: 'Draft', + }, + { + id: 'CWE-583', + name: 'finalize() Method Declared Public', + status: 'Incomplete', + }, + { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, + { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, + { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, + { + id: 'CWE-587', + name: 'Assignment of a Fixed Address to a Pointer', + status: 'Draft', + }, + { + id: 'CWE-588', + name: 'Attempt to Access Child of a Non-structure Pointer', + status: 'Incomplete', + }, + { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, + { + id: 'CWE-59', + name: "Improper Link Resolution Before File Access ('Link Following')", + status: 'Draft', + }, + { + id: 'CWE-590', + name: 'Free of Memory not on the Heap', + status: 'Incomplete', + }, + { + id: 'CWE-591', + name: 'Sensitive Data Storage in Improperly Locked Memory', + status: 'Draft', + }, + { + id: 'CWE-592', + name: 'Authentication Bypass Issues', + status: 'Incomplete', + }, + { + id: 'CWE-593', + name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', + status: 'Draft', + }, + { + id: 'CWE-594', + name: 'J2EE Framework: Saving Unserializable Objects to Disk', + status: 'Incomplete', + }, + { + id: 'CWE-595', + name: 'Comparison of Object References Instead of Object Contents', + status: 'Incomplete', + }, + { + id: 'CWE-596', + name: 'Incorrect Semantic Object Comparison', + status: 'Incomplete', + }, + { + id: 'CWE-597', + name: 'Use of Wrong Operator in String Comparison', + status: 'Draft', + }, + { + id: 'CWE-598', + name: 'Information Exposure Through Query Strings in GET Request', + status: 'Draft', + }, + { + id: 'CWE-599', + name: 'Trust of OpenSSL Certificate Without Validation', + status: 'Incomplete', + }, + { + id: 'CWE-6', + name: 'J2EE Misconfiguration: Insufficient Session-ID Length', + status: 'Incomplete', + }, + { id: 'CWE-600', name: 'Uncaught Exception in Servlet ', status: 'Draft' }, + { + id: 'CWE-601', + name: "URL Redirection to Untrusted Site ('Open Redirect')", + status: 'Draft', + }, + { + id: 'CWE-602', + name: 'Client-Side Enforcement of Server-Side Security', + status: 'Draft', + }, + { + id: 'CWE-603', + name: 'Use of Client-Side Authentication', + status: 'Draft', + }, + { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, + { + id: 'CWE-606', + name: 'Unchecked Input for Loop Condition', + status: 'Draft', + }, + { + id: 'CWE-607', + name: 'Public Static Final Field References Mutable Object', + status: 'Draft', + }, + { + id: 'CWE-608', + name: 'Struts: Non-private Field in ActionForm Class', + status: 'Draft', + }, + { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, + { + id: 'CWE-610', + name: 'Externally Controlled Reference to a Resource in Another Sphere', + status: 'Draft', + }, + { + id: 'CWE-611', + name: 'Information Exposure Through XML External Entity Reference', + status: 'Draft', + }, + { + id: 'CWE-612', + name: 'Information Exposure Through Indexing of Private Data', + status: 'Draft', + }, + { + id: 'CWE-613', + name: 'Insufficient Session Expiration', + status: 'Incomplete', + }, + { + id: 'CWE-614', + name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", + status: 'Draft', + }, + { + id: 'CWE-615', + name: 'Information Exposure Through Comments', + status: 'Incomplete', + }, + { + id: 'CWE-616', + name: 'Incomplete Identification of Uploaded File Variables (PHP)', + status: 'Incomplete', + }, + { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, + { + id: 'CWE-618', + name: 'Exposed Unsafe ActiveX Method', + status: 'Incomplete', + }, + { + id: 'CWE-619', + name: "Dangling Database Cursor ('Cursor Injection')", + status: 'Incomplete', + }, + { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, + { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, + { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, + { + id: 'CWE-622', + name: 'Unvalidated Function Hook Arguments', + status: 'Draft', + }, + { + id: 'CWE-623', + name: 'Unsafe ActiveX Control Marked Safe For Scripting', + status: 'Draft', + }, + { + id: 'CWE-624', + name: 'Executable Regular Expression Error', + status: 'Incomplete', + }, + { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, + { + id: 'CWE-626', + name: 'Null Byte Interaction Error (Poison Null Byte)', + status: 'Draft', + }, + { + id: 'CWE-627', + name: 'Dynamic Variable Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-628', + name: 'Function Call with Incorrectly Specified Arguments', + status: 'Draft', + }, + { + id: 'CWE-636', + name: "Not Failing Securely ('Failing Open')", + status: 'Draft', + }, + { + id: 'CWE-637', + name: "Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')", + status: 'Draft', + }, + { id: 'CWE-638', name: 'Not Using Complete Mediation', status: 'Draft' }, + { + id: 'CWE-639', + name: 'Authorization Bypass Through User-Controlled Key', + status: 'Incomplete', + }, + { + id: 'CWE-64', + name: 'Windows Shortcut Following (.LNK)', + status: 'Incomplete', + }, + { + id: 'CWE-640', + name: 'Weak Password Recovery Mechanism for Forgotten Password', + status: 'Incomplete', + }, + { + id: 'CWE-641', + name: 'Improper Restriction of Names for Files and Other Resources', + status: 'Incomplete', + }, + { + id: 'CWE-642', + name: 'External Control of Critical State Data', + status: 'Draft', + }, + { + id: 'CWE-643', + name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-644', + name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', + status: 'Incomplete', + }, + { + id: 'CWE-645', + name: 'Overly Restrictive Account Lockout Mechanism', + status: 'Incomplete', + }, + { + id: 'CWE-646', + name: 'Reliance on File Name or Extension of Externally-Supplied File', + status: 'Incomplete', + }, + { + id: 'CWE-647', + name: 'Use of Non-Canonical URL Paths for Authorization Decisions', + status: 'Incomplete', + }, + { + id: 'CWE-648', + name: 'Incorrect Use of Privileged APIs', + status: 'Incomplete', + }, + { + id: 'CWE-649', + name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', + status: 'Incomplete', + }, + { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, + { + id: 'CWE-650', + name: 'Trusting HTTP Permission Methods on the Server Side', + status: 'Incomplete', + }, + { + id: 'CWE-651', + name: 'Information Exposure Through WSDL File', + status: 'Incomplete', + }, + { + id: 'CWE-652', + name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-653', + name: 'Insufficient Compartmentalization', + status: 'Draft', + }, + { + id: 'CWE-654', + name: 'Reliance on a Single Factor in a Security Decision', + status: 'Draft', + }, + { + id: 'CWE-655', + name: 'Insufficient Psychological Acceptability', + status: 'Draft', + }, + { + id: 'CWE-656', + name: 'Reliance on Security Through Obscurity', + status: 'Draft', + }, + { + id: 'CWE-657', + name: 'Violation of Secure Design Principles', + status: 'Draft', + }, + { + id: 'CWE-66', + name: 'Improper Handling of File Names that Identify Virtual Resources', + status: 'Draft', + }, + { id: 'CWE-662', name: 'Improper Synchronization', status: 'Draft' }, + { + id: 'CWE-663', + name: 'Use of a Non-reentrant Function in a Concurrent Context', + status: 'Draft', + }, + { + id: 'CWE-664', + name: 'Improper Control of a Resource Through its Lifetime', + status: 'Draft', + }, + { id: 'CWE-665', name: 'Improper Initialization', status: 'Draft' }, + { + id: 'CWE-666', + name: 'Operation on Resource in Wrong Phase of Lifetime', + status: 'Draft', + }, + { id: 'CWE-667', name: 'Improper Locking', status: 'Draft' }, + { + id: 'CWE-668', + name: 'Exposure of Resource to Wrong Sphere', + status: 'Draft', + }, + { + id: 'CWE-669', + name: 'Incorrect Resource Transfer Between Spheres', + status: 'Draft', + }, + { + id: 'CWE-67', + name: 'Improper Handling of Windows Device Names', + status: 'Incomplete', + }, + { + id: 'CWE-670', + name: 'Always-Incorrect Control Flow Implementation', + status: 'Draft', + }, + { + id: 'CWE-671', + name: 'Lack of Administrator Control over Security', + status: 'Draft', + }, + { + id: 'CWE-672', + name: 'Operation on a Resource after Expiration or Release', + status: 'Draft', + }, + { + id: 'CWE-673', + name: 'External Influence of Sphere Definition', + status: 'Draft', + }, + { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, + { + id: 'CWE-675', + name: 'Duplicate Operations on Resource', + status: 'Draft', + }, + { + id: 'CWE-676', + name: 'Use of Potentially Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-681', + name: 'Incorrect Conversion between Numeric Types', + status: 'Draft', + }, + { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, + { + id: 'CWE-683', + name: 'Function Call With Incorrect Order of Arguments', + status: 'Draft', + }, + { + id: 'CWE-684', + name: 'Incorrect Provision of Specified Functionality', + status: 'Draft', + }, + { + id: 'CWE-685', + name: 'Function Call With Incorrect Number of Arguments', + status: 'Draft', + }, + { + id: 'CWE-686', + name: 'Function Call With Incorrect Argument Type', + status: 'Draft', + }, + { + id: 'CWE-687', + name: 'Function Call With Incorrectly Specified Argument Value', + status: 'Draft', + }, + { + id: 'CWE-688', + name: 'Function Call With Incorrect Variable or Reference as Argument', + status: 'Draft', + }, + { + id: 'CWE-69', + name: 'Improper Handling of Windows ::DATA Alternate Data Stream', + status: 'Incomplete', + }, + { + id: 'CWE-691', + name: 'Insufficient Control Flow Management', + status: 'Draft', + }, + { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, + { + id: 'CWE-694', + name: 'Use of Multiple Resources with Duplicate Identifier', + status: 'Incomplete', + }, + { + id: 'CWE-695', + name: 'Use of Low-Level Functionality', + status: 'Incomplete', + }, + { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, + { id: 'CWE-697', name: 'Insufficient Comparison', status: 'Incomplete' }, + { id: 'CWE-698', name: 'Redirect Without Exit', status: 'Incomplete' }, + { + id: 'CWE-7', + name: 'J2EE Misconfiguration: Missing Custom Error Page', + status: 'Incomplete', + }, + { + id: 'CWE-703', + name: 'Improper Check or Handling of Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-704', + name: 'Incorrect Type Conversion or Cast', + status: 'Incomplete', + }, + { + id: 'CWE-705', + name: 'Incorrect Control Flow Scoping', + status: 'Incomplete', + }, + { + id: 'CWE-706', + name: 'Use of Incorrectly-Resolved Name or Reference', + status: 'Incomplete', + }, + { + id: 'CWE-707', + name: 'Improper Enforcement of Message or Data Structure', + status: 'Incomplete', + }, + { + id: 'CWE-708', + name: 'Incorrect Ownership Assignment', + status: 'Incomplete', + }, + { id: 'CWE-71', name: "Apple '.DS_Store'", status: 'Incomplete' }, + { id: 'CWE-710', name: 'Coding Standards Violation', status: 'Incomplete' }, + { + id: 'CWE-72', + name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', + status: 'Incomplete', + }, + { + id: 'CWE-73', + name: 'External Control of File Name or Path', + status: 'Draft', + }, + { + id: 'CWE-732', + name: 'Incorrect Permission Assignment for Critical Resource', + status: 'Draft', + }, + { + id: 'CWE-733', + name: 'Compiler Optimization Removal or Modification of Security-critical Code', + status: 'Incomplete', + }, + { + id: 'CWE-74', + name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-749', + name: 'Exposed Dangerous Method or Function', + status: 'Incomplete', + }, + { + id: 'CWE-75', + name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', + status: 'Draft', + }, + { + id: 'CWE-754', + name: 'Improper Check for Unusual or Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-755', + name: 'Improper Handling of Exceptional Conditions', + status: 'Incomplete', + }, + { id: 'CWE-756', name: 'Missing Custom Error Page', status: 'Incomplete' }, + { + id: 'CWE-757', + name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", + status: 'Incomplete', + }, + { + id: 'CWE-758', + name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', + status: 'Incomplete', + }, + { + id: 'CWE-759', + name: 'Use of a One-Way Hash without a Salt', + status: 'Incomplete', + }, + { + id: 'CWE-76', + name: 'Improper Neutralization of Equivalent Special Elements', + status: 'Draft', + }, + { + id: 'CWE-760', + name: 'Use of a One-Way Hash with a Predictable Salt', + status: 'Incomplete', + }, + { + id: 'CWE-761', + name: 'Free of Pointer not at Start of Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-762', + name: 'Mismatched Memory Management Routines', + status: 'Incomplete', + }, + { + id: 'CWE-763', + name: 'Release of Invalid Pointer or Reference', + status: 'Incomplete', + }, + { + id: 'CWE-764', + name: 'Multiple Locks of a Critical Resource', + status: 'Incomplete', + }, + { + id: 'CWE-765', + name: 'Multiple Unlocks of a Critical Resource', + status: 'Incomplete', + }, + { + id: 'CWE-766', + name: 'Critical Variable Declared Public', + status: 'Incomplete', + }, + { + id: 'CWE-767', + name: 'Access to Critical Private Variable via Public Method', + status: 'Incomplete', + }, + { + id: 'CWE-768', + name: 'Incorrect Short Circuit Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-77', + name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", + status: 'Draft', + }, + { + id: 'CWE-770', + name: 'Allocation of Resources Without Limits or Throttling', + status: 'Incomplete', + }, + { + id: 'CWE-771', + name: 'Missing Reference to Active Allocated Resource', + status: 'Incomplete', + }, + { + id: 'CWE-772', + name: 'Missing Release of Resource after Effective Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-773', + name: 'Missing Reference to Active File Descriptor or Handle', + status: 'Incomplete', + }, + { + id: 'CWE-774', + name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', + status: 'Incomplete', + }, + { + id: 'CWE-775', + name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-776', + name: "Unrestricted Recursive Entity References in DTDs ('XML Bomb')", + status: 'Draft', + }, + { + id: 'CWE-777', + name: 'Regular Expression without Anchors', + status: 'Incomplete', + }, + { id: 'CWE-778', name: 'Insufficient Logging', status: 'Draft' }, + { id: 'CWE-779', name: 'Logging of Excessive Data', status: 'Draft' }, + { + id: 'CWE-78', + name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", + status: 'Draft', + }, + { + id: 'CWE-780', + name: 'Use of RSA Algorithm without OAEP', + status: 'Incomplete', + }, + { + id: 'CWE-781', + name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', + status: 'Draft', + }, + { + id: 'CWE-782', + name: 'Exposed IOCTL with Insufficient Access Control', + status: 'Draft', + }, + { id: 'CWE-783', name: 'Operator Precedence Logic Error', status: 'Draft' }, + { + id: 'CWE-784', + name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', + status: 'Draft', + }, + { + id: 'CWE-785', + name: 'Use of Path Manipulation Function without Maximum-sized Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-786', + name: 'Access of Memory Location Before Start of Buffer', + status: 'Incomplete', + }, + { id: 'CWE-787', name: 'Out-of-bounds Write', status: 'Incomplete' }, + { + id: 'CWE-788', + name: 'Access of Memory Location After End of Buffer', + status: 'Incomplete', + }, + { id: 'CWE-789', name: 'Uncontrolled Memory Allocation', status: 'Draft' }, + { + id: 'CWE-79', + name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + status: 'Usable', + }, + { + id: 'CWE-790', + name: 'Improper Filtering of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-791', + name: 'Incomplete Filtering of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-792', + name: 'Incomplete Filtering of One or More Instances of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-793', + name: 'Only Filtering One Instance of a Special Element', + status: 'Incomplete', + }, + { + id: 'CWE-794', + name: 'Incomplete Filtering of Multiple Instances of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-795', + name: 'Only Filtering Special Elements at a Specified Location', + status: 'Incomplete', + }, + { + id: 'CWE-796', + name: 'Only Filtering Special Elements Relative to a Marker', + status: 'Incomplete', + }, + { + id: 'CWE-797', + name: 'Only Filtering Special Elements at an Absolute Position', + status: 'Incomplete', + }, + { + id: 'CWE-798', + name: 'Use of Hard-coded Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-799', + name: 'Improper Control of Interaction Frequency', + status: 'Incomplete', + }, + { + id: 'CWE-8', + name: 'J2EE Misconfiguration: Entity Bean Declared Remote', + status: 'Incomplete', + }, + { + id: 'CWE-80', + name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', + status: 'Incomplete', + }, + { id: 'CWE-804', name: 'Guessable CAPTCHA', status: 'Incomplete' }, + { + id: 'CWE-805', + name: 'Buffer Access with Incorrect Length Value', + status: 'Incomplete', + }, + { + id: 'CWE-806', + name: 'Buffer Access Using Size of Source Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-807', + name: 'Reliance on Untrusted Inputs in a Security Decision', + status: 'Incomplete', + }, + { + id: 'CWE-81', + name: 'Improper Neutralization of Script in an Error Message Web Page', + status: 'Incomplete', + }, + { + id: 'CWE-82', + name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', + status: 'Incomplete', + }, + { id: 'CWE-820', name: 'Missing Synchronization', status: 'Incomplete' }, + { id: 'CWE-821', name: 'Incorrect Synchronization', status: 'Incomplete' }, + { + id: 'CWE-822', + name: 'Untrusted Pointer Dereference', + status: 'Incomplete', + }, + { + id: 'CWE-823', + name: 'Use of Out-of-range Pointer Offset', + status: 'Incomplete', + }, + { + id: 'CWE-824', + name: 'Access of Uninitialized Pointer', + status: 'Incomplete', + }, + { + id: 'CWE-825', + name: 'Expired Pointer Dereference', + status: 'Incomplete', + }, + { + id: 'CWE-826', + name: 'Premature Release of Resource During Expected Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-827', + name: 'Improper Control of Document Type Definition', + status: 'Incomplete', + }, + { + id: 'CWE-828', + name: 'Signal Handler with Functionality that is not Asynchronous-Safe', + status: 'Incomplete', + }, + { + id: 'CWE-829', + name: 'Inclusion of Functionality from Untrusted Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-83', + name: 'Improper Neutralization of Script in Attributes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-830', + name: 'Inclusion of Web Functionality from an Untrusted Source', + status: 'Incomplete', + }, + { + id: 'CWE-831', + name: 'Signal Handler Function Associated with Multiple Signals', + status: 'Incomplete', + }, + { + id: 'CWE-832', + name: 'Unlock of a Resource that is not Locked', + status: 'Incomplete', + }, + { id: 'CWE-833', name: 'Deadlock', status: 'Incomplete' }, + { id: 'CWE-834', name: 'Excessive Iteration', status: 'Incomplete' }, + { + id: 'CWE-835', + name: "Loop with Unreachable Exit Condition ('Infinite Loop')", + status: 'Incomplete', + }, + { + id: 'CWE-836', + name: 'Use of Password Hash Instead of Password for Authentication', + status: 'Incomplete', + }, + { + id: 'CWE-837', + name: 'Improper Enforcement of a Single, Unique Action', + status: 'Incomplete', + }, + { + id: 'CWE-838', + name: 'Inappropriate Encoding for Output Context', + status: 'Incomplete', + }, + { + id: 'CWE-839', + name: 'Numeric Range Comparison Without Minimum Check', + status: 'Incomplete', + }, + { + id: 'CWE-84', + name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-841', + name: 'Improper Enforcement of Behavioral Workflow', + status: 'Incomplete', + }, + { + id: 'CWE-842', + name: 'Placement of User into Incorrect Group', + status: 'Incomplete', + }, + { + id: 'CWE-843', + name: "Access of Resource Using Incompatible Type ('Type Confusion')", + status: 'Incomplete', + }, + { + id: 'CWE-85', + name: 'Doubled Character XSS Manipulations', + status: 'Draft', + }, + { + id: 'CWE-86', + name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', + status: 'Draft', + }, + { id: 'CWE-862', name: 'Missing Authorization', status: 'Incomplete' }, + { id: 'CWE-863', name: 'Incorrect Authorization', status: 'Incomplete' }, + { + id: 'CWE-87', + name: 'Improper Neutralization of Alternate XSS Syntax', + status: 'Draft', + }, + { + id: 'CWE-88', + name: 'Argument Injection or Modification', + status: 'Draft', + }, + { + id: 'CWE-89', + name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + status: 'Draft', + }, + { + id: 'CWE-9', + name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', + status: 'Draft', + }, + { + id: 'CWE-90', + name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", + status: 'Draft', + }, + { + id: 'CWE-91', + name: 'XML Injection (aka Blind XPath Injection)', + status: 'Draft', + }, + { + id: 'CWE-92', + name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', + status: 'Deprecated', + }, + { + id: 'CWE-93', + name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", + status: 'Draft', + }, + { + id: 'CWE-94', + name: "Improper Control of Generation of Code ('Code Injection')", + status: 'Draft', + }, + { + id: 'CWE-95', + name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-96', + name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", + status: 'Draft', + }, + { + id: 'CWE-97', + name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', + status: 'Draft', + }, + { + id: 'CWE-98', + name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP File Inclusion')", + status: 'Draft', + }, + { + id: 'CWE-99', + name: "Improper Control of Resource Identifiers ('Resource Injection')", + status: 'Draft', + }, + ], +} diff --git a/lib/cwec/2.3.js b/lib/cwec/2.3.js new file mode 100644 index 00000000..bdd19776 --- /dev/null +++ b/lib/cwec/2.3.js @@ -0,0 +1,2829 @@ +export default { + weaknesses: [ + { + id: 'CWE-102', + name: 'Struts: Duplicate Validation Forms', + status: 'Incomplete', + }, + { + id: 'CWE-103', + name: 'Struts: Incomplete validate() Method Definition', + status: 'Draft', + }, + { + id: 'CWE-104', + name: 'Struts: Form Bean Does Not Extend Validation Class', + status: 'Draft', + }, + { + id: 'CWE-105', + name: 'Struts: Form Field Without Validator', + status: 'Draft', + }, + { + id: 'CWE-106', + name: 'Struts: Plug-in Framework not in Use', + status: 'Draft', + }, + { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, + { + id: 'CWE-108', + name: 'Struts: Unvalidated Action Form', + status: 'Incomplete', + }, + { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, + { + id: 'CWE-11', + name: 'ASP.NET Misconfiguration: Creating Debug Binary', + status: 'Draft', + }, + { + id: 'CWE-110', + name: 'Struts: Validator Without Form Field', + status: 'Draft', + }, + { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, + { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, + { + id: 'CWE-113', + name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')", + status: 'Incomplete', + }, + { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, + { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, + { + id: 'CWE-116', + name: 'Improper Encoding or Escaping of Output', + status: 'Draft', + }, + { + id: 'CWE-117', + name: 'Improper Output Neutralization for Logs', + status: 'Draft', + }, + { + id: 'CWE-118', + name: "Improper Access of Indexable Resource ('Range Error')", + status: 'Incomplete', + }, + { + id: 'CWE-119', + name: 'Improper Restriction of Operations within the Bounds of a Memory Buffer', + status: 'Usable', + }, + { + id: 'CWE-12', + name: 'ASP.NET Misconfiguration: Missing Custom Error Page', + status: 'Draft', + }, + { + id: 'CWE-120', + name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", + status: 'Incomplete', + }, + { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, + { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, + { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, + { + id: 'CWE-124', + name: "Buffer Underwrite ('Buffer Underflow')", + status: 'Incomplete', + }, + { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, + { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, + { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, + { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, + { + id: 'CWE-129', + name: 'Improper Validation of Array Index', + status: 'Draft', + }, + { + id: 'CWE-13', + name: 'ASP.NET Misconfiguration: Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-130', + name: 'Improper Handling of Length Parameter Inconsistency ', + status: 'Incomplete', + }, + { + id: 'CWE-131', + name: 'Incorrect Calculation of Buffer Size', + status: 'Draft', + }, + { + id: 'CWE-132', + name: 'DEPRECATED (Duplicate): Miscalculated Null Termination', + status: 'Deprecated', + }, + { id: 'CWE-134', name: 'Uncontrolled Format String', status: 'Draft' }, + { + id: 'CWE-135', + name: 'Incorrect Calculation of Multi-Byte String Length', + status: 'Draft', + }, + { + id: 'CWE-138', + name: 'Improper Neutralization of Special Elements', + status: 'Draft', + }, + { + id: 'CWE-14', + name: 'Compiler Removal of Code to Clear Buffers', + status: 'Draft', + }, + { + id: 'CWE-140', + name: 'Improper Neutralization of Delimiters', + status: 'Draft', + }, + { + id: 'CWE-141', + name: 'Improper Neutralization of Parameter/Argument Delimiters', + status: 'Draft', + }, + { + id: 'CWE-142', + name: 'Improper Neutralization of Value Delimiters', + status: 'Draft', + }, + { + id: 'CWE-143', + name: 'Improper Neutralization of Record Delimiters', + status: 'Draft', + }, + { + id: 'CWE-144', + name: 'Improper Neutralization of Line Delimiters', + status: 'Draft', + }, + { + id: 'CWE-145', + name: 'Improper Neutralization of Section Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-146', + name: 'Improper Neutralization of Expression/Command Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-147', + name: 'Improper Neutralization of Input Terminators', + status: 'Draft', + }, + { + id: 'CWE-148', + name: 'Improper Neutralization of Input Leaders', + status: 'Draft', + }, + { + id: 'CWE-149', + name: 'Improper Neutralization of Quoting Syntax', + status: 'Draft', + }, + { + id: 'CWE-15', + name: 'External Control of System or Configuration Setting', + status: 'Incomplete', + }, + { + id: 'CWE-150', + name: 'Improper Neutralization of Escape, Meta, or Control Sequences', + status: 'Incomplete', + }, + { + id: 'CWE-151', + name: 'Improper Neutralization of Comment Delimiters', + status: 'Draft', + }, + { + id: 'CWE-152', + name: 'Improper Neutralization of Macro Symbols', + status: 'Draft', + }, + { + id: 'CWE-153', + name: 'Improper Neutralization of Substitution Characters', + status: 'Draft', + }, + { + id: 'CWE-154', + name: 'Improper Neutralization of Variable Name Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-155', + name: 'Improper Neutralization of Wildcards or Matching Symbols', + status: 'Draft', + }, + { + id: 'CWE-156', + name: 'Improper Neutralization of Whitespace', + status: 'Draft', + }, + { + id: 'CWE-157', + name: 'Failure to Sanitize Paired Delimiters', + status: 'Draft', + }, + { + id: 'CWE-158', + name: 'Improper Neutralization of Null Byte or NUL Character', + status: 'Incomplete', + }, + { + id: 'CWE-159', + name: 'Failure to Sanitize Special Element', + status: 'Draft', + }, + { + id: 'CWE-160', + name: 'Improper Neutralization of Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-161', + name: 'Improper Neutralization of Multiple Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-162', + name: 'Improper Neutralization of Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-163', + name: 'Improper Neutralization of Multiple Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-164', + name: 'Improper Neutralization of Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-165', + name: 'Improper Neutralization of Multiple Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-166', + name: 'Improper Handling of Missing Special Element', + status: 'Draft', + }, + { + id: 'CWE-167', + name: 'Improper Handling of Additional Special Element', + status: 'Draft', + }, + { + id: 'CWE-168', + name: 'Improper Handling of Inconsistent Special Elements', + status: 'Draft', + }, + { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, + { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, + { + id: 'CWE-173', + name: 'Improper Handling of Alternate Encoding', + status: 'Draft', + }, + { + id: 'CWE-174', + name: 'Double Decoding of the Same Data', + status: 'Draft', + }, + { + id: 'CWE-175', + name: 'Improper Handling of Mixed Encoding', + status: 'Draft', + }, + { + id: 'CWE-176', + name: 'Improper Handling of Unicode Encoding', + status: 'Draft', + }, + { + id: 'CWE-177', + name: 'Improper Handling of URL Encoding (Hex Encoding)', + status: 'Draft', + }, + { + id: 'CWE-178', + name: 'Improper Handling of Case Sensitivity', + status: 'Incomplete', + }, + { + id: 'CWE-179', + name: 'Incorrect Behavior Order: Early Validation', + status: 'Incomplete', + }, + { + id: 'CWE-180', + name: 'Incorrect Behavior Order: Validate Before Canonicalize', + status: 'Draft', + }, + { + id: 'CWE-181', + name: 'Incorrect Behavior Order: Validate Before Filter', + status: 'Draft', + }, + { + id: 'CWE-182', + name: 'Collapse of Data into Unsafe Value', + status: 'Draft', + }, + { id: 'CWE-183', name: 'Permissive Whitelist', status: 'Draft' }, + { id: 'CWE-184', name: 'Incomplete Blacklist', status: 'Draft' }, + { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, + { + id: 'CWE-186', + name: 'Overly Restrictive Regular Expression', + status: 'Draft', + }, + { id: 'CWE-187', name: 'Partial Comparison', status: 'Incomplete' }, + { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, + { + id: 'CWE-190', + name: 'Integer Overflow or Wraparound', + status: 'Incomplete', + }, + { + id: 'CWE-191', + name: 'Integer Underflow (Wrap or Wraparound)', + status: 'Draft', + }, + { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, + { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, + { + id: 'CWE-195', + name: 'Signed to Unsigned Conversion Error', + status: 'Draft', + }, + { + id: 'CWE-196', + name: 'Unsigned to Signed Conversion Error', + status: 'Draft', + }, + { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, + { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, + { id: 'CWE-20', name: 'Improper Input Validation', status: 'Usable' }, + { id: 'CWE-200', name: 'Information Exposure', status: 'Incomplete' }, + { + id: 'CWE-201', + name: 'Information Exposure Through Sent Data', + status: 'Draft', + }, + { + id: 'CWE-202', + name: 'Exposure of Sensitive Data Through Data Queries', + status: 'Draft', + }, + { + id: 'CWE-203', + name: 'Information Exposure Through Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-204', + name: 'Response Discrepancy Information Exposure', + status: 'Incomplete', + }, + { + id: 'CWE-205', + name: 'Information Exposure Through Behavioral Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-206', + name: 'Information Exposure of Internal State Through Behavioral Inconsistency', + status: 'Incomplete', + }, + { + id: 'CWE-207', + name: 'Information Exposure Through an External Behavioral Inconsistency', + status: 'Draft', + }, + { + id: 'CWE-208', + name: 'Information Exposure Through Timing Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-209', + name: 'Information Exposure Through an Error Message', + status: 'Draft', + }, + { + id: 'CWE-210', + name: 'Information Exposure Through Self-generated Error Message', + status: 'Draft', + }, + { + id: 'CWE-211', + name: 'Information Exposure Through Externally-generated Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-212', + name: 'Improper Cross-boundary Removal of Sensitive Data', + status: 'Incomplete', + }, + { + id: 'CWE-213', + name: 'Intentional Information Exposure', + status: 'Draft', + }, + { + id: 'CWE-214', + name: 'Information Exposure Through Process Environment', + status: 'Incomplete', + }, + { + id: 'CWE-215', + name: 'Information Exposure Through Debug Information', + status: 'Draft', + }, + { + id: 'CWE-216', + name: 'Containment Errors (Container Errors)', + status: 'Incomplete', + }, + { + id: 'CWE-217', + name: 'DEPRECATED: Failure to Protect Stored Data from Modification', + status: 'Deprecated', + }, + { + id: 'CWE-218', + name: 'DEPRECATED (Duplicate): Failure to provide confidentiality for stored data', + status: 'Deprecated', + }, + { id: 'CWE-219', name: 'Sensitive Data Under Web Root', status: 'Draft' }, + { + id: 'CWE-22', + name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + status: 'Draft', + }, + { id: 'CWE-220', name: 'Sensitive Data Under FTP Root', status: 'Draft' }, + { + id: 'CWE-221', + name: 'Information Loss or Omission', + status: 'Incomplete', + }, + { + id: 'CWE-222', + name: 'Truncation of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-223', + name: 'Omission of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-224', + name: 'Obscured Security-relevant Information by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-225', + name: 'DEPRECATED (Duplicate): General Information Management Problems', + status: 'Deprecated', + }, + { + id: 'CWE-226', + name: 'Sensitive Information Uncleared Before Release', + status: 'Draft', + }, + { + id: 'CWE-227', + name: "Improper Fulfillment of API Contract ('API Abuse')", + status: 'Draft', + }, + { + id: 'CWE-228', + name: 'Improper Handling of Syntactically Invalid Structure', + status: 'Incomplete', + }, + { + id: 'CWE-229', + name: 'Improper Handling of Values', + status: 'Incomplete', + }, + { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, + { + id: 'CWE-230', + name: 'Improper Handling of Missing Values', + status: 'Draft', + }, + { + id: 'CWE-231', + name: 'Improper Handling of Extra Values', + status: 'Draft', + }, + { + id: 'CWE-232', + name: 'Improper Handling of Undefined Values', + status: 'Draft', + }, + { id: 'CWE-233', name: 'Parameter Problems', status: 'Incomplete' }, + { + id: 'CWE-234', + name: 'Failure to Handle Missing Parameter', + status: 'Incomplete', + }, + { + id: 'CWE-235', + name: 'Improper Handling of Extra Parameters', + status: 'Draft', + }, + { + id: 'CWE-236', + name: 'Improper Handling of Undefined Parameters', + status: 'Draft', + }, + { + id: 'CWE-237', + name: 'Improper Handling of Structural Elements', + status: 'Incomplete', + }, + { + id: 'CWE-238', + name: 'Improper Handling of Incomplete Structural Elements', + status: 'Draft', + }, + { + id: 'CWE-239', + name: 'Failure to Handle Incomplete Element', + status: 'Draft', + }, + { + id: 'CWE-24', + name: "Path Traversal: '../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-240', + name: 'Improper Handling of Inconsistent Structural Elements', + status: 'Draft', + }, + { + id: 'CWE-241', + name: 'Improper Handling of Unexpected Data Type', + status: 'Draft', + }, + { + id: 'CWE-242', + name: 'Use of Inherently Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-243', + name: 'Creation of chroot Jail Without Changing Working Directory', + status: 'Draft', + }, + { + id: 'CWE-244', + name: "Improper Clearing of Heap Memory Before Release ('Heap Inspection')", + status: 'Draft', + }, + { + id: 'CWE-245', + name: 'J2EE Bad Practices: Direct Management of Connections', + status: 'Draft', + }, + { + id: 'CWE-246', + name: 'J2EE Bad Practices: Direct Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-247', + name: 'Reliance on DNS Lookups in a Security Decision', + status: 'Incomplete', + }, + { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, + { + id: 'CWE-249', + name: 'DEPRECATED: Often Misused: Path Manipulation', + status: 'Deprecated', + }, + { + id: 'CWE-25', + name: "Path Traversal: '/../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-250', + name: 'Execution with Unnecessary Privileges', + status: 'Draft', + }, + { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, + { + id: 'CWE-253', + name: 'Incorrect Check of Function Return Value', + status: 'Incomplete', + }, + { + id: 'CWE-256', + name: 'Plaintext Storage of a Password', + status: 'Incomplete', + }, + { + id: 'CWE-257', + name: 'Storing Passwords in a Recoverable Format', + status: 'Incomplete', + }, + { + id: 'CWE-258', + name: 'Empty Password in Configuration File', + status: 'Incomplete', + }, + { id: 'CWE-259', name: 'Use of Hard-coded Password', status: 'Draft' }, + { + id: 'CWE-26', + name: "Path Traversal: '/dir/../filename'", + status: 'Draft', + }, + { + id: 'CWE-260', + name: 'Password in Configuration File', + status: 'Incomplete', + }, + { + id: 'CWE-261', + name: 'Weak Cryptography for Passwords', + status: 'Incomplete', + }, + { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, + { + id: 'CWE-263', + name: 'Password Aging with Long Expiration', + status: 'Draft', + }, + { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, + { + id: 'CWE-267', + name: 'Privilege Defined With Unsafe Actions', + status: 'Incomplete', + }, + { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, + { + id: 'CWE-269', + name: 'Improper Privilege Management', + status: 'Incomplete', + }, + { + id: 'CWE-27', + name: "Path Traversal: 'dir/../../filename'", + status: 'Draft', + }, + { + id: 'CWE-270', + name: 'Privilege Context Switching Error', + status: 'Draft', + }, + { + id: 'CWE-271', + name: 'Privilege Dropping / Lowering Errors', + status: 'Incomplete', + }, + { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, + { + id: 'CWE-273', + name: 'Improper Check for Dropped Privileges', + status: 'Incomplete', + }, + { + id: 'CWE-274', + name: 'Improper Handling of Insufficient Privileges', + status: 'Draft', + }, + { id: 'CWE-276', name: 'Incorrect Default Permissions', status: 'Draft' }, + { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, + { + id: 'CWE-278', + name: 'Insecure Preserved Inherited Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-279', + name: 'Incorrect Execution-Assigned Permissions', + status: 'Draft', + }, + { + id: 'CWE-28', + name: "Path Traversal: '..\\filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-280', + name: 'Improper Handling of Insufficient Permissions or Privileges ', + status: 'Draft', + }, + { + id: 'CWE-281', + name: 'Improper Preservation of Permissions', + status: 'Draft', + }, + { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, + { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, + { id: 'CWE-284', name: 'Improper Access Control', status: 'Incomplete' }, + { id: 'CWE-285', name: 'Improper Authorization', status: 'Draft' }, + { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, + { id: 'CWE-287', name: 'Improper Authentication', status: 'Draft' }, + { + id: 'CWE-288', + name: 'Authentication Bypass Using an Alternate Path or Channel', + status: 'Incomplete', + }, + { + id: 'CWE-289', + name: 'Authentication Bypass by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-29', + name: "Path Traversal: '\\..\\filename'", + status: 'Incomplete', + }, + { + id: 'CWE-290', + name: 'Authentication Bypass by Spoofing', + status: 'Incomplete', + }, + { + id: 'CWE-292', + name: 'Trusting Self-reported DNS Name', + status: 'Incomplete', + }, + { + id: 'CWE-293', + name: 'Using Referer Field for Authentication', + status: 'Draft', + }, + { + id: 'CWE-294', + name: 'Authentication Bypass by Capture-replay', + status: 'Incomplete', + }, + { + id: 'CWE-296', + name: 'Improper Following of Chain of Trust for Certificate Validation', + status: 'Draft', + }, + { + id: 'CWE-297', + name: 'Improper Validation of Host-specific Certificate Data', + status: 'Incomplete', + }, + { + id: 'CWE-298', + name: 'Improper Validation of Certificate Expiration', + status: 'Draft', + }, + { + id: 'CWE-299', + name: 'Improper Check for Certificate Revocation', + status: 'Draft', + }, + { + id: 'CWE-30', + name: "Path Traversal: '\\dir\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-300', + name: "Channel Accessible by Non-Endpoint ('Man-in-the-Middle')", + status: 'Draft', + }, + { + id: 'CWE-301', + name: 'Reflection Attack in an Authentication Protocol', + status: 'Draft', + }, + { + id: 'CWE-302', + name: 'Authentication Bypass by Assumed-Immutable Data', + status: 'Incomplete', + }, + { + id: 'CWE-303', + name: 'Incorrect Implementation of Authentication Algorithm', + status: 'Draft', + }, + { + id: 'CWE-304', + name: 'Missing Critical Step in Authentication', + status: 'Draft', + }, + { + id: 'CWE-305', + name: 'Authentication Bypass by Primary Weakness', + status: 'Draft', + }, + { + id: 'CWE-306', + name: 'Missing Authentication for Critical Function', + status: 'Draft', + }, + { + id: 'CWE-307', + name: 'Improper Restriction of Excessive Authentication Attempts', + status: 'Draft', + }, + { + id: 'CWE-308', + name: 'Use of Single-factor Authentication', + status: 'Draft', + }, + { + id: 'CWE-309', + name: 'Use of Password System for Primary Authentication', + status: 'Draft', + }, + { + id: 'CWE-31', + name: "Path Traversal: 'dir\\..\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-311', + name: 'Missing Encryption of Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-312', + name: 'Cleartext Storage of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-313', + name: 'Plaintext Storage in a File or on Disk', + status: 'Draft', + }, + { + id: 'CWE-314', + name: 'Plaintext Storage in the Registry', + status: 'Draft', + }, + { id: 'CWE-315', name: 'Plaintext Storage in a Cookie', status: 'Draft' }, + { id: 'CWE-316', name: 'Plaintext Storage in Memory', status: 'Draft' }, + { id: 'CWE-317', name: 'Plaintext Storage in GUI', status: 'Draft' }, + { id: 'CWE-318', name: 'Plaintext Storage in Executable', status: 'Draft' }, + { + id: 'CWE-319', + name: 'Cleartext Transmission of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-32', + name: "Path Traversal: '...' (Triple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-321', + name: 'Use of Hard-coded Cryptographic Key', + status: 'Draft', + }, + { + id: 'CWE-322', + name: 'Key Exchange without Entity Authentication', + status: 'Draft', + }, + { + id: 'CWE-323', + name: 'Reusing a Nonce, Key Pair in Encryption', + status: 'Incomplete', + }, + { + id: 'CWE-324', + name: 'Use of a Key Past its Expiration Date', + status: 'Draft', + }, + { + id: 'CWE-325', + name: 'Missing Required Cryptographic Step', + status: 'Incomplete', + }, + { id: 'CWE-326', name: 'Inadequate Encryption Strength', status: 'Draft' }, + { + id: 'CWE-327', + name: 'Use of a Broken or Risky Cryptographic Algorithm', + status: 'Draft', + }, + { id: 'CWE-328', name: 'Reversible One-Way Hash', status: 'Draft' }, + { + id: 'CWE-329', + name: 'Not Using a Random IV with CBC Mode', + status: 'Draft', + }, + { + id: 'CWE-33', + name: "Path Traversal: '....' (Multiple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-330', + name: 'Use of Insufficiently Random Values', + status: 'Usable', + }, + { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, + { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, + { + id: 'CWE-333', + name: 'Improper Handling of Insufficient Entropy in TRNG', + status: 'Draft', + }, + { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, + { id: 'CWE-335', name: 'PRNG Seed Error', status: 'Draft' }, + { id: 'CWE-336', name: 'Same Seed in PRNG', status: 'Draft' }, + { id: 'CWE-337', name: 'Predictable Seed in PRNG', status: 'Draft' }, + { + id: 'CWE-338', + name: 'Use of Cryptographically Weak PRNG', + status: 'Draft', + }, + { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, + { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, + { id: 'CWE-340', name: 'Predictability Problems', status: 'Incomplete' }, + { + id: 'CWE-341', + name: 'Predictable from Observable State', + status: 'Draft', + }, + { + id: 'CWE-342', + name: 'Predictable Exact Value from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-343', + name: 'Predictable Value Range from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-344', + name: 'Use of Invariant Value in Dynamically Changing Context', + status: 'Draft', + }, + { + id: 'CWE-345', + name: 'Insufficient Verification of Data Authenticity', + status: 'Draft', + }, + { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, + { + id: 'CWE-347', + name: 'Improper Verification of Cryptographic Signature', + status: 'Draft', + }, + { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, + { + id: 'CWE-349', + name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', + status: 'Draft', + }, + { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, + { id: 'CWE-350', name: 'Improperly Trusted Reverse DNS', status: 'Draft' }, + { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, + { + id: 'CWE-353', + name: 'Missing Support for Integrity Check', + status: 'Draft', + }, + { + id: 'CWE-354', + name: 'Improper Validation of Integrity Check Value', + status: 'Draft', + }, + { + id: 'CWE-356', + name: 'Product UI does not Warn User of Unsafe Actions', + status: 'Incomplete', + }, + { + id: 'CWE-357', + name: 'Insufficient UI Warning of Dangerous Operations', + status: 'Draft', + }, + { + id: 'CWE-358', + name: 'Improperly Implemented Security Check for Standard', + status: 'Draft', + }, + { id: 'CWE-359', name: 'Privacy Violation', status: 'Incomplete' }, + { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, + { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, + { + id: 'CWE-362', + name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", + status: 'Draft', + }, + { + id: 'CWE-363', + name: 'Race Condition Enabling Link Following', + status: 'Draft', + }, + { + id: 'CWE-364', + name: 'Signal Handler Race Condition', + status: 'Incomplete', + }, + { id: 'CWE-365', name: 'Race Condition in Switch', status: 'Draft' }, + { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, + { + id: 'CWE-367', + name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', + status: 'Incomplete', + }, + { + id: 'CWE-368', + name: 'Context Switching Race Condition', + status: 'Draft', + }, + { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, + { + id: 'CWE-37', + name: "Path Traversal: '/absolute/pathname/here'", + status: 'Draft', + }, + { + id: 'CWE-370', + name: 'Missing Check for Certificate Revocation after Initial Check', + status: 'Draft', + }, + { + id: 'CWE-372', + name: 'Incomplete Internal State Distinction', + status: 'Draft', + }, + { + id: 'CWE-373', + name: 'DEPRECATED: State Synchronization Error', + status: 'Deprecated', + }, + { + id: 'CWE-374', + name: 'Passing Mutable Objects to an Untrusted Method', + status: 'Draft', + }, + { + id: 'CWE-375', + name: 'Returning a Mutable Object to an Untrusted Caller', + status: 'Draft', + }, + { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, + { + id: 'CWE-378', + name: 'Creation of Temporary File With Insecure Permissions', + status: 'Draft', + }, + { + id: 'CWE-379', + name: 'Creation of Temporary File in Directory with Incorrect Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-38', + name: "Path Traversal: '\\absolute\\pathname\\here'", + status: 'Draft', + }, + { + id: 'CWE-382', + name: 'J2EE Bad Practices: Use of System.exit()', + status: 'Draft', + }, + { + id: 'CWE-383', + name: 'J2EE Bad Practices: Direct Use of Threads', + status: 'Draft', + }, + { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, + { + id: 'CWE-386', + name: 'Symbolic Name not Mapping to Correct Object', + status: 'Draft', + }, + { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, + { + id: 'CWE-390', + name: 'Detection of Error Condition Without Action', + status: 'Draft', + }, + { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, + { + id: 'CWE-392', + name: 'Missing Report of Error Condition', + status: 'Draft', + }, + { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, + { + id: 'CWE-394', + name: 'Unexpected Status Code or Return Value', + status: 'Draft', + }, + { + id: 'CWE-395', + name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', + status: 'Draft', + }, + { + id: 'CWE-396', + name: 'Declaration of Catch for Generic Exception', + status: 'Draft', + }, + { + id: 'CWE-397', + name: 'Declaration of Throws for Generic Exception', + status: 'Draft', + }, + { id: 'CWE-398', name: 'Indicator of Poor Code Quality', status: 'Draft' }, + { + id: 'CWE-40', + name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", + status: 'Draft', + }, + { + id: 'CWE-400', + name: "Uncontrolled Resource Consumption ('Resource Exhaustion')", + status: 'Incomplete', + }, + { + id: 'CWE-401', + name: "Improper Release of Memory Before Removing Last Reference ('Memory Leak')", + status: 'Draft', + }, + { + id: 'CWE-402', + name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", + status: 'Draft', + }, + { + id: 'CWE-403', + name: 'Exposure of File Descriptor to Unintended Control Sphere', + status: 'Draft', + }, + { + id: 'CWE-404', + name: 'Improper Resource Shutdown or Release', + status: 'Draft', + }, + { + id: 'CWE-405', + name: 'Asymmetric Resource Consumption (Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-406', + name: 'Insufficient Control of Network Message Volume (Network Amplification)', + status: 'Incomplete', + }, + { id: 'CWE-407', name: 'Algorithmic Complexity', status: 'Incomplete' }, + { + id: 'CWE-408', + name: 'Incorrect Behavior Order: Early Amplification', + status: 'Draft', + }, + { + id: 'CWE-409', + name: 'Improper Handling of Highly Compressed Data (Data Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-41', + name: 'Improper Resolution of Path Equivalence', + status: 'Incomplete', + }, + { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, + { + id: 'CWE-412', + name: 'Unrestricted Externally Accessible Lock', + status: 'Incomplete', + }, + { id: 'CWE-413', name: 'Improper Resource Locking', status: 'Draft' }, + { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, + { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, + { id: 'CWE-416', name: 'Use After Free', status: 'Draft' }, + { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, + { + id: 'CWE-42', + name: "Path Equivalence: 'filename.' (Trailing Dot)", + status: 'Incomplete', + }, + { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, + { + id: 'CWE-421', + name: 'Race Condition During Access to Alternate Channel', + status: 'Draft', + }, + { + id: 'CWE-422', + name: "Unprotected Windows Messaging Channel ('Shatter')", + status: 'Draft', + }, + { + id: 'CWE-423', + name: 'DEPRECATED (Duplicate): Proxied Trusted Channel', + status: 'Deprecated', + }, + { + id: 'CWE-424', + name: 'Improper Protection of Alternate Path', + status: 'Draft', + }, + { + id: 'CWE-425', + name: "Direct Request ('Forced Browsing')", + status: 'Incomplete', + }, + { + id: 'CWE-427', + name: 'Uncontrolled Search Path Element', + status: 'Draft', + }, + { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, + { + id: 'CWE-43', + name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-430', + name: 'Deployment of Wrong Handler', + status: 'Incomplete', + }, + { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, + { + id: 'CWE-432', + name: 'Dangerous Signal Handler not Disabled During Sensitive Operations', + status: 'Draft', + }, + { + id: 'CWE-433', + name: 'Unparsed Raw Web Content Delivery', + status: 'Incomplete', + }, + { + id: 'CWE-434', + name: 'Unrestricted Upload of File with Dangerous Type', + status: 'Draft', + }, + { id: 'CWE-435', name: 'Interaction Error', status: 'Draft' }, + { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, + { + id: 'CWE-437', + name: 'Incomplete Model of Endpoint Features', + status: 'Incomplete', + }, + { + id: 'CWE-439', + name: 'Behavioral Change in New Version or Environment', + status: 'Draft', + }, + { + id: 'CWE-44', + name: "Path Equivalence: 'file.name' (Internal Dot)", + status: 'Incomplete', + }, + { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, + { id: 'CWE-441', name: 'Unintended Proxy/Intermediary', status: 'Draft' }, + { + id: 'CWE-443', + name: 'DEPRECATED (Duplicate): HTTP response splitting', + status: 'Deprecated', + }, + { + id: 'CWE-444', + name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')", + status: 'Incomplete', + }, + { + id: 'CWE-446', + name: 'UI Discrepancy for Security Feature', + status: 'Incomplete', + }, + { + id: 'CWE-447', + name: 'Unimplemented or Unsupported Feature in UI', + status: 'Draft', + }, + { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, + { + id: 'CWE-449', + name: 'The UI Performs the Wrong Action', + status: 'Incomplete', + }, + { + id: 'CWE-45', + name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-450', + name: 'Multiple Interpretations of UI Input', + status: 'Draft', + }, + { + id: 'CWE-451', + name: 'UI Misrepresentation of Critical Information', + status: 'Draft', + }, + { + id: 'CWE-453', + name: 'Insecure Default Variable Initialization', + status: 'Draft', + }, + { + id: 'CWE-454', + name: 'External Initialization of Trusted Variables or Data Stores', + status: 'Draft', + }, + { + id: 'CWE-455', + name: 'Non-exit on Failed Initialization', + status: 'Draft', + }, + { id: 'CWE-456', name: 'Missing Initialization', status: 'Draft' }, + { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, + { + id: 'CWE-458', + name: 'DEPRECATED: Incorrect Initialization', + status: 'Deprecated', + }, + { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, + { + id: 'CWE-46', + name: "Path Equivalence: 'filename ' (Trailing Space)", + status: 'Incomplete', + }, + { + id: 'CWE-460', + name: 'Improper Cleanup on Thrown Exception', + status: 'Draft', + }, + { + id: 'CWE-462', + name: 'Duplicate Key in Associative List (Alist)', + status: 'Incomplete', + }, + { + id: 'CWE-463', + name: 'Deletion of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-464', + name: 'Addition of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-466', + name: 'Return of Pointer Value Outside of Expected Range', + status: 'Draft', + }, + { + id: 'CWE-467', + name: 'Use of sizeof() on a Pointer Type', + status: 'Draft', + }, + { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, + { + id: 'CWE-469', + name: 'Use of Pointer Subtraction to Determine Size', + status: 'Draft', + }, + { + id: 'CWE-47', + name: "Path Equivalence: ' filename' (Leading Space)", + status: 'Incomplete', + }, + { + id: 'CWE-470', + name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", + status: 'Draft', + }, + { + id: 'CWE-471', + name: 'Modification of Assumed-Immutable Data (MAID)', + status: 'Draft', + }, + { + id: 'CWE-472', + name: 'External Control of Assumed-Immutable Web Parameter', + status: 'Draft', + }, + { + id: 'CWE-473', + name: 'PHP External Variable Modification', + status: 'Draft', + }, + { + id: 'CWE-474', + name: 'Use of Function with Inconsistent Implementations', + status: 'Draft', + }, + { + id: 'CWE-475', + name: 'Undefined Behavior for Input to API', + status: 'Incomplete', + }, + { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Draft' }, + { id: 'CWE-477', name: 'Use of Obsolete Functions', status: 'Draft' }, + { + id: 'CWE-478', + name: 'Missing Default Case in Switch Statement', + status: 'Draft', + }, + { + id: 'CWE-479', + name: 'Signal Handler Use of a Non-reentrant Function', + status: 'Draft', + }, + { + id: 'CWE-48', + name: "Path Equivalence: 'file name' (Internal Whitespace)", + status: 'Incomplete', + }, + { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, + { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, + { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, + { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, + { + id: 'CWE-484', + name: 'Omitted Break Statement in Switch', + status: 'Draft', + }, + { id: 'CWE-485', name: 'Insufficient Encapsulation', status: 'Draft' }, + { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, + { + id: 'CWE-487', + name: 'Reliance on Package-level Scope', + status: 'Incomplete', + }, + { + id: 'CWE-488', + name: 'Exposure of Data Element to Wrong Session', + status: 'Draft', + }, + { id: 'CWE-489', name: 'Leftover Debug Code', status: 'Draft' }, + { + id: 'CWE-49', + name: "Path Equivalence: 'filename/' (Trailing Slash)", + status: 'Incomplete', + }, + { + id: 'CWE-491', + name: "Public cloneable() Method Without Final ('Object Hijack')", + status: 'Draft', + }, + { + id: 'CWE-492', + name: 'Use of Inner Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-493', + name: 'Critical Public Variable Without Final Modifier', + status: 'Draft', + }, + { + id: 'CWE-494', + name: 'Download of Code Without Integrity Check', + status: 'Draft', + }, + { + id: 'CWE-495', + name: 'Private Array-Typed Field Returned From A Public Method', + status: 'Draft', + }, + { + id: 'CWE-496', + name: 'Public Data Assigned to Private Array-Typed Field', + status: 'Incomplete', + }, + { + id: 'CWE-497', + name: 'Exposure of System Data to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-498', + name: 'Cloneable Class Containing Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-499', + name: 'Serializable Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-5', + name: 'J2EE Misconfiguration: Data Transmission Without Encryption', + status: 'Draft', + }, + { + id: 'CWE-50', + name: "Path Equivalence: '//multiple/leading/slash'", + status: 'Incomplete', + }, + { + id: 'CWE-500', + name: 'Public Static Field Not Marked Final', + status: 'Draft', + }, + { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, + { + id: 'CWE-502', + name: 'Deserialization of Untrusted Data', + status: 'Draft', + }, + { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, + { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, + { + id: 'CWE-508', + name: 'Non-Replicating Malicious Code', + status: 'Incomplete', + }, + { + id: 'CWE-509', + name: 'Replicating Malicious Code (Virus or Worm)', + status: 'Incomplete', + }, + { + id: 'CWE-51', + name: "Path Equivalence: '/multiple//internal/slash'", + status: 'Incomplete', + }, + { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, + { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, + { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, + { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, + { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, + { + id: 'CWE-516', + name: 'DEPRECATED (Duplicate): Covert Timing Channel', + status: 'Deprecated', + }, + { + id: 'CWE-52', + name: "Path Equivalence: '/multiple/trailing/slash//'", + status: 'Incomplete', + }, + { + id: 'CWE-520', + name: '.NET Misconfiguration: Use of Impersonation', + status: 'Incomplete', + }, + { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, + { + id: 'CWE-522', + name: 'Insufficiently Protected Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-523', + name: 'Unprotected Transport of Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-524', + name: 'Information Exposure Through Caching', + status: 'Incomplete', + }, + { + id: 'CWE-525', + name: 'Information Exposure Through Browser Caching', + status: 'Incomplete', + }, + { + id: 'CWE-526', + name: 'Information Exposure Through Environmental Variables', + status: 'Incomplete', + }, + { + id: 'CWE-527', + name: 'Exposure of CVS Repository to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-528', + name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', + status: 'Draft', + }, + { + id: 'CWE-529', + name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-53', + name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", + status: 'Incomplete', + }, + { + id: 'CWE-530', + name: 'Exposure of Backup File to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-531', + name: 'Information Exposure Through Test Code', + status: 'Incomplete', + }, + { + id: 'CWE-532', + name: 'Information Exposure Through Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-533', + name: 'Information Exposure Through Server Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-534', + name: 'Information Exposure Through Debug Log Files', + status: 'Draft', + }, + { + id: 'CWE-535', + name: 'Information Exposure Through Shell Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-536', + name: 'Information Exposure Through Servlet Runtime Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-537', + name: 'Information Exposure Through Java Runtime Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-538', + name: 'File and Directory Information Exposure', + status: 'Draft', + }, + { + id: 'CWE-539', + name: 'Information Exposure Through Persistent Cookies', + status: 'Incomplete', + }, + { + id: 'CWE-54', + name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", + status: 'Incomplete', + }, + { + id: 'CWE-540', + name: 'Information Exposure Through Source Code', + status: 'Incomplete', + }, + { + id: 'CWE-541', + name: 'Information Exposure Through Include Source Code', + status: 'Incomplete', + }, + { + id: 'CWE-542', + name: 'Information Exposure Through Cleanup Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-543', + name: 'Use of Singleton Pattern Without Synchronization in a Multithreaded Context', + status: 'Incomplete', + }, + { + id: 'CWE-544', + name: 'Missing Standardized Error Handling Mechanism', + status: 'Draft', + }, + { + id: 'CWE-545', + name: 'Use of Dynamic Class Loading', + status: 'Incomplete', + }, + { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, + { + id: 'CWE-547', + name: 'Use of Hard-coded, Security-relevant Constants', + status: 'Draft', + }, + { + id: 'CWE-548', + name: 'Information Exposure Through Directory Listing', + status: 'Draft', + }, + { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, + { + id: 'CWE-55', + name: "Path Equivalence: '/./' (Single Dot Directory)", + status: 'Incomplete', + }, + { + id: 'CWE-550', + name: 'Information Exposure Through Server Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-551', + name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', + status: 'Incomplete', + }, + { + id: 'CWE-552', + name: 'Files or Directories Accessible to External Parties', + status: 'Draft', + }, + { + id: 'CWE-553', + name: 'Command Shell in Externally Accessible Directory', + status: 'Incomplete', + }, + { + id: 'CWE-554', + name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', + status: 'Draft', + }, + { + id: 'CWE-555', + name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-556', + name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', + status: 'Incomplete', + }, + { + id: 'CWE-558', + name: 'Use of getlogin() in Multithreaded Application', + status: 'Draft', + }, + { + id: 'CWE-56', + name: "Path Equivalence: 'filedir*' (Wildcard)", + status: 'Incomplete', + }, + { + id: 'CWE-560', + name: 'Use of umask() with chmod-style Argument', + status: 'Draft', + }, + { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, + { + id: 'CWE-562', + name: 'Return of Stack Variable Address', + status: 'Draft', + }, + { id: 'CWE-563', name: 'Unused Variable', status: 'Draft' }, + { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, + { + id: 'CWE-565', + name: 'Reliance on Cookies without Validation and Integrity Checking', + status: 'Incomplete', + }, + { + id: 'CWE-566', + name: 'Authorization Bypass Through User-Controlled SQL Primary Key', + status: 'Incomplete', + }, + { + id: 'CWE-567', + name: 'Unsynchronized Access to Shared Data in a Multithreaded Context', + status: 'Draft', + }, + { + id: 'CWE-568', + name: 'finalize() Method Without super.finalize()', + status: 'Draft', + }, + { + id: 'CWE-57', + name: "Path Equivalence: 'fakedir/../realdir/filename'", + status: 'Incomplete', + }, + { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, + { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, + { + id: 'CWE-572', + name: 'Call to Thread run() instead of start()', + status: 'Draft', + }, + { + id: 'CWE-573', + name: 'Improper Following of Specification by Caller', + status: 'Draft', + }, + { + id: 'CWE-574', + name: 'EJB Bad Practices: Use of Synchronization Primitives', + status: 'Draft', + }, + { + id: 'CWE-575', + name: 'EJB Bad Practices: Use of AWT Swing', + status: 'Draft', + }, + { + id: 'CWE-576', + name: 'EJB Bad Practices: Use of Java I/O', + status: 'Draft', + }, + { + id: 'CWE-577', + name: 'EJB Bad Practices: Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-578', + name: 'EJB Bad Practices: Use of Class Loader', + status: 'Draft', + }, + { + id: 'CWE-579', + name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', + status: 'Draft', + }, + { + id: 'CWE-58', + name: 'Path Equivalence: Windows 8.3 Filename', + status: 'Incomplete', + }, + { + id: 'CWE-580', + name: 'clone() Method Without super.clone()', + status: 'Draft', + }, + { + id: 'CWE-581', + name: 'Object Model Violation: Just One of Equals and Hashcode Defined', + status: 'Draft', + }, + { + id: 'CWE-582', + name: 'Array Declared Public, Final, and Static', + status: 'Draft', + }, + { + id: 'CWE-583', + name: 'finalize() Method Declared Public', + status: 'Incomplete', + }, + { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, + { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, + { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, + { + id: 'CWE-587', + name: 'Assignment of a Fixed Address to a Pointer', + status: 'Draft', + }, + { + id: 'CWE-588', + name: 'Attempt to Access Child of a Non-structure Pointer', + status: 'Incomplete', + }, + { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, + { + id: 'CWE-59', + name: "Improper Link Resolution Before File Access ('Link Following')", + status: 'Draft', + }, + { + id: 'CWE-590', + name: 'Free of Memory not on the Heap', + status: 'Incomplete', + }, + { + id: 'CWE-591', + name: 'Sensitive Data Storage in Improperly Locked Memory', + status: 'Draft', + }, + { + id: 'CWE-592', + name: 'Authentication Bypass Issues', + status: 'Incomplete', + }, + { + id: 'CWE-593', + name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', + status: 'Draft', + }, + { + id: 'CWE-594', + name: 'J2EE Framework: Saving Unserializable Objects to Disk', + status: 'Incomplete', + }, + { + id: 'CWE-595', + name: 'Comparison of Object References Instead of Object Contents', + status: 'Incomplete', + }, + { + id: 'CWE-596', + name: 'Incorrect Semantic Object Comparison', + status: 'Incomplete', + }, + { + id: 'CWE-597', + name: 'Use of Wrong Operator in String Comparison', + status: 'Draft', + }, + { + id: 'CWE-598', + name: 'Information Exposure Through Query Strings in GET Request', + status: 'Draft', + }, + { + id: 'CWE-599', + name: 'Trust of OpenSSL Certificate Without Validation', + status: 'Incomplete', + }, + { + id: 'CWE-6', + name: 'J2EE Misconfiguration: Insufficient Session-ID Length', + status: 'Incomplete', + }, + { id: 'CWE-600', name: 'Uncaught Exception in Servlet ', status: 'Draft' }, + { + id: 'CWE-601', + name: "URL Redirection to Untrusted Site ('Open Redirect')", + status: 'Draft', + }, + { + id: 'CWE-602', + name: 'Client-Side Enforcement of Server-Side Security', + status: 'Draft', + }, + { + id: 'CWE-603', + name: 'Use of Client-Side Authentication', + status: 'Draft', + }, + { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, + { + id: 'CWE-606', + name: 'Unchecked Input for Loop Condition', + status: 'Draft', + }, + { + id: 'CWE-607', + name: 'Public Static Final Field References Mutable Object', + status: 'Draft', + }, + { + id: 'CWE-608', + name: 'Struts: Non-private Field in ActionForm Class', + status: 'Draft', + }, + { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, + { + id: 'CWE-610', + name: 'Externally Controlled Reference to a Resource in Another Sphere', + status: 'Draft', + }, + { + id: 'CWE-611', + name: 'Information Exposure Through XML External Entity Reference', + status: 'Draft', + }, + { + id: 'CWE-612', + name: 'Information Exposure Through Indexing of Private Data', + status: 'Draft', + }, + { + id: 'CWE-613', + name: 'Insufficient Session Expiration', + status: 'Incomplete', + }, + { + id: 'CWE-614', + name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", + status: 'Draft', + }, + { + id: 'CWE-615', + name: 'Information Exposure Through Comments', + status: 'Incomplete', + }, + { + id: 'CWE-616', + name: 'Incomplete Identification of Uploaded File Variables (PHP)', + status: 'Incomplete', + }, + { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, + { + id: 'CWE-618', + name: 'Exposed Unsafe ActiveX Method', + status: 'Incomplete', + }, + { + id: 'CWE-619', + name: "Dangling Database Cursor ('Cursor Injection')", + status: 'Incomplete', + }, + { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, + { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, + { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, + { + id: 'CWE-622', + name: 'Improper Validation of Function Hook Arguments', + status: 'Draft', + }, + { + id: 'CWE-623', + name: 'Unsafe ActiveX Control Marked Safe For Scripting', + status: 'Draft', + }, + { + id: 'CWE-624', + name: 'Executable Regular Expression Error', + status: 'Incomplete', + }, + { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, + { + id: 'CWE-626', + name: 'Null Byte Interaction Error (Poison Null Byte)', + status: 'Draft', + }, + { + id: 'CWE-627', + name: 'Dynamic Variable Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-628', + name: 'Function Call with Incorrectly Specified Arguments', + status: 'Draft', + }, + { + id: 'CWE-636', + name: "Not Failing Securely ('Failing Open')", + status: 'Draft', + }, + { + id: 'CWE-637', + name: "Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')", + status: 'Draft', + }, + { id: 'CWE-638', name: 'Not Using Complete Mediation', status: 'Draft' }, + { + id: 'CWE-639', + name: 'Authorization Bypass Through User-Controlled Key', + status: 'Incomplete', + }, + { + id: 'CWE-64', + name: 'Windows Shortcut Following (.LNK)', + status: 'Incomplete', + }, + { + id: 'CWE-640', + name: 'Weak Password Recovery Mechanism for Forgotten Password', + status: 'Incomplete', + }, + { + id: 'CWE-641', + name: 'Improper Restriction of Names for Files and Other Resources', + status: 'Incomplete', + }, + { + id: 'CWE-642', + name: 'External Control of Critical State Data', + status: 'Draft', + }, + { + id: 'CWE-643', + name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-644', + name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', + status: 'Incomplete', + }, + { + id: 'CWE-645', + name: 'Overly Restrictive Account Lockout Mechanism', + status: 'Incomplete', + }, + { + id: 'CWE-646', + name: 'Reliance on File Name or Extension of Externally-Supplied File', + status: 'Incomplete', + }, + { + id: 'CWE-647', + name: 'Use of Non-Canonical URL Paths for Authorization Decisions', + status: 'Incomplete', + }, + { + id: 'CWE-648', + name: 'Incorrect Use of Privileged APIs', + status: 'Incomplete', + }, + { + id: 'CWE-649', + name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', + status: 'Incomplete', + }, + { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, + { + id: 'CWE-650', + name: 'Trusting HTTP Permission Methods on the Server Side', + status: 'Incomplete', + }, + { + id: 'CWE-651', + name: 'Information Exposure Through WSDL File', + status: 'Incomplete', + }, + { + id: 'CWE-652', + name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-653', + name: 'Insufficient Compartmentalization', + status: 'Draft', + }, + { + id: 'CWE-654', + name: 'Reliance on a Single Factor in a Security Decision', + status: 'Draft', + }, + { + id: 'CWE-655', + name: 'Insufficient Psychological Acceptability', + status: 'Draft', + }, + { + id: 'CWE-656', + name: 'Reliance on Security Through Obscurity', + status: 'Draft', + }, + { + id: 'CWE-657', + name: 'Violation of Secure Design Principles', + status: 'Draft', + }, + { + id: 'CWE-66', + name: 'Improper Handling of File Names that Identify Virtual Resources', + status: 'Draft', + }, + { id: 'CWE-662', name: 'Improper Synchronization', status: 'Draft' }, + { + id: 'CWE-663', + name: 'Use of a Non-reentrant Function in a Concurrent Context', + status: 'Draft', + }, + { + id: 'CWE-664', + name: 'Improper Control of a Resource Through its Lifetime', + status: 'Draft', + }, + { id: 'CWE-665', name: 'Improper Initialization', status: 'Draft' }, + { + id: 'CWE-666', + name: 'Operation on Resource in Wrong Phase of Lifetime', + status: 'Draft', + }, + { id: 'CWE-667', name: 'Improper Locking', status: 'Draft' }, + { + id: 'CWE-668', + name: 'Exposure of Resource to Wrong Sphere', + status: 'Draft', + }, + { + id: 'CWE-669', + name: 'Incorrect Resource Transfer Between Spheres', + status: 'Draft', + }, + { + id: 'CWE-67', + name: 'Improper Handling of Windows Device Names', + status: 'Incomplete', + }, + { + id: 'CWE-670', + name: 'Always-Incorrect Control Flow Implementation', + status: 'Draft', + }, + { + id: 'CWE-671', + name: 'Lack of Administrator Control over Security', + status: 'Draft', + }, + { + id: 'CWE-672', + name: 'Operation on a Resource after Expiration or Release', + status: 'Draft', + }, + { + id: 'CWE-673', + name: 'External Influence of Sphere Definition', + status: 'Draft', + }, + { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, + { + id: 'CWE-675', + name: 'Duplicate Operations on Resource', + status: 'Draft', + }, + { + id: 'CWE-676', + name: 'Use of Potentially Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-681', + name: 'Incorrect Conversion between Numeric Types', + status: 'Draft', + }, + { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, + { + id: 'CWE-683', + name: 'Function Call With Incorrect Order of Arguments', + status: 'Draft', + }, + { + id: 'CWE-684', + name: 'Incorrect Provision of Specified Functionality', + status: 'Draft', + }, + { + id: 'CWE-685', + name: 'Function Call With Incorrect Number of Arguments', + status: 'Draft', + }, + { + id: 'CWE-686', + name: 'Function Call With Incorrect Argument Type', + status: 'Draft', + }, + { + id: 'CWE-687', + name: 'Function Call With Incorrectly Specified Argument Value', + status: 'Draft', + }, + { + id: 'CWE-688', + name: 'Function Call With Incorrect Variable or Reference as Argument', + status: 'Draft', + }, + { + id: 'CWE-69', + name: 'Improper Handling of Windows ::DATA Alternate Data Stream', + status: 'Incomplete', + }, + { + id: 'CWE-691', + name: 'Insufficient Control Flow Management', + status: 'Draft', + }, + { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, + { + id: 'CWE-694', + name: 'Use of Multiple Resources with Duplicate Identifier', + status: 'Incomplete', + }, + { + id: 'CWE-695', + name: 'Use of Low-Level Functionality', + status: 'Incomplete', + }, + { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, + { id: 'CWE-697', name: 'Insufficient Comparison', status: 'Incomplete' }, + { id: 'CWE-698', name: 'Redirect Without Exit', status: 'Incomplete' }, + { + id: 'CWE-7', + name: 'J2EE Misconfiguration: Missing Custom Error Page', + status: 'Incomplete', + }, + { + id: 'CWE-703', + name: 'Improper Check or Handling of Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-704', + name: 'Incorrect Type Conversion or Cast', + status: 'Incomplete', + }, + { + id: 'CWE-705', + name: 'Incorrect Control Flow Scoping', + status: 'Incomplete', + }, + { + id: 'CWE-706', + name: 'Use of Incorrectly-Resolved Name or Reference', + status: 'Incomplete', + }, + { + id: 'CWE-707', + name: 'Improper Enforcement of Message or Data Structure', + status: 'Incomplete', + }, + { + id: 'CWE-708', + name: 'Incorrect Ownership Assignment', + status: 'Incomplete', + }, + { id: 'CWE-71', name: "Apple '.DS_Store'", status: 'Incomplete' }, + { id: 'CWE-710', name: 'Coding Standards Violation', status: 'Incomplete' }, + { + id: 'CWE-72', + name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', + status: 'Incomplete', + }, + { + id: 'CWE-73', + name: 'External Control of File Name or Path', + status: 'Draft', + }, + { + id: 'CWE-732', + name: 'Incorrect Permission Assignment for Critical Resource', + status: 'Draft', + }, + { + id: 'CWE-733', + name: 'Compiler Optimization Removal or Modification of Security-critical Code', + status: 'Incomplete', + }, + { + id: 'CWE-74', + name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-749', + name: 'Exposed Dangerous Method or Function', + status: 'Incomplete', + }, + { + id: 'CWE-75', + name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', + status: 'Draft', + }, + { + id: 'CWE-754', + name: 'Improper Check for Unusual or Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-755', + name: 'Improper Handling of Exceptional Conditions', + status: 'Incomplete', + }, + { id: 'CWE-756', name: 'Missing Custom Error Page', status: 'Incomplete' }, + { + id: 'CWE-757', + name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", + status: 'Incomplete', + }, + { + id: 'CWE-758', + name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', + status: 'Incomplete', + }, + { + id: 'CWE-759', + name: 'Use of a One-Way Hash without a Salt', + status: 'Incomplete', + }, + { + id: 'CWE-76', + name: 'Improper Neutralization of Equivalent Special Elements', + status: 'Draft', + }, + { + id: 'CWE-760', + name: 'Use of a One-Way Hash with a Predictable Salt', + status: 'Incomplete', + }, + { + id: 'CWE-761', + name: 'Free of Pointer not at Start of Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-762', + name: 'Mismatched Memory Management Routines', + status: 'Incomplete', + }, + { + id: 'CWE-763', + name: 'Release of Invalid Pointer or Reference', + status: 'Incomplete', + }, + { + id: 'CWE-764', + name: 'Multiple Locks of a Critical Resource', + status: 'Incomplete', + }, + { + id: 'CWE-765', + name: 'Multiple Unlocks of a Critical Resource', + status: 'Incomplete', + }, + { + id: 'CWE-766', + name: 'Critical Variable Declared Public', + status: 'Incomplete', + }, + { + id: 'CWE-767', + name: 'Access to Critical Private Variable via Public Method', + status: 'Incomplete', + }, + { + id: 'CWE-768', + name: 'Incorrect Short Circuit Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-77', + name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", + status: 'Draft', + }, + { + id: 'CWE-770', + name: 'Allocation of Resources Without Limits or Throttling', + status: 'Incomplete', + }, + { + id: 'CWE-771', + name: 'Missing Reference to Active Allocated Resource', + status: 'Incomplete', + }, + { + id: 'CWE-772', + name: 'Missing Release of Resource after Effective Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-773', + name: 'Missing Reference to Active File Descriptor or Handle', + status: 'Incomplete', + }, + { + id: 'CWE-774', + name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', + status: 'Incomplete', + }, + { + id: 'CWE-775', + name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-776', + name: "Unrestricted Recursive Entity References in DTDs ('XML Bomb')", + status: 'Draft', + }, + { + id: 'CWE-777', + name: 'Regular Expression without Anchors', + status: 'Incomplete', + }, + { id: 'CWE-778', name: 'Insufficient Logging', status: 'Draft' }, + { id: 'CWE-779', name: 'Logging of Excessive Data', status: 'Draft' }, + { + id: 'CWE-78', + name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", + status: 'Draft', + }, + { + id: 'CWE-780', + name: 'Use of RSA Algorithm without OAEP', + status: 'Incomplete', + }, + { + id: 'CWE-781', + name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', + status: 'Draft', + }, + { + id: 'CWE-782', + name: 'Exposed IOCTL with Insufficient Access Control', + status: 'Draft', + }, + { id: 'CWE-783', name: 'Operator Precedence Logic Error', status: 'Draft' }, + { + id: 'CWE-784', + name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', + status: 'Draft', + }, + { + id: 'CWE-785', + name: 'Use of Path Manipulation Function without Maximum-sized Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-786', + name: 'Access of Memory Location Before Start of Buffer', + status: 'Incomplete', + }, + { id: 'CWE-787', name: 'Out-of-bounds Write', status: 'Incomplete' }, + { + id: 'CWE-788', + name: 'Access of Memory Location After End of Buffer', + status: 'Incomplete', + }, + { id: 'CWE-789', name: 'Uncontrolled Memory Allocation', status: 'Draft' }, + { + id: 'CWE-79', + name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + status: 'Usable', + }, + { + id: 'CWE-790', + name: 'Improper Filtering of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-791', + name: 'Incomplete Filtering of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-792', + name: 'Incomplete Filtering of One or More Instances of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-793', + name: 'Only Filtering One Instance of a Special Element', + status: 'Incomplete', + }, + { + id: 'CWE-794', + name: 'Incomplete Filtering of Multiple Instances of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-795', + name: 'Only Filtering Special Elements at a Specified Location', + status: 'Incomplete', + }, + { + id: 'CWE-796', + name: 'Only Filtering Special Elements Relative to a Marker', + status: 'Incomplete', + }, + { + id: 'CWE-797', + name: 'Only Filtering Special Elements at an Absolute Position', + status: 'Incomplete', + }, + { + id: 'CWE-798', + name: 'Use of Hard-coded Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-799', + name: 'Improper Control of Interaction Frequency', + status: 'Incomplete', + }, + { + id: 'CWE-8', + name: 'J2EE Misconfiguration: Entity Bean Declared Remote', + status: 'Incomplete', + }, + { + id: 'CWE-80', + name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', + status: 'Incomplete', + }, + { id: 'CWE-804', name: 'Guessable CAPTCHA', status: 'Incomplete' }, + { + id: 'CWE-805', + name: 'Buffer Access with Incorrect Length Value', + status: 'Incomplete', + }, + { + id: 'CWE-806', + name: 'Buffer Access Using Size of Source Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-807', + name: 'Reliance on Untrusted Inputs in a Security Decision', + status: 'Incomplete', + }, + { + id: 'CWE-81', + name: 'Improper Neutralization of Script in an Error Message Web Page', + status: 'Incomplete', + }, + { + id: 'CWE-82', + name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', + status: 'Incomplete', + }, + { id: 'CWE-820', name: 'Missing Synchronization', status: 'Incomplete' }, + { id: 'CWE-821', name: 'Incorrect Synchronization', status: 'Incomplete' }, + { + id: 'CWE-822', + name: 'Untrusted Pointer Dereference', + status: 'Incomplete', + }, + { + id: 'CWE-823', + name: 'Use of Out-of-range Pointer Offset', + status: 'Incomplete', + }, + { + id: 'CWE-824', + name: 'Access of Uninitialized Pointer', + status: 'Incomplete', + }, + { + id: 'CWE-825', + name: 'Expired Pointer Dereference', + status: 'Incomplete', + }, + { + id: 'CWE-826', + name: 'Premature Release of Resource During Expected Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-827', + name: 'Improper Control of Document Type Definition', + status: 'Incomplete', + }, + { + id: 'CWE-828', + name: 'Signal Handler with Functionality that is not Asynchronous-Safe', + status: 'Incomplete', + }, + { + id: 'CWE-829', + name: 'Inclusion of Functionality from Untrusted Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-83', + name: 'Improper Neutralization of Script in Attributes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-830', + name: 'Inclusion of Web Functionality from an Untrusted Source', + status: 'Incomplete', + }, + { + id: 'CWE-831', + name: 'Signal Handler Function Associated with Multiple Signals', + status: 'Incomplete', + }, + { + id: 'CWE-832', + name: 'Unlock of a Resource that is not Locked', + status: 'Incomplete', + }, + { id: 'CWE-833', name: 'Deadlock', status: 'Incomplete' }, + { id: 'CWE-834', name: 'Excessive Iteration', status: 'Incomplete' }, + { + id: 'CWE-835', + name: "Loop with Unreachable Exit Condition ('Infinite Loop')", + status: 'Incomplete', + }, + { + id: 'CWE-836', + name: 'Use of Password Hash Instead of Password for Authentication', + status: 'Incomplete', + }, + { + id: 'CWE-837', + name: 'Improper Enforcement of a Single, Unique Action', + status: 'Incomplete', + }, + { + id: 'CWE-838', + name: 'Inappropriate Encoding for Output Context', + status: 'Incomplete', + }, + { + id: 'CWE-839', + name: 'Numeric Range Comparison Without Minimum Check', + status: 'Incomplete', + }, + { + id: 'CWE-84', + name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-841', + name: 'Improper Enforcement of Behavioral Workflow', + status: 'Incomplete', + }, + { + id: 'CWE-842', + name: 'Placement of User into Incorrect Group', + status: 'Incomplete', + }, + { + id: 'CWE-843', + name: "Access of Resource Using Incompatible Type ('Type Confusion')", + status: 'Incomplete', + }, + { + id: 'CWE-85', + name: 'Doubled Character XSS Manipulations', + status: 'Draft', + }, + { + id: 'CWE-86', + name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', + status: 'Draft', + }, + { id: 'CWE-862', name: 'Missing Authorization', status: 'Incomplete' }, + { id: 'CWE-863', name: 'Incorrect Authorization', status: 'Incomplete' }, + { + id: 'CWE-87', + name: 'Improper Neutralization of Alternate XSS Syntax', + status: 'Draft', + }, + { + id: 'CWE-88', + name: 'Argument Injection or Modification', + status: 'Draft', + }, + { + id: 'CWE-89', + name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + status: 'Draft', + }, + { + id: 'CWE-9', + name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', + status: 'Draft', + }, + { + id: 'CWE-90', + name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", + status: 'Draft', + }, + { + id: 'CWE-91', + name: 'XML Injection (aka Blind XPath Injection)', + status: 'Draft', + }, + { + id: 'CWE-92', + name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', + status: 'Deprecated', + }, + { + id: 'CWE-93', + name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", + status: 'Draft', + }, + { + id: 'CWE-94', + name: "Improper Control of Generation of Code ('Code Injection')", + status: 'Draft', + }, + { + id: 'CWE-95', + name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-96', + name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", + status: 'Draft', + }, + { + id: 'CWE-97', + name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', + status: 'Draft', + }, + { + id: 'CWE-98', + name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP File Inclusion')", + status: 'Draft', + }, + { + id: 'CWE-99', + name: "Improper Control of Resource Identifiers ('Resource Injection')", + status: 'Draft', + }, + ], +} diff --git a/lib/cwec/2.4.js b/lib/cwec/2.4.js new file mode 100644 index 00000000..1a4a8bf3 --- /dev/null +++ b/lib/cwec/2.4.js @@ -0,0 +1,2897 @@ +export default { + weaknesses: [ + { + id: 'CWE-102', + name: 'Struts: Duplicate Validation Forms', + status: 'Incomplete', + }, + { + id: 'CWE-103', + name: 'Struts: Incomplete validate() Method Definition', + status: 'Draft', + }, + { + id: 'CWE-104', + name: 'Struts: Form Bean Does Not Extend Validation Class', + status: 'Draft', + }, + { + id: 'CWE-105', + name: 'Struts: Form Field Without Validator', + status: 'Draft', + }, + { + id: 'CWE-106', + name: 'Struts: Plug-in Framework not in Use', + status: 'Draft', + }, + { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, + { + id: 'CWE-108', + name: 'Struts: Unvalidated Action Form', + status: 'Incomplete', + }, + { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, + { + id: 'CWE-11', + name: 'ASP.NET Misconfiguration: Creating Debug Binary', + status: 'Draft', + }, + { + id: 'CWE-110', + name: 'Struts: Validator Without Form Field', + status: 'Draft', + }, + { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, + { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, + { + id: 'CWE-113', + name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')", + status: 'Incomplete', + }, + { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, + { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, + { + id: 'CWE-116', + name: 'Improper Encoding or Escaping of Output', + status: 'Draft', + }, + { + id: 'CWE-117', + name: 'Improper Output Neutralization for Logs', + status: 'Draft', + }, + { + id: 'CWE-118', + name: "Improper Access of Indexable Resource ('Range Error')", + status: 'Incomplete', + }, + { + id: 'CWE-119', + name: 'Improper Restriction of Operations within the Bounds of a Memory Buffer', + status: 'Usable', + }, + { + id: 'CWE-12', + name: 'ASP.NET Misconfiguration: Missing Custom Error Page', + status: 'Draft', + }, + { + id: 'CWE-120', + name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", + status: 'Incomplete', + }, + { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, + { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, + { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, + { + id: 'CWE-124', + name: "Buffer Underwrite ('Buffer Underflow')", + status: 'Incomplete', + }, + { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, + { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, + { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, + { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, + { + id: 'CWE-129', + name: 'Improper Validation of Array Index', + status: 'Draft', + }, + { + id: 'CWE-13', + name: 'ASP.NET Misconfiguration: Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-130', + name: 'Improper Handling of Length Parameter Inconsistency ', + status: 'Incomplete', + }, + { + id: 'CWE-131', + name: 'Incorrect Calculation of Buffer Size', + status: 'Draft', + }, + { + id: 'CWE-132', + name: 'DEPRECATED (Duplicate): Miscalculated Null Termination', + status: 'Deprecated', + }, + { id: 'CWE-134', name: 'Uncontrolled Format String', status: 'Draft' }, + { + id: 'CWE-135', + name: 'Incorrect Calculation of Multi-Byte String Length', + status: 'Draft', + }, + { + id: 'CWE-138', + name: 'Improper Neutralization of Special Elements', + status: 'Draft', + }, + { + id: 'CWE-14', + name: 'Compiler Removal of Code to Clear Buffers', + status: 'Draft', + }, + { + id: 'CWE-140', + name: 'Improper Neutralization of Delimiters', + status: 'Draft', + }, + { + id: 'CWE-141', + name: 'Improper Neutralization of Parameter/Argument Delimiters', + status: 'Draft', + }, + { + id: 'CWE-142', + name: 'Improper Neutralization of Value Delimiters', + status: 'Draft', + }, + { + id: 'CWE-143', + name: 'Improper Neutralization of Record Delimiters', + status: 'Draft', + }, + { + id: 'CWE-144', + name: 'Improper Neutralization of Line Delimiters', + status: 'Draft', + }, + { + id: 'CWE-145', + name: 'Improper Neutralization of Section Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-146', + name: 'Improper Neutralization of Expression/Command Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-147', + name: 'Improper Neutralization of Input Terminators', + status: 'Draft', + }, + { + id: 'CWE-148', + name: 'Improper Neutralization of Input Leaders', + status: 'Draft', + }, + { + id: 'CWE-149', + name: 'Improper Neutralization of Quoting Syntax', + status: 'Draft', + }, + { + id: 'CWE-15', + name: 'External Control of System or Configuration Setting', + status: 'Incomplete', + }, + { + id: 'CWE-150', + name: 'Improper Neutralization of Escape, Meta, or Control Sequences', + status: 'Incomplete', + }, + { + id: 'CWE-151', + name: 'Improper Neutralization of Comment Delimiters', + status: 'Draft', + }, + { + id: 'CWE-152', + name: 'Improper Neutralization of Macro Symbols', + status: 'Draft', + }, + { + id: 'CWE-153', + name: 'Improper Neutralization of Substitution Characters', + status: 'Draft', + }, + { + id: 'CWE-154', + name: 'Improper Neutralization of Variable Name Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-155', + name: 'Improper Neutralization of Wildcards or Matching Symbols', + status: 'Draft', + }, + { + id: 'CWE-156', + name: 'Improper Neutralization of Whitespace', + status: 'Draft', + }, + { + id: 'CWE-157', + name: 'Failure to Sanitize Paired Delimiters', + status: 'Draft', + }, + { + id: 'CWE-158', + name: 'Improper Neutralization of Null Byte or NUL Character', + status: 'Incomplete', + }, + { + id: 'CWE-159', + name: 'Failure to Sanitize Special Element', + status: 'Draft', + }, + { + id: 'CWE-160', + name: 'Improper Neutralization of Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-161', + name: 'Improper Neutralization of Multiple Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-162', + name: 'Improper Neutralization of Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-163', + name: 'Improper Neutralization of Multiple Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-164', + name: 'Improper Neutralization of Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-165', + name: 'Improper Neutralization of Multiple Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-166', + name: 'Improper Handling of Missing Special Element', + status: 'Draft', + }, + { + id: 'CWE-167', + name: 'Improper Handling of Additional Special Element', + status: 'Draft', + }, + { + id: 'CWE-168', + name: 'Improper Handling of Inconsistent Special Elements', + status: 'Draft', + }, + { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, + { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, + { + id: 'CWE-173', + name: 'Improper Handling of Alternate Encoding', + status: 'Draft', + }, + { + id: 'CWE-174', + name: 'Double Decoding of the Same Data', + status: 'Draft', + }, + { + id: 'CWE-175', + name: 'Improper Handling of Mixed Encoding', + status: 'Draft', + }, + { + id: 'CWE-176', + name: 'Improper Handling of Unicode Encoding', + status: 'Draft', + }, + { + id: 'CWE-177', + name: 'Improper Handling of URL Encoding (Hex Encoding)', + status: 'Draft', + }, + { + id: 'CWE-178', + name: 'Improper Handling of Case Sensitivity', + status: 'Incomplete', + }, + { + id: 'CWE-179', + name: 'Incorrect Behavior Order: Early Validation', + status: 'Incomplete', + }, + { + id: 'CWE-180', + name: 'Incorrect Behavior Order: Validate Before Canonicalize', + status: 'Draft', + }, + { + id: 'CWE-181', + name: 'Incorrect Behavior Order: Validate Before Filter', + status: 'Draft', + }, + { + id: 'CWE-182', + name: 'Collapse of Data into Unsafe Value', + status: 'Draft', + }, + { id: 'CWE-183', name: 'Permissive Whitelist', status: 'Draft' }, + { id: 'CWE-184', name: 'Incomplete Blacklist', status: 'Draft' }, + { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, + { + id: 'CWE-186', + name: 'Overly Restrictive Regular Expression', + status: 'Draft', + }, + { id: 'CWE-187', name: 'Partial Comparison', status: 'Incomplete' }, + { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, + { + id: 'CWE-190', + name: 'Integer Overflow or Wraparound', + status: 'Incomplete', + }, + { + id: 'CWE-191', + name: 'Integer Underflow (Wrap or Wraparound)', + status: 'Draft', + }, + { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, + { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, + { + id: 'CWE-195', + name: 'Signed to Unsigned Conversion Error', + status: 'Draft', + }, + { + id: 'CWE-196', + name: 'Unsigned to Signed Conversion Error', + status: 'Draft', + }, + { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, + { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, + { id: 'CWE-20', name: 'Improper Input Validation', status: 'Usable' }, + { id: 'CWE-200', name: 'Information Exposure', status: 'Incomplete' }, + { + id: 'CWE-201', + name: 'Information Exposure Through Sent Data', + status: 'Draft', + }, + { + id: 'CWE-202', + name: 'Exposure of Sensitive Data Through Data Queries', + status: 'Draft', + }, + { + id: 'CWE-203', + name: 'Information Exposure Through Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-204', + name: 'Response Discrepancy Information Exposure', + status: 'Incomplete', + }, + { + id: 'CWE-205', + name: 'Information Exposure Through Behavioral Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-206', + name: 'Information Exposure of Internal State Through Behavioral Inconsistency', + status: 'Incomplete', + }, + { + id: 'CWE-207', + name: 'Information Exposure Through an External Behavioral Inconsistency', + status: 'Draft', + }, + { + id: 'CWE-208', + name: 'Information Exposure Through Timing Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-209', + name: 'Information Exposure Through an Error Message', + status: 'Draft', + }, + { + id: 'CWE-210', + name: 'Information Exposure Through Self-generated Error Message', + status: 'Draft', + }, + { + id: 'CWE-211', + name: 'Information Exposure Through Externally-generated Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-212', + name: 'Improper Cross-boundary Removal of Sensitive Data', + status: 'Incomplete', + }, + { + id: 'CWE-213', + name: 'Intentional Information Exposure', + status: 'Draft', + }, + { + id: 'CWE-214', + name: 'Information Exposure Through Process Environment', + status: 'Incomplete', + }, + { + id: 'CWE-215', + name: 'Information Exposure Through Debug Information', + status: 'Draft', + }, + { + id: 'CWE-216', + name: 'Containment Errors (Container Errors)', + status: 'Incomplete', + }, + { + id: 'CWE-217', + name: 'DEPRECATED: Failure to Protect Stored Data from Modification', + status: 'Deprecated', + }, + { + id: 'CWE-218', + name: 'DEPRECATED (Duplicate): Failure to provide confidentiality for stored data', + status: 'Deprecated', + }, + { id: 'CWE-219', name: 'Sensitive Data Under Web Root', status: 'Draft' }, + { + id: 'CWE-22', + name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + status: 'Draft', + }, + { id: 'CWE-220', name: 'Sensitive Data Under FTP Root', status: 'Draft' }, + { + id: 'CWE-221', + name: 'Information Loss or Omission', + status: 'Incomplete', + }, + { + id: 'CWE-222', + name: 'Truncation of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-223', + name: 'Omission of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-224', + name: 'Obscured Security-relevant Information by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-225', + name: 'DEPRECATED (Duplicate): General Information Management Problems', + status: 'Deprecated', + }, + { + id: 'CWE-226', + name: 'Sensitive Information Uncleared Before Release', + status: 'Draft', + }, + { + id: 'CWE-227', + name: "Improper Fulfillment of API Contract ('API Abuse')", + status: 'Draft', + }, + { + id: 'CWE-228', + name: 'Improper Handling of Syntactically Invalid Structure', + status: 'Incomplete', + }, + { + id: 'CWE-229', + name: 'Improper Handling of Values', + status: 'Incomplete', + }, + { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, + { + id: 'CWE-230', + name: 'Improper Handling of Missing Values', + status: 'Draft', + }, + { + id: 'CWE-231', + name: 'Improper Handling of Extra Values', + status: 'Draft', + }, + { + id: 'CWE-232', + name: 'Improper Handling of Undefined Values', + status: 'Draft', + }, + { id: 'CWE-233', name: 'Parameter Problems', status: 'Incomplete' }, + { + id: 'CWE-234', + name: 'Failure to Handle Missing Parameter', + status: 'Incomplete', + }, + { + id: 'CWE-235', + name: 'Improper Handling of Extra Parameters', + status: 'Draft', + }, + { + id: 'CWE-236', + name: 'Improper Handling of Undefined Parameters', + status: 'Draft', + }, + { + id: 'CWE-237', + name: 'Improper Handling of Structural Elements', + status: 'Incomplete', + }, + { + id: 'CWE-238', + name: 'Improper Handling of Incomplete Structural Elements', + status: 'Draft', + }, + { + id: 'CWE-239', + name: 'Failure to Handle Incomplete Element', + status: 'Draft', + }, + { + id: 'CWE-24', + name: "Path Traversal: '../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-240', + name: 'Improper Handling of Inconsistent Structural Elements', + status: 'Draft', + }, + { + id: 'CWE-241', + name: 'Improper Handling of Unexpected Data Type', + status: 'Draft', + }, + { + id: 'CWE-242', + name: 'Use of Inherently Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-243', + name: 'Creation of chroot Jail Without Changing Working Directory', + status: 'Draft', + }, + { + id: 'CWE-244', + name: "Improper Clearing of Heap Memory Before Release ('Heap Inspection')", + status: 'Draft', + }, + { + id: 'CWE-245', + name: 'J2EE Bad Practices: Direct Management of Connections', + status: 'Draft', + }, + { + id: 'CWE-246', + name: 'J2EE Bad Practices: Direct Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-247', + name: 'Reliance on DNS Lookups in a Security Decision', + status: 'Incomplete', + }, + { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, + { + id: 'CWE-249', + name: 'DEPRECATED: Often Misused: Path Manipulation', + status: 'Deprecated', + }, + { + id: 'CWE-25', + name: "Path Traversal: '/../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-250', + name: 'Execution with Unnecessary Privileges', + status: 'Draft', + }, + { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, + { + id: 'CWE-253', + name: 'Incorrect Check of Function Return Value', + status: 'Incomplete', + }, + { + id: 'CWE-256', + name: 'Plaintext Storage of a Password', + status: 'Incomplete', + }, + { + id: 'CWE-257', + name: 'Storing Passwords in a Recoverable Format', + status: 'Incomplete', + }, + { + id: 'CWE-258', + name: 'Empty Password in Configuration File', + status: 'Incomplete', + }, + { id: 'CWE-259', name: 'Use of Hard-coded Password', status: 'Draft' }, + { + id: 'CWE-26', + name: "Path Traversal: '/dir/../filename'", + status: 'Draft', + }, + { + id: 'CWE-260', + name: 'Password in Configuration File', + status: 'Incomplete', + }, + { + id: 'CWE-261', + name: 'Weak Cryptography for Passwords', + status: 'Incomplete', + }, + { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, + { + id: 'CWE-263', + name: 'Password Aging with Long Expiration', + status: 'Draft', + }, + { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, + { + id: 'CWE-267', + name: 'Privilege Defined With Unsafe Actions', + status: 'Incomplete', + }, + { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, + { + id: 'CWE-269', + name: 'Improper Privilege Management', + status: 'Incomplete', + }, + { + id: 'CWE-27', + name: "Path Traversal: 'dir/../../filename'", + status: 'Draft', + }, + { + id: 'CWE-270', + name: 'Privilege Context Switching Error', + status: 'Draft', + }, + { + id: 'CWE-271', + name: 'Privilege Dropping / Lowering Errors', + status: 'Incomplete', + }, + { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, + { + id: 'CWE-273', + name: 'Improper Check for Dropped Privileges', + status: 'Incomplete', + }, + { + id: 'CWE-274', + name: 'Improper Handling of Insufficient Privileges', + status: 'Draft', + }, + { id: 'CWE-276', name: 'Incorrect Default Permissions', status: 'Draft' }, + { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, + { + id: 'CWE-278', + name: 'Insecure Preserved Inherited Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-279', + name: 'Incorrect Execution-Assigned Permissions', + status: 'Draft', + }, + { + id: 'CWE-28', + name: "Path Traversal: '..\\filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-280', + name: 'Improper Handling of Insufficient Permissions or Privileges ', + status: 'Draft', + }, + { + id: 'CWE-281', + name: 'Improper Preservation of Permissions', + status: 'Draft', + }, + { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, + { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, + { id: 'CWE-284', name: 'Improper Access Control', status: 'Incomplete' }, + { id: 'CWE-285', name: 'Improper Authorization', status: 'Draft' }, + { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, + { id: 'CWE-287', name: 'Improper Authentication', status: 'Draft' }, + { + id: 'CWE-288', + name: 'Authentication Bypass Using an Alternate Path or Channel', + status: 'Incomplete', + }, + { + id: 'CWE-289', + name: 'Authentication Bypass by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-29', + name: "Path Traversal: '\\..\\filename'", + status: 'Incomplete', + }, + { + id: 'CWE-290', + name: 'Authentication Bypass by Spoofing', + status: 'Incomplete', + }, + { + id: 'CWE-292', + name: 'Trusting Self-reported DNS Name', + status: 'Incomplete', + }, + { + id: 'CWE-293', + name: 'Using Referer Field for Authentication', + status: 'Draft', + }, + { + id: 'CWE-294', + name: 'Authentication Bypass by Capture-replay', + status: 'Incomplete', + }, + { + id: 'CWE-295', + name: 'Improper Certificate Validation', + status: 'Incomplete', + }, + { + id: 'CWE-296', + name: "Improper Following of a Certificate's Chain of Trust", + status: 'Draft', + }, + { + id: 'CWE-297', + name: 'Improper Validation of Certificate with Host Mismatch', + status: 'Incomplete', + }, + { + id: 'CWE-298', + name: 'Improper Validation of Certificate Expiration', + status: 'Draft', + }, + { + id: 'CWE-299', + name: 'Improper Check for Certificate Revocation', + status: 'Draft', + }, + { + id: 'CWE-30', + name: "Path Traversal: '\\dir\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-300', + name: "Channel Accessible by Non-Endpoint ('Man-in-the-Middle')", + status: 'Draft', + }, + { + id: 'CWE-301', + name: 'Reflection Attack in an Authentication Protocol', + status: 'Draft', + }, + { + id: 'CWE-302', + name: 'Authentication Bypass by Assumed-Immutable Data', + status: 'Incomplete', + }, + { + id: 'CWE-303', + name: 'Incorrect Implementation of Authentication Algorithm', + status: 'Draft', + }, + { + id: 'CWE-304', + name: 'Missing Critical Step in Authentication', + status: 'Draft', + }, + { + id: 'CWE-305', + name: 'Authentication Bypass by Primary Weakness', + status: 'Draft', + }, + { + id: 'CWE-306', + name: 'Missing Authentication for Critical Function', + status: 'Draft', + }, + { + id: 'CWE-307', + name: 'Improper Restriction of Excessive Authentication Attempts', + status: 'Draft', + }, + { + id: 'CWE-308', + name: 'Use of Single-factor Authentication', + status: 'Draft', + }, + { + id: 'CWE-309', + name: 'Use of Password System for Primary Authentication', + status: 'Draft', + }, + { + id: 'CWE-31', + name: "Path Traversal: 'dir\\..\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-311', + name: 'Missing Encryption of Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-312', + name: 'Cleartext Storage of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-313', + name: 'Plaintext Storage in a File or on Disk', + status: 'Draft', + }, + { + id: 'CWE-314', + name: 'Plaintext Storage in the Registry', + status: 'Draft', + }, + { id: 'CWE-315', name: 'Plaintext Storage in a Cookie', status: 'Draft' }, + { id: 'CWE-316', name: 'Plaintext Storage in Memory', status: 'Draft' }, + { id: 'CWE-317', name: 'Plaintext Storage in GUI', status: 'Draft' }, + { id: 'CWE-318', name: 'Plaintext Storage in Executable', status: 'Draft' }, + { + id: 'CWE-319', + name: 'Cleartext Transmission of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-32', + name: "Path Traversal: '...' (Triple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-321', + name: 'Use of Hard-coded Cryptographic Key', + status: 'Draft', + }, + { + id: 'CWE-322', + name: 'Key Exchange without Entity Authentication', + status: 'Draft', + }, + { + id: 'CWE-323', + name: 'Reusing a Nonce, Key Pair in Encryption', + status: 'Incomplete', + }, + { + id: 'CWE-324', + name: 'Use of a Key Past its Expiration Date', + status: 'Draft', + }, + { + id: 'CWE-325', + name: 'Missing Required Cryptographic Step', + status: 'Incomplete', + }, + { id: 'CWE-326', name: 'Inadequate Encryption Strength', status: 'Draft' }, + { + id: 'CWE-327', + name: 'Use of a Broken or Risky Cryptographic Algorithm', + status: 'Draft', + }, + { id: 'CWE-328', name: 'Reversible One-Way Hash', status: 'Draft' }, + { + id: 'CWE-329', + name: 'Not Using a Random IV with CBC Mode', + status: 'Draft', + }, + { + id: 'CWE-33', + name: "Path Traversal: '....' (Multiple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-330', + name: 'Use of Insufficiently Random Values', + status: 'Usable', + }, + { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, + { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, + { + id: 'CWE-333', + name: 'Improper Handling of Insufficient Entropy in TRNG', + status: 'Draft', + }, + { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, + { id: 'CWE-335', name: 'PRNG Seed Error', status: 'Draft' }, + { id: 'CWE-336', name: 'Same Seed in PRNG', status: 'Draft' }, + { id: 'CWE-337', name: 'Predictable Seed in PRNG', status: 'Draft' }, + { + id: 'CWE-338', + name: 'Use of Cryptographically Weak PRNG', + status: 'Draft', + }, + { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, + { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, + { id: 'CWE-340', name: 'Predictability Problems', status: 'Incomplete' }, + { + id: 'CWE-341', + name: 'Predictable from Observable State', + status: 'Draft', + }, + { + id: 'CWE-342', + name: 'Predictable Exact Value from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-343', + name: 'Predictable Value Range from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-344', + name: 'Use of Invariant Value in Dynamically Changing Context', + status: 'Draft', + }, + { + id: 'CWE-345', + name: 'Insufficient Verification of Data Authenticity', + status: 'Draft', + }, + { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, + { + id: 'CWE-347', + name: 'Improper Verification of Cryptographic Signature', + status: 'Draft', + }, + { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, + { + id: 'CWE-349', + name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', + status: 'Draft', + }, + { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, + { id: 'CWE-350', name: 'Improperly Trusted Reverse DNS', status: 'Draft' }, + { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, + { + id: 'CWE-353', + name: 'Missing Support for Integrity Check', + status: 'Draft', + }, + { + id: 'CWE-354', + name: 'Improper Validation of Integrity Check Value', + status: 'Draft', + }, + { + id: 'CWE-356', + name: 'Product UI does not Warn User of Unsafe Actions', + status: 'Incomplete', + }, + { + id: 'CWE-357', + name: 'Insufficient UI Warning of Dangerous Operations', + status: 'Draft', + }, + { + id: 'CWE-358', + name: 'Improperly Implemented Security Check for Standard', + status: 'Draft', + }, + { id: 'CWE-359', name: 'Privacy Violation', status: 'Incomplete' }, + { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, + { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, + { + id: 'CWE-362', + name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", + status: 'Draft', + }, + { + id: 'CWE-363', + name: 'Race Condition Enabling Link Following', + status: 'Draft', + }, + { + id: 'CWE-364', + name: 'Signal Handler Race Condition', + status: 'Incomplete', + }, + { id: 'CWE-365', name: 'Race Condition in Switch', status: 'Draft' }, + { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, + { + id: 'CWE-367', + name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', + status: 'Incomplete', + }, + { + id: 'CWE-368', + name: 'Context Switching Race Condition', + status: 'Draft', + }, + { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, + { + id: 'CWE-37', + name: "Path Traversal: '/absolute/pathname/here'", + status: 'Draft', + }, + { + id: 'CWE-370', + name: 'Missing Check for Certificate Revocation after Initial Check', + status: 'Draft', + }, + { + id: 'CWE-372', + name: 'Incomplete Internal State Distinction', + status: 'Draft', + }, + { + id: 'CWE-373', + name: 'DEPRECATED: State Synchronization Error', + status: 'Deprecated', + }, + { + id: 'CWE-374', + name: 'Passing Mutable Objects to an Untrusted Method', + status: 'Draft', + }, + { + id: 'CWE-375', + name: 'Returning a Mutable Object to an Untrusted Caller', + status: 'Draft', + }, + { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, + { + id: 'CWE-378', + name: 'Creation of Temporary File With Insecure Permissions', + status: 'Draft', + }, + { + id: 'CWE-379', + name: 'Creation of Temporary File in Directory with Incorrect Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-38', + name: "Path Traversal: '\\absolute\\pathname\\here'", + status: 'Draft', + }, + { + id: 'CWE-382', + name: 'J2EE Bad Practices: Use of System.exit()', + status: 'Draft', + }, + { + id: 'CWE-383', + name: 'J2EE Bad Practices: Direct Use of Threads', + status: 'Draft', + }, + { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, + { + id: 'CWE-386', + name: 'Symbolic Name not Mapping to Correct Object', + status: 'Draft', + }, + { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, + { + id: 'CWE-390', + name: 'Detection of Error Condition Without Action', + status: 'Draft', + }, + { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, + { + id: 'CWE-392', + name: 'Missing Report of Error Condition', + status: 'Draft', + }, + { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, + { + id: 'CWE-394', + name: 'Unexpected Status Code or Return Value', + status: 'Draft', + }, + { + id: 'CWE-395', + name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', + status: 'Draft', + }, + { + id: 'CWE-396', + name: 'Declaration of Catch for Generic Exception', + status: 'Draft', + }, + { + id: 'CWE-397', + name: 'Declaration of Throws for Generic Exception', + status: 'Draft', + }, + { id: 'CWE-398', name: 'Indicator of Poor Code Quality', status: 'Draft' }, + { + id: 'CWE-40', + name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", + status: 'Draft', + }, + { + id: 'CWE-400', + name: "Uncontrolled Resource Consumption ('Resource Exhaustion')", + status: 'Incomplete', + }, + { + id: 'CWE-401', + name: "Improper Release of Memory Before Removing Last Reference ('Memory Leak')", + status: 'Draft', + }, + { + id: 'CWE-402', + name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", + status: 'Draft', + }, + { + id: 'CWE-403', + name: "Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')", + status: 'Draft', + }, + { + id: 'CWE-404', + name: 'Improper Resource Shutdown or Release', + status: 'Draft', + }, + { + id: 'CWE-405', + name: 'Asymmetric Resource Consumption (Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-406', + name: 'Insufficient Control of Network Message Volume (Network Amplification)', + status: 'Incomplete', + }, + { id: 'CWE-407', name: 'Algorithmic Complexity', status: 'Incomplete' }, + { + id: 'CWE-408', + name: 'Incorrect Behavior Order: Early Amplification', + status: 'Draft', + }, + { + id: 'CWE-409', + name: 'Improper Handling of Highly Compressed Data (Data Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-41', + name: 'Improper Resolution of Path Equivalence', + status: 'Incomplete', + }, + { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, + { + id: 'CWE-412', + name: 'Unrestricted Externally Accessible Lock', + status: 'Incomplete', + }, + { id: 'CWE-413', name: 'Improper Resource Locking', status: 'Draft' }, + { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, + { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, + { id: 'CWE-416', name: 'Use After Free', status: 'Draft' }, + { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, + { + id: 'CWE-42', + name: "Path Equivalence: 'filename.' (Trailing Dot)", + status: 'Incomplete', + }, + { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, + { + id: 'CWE-421', + name: 'Race Condition During Access to Alternate Channel', + status: 'Draft', + }, + { + id: 'CWE-422', + name: "Unprotected Windows Messaging Channel ('Shatter')", + status: 'Draft', + }, + { + id: 'CWE-423', + name: 'DEPRECATED (Duplicate): Proxied Trusted Channel', + status: 'Deprecated', + }, + { + id: 'CWE-424', + name: 'Improper Protection of Alternate Path', + status: 'Draft', + }, + { + id: 'CWE-425', + name: "Direct Request ('Forced Browsing')", + status: 'Incomplete', + }, + { + id: 'CWE-427', + name: 'Uncontrolled Search Path Element', + status: 'Draft', + }, + { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, + { + id: 'CWE-43', + name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-430', + name: 'Deployment of Wrong Handler', + status: 'Incomplete', + }, + { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, + { + id: 'CWE-432', + name: 'Dangerous Signal Handler not Disabled During Sensitive Operations', + status: 'Draft', + }, + { + id: 'CWE-433', + name: 'Unparsed Raw Web Content Delivery', + status: 'Incomplete', + }, + { + id: 'CWE-434', + name: 'Unrestricted Upload of File with Dangerous Type', + status: 'Draft', + }, + { id: 'CWE-435', name: 'Interaction Error', status: 'Draft' }, + { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, + { + id: 'CWE-437', + name: 'Incomplete Model of Endpoint Features', + status: 'Incomplete', + }, + { + id: 'CWE-439', + name: 'Behavioral Change in New Version or Environment', + status: 'Draft', + }, + { + id: 'CWE-44', + name: "Path Equivalence: 'file.name' (Internal Dot)", + status: 'Incomplete', + }, + { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, + { + id: 'CWE-441', + name: "Unintended Proxy or Intermediary ('Confused Deputy')", + status: 'Draft', + }, + { + id: 'CWE-443', + name: 'DEPRECATED (Duplicate): HTTP response splitting', + status: 'Deprecated', + }, + { + id: 'CWE-444', + name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')", + status: 'Incomplete', + }, + { + id: 'CWE-446', + name: 'UI Discrepancy for Security Feature', + status: 'Incomplete', + }, + { + id: 'CWE-447', + name: 'Unimplemented or Unsupported Feature in UI', + status: 'Draft', + }, + { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, + { + id: 'CWE-449', + name: 'The UI Performs the Wrong Action', + status: 'Incomplete', + }, + { + id: 'CWE-45', + name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-450', + name: 'Multiple Interpretations of UI Input', + status: 'Draft', + }, + { + id: 'CWE-451', + name: 'UI Misrepresentation of Critical Information', + status: 'Draft', + }, + { + id: 'CWE-453', + name: 'Insecure Default Variable Initialization', + status: 'Draft', + }, + { + id: 'CWE-454', + name: 'External Initialization of Trusted Variables or Data Stores', + status: 'Draft', + }, + { + id: 'CWE-455', + name: 'Non-exit on Failed Initialization', + status: 'Draft', + }, + { + id: 'CWE-456', + name: 'Missing Initialization of a Variable', + status: 'Draft', + }, + { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, + { + id: 'CWE-458', + name: 'DEPRECATED: Incorrect Initialization', + status: 'Deprecated', + }, + { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, + { + id: 'CWE-46', + name: "Path Equivalence: 'filename ' (Trailing Space)", + status: 'Incomplete', + }, + { + id: 'CWE-460', + name: 'Improper Cleanup on Thrown Exception', + status: 'Draft', + }, + { + id: 'CWE-462', + name: 'Duplicate Key in Associative List (Alist)', + status: 'Incomplete', + }, + { + id: 'CWE-463', + name: 'Deletion of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-464', + name: 'Addition of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-466', + name: 'Return of Pointer Value Outside of Expected Range', + status: 'Draft', + }, + { + id: 'CWE-467', + name: 'Use of sizeof() on a Pointer Type', + status: 'Draft', + }, + { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, + { + id: 'CWE-469', + name: 'Use of Pointer Subtraction to Determine Size', + status: 'Draft', + }, + { + id: 'CWE-47', + name: "Path Equivalence: ' filename' (Leading Space)", + status: 'Incomplete', + }, + { + id: 'CWE-470', + name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", + status: 'Draft', + }, + { + id: 'CWE-471', + name: 'Modification of Assumed-Immutable Data (MAID)', + status: 'Draft', + }, + { + id: 'CWE-472', + name: 'External Control of Assumed-Immutable Web Parameter', + status: 'Draft', + }, + { + id: 'CWE-473', + name: 'PHP External Variable Modification', + status: 'Draft', + }, + { + id: 'CWE-474', + name: 'Use of Function with Inconsistent Implementations', + status: 'Draft', + }, + { + id: 'CWE-475', + name: 'Undefined Behavior for Input to API', + status: 'Incomplete', + }, + { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Draft' }, + { id: 'CWE-477', name: 'Use of Obsolete Functions', status: 'Draft' }, + { + id: 'CWE-478', + name: 'Missing Default Case in Switch Statement', + status: 'Draft', + }, + { + id: 'CWE-479', + name: 'Signal Handler Use of a Non-reentrant Function', + status: 'Draft', + }, + { + id: 'CWE-48', + name: "Path Equivalence: 'file name' (Internal Whitespace)", + status: 'Incomplete', + }, + { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, + { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, + { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, + { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, + { + id: 'CWE-484', + name: 'Omitted Break Statement in Switch', + status: 'Draft', + }, + { id: 'CWE-485', name: 'Insufficient Encapsulation', status: 'Draft' }, + { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, + { + id: 'CWE-487', + name: 'Reliance on Package-level Scope', + status: 'Incomplete', + }, + { + id: 'CWE-488', + name: 'Exposure of Data Element to Wrong Session', + status: 'Draft', + }, + { id: 'CWE-489', name: 'Leftover Debug Code', status: 'Draft' }, + { + id: 'CWE-49', + name: "Path Equivalence: 'filename/' (Trailing Slash)", + status: 'Incomplete', + }, + { + id: 'CWE-491', + name: "Public cloneable() Method Without Final ('Object Hijack')", + status: 'Draft', + }, + { + id: 'CWE-492', + name: 'Use of Inner Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-493', + name: 'Critical Public Variable Without Final Modifier', + status: 'Draft', + }, + { + id: 'CWE-494', + name: 'Download of Code Without Integrity Check', + status: 'Draft', + }, + { + id: 'CWE-495', + name: 'Private Array-Typed Field Returned From A Public Method', + status: 'Draft', + }, + { + id: 'CWE-496', + name: 'Public Data Assigned to Private Array-Typed Field', + status: 'Incomplete', + }, + { + id: 'CWE-497', + name: 'Exposure of System Data to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-498', + name: 'Cloneable Class Containing Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-499', + name: 'Serializable Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-5', + name: 'J2EE Misconfiguration: Data Transmission Without Encryption', + status: 'Draft', + }, + { + id: 'CWE-50', + name: "Path Equivalence: '//multiple/leading/slash'", + status: 'Incomplete', + }, + { + id: 'CWE-500', + name: 'Public Static Field Not Marked Final', + status: 'Draft', + }, + { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, + { + id: 'CWE-502', + name: 'Deserialization of Untrusted Data', + status: 'Draft', + }, + { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, + { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, + { + id: 'CWE-508', + name: 'Non-Replicating Malicious Code', + status: 'Incomplete', + }, + { + id: 'CWE-509', + name: 'Replicating Malicious Code (Virus or Worm)', + status: 'Incomplete', + }, + { + id: 'CWE-51', + name: "Path Equivalence: '/multiple//internal/slash'", + status: 'Incomplete', + }, + { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, + { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, + { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, + { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, + { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, + { + id: 'CWE-516', + name: 'DEPRECATED (Duplicate): Covert Timing Channel', + status: 'Deprecated', + }, + { + id: 'CWE-52', + name: "Path Equivalence: '/multiple/trailing/slash//'", + status: 'Incomplete', + }, + { + id: 'CWE-520', + name: '.NET Misconfiguration: Use of Impersonation', + status: 'Incomplete', + }, + { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, + { + id: 'CWE-522', + name: 'Insufficiently Protected Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-523', + name: 'Unprotected Transport of Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-524', + name: 'Information Exposure Through Caching', + status: 'Incomplete', + }, + { + id: 'CWE-525', + name: 'Information Exposure Through Browser Caching', + status: 'Incomplete', + }, + { + id: 'CWE-526', + name: 'Information Exposure Through Environmental Variables', + status: 'Incomplete', + }, + { + id: 'CWE-527', + name: 'Exposure of CVS Repository to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-528', + name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', + status: 'Draft', + }, + { + id: 'CWE-529', + name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-53', + name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", + status: 'Incomplete', + }, + { + id: 'CWE-530', + name: 'Exposure of Backup File to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-531', + name: 'Information Exposure Through Test Code', + status: 'Incomplete', + }, + { + id: 'CWE-532', + name: 'Information Exposure Through Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-533', + name: 'Information Exposure Through Server Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-534', + name: 'Information Exposure Through Debug Log Files', + status: 'Draft', + }, + { + id: 'CWE-535', + name: 'Information Exposure Through Shell Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-536', + name: 'Information Exposure Through Servlet Runtime Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-537', + name: 'Information Exposure Through Java Runtime Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-538', + name: 'File and Directory Information Exposure', + status: 'Draft', + }, + { + id: 'CWE-539', + name: 'Information Exposure Through Persistent Cookies', + status: 'Incomplete', + }, + { + id: 'CWE-54', + name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", + status: 'Incomplete', + }, + { + id: 'CWE-540', + name: 'Information Exposure Through Source Code', + status: 'Incomplete', + }, + { + id: 'CWE-541', + name: 'Information Exposure Through Include Source Code', + status: 'Incomplete', + }, + { + id: 'CWE-542', + name: 'Information Exposure Through Cleanup Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-543', + name: 'Use of Singleton Pattern Without Synchronization in a Multithreaded Context', + status: 'Incomplete', + }, + { + id: 'CWE-544', + name: 'Missing Standardized Error Handling Mechanism', + status: 'Draft', + }, + { + id: 'CWE-545', + name: 'Use of Dynamic Class Loading', + status: 'Incomplete', + }, + { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, + { + id: 'CWE-547', + name: 'Use of Hard-coded, Security-relevant Constants', + status: 'Draft', + }, + { + id: 'CWE-548', + name: 'Information Exposure Through Directory Listing', + status: 'Draft', + }, + { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, + { + id: 'CWE-55', + name: "Path Equivalence: '/./' (Single Dot Directory)", + status: 'Incomplete', + }, + { + id: 'CWE-550', + name: 'Information Exposure Through Server Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-551', + name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', + status: 'Incomplete', + }, + { + id: 'CWE-552', + name: 'Files or Directories Accessible to External Parties', + status: 'Draft', + }, + { + id: 'CWE-553', + name: 'Command Shell in Externally Accessible Directory', + status: 'Incomplete', + }, + { + id: 'CWE-554', + name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', + status: 'Draft', + }, + { + id: 'CWE-555', + name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-556', + name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', + status: 'Incomplete', + }, + { + id: 'CWE-558', + name: 'Use of getlogin() in Multithreaded Application', + status: 'Draft', + }, + { + id: 'CWE-56', + name: "Path Equivalence: 'filedir*' (Wildcard)", + status: 'Incomplete', + }, + { + id: 'CWE-560', + name: 'Use of umask() with chmod-style Argument', + status: 'Draft', + }, + { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, + { + id: 'CWE-562', + name: 'Return of Stack Variable Address', + status: 'Draft', + }, + { id: 'CWE-563', name: 'Unused Variable', status: 'Draft' }, + { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, + { + id: 'CWE-565', + name: 'Reliance on Cookies without Validation and Integrity Checking', + status: 'Incomplete', + }, + { + id: 'CWE-566', + name: 'Authorization Bypass Through User-Controlled SQL Primary Key', + status: 'Incomplete', + }, + { + id: 'CWE-567', + name: 'Unsynchronized Access to Shared Data in a Multithreaded Context', + status: 'Draft', + }, + { + id: 'CWE-568', + name: 'finalize() Method Without super.finalize()', + status: 'Draft', + }, + { + id: 'CWE-57', + name: "Path Equivalence: 'fakedir/../realdir/filename'", + status: 'Incomplete', + }, + { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, + { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, + { + id: 'CWE-572', + name: 'Call to Thread run() instead of start()', + status: 'Draft', + }, + { + id: 'CWE-573', + name: 'Improper Following of Specification by Caller', + status: 'Draft', + }, + { + id: 'CWE-574', + name: 'EJB Bad Practices: Use of Synchronization Primitives', + status: 'Draft', + }, + { + id: 'CWE-575', + name: 'EJB Bad Practices: Use of AWT Swing', + status: 'Draft', + }, + { + id: 'CWE-576', + name: 'EJB Bad Practices: Use of Java I/O', + status: 'Draft', + }, + { + id: 'CWE-577', + name: 'EJB Bad Practices: Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-578', + name: 'EJB Bad Practices: Use of Class Loader', + status: 'Draft', + }, + { + id: 'CWE-579', + name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', + status: 'Draft', + }, + { + id: 'CWE-58', + name: 'Path Equivalence: Windows 8.3 Filename', + status: 'Incomplete', + }, + { + id: 'CWE-580', + name: 'clone() Method Without super.clone()', + status: 'Draft', + }, + { + id: 'CWE-581', + name: 'Object Model Violation: Just One of Equals and Hashcode Defined', + status: 'Draft', + }, + { + id: 'CWE-582', + name: 'Array Declared Public, Final, and Static', + status: 'Draft', + }, + { + id: 'CWE-583', + name: 'finalize() Method Declared Public', + status: 'Incomplete', + }, + { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, + { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, + { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, + { + id: 'CWE-587', + name: 'Assignment of a Fixed Address to a Pointer', + status: 'Draft', + }, + { + id: 'CWE-588', + name: 'Attempt to Access Child of a Non-structure Pointer', + status: 'Incomplete', + }, + { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, + { + id: 'CWE-59', + name: "Improper Link Resolution Before File Access ('Link Following')", + status: 'Draft', + }, + { + id: 'CWE-590', + name: 'Free of Memory not on the Heap', + status: 'Incomplete', + }, + { + id: 'CWE-591', + name: 'Sensitive Data Storage in Improperly Locked Memory', + status: 'Draft', + }, + { + id: 'CWE-592', + name: 'Authentication Bypass Issues', + status: 'Incomplete', + }, + { + id: 'CWE-593', + name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', + status: 'Draft', + }, + { + id: 'CWE-594', + name: 'J2EE Framework: Saving Unserializable Objects to Disk', + status: 'Incomplete', + }, + { + id: 'CWE-595', + name: 'Comparison of Object References Instead of Object Contents', + status: 'Incomplete', + }, + { + id: 'CWE-596', + name: 'Incorrect Semantic Object Comparison', + status: 'Incomplete', + }, + { + id: 'CWE-597', + name: 'Use of Wrong Operator in String Comparison', + status: 'Draft', + }, + { + id: 'CWE-598', + name: 'Information Exposure Through Query Strings in GET Request', + status: 'Draft', + }, + { + id: 'CWE-599', + name: 'Missing Validation of OpenSSL Certificate', + status: 'Incomplete', + }, + { + id: 'CWE-6', + name: 'J2EE Misconfiguration: Insufficient Session-ID Length', + status: 'Incomplete', + }, + { id: 'CWE-600', name: 'Uncaught Exception in Servlet ', status: 'Draft' }, + { + id: 'CWE-601', + name: "URL Redirection to Untrusted Site ('Open Redirect')", + status: 'Draft', + }, + { + id: 'CWE-602', + name: 'Client-Side Enforcement of Server-Side Security', + status: 'Draft', + }, + { + id: 'CWE-603', + name: 'Use of Client-Side Authentication', + status: 'Draft', + }, + { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, + { + id: 'CWE-606', + name: 'Unchecked Input for Loop Condition', + status: 'Draft', + }, + { + id: 'CWE-607', + name: 'Public Static Final Field References Mutable Object', + status: 'Draft', + }, + { + id: 'CWE-608', + name: 'Struts: Non-private Field in ActionForm Class', + status: 'Draft', + }, + { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, + { + id: 'CWE-610', + name: 'Externally Controlled Reference to a Resource in Another Sphere', + status: 'Draft', + }, + { + id: 'CWE-611', + name: "Improper Restriction of XML External Entity Reference ('XXE')", + status: 'Draft', + }, + { + id: 'CWE-612', + name: 'Information Exposure Through Indexing of Private Data', + status: 'Draft', + }, + { + id: 'CWE-613', + name: 'Insufficient Session Expiration', + status: 'Incomplete', + }, + { + id: 'CWE-614', + name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", + status: 'Draft', + }, + { + id: 'CWE-615', + name: 'Information Exposure Through Comments', + status: 'Incomplete', + }, + { + id: 'CWE-616', + name: 'Incomplete Identification of Uploaded File Variables (PHP)', + status: 'Incomplete', + }, + { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, + { + id: 'CWE-618', + name: 'Exposed Unsafe ActiveX Method', + status: 'Incomplete', + }, + { + id: 'CWE-619', + name: "Dangling Database Cursor ('Cursor Injection')", + status: 'Incomplete', + }, + { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, + { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, + { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, + { + id: 'CWE-622', + name: 'Improper Validation of Function Hook Arguments', + status: 'Draft', + }, + { + id: 'CWE-623', + name: 'Unsafe ActiveX Control Marked Safe For Scripting', + status: 'Draft', + }, + { + id: 'CWE-624', + name: 'Executable Regular Expression Error', + status: 'Incomplete', + }, + { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, + { + id: 'CWE-626', + name: 'Null Byte Interaction Error (Poison Null Byte)', + status: 'Draft', + }, + { + id: 'CWE-627', + name: 'Dynamic Variable Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-628', + name: 'Function Call with Incorrectly Specified Arguments', + status: 'Draft', + }, + { + id: 'CWE-636', + name: "Not Failing Securely ('Failing Open')", + status: 'Draft', + }, + { + id: 'CWE-637', + name: "Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')", + status: 'Draft', + }, + { id: 'CWE-638', name: 'Not Using Complete Mediation', status: 'Draft' }, + { + id: 'CWE-639', + name: 'Authorization Bypass Through User-Controlled Key', + status: 'Incomplete', + }, + { + id: 'CWE-64', + name: 'Windows Shortcut Following (.LNK)', + status: 'Incomplete', + }, + { + id: 'CWE-640', + name: 'Weak Password Recovery Mechanism for Forgotten Password', + status: 'Incomplete', + }, + { + id: 'CWE-641', + name: 'Improper Restriction of Names for Files and Other Resources', + status: 'Incomplete', + }, + { + id: 'CWE-642', + name: 'External Control of Critical State Data', + status: 'Draft', + }, + { + id: 'CWE-643', + name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-644', + name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', + status: 'Incomplete', + }, + { + id: 'CWE-645', + name: 'Overly Restrictive Account Lockout Mechanism', + status: 'Incomplete', + }, + { + id: 'CWE-646', + name: 'Reliance on File Name or Extension of Externally-Supplied File', + status: 'Incomplete', + }, + { + id: 'CWE-647', + name: 'Use of Non-Canonical URL Paths for Authorization Decisions', + status: 'Incomplete', + }, + { + id: 'CWE-648', + name: 'Incorrect Use of Privileged APIs', + status: 'Incomplete', + }, + { + id: 'CWE-649', + name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', + status: 'Incomplete', + }, + { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, + { + id: 'CWE-650', + name: 'Trusting HTTP Permission Methods on the Server Side', + status: 'Incomplete', + }, + { + id: 'CWE-651', + name: 'Information Exposure Through WSDL File', + status: 'Incomplete', + }, + { + id: 'CWE-652', + name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-653', + name: 'Insufficient Compartmentalization', + status: 'Draft', + }, + { + id: 'CWE-654', + name: 'Reliance on a Single Factor in a Security Decision', + status: 'Draft', + }, + { + id: 'CWE-655', + name: 'Insufficient Psychological Acceptability', + status: 'Draft', + }, + { + id: 'CWE-656', + name: 'Reliance on Security Through Obscurity', + status: 'Draft', + }, + { + id: 'CWE-657', + name: 'Violation of Secure Design Principles', + status: 'Draft', + }, + { + id: 'CWE-66', + name: 'Improper Handling of File Names that Identify Virtual Resources', + status: 'Draft', + }, + { id: 'CWE-662', name: 'Improper Synchronization', status: 'Draft' }, + { + id: 'CWE-663', + name: 'Use of a Non-reentrant Function in a Concurrent Context', + status: 'Draft', + }, + { + id: 'CWE-664', + name: 'Improper Control of a Resource Through its Lifetime', + status: 'Draft', + }, + { id: 'CWE-665', name: 'Improper Initialization', status: 'Draft' }, + { + id: 'CWE-666', + name: 'Operation on Resource in Wrong Phase of Lifetime', + status: 'Draft', + }, + { id: 'CWE-667', name: 'Improper Locking', status: 'Draft' }, + { + id: 'CWE-668', + name: 'Exposure of Resource to Wrong Sphere', + status: 'Draft', + }, + { + id: 'CWE-669', + name: 'Incorrect Resource Transfer Between Spheres', + status: 'Draft', + }, + { + id: 'CWE-67', + name: 'Improper Handling of Windows Device Names', + status: 'Incomplete', + }, + { + id: 'CWE-670', + name: 'Always-Incorrect Control Flow Implementation', + status: 'Draft', + }, + { + id: 'CWE-671', + name: 'Lack of Administrator Control over Security', + status: 'Draft', + }, + { + id: 'CWE-672', + name: 'Operation on a Resource after Expiration or Release', + status: 'Draft', + }, + { + id: 'CWE-673', + name: 'External Influence of Sphere Definition', + status: 'Draft', + }, + { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, + { + id: 'CWE-675', + name: 'Duplicate Operations on Resource', + status: 'Draft', + }, + { + id: 'CWE-676', + name: 'Use of Potentially Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-681', + name: 'Incorrect Conversion between Numeric Types', + status: 'Draft', + }, + { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, + { + id: 'CWE-683', + name: 'Function Call With Incorrect Order of Arguments', + status: 'Draft', + }, + { + id: 'CWE-684', + name: 'Incorrect Provision of Specified Functionality', + status: 'Draft', + }, + { + id: 'CWE-685', + name: 'Function Call With Incorrect Number of Arguments', + status: 'Draft', + }, + { + id: 'CWE-686', + name: 'Function Call With Incorrect Argument Type', + status: 'Draft', + }, + { + id: 'CWE-687', + name: 'Function Call With Incorrectly Specified Argument Value', + status: 'Draft', + }, + { + id: 'CWE-688', + name: 'Function Call With Incorrect Variable or Reference as Argument', + status: 'Draft', + }, + { + id: 'CWE-69', + name: 'Improper Handling of Windows ::DATA Alternate Data Stream', + status: 'Incomplete', + }, + { + id: 'CWE-691', + name: 'Insufficient Control Flow Management', + status: 'Draft', + }, + { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, + { + id: 'CWE-694', + name: 'Use of Multiple Resources with Duplicate Identifier', + status: 'Incomplete', + }, + { + id: 'CWE-695', + name: 'Use of Low-Level Functionality', + status: 'Incomplete', + }, + { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, + { id: 'CWE-697', name: 'Insufficient Comparison', status: 'Incomplete' }, + { + id: 'CWE-698', + name: 'Execution After Redirect (EAR)', + status: 'Incomplete', + }, + { + id: 'CWE-7', + name: 'J2EE Misconfiguration: Missing Custom Error Page', + status: 'Incomplete', + }, + { + id: 'CWE-703', + name: 'Improper Check or Handling of Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-704', + name: 'Incorrect Type Conversion or Cast', + status: 'Incomplete', + }, + { + id: 'CWE-705', + name: 'Incorrect Control Flow Scoping', + status: 'Incomplete', + }, + { + id: 'CWE-706', + name: 'Use of Incorrectly-Resolved Name or Reference', + status: 'Incomplete', + }, + { + id: 'CWE-707', + name: 'Improper Enforcement of Message or Data Structure', + status: 'Incomplete', + }, + { + id: 'CWE-708', + name: 'Incorrect Ownership Assignment', + status: 'Incomplete', + }, + { id: 'CWE-71', name: "Apple '.DS_Store'", status: 'Incomplete' }, + { id: 'CWE-710', name: 'Coding Standards Violation', status: 'Incomplete' }, + { + id: 'CWE-72', + name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', + status: 'Incomplete', + }, + { + id: 'CWE-73', + name: 'External Control of File Name or Path', + status: 'Draft', + }, + { + id: 'CWE-732', + name: 'Incorrect Permission Assignment for Critical Resource', + status: 'Draft', + }, + { + id: 'CWE-733', + name: 'Compiler Optimization Removal or Modification of Security-critical Code', + status: 'Incomplete', + }, + { + id: 'CWE-74', + name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-749', + name: 'Exposed Dangerous Method or Function', + status: 'Incomplete', + }, + { + id: 'CWE-75', + name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', + status: 'Draft', + }, + { + id: 'CWE-754', + name: 'Improper Check for Unusual or Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-755', + name: 'Improper Handling of Exceptional Conditions', + status: 'Incomplete', + }, + { id: 'CWE-756', name: 'Missing Custom Error Page', status: 'Incomplete' }, + { + id: 'CWE-757', + name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", + status: 'Incomplete', + }, + { + id: 'CWE-758', + name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', + status: 'Incomplete', + }, + { + id: 'CWE-759', + name: 'Use of a One-Way Hash without a Salt', + status: 'Incomplete', + }, + { + id: 'CWE-76', + name: 'Improper Neutralization of Equivalent Special Elements', + status: 'Draft', + }, + { + id: 'CWE-760', + name: 'Use of a One-Way Hash with a Predictable Salt', + status: 'Incomplete', + }, + { + id: 'CWE-761', + name: 'Free of Pointer not at Start of Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-762', + name: 'Mismatched Memory Management Routines', + status: 'Incomplete', + }, + { + id: 'CWE-763', + name: 'Release of Invalid Pointer or Reference', + status: 'Incomplete', + }, + { + id: 'CWE-764', + name: 'Multiple Locks of a Critical Resource', + status: 'Incomplete', + }, + { + id: 'CWE-765', + name: 'Multiple Unlocks of a Critical Resource', + status: 'Incomplete', + }, + { + id: 'CWE-766', + name: 'Critical Variable Declared Public', + status: 'Incomplete', + }, + { + id: 'CWE-767', + name: 'Access to Critical Private Variable via Public Method', + status: 'Incomplete', + }, + { + id: 'CWE-768', + name: 'Incorrect Short Circuit Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-77', + name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", + status: 'Draft', + }, + { + id: 'CWE-770', + name: 'Allocation of Resources Without Limits or Throttling', + status: 'Incomplete', + }, + { + id: 'CWE-771', + name: 'Missing Reference to Active Allocated Resource', + status: 'Incomplete', + }, + { + id: 'CWE-772', + name: 'Missing Release of Resource after Effective Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-773', + name: 'Missing Reference to Active File Descriptor or Handle', + status: 'Incomplete', + }, + { + id: 'CWE-774', + name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', + status: 'Incomplete', + }, + { + id: 'CWE-775', + name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-776', + name: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", + status: 'Draft', + }, + { + id: 'CWE-777', + name: 'Regular Expression without Anchors', + status: 'Incomplete', + }, + { id: 'CWE-778', name: 'Insufficient Logging', status: 'Draft' }, + { id: 'CWE-779', name: 'Logging of Excessive Data', status: 'Draft' }, + { + id: 'CWE-78', + name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", + status: 'Draft', + }, + { + id: 'CWE-780', + name: 'Use of RSA Algorithm without OAEP', + status: 'Incomplete', + }, + { + id: 'CWE-781', + name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', + status: 'Draft', + }, + { + id: 'CWE-782', + name: 'Exposed IOCTL with Insufficient Access Control', + status: 'Draft', + }, + { id: 'CWE-783', name: 'Operator Precedence Logic Error', status: 'Draft' }, + { + id: 'CWE-784', + name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', + status: 'Draft', + }, + { + id: 'CWE-785', + name: 'Use of Path Manipulation Function without Maximum-sized Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-786', + name: 'Access of Memory Location Before Start of Buffer', + status: 'Incomplete', + }, + { id: 'CWE-787', name: 'Out-of-bounds Write', status: 'Incomplete' }, + { + id: 'CWE-788', + name: 'Access of Memory Location After End of Buffer', + status: 'Incomplete', + }, + { id: 'CWE-789', name: 'Uncontrolled Memory Allocation', status: 'Draft' }, + { + id: 'CWE-79', + name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + status: 'Usable', + }, + { + id: 'CWE-790', + name: 'Improper Filtering of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-791', + name: 'Incomplete Filtering of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-792', + name: 'Incomplete Filtering of One or More Instances of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-793', + name: 'Only Filtering One Instance of a Special Element', + status: 'Incomplete', + }, + { + id: 'CWE-794', + name: 'Incomplete Filtering of Multiple Instances of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-795', + name: 'Only Filtering Special Elements at a Specified Location', + status: 'Incomplete', + }, + { + id: 'CWE-796', + name: 'Only Filtering Special Elements Relative to a Marker', + status: 'Incomplete', + }, + { + id: 'CWE-797', + name: 'Only Filtering Special Elements at an Absolute Position', + status: 'Incomplete', + }, + { + id: 'CWE-798', + name: 'Use of Hard-coded Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-799', + name: 'Improper Control of Interaction Frequency', + status: 'Incomplete', + }, + { + id: 'CWE-8', + name: 'J2EE Misconfiguration: Entity Bean Declared Remote', + status: 'Incomplete', + }, + { + id: 'CWE-80', + name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', + status: 'Incomplete', + }, + { id: 'CWE-804', name: 'Guessable CAPTCHA', status: 'Incomplete' }, + { + id: 'CWE-805', + name: 'Buffer Access with Incorrect Length Value', + status: 'Incomplete', + }, + { + id: 'CWE-806', + name: 'Buffer Access Using Size of Source Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-807', + name: 'Reliance on Untrusted Inputs in a Security Decision', + status: 'Incomplete', + }, + { + id: 'CWE-81', + name: 'Improper Neutralization of Script in an Error Message Web Page', + status: 'Incomplete', + }, + { + id: 'CWE-82', + name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', + status: 'Incomplete', + }, + { id: 'CWE-820', name: 'Missing Synchronization', status: 'Incomplete' }, + { id: 'CWE-821', name: 'Incorrect Synchronization', status: 'Incomplete' }, + { + id: 'CWE-822', + name: 'Untrusted Pointer Dereference', + status: 'Incomplete', + }, + { + id: 'CWE-823', + name: 'Use of Out-of-range Pointer Offset', + status: 'Incomplete', + }, + { + id: 'CWE-824', + name: 'Access of Uninitialized Pointer', + status: 'Incomplete', + }, + { + id: 'CWE-825', + name: 'Expired Pointer Dereference', + status: 'Incomplete', + }, + { + id: 'CWE-826', + name: 'Premature Release of Resource During Expected Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-827', + name: 'Improper Control of Document Type Definition', + status: 'Incomplete', + }, + { + id: 'CWE-828', + name: 'Signal Handler with Functionality that is not Asynchronous-Safe', + status: 'Incomplete', + }, + { + id: 'CWE-829', + name: 'Inclusion of Functionality from Untrusted Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-83', + name: 'Improper Neutralization of Script in Attributes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-830', + name: 'Inclusion of Web Functionality from an Untrusted Source', + status: 'Incomplete', + }, + { + id: 'CWE-831', + name: 'Signal Handler Function Associated with Multiple Signals', + status: 'Incomplete', + }, + { + id: 'CWE-832', + name: 'Unlock of a Resource that is not Locked', + status: 'Incomplete', + }, + { id: 'CWE-833', name: 'Deadlock', status: 'Incomplete' }, + { id: 'CWE-834', name: 'Excessive Iteration', status: 'Incomplete' }, + { + id: 'CWE-835', + name: "Loop with Unreachable Exit Condition ('Infinite Loop')", + status: 'Incomplete', + }, + { + id: 'CWE-836', + name: 'Use of Password Hash Instead of Password for Authentication', + status: 'Incomplete', + }, + { + id: 'CWE-837', + name: 'Improper Enforcement of a Single, Unique Action', + status: 'Incomplete', + }, + { + id: 'CWE-838', + name: 'Inappropriate Encoding for Output Context', + status: 'Incomplete', + }, + { + id: 'CWE-839', + name: 'Numeric Range Comparison Without Minimum Check', + status: 'Incomplete', + }, + { + id: 'CWE-84', + name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-841', + name: 'Improper Enforcement of Behavioral Workflow', + status: 'Incomplete', + }, + { + id: 'CWE-842', + name: 'Placement of User into Incorrect Group', + status: 'Incomplete', + }, + { + id: 'CWE-843', + name: "Access of Resource Using Incompatible Type ('Type Confusion')", + status: 'Incomplete', + }, + { + id: 'CWE-85', + name: 'Doubled Character XSS Manipulations', + status: 'Draft', + }, + { + id: 'CWE-86', + name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', + status: 'Draft', + }, + { id: 'CWE-862', name: 'Missing Authorization', status: 'Incomplete' }, + { id: 'CWE-863', name: 'Incorrect Authorization', status: 'Incomplete' }, + { + id: 'CWE-87', + name: 'Improper Neutralization of Alternate XSS Syntax', + status: 'Draft', + }, + { + id: 'CWE-88', + name: 'Argument Injection or Modification', + status: 'Draft', + }, + { + id: 'CWE-89', + name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + status: 'Draft', + }, + { + id: 'CWE-9', + name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', + status: 'Draft', + }, + { + id: 'CWE-90', + name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", + status: 'Draft', + }, + { + id: 'CWE-908', + name: 'Use of Uninitialized Resource', + status: 'Incomplete', + }, + { + id: 'CWE-909', + name: 'Missing Initialization of Resource', + status: 'Incomplete', + }, + { + id: 'CWE-91', + name: 'XML Injection (aka Blind XPath Injection)', + status: 'Draft', + }, + { + id: 'CWE-910', + name: 'Use of Expired File Descriptor', + status: 'Incomplete', + }, + { + id: 'CWE-911', + name: 'Improper Update of Reference Count', + status: 'Incomplete', + }, + { id: 'CWE-912', name: 'Hidden Functionality', status: 'Incomplete' }, + { + id: 'CWE-913', + name: 'Improper Control of Dynamically-Managed Code Resources', + status: 'Incomplete', + }, + { + id: 'CWE-914', + name: 'Improper Control of Dynamically-Identified Variables', + status: 'Incomplete', + }, + { + id: 'CWE-915', + name: 'Improperly Controlled Modification of Dynamically-Determined Object Attributes', + status: 'Incomplete', + }, + { + id: 'CWE-916', + name: 'Use of Password Hash With Insufficient Computational Effort', + status: 'Incomplete', + }, + { + id: 'CWE-917', + name: "Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-918', + name: 'Server-Side Request Forgery (SSRF)', + status: 'Incomplete', + }, + { + id: 'CWE-92', + name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', + status: 'Deprecated', + }, + { + id: 'CWE-93', + name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", + status: 'Draft', + }, + { + id: 'CWE-94', + name: "Improper Control of Generation of Code ('Code Injection')", + status: 'Draft', + }, + { + id: 'CWE-95', + name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-96', + name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", + status: 'Draft', + }, + { + id: 'CWE-97', + name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', + status: 'Draft', + }, + { + id: 'CWE-98', + name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", + status: 'Draft', + }, + { + id: 'CWE-99', + name: "Improper Control of Resource Identifiers ('Resource Injection')", + status: 'Draft', + }, + ], +} diff --git a/lib/cwec/2.5.js b/lib/cwec/2.5.js new file mode 100644 index 00000000..a9c20ca2 --- /dev/null +++ b/lib/cwec/2.5.js @@ -0,0 +1,2966 @@ +export default { + weaknesses: [ + { + id: 'CWE-102', + name: 'Struts: Duplicate Validation Forms', + status: 'Incomplete', + }, + { + id: 'CWE-103', + name: 'Struts: Incomplete validate() Method Definition', + status: 'Draft', + }, + { + id: 'CWE-104', + name: 'Struts: Form Bean Does Not Extend Validation Class', + status: 'Draft', + }, + { + id: 'CWE-105', + name: 'Struts: Form Field Without Validator', + status: 'Draft', + }, + { + id: 'CWE-106', + name: 'Struts: Plug-in Framework not in Use', + status: 'Draft', + }, + { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, + { + id: 'CWE-108', + name: 'Struts: Unvalidated Action Form', + status: 'Incomplete', + }, + { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, + { + id: 'CWE-11', + name: 'ASP.NET Misconfiguration: Creating Debug Binary', + status: 'Draft', + }, + { + id: 'CWE-110', + name: 'Struts: Validator Without Form Field', + status: 'Draft', + }, + { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, + { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, + { + id: 'CWE-113', + name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')", + status: 'Incomplete', + }, + { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, + { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, + { + id: 'CWE-116', + name: 'Improper Encoding or Escaping of Output', + status: 'Draft', + }, + { + id: 'CWE-117', + name: 'Improper Output Neutralization for Logs', + status: 'Draft', + }, + { + id: 'CWE-118', + name: "Improper Access of Indexable Resource ('Range Error')", + status: 'Incomplete', + }, + { + id: 'CWE-119', + name: 'Improper Restriction of Operations within the Bounds of a Memory Buffer', + status: 'Usable', + }, + { + id: 'CWE-12', + name: 'ASP.NET Misconfiguration: Missing Custom Error Page', + status: 'Draft', + }, + { + id: 'CWE-120', + name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", + status: 'Incomplete', + }, + { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, + { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, + { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, + { + id: 'CWE-124', + name: "Buffer Underwrite ('Buffer Underflow')", + status: 'Incomplete', + }, + { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, + { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, + { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, + { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, + { + id: 'CWE-129', + name: 'Improper Validation of Array Index', + status: 'Draft', + }, + { + id: 'CWE-13', + name: 'ASP.NET Misconfiguration: Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-130', + name: 'Improper Handling of Length Parameter Inconsistency ', + status: 'Incomplete', + }, + { + id: 'CWE-131', + name: 'Incorrect Calculation of Buffer Size', + status: 'Draft', + }, + { + id: 'CWE-132', + name: 'DEPRECATED (Duplicate): Miscalculated Null Termination', + status: 'Deprecated', + }, + { id: 'CWE-134', name: 'Uncontrolled Format String', status: 'Draft' }, + { + id: 'CWE-135', + name: 'Incorrect Calculation of Multi-Byte String Length', + status: 'Draft', + }, + { + id: 'CWE-138', + name: 'Improper Neutralization of Special Elements', + status: 'Draft', + }, + { + id: 'CWE-14', + name: 'Compiler Removal of Code to Clear Buffers', + status: 'Draft', + }, + { + id: 'CWE-140', + name: 'Improper Neutralization of Delimiters', + status: 'Draft', + }, + { + id: 'CWE-141', + name: 'Improper Neutralization of Parameter/Argument Delimiters', + status: 'Draft', + }, + { + id: 'CWE-142', + name: 'Improper Neutralization of Value Delimiters', + status: 'Draft', + }, + { + id: 'CWE-143', + name: 'Improper Neutralization of Record Delimiters', + status: 'Draft', + }, + { + id: 'CWE-144', + name: 'Improper Neutralization of Line Delimiters', + status: 'Draft', + }, + { + id: 'CWE-145', + name: 'Improper Neutralization of Section Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-146', + name: 'Improper Neutralization of Expression/Command Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-147', + name: 'Improper Neutralization of Input Terminators', + status: 'Draft', + }, + { + id: 'CWE-148', + name: 'Improper Neutralization of Input Leaders', + status: 'Draft', + }, + { + id: 'CWE-149', + name: 'Improper Neutralization of Quoting Syntax', + status: 'Draft', + }, + { + id: 'CWE-15', + name: 'External Control of System or Configuration Setting', + status: 'Incomplete', + }, + { + id: 'CWE-150', + name: 'Improper Neutralization of Escape, Meta, or Control Sequences', + status: 'Incomplete', + }, + { + id: 'CWE-151', + name: 'Improper Neutralization of Comment Delimiters', + status: 'Draft', + }, + { + id: 'CWE-152', + name: 'Improper Neutralization of Macro Symbols', + status: 'Draft', + }, + { + id: 'CWE-153', + name: 'Improper Neutralization of Substitution Characters', + status: 'Draft', + }, + { + id: 'CWE-154', + name: 'Improper Neutralization of Variable Name Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-155', + name: 'Improper Neutralization of Wildcards or Matching Symbols', + status: 'Draft', + }, + { + id: 'CWE-156', + name: 'Improper Neutralization of Whitespace', + status: 'Draft', + }, + { + id: 'CWE-157', + name: 'Failure to Sanitize Paired Delimiters', + status: 'Draft', + }, + { + id: 'CWE-158', + name: 'Improper Neutralization of Null Byte or NUL Character', + status: 'Incomplete', + }, + { + id: 'CWE-159', + name: 'Failure to Sanitize Special Element', + status: 'Draft', + }, + { + id: 'CWE-160', + name: 'Improper Neutralization of Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-161', + name: 'Improper Neutralization of Multiple Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-162', + name: 'Improper Neutralization of Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-163', + name: 'Improper Neutralization of Multiple Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-164', + name: 'Improper Neutralization of Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-165', + name: 'Improper Neutralization of Multiple Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-166', + name: 'Improper Handling of Missing Special Element', + status: 'Draft', + }, + { + id: 'CWE-167', + name: 'Improper Handling of Additional Special Element', + status: 'Draft', + }, + { + id: 'CWE-168', + name: 'Improper Handling of Inconsistent Special Elements', + status: 'Draft', + }, + { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, + { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, + { + id: 'CWE-173', + name: 'Improper Handling of Alternate Encoding', + status: 'Draft', + }, + { + id: 'CWE-174', + name: 'Double Decoding of the Same Data', + status: 'Draft', + }, + { + id: 'CWE-175', + name: 'Improper Handling of Mixed Encoding', + status: 'Draft', + }, + { + id: 'CWE-176', + name: 'Improper Handling of Unicode Encoding', + status: 'Draft', + }, + { + id: 'CWE-177', + name: 'Improper Handling of URL Encoding (Hex Encoding)', + status: 'Draft', + }, + { + id: 'CWE-178', + name: 'Improper Handling of Case Sensitivity', + status: 'Incomplete', + }, + { + id: 'CWE-179', + name: 'Incorrect Behavior Order: Early Validation', + status: 'Incomplete', + }, + { + id: 'CWE-180', + name: 'Incorrect Behavior Order: Validate Before Canonicalize', + status: 'Draft', + }, + { + id: 'CWE-181', + name: 'Incorrect Behavior Order: Validate Before Filter', + status: 'Draft', + }, + { + id: 'CWE-182', + name: 'Collapse of Data into Unsafe Value', + status: 'Draft', + }, + { id: 'CWE-183', name: 'Permissive Whitelist', status: 'Draft' }, + { id: 'CWE-184', name: 'Incomplete Blacklist', status: 'Draft' }, + { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, + { + id: 'CWE-186', + name: 'Overly Restrictive Regular Expression', + status: 'Draft', + }, + { id: 'CWE-187', name: 'Partial Comparison', status: 'Incomplete' }, + { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, + { + id: 'CWE-190', + name: 'Integer Overflow or Wraparound', + status: 'Incomplete', + }, + { + id: 'CWE-191', + name: 'Integer Underflow (Wrap or Wraparound)', + status: 'Draft', + }, + { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, + { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, + { + id: 'CWE-195', + name: 'Signed to Unsigned Conversion Error', + status: 'Draft', + }, + { + id: 'CWE-196', + name: 'Unsigned to Signed Conversion Error', + status: 'Draft', + }, + { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, + { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, + { id: 'CWE-20', name: 'Improper Input Validation', status: 'Usable' }, + { id: 'CWE-200', name: 'Information Exposure', status: 'Incomplete' }, + { + id: 'CWE-201', + name: 'Information Exposure Through Sent Data', + status: 'Draft', + }, + { + id: 'CWE-202', + name: 'Exposure of Sensitive Data Through Data Queries', + status: 'Draft', + }, + { + id: 'CWE-203', + name: 'Information Exposure Through Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-204', + name: 'Response Discrepancy Information Exposure', + status: 'Incomplete', + }, + { + id: 'CWE-205', + name: 'Information Exposure Through Behavioral Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-206', + name: 'Information Exposure of Internal State Through Behavioral Inconsistency', + status: 'Incomplete', + }, + { + id: 'CWE-207', + name: 'Information Exposure Through an External Behavioral Inconsistency', + status: 'Draft', + }, + { + id: 'CWE-208', + name: 'Information Exposure Through Timing Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-209', + name: 'Information Exposure Through an Error Message', + status: 'Draft', + }, + { + id: 'CWE-210', + name: 'Information Exposure Through Self-generated Error Message', + status: 'Draft', + }, + { + id: 'CWE-211', + name: 'Information Exposure Through Externally-generated Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-212', + name: 'Improper Cross-boundary Removal of Sensitive Data', + status: 'Incomplete', + }, + { + id: 'CWE-213', + name: 'Intentional Information Exposure', + status: 'Draft', + }, + { + id: 'CWE-214', + name: 'Information Exposure Through Process Environment', + status: 'Incomplete', + }, + { + id: 'CWE-215', + name: 'Information Exposure Through Debug Information', + status: 'Draft', + }, + { + id: 'CWE-216', + name: 'Containment Errors (Container Errors)', + status: 'Incomplete', + }, + { + id: 'CWE-217', + name: 'DEPRECATED: Failure to Protect Stored Data from Modification', + status: 'Deprecated', + }, + { + id: 'CWE-218', + name: 'DEPRECATED (Duplicate): Failure to provide confidentiality for stored data', + status: 'Deprecated', + }, + { id: 'CWE-219', name: 'Sensitive Data Under Web Root', status: 'Draft' }, + { + id: 'CWE-22', + name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + status: 'Draft', + }, + { id: 'CWE-220', name: 'Sensitive Data Under FTP Root', status: 'Draft' }, + { + id: 'CWE-221', + name: 'Information Loss or Omission', + status: 'Incomplete', + }, + { + id: 'CWE-222', + name: 'Truncation of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-223', + name: 'Omission of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-224', + name: 'Obscured Security-relevant Information by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-225', + name: 'DEPRECATED (Duplicate): General Information Management Problems', + status: 'Deprecated', + }, + { + id: 'CWE-226', + name: 'Sensitive Information Uncleared Before Release', + status: 'Draft', + }, + { + id: 'CWE-227', + name: "Improper Fulfillment of API Contract ('API Abuse')", + status: 'Draft', + }, + { + id: 'CWE-228', + name: 'Improper Handling of Syntactically Invalid Structure', + status: 'Incomplete', + }, + { + id: 'CWE-229', + name: 'Improper Handling of Values', + status: 'Incomplete', + }, + { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, + { + id: 'CWE-230', + name: 'Improper Handling of Missing Values', + status: 'Draft', + }, + { + id: 'CWE-231', + name: 'Improper Handling of Extra Values', + status: 'Draft', + }, + { + id: 'CWE-232', + name: 'Improper Handling of Undefined Values', + status: 'Draft', + }, + { + id: 'CWE-233', + name: 'Improper Handling of Parameters', + status: 'Incomplete', + }, + { + id: 'CWE-234', + name: 'Failure to Handle Missing Parameter', + status: 'Incomplete', + }, + { + id: 'CWE-235', + name: 'Improper Handling of Extra Parameters', + status: 'Draft', + }, + { + id: 'CWE-236', + name: 'Improper Handling of Undefined Parameters', + status: 'Draft', + }, + { + id: 'CWE-237', + name: 'Improper Handling of Structural Elements', + status: 'Incomplete', + }, + { + id: 'CWE-238', + name: 'Improper Handling of Incomplete Structural Elements', + status: 'Draft', + }, + { + id: 'CWE-239', + name: 'Failure to Handle Incomplete Element', + status: 'Draft', + }, + { + id: 'CWE-24', + name: "Path Traversal: '../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-240', + name: 'Improper Handling of Inconsistent Structural Elements', + status: 'Draft', + }, + { + id: 'CWE-241', + name: 'Improper Handling of Unexpected Data Type', + status: 'Draft', + }, + { + id: 'CWE-242', + name: 'Use of Inherently Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-243', + name: 'Creation of chroot Jail Without Changing Working Directory', + status: 'Draft', + }, + { + id: 'CWE-244', + name: "Improper Clearing of Heap Memory Before Release ('Heap Inspection')", + status: 'Draft', + }, + { + id: 'CWE-245', + name: 'J2EE Bad Practices: Direct Management of Connections', + status: 'Draft', + }, + { + id: 'CWE-246', + name: 'J2EE Bad Practices: Direct Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-247', + name: 'DEPRECATED (Duplicate): Reliance on DNS Lookups in a Security Decision', + status: 'Deprecated', + }, + { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, + { + id: 'CWE-249', + name: 'DEPRECATED: Often Misused: Path Manipulation', + status: 'Deprecated', + }, + { + id: 'CWE-25', + name: "Path Traversal: '/../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-250', + name: 'Execution with Unnecessary Privileges', + status: 'Draft', + }, + { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, + { + id: 'CWE-253', + name: 'Incorrect Check of Function Return Value', + status: 'Incomplete', + }, + { + id: 'CWE-256', + name: 'Plaintext Storage of a Password', + status: 'Incomplete', + }, + { + id: 'CWE-257', + name: 'Storing Passwords in a Recoverable Format', + status: 'Incomplete', + }, + { + id: 'CWE-258', + name: 'Empty Password in Configuration File', + status: 'Incomplete', + }, + { id: 'CWE-259', name: 'Use of Hard-coded Password', status: 'Draft' }, + { + id: 'CWE-26', + name: "Path Traversal: '/dir/../filename'", + status: 'Draft', + }, + { + id: 'CWE-260', + name: 'Password in Configuration File', + status: 'Incomplete', + }, + { + id: 'CWE-261', + name: 'Weak Cryptography for Passwords', + status: 'Incomplete', + }, + { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, + { + id: 'CWE-263', + name: 'Password Aging with Long Expiration', + status: 'Draft', + }, + { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, + { + id: 'CWE-267', + name: 'Privilege Defined With Unsafe Actions', + status: 'Incomplete', + }, + { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, + { + id: 'CWE-269', + name: 'Improper Privilege Management', + status: 'Incomplete', + }, + { + id: 'CWE-27', + name: "Path Traversal: 'dir/../../filename'", + status: 'Draft', + }, + { + id: 'CWE-270', + name: 'Privilege Context Switching Error', + status: 'Draft', + }, + { + id: 'CWE-271', + name: 'Privilege Dropping / Lowering Errors', + status: 'Incomplete', + }, + { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, + { + id: 'CWE-273', + name: 'Improper Check for Dropped Privileges', + status: 'Incomplete', + }, + { + id: 'CWE-274', + name: 'Improper Handling of Insufficient Privileges', + status: 'Draft', + }, + { id: 'CWE-276', name: 'Incorrect Default Permissions', status: 'Draft' }, + { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, + { + id: 'CWE-278', + name: 'Insecure Preserved Inherited Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-279', + name: 'Incorrect Execution-Assigned Permissions', + status: 'Draft', + }, + { + id: 'CWE-28', + name: "Path Traversal: '..\\filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-280', + name: 'Improper Handling of Insufficient Permissions or Privileges ', + status: 'Draft', + }, + { + id: 'CWE-281', + name: 'Improper Preservation of Permissions', + status: 'Draft', + }, + { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, + { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, + { id: 'CWE-284', name: 'Improper Access Control', status: 'Incomplete' }, + { id: 'CWE-285', name: 'Improper Authorization', status: 'Draft' }, + { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, + { id: 'CWE-287', name: 'Improper Authentication', status: 'Draft' }, + { + id: 'CWE-288', + name: 'Authentication Bypass Using an Alternate Path or Channel', + status: 'Incomplete', + }, + { + id: 'CWE-289', + name: 'Authentication Bypass by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-29', + name: "Path Traversal: '\\..\\filename'", + status: 'Incomplete', + }, + { + id: 'CWE-290', + name: 'Authentication Bypass by Spoofing', + status: 'Incomplete', + }, + { + id: 'CWE-291', + name: 'Reliance on IP Address for Authentication', + status: 'Incomplete', + }, + { + id: 'CWE-292', + name: 'DEPRECATED (Duplicate): Trusting Self-reported DNS Name', + status: 'Deprecated', + }, + { + id: 'CWE-293', + name: 'Using Referer Field for Authentication', + status: 'Draft', + }, + { + id: 'CWE-294', + name: 'Authentication Bypass by Capture-replay', + status: 'Incomplete', + }, + { + id: 'CWE-295', + name: 'Improper Certificate Validation', + status: 'Incomplete', + }, + { + id: 'CWE-296', + name: "Improper Following of a Certificate's Chain of Trust", + status: 'Draft', + }, + { + id: 'CWE-297', + name: 'Improper Validation of Certificate with Host Mismatch', + status: 'Incomplete', + }, + { + id: 'CWE-298', + name: 'Improper Validation of Certificate Expiration', + status: 'Draft', + }, + { + id: 'CWE-299', + name: 'Improper Check for Certificate Revocation', + status: 'Draft', + }, + { + id: 'CWE-30', + name: "Path Traversal: '\\dir\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-300', + name: "Channel Accessible by Non-Endpoint ('Man-in-the-Middle')", + status: 'Draft', + }, + { + id: 'CWE-301', + name: 'Reflection Attack in an Authentication Protocol', + status: 'Draft', + }, + { + id: 'CWE-302', + name: 'Authentication Bypass by Assumed-Immutable Data', + status: 'Incomplete', + }, + { + id: 'CWE-303', + name: 'Incorrect Implementation of Authentication Algorithm', + status: 'Draft', + }, + { + id: 'CWE-304', + name: 'Missing Critical Step in Authentication', + status: 'Draft', + }, + { + id: 'CWE-305', + name: 'Authentication Bypass by Primary Weakness', + status: 'Draft', + }, + { + id: 'CWE-306', + name: 'Missing Authentication for Critical Function', + status: 'Draft', + }, + { + id: 'CWE-307', + name: 'Improper Restriction of Excessive Authentication Attempts', + status: 'Draft', + }, + { + id: 'CWE-308', + name: 'Use of Single-factor Authentication', + status: 'Draft', + }, + { + id: 'CWE-309', + name: 'Use of Password System for Primary Authentication', + status: 'Draft', + }, + { + id: 'CWE-31', + name: "Path Traversal: 'dir\\..\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-311', + name: 'Missing Encryption of Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-312', + name: 'Cleartext Storage of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-313', + name: 'Cleartext Storage in a File or on Disk', + status: 'Draft', + }, + { + id: 'CWE-314', + name: 'Cleartext Storage in the Registry', + status: 'Draft', + }, + { + id: 'CWE-315', + name: 'Cleartext Storage of Sensitive Information in a Cookie', + status: 'Draft', + }, + { + id: 'CWE-316', + name: 'Cleartext Storage of Sensitive Information in Memory', + status: 'Draft', + }, + { + id: 'CWE-317', + name: 'Cleartext Storage of Sensitive Information in GUI', + status: 'Draft', + }, + { + id: 'CWE-318', + name: 'Cleartext Storage of Sensitive Information in Executable', + status: 'Draft', + }, + { + id: 'CWE-319', + name: 'Cleartext Transmission of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-32', + name: "Path Traversal: '...' (Triple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-321', + name: 'Use of Hard-coded Cryptographic Key', + status: 'Draft', + }, + { + id: 'CWE-322', + name: 'Key Exchange without Entity Authentication', + status: 'Draft', + }, + { + id: 'CWE-323', + name: 'Reusing a Nonce, Key Pair in Encryption', + status: 'Incomplete', + }, + { + id: 'CWE-324', + name: 'Use of a Key Past its Expiration Date', + status: 'Draft', + }, + { + id: 'CWE-325', + name: 'Missing Required Cryptographic Step', + status: 'Incomplete', + }, + { id: 'CWE-326', name: 'Inadequate Encryption Strength', status: 'Draft' }, + { + id: 'CWE-327', + name: 'Use of a Broken or Risky Cryptographic Algorithm', + status: 'Draft', + }, + { id: 'CWE-328', name: 'Reversible One-Way Hash', status: 'Draft' }, + { + id: 'CWE-329', + name: 'Not Using a Random IV with CBC Mode', + status: 'Draft', + }, + { + id: 'CWE-33', + name: "Path Traversal: '....' (Multiple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-330', + name: 'Use of Insufficiently Random Values', + status: 'Usable', + }, + { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, + { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, + { + id: 'CWE-333', + name: 'Improper Handling of Insufficient Entropy in TRNG', + status: 'Draft', + }, + { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, + { id: 'CWE-335', name: 'PRNG Seed Error', status: 'Draft' }, + { id: 'CWE-336', name: 'Same Seed in PRNG', status: 'Draft' }, + { id: 'CWE-337', name: 'Predictable Seed in PRNG', status: 'Draft' }, + { + id: 'CWE-338', + name: 'Use of Cryptographically Weak PRNG', + status: 'Draft', + }, + { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, + { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, + { id: 'CWE-340', name: 'Predictability Problems', status: 'Incomplete' }, + { + id: 'CWE-341', + name: 'Predictable from Observable State', + status: 'Draft', + }, + { + id: 'CWE-342', + name: 'Predictable Exact Value from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-343', + name: 'Predictable Value Range from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-344', + name: 'Use of Invariant Value in Dynamically Changing Context', + status: 'Draft', + }, + { + id: 'CWE-345', + name: 'Insufficient Verification of Data Authenticity', + status: 'Draft', + }, + { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, + { + id: 'CWE-347', + name: 'Improper Verification of Cryptographic Signature', + status: 'Draft', + }, + { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, + { + id: 'CWE-349', + name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', + status: 'Draft', + }, + { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, + { + id: 'CWE-350', + name: 'Reliance on Reverse DNS Resolution for a Security-Critical Action', + status: 'Draft', + }, + { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, + { + id: 'CWE-353', + name: 'Missing Support for Integrity Check', + status: 'Draft', + }, + { + id: 'CWE-354', + name: 'Improper Validation of Integrity Check Value', + status: 'Draft', + }, + { + id: 'CWE-356', + name: 'Product UI does not Warn User of Unsafe Actions', + status: 'Incomplete', + }, + { + id: 'CWE-357', + name: 'Insufficient UI Warning of Dangerous Operations', + status: 'Draft', + }, + { + id: 'CWE-358', + name: 'Improperly Implemented Security Check for Standard', + status: 'Draft', + }, + { id: 'CWE-359', name: 'Privacy Violation', status: 'Incomplete' }, + { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, + { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, + { + id: 'CWE-362', + name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", + status: 'Draft', + }, + { + id: 'CWE-363', + name: 'Race Condition Enabling Link Following', + status: 'Draft', + }, + { + id: 'CWE-364', + name: 'Signal Handler Race Condition', + status: 'Incomplete', + }, + { id: 'CWE-365', name: 'Race Condition in Switch', status: 'Draft' }, + { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, + { + id: 'CWE-367', + name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', + status: 'Incomplete', + }, + { + id: 'CWE-368', + name: 'Context Switching Race Condition', + status: 'Draft', + }, + { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, + { + id: 'CWE-37', + name: "Path Traversal: '/absolute/pathname/here'", + status: 'Draft', + }, + { + id: 'CWE-370', + name: 'Missing Check for Certificate Revocation after Initial Check', + status: 'Draft', + }, + { + id: 'CWE-372', + name: 'Incomplete Internal State Distinction', + status: 'Draft', + }, + { + id: 'CWE-373', + name: 'DEPRECATED: State Synchronization Error', + status: 'Deprecated', + }, + { + id: 'CWE-374', + name: 'Passing Mutable Objects to an Untrusted Method', + status: 'Draft', + }, + { + id: 'CWE-375', + name: 'Returning a Mutable Object to an Untrusted Caller', + status: 'Draft', + }, + { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, + { + id: 'CWE-378', + name: 'Creation of Temporary File With Insecure Permissions', + status: 'Draft', + }, + { + id: 'CWE-379', + name: 'Creation of Temporary File in Directory with Incorrect Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-38', + name: "Path Traversal: '\\absolute\\pathname\\here'", + status: 'Draft', + }, + { + id: 'CWE-382', + name: 'J2EE Bad Practices: Use of System.exit()', + status: 'Draft', + }, + { + id: 'CWE-383', + name: 'J2EE Bad Practices: Direct Use of Threads', + status: 'Draft', + }, + { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, + { + id: 'CWE-386', + name: 'Symbolic Name not Mapping to Correct Object', + status: 'Draft', + }, + { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, + { + id: 'CWE-390', + name: 'Detection of Error Condition Without Action', + status: 'Draft', + }, + { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, + { + id: 'CWE-392', + name: 'Missing Report of Error Condition', + status: 'Draft', + }, + { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, + { + id: 'CWE-394', + name: 'Unexpected Status Code or Return Value', + status: 'Draft', + }, + { + id: 'CWE-395', + name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', + status: 'Draft', + }, + { + id: 'CWE-396', + name: 'Declaration of Catch for Generic Exception', + status: 'Draft', + }, + { + id: 'CWE-397', + name: 'Declaration of Throws for Generic Exception', + status: 'Draft', + }, + { id: 'CWE-398', name: 'Indicator of Poor Code Quality', status: 'Draft' }, + { + id: 'CWE-40', + name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", + status: 'Draft', + }, + { + id: 'CWE-400', + name: "Uncontrolled Resource Consumption ('Resource Exhaustion')", + status: 'Incomplete', + }, + { + id: 'CWE-401', + name: "Improper Release of Memory Before Removing Last Reference ('Memory Leak')", + status: 'Draft', + }, + { + id: 'CWE-402', + name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", + status: 'Draft', + }, + { + id: 'CWE-403', + name: "Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')", + status: 'Draft', + }, + { + id: 'CWE-404', + name: 'Improper Resource Shutdown or Release', + status: 'Draft', + }, + { + id: 'CWE-405', + name: 'Asymmetric Resource Consumption (Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-406', + name: 'Insufficient Control of Network Message Volume (Network Amplification)', + status: 'Incomplete', + }, + { id: 'CWE-407', name: 'Algorithmic Complexity', status: 'Incomplete' }, + { + id: 'CWE-408', + name: 'Incorrect Behavior Order: Early Amplification', + status: 'Draft', + }, + { + id: 'CWE-409', + name: 'Improper Handling of Highly Compressed Data (Data Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-41', + name: 'Improper Resolution of Path Equivalence', + status: 'Incomplete', + }, + { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, + { + id: 'CWE-412', + name: 'Unrestricted Externally Accessible Lock', + status: 'Incomplete', + }, + { id: 'CWE-413', name: 'Improper Resource Locking', status: 'Draft' }, + { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, + { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, + { id: 'CWE-416', name: 'Use After Free', status: 'Draft' }, + { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, + { + id: 'CWE-42', + name: "Path Equivalence: 'filename.' (Trailing Dot)", + status: 'Incomplete', + }, + { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, + { + id: 'CWE-421', + name: 'Race Condition During Access to Alternate Channel', + status: 'Draft', + }, + { + id: 'CWE-422', + name: "Unprotected Windows Messaging Channel ('Shatter')", + status: 'Draft', + }, + { + id: 'CWE-423', + name: 'DEPRECATED (Duplicate): Proxied Trusted Channel', + status: 'Deprecated', + }, + { + id: 'CWE-424', + name: 'Improper Protection of Alternate Path', + status: 'Draft', + }, + { + id: 'CWE-425', + name: "Direct Request ('Forced Browsing')", + status: 'Incomplete', + }, + { + id: 'CWE-427', + name: 'Uncontrolled Search Path Element', + status: 'Draft', + }, + { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, + { + id: 'CWE-43', + name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-430', + name: 'Deployment of Wrong Handler', + status: 'Incomplete', + }, + { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, + { + id: 'CWE-432', + name: 'Dangerous Signal Handler not Disabled During Sensitive Operations', + status: 'Draft', + }, + { + id: 'CWE-433', + name: 'Unparsed Raw Web Content Delivery', + status: 'Incomplete', + }, + { + id: 'CWE-434', + name: 'Unrestricted Upload of File with Dangerous Type', + status: 'Draft', + }, + { id: 'CWE-435', name: 'Interaction Error', status: 'Draft' }, + { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, + { + id: 'CWE-437', + name: 'Incomplete Model of Endpoint Features', + status: 'Incomplete', + }, + { + id: 'CWE-439', + name: 'Behavioral Change in New Version or Environment', + status: 'Draft', + }, + { + id: 'CWE-44', + name: "Path Equivalence: 'file.name' (Internal Dot)", + status: 'Incomplete', + }, + { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, + { + id: 'CWE-441', + name: "Unintended Proxy or Intermediary ('Confused Deputy')", + status: 'Draft', + }, + { + id: 'CWE-443', + name: 'DEPRECATED (Duplicate): HTTP response splitting', + status: 'Deprecated', + }, + { + id: 'CWE-444', + name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')", + status: 'Incomplete', + }, + { + id: 'CWE-446', + name: 'UI Discrepancy for Security Feature', + status: 'Incomplete', + }, + { + id: 'CWE-447', + name: 'Unimplemented or Unsupported Feature in UI', + status: 'Draft', + }, + { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, + { + id: 'CWE-449', + name: 'The UI Performs the Wrong Action', + status: 'Incomplete', + }, + { + id: 'CWE-45', + name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-450', + name: 'Multiple Interpretations of UI Input', + status: 'Draft', + }, + { + id: 'CWE-451', + name: 'UI Misrepresentation of Critical Information', + status: 'Draft', + }, + { + id: 'CWE-453', + name: 'Insecure Default Variable Initialization', + status: 'Draft', + }, + { + id: 'CWE-454', + name: 'External Initialization of Trusted Variables or Data Stores', + status: 'Draft', + }, + { + id: 'CWE-455', + name: 'Non-exit on Failed Initialization', + status: 'Draft', + }, + { + id: 'CWE-456', + name: 'Missing Initialization of a Variable', + status: 'Draft', + }, + { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, + { + id: 'CWE-458', + name: 'DEPRECATED: Incorrect Initialization', + status: 'Deprecated', + }, + { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, + { + id: 'CWE-46', + name: "Path Equivalence: 'filename ' (Trailing Space)", + status: 'Incomplete', + }, + { + id: 'CWE-460', + name: 'Improper Cleanup on Thrown Exception', + status: 'Draft', + }, + { + id: 'CWE-462', + name: 'Duplicate Key in Associative List (Alist)', + status: 'Incomplete', + }, + { + id: 'CWE-463', + name: 'Deletion of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-464', + name: 'Addition of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-466', + name: 'Return of Pointer Value Outside of Expected Range', + status: 'Draft', + }, + { + id: 'CWE-467', + name: 'Use of sizeof() on a Pointer Type', + status: 'Draft', + }, + { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, + { + id: 'CWE-469', + name: 'Use of Pointer Subtraction to Determine Size', + status: 'Draft', + }, + { + id: 'CWE-47', + name: "Path Equivalence: ' filename' (Leading Space)", + status: 'Incomplete', + }, + { + id: 'CWE-470', + name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", + status: 'Draft', + }, + { + id: 'CWE-471', + name: 'Modification of Assumed-Immutable Data (MAID)', + status: 'Draft', + }, + { + id: 'CWE-472', + name: 'External Control of Assumed-Immutable Web Parameter', + status: 'Draft', + }, + { + id: 'CWE-473', + name: 'PHP External Variable Modification', + status: 'Draft', + }, + { + id: 'CWE-474', + name: 'Use of Function with Inconsistent Implementations', + status: 'Draft', + }, + { + id: 'CWE-475', + name: 'Undefined Behavior for Input to API', + status: 'Incomplete', + }, + { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Draft' }, + { id: 'CWE-477', name: 'Use of Obsolete Functions', status: 'Draft' }, + { + id: 'CWE-478', + name: 'Missing Default Case in Switch Statement', + status: 'Draft', + }, + { + id: 'CWE-479', + name: 'Signal Handler Use of a Non-reentrant Function', + status: 'Draft', + }, + { + id: 'CWE-48', + name: "Path Equivalence: 'file name' (Internal Whitespace)", + status: 'Incomplete', + }, + { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, + { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, + { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, + { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, + { + id: 'CWE-484', + name: 'Omitted Break Statement in Switch', + status: 'Draft', + }, + { id: 'CWE-485', name: 'Insufficient Encapsulation', status: 'Draft' }, + { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, + { + id: 'CWE-487', + name: 'Reliance on Package-level Scope', + status: 'Incomplete', + }, + { + id: 'CWE-488', + name: 'Exposure of Data Element to Wrong Session', + status: 'Draft', + }, + { id: 'CWE-489', name: 'Leftover Debug Code', status: 'Draft' }, + { + id: 'CWE-49', + name: "Path Equivalence: 'filename/' (Trailing Slash)", + status: 'Incomplete', + }, + { + id: 'CWE-491', + name: "Public cloneable() Method Without Final ('Object Hijack')", + status: 'Draft', + }, + { + id: 'CWE-492', + name: 'Use of Inner Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-493', + name: 'Critical Public Variable Without Final Modifier', + status: 'Draft', + }, + { + id: 'CWE-494', + name: 'Download of Code Without Integrity Check', + status: 'Draft', + }, + { + id: 'CWE-495', + name: 'Private Array-Typed Field Returned From A Public Method', + status: 'Draft', + }, + { + id: 'CWE-496', + name: 'Public Data Assigned to Private Array-Typed Field', + status: 'Incomplete', + }, + { + id: 'CWE-497', + name: 'Exposure of System Data to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-498', + name: 'Cloneable Class Containing Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-499', + name: 'Serializable Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-5', + name: 'J2EE Misconfiguration: Data Transmission Without Encryption', + status: 'Draft', + }, + { + id: 'CWE-50', + name: "Path Equivalence: '//multiple/leading/slash'", + status: 'Incomplete', + }, + { + id: 'CWE-500', + name: 'Public Static Field Not Marked Final', + status: 'Draft', + }, + { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, + { + id: 'CWE-502', + name: 'Deserialization of Untrusted Data', + status: 'Draft', + }, + { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, + { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, + { + id: 'CWE-508', + name: 'Non-Replicating Malicious Code', + status: 'Incomplete', + }, + { + id: 'CWE-509', + name: 'Replicating Malicious Code (Virus or Worm)', + status: 'Incomplete', + }, + { + id: 'CWE-51', + name: "Path Equivalence: '/multiple//internal/slash'", + status: 'Incomplete', + }, + { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, + { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, + { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, + { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, + { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, + { + id: 'CWE-516', + name: 'DEPRECATED (Duplicate): Covert Timing Channel', + status: 'Deprecated', + }, + { + id: 'CWE-52', + name: "Path Equivalence: '/multiple/trailing/slash//'", + status: 'Incomplete', + }, + { + id: 'CWE-520', + name: '.NET Misconfiguration: Use of Impersonation', + status: 'Incomplete', + }, + { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, + { + id: 'CWE-522', + name: 'Insufficiently Protected Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-523', + name: 'Unprotected Transport of Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-524', + name: 'Information Exposure Through Caching', + status: 'Incomplete', + }, + { + id: 'CWE-525', + name: 'Information Exposure Through Browser Caching', + status: 'Incomplete', + }, + { + id: 'CWE-526', + name: 'Information Exposure Through Environmental Variables', + status: 'Incomplete', + }, + { + id: 'CWE-527', + name: 'Exposure of CVS Repository to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-528', + name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', + status: 'Draft', + }, + { + id: 'CWE-529', + name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-53', + name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", + status: 'Incomplete', + }, + { + id: 'CWE-530', + name: 'Exposure of Backup File to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-531', + name: 'Information Exposure Through Test Code', + status: 'Incomplete', + }, + { + id: 'CWE-532', + name: 'Information Exposure Through Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-533', + name: 'Information Exposure Through Server Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-534', + name: 'Information Exposure Through Debug Log Files', + status: 'Draft', + }, + { + id: 'CWE-535', + name: 'Information Exposure Through Shell Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-536', + name: 'Information Exposure Through Servlet Runtime Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-537', + name: 'Information Exposure Through Java Runtime Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-538', + name: 'File and Directory Information Exposure', + status: 'Draft', + }, + { + id: 'CWE-539', + name: 'Information Exposure Through Persistent Cookies', + status: 'Incomplete', + }, + { + id: 'CWE-54', + name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", + status: 'Incomplete', + }, + { + id: 'CWE-540', + name: 'Information Exposure Through Source Code', + status: 'Incomplete', + }, + { + id: 'CWE-541', + name: 'Information Exposure Through Include Source Code', + status: 'Incomplete', + }, + { + id: 'CWE-542', + name: 'Information Exposure Through Cleanup Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-543', + name: 'Use of Singleton Pattern Without Synchronization in a Multithreaded Context', + status: 'Incomplete', + }, + { + id: 'CWE-544', + name: 'Missing Standardized Error Handling Mechanism', + status: 'Draft', + }, + { + id: 'CWE-545', + name: 'Use of Dynamic Class Loading', + status: 'Incomplete', + }, + { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, + { + id: 'CWE-547', + name: 'Use of Hard-coded, Security-relevant Constants', + status: 'Draft', + }, + { + id: 'CWE-548', + name: 'Information Exposure Through Directory Listing', + status: 'Draft', + }, + { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, + { + id: 'CWE-55', + name: "Path Equivalence: '/./' (Single Dot Directory)", + status: 'Incomplete', + }, + { + id: 'CWE-550', + name: 'Information Exposure Through Server Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-551', + name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', + status: 'Incomplete', + }, + { + id: 'CWE-552', + name: 'Files or Directories Accessible to External Parties', + status: 'Draft', + }, + { + id: 'CWE-553', + name: 'Command Shell in Externally Accessible Directory', + status: 'Incomplete', + }, + { + id: 'CWE-554', + name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', + status: 'Draft', + }, + { + id: 'CWE-555', + name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-556', + name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', + status: 'Incomplete', + }, + { + id: 'CWE-558', + name: 'Use of getlogin() in Multithreaded Application', + status: 'Draft', + }, + { + id: 'CWE-56', + name: "Path Equivalence: 'filedir*' (Wildcard)", + status: 'Incomplete', + }, + { + id: 'CWE-560', + name: 'Use of umask() with chmod-style Argument', + status: 'Draft', + }, + { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, + { + id: 'CWE-562', + name: 'Return of Stack Variable Address', + status: 'Draft', + }, + { id: 'CWE-563', name: 'Unused Variable', status: 'Draft' }, + { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, + { + id: 'CWE-565', + name: 'Reliance on Cookies without Validation and Integrity Checking', + status: 'Incomplete', + }, + { + id: 'CWE-566', + name: 'Authorization Bypass Through User-Controlled SQL Primary Key', + status: 'Incomplete', + }, + { + id: 'CWE-567', + name: 'Unsynchronized Access to Shared Data in a Multithreaded Context', + status: 'Draft', + }, + { + id: 'CWE-568', + name: 'finalize() Method Without super.finalize()', + status: 'Draft', + }, + { + id: 'CWE-57', + name: "Path Equivalence: 'fakedir/../realdir/filename'", + status: 'Incomplete', + }, + { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, + { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, + { + id: 'CWE-572', + name: 'Call to Thread run() instead of start()', + status: 'Draft', + }, + { + id: 'CWE-573', + name: 'Improper Following of Specification by Caller', + status: 'Draft', + }, + { + id: 'CWE-574', + name: 'EJB Bad Practices: Use of Synchronization Primitives', + status: 'Draft', + }, + { + id: 'CWE-575', + name: 'EJB Bad Practices: Use of AWT Swing', + status: 'Draft', + }, + { + id: 'CWE-576', + name: 'EJB Bad Practices: Use of Java I/O', + status: 'Draft', + }, + { + id: 'CWE-577', + name: 'EJB Bad Practices: Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-578', + name: 'EJB Bad Practices: Use of Class Loader', + status: 'Draft', + }, + { + id: 'CWE-579', + name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', + status: 'Draft', + }, + { + id: 'CWE-58', + name: 'Path Equivalence: Windows 8.3 Filename', + status: 'Incomplete', + }, + { + id: 'CWE-580', + name: 'clone() Method Without super.clone()', + status: 'Draft', + }, + { + id: 'CWE-581', + name: 'Object Model Violation: Just One of Equals and Hashcode Defined', + status: 'Draft', + }, + { + id: 'CWE-582', + name: 'Array Declared Public, Final, and Static', + status: 'Draft', + }, + { + id: 'CWE-583', + name: 'finalize() Method Declared Public', + status: 'Incomplete', + }, + { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, + { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, + { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, + { + id: 'CWE-587', + name: 'Assignment of a Fixed Address to a Pointer', + status: 'Draft', + }, + { + id: 'CWE-588', + name: 'Attempt to Access Child of a Non-structure Pointer', + status: 'Incomplete', + }, + { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, + { + id: 'CWE-59', + name: "Improper Link Resolution Before File Access ('Link Following')", + status: 'Draft', + }, + { + id: 'CWE-590', + name: 'Free of Memory not on the Heap', + status: 'Incomplete', + }, + { + id: 'CWE-591', + name: 'Sensitive Data Storage in Improperly Locked Memory', + status: 'Draft', + }, + { + id: 'CWE-592', + name: 'Authentication Bypass Issues', + status: 'Incomplete', + }, + { + id: 'CWE-593', + name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', + status: 'Draft', + }, + { + id: 'CWE-594', + name: 'J2EE Framework: Saving Unserializable Objects to Disk', + status: 'Incomplete', + }, + { + id: 'CWE-595', + name: 'Comparison of Object References Instead of Object Contents', + status: 'Incomplete', + }, + { + id: 'CWE-596', + name: 'Incorrect Semantic Object Comparison', + status: 'Incomplete', + }, + { + id: 'CWE-597', + name: 'Use of Wrong Operator in String Comparison', + status: 'Draft', + }, + { + id: 'CWE-598', + name: 'Information Exposure Through Query Strings in GET Request', + status: 'Draft', + }, + { + id: 'CWE-599', + name: 'Missing Validation of OpenSSL Certificate', + status: 'Incomplete', + }, + { + id: 'CWE-6', + name: 'J2EE Misconfiguration: Insufficient Session-ID Length', + status: 'Incomplete', + }, + { id: 'CWE-600', name: 'Uncaught Exception in Servlet ', status: 'Draft' }, + { + id: 'CWE-601', + name: "URL Redirection to Untrusted Site ('Open Redirect')", + status: 'Draft', + }, + { + id: 'CWE-602', + name: 'Client-Side Enforcement of Server-Side Security', + status: 'Draft', + }, + { + id: 'CWE-603', + name: 'Use of Client-Side Authentication', + status: 'Draft', + }, + { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, + { + id: 'CWE-606', + name: 'Unchecked Input for Loop Condition', + status: 'Draft', + }, + { + id: 'CWE-607', + name: 'Public Static Final Field References Mutable Object', + status: 'Draft', + }, + { + id: 'CWE-608', + name: 'Struts: Non-private Field in ActionForm Class', + status: 'Draft', + }, + { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, + { + id: 'CWE-610', + name: 'Externally Controlled Reference to a Resource in Another Sphere', + status: 'Draft', + }, + { + id: 'CWE-611', + name: "Improper Restriction of XML External Entity Reference ('XXE')", + status: 'Draft', + }, + { + id: 'CWE-612', + name: 'Information Exposure Through Indexing of Private Data', + status: 'Draft', + }, + { + id: 'CWE-613', + name: 'Insufficient Session Expiration', + status: 'Incomplete', + }, + { + id: 'CWE-614', + name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", + status: 'Draft', + }, + { + id: 'CWE-615', + name: 'Information Exposure Through Comments', + status: 'Incomplete', + }, + { + id: 'CWE-616', + name: 'Incomplete Identification of Uploaded File Variables (PHP)', + status: 'Incomplete', + }, + { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, + { + id: 'CWE-618', + name: 'Exposed Unsafe ActiveX Method', + status: 'Incomplete', + }, + { + id: 'CWE-619', + name: "Dangling Database Cursor ('Cursor Injection')", + status: 'Incomplete', + }, + { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, + { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, + { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, + { + id: 'CWE-622', + name: 'Improper Validation of Function Hook Arguments', + status: 'Draft', + }, + { + id: 'CWE-623', + name: 'Unsafe ActiveX Control Marked Safe For Scripting', + status: 'Draft', + }, + { + id: 'CWE-624', + name: 'Executable Regular Expression Error', + status: 'Incomplete', + }, + { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, + { + id: 'CWE-626', + name: 'Null Byte Interaction Error (Poison Null Byte)', + status: 'Draft', + }, + { + id: 'CWE-627', + name: 'Dynamic Variable Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-628', + name: 'Function Call with Incorrectly Specified Arguments', + status: 'Draft', + }, + { + id: 'CWE-636', + name: "Not Failing Securely ('Failing Open')", + status: 'Draft', + }, + { + id: 'CWE-637', + name: "Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')", + status: 'Draft', + }, + { id: 'CWE-638', name: 'Not Using Complete Mediation', status: 'Draft' }, + { + id: 'CWE-639', + name: 'Authorization Bypass Through User-Controlled Key', + status: 'Incomplete', + }, + { + id: 'CWE-64', + name: 'Windows Shortcut Following (.LNK)', + status: 'Incomplete', + }, + { + id: 'CWE-640', + name: 'Weak Password Recovery Mechanism for Forgotten Password', + status: 'Incomplete', + }, + { + id: 'CWE-641', + name: 'Improper Restriction of Names for Files and Other Resources', + status: 'Incomplete', + }, + { + id: 'CWE-642', + name: 'External Control of Critical State Data', + status: 'Draft', + }, + { + id: 'CWE-643', + name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-644', + name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', + status: 'Incomplete', + }, + { + id: 'CWE-645', + name: 'Overly Restrictive Account Lockout Mechanism', + status: 'Incomplete', + }, + { + id: 'CWE-646', + name: 'Reliance on File Name or Extension of Externally-Supplied File', + status: 'Incomplete', + }, + { + id: 'CWE-647', + name: 'Use of Non-Canonical URL Paths for Authorization Decisions', + status: 'Incomplete', + }, + { + id: 'CWE-648', + name: 'Incorrect Use of Privileged APIs', + status: 'Incomplete', + }, + { + id: 'CWE-649', + name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', + status: 'Incomplete', + }, + { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, + { + id: 'CWE-650', + name: 'Trusting HTTP Permission Methods on the Server Side', + status: 'Incomplete', + }, + { + id: 'CWE-651', + name: 'Information Exposure Through WSDL File', + status: 'Incomplete', + }, + { + id: 'CWE-652', + name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-653', + name: 'Insufficient Compartmentalization', + status: 'Draft', + }, + { + id: 'CWE-654', + name: 'Reliance on a Single Factor in a Security Decision', + status: 'Draft', + }, + { + id: 'CWE-655', + name: 'Insufficient Psychological Acceptability', + status: 'Draft', + }, + { + id: 'CWE-656', + name: 'Reliance on Security Through Obscurity', + status: 'Draft', + }, + { + id: 'CWE-657', + name: 'Violation of Secure Design Principles', + status: 'Draft', + }, + { + id: 'CWE-66', + name: 'Improper Handling of File Names that Identify Virtual Resources', + status: 'Draft', + }, + { id: 'CWE-662', name: 'Improper Synchronization', status: 'Draft' }, + { + id: 'CWE-663', + name: 'Use of a Non-reentrant Function in a Concurrent Context', + status: 'Draft', + }, + { + id: 'CWE-664', + name: 'Improper Control of a Resource Through its Lifetime', + status: 'Draft', + }, + { id: 'CWE-665', name: 'Improper Initialization', status: 'Draft' }, + { + id: 'CWE-666', + name: 'Operation on Resource in Wrong Phase of Lifetime', + status: 'Draft', + }, + { id: 'CWE-667', name: 'Improper Locking', status: 'Draft' }, + { + id: 'CWE-668', + name: 'Exposure of Resource to Wrong Sphere', + status: 'Draft', + }, + { + id: 'CWE-669', + name: 'Incorrect Resource Transfer Between Spheres', + status: 'Draft', + }, + { + id: 'CWE-67', + name: 'Improper Handling of Windows Device Names', + status: 'Incomplete', + }, + { + id: 'CWE-670', + name: 'Always-Incorrect Control Flow Implementation', + status: 'Draft', + }, + { + id: 'CWE-671', + name: 'Lack of Administrator Control over Security', + status: 'Draft', + }, + { + id: 'CWE-672', + name: 'Operation on a Resource after Expiration or Release', + status: 'Draft', + }, + { + id: 'CWE-673', + name: 'External Influence of Sphere Definition', + status: 'Draft', + }, + { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, + { + id: 'CWE-675', + name: 'Duplicate Operations on Resource', + status: 'Draft', + }, + { + id: 'CWE-676', + name: 'Use of Potentially Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-681', + name: 'Incorrect Conversion between Numeric Types', + status: 'Draft', + }, + { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, + { + id: 'CWE-683', + name: 'Function Call With Incorrect Order of Arguments', + status: 'Draft', + }, + { + id: 'CWE-684', + name: 'Incorrect Provision of Specified Functionality', + status: 'Draft', + }, + { + id: 'CWE-685', + name: 'Function Call With Incorrect Number of Arguments', + status: 'Draft', + }, + { + id: 'CWE-686', + name: 'Function Call With Incorrect Argument Type', + status: 'Draft', + }, + { + id: 'CWE-687', + name: 'Function Call With Incorrectly Specified Argument Value', + status: 'Draft', + }, + { + id: 'CWE-688', + name: 'Function Call With Incorrect Variable or Reference as Argument', + status: 'Draft', + }, + { + id: 'CWE-69', + name: 'Improper Handling of Windows ::DATA Alternate Data Stream', + status: 'Incomplete', + }, + { + id: 'CWE-691', + name: 'Insufficient Control Flow Management', + status: 'Draft', + }, + { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, + { + id: 'CWE-694', + name: 'Use of Multiple Resources with Duplicate Identifier', + status: 'Incomplete', + }, + { + id: 'CWE-695', + name: 'Use of Low-Level Functionality', + status: 'Incomplete', + }, + { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, + { id: 'CWE-697', name: 'Insufficient Comparison', status: 'Incomplete' }, + { + id: 'CWE-698', + name: 'Execution After Redirect (EAR)', + status: 'Incomplete', + }, + { + id: 'CWE-7', + name: 'J2EE Misconfiguration: Missing Custom Error Page', + status: 'Incomplete', + }, + { + id: 'CWE-703', + name: 'Improper Check or Handling of Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-704', + name: 'Incorrect Type Conversion or Cast', + status: 'Incomplete', + }, + { + id: 'CWE-705', + name: 'Incorrect Control Flow Scoping', + status: 'Incomplete', + }, + { + id: 'CWE-706', + name: 'Use of Incorrectly-Resolved Name or Reference', + status: 'Incomplete', + }, + { + id: 'CWE-707', + name: 'Improper Enforcement of Message or Data Structure', + status: 'Incomplete', + }, + { + id: 'CWE-708', + name: 'Incorrect Ownership Assignment', + status: 'Incomplete', + }, + { id: 'CWE-71', name: "Apple '.DS_Store'", status: 'Incomplete' }, + { id: 'CWE-710', name: 'Coding Standards Violation', status: 'Incomplete' }, + { + id: 'CWE-72', + name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', + status: 'Incomplete', + }, + { + id: 'CWE-73', + name: 'External Control of File Name or Path', + status: 'Draft', + }, + { + id: 'CWE-732', + name: 'Incorrect Permission Assignment for Critical Resource', + status: 'Draft', + }, + { + id: 'CWE-733', + name: 'Compiler Optimization Removal or Modification of Security-critical Code', + status: 'Incomplete', + }, + { + id: 'CWE-74', + name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-749', + name: 'Exposed Dangerous Method or Function', + status: 'Incomplete', + }, + { + id: 'CWE-75', + name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', + status: 'Draft', + }, + { + id: 'CWE-754', + name: 'Improper Check for Unusual or Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-755', + name: 'Improper Handling of Exceptional Conditions', + status: 'Incomplete', + }, + { id: 'CWE-756', name: 'Missing Custom Error Page', status: 'Incomplete' }, + { + id: 'CWE-757', + name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", + status: 'Incomplete', + }, + { + id: 'CWE-758', + name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', + status: 'Incomplete', + }, + { + id: 'CWE-759', + name: 'Use of a One-Way Hash without a Salt', + status: 'Incomplete', + }, + { + id: 'CWE-76', + name: 'Improper Neutralization of Equivalent Special Elements', + status: 'Draft', + }, + { + id: 'CWE-760', + name: 'Use of a One-Way Hash with a Predictable Salt', + status: 'Incomplete', + }, + { + id: 'CWE-761', + name: 'Free of Pointer not at Start of Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-762', + name: 'Mismatched Memory Management Routines', + status: 'Incomplete', + }, + { + id: 'CWE-763', + name: 'Release of Invalid Pointer or Reference', + status: 'Incomplete', + }, + { + id: 'CWE-764', + name: 'Multiple Locks of a Critical Resource', + status: 'Incomplete', + }, + { + id: 'CWE-765', + name: 'Multiple Unlocks of a Critical Resource', + status: 'Incomplete', + }, + { + id: 'CWE-766', + name: 'Critical Variable Declared Public', + status: 'Incomplete', + }, + { + id: 'CWE-767', + name: 'Access to Critical Private Variable via Public Method', + status: 'Incomplete', + }, + { + id: 'CWE-768', + name: 'Incorrect Short Circuit Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-77', + name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", + status: 'Draft', + }, + { + id: 'CWE-770', + name: 'Allocation of Resources Without Limits or Throttling', + status: 'Incomplete', + }, + { + id: 'CWE-771', + name: 'Missing Reference to Active Allocated Resource', + status: 'Incomplete', + }, + { + id: 'CWE-772', + name: 'Missing Release of Resource after Effective Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-773', + name: 'Missing Reference to Active File Descriptor or Handle', + status: 'Incomplete', + }, + { + id: 'CWE-774', + name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', + status: 'Incomplete', + }, + { + id: 'CWE-775', + name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-776', + name: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", + status: 'Draft', + }, + { + id: 'CWE-777', + name: 'Regular Expression without Anchors', + status: 'Incomplete', + }, + { id: 'CWE-778', name: 'Insufficient Logging', status: 'Draft' }, + { id: 'CWE-779', name: 'Logging of Excessive Data', status: 'Draft' }, + { + id: 'CWE-78', + name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", + status: 'Draft', + }, + { + id: 'CWE-780', + name: 'Use of RSA Algorithm without OAEP', + status: 'Incomplete', + }, + { + id: 'CWE-781', + name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', + status: 'Draft', + }, + { + id: 'CWE-782', + name: 'Exposed IOCTL with Insufficient Access Control', + status: 'Draft', + }, + { id: 'CWE-783', name: 'Operator Precedence Logic Error', status: 'Draft' }, + { + id: 'CWE-784', + name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', + status: 'Draft', + }, + { + id: 'CWE-785', + name: 'Use of Path Manipulation Function without Maximum-sized Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-786', + name: 'Access of Memory Location Before Start of Buffer', + status: 'Incomplete', + }, + { id: 'CWE-787', name: 'Out-of-bounds Write', status: 'Incomplete' }, + { + id: 'CWE-788', + name: 'Access of Memory Location After End of Buffer', + status: 'Incomplete', + }, + { id: 'CWE-789', name: 'Uncontrolled Memory Allocation', status: 'Draft' }, + { + id: 'CWE-79', + name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + status: 'Usable', + }, + { + id: 'CWE-790', + name: 'Improper Filtering of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-791', + name: 'Incomplete Filtering of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-792', + name: 'Incomplete Filtering of One or More Instances of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-793', + name: 'Only Filtering One Instance of a Special Element', + status: 'Incomplete', + }, + { + id: 'CWE-794', + name: 'Incomplete Filtering of Multiple Instances of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-795', + name: 'Only Filtering Special Elements at a Specified Location', + status: 'Incomplete', + }, + { + id: 'CWE-796', + name: 'Only Filtering Special Elements Relative to a Marker', + status: 'Incomplete', + }, + { + id: 'CWE-797', + name: 'Only Filtering Special Elements at an Absolute Position', + status: 'Incomplete', + }, + { + id: 'CWE-798', + name: 'Use of Hard-coded Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-799', + name: 'Improper Control of Interaction Frequency', + status: 'Incomplete', + }, + { + id: 'CWE-8', + name: 'J2EE Misconfiguration: Entity Bean Declared Remote', + status: 'Incomplete', + }, + { + id: 'CWE-80', + name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', + status: 'Incomplete', + }, + { id: 'CWE-804', name: 'Guessable CAPTCHA', status: 'Incomplete' }, + { + id: 'CWE-805', + name: 'Buffer Access with Incorrect Length Value', + status: 'Incomplete', + }, + { + id: 'CWE-806', + name: 'Buffer Access Using Size of Source Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-807', + name: 'Reliance on Untrusted Inputs in a Security Decision', + status: 'Incomplete', + }, + { + id: 'CWE-81', + name: 'Improper Neutralization of Script in an Error Message Web Page', + status: 'Incomplete', + }, + { + id: 'CWE-82', + name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', + status: 'Incomplete', + }, + { id: 'CWE-820', name: 'Missing Synchronization', status: 'Incomplete' }, + { id: 'CWE-821', name: 'Incorrect Synchronization', status: 'Incomplete' }, + { + id: 'CWE-822', + name: 'Untrusted Pointer Dereference', + status: 'Incomplete', + }, + { + id: 'CWE-823', + name: 'Use of Out-of-range Pointer Offset', + status: 'Incomplete', + }, + { + id: 'CWE-824', + name: 'Access of Uninitialized Pointer', + status: 'Incomplete', + }, + { + id: 'CWE-825', + name: 'Expired Pointer Dereference', + status: 'Incomplete', + }, + { + id: 'CWE-826', + name: 'Premature Release of Resource During Expected Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-827', + name: 'Improper Control of Document Type Definition', + status: 'Incomplete', + }, + { + id: 'CWE-828', + name: 'Signal Handler with Functionality that is not Asynchronous-Safe', + status: 'Incomplete', + }, + { + id: 'CWE-829', + name: 'Inclusion of Functionality from Untrusted Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-83', + name: 'Improper Neutralization of Script in Attributes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-830', + name: 'Inclusion of Web Functionality from an Untrusted Source', + status: 'Incomplete', + }, + { + id: 'CWE-831', + name: 'Signal Handler Function Associated with Multiple Signals', + status: 'Incomplete', + }, + { + id: 'CWE-832', + name: 'Unlock of a Resource that is not Locked', + status: 'Incomplete', + }, + { id: 'CWE-833', name: 'Deadlock', status: 'Incomplete' }, + { id: 'CWE-834', name: 'Excessive Iteration', status: 'Incomplete' }, + { + id: 'CWE-835', + name: "Loop with Unreachable Exit Condition ('Infinite Loop')", + status: 'Incomplete', + }, + { + id: 'CWE-836', + name: 'Use of Password Hash Instead of Password for Authentication', + status: 'Incomplete', + }, + { + id: 'CWE-837', + name: 'Improper Enforcement of a Single, Unique Action', + status: 'Incomplete', + }, + { + id: 'CWE-838', + name: 'Inappropriate Encoding for Output Context', + status: 'Incomplete', + }, + { + id: 'CWE-839', + name: 'Numeric Range Comparison Without Minimum Check', + status: 'Incomplete', + }, + { + id: 'CWE-84', + name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-841', + name: 'Improper Enforcement of Behavioral Workflow', + status: 'Incomplete', + }, + { + id: 'CWE-842', + name: 'Placement of User into Incorrect Group', + status: 'Incomplete', + }, + { + id: 'CWE-843', + name: "Access of Resource Using Incompatible Type ('Type Confusion')", + status: 'Incomplete', + }, + { + id: 'CWE-85', + name: 'Doubled Character XSS Manipulations', + status: 'Draft', + }, + { + id: 'CWE-86', + name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', + status: 'Draft', + }, + { id: 'CWE-862', name: 'Missing Authorization', status: 'Incomplete' }, + { id: 'CWE-863', name: 'Incorrect Authorization', status: 'Incomplete' }, + { + id: 'CWE-87', + name: 'Improper Neutralization of Alternate XSS Syntax', + status: 'Draft', + }, + { + id: 'CWE-88', + name: 'Argument Injection or Modification', + status: 'Draft', + }, + { + id: 'CWE-89', + name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + status: 'Draft', + }, + { + id: 'CWE-9', + name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', + status: 'Draft', + }, + { + id: 'CWE-90', + name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", + status: 'Draft', + }, + { + id: 'CWE-908', + name: 'Use of Uninitialized Resource', + status: 'Incomplete', + }, + { + id: 'CWE-909', + name: 'Missing Initialization of Resource', + status: 'Incomplete', + }, + { + id: 'CWE-91', + name: 'XML Injection (aka Blind XPath Injection)', + status: 'Draft', + }, + { + id: 'CWE-910', + name: 'Use of Expired File Descriptor', + status: 'Incomplete', + }, + { + id: 'CWE-911', + name: 'Improper Update of Reference Count', + status: 'Incomplete', + }, + { id: 'CWE-912', name: 'Hidden Functionality', status: 'Incomplete' }, + { + id: 'CWE-913', + name: 'Improper Control of Dynamically-Managed Code Resources', + status: 'Incomplete', + }, + { + id: 'CWE-914', + name: 'Improper Control of Dynamically-Identified Variables', + status: 'Incomplete', + }, + { + id: 'CWE-915', + name: 'Improperly Controlled Modification of Dynamically-Determined Object Attributes', + status: 'Incomplete', + }, + { + id: 'CWE-916', + name: 'Use of Password Hash With Insufficient Computational Effort', + status: 'Incomplete', + }, + { + id: 'CWE-917', + name: "Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-918', + name: 'Server-Side Request Forgery (SSRF)', + status: 'Incomplete', + }, + { + id: 'CWE-92', + name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', + status: 'Deprecated', + }, + { + id: 'CWE-920', + name: 'Improper Restriction of Power Consumption', + status: 'Incomplete', + }, + { + id: 'CWE-921', + name: 'Storage of Sensitive Data in a Mechanism without Access Control', + status: 'Incomplete', + }, + { + id: 'CWE-922', + name: 'Insecure Storage of Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-923', + name: 'Improper Authentication of Endpoint in a Communication Channel', + status: 'Incomplete', + }, + { + id: 'CWE-924', + name: 'Improper Enforcement of Message Integrity During Transmission in a Communication Channel', + status: 'Incomplete', + }, + { + id: 'CWE-925', + name: 'Improper Verification of Intent by Broadcast Receiver', + status: 'Incomplete', + }, + { + id: 'CWE-926', + name: 'Improper Restriction of Content Provider Export to Other Applications', + status: 'Incomplete', + }, + { + id: 'CWE-927', + name: 'Use of Implicit Intent for Sensitive Communication', + status: 'Incomplete', + }, + { + id: 'CWE-93', + name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", + status: 'Draft', + }, + { + id: 'CWE-94', + name: "Improper Control of Generation of Code ('Code Injection')", + status: 'Draft', + }, + { + id: 'CWE-95', + name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-96', + name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", + status: 'Draft', + }, + { + id: 'CWE-97', + name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', + status: 'Draft', + }, + { + id: 'CWE-98', + name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", + status: 'Draft', + }, + { + id: 'CWE-99', + name: "Improper Control of Resource Identifiers ('Resource Injection')", + status: 'Draft', + }, + ], +} diff --git a/lib/cwec/2.6.js b/lib/cwec/2.6.js new file mode 100644 index 00000000..360bf28c --- /dev/null +++ b/lib/cwec/2.6.js @@ -0,0 +1,2985 @@ +export default { + weaknesses: [ + { + id: 'CWE-102', + name: 'Struts: Duplicate Validation Forms', + status: 'Incomplete', + }, + { + id: 'CWE-103', + name: 'Struts: Incomplete validate() Method Definition', + status: 'Draft', + }, + { + id: 'CWE-104', + name: 'Struts: Form Bean Does Not Extend Validation Class', + status: 'Draft', + }, + { + id: 'CWE-105', + name: 'Struts: Form Field Without Validator', + status: 'Draft', + }, + { + id: 'CWE-106', + name: 'Struts: Plug-in Framework not in Use', + status: 'Draft', + }, + { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, + { + id: 'CWE-108', + name: 'Struts: Unvalidated Action Form', + status: 'Incomplete', + }, + { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, + { + id: 'CWE-11', + name: 'ASP.NET Misconfiguration: Creating Debug Binary', + status: 'Draft', + }, + { + id: 'CWE-110', + name: 'Struts: Validator Without Form Field', + status: 'Draft', + }, + { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, + { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, + { + id: 'CWE-113', + name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')", + status: 'Incomplete', + }, + { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, + { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, + { + id: 'CWE-116', + name: 'Improper Encoding or Escaping of Output', + status: 'Draft', + }, + { + id: 'CWE-117', + name: 'Improper Output Neutralization for Logs', + status: 'Draft', + }, + { + id: 'CWE-118', + name: "Improper Access of Indexable Resource ('Range Error')", + status: 'Incomplete', + }, + { + id: 'CWE-119', + name: 'Improper Restriction of Operations within the Bounds of a Memory Buffer', + status: 'Usable', + }, + { + id: 'CWE-12', + name: 'ASP.NET Misconfiguration: Missing Custom Error Page', + status: 'Draft', + }, + { + id: 'CWE-120', + name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", + status: 'Incomplete', + }, + { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, + { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, + { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, + { + id: 'CWE-124', + name: "Buffer Underwrite ('Buffer Underflow')", + status: 'Incomplete', + }, + { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, + { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, + { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, + { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, + { + id: 'CWE-129', + name: 'Improper Validation of Array Index', + status: 'Draft', + }, + { + id: 'CWE-13', + name: 'ASP.NET Misconfiguration: Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-130', + name: 'Improper Handling of Length Parameter Inconsistency ', + status: 'Incomplete', + }, + { + id: 'CWE-131', + name: 'Incorrect Calculation of Buffer Size', + status: 'Draft', + }, + { + id: 'CWE-132', + name: 'DEPRECATED (Duplicate): Miscalculated Null Termination', + status: 'Deprecated', + }, + { id: 'CWE-134', name: 'Uncontrolled Format String', status: 'Draft' }, + { + id: 'CWE-135', + name: 'Incorrect Calculation of Multi-Byte String Length', + status: 'Draft', + }, + { + id: 'CWE-138', + name: 'Improper Neutralization of Special Elements', + status: 'Draft', + }, + { + id: 'CWE-14', + name: 'Compiler Removal of Code to Clear Buffers', + status: 'Draft', + }, + { + id: 'CWE-140', + name: 'Improper Neutralization of Delimiters', + status: 'Draft', + }, + { + id: 'CWE-141', + name: 'Improper Neutralization of Parameter/Argument Delimiters', + status: 'Draft', + }, + { + id: 'CWE-142', + name: 'Improper Neutralization of Value Delimiters', + status: 'Draft', + }, + { + id: 'CWE-143', + name: 'Improper Neutralization of Record Delimiters', + status: 'Draft', + }, + { + id: 'CWE-144', + name: 'Improper Neutralization of Line Delimiters', + status: 'Draft', + }, + { + id: 'CWE-145', + name: 'Improper Neutralization of Section Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-146', + name: 'Improper Neutralization of Expression/Command Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-147', + name: 'Improper Neutralization of Input Terminators', + status: 'Draft', + }, + { + id: 'CWE-148', + name: 'Improper Neutralization of Input Leaders', + status: 'Draft', + }, + { + id: 'CWE-149', + name: 'Improper Neutralization of Quoting Syntax', + status: 'Draft', + }, + { + id: 'CWE-15', + name: 'External Control of System or Configuration Setting', + status: 'Incomplete', + }, + { + id: 'CWE-150', + name: 'Improper Neutralization of Escape, Meta, or Control Sequences', + status: 'Incomplete', + }, + { + id: 'CWE-151', + name: 'Improper Neutralization of Comment Delimiters', + status: 'Draft', + }, + { + id: 'CWE-152', + name: 'Improper Neutralization of Macro Symbols', + status: 'Draft', + }, + { + id: 'CWE-153', + name: 'Improper Neutralization of Substitution Characters', + status: 'Draft', + }, + { + id: 'CWE-154', + name: 'Improper Neutralization of Variable Name Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-155', + name: 'Improper Neutralization of Wildcards or Matching Symbols', + status: 'Draft', + }, + { + id: 'CWE-156', + name: 'Improper Neutralization of Whitespace', + status: 'Draft', + }, + { + id: 'CWE-157', + name: 'Failure to Sanitize Paired Delimiters', + status: 'Draft', + }, + { + id: 'CWE-158', + name: 'Improper Neutralization of Null Byte or NUL Character', + status: 'Incomplete', + }, + { + id: 'CWE-159', + name: 'Failure to Sanitize Special Element', + status: 'Draft', + }, + { + id: 'CWE-160', + name: 'Improper Neutralization of Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-161', + name: 'Improper Neutralization of Multiple Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-162', + name: 'Improper Neutralization of Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-163', + name: 'Improper Neutralization of Multiple Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-164', + name: 'Improper Neutralization of Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-165', + name: 'Improper Neutralization of Multiple Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-166', + name: 'Improper Handling of Missing Special Element', + status: 'Draft', + }, + { + id: 'CWE-167', + name: 'Improper Handling of Additional Special Element', + status: 'Draft', + }, + { + id: 'CWE-168', + name: 'Improper Handling of Inconsistent Special Elements', + status: 'Draft', + }, + { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, + { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, + { + id: 'CWE-173', + name: 'Improper Handling of Alternate Encoding', + status: 'Draft', + }, + { + id: 'CWE-174', + name: 'Double Decoding of the Same Data', + status: 'Draft', + }, + { + id: 'CWE-175', + name: 'Improper Handling of Mixed Encoding', + status: 'Draft', + }, + { + id: 'CWE-176', + name: 'Improper Handling of Unicode Encoding', + status: 'Draft', + }, + { + id: 'CWE-177', + name: 'Improper Handling of URL Encoding (Hex Encoding)', + status: 'Draft', + }, + { + id: 'CWE-178', + name: 'Improper Handling of Case Sensitivity', + status: 'Incomplete', + }, + { + id: 'CWE-179', + name: 'Incorrect Behavior Order: Early Validation', + status: 'Incomplete', + }, + { + id: 'CWE-180', + name: 'Incorrect Behavior Order: Validate Before Canonicalize', + status: 'Draft', + }, + { + id: 'CWE-181', + name: 'Incorrect Behavior Order: Validate Before Filter', + status: 'Draft', + }, + { + id: 'CWE-182', + name: 'Collapse of Data into Unsafe Value', + status: 'Draft', + }, + { id: 'CWE-183', name: 'Permissive Whitelist', status: 'Draft' }, + { id: 'CWE-184', name: 'Incomplete Blacklist', status: 'Draft' }, + { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, + { + id: 'CWE-186', + name: 'Overly Restrictive Regular Expression', + status: 'Draft', + }, + { id: 'CWE-187', name: 'Partial Comparison', status: 'Incomplete' }, + { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, + { + id: 'CWE-190', + name: 'Integer Overflow or Wraparound', + status: 'Incomplete', + }, + { + id: 'CWE-191', + name: 'Integer Underflow (Wrap or Wraparound)', + status: 'Draft', + }, + { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, + { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, + { + id: 'CWE-195', + name: 'Signed to Unsigned Conversion Error', + status: 'Draft', + }, + { + id: 'CWE-196', + name: 'Unsigned to Signed Conversion Error', + status: 'Draft', + }, + { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, + { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, + { id: 'CWE-20', name: 'Improper Input Validation', status: 'Usable' }, + { id: 'CWE-200', name: 'Information Exposure', status: 'Incomplete' }, + { + id: 'CWE-201', + name: 'Information Exposure Through Sent Data', + status: 'Draft', + }, + { + id: 'CWE-202', + name: 'Exposure of Sensitive Data Through Data Queries', + status: 'Draft', + }, + { + id: 'CWE-203', + name: 'Information Exposure Through Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-204', + name: 'Response Discrepancy Information Exposure', + status: 'Incomplete', + }, + { + id: 'CWE-205', + name: 'Information Exposure Through Behavioral Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-206', + name: 'Information Exposure of Internal State Through Behavioral Inconsistency', + status: 'Incomplete', + }, + { + id: 'CWE-207', + name: 'Information Exposure Through an External Behavioral Inconsistency', + status: 'Draft', + }, + { + id: 'CWE-208', + name: 'Information Exposure Through Timing Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-209', + name: 'Information Exposure Through an Error Message', + status: 'Draft', + }, + { + id: 'CWE-210', + name: 'Information Exposure Through Self-generated Error Message', + status: 'Draft', + }, + { + id: 'CWE-211', + name: 'Information Exposure Through Externally-generated Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-212', + name: 'Improper Cross-boundary Removal of Sensitive Data', + status: 'Incomplete', + }, + { + id: 'CWE-213', + name: 'Intentional Information Exposure', + status: 'Draft', + }, + { + id: 'CWE-214', + name: 'Information Exposure Through Process Environment', + status: 'Incomplete', + }, + { + id: 'CWE-215', + name: 'Information Exposure Through Debug Information', + status: 'Draft', + }, + { + id: 'CWE-216', + name: 'Containment Errors (Container Errors)', + status: 'Incomplete', + }, + { + id: 'CWE-217', + name: 'DEPRECATED: Failure to Protect Stored Data from Modification', + status: 'Deprecated', + }, + { + id: 'CWE-218', + name: 'DEPRECATED (Duplicate): Failure to provide confidentiality for stored data', + status: 'Deprecated', + }, + { id: 'CWE-219', name: 'Sensitive Data Under Web Root', status: 'Draft' }, + { + id: 'CWE-22', + name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + status: 'Draft', + }, + { id: 'CWE-220', name: 'Sensitive Data Under FTP Root', status: 'Draft' }, + { + id: 'CWE-221', + name: 'Information Loss or Omission', + status: 'Incomplete', + }, + { + id: 'CWE-222', + name: 'Truncation of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-223', + name: 'Omission of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-224', + name: 'Obscured Security-relevant Information by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-225', + name: 'DEPRECATED (Duplicate): General Information Management Problems', + status: 'Deprecated', + }, + { + id: 'CWE-226', + name: 'Sensitive Information Uncleared Before Release', + status: 'Draft', + }, + { + id: 'CWE-227', + name: "Improper Fulfillment of API Contract ('API Abuse')", + status: 'Draft', + }, + { + id: 'CWE-228', + name: 'Improper Handling of Syntactically Invalid Structure', + status: 'Incomplete', + }, + { + id: 'CWE-229', + name: 'Improper Handling of Values', + status: 'Incomplete', + }, + { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, + { + id: 'CWE-230', + name: 'Improper Handling of Missing Values', + status: 'Draft', + }, + { + id: 'CWE-231', + name: 'Improper Handling of Extra Values', + status: 'Draft', + }, + { + id: 'CWE-232', + name: 'Improper Handling of Undefined Values', + status: 'Draft', + }, + { + id: 'CWE-233', + name: 'Improper Handling of Parameters', + status: 'Incomplete', + }, + { + id: 'CWE-234', + name: 'Failure to Handle Missing Parameter', + status: 'Incomplete', + }, + { + id: 'CWE-235', + name: 'Improper Handling of Extra Parameters', + status: 'Draft', + }, + { + id: 'CWE-236', + name: 'Improper Handling of Undefined Parameters', + status: 'Draft', + }, + { + id: 'CWE-237', + name: 'Improper Handling of Structural Elements', + status: 'Incomplete', + }, + { + id: 'CWE-238', + name: 'Improper Handling of Incomplete Structural Elements', + status: 'Draft', + }, + { + id: 'CWE-239', + name: 'Failure to Handle Incomplete Element', + status: 'Draft', + }, + { + id: 'CWE-24', + name: "Path Traversal: '../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-240', + name: 'Improper Handling of Inconsistent Structural Elements', + status: 'Draft', + }, + { + id: 'CWE-241', + name: 'Improper Handling of Unexpected Data Type', + status: 'Draft', + }, + { + id: 'CWE-242', + name: 'Use of Inherently Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-243', + name: 'Creation of chroot Jail Without Changing Working Directory', + status: 'Draft', + }, + { + id: 'CWE-244', + name: "Improper Clearing of Heap Memory Before Release ('Heap Inspection')", + status: 'Draft', + }, + { + id: 'CWE-245', + name: 'J2EE Bad Practices: Direct Management of Connections', + status: 'Draft', + }, + { + id: 'CWE-246', + name: 'J2EE Bad Practices: Direct Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-247', + name: 'DEPRECATED (Duplicate): Reliance on DNS Lookups in a Security Decision', + status: 'Deprecated', + }, + { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, + { + id: 'CWE-249', + name: 'DEPRECATED: Often Misused: Path Manipulation', + status: 'Deprecated', + }, + { + id: 'CWE-25', + name: "Path Traversal: '/../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-250', + name: 'Execution with Unnecessary Privileges', + status: 'Draft', + }, + { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, + { + id: 'CWE-253', + name: 'Incorrect Check of Function Return Value', + status: 'Incomplete', + }, + { + id: 'CWE-256', + name: 'Plaintext Storage of a Password', + status: 'Incomplete', + }, + { + id: 'CWE-257', + name: 'Storing Passwords in a Recoverable Format', + status: 'Incomplete', + }, + { + id: 'CWE-258', + name: 'Empty Password in Configuration File', + status: 'Incomplete', + }, + { id: 'CWE-259', name: 'Use of Hard-coded Password', status: 'Draft' }, + { + id: 'CWE-26', + name: "Path Traversal: '/dir/../filename'", + status: 'Draft', + }, + { + id: 'CWE-260', + name: 'Password in Configuration File', + status: 'Incomplete', + }, + { + id: 'CWE-261', + name: 'Weak Cryptography for Passwords', + status: 'Incomplete', + }, + { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, + { + id: 'CWE-263', + name: 'Password Aging with Long Expiration', + status: 'Draft', + }, + { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, + { + id: 'CWE-267', + name: 'Privilege Defined With Unsafe Actions', + status: 'Incomplete', + }, + { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, + { + id: 'CWE-269', + name: 'Improper Privilege Management', + status: 'Incomplete', + }, + { + id: 'CWE-27', + name: "Path Traversal: 'dir/../../filename'", + status: 'Draft', + }, + { + id: 'CWE-270', + name: 'Privilege Context Switching Error', + status: 'Draft', + }, + { + id: 'CWE-271', + name: 'Privilege Dropping / Lowering Errors', + status: 'Incomplete', + }, + { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, + { + id: 'CWE-273', + name: 'Improper Check for Dropped Privileges', + status: 'Incomplete', + }, + { + id: 'CWE-274', + name: 'Improper Handling of Insufficient Privileges', + status: 'Draft', + }, + { id: 'CWE-276', name: 'Incorrect Default Permissions', status: 'Draft' }, + { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, + { + id: 'CWE-278', + name: 'Insecure Preserved Inherited Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-279', + name: 'Incorrect Execution-Assigned Permissions', + status: 'Draft', + }, + { + id: 'CWE-28', + name: "Path Traversal: '..\\filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-280', + name: 'Improper Handling of Insufficient Permissions or Privileges ', + status: 'Draft', + }, + { + id: 'CWE-281', + name: 'Improper Preservation of Permissions', + status: 'Draft', + }, + { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, + { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, + { id: 'CWE-284', name: 'Improper Access Control', status: 'Incomplete' }, + { id: 'CWE-285', name: 'Improper Authorization', status: 'Draft' }, + { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, + { id: 'CWE-287', name: 'Improper Authentication', status: 'Draft' }, + { + id: 'CWE-288', + name: 'Authentication Bypass Using an Alternate Path or Channel', + status: 'Incomplete', + }, + { + id: 'CWE-289', + name: 'Authentication Bypass by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-29', + name: "Path Traversal: '\\..\\filename'", + status: 'Incomplete', + }, + { + id: 'CWE-290', + name: 'Authentication Bypass by Spoofing', + status: 'Incomplete', + }, + { + id: 'CWE-291', + name: 'Reliance on IP Address for Authentication', + status: 'Incomplete', + }, + { + id: 'CWE-292', + name: 'DEPRECATED (Duplicate): Trusting Self-reported DNS Name', + status: 'Deprecated', + }, + { + id: 'CWE-293', + name: 'Using Referer Field for Authentication', + status: 'Draft', + }, + { + id: 'CWE-294', + name: 'Authentication Bypass by Capture-replay', + status: 'Incomplete', + }, + { + id: 'CWE-295', + name: 'Improper Certificate Validation', + status: 'Incomplete', + }, + { + id: 'CWE-296', + name: "Improper Following of a Certificate's Chain of Trust", + status: 'Draft', + }, + { + id: 'CWE-297', + name: 'Improper Validation of Certificate with Host Mismatch', + status: 'Incomplete', + }, + { + id: 'CWE-298', + name: 'Improper Validation of Certificate Expiration', + status: 'Draft', + }, + { + id: 'CWE-299', + name: 'Improper Check for Certificate Revocation', + status: 'Draft', + }, + { + id: 'CWE-30', + name: "Path Traversal: '\\dir\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-300', + name: "Channel Accessible by Non-Endpoint ('Man-in-the-Middle')", + status: 'Draft', + }, + { + id: 'CWE-301', + name: 'Reflection Attack in an Authentication Protocol', + status: 'Draft', + }, + { + id: 'CWE-302', + name: 'Authentication Bypass by Assumed-Immutable Data', + status: 'Incomplete', + }, + { + id: 'CWE-303', + name: 'Incorrect Implementation of Authentication Algorithm', + status: 'Draft', + }, + { + id: 'CWE-304', + name: 'Missing Critical Step in Authentication', + status: 'Draft', + }, + { + id: 'CWE-305', + name: 'Authentication Bypass by Primary Weakness', + status: 'Draft', + }, + { + id: 'CWE-306', + name: 'Missing Authentication for Critical Function', + status: 'Draft', + }, + { + id: 'CWE-307', + name: 'Improper Restriction of Excessive Authentication Attempts', + status: 'Draft', + }, + { + id: 'CWE-308', + name: 'Use of Single-factor Authentication', + status: 'Draft', + }, + { + id: 'CWE-309', + name: 'Use of Password System for Primary Authentication', + status: 'Draft', + }, + { + id: 'CWE-31', + name: "Path Traversal: 'dir\\..\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-311', + name: 'Missing Encryption of Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-312', + name: 'Cleartext Storage of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-313', + name: 'Cleartext Storage in a File or on Disk', + status: 'Draft', + }, + { + id: 'CWE-314', + name: 'Cleartext Storage in the Registry', + status: 'Draft', + }, + { + id: 'CWE-315', + name: 'Cleartext Storage of Sensitive Information in a Cookie', + status: 'Draft', + }, + { + id: 'CWE-316', + name: 'Cleartext Storage of Sensitive Information in Memory', + status: 'Draft', + }, + { + id: 'CWE-317', + name: 'Cleartext Storage of Sensitive Information in GUI', + status: 'Draft', + }, + { + id: 'CWE-318', + name: 'Cleartext Storage of Sensitive Information in Executable', + status: 'Draft', + }, + { + id: 'CWE-319', + name: 'Cleartext Transmission of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-32', + name: "Path Traversal: '...' (Triple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-321', + name: 'Use of Hard-coded Cryptographic Key', + status: 'Draft', + }, + { + id: 'CWE-322', + name: 'Key Exchange without Entity Authentication', + status: 'Draft', + }, + { + id: 'CWE-323', + name: 'Reusing a Nonce, Key Pair in Encryption', + status: 'Incomplete', + }, + { + id: 'CWE-324', + name: 'Use of a Key Past its Expiration Date', + status: 'Draft', + }, + { + id: 'CWE-325', + name: 'Missing Required Cryptographic Step', + status: 'Incomplete', + }, + { id: 'CWE-326', name: 'Inadequate Encryption Strength', status: 'Draft' }, + { + id: 'CWE-327', + name: 'Use of a Broken or Risky Cryptographic Algorithm', + status: 'Draft', + }, + { id: 'CWE-328', name: 'Reversible One-Way Hash', status: 'Draft' }, + { + id: 'CWE-329', + name: 'Not Using a Random IV with CBC Mode', + status: 'Draft', + }, + { + id: 'CWE-33', + name: "Path Traversal: '....' (Multiple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-330', + name: 'Use of Insufficiently Random Values', + status: 'Usable', + }, + { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, + { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, + { + id: 'CWE-333', + name: 'Improper Handling of Insufficient Entropy in TRNG', + status: 'Draft', + }, + { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, + { id: 'CWE-335', name: 'PRNG Seed Error', status: 'Draft' }, + { id: 'CWE-336', name: 'Same Seed in PRNG', status: 'Draft' }, + { id: 'CWE-337', name: 'Predictable Seed in PRNG', status: 'Draft' }, + { + id: 'CWE-338', + name: 'Use of Cryptographically Weak PRNG', + status: 'Draft', + }, + { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, + { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, + { id: 'CWE-340', name: 'Predictability Problems', status: 'Incomplete' }, + { + id: 'CWE-341', + name: 'Predictable from Observable State', + status: 'Draft', + }, + { + id: 'CWE-342', + name: 'Predictable Exact Value from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-343', + name: 'Predictable Value Range from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-344', + name: 'Use of Invariant Value in Dynamically Changing Context', + status: 'Draft', + }, + { + id: 'CWE-345', + name: 'Insufficient Verification of Data Authenticity', + status: 'Draft', + }, + { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, + { + id: 'CWE-347', + name: 'Improper Verification of Cryptographic Signature', + status: 'Draft', + }, + { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, + { + id: 'CWE-349', + name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', + status: 'Draft', + }, + { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, + { + id: 'CWE-350', + name: 'Reliance on Reverse DNS Resolution for a Security-Critical Action', + status: 'Draft', + }, + { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, + { + id: 'CWE-353', + name: 'Missing Support for Integrity Check', + status: 'Draft', + }, + { + id: 'CWE-354', + name: 'Improper Validation of Integrity Check Value', + status: 'Draft', + }, + { + id: 'CWE-356', + name: 'Product UI does not Warn User of Unsafe Actions', + status: 'Incomplete', + }, + { + id: 'CWE-357', + name: 'Insufficient UI Warning of Dangerous Operations', + status: 'Draft', + }, + { + id: 'CWE-358', + name: 'Improperly Implemented Security Check for Standard', + status: 'Draft', + }, + { + id: 'CWE-359', + name: "Exposure of Private Information ('Privacy Violation')", + status: 'Incomplete', + }, + { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, + { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, + { + id: 'CWE-362', + name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", + status: 'Draft', + }, + { + id: 'CWE-363', + name: 'Race Condition Enabling Link Following', + status: 'Draft', + }, + { + id: 'CWE-364', + name: 'Signal Handler Race Condition', + status: 'Incomplete', + }, + { id: 'CWE-365', name: 'Race Condition in Switch', status: 'Draft' }, + { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, + { + id: 'CWE-367', + name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', + status: 'Incomplete', + }, + { + id: 'CWE-368', + name: 'Context Switching Race Condition', + status: 'Draft', + }, + { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, + { + id: 'CWE-37', + name: "Path Traversal: '/absolute/pathname/here'", + status: 'Draft', + }, + { + id: 'CWE-370', + name: 'Missing Check for Certificate Revocation after Initial Check', + status: 'Draft', + }, + { + id: 'CWE-372', + name: 'Incomplete Internal State Distinction', + status: 'Draft', + }, + { + id: 'CWE-373', + name: 'DEPRECATED: State Synchronization Error', + status: 'Deprecated', + }, + { + id: 'CWE-374', + name: 'Passing Mutable Objects to an Untrusted Method', + status: 'Draft', + }, + { + id: 'CWE-375', + name: 'Returning a Mutable Object to an Untrusted Caller', + status: 'Draft', + }, + { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, + { + id: 'CWE-378', + name: 'Creation of Temporary File With Insecure Permissions', + status: 'Draft', + }, + { + id: 'CWE-379', + name: 'Creation of Temporary File in Directory with Incorrect Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-38', + name: "Path Traversal: '\\absolute\\pathname\\here'", + status: 'Draft', + }, + { + id: 'CWE-382', + name: 'J2EE Bad Practices: Use of System.exit()', + status: 'Draft', + }, + { + id: 'CWE-383', + name: 'J2EE Bad Practices: Direct Use of Threads', + status: 'Draft', + }, + { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, + { + id: 'CWE-386', + name: 'Symbolic Name not Mapping to Correct Object', + status: 'Draft', + }, + { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, + { + id: 'CWE-390', + name: 'Detection of Error Condition Without Action', + status: 'Draft', + }, + { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, + { + id: 'CWE-392', + name: 'Missing Report of Error Condition', + status: 'Draft', + }, + { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, + { + id: 'CWE-394', + name: 'Unexpected Status Code or Return Value', + status: 'Draft', + }, + { + id: 'CWE-395', + name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', + status: 'Draft', + }, + { + id: 'CWE-396', + name: 'Declaration of Catch for Generic Exception', + status: 'Draft', + }, + { + id: 'CWE-397', + name: 'Declaration of Throws for Generic Exception', + status: 'Draft', + }, + { id: 'CWE-398', name: 'Indicator of Poor Code Quality', status: 'Draft' }, + { + id: 'CWE-40', + name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", + status: 'Draft', + }, + { + id: 'CWE-400', + name: "Uncontrolled Resource Consumption ('Resource Exhaustion')", + status: 'Incomplete', + }, + { + id: 'CWE-401', + name: "Improper Release of Memory Before Removing Last Reference ('Memory Leak')", + status: 'Draft', + }, + { + id: 'CWE-402', + name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", + status: 'Draft', + }, + { + id: 'CWE-403', + name: "Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')", + status: 'Draft', + }, + { + id: 'CWE-404', + name: 'Improper Resource Shutdown or Release', + status: 'Draft', + }, + { + id: 'CWE-405', + name: 'Asymmetric Resource Consumption (Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-406', + name: 'Insufficient Control of Network Message Volume (Network Amplification)', + status: 'Incomplete', + }, + { id: 'CWE-407', name: 'Algorithmic Complexity', status: 'Incomplete' }, + { + id: 'CWE-408', + name: 'Incorrect Behavior Order: Early Amplification', + status: 'Draft', + }, + { + id: 'CWE-409', + name: 'Improper Handling of Highly Compressed Data (Data Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-41', + name: 'Improper Resolution of Path Equivalence', + status: 'Incomplete', + }, + { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, + { + id: 'CWE-412', + name: 'Unrestricted Externally Accessible Lock', + status: 'Incomplete', + }, + { id: 'CWE-413', name: 'Improper Resource Locking', status: 'Draft' }, + { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, + { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, + { id: 'CWE-416', name: 'Use After Free', status: 'Draft' }, + { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, + { + id: 'CWE-42', + name: "Path Equivalence: 'filename.' (Trailing Dot)", + status: 'Incomplete', + }, + { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, + { + id: 'CWE-421', + name: 'Race Condition During Access to Alternate Channel', + status: 'Draft', + }, + { + id: 'CWE-422', + name: "Unprotected Windows Messaging Channel ('Shatter')", + status: 'Draft', + }, + { + id: 'CWE-423', + name: 'DEPRECATED (Duplicate): Proxied Trusted Channel', + status: 'Deprecated', + }, + { + id: 'CWE-424', + name: 'Improper Protection of Alternate Path', + status: 'Draft', + }, + { + id: 'CWE-425', + name: "Direct Request ('Forced Browsing')", + status: 'Incomplete', + }, + { + id: 'CWE-427', + name: 'Uncontrolled Search Path Element', + status: 'Draft', + }, + { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, + { + id: 'CWE-43', + name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-430', + name: 'Deployment of Wrong Handler', + status: 'Incomplete', + }, + { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, + { + id: 'CWE-432', + name: 'Dangerous Signal Handler not Disabled During Sensitive Operations', + status: 'Draft', + }, + { + id: 'CWE-433', + name: 'Unparsed Raw Web Content Delivery', + status: 'Incomplete', + }, + { + id: 'CWE-434', + name: 'Unrestricted Upload of File with Dangerous Type', + status: 'Draft', + }, + { id: 'CWE-435', name: 'Interaction Error', status: 'Draft' }, + { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, + { + id: 'CWE-437', + name: 'Incomplete Model of Endpoint Features', + status: 'Incomplete', + }, + { + id: 'CWE-439', + name: 'Behavioral Change in New Version or Environment', + status: 'Draft', + }, + { + id: 'CWE-44', + name: "Path Equivalence: 'file.name' (Internal Dot)", + status: 'Incomplete', + }, + { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, + { + id: 'CWE-441', + name: "Unintended Proxy or Intermediary ('Confused Deputy')", + status: 'Draft', + }, + { + id: 'CWE-443', + name: 'DEPRECATED (Duplicate): HTTP response splitting', + status: 'Deprecated', + }, + { + id: 'CWE-444', + name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')", + status: 'Incomplete', + }, + { + id: 'CWE-446', + name: 'UI Discrepancy for Security Feature', + status: 'Incomplete', + }, + { + id: 'CWE-447', + name: 'Unimplemented or Unsupported Feature in UI', + status: 'Draft', + }, + { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, + { + id: 'CWE-449', + name: 'The UI Performs the Wrong Action', + status: 'Incomplete', + }, + { + id: 'CWE-45', + name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-450', + name: 'Multiple Interpretations of UI Input', + status: 'Draft', + }, + { + id: 'CWE-451', + name: 'User Interface (UI) Misrepresentation of Critical Information', + status: 'Draft', + }, + { + id: 'CWE-453', + name: 'Insecure Default Variable Initialization', + status: 'Draft', + }, + { + id: 'CWE-454', + name: 'External Initialization of Trusted Variables or Data Stores', + status: 'Draft', + }, + { + id: 'CWE-455', + name: 'Non-exit on Failed Initialization', + status: 'Draft', + }, + { + id: 'CWE-456', + name: 'Missing Initialization of a Variable', + status: 'Draft', + }, + { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, + { + id: 'CWE-458', + name: 'DEPRECATED: Incorrect Initialization', + status: 'Deprecated', + }, + { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, + { + id: 'CWE-46', + name: "Path Equivalence: 'filename ' (Trailing Space)", + status: 'Incomplete', + }, + { + id: 'CWE-460', + name: 'Improper Cleanup on Thrown Exception', + status: 'Draft', + }, + { + id: 'CWE-462', + name: 'Duplicate Key in Associative List (Alist)', + status: 'Incomplete', + }, + { + id: 'CWE-463', + name: 'Deletion of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-464', + name: 'Addition of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-466', + name: 'Return of Pointer Value Outside of Expected Range', + status: 'Draft', + }, + { + id: 'CWE-467', + name: 'Use of sizeof() on a Pointer Type', + status: 'Draft', + }, + { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, + { + id: 'CWE-469', + name: 'Use of Pointer Subtraction to Determine Size', + status: 'Draft', + }, + { + id: 'CWE-47', + name: "Path Equivalence: ' filename' (Leading Space)", + status: 'Incomplete', + }, + { + id: 'CWE-470', + name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", + status: 'Draft', + }, + { + id: 'CWE-471', + name: 'Modification of Assumed-Immutable Data (MAID)', + status: 'Draft', + }, + { + id: 'CWE-472', + name: 'External Control of Assumed-Immutable Web Parameter', + status: 'Draft', + }, + { + id: 'CWE-473', + name: 'PHP External Variable Modification', + status: 'Draft', + }, + { + id: 'CWE-474', + name: 'Use of Function with Inconsistent Implementations', + status: 'Draft', + }, + { + id: 'CWE-475', + name: 'Undefined Behavior for Input to API', + status: 'Incomplete', + }, + { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Draft' }, + { id: 'CWE-477', name: 'Use of Obsolete Functions', status: 'Draft' }, + { + id: 'CWE-478', + name: 'Missing Default Case in Switch Statement', + status: 'Draft', + }, + { + id: 'CWE-479', + name: 'Signal Handler Use of a Non-reentrant Function', + status: 'Draft', + }, + { + id: 'CWE-48', + name: "Path Equivalence: 'file name' (Internal Whitespace)", + status: 'Incomplete', + }, + { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, + { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, + { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, + { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, + { + id: 'CWE-484', + name: 'Omitted Break Statement in Switch', + status: 'Draft', + }, + { id: 'CWE-485', name: 'Insufficient Encapsulation', status: 'Draft' }, + { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, + { + id: 'CWE-487', + name: 'Reliance on Package-level Scope', + status: 'Incomplete', + }, + { + id: 'CWE-488', + name: 'Exposure of Data Element to Wrong Session', + status: 'Draft', + }, + { id: 'CWE-489', name: 'Leftover Debug Code', status: 'Draft' }, + { + id: 'CWE-49', + name: "Path Equivalence: 'filename/' (Trailing Slash)", + status: 'Incomplete', + }, + { + id: 'CWE-491', + name: "Public cloneable() Method Without Final ('Object Hijack')", + status: 'Draft', + }, + { + id: 'CWE-492', + name: 'Use of Inner Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-493', + name: 'Critical Public Variable Without Final Modifier', + status: 'Draft', + }, + { + id: 'CWE-494', + name: 'Download of Code Without Integrity Check', + status: 'Draft', + }, + { + id: 'CWE-495', + name: 'Private Array-Typed Field Returned From A Public Method', + status: 'Draft', + }, + { + id: 'CWE-496', + name: 'Public Data Assigned to Private Array-Typed Field', + status: 'Incomplete', + }, + { + id: 'CWE-497', + name: 'Exposure of System Data to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-498', + name: 'Cloneable Class Containing Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-499', + name: 'Serializable Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-5', + name: 'J2EE Misconfiguration: Data Transmission Without Encryption', + status: 'Draft', + }, + { + id: 'CWE-50', + name: "Path Equivalence: '//multiple/leading/slash'", + status: 'Incomplete', + }, + { + id: 'CWE-500', + name: 'Public Static Field Not Marked Final', + status: 'Draft', + }, + { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, + { + id: 'CWE-502', + name: 'Deserialization of Untrusted Data', + status: 'Draft', + }, + { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, + { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, + { + id: 'CWE-508', + name: 'Non-Replicating Malicious Code', + status: 'Incomplete', + }, + { + id: 'CWE-509', + name: 'Replicating Malicious Code (Virus or Worm)', + status: 'Incomplete', + }, + { + id: 'CWE-51', + name: "Path Equivalence: '/multiple//internal/slash'", + status: 'Incomplete', + }, + { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, + { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, + { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, + { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, + { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, + { + id: 'CWE-516', + name: 'DEPRECATED (Duplicate): Covert Timing Channel', + status: 'Deprecated', + }, + { + id: 'CWE-52', + name: "Path Equivalence: '/multiple/trailing/slash//'", + status: 'Incomplete', + }, + { + id: 'CWE-520', + name: '.NET Misconfiguration: Use of Impersonation', + status: 'Incomplete', + }, + { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, + { + id: 'CWE-522', + name: 'Insufficiently Protected Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-523', + name: 'Unprotected Transport of Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-524', + name: 'Information Exposure Through Caching', + status: 'Incomplete', + }, + { + id: 'CWE-525', + name: 'Information Exposure Through Browser Caching', + status: 'Incomplete', + }, + { + id: 'CWE-526', + name: 'Information Exposure Through Environmental Variables', + status: 'Incomplete', + }, + { + id: 'CWE-527', + name: 'Exposure of CVS Repository to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-528', + name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', + status: 'Draft', + }, + { + id: 'CWE-529', + name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-53', + name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", + status: 'Incomplete', + }, + { + id: 'CWE-530', + name: 'Exposure of Backup File to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-531', + name: 'Information Exposure Through Test Code', + status: 'Incomplete', + }, + { + id: 'CWE-532', + name: 'Information Exposure Through Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-533', + name: 'Information Exposure Through Server Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-534', + name: 'Information Exposure Through Debug Log Files', + status: 'Draft', + }, + { + id: 'CWE-535', + name: 'Information Exposure Through Shell Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-536', + name: 'Information Exposure Through Servlet Runtime Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-537', + name: 'Information Exposure Through Java Runtime Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-538', + name: 'File and Directory Information Exposure', + status: 'Draft', + }, + { + id: 'CWE-539', + name: 'Information Exposure Through Persistent Cookies', + status: 'Incomplete', + }, + { + id: 'CWE-54', + name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", + status: 'Incomplete', + }, + { + id: 'CWE-540', + name: 'Information Exposure Through Source Code', + status: 'Incomplete', + }, + { + id: 'CWE-541', + name: 'Information Exposure Through Include Source Code', + status: 'Incomplete', + }, + { + id: 'CWE-542', + name: 'Information Exposure Through Cleanup Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-543', + name: 'Use of Singleton Pattern Without Synchronization in a Multithreaded Context', + status: 'Incomplete', + }, + { + id: 'CWE-544', + name: 'Missing Standardized Error Handling Mechanism', + status: 'Draft', + }, + { + id: 'CWE-545', + name: 'Use of Dynamic Class Loading', + status: 'Incomplete', + }, + { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, + { + id: 'CWE-547', + name: 'Use of Hard-coded, Security-relevant Constants', + status: 'Draft', + }, + { + id: 'CWE-548', + name: 'Information Exposure Through Directory Listing', + status: 'Draft', + }, + { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, + { + id: 'CWE-55', + name: "Path Equivalence: '/./' (Single Dot Directory)", + status: 'Incomplete', + }, + { + id: 'CWE-550', + name: 'Information Exposure Through Server Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-551', + name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', + status: 'Incomplete', + }, + { + id: 'CWE-552', + name: 'Files or Directories Accessible to External Parties', + status: 'Draft', + }, + { + id: 'CWE-553', + name: 'Command Shell in Externally Accessible Directory', + status: 'Incomplete', + }, + { + id: 'CWE-554', + name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', + status: 'Draft', + }, + { + id: 'CWE-555', + name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-556', + name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', + status: 'Incomplete', + }, + { + id: 'CWE-558', + name: 'Use of getlogin() in Multithreaded Application', + status: 'Draft', + }, + { + id: 'CWE-56', + name: "Path Equivalence: 'filedir*' (Wildcard)", + status: 'Incomplete', + }, + { + id: 'CWE-560', + name: 'Use of umask() with chmod-style Argument', + status: 'Draft', + }, + { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, + { + id: 'CWE-562', + name: 'Return of Stack Variable Address', + status: 'Draft', + }, + { id: 'CWE-563', name: 'Unused Variable', status: 'Draft' }, + { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, + { + id: 'CWE-565', + name: 'Reliance on Cookies without Validation and Integrity Checking', + status: 'Incomplete', + }, + { + id: 'CWE-566', + name: 'Authorization Bypass Through User-Controlled SQL Primary Key', + status: 'Incomplete', + }, + { + id: 'CWE-567', + name: 'Unsynchronized Access to Shared Data in a Multithreaded Context', + status: 'Draft', + }, + { + id: 'CWE-568', + name: 'finalize() Method Without super.finalize()', + status: 'Draft', + }, + { + id: 'CWE-57', + name: "Path Equivalence: 'fakedir/../realdir/filename'", + status: 'Incomplete', + }, + { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, + { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, + { + id: 'CWE-572', + name: 'Call to Thread run() instead of start()', + status: 'Draft', + }, + { + id: 'CWE-573', + name: 'Improper Following of Specification by Caller', + status: 'Draft', + }, + { + id: 'CWE-574', + name: 'EJB Bad Practices: Use of Synchronization Primitives', + status: 'Draft', + }, + { + id: 'CWE-575', + name: 'EJB Bad Practices: Use of AWT Swing', + status: 'Draft', + }, + { + id: 'CWE-576', + name: 'EJB Bad Practices: Use of Java I/O', + status: 'Draft', + }, + { + id: 'CWE-577', + name: 'EJB Bad Practices: Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-578', + name: 'EJB Bad Practices: Use of Class Loader', + status: 'Draft', + }, + { + id: 'CWE-579', + name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', + status: 'Draft', + }, + { + id: 'CWE-58', + name: 'Path Equivalence: Windows 8.3 Filename', + status: 'Incomplete', + }, + { + id: 'CWE-580', + name: 'clone() Method Without super.clone()', + status: 'Draft', + }, + { + id: 'CWE-581', + name: 'Object Model Violation: Just One of Equals and Hashcode Defined', + status: 'Draft', + }, + { + id: 'CWE-582', + name: 'Array Declared Public, Final, and Static', + status: 'Draft', + }, + { + id: 'CWE-583', + name: 'finalize() Method Declared Public', + status: 'Incomplete', + }, + { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, + { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, + { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, + { + id: 'CWE-587', + name: 'Assignment of a Fixed Address to a Pointer', + status: 'Draft', + }, + { + id: 'CWE-588', + name: 'Attempt to Access Child of a Non-structure Pointer', + status: 'Incomplete', + }, + { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, + { + id: 'CWE-59', + name: "Improper Link Resolution Before File Access ('Link Following')", + status: 'Draft', + }, + { + id: 'CWE-590', + name: 'Free of Memory not on the Heap', + status: 'Incomplete', + }, + { + id: 'CWE-591', + name: 'Sensitive Data Storage in Improperly Locked Memory', + status: 'Draft', + }, + { + id: 'CWE-592', + name: 'Authentication Bypass Issues', + status: 'Incomplete', + }, + { + id: 'CWE-593', + name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', + status: 'Draft', + }, + { + id: 'CWE-594', + name: 'J2EE Framework: Saving Unserializable Objects to Disk', + status: 'Incomplete', + }, + { + id: 'CWE-595', + name: 'Comparison of Object References Instead of Object Contents', + status: 'Incomplete', + }, + { + id: 'CWE-596', + name: 'Incorrect Semantic Object Comparison', + status: 'Incomplete', + }, + { + id: 'CWE-597', + name: 'Use of Wrong Operator in String Comparison', + status: 'Draft', + }, + { + id: 'CWE-598', + name: 'Information Exposure Through Query Strings in GET Request', + status: 'Draft', + }, + { + id: 'CWE-599', + name: 'Missing Validation of OpenSSL Certificate', + status: 'Incomplete', + }, + { + id: 'CWE-6', + name: 'J2EE Misconfiguration: Insufficient Session-ID Length', + status: 'Incomplete', + }, + { id: 'CWE-600', name: 'Uncaught Exception in Servlet ', status: 'Draft' }, + { + id: 'CWE-601', + name: "URL Redirection to Untrusted Site ('Open Redirect')", + status: 'Draft', + }, + { + id: 'CWE-602', + name: 'Client-Side Enforcement of Server-Side Security', + status: 'Draft', + }, + { + id: 'CWE-603', + name: 'Use of Client-Side Authentication', + status: 'Draft', + }, + { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, + { + id: 'CWE-606', + name: 'Unchecked Input for Loop Condition', + status: 'Draft', + }, + { + id: 'CWE-607', + name: 'Public Static Final Field References Mutable Object', + status: 'Draft', + }, + { + id: 'CWE-608', + name: 'Struts: Non-private Field in ActionForm Class', + status: 'Draft', + }, + { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, + { + id: 'CWE-610', + name: 'Externally Controlled Reference to a Resource in Another Sphere', + status: 'Draft', + }, + { + id: 'CWE-611', + name: "Improper Restriction of XML External Entity Reference ('XXE')", + status: 'Draft', + }, + { + id: 'CWE-612', + name: 'Information Exposure Through Indexing of Private Data', + status: 'Draft', + }, + { + id: 'CWE-613', + name: 'Insufficient Session Expiration', + status: 'Incomplete', + }, + { + id: 'CWE-614', + name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", + status: 'Draft', + }, + { + id: 'CWE-615', + name: 'Information Exposure Through Comments', + status: 'Incomplete', + }, + { + id: 'CWE-616', + name: 'Incomplete Identification of Uploaded File Variables (PHP)', + status: 'Incomplete', + }, + { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, + { + id: 'CWE-618', + name: 'Exposed Unsafe ActiveX Method', + status: 'Incomplete', + }, + { + id: 'CWE-619', + name: "Dangling Database Cursor ('Cursor Injection')", + status: 'Incomplete', + }, + { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, + { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, + { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, + { + id: 'CWE-622', + name: 'Improper Validation of Function Hook Arguments', + status: 'Draft', + }, + { + id: 'CWE-623', + name: 'Unsafe ActiveX Control Marked Safe For Scripting', + status: 'Draft', + }, + { + id: 'CWE-624', + name: 'Executable Regular Expression Error', + status: 'Incomplete', + }, + { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, + { + id: 'CWE-626', + name: 'Null Byte Interaction Error (Poison Null Byte)', + status: 'Draft', + }, + { + id: 'CWE-627', + name: 'Dynamic Variable Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-628', + name: 'Function Call with Incorrectly Specified Arguments', + status: 'Draft', + }, + { + id: 'CWE-636', + name: "Not Failing Securely ('Failing Open')", + status: 'Draft', + }, + { + id: 'CWE-637', + name: "Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')", + status: 'Draft', + }, + { id: 'CWE-638', name: 'Not Using Complete Mediation', status: 'Draft' }, + { + id: 'CWE-639', + name: 'Authorization Bypass Through User-Controlled Key', + status: 'Incomplete', + }, + { + id: 'CWE-64', + name: 'Windows Shortcut Following (.LNK)', + status: 'Incomplete', + }, + { + id: 'CWE-640', + name: 'Weak Password Recovery Mechanism for Forgotten Password', + status: 'Incomplete', + }, + { + id: 'CWE-641', + name: 'Improper Restriction of Names for Files and Other Resources', + status: 'Incomplete', + }, + { + id: 'CWE-642', + name: 'External Control of Critical State Data', + status: 'Draft', + }, + { + id: 'CWE-643', + name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-644', + name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', + status: 'Incomplete', + }, + { + id: 'CWE-645', + name: 'Overly Restrictive Account Lockout Mechanism', + status: 'Incomplete', + }, + { + id: 'CWE-646', + name: 'Reliance on File Name or Extension of Externally-Supplied File', + status: 'Incomplete', + }, + { + id: 'CWE-647', + name: 'Use of Non-Canonical URL Paths for Authorization Decisions', + status: 'Incomplete', + }, + { + id: 'CWE-648', + name: 'Incorrect Use of Privileged APIs', + status: 'Incomplete', + }, + { + id: 'CWE-649', + name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', + status: 'Incomplete', + }, + { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, + { + id: 'CWE-650', + name: 'Trusting HTTP Permission Methods on the Server Side', + status: 'Incomplete', + }, + { + id: 'CWE-651', + name: 'Information Exposure Through WSDL File', + status: 'Incomplete', + }, + { + id: 'CWE-652', + name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-653', + name: 'Insufficient Compartmentalization', + status: 'Draft', + }, + { + id: 'CWE-654', + name: 'Reliance on a Single Factor in a Security Decision', + status: 'Draft', + }, + { + id: 'CWE-655', + name: 'Insufficient Psychological Acceptability', + status: 'Draft', + }, + { + id: 'CWE-656', + name: 'Reliance on Security Through Obscurity', + status: 'Draft', + }, + { + id: 'CWE-657', + name: 'Violation of Secure Design Principles', + status: 'Draft', + }, + { + id: 'CWE-66', + name: 'Improper Handling of File Names that Identify Virtual Resources', + status: 'Draft', + }, + { id: 'CWE-662', name: 'Improper Synchronization', status: 'Draft' }, + { + id: 'CWE-663', + name: 'Use of a Non-reentrant Function in a Concurrent Context', + status: 'Draft', + }, + { + id: 'CWE-664', + name: 'Improper Control of a Resource Through its Lifetime', + status: 'Draft', + }, + { id: 'CWE-665', name: 'Improper Initialization', status: 'Draft' }, + { + id: 'CWE-666', + name: 'Operation on Resource in Wrong Phase of Lifetime', + status: 'Draft', + }, + { id: 'CWE-667', name: 'Improper Locking', status: 'Draft' }, + { + id: 'CWE-668', + name: 'Exposure of Resource to Wrong Sphere', + status: 'Draft', + }, + { + id: 'CWE-669', + name: 'Incorrect Resource Transfer Between Spheres', + status: 'Draft', + }, + { + id: 'CWE-67', + name: 'Improper Handling of Windows Device Names', + status: 'Incomplete', + }, + { + id: 'CWE-670', + name: 'Always-Incorrect Control Flow Implementation', + status: 'Draft', + }, + { + id: 'CWE-671', + name: 'Lack of Administrator Control over Security', + status: 'Draft', + }, + { + id: 'CWE-672', + name: 'Operation on a Resource after Expiration or Release', + status: 'Draft', + }, + { + id: 'CWE-673', + name: 'External Influence of Sphere Definition', + status: 'Draft', + }, + { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, + { + id: 'CWE-675', + name: 'Duplicate Operations on Resource', + status: 'Draft', + }, + { + id: 'CWE-676', + name: 'Use of Potentially Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-681', + name: 'Incorrect Conversion between Numeric Types', + status: 'Draft', + }, + { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, + { + id: 'CWE-683', + name: 'Function Call With Incorrect Order of Arguments', + status: 'Draft', + }, + { + id: 'CWE-684', + name: 'Incorrect Provision of Specified Functionality', + status: 'Draft', + }, + { + id: 'CWE-685', + name: 'Function Call With Incorrect Number of Arguments', + status: 'Draft', + }, + { + id: 'CWE-686', + name: 'Function Call With Incorrect Argument Type', + status: 'Draft', + }, + { + id: 'CWE-687', + name: 'Function Call With Incorrectly Specified Argument Value', + status: 'Draft', + }, + { + id: 'CWE-688', + name: 'Function Call With Incorrect Variable or Reference as Argument', + status: 'Draft', + }, + { + id: 'CWE-69', + name: 'Improper Handling of Windows ::DATA Alternate Data Stream', + status: 'Incomplete', + }, + { + id: 'CWE-691', + name: 'Insufficient Control Flow Management', + status: 'Draft', + }, + { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, + { + id: 'CWE-694', + name: 'Use of Multiple Resources with Duplicate Identifier', + status: 'Incomplete', + }, + { + id: 'CWE-695', + name: 'Use of Low-Level Functionality', + status: 'Incomplete', + }, + { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, + { id: 'CWE-697', name: 'Insufficient Comparison', status: 'Incomplete' }, + { + id: 'CWE-698', + name: 'Execution After Redirect (EAR)', + status: 'Incomplete', + }, + { + id: 'CWE-7', + name: 'J2EE Misconfiguration: Missing Custom Error Page', + status: 'Incomplete', + }, + { + id: 'CWE-703', + name: 'Improper Check or Handling of Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-704', + name: 'Incorrect Type Conversion or Cast', + status: 'Incomplete', + }, + { + id: 'CWE-705', + name: 'Incorrect Control Flow Scoping', + status: 'Incomplete', + }, + { + id: 'CWE-706', + name: 'Use of Incorrectly-Resolved Name or Reference', + status: 'Incomplete', + }, + { + id: 'CWE-707', + name: 'Improper Enforcement of Message or Data Structure', + status: 'Incomplete', + }, + { + id: 'CWE-708', + name: 'Incorrect Ownership Assignment', + status: 'Incomplete', + }, + { id: 'CWE-71', name: "Apple '.DS_Store'", status: 'Incomplete' }, + { id: 'CWE-710', name: 'Coding Standards Violation', status: 'Incomplete' }, + { + id: 'CWE-72', + name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', + status: 'Incomplete', + }, + { + id: 'CWE-73', + name: 'External Control of File Name or Path', + status: 'Draft', + }, + { + id: 'CWE-732', + name: 'Incorrect Permission Assignment for Critical Resource', + status: 'Draft', + }, + { + id: 'CWE-733', + name: 'Compiler Optimization Removal or Modification of Security-critical Code', + status: 'Incomplete', + }, + { + id: 'CWE-74', + name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-749', + name: 'Exposed Dangerous Method or Function', + status: 'Incomplete', + }, + { + id: 'CWE-75', + name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', + status: 'Draft', + }, + { + id: 'CWE-754', + name: 'Improper Check for Unusual or Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-755', + name: 'Improper Handling of Exceptional Conditions', + status: 'Incomplete', + }, + { id: 'CWE-756', name: 'Missing Custom Error Page', status: 'Incomplete' }, + { + id: 'CWE-757', + name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", + status: 'Incomplete', + }, + { + id: 'CWE-758', + name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', + status: 'Incomplete', + }, + { + id: 'CWE-759', + name: 'Use of a One-Way Hash without a Salt', + status: 'Incomplete', + }, + { + id: 'CWE-76', + name: 'Improper Neutralization of Equivalent Special Elements', + status: 'Draft', + }, + { + id: 'CWE-760', + name: 'Use of a One-Way Hash with a Predictable Salt', + status: 'Incomplete', + }, + { + id: 'CWE-761', + name: 'Free of Pointer not at Start of Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-762', + name: 'Mismatched Memory Management Routines', + status: 'Incomplete', + }, + { + id: 'CWE-763', + name: 'Release of Invalid Pointer or Reference', + status: 'Incomplete', + }, + { + id: 'CWE-764', + name: 'Multiple Locks of a Critical Resource', + status: 'Incomplete', + }, + { + id: 'CWE-765', + name: 'Multiple Unlocks of a Critical Resource', + status: 'Incomplete', + }, + { + id: 'CWE-766', + name: 'Critical Variable Declared Public', + status: 'Incomplete', + }, + { + id: 'CWE-767', + name: 'Access to Critical Private Variable via Public Method', + status: 'Incomplete', + }, + { + id: 'CWE-768', + name: 'Incorrect Short Circuit Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-77', + name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", + status: 'Draft', + }, + { + id: 'CWE-770', + name: 'Allocation of Resources Without Limits or Throttling', + status: 'Incomplete', + }, + { + id: 'CWE-771', + name: 'Missing Reference to Active Allocated Resource', + status: 'Incomplete', + }, + { + id: 'CWE-772', + name: 'Missing Release of Resource after Effective Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-773', + name: 'Missing Reference to Active File Descriptor or Handle', + status: 'Incomplete', + }, + { + id: 'CWE-774', + name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', + status: 'Incomplete', + }, + { + id: 'CWE-775', + name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-776', + name: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", + status: 'Draft', + }, + { + id: 'CWE-777', + name: 'Regular Expression without Anchors', + status: 'Incomplete', + }, + { id: 'CWE-778', name: 'Insufficient Logging', status: 'Draft' }, + { id: 'CWE-779', name: 'Logging of Excessive Data', status: 'Draft' }, + { + id: 'CWE-78', + name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", + status: 'Draft', + }, + { + id: 'CWE-780', + name: 'Use of RSA Algorithm without OAEP', + status: 'Incomplete', + }, + { + id: 'CWE-781', + name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', + status: 'Draft', + }, + { + id: 'CWE-782', + name: 'Exposed IOCTL with Insufficient Access Control', + status: 'Draft', + }, + { id: 'CWE-783', name: 'Operator Precedence Logic Error', status: 'Draft' }, + { + id: 'CWE-784', + name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', + status: 'Draft', + }, + { + id: 'CWE-785', + name: 'Use of Path Manipulation Function without Maximum-sized Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-786', + name: 'Access of Memory Location Before Start of Buffer', + status: 'Incomplete', + }, + { id: 'CWE-787', name: 'Out-of-bounds Write', status: 'Incomplete' }, + { + id: 'CWE-788', + name: 'Access of Memory Location After End of Buffer', + status: 'Incomplete', + }, + { id: 'CWE-789', name: 'Uncontrolled Memory Allocation', status: 'Draft' }, + { + id: 'CWE-79', + name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + status: 'Usable', + }, + { + id: 'CWE-790', + name: 'Improper Filtering of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-791', + name: 'Incomplete Filtering of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-792', + name: 'Incomplete Filtering of One or More Instances of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-793', + name: 'Only Filtering One Instance of a Special Element', + status: 'Incomplete', + }, + { + id: 'CWE-794', + name: 'Incomplete Filtering of Multiple Instances of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-795', + name: 'Only Filtering Special Elements at a Specified Location', + status: 'Incomplete', + }, + { + id: 'CWE-796', + name: 'Only Filtering Special Elements Relative to a Marker', + status: 'Incomplete', + }, + { + id: 'CWE-797', + name: 'Only Filtering Special Elements at an Absolute Position', + status: 'Incomplete', + }, + { + id: 'CWE-798', + name: 'Use of Hard-coded Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-799', + name: 'Improper Control of Interaction Frequency', + status: 'Incomplete', + }, + { + id: 'CWE-8', + name: 'J2EE Misconfiguration: Entity Bean Declared Remote', + status: 'Incomplete', + }, + { + id: 'CWE-80', + name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', + status: 'Incomplete', + }, + { id: 'CWE-804', name: 'Guessable CAPTCHA', status: 'Incomplete' }, + { + id: 'CWE-805', + name: 'Buffer Access with Incorrect Length Value', + status: 'Incomplete', + }, + { + id: 'CWE-806', + name: 'Buffer Access Using Size of Source Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-807', + name: 'Reliance on Untrusted Inputs in a Security Decision', + status: 'Incomplete', + }, + { + id: 'CWE-81', + name: 'Improper Neutralization of Script in an Error Message Web Page', + status: 'Incomplete', + }, + { + id: 'CWE-82', + name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', + status: 'Incomplete', + }, + { id: 'CWE-820', name: 'Missing Synchronization', status: 'Incomplete' }, + { id: 'CWE-821', name: 'Incorrect Synchronization', status: 'Incomplete' }, + { + id: 'CWE-822', + name: 'Untrusted Pointer Dereference', + status: 'Incomplete', + }, + { + id: 'CWE-823', + name: 'Use of Out-of-range Pointer Offset', + status: 'Incomplete', + }, + { + id: 'CWE-824', + name: 'Access of Uninitialized Pointer', + status: 'Incomplete', + }, + { + id: 'CWE-825', + name: 'Expired Pointer Dereference', + status: 'Incomplete', + }, + { + id: 'CWE-826', + name: 'Premature Release of Resource During Expected Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-827', + name: 'Improper Control of Document Type Definition', + status: 'Incomplete', + }, + { + id: 'CWE-828', + name: 'Signal Handler with Functionality that is not Asynchronous-Safe', + status: 'Incomplete', + }, + { + id: 'CWE-829', + name: 'Inclusion of Functionality from Untrusted Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-83', + name: 'Improper Neutralization of Script in Attributes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-830', + name: 'Inclusion of Web Functionality from an Untrusted Source', + status: 'Incomplete', + }, + { + id: 'CWE-831', + name: 'Signal Handler Function Associated with Multiple Signals', + status: 'Incomplete', + }, + { + id: 'CWE-832', + name: 'Unlock of a Resource that is not Locked', + status: 'Incomplete', + }, + { id: 'CWE-833', name: 'Deadlock', status: 'Incomplete' }, + { id: 'CWE-834', name: 'Excessive Iteration', status: 'Incomplete' }, + { + id: 'CWE-835', + name: "Loop with Unreachable Exit Condition ('Infinite Loop')", + status: 'Incomplete', + }, + { + id: 'CWE-836', + name: 'Use of Password Hash Instead of Password for Authentication', + status: 'Incomplete', + }, + { + id: 'CWE-837', + name: 'Improper Enforcement of a Single, Unique Action', + status: 'Incomplete', + }, + { + id: 'CWE-838', + name: 'Inappropriate Encoding for Output Context', + status: 'Incomplete', + }, + { + id: 'CWE-839', + name: 'Numeric Range Comparison Without Minimum Check', + status: 'Incomplete', + }, + { + id: 'CWE-84', + name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-841', + name: 'Improper Enforcement of Behavioral Workflow', + status: 'Incomplete', + }, + { + id: 'CWE-842', + name: 'Placement of User into Incorrect Group', + status: 'Incomplete', + }, + { + id: 'CWE-843', + name: "Access of Resource Using Incompatible Type ('Type Confusion')", + status: 'Incomplete', + }, + { + id: 'CWE-85', + name: 'Doubled Character XSS Manipulations', + status: 'Draft', + }, + { + id: 'CWE-86', + name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', + status: 'Draft', + }, + { id: 'CWE-862', name: 'Missing Authorization', status: 'Incomplete' }, + { id: 'CWE-863', name: 'Incorrect Authorization', status: 'Incomplete' }, + { + id: 'CWE-87', + name: 'Improper Neutralization of Alternate XSS Syntax', + status: 'Draft', + }, + { + id: 'CWE-88', + name: 'Argument Injection or Modification', + status: 'Draft', + }, + { + id: 'CWE-89', + name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + status: 'Draft', + }, + { + id: 'CWE-9', + name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', + status: 'Draft', + }, + { + id: 'CWE-90', + name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", + status: 'Draft', + }, + { + id: 'CWE-908', + name: 'Use of Uninitialized Resource', + status: 'Incomplete', + }, + { + id: 'CWE-909', + name: 'Missing Initialization of Resource', + status: 'Incomplete', + }, + { + id: 'CWE-91', + name: 'XML Injection (aka Blind XPath Injection)', + status: 'Draft', + }, + { + id: 'CWE-910', + name: 'Use of Expired File Descriptor', + status: 'Incomplete', + }, + { + id: 'CWE-911', + name: 'Improper Update of Reference Count', + status: 'Incomplete', + }, + { id: 'CWE-912', name: 'Hidden Functionality', status: 'Incomplete' }, + { + id: 'CWE-913', + name: 'Improper Control of Dynamically-Managed Code Resources', + status: 'Incomplete', + }, + { + id: 'CWE-914', + name: 'Improper Control of Dynamically-Identified Variables', + status: 'Incomplete', + }, + { + id: 'CWE-915', + name: 'Improperly Controlled Modification of Dynamically-Determined Object Attributes', + status: 'Incomplete', + }, + { + id: 'CWE-916', + name: 'Use of Password Hash With Insufficient Computational Effort', + status: 'Incomplete', + }, + { + id: 'CWE-917', + name: "Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-918', + name: 'Server-Side Request Forgery (SSRF)', + status: 'Incomplete', + }, + { + id: 'CWE-92', + name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', + status: 'Deprecated', + }, + { + id: 'CWE-920', + name: 'Improper Restriction of Power Consumption', + status: 'Incomplete', + }, + { + id: 'CWE-921', + name: 'Storage of Sensitive Data in a Mechanism without Access Control', + status: 'Incomplete', + }, + { + id: 'CWE-922', + name: 'Insecure Storage of Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-923', + name: 'Improper Restriction of Communication Channel to Intended Endpoints', + status: 'Incomplete', + }, + { + id: 'CWE-924', + name: 'Improper Enforcement of Message Integrity During Transmission in a Communication Channel', + status: 'Incomplete', + }, + { + id: 'CWE-925', + name: 'Improper Verification of Intent by Broadcast Receiver', + status: 'Incomplete', + }, + { + id: 'CWE-926', + name: 'Improper Export of Android Application Components', + status: 'Incomplete', + }, + { + id: 'CWE-927', + name: 'Use of Implicit Intent for Sensitive Communication', + status: 'Incomplete', + }, + { + id: 'CWE-93', + name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", + status: 'Draft', + }, + { + id: 'CWE-939', + name: 'Improper Authorization in Handler for Custom URL Scheme', + status: 'Incomplete', + }, + { + id: 'CWE-94', + name: "Improper Control of Generation of Code ('Code Injection')", + status: 'Draft', + }, + { + id: 'CWE-940', + name: 'Improper Verification of Source of a Communication Channel', + status: 'Incomplete', + }, + { + id: 'CWE-941', + name: 'Incorrectly Specified Destination in a Communication Channel', + status: 'Incomplete', + }, + { + id: 'CWE-95', + name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-96', + name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", + status: 'Draft', + }, + { + id: 'CWE-97', + name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', + status: 'Draft', + }, + { + id: 'CWE-98', + name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", + status: 'Draft', + }, + { + id: 'CWE-99', + name: "Improper Control of Resource Identifiers ('Resource Injection')", + status: 'Draft', + }, + ], +} diff --git a/lib/cwec/2.7.js b/lib/cwec/2.7.js new file mode 100644 index 00000000..731d71d6 --- /dev/null +++ b/lib/cwec/2.7.js @@ -0,0 +1,2999 @@ +export default { + weaknesses: [ + { + id: 'CWE-102', + name: 'Struts: Duplicate Validation Forms', + status: 'Incomplete', + }, + { + id: 'CWE-103', + name: 'Struts: Incomplete validate() Method Definition', + status: 'Draft', + }, + { + id: 'CWE-104', + name: 'Struts: Form Bean Does Not Extend Validation Class', + status: 'Draft', + }, + { + id: 'CWE-105', + name: 'Struts: Form Field Without Validator', + status: 'Draft', + }, + { + id: 'CWE-106', + name: 'Struts: Plug-in Framework not in Use', + status: 'Draft', + }, + { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, + { + id: 'CWE-108', + name: 'Struts: Unvalidated Action Form', + status: 'Incomplete', + }, + { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, + { + id: 'CWE-11', + name: 'ASP.NET Misconfiguration: Creating Debug Binary', + status: 'Draft', + }, + { + id: 'CWE-110', + name: 'Struts: Validator Without Form Field', + status: 'Draft', + }, + { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, + { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, + { + id: 'CWE-113', + name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')", + status: 'Incomplete', + }, + { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, + { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, + { + id: 'CWE-116', + name: 'Improper Encoding or Escaping of Output', + status: 'Draft', + }, + { + id: 'CWE-117', + name: 'Improper Output Neutralization for Logs', + status: 'Draft', + }, + { + id: 'CWE-118', + name: "Improper Access of Indexable Resource ('Range Error')", + status: 'Incomplete', + }, + { + id: 'CWE-119', + name: 'Improper Restriction of Operations within the Bounds of a Memory Buffer', + status: 'Usable', + }, + { + id: 'CWE-12', + name: 'ASP.NET Misconfiguration: Missing Custom Error Page', + status: 'Draft', + }, + { + id: 'CWE-120', + name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", + status: 'Incomplete', + }, + { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, + { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, + { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, + { + id: 'CWE-124', + name: "Buffer Underwrite ('Buffer Underflow')", + status: 'Incomplete', + }, + { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, + { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, + { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, + { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, + { + id: 'CWE-129', + name: 'Improper Validation of Array Index', + status: 'Draft', + }, + { + id: 'CWE-13', + name: 'ASP.NET Misconfiguration: Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-130', + name: 'Improper Handling of Length Parameter Inconsistency ', + status: 'Incomplete', + }, + { + id: 'CWE-131', + name: 'Incorrect Calculation of Buffer Size', + status: 'Draft', + }, + { + id: 'CWE-132', + name: 'DEPRECATED (Duplicate): Miscalculated Null Termination', + status: 'Deprecated', + }, + { id: 'CWE-134', name: 'Uncontrolled Format String', status: 'Draft' }, + { + id: 'CWE-135', + name: 'Incorrect Calculation of Multi-Byte String Length', + status: 'Draft', + }, + { + id: 'CWE-138', + name: 'Improper Neutralization of Special Elements', + status: 'Draft', + }, + { + id: 'CWE-14', + name: 'Compiler Removal of Code to Clear Buffers', + status: 'Draft', + }, + { + id: 'CWE-140', + name: 'Improper Neutralization of Delimiters', + status: 'Draft', + }, + { + id: 'CWE-141', + name: 'Improper Neutralization of Parameter/Argument Delimiters', + status: 'Draft', + }, + { + id: 'CWE-142', + name: 'Improper Neutralization of Value Delimiters', + status: 'Draft', + }, + { + id: 'CWE-143', + name: 'Improper Neutralization of Record Delimiters', + status: 'Draft', + }, + { + id: 'CWE-144', + name: 'Improper Neutralization of Line Delimiters', + status: 'Draft', + }, + { + id: 'CWE-145', + name: 'Improper Neutralization of Section Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-146', + name: 'Improper Neutralization of Expression/Command Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-147', + name: 'Improper Neutralization of Input Terminators', + status: 'Draft', + }, + { + id: 'CWE-148', + name: 'Improper Neutralization of Input Leaders', + status: 'Draft', + }, + { + id: 'CWE-149', + name: 'Improper Neutralization of Quoting Syntax', + status: 'Draft', + }, + { + id: 'CWE-15', + name: 'External Control of System or Configuration Setting', + status: 'Incomplete', + }, + { + id: 'CWE-150', + name: 'Improper Neutralization of Escape, Meta, or Control Sequences', + status: 'Incomplete', + }, + { + id: 'CWE-151', + name: 'Improper Neutralization of Comment Delimiters', + status: 'Draft', + }, + { + id: 'CWE-152', + name: 'Improper Neutralization of Macro Symbols', + status: 'Draft', + }, + { + id: 'CWE-153', + name: 'Improper Neutralization of Substitution Characters', + status: 'Draft', + }, + { + id: 'CWE-154', + name: 'Improper Neutralization of Variable Name Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-155', + name: 'Improper Neutralization of Wildcards or Matching Symbols', + status: 'Draft', + }, + { + id: 'CWE-156', + name: 'Improper Neutralization of Whitespace', + status: 'Draft', + }, + { + id: 'CWE-157', + name: 'Failure to Sanitize Paired Delimiters', + status: 'Draft', + }, + { + id: 'CWE-158', + name: 'Improper Neutralization of Null Byte or NUL Character', + status: 'Incomplete', + }, + { + id: 'CWE-159', + name: 'Failure to Sanitize Special Element', + status: 'Draft', + }, + { + id: 'CWE-160', + name: 'Improper Neutralization of Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-161', + name: 'Improper Neutralization of Multiple Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-162', + name: 'Improper Neutralization of Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-163', + name: 'Improper Neutralization of Multiple Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-164', + name: 'Improper Neutralization of Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-165', + name: 'Improper Neutralization of Multiple Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-166', + name: 'Improper Handling of Missing Special Element', + status: 'Draft', + }, + { + id: 'CWE-167', + name: 'Improper Handling of Additional Special Element', + status: 'Draft', + }, + { + id: 'CWE-168', + name: 'Improper Handling of Inconsistent Special Elements', + status: 'Draft', + }, + { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, + { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, + { + id: 'CWE-173', + name: 'Improper Handling of Alternate Encoding', + status: 'Draft', + }, + { + id: 'CWE-174', + name: 'Double Decoding of the Same Data', + status: 'Draft', + }, + { + id: 'CWE-175', + name: 'Improper Handling of Mixed Encoding', + status: 'Draft', + }, + { + id: 'CWE-176', + name: 'Improper Handling of Unicode Encoding', + status: 'Draft', + }, + { + id: 'CWE-177', + name: 'Improper Handling of URL Encoding (Hex Encoding)', + status: 'Draft', + }, + { + id: 'CWE-178', + name: 'Improper Handling of Case Sensitivity', + status: 'Incomplete', + }, + { + id: 'CWE-179', + name: 'Incorrect Behavior Order: Early Validation', + status: 'Incomplete', + }, + { + id: 'CWE-180', + name: 'Incorrect Behavior Order: Validate Before Canonicalize', + status: 'Draft', + }, + { + id: 'CWE-181', + name: 'Incorrect Behavior Order: Validate Before Filter', + status: 'Draft', + }, + { + id: 'CWE-182', + name: 'Collapse of Data into Unsafe Value', + status: 'Draft', + }, + { id: 'CWE-183', name: 'Permissive Whitelist', status: 'Draft' }, + { id: 'CWE-184', name: 'Incomplete Blacklist', status: 'Draft' }, + { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, + { + id: 'CWE-186', + name: 'Overly Restrictive Regular Expression', + status: 'Draft', + }, + { id: 'CWE-187', name: 'Partial Comparison', status: 'Incomplete' }, + { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, + { + id: 'CWE-190', + name: 'Integer Overflow or Wraparound', + status: 'Incomplete', + }, + { + id: 'CWE-191', + name: 'Integer Underflow (Wrap or Wraparound)', + status: 'Draft', + }, + { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, + { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, + { + id: 'CWE-195', + name: 'Signed to Unsigned Conversion Error', + status: 'Draft', + }, + { + id: 'CWE-196', + name: 'Unsigned to Signed Conversion Error', + status: 'Draft', + }, + { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, + { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, + { id: 'CWE-20', name: 'Improper Input Validation', status: 'Usable' }, + { id: 'CWE-200', name: 'Information Exposure', status: 'Incomplete' }, + { + id: 'CWE-201', + name: 'Information Exposure Through Sent Data', + status: 'Draft', + }, + { + id: 'CWE-202', + name: 'Exposure of Sensitive Data Through Data Queries', + status: 'Draft', + }, + { + id: 'CWE-203', + name: 'Information Exposure Through Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-204', + name: 'Response Discrepancy Information Exposure', + status: 'Incomplete', + }, + { + id: 'CWE-205', + name: 'Information Exposure Through Behavioral Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-206', + name: 'Information Exposure of Internal State Through Behavioral Inconsistency', + status: 'Incomplete', + }, + { + id: 'CWE-207', + name: 'Information Exposure Through an External Behavioral Inconsistency', + status: 'Draft', + }, + { + id: 'CWE-208', + name: 'Information Exposure Through Timing Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-209', + name: 'Information Exposure Through an Error Message', + status: 'Draft', + }, + { + id: 'CWE-210', + name: 'Information Exposure Through Self-generated Error Message', + status: 'Draft', + }, + { + id: 'CWE-211', + name: 'Information Exposure Through Externally-generated Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-212', + name: 'Improper Cross-boundary Removal of Sensitive Data', + status: 'Incomplete', + }, + { + id: 'CWE-213', + name: 'Intentional Information Exposure', + status: 'Draft', + }, + { + id: 'CWE-214', + name: 'Information Exposure Through Process Environment', + status: 'Incomplete', + }, + { + id: 'CWE-215', + name: 'Information Exposure Through Debug Information', + status: 'Draft', + }, + { + id: 'CWE-216', + name: 'Containment Errors (Container Errors)', + status: 'Incomplete', + }, + { + id: 'CWE-217', + name: 'DEPRECATED: Failure to Protect Stored Data from Modification', + status: 'Deprecated', + }, + { + id: 'CWE-218', + name: 'DEPRECATED (Duplicate): Failure to provide confidentiality for stored data', + status: 'Deprecated', + }, + { id: 'CWE-219', name: 'Sensitive Data Under Web Root', status: 'Draft' }, + { + id: 'CWE-22', + name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + status: 'Draft', + }, + { id: 'CWE-220', name: 'Sensitive Data Under FTP Root', status: 'Draft' }, + { + id: 'CWE-221', + name: 'Information Loss or Omission', + status: 'Incomplete', + }, + { + id: 'CWE-222', + name: 'Truncation of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-223', + name: 'Omission of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-224', + name: 'Obscured Security-relevant Information by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-225', + name: 'DEPRECATED (Duplicate): General Information Management Problems', + status: 'Deprecated', + }, + { + id: 'CWE-226', + name: 'Sensitive Information Uncleared Before Release', + status: 'Draft', + }, + { + id: 'CWE-227', + name: "Improper Fulfillment of API Contract ('API Abuse')", + status: 'Draft', + }, + { + id: 'CWE-228', + name: 'Improper Handling of Syntactically Invalid Structure', + status: 'Incomplete', + }, + { + id: 'CWE-229', + name: 'Improper Handling of Values', + status: 'Incomplete', + }, + { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, + { + id: 'CWE-230', + name: 'Improper Handling of Missing Values', + status: 'Draft', + }, + { + id: 'CWE-231', + name: 'Improper Handling of Extra Values', + status: 'Draft', + }, + { + id: 'CWE-232', + name: 'Improper Handling of Undefined Values', + status: 'Draft', + }, + { + id: 'CWE-233', + name: 'Improper Handling of Parameters', + status: 'Incomplete', + }, + { + id: 'CWE-234', + name: 'Failure to Handle Missing Parameter', + status: 'Incomplete', + }, + { + id: 'CWE-235', + name: 'Improper Handling of Extra Parameters', + status: 'Draft', + }, + { + id: 'CWE-236', + name: 'Improper Handling of Undefined Parameters', + status: 'Draft', + }, + { + id: 'CWE-237', + name: 'Improper Handling of Structural Elements', + status: 'Incomplete', + }, + { + id: 'CWE-238', + name: 'Improper Handling of Incomplete Structural Elements', + status: 'Draft', + }, + { + id: 'CWE-239', + name: 'Failure to Handle Incomplete Element', + status: 'Draft', + }, + { + id: 'CWE-24', + name: "Path Traversal: '../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-240', + name: 'Improper Handling of Inconsistent Structural Elements', + status: 'Draft', + }, + { + id: 'CWE-241', + name: 'Improper Handling of Unexpected Data Type', + status: 'Draft', + }, + { + id: 'CWE-242', + name: 'Use of Inherently Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-243', + name: 'Creation of chroot Jail Without Changing Working Directory', + status: 'Draft', + }, + { + id: 'CWE-244', + name: "Improper Clearing of Heap Memory Before Release ('Heap Inspection')", + status: 'Draft', + }, + { + id: 'CWE-245', + name: 'J2EE Bad Practices: Direct Management of Connections', + status: 'Draft', + }, + { + id: 'CWE-246', + name: 'J2EE Bad Practices: Direct Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-247', + name: 'DEPRECATED (Duplicate): Reliance on DNS Lookups in a Security Decision', + status: 'Deprecated', + }, + { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, + { + id: 'CWE-249', + name: 'DEPRECATED: Often Misused: Path Manipulation', + status: 'Deprecated', + }, + { + id: 'CWE-25', + name: "Path Traversal: '/../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-250', + name: 'Execution with Unnecessary Privileges', + status: 'Draft', + }, + { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, + { + id: 'CWE-253', + name: 'Incorrect Check of Function Return Value', + status: 'Incomplete', + }, + { + id: 'CWE-256', + name: 'Plaintext Storage of a Password', + status: 'Incomplete', + }, + { + id: 'CWE-257', + name: 'Storing Passwords in a Recoverable Format', + status: 'Incomplete', + }, + { + id: 'CWE-258', + name: 'Empty Password in Configuration File', + status: 'Incomplete', + }, + { id: 'CWE-259', name: 'Use of Hard-coded Password', status: 'Draft' }, + { + id: 'CWE-26', + name: "Path Traversal: '/dir/../filename'", + status: 'Draft', + }, + { + id: 'CWE-260', + name: 'Password in Configuration File', + status: 'Incomplete', + }, + { + id: 'CWE-261', + name: 'Weak Cryptography for Passwords', + status: 'Incomplete', + }, + { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, + { + id: 'CWE-263', + name: 'Password Aging with Long Expiration', + status: 'Draft', + }, + { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, + { + id: 'CWE-267', + name: 'Privilege Defined With Unsafe Actions', + status: 'Incomplete', + }, + { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, + { + id: 'CWE-269', + name: 'Improper Privilege Management', + status: 'Incomplete', + }, + { + id: 'CWE-27', + name: "Path Traversal: 'dir/../../filename'", + status: 'Draft', + }, + { + id: 'CWE-270', + name: 'Privilege Context Switching Error', + status: 'Draft', + }, + { + id: 'CWE-271', + name: 'Privilege Dropping / Lowering Errors', + status: 'Incomplete', + }, + { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, + { + id: 'CWE-273', + name: 'Improper Check for Dropped Privileges', + status: 'Incomplete', + }, + { + id: 'CWE-274', + name: 'Improper Handling of Insufficient Privileges', + status: 'Draft', + }, + { id: 'CWE-276', name: 'Incorrect Default Permissions', status: 'Draft' }, + { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, + { + id: 'CWE-278', + name: 'Insecure Preserved Inherited Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-279', + name: 'Incorrect Execution-Assigned Permissions', + status: 'Draft', + }, + { + id: 'CWE-28', + name: "Path Traversal: '..\\filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-280', + name: 'Improper Handling of Insufficient Permissions or Privileges ', + status: 'Draft', + }, + { + id: 'CWE-281', + name: 'Improper Preservation of Permissions', + status: 'Draft', + }, + { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, + { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, + { id: 'CWE-284', name: 'Improper Access Control', status: 'Incomplete' }, + { id: 'CWE-285', name: 'Improper Authorization', status: 'Draft' }, + { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, + { id: 'CWE-287', name: 'Improper Authentication', status: 'Draft' }, + { + id: 'CWE-288', + name: 'Authentication Bypass Using an Alternate Path or Channel', + status: 'Incomplete', + }, + { + id: 'CWE-289', + name: 'Authentication Bypass by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-29', + name: "Path Traversal: '\\..\\filename'", + status: 'Incomplete', + }, + { + id: 'CWE-290', + name: 'Authentication Bypass by Spoofing', + status: 'Incomplete', + }, + { + id: 'CWE-291', + name: 'Reliance on IP Address for Authentication', + status: 'Incomplete', + }, + { + id: 'CWE-292', + name: 'DEPRECATED (Duplicate): Trusting Self-reported DNS Name', + status: 'Deprecated', + }, + { + id: 'CWE-293', + name: 'Using Referer Field for Authentication', + status: 'Draft', + }, + { + id: 'CWE-294', + name: 'Authentication Bypass by Capture-replay', + status: 'Incomplete', + }, + { + id: 'CWE-295', + name: 'Improper Certificate Validation', + status: 'Incomplete', + }, + { + id: 'CWE-296', + name: "Improper Following of a Certificate's Chain of Trust", + status: 'Draft', + }, + { + id: 'CWE-297', + name: 'Improper Validation of Certificate with Host Mismatch', + status: 'Incomplete', + }, + { + id: 'CWE-298', + name: 'Improper Validation of Certificate Expiration', + status: 'Draft', + }, + { + id: 'CWE-299', + name: 'Improper Check for Certificate Revocation', + status: 'Draft', + }, + { + id: 'CWE-30', + name: "Path Traversal: '\\dir\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-300', + name: "Channel Accessible by Non-Endpoint ('Man-in-the-Middle')", + status: 'Draft', + }, + { + id: 'CWE-301', + name: 'Reflection Attack in an Authentication Protocol', + status: 'Draft', + }, + { + id: 'CWE-302', + name: 'Authentication Bypass by Assumed-Immutable Data', + status: 'Incomplete', + }, + { + id: 'CWE-303', + name: 'Incorrect Implementation of Authentication Algorithm', + status: 'Draft', + }, + { + id: 'CWE-304', + name: 'Missing Critical Step in Authentication', + status: 'Draft', + }, + { + id: 'CWE-305', + name: 'Authentication Bypass by Primary Weakness', + status: 'Draft', + }, + { + id: 'CWE-306', + name: 'Missing Authentication for Critical Function', + status: 'Draft', + }, + { + id: 'CWE-307', + name: 'Improper Restriction of Excessive Authentication Attempts', + status: 'Draft', + }, + { + id: 'CWE-308', + name: 'Use of Single-factor Authentication', + status: 'Draft', + }, + { + id: 'CWE-309', + name: 'Use of Password System for Primary Authentication', + status: 'Draft', + }, + { + id: 'CWE-31', + name: "Path Traversal: 'dir\\..\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-311', + name: 'Missing Encryption of Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-312', + name: 'Cleartext Storage of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-313', + name: 'Cleartext Storage in a File or on Disk', + status: 'Draft', + }, + { + id: 'CWE-314', + name: 'Cleartext Storage in the Registry', + status: 'Draft', + }, + { + id: 'CWE-315', + name: 'Cleartext Storage of Sensitive Information in a Cookie', + status: 'Draft', + }, + { + id: 'CWE-316', + name: 'Cleartext Storage of Sensitive Information in Memory', + status: 'Draft', + }, + { + id: 'CWE-317', + name: 'Cleartext Storage of Sensitive Information in GUI', + status: 'Draft', + }, + { + id: 'CWE-318', + name: 'Cleartext Storage of Sensitive Information in Executable', + status: 'Draft', + }, + { + id: 'CWE-319', + name: 'Cleartext Transmission of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-32', + name: "Path Traversal: '...' (Triple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-321', + name: 'Use of Hard-coded Cryptographic Key', + status: 'Draft', + }, + { + id: 'CWE-322', + name: 'Key Exchange without Entity Authentication', + status: 'Draft', + }, + { + id: 'CWE-323', + name: 'Reusing a Nonce, Key Pair in Encryption', + status: 'Incomplete', + }, + { + id: 'CWE-324', + name: 'Use of a Key Past its Expiration Date', + status: 'Draft', + }, + { + id: 'CWE-325', + name: 'Missing Required Cryptographic Step', + status: 'Incomplete', + }, + { id: 'CWE-326', name: 'Inadequate Encryption Strength', status: 'Draft' }, + { + id: 'CWE-327', + name: 'Use of a Broken or Risky Cryptographic Algorithm', + status: 'Draft', + }, + { id: 'CWE-328', name: 'Reversible One-Way Hash', status: 'Draft' }, + { + id: 'CWE-329', + name: 'Not Using a Random IV with CBC Mode', + status: 'Draft', + }, + { + id: 'CWE-33', + name: "Path Traversal: '....' (Multiple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-330', + name: 'Use of Insufficiently Random Values', + status: 'Usable', + }, + { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, + { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, + { + id: 'CWE-333', + name: 'Improper Handling of Insufficient Entropy in TRNG', + status: 'Draft', + }, + { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, + { id: 'CWE-335', name: 'PRNG Seed Error', status: 'Draft' }, + { id: 'CWE-336', name: 'Same Seed in PRNG', status: 'Draft' }, + { id: 'CWE-337', name: 'Predictable Seed in PRNG', status: 'Draft' }, + { + id: 'CWE-338', + name: 'Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + }, + { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, + { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, + { id: 'CWE-340', name: 'Predictability Problems', status: 'Incomplete' }, + { + id: 'CWE-341', + name: 'Predictable from Observable State', + status: 'Draft', + }, + { + id: 'CWE-342', + name: 'Predictable Exact Value from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-343', + name: 'Predictable Value Range from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-344', + name: 'Use of Invariant Value in Dynamically Changing Context', + status: 'Draft', + }, + { + id: 'CWE-345', + name: 'Insufficient Verification of Data Authenticity', + status: 'Draft', + }, + { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, + { + id: 'CWE-347', + name: 'Improper Verification of Cryptographic Signature', + status: 'Draft', + }, + { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, + { + id: 'CWE-349', + name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', + status: 'Draft', + }, + { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, + { + id: 'CWE-350', + name: 'Reliance on Reverse DNS Resolution for a Security-Critical Action', + status: 'Draft', + }, + { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, + { + id: 'CWE-353', + name: 'Missing Support for Integrity Check', + status: 'Draft', + }, + { + id: 'CWE-354', + name: 'Improper Validation of Integrity Check Value', + status: 'Draft', + }, + { + id: 'CWE-356', + name: 'Product UI does not Warn User of Unsafe Actions', + status: 'Incomplete', + }, + { + id: 'CWE-357', + name: 'Insufficient UI Warning of Dangerous Operations', + status: 'Draft', + }, + { + id: 'CWE-358', + name: 'Improperly Implemented Security Check for Standard', + status: 'Draft', + }, + { + id: 'CWE-359', + name: "Exposure of Private Information ('Privacy Violation')", + status: 'Incomplete', + }, + { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, + { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, + { + id: 'CWE-362', + name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", + status: 'Draft', + }, + { + id: 'CWE-363', + name: 'Race Condition Enabling Link Following', + status: 'Draft', + }, + { + id: 'CWE-364', + name: 'Signal Handler Race Condition', + status: 'Incomplete', + }, + { id: 'CWE-365', name: 'Race Condition in Switch', status: 'Draft' }, + { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, + { + id: 'CWE-367', + name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', + status: 'Incomplete', + }, + { + id: 'CWE-368', + name: 'Context Switching Race Condition', + status: 'Draft', + }, + { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, + { + id: 'CWE-37', + name: "Path Traversal: '/absolute/pathname/here'", + status: 'Draft', + }, + { + id: 'CWE-370', + name: 'Missing Check for Certificate Revocation after Initial Check', + status: 'Draft', + }, + { + id: 'CWE-372', + name: 'Incomplete Internal State Distinction', + status: 'Draft', + }, + { + id: 'CWE-373', + name: 'DEPRECATED: State Synchronization Error', + status: 'Deprecated', + }, + { + id: 'CWE-374', + name: 'Passing Mutable Objects to an Untrusted Method', + status: 'Draft', + }, + { + id: 'CWE-375', + name: 'Returning a Mutable Object to an Untrusted Caller', + status: 'Draft', + }, + { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, + { + id: 'CWE-378', + name: 'Creation of Temporary File With Insecure Permissions', + status: 'Draft', + }, + { + id: 'CWE-379', + name: 'Creation of Temporary File in Directory with Incorrect Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-38', + name: "Path Traversal: '\\absolute\\pathname\\here'", + status: 'Draft', + }, + { + id: 'CWE-382', + name: 'J2EE Bad Practices: Use of System.exit()', + status: 'Draft', + }, + { + id: 'CWE-383', + name: 'J2EE Bad Practices: Direct Use of Threads', + status: 'Draft', + }, + { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, + { + id: 'CWE-386', + name: 'Symbolic Name not Mapping to Correct Object', + status: 'Draft', + }, + { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, + { + id: 'CWE-390', + name: 'Detection of Error Condition Without Action', + status: 'Draft', + }, + { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, + { + id: 'CWE-392', + name: 'Missing Report of Error Condition', + status: 'Draft', + }, + { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, + { + id: 'CWE-394', + name: 'Unexpected Status Code or Return Value', + status: 'Draft', + }, + { + id: 'CWE-395', + name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', + status: 'Draft', + }, + { + id: 'CWE-396', + name: 'Declaration of Catch for Generic Exception', + status: 'Draft', + }, + { + id: 'CWE-397', + name: 'Declaration of Throws for Generic Exception', + status: 'Draft', + }, + { id: 'CWE-398', name: 'Indicator of Poor Code Quality', status: 'Draft' }, + { + id: 'CWE-40', + name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", + status: 'Draft', + }, + { + id: 'CWE-400', + name: "Uncontrolled Resource Consumption ('Resource Exhaustion')", + status: 'Incomplete', + }, + { + id: 'CWE-401', + name: "Improper Release of Memory Before Removing Last Reference ('Memory Leak')", + status: 'Draft', + }, + { + id: 'CWE-402', + name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", + status: 'Draft', + }, + { + id: 'CWE-403', + name: "Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')", + status: 'Draft', + }, + { + id: 'CWE-404', + name: 'Improper Resource Shutdown or Release', + status: 'Draft', + }, + { + id: 'CWE-405', + name: 'Asymmetric Resource Consumption (Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-406', + name: 'Insufficient Control of Network Message Volume (Network Amplification)', + status: 'Incomplete', + }, + { id: 'CWE-407', name: 'Algorithmic Complexity', status: 'Incomplete' }, + { + id: 'CWE-408', + name: 'Incorrect Behavior Order: Early Amplification', + status: 'Draft', + }, + { + id: 'CWE-409', + name: 'Improper Handling of Highly Compressed Data (Data Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-41', + name: 'Improper Resolution of Path Equivalence', + status: 'Incomplete', + }, + { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, + { + id: 'CWE-412', + name: 'Unrestricted Externally Accessible Lock', + status: 'Incomplete', + }, + { id: 'CWE-413', name: 'Improper Resource Locking', status: 'Draft' }, + { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, + { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, + { id: 'CWE-416', name: 'Use After Free', status: 'Draft' }, + { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, + { + id: 'CWE-42', + name: "Path Equivalence: 'filename.' (Trailing Dot)", + status: 'Incomplete', + }, + { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, + { + id: 'CWE-421', + name: 'Race Condition During Access to Alternate Channel', + status: 'Draft', + }, + { + id: 'CWE-422', + name: "Unprotected Windows Messaging Channel ('Shatter')", + status: 'Draft', + }, + { + id: 'CWE-423', + name: 'DEPRECATED (Duplicate): Proxied Trusted Channel', + status: 'Deprecated', + }, + { + id: 'CWE-424', + name: 'Improper Protection of Alternate Path', + status: 'Draft', + }, + { + id: 'CWE-425', + name: "Direct Request ('Forced Browsing')", + status: 'Incomplete', + }, + { + id: 'CWE-427', + name: 'Uncontrolled Search Path Element', + status: 'Draft', + }, + { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, + { + id: 'CWE-43', + name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-430', + name: 'Deployment of Wrong Handler', + status: 'Incomplete', + }, + { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, + { + id: 'CWE-432', + name: 'Dangerous Signal Handler not Disabled During Sensitive Operations', + status: 'Draft', + }, + { + id: 'CWE-433', + name: 'Unparsed Raw Web Content Delivery', + status: 'Incomplete', + }, + { + id: 'CWE-434', + name: 'Unrestricted Upload of File with Dangerous Type', + status: 'Draft', + }, + { id: 'CWE-435', name: 'Interaction Error', status: 'Draft' }, + { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, + { + id: 'CWE-437', + name: 'Incomplete Model of Endpoint Features', + status: 'Incomplete', + }, + { + id: 'CWE-439', + name: 'Behavioral Change in New Version or Environment', + status: 'Draft', + }, + { + id: 'CWE-44', + name: "Path Equivalence: 'file.name' (Internal Dot)", + status: 'Incomplete', + }, + { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, + { + id: 'CWE-441', + name: "Unintended Proxy or Intermediary ('Confused Deputy')", + status: 'Draft', + }, + { + id: 'CWE-443', + name: 'DEPRECATED (Duplicate): HTTP response splitting', + status: 'Deprecated', + }, + { + id: 'CWE-444', + name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')", + status: 'Incomplete', + }, + { + id: 'CWE-446', + name: 'UI Discrepancy for Security Feature', + status: 'Incomplete', + }, + { + id: 'CWE-447', + name: 'Unimplemented or Unsupported Feature in UI', + status: 'Draft', + }, + { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, + { + id: 'CWE-449', + name: 'The UI Performs the Wrong Action', + status: 'Incomplete', + }, + { + id: 'CWE-45', + name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-450', + name: 'Multiple Interpretations of UI Input', + status: 'Draft', + }, + { + id: 'CWE-451', + name: 'User Interface (UI) Misrepresentation of Critical Information', + status: 'Draft', + }, + { + id: 'CWE-453', + name: 'Insecure Default Variable Initialization', + status: 'Draft', + }, + { + id: 'CWE-454', + name: 'External Initialization of Trusted Variables or Data Stores', + status: 'Draft', + }, + { + id: 'CWE-455', + name: 'Non-exit on Failed Initialization', + status: 'Draft', + }, + { + id: 'CWE-456', + name: 'Missing Initialization of a Variable', + status: 'Draft', + }, + { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, + { + id: 'CWE-458', + name: 'DEPRECATED: Incorrect Initialization', + status: 'Deprecated', + }, + { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, + { + id: 'CWE-46', + name: "Path Equivalence: 'filename ' (Trailing Space)", + status: 'Incomplete', + }, + { + id: 'CWE-460', + name: 'Improper Cleanup on Thrown Exception', + status: 'Draft', + }, + { + id: 'CWE-462', + name: 'Duplicate Key in Associative List (Alist)', + status: 'Incomplete', + }, + { + id: 'CWE-463', + name: 'Deletion of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-464', + name: 'Addition of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-466', + name: 'Return of Pointer Value Outside of Expected Range', + status: 'Draft', + }, + { + id: 'CWE-467', + name: 'Use of sizeof() on a Pointer Type', + status: 'Draft', + }, + { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, + { + id: 'CWE-469', + name: 'Use of Pointer Subtraction to Determine Size', + status: 'Draft', + }, + { + id: 'CWE-47', + name: "Path Equivalence: ' filename' (Leading Space)", + status: 'Incomplete', + }, + { + id: 'CWE-470', + name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", + status: 'Draft', + }, + { + id: 'CWE-471', + name: 'Modification of Assumed-Immutable Data (MAID)', + status: 'Draft', + }, + { + id: 'CWE-472', + name: 'External Control of Assumed-Immutable Web Parameter', + status: 'Draft', + }, + { + id: 'CWE-473', + name: 'PHP External Variable Modification', + status: 'Draft', + }, + { + id: 'CWE-474', + name: 'Use of Function with Inconsistent Implementations', + status: 'Draft', + }, + { + id: 'CWE-475', + name: 'Undefined Behavior for Input to API', + status: 'Incomplete', + }, + { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Draft' }, + { id: 'CWE-477', name: 'Use of Obsolete Functions', status: 'Draft' }, + { + id: 'CWE-478', + name: 'Missing Default Case in Switch Statement', + status: 'Draft', + }, + { + id: 'CWE-479', + name: 'Signal Handler Use of a Non-reentrant Function', + status: 'Draft', + }, + { + id: 'CWE-48', + name: "Path Equivalence: 'file name' (Internal Whitespace)", + status: 'Incomplete', + }, + { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, + { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, + { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, + { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, + { + id: 'CWE-484', + name: 'Omitted Break Statement in Switch', + status: 'Draft', + }, + { id: 'CWE-485', name: 'Insufficient Encapsulation', status: 'Draft' }, + { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, + { + id: 'CWE-487', + name: 'Reliance on Package-level Scope', + status: 'Incomplete', + }, + { + id: 'CWE-488', + name: 'Exposure of Data Element to Wrong Session', + status: 'Draft', + }, + { id: 'CWE-489', name: 'Leftover Debug Code', status: 'Draft' }, + { + id: 'CWE-49', + name: "Path Equivalence: 'filename/' (Trailing Slash)", + status: 'Incomplete', + }, + { + id: 'CWE-491', + name: "Public cloneable() Method Without Final ('Object Hijack')", + status: 'Draft', + }, + { + id: 'CWE-492', + name: 'Use of Inner Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-493', + name: 'Critical Public Variable Without Final Modifier', + status: 'Draft', + }, + { + id: 'CWE-494', + name: 'Download of Code Without Integrity Check', + status: 'Draft', + }, + { + id: 'CWE-495', + name: 'Private Array-Typed Field Returned From A Public Method', + status: 'Draft', + }, + { + id: 'CWE-496', + name: 'Public Data Assigned to Private Array-Typed Field', + status: 'Incomplete', + }, + { + id: 'CWE-497', + name: 'Exposure of System Data to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-498', + name: 'Cloneable Class Containing Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-499', + name: 'Serializable Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-5', + name: 'J2EE Misconfiguration: Data Transmission Without Encryption', + status: 'Draft', + }, + { + id: 'CWE-50', + name: "Path Equivalence: '//multiple/leading/slash'", + status: 'Incomplete', + }, + { + id: 'CWE-500', + name: 'Public Static Field Not Marked Final', + status: 'Draft', + }, + { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, + { + id: 'CWE-502', + name: 'Deserialization of Untrusted Data', + status: 'Draft', + }, + { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, + { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, + { + id: 'CWE-508', + name: 'Non-Replicating Malicious Code', + status: 'Incomplete', + }, + { + id: 'CWE-509', + name: 'Replicating Malicious Code (Virus or Worm)', + status: 'Incomplete', + }, + { + id: 'CWE-51', + name: "Path Equivalence: '/multiple//internal/slash'", + status: 'Incomplete', + }, + { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, + { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, + { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, + { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, + { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, + { + id: 'CWE-516', + name: 'DEPRECATED (Duplicate): Covert Timing Channel', + status: 'Deprecated', + }, + { + id: 'CWE-52', + name: "Path Equivalence: '/multiple/trailing/slash//'", + status: 'Incomplete', + }, + { + id: 'CWE-520', + name: '.NET Misconfiguration: Use of Impersonation', + status: 'Incomplete', + }, + { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, + { + id: 'CWE-522', + name: 'Insufficiently Protected Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-523', + name: 'Unprotected Transport of Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-524', + name: 'Information Exposure Through Caching', + status: 'Incomplete', + }, + { + id: 'CWE-525', + name: 'Information Exposure Through Browser Caching', + status: 'Incomplete', + }, + { + id: 'CWE-526', + name: 'Information Exposure Through Environmental Variables', + status: 'Incomplete', + }, + { + id: 'CWE-527', + name: 'Exposure of CVS Repository to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-528', + name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', + status: 'Draft', + }, + { + id: 'CWE-529', + name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-53', + name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", + status: 'Incomplete', + }, + { + id: 'CWE-530', + name: 'Exposure of Backup File to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-531', + name: 'Information Exposure Through Test Code', + status: 'Incomplete', + }, + { + id: 'CWE-532', + name: 'Information Exposure Through Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-533', + name: 'Information Exposure Through Server Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-534', + name: 'Information Exposure Through Debug Log Files', + status: 'Draft', + }, + { + id: 'CWE-535', + name: 'Information Exposure Through Shell Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-536', + name: 'Information Exposure Through Servlet Runtime Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-537', + name: 'Information Exposure Through Java Runtime Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-538', + name: 'File and Directory Information Exposure', + status: 'Draft', + }, + { + id: 'CWE-539', + name: 'Information Exposure Through Persistent Cookies', + status: 'Incomplete', + }, + { + id: 'CWE-54', + name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", + status: 'Incomplete', + }, + { + id: 'CWE-540', + name: 'Information Exposure Through Source Code', + status: 'Incomplete', + }, + { + id: 'CWE-541', + name: 'Information Exposure Through Include Source Code', + status: 'Incomplete', + }, + { + id: 'CWE-542', + name: 'Information Exposure Through Cleanup Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-543', + name: 'Use of Singleton Pattern Without Synchronization in a Multithreaded Context', + status: 'Incomplete', + }, + { + id: 'CWE-544', + name: 'Missing Standardized Error Handling Mechanism', + status: 'Draft', + }, + { + id: 'CWE-545', + name: 'Use of Dynamic Class Loading', + status: 'Incomplete', + }, + { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, + { + id: 'CWE-547', + name: 'Use of Hard-coded, Security-relevant Constants', + status: 'Draft', + }, + { + id: 'CWE-548', + name: 'Information Exposure Through Directory Listing', + status: 'Draft', + }, + { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, + { + id: 'CWE-55', + name: "Path Equivalence: '/./' (Single Dot Directory)", + status: 'Incomplete', + }, + { + id: 'CWE-550', + name: 'Information Exposure Through Server Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-551', + name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', + status: 'Incomplete', + }, + { + id: 'CWE-552', + name: 'Files or Directories Accessible to External Parties', + status: 'Draft', + }, + { + id: 'CWE-553', + name: 'Command Shell in Externally Accessible Directory', + status: 'Incomplete', + }, + { + id: 'CWE-554', + name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', + status: 'Draft', + }, + { + id: 'CWE-555', + name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-556', + name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', + status: 'Incomplete', + }, + { + id: 'CWE-558', + name: 'Use of getlogin() in Multithreaded Application', + status: 'Draft', + }, + { + id: 'CWE-56', + name: "Path Equivalence: 'filedir*' (Wildcard)", + status: 'Incomplete', + }, + { + id: 'CWE-560', + name: 'Use of umask() with chmod-style Argument', + status: 'Draft', + }, + { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, + { + id: 'CWE-562', + name: 'Return of Stack Variable Address', + status: 'Draft', + }, + { + id: 'CWE-563', + name: "Assignment to Variable without Use ('Unused Variable')", + status: 'Draft', + }, + { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, + { + id: 'CWE-565', + name: 'Reliance on Cookies without Validation and Integrity Checking', + status: 'Incomplete', + }, + { + id: 'CWE-566', + name: 'Authorization Bypass Through User-Controlled SQL Primary Key', + status: 'Incomplete', + }, + { + id: 'CWE-567', + name: 'Unsynchronized Access to Shared Data in a Multithreaded Context', + status: 'Draft', + }, + { + id: 'CWE-568', + name: 'finalize() Method Without super.finalize()', + status: 'Draft', + }, + { + id: 'CWE-57', + name: "Path Equivalence: 'fakedir/../realdir/filename'", + status: 'Incomplete', + }, + { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, + { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, + { + id: 'CWE-572', + name: 'Call to Thread run() instead of start()', + status: 'Draft', + }, + { + id: 'CWE-573', + name: 'Improper Following of Specification by Caller', + status: 'Draft', + }, + { + id: 'CWE-574', + name: 'EJB Bad Practices: Use of Synchronization Primitives', + status: 'Draft', + }, + { + id: 'CWE-575', + name: 'EJB Bad Practices: Use of AWT Swing', + status: 'Draft', + }, + { + id: 'CWE-576', + name: 'EJB Bad Practices: Use of Java I/O', + status: 'Draft', + }, + { + id: 'CWE-577', + name: 'EJB Bad Practices: Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-578', + name: 'EJB Bad Practices: Use of Class Loader', + status: 'Draft', + }, + { + id: 'CWE-579', + name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', + status: 'Draft', + }, + { + id: 'CWE-58', + name: 'Path Equivalence: Windows 8.3 Filename', + status: 'Incomplete', + }, + { + id: 'CWE-580', + name: 'clone() Method Without super.clone()', + status: 'Draft', + }, + { + id: 'CWE-581', + name: 'Object Model Violation: Just One of Equals and Hashcode Defined', + status: 'Draft', + }, + { + id: 'CWE-582', + name: 'Array Declared Public, Final, and Static', + status: 'Draft', + }, + { + id: 'CWE-583', + name: 'finalize() Method Declared Public', + status: 'Incomplete', + }, + { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, + { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, + { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, + { + id: 'CWE-587', + name: 'Assignment of a Fixed Address to a Pointer', + status: 'Draft', + }, + { + id: 'CWE-588', + name: 'Attempt to Access Child of a Non-structure Pointer', + status: 'Incomplete', + }, + { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, + { + id: 'CWE-59', + name: "Improper Link Resolution Before File Access ('Link Following')", + status: 'Draft', + }, + { + id: 'CWE-590', + name: 'Free of Memory not on the Heap', + status: 'Incomplete', + }, + { + id: 'CWE-591', + name: 'Sensitive Data Storage in Improperly Locked Memory', + status: 'Draft', + }, + { + id: 'CWE-592', + name: 'Authentication Bypass Issues', + status: 'Incomplete', + }, + { + id: 'CWE-593', + name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', + status: 'Draft', + }, + { + id: 'CWE-594', + name: 'J2EE Framework: Saving Unserializable Objects to Disk', + status: 'Incomplete', + }, + { + id: 'CWE-595', + name: 'Comparison of Object References Instead of Object Contents', + status: 'Incomplete', + }, + { + id: 'CWE-596', + name: 'Incorrect Semantic Object Comparison', + status: 'Incomplete', + }, + { + id: 'CWE-597', + name: 'Use of Wrong Operator in String Comparison', + status: 'Draft', + }, + { + id: 'CWE-598', + name: 'Information Exposure Through Query Strings in GET Request', + status: 'Draft', + }, + { + id: 'CWE-599', + name: 'Missing Validation of OpenSSL Certificate', + status: 'Incomplete', + }, + { + id: 'CWE-6', + name: 'J2EE Misconfiguration: Insufficient Session-ID Length', + status: 'Incomplete', + }, + { id: 'CWE-600', name: 'Uncaught Exception in Servlet ', status: 'Draft' }, + { + id: 'CWE-601', + name: "URL Redirection to Untrusted Site ('Open Redirect')", + status: 'Draft', + }, + { + id: 'CWE-602', + name: 'Client-Side Enforcement of Server-Side Security', + status: 'Draft', + }, + { + id: 'CWE-603', + name: 'Use of Client-Side Authentication', + status: 'Draft', + }, + { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, + { + id: 'CWE-606', + name: 'Unchecked Input for Loop Condition', + status: 'Draft', + }, + { + id: 'CWE-607', + name: 'Public Static Final Field References Mutable Object', + status: 'Draft', + }, + { + id: 'CWE-608', + name: 'Struts: Non-private Field in ActionForm Class', + status: 'Draft', + }, + { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, + { + id: 'CWE-610', + name: 'Externally Controlled Reference to a Resource in Another Sphere', + status: 'Draft', + }, + { + id: 'CWE-611', + name: "Improper Restriction of XML External Entity Reference ('XXE')", + status: 'Draft', + }, + { + id: 'CWE-612', + name: 'Information Exposure Through Indexing of Private Data', + status: 'Draft', + }, + { + id: 'CWE-613', + name: 'Insufficient Session Expiration', + status: 'Incomplete', + }, + { + id: 'CWE-614', + name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", + status: 'Draft', + }, + { + id: 'CWE-615', + name: 'Information Exposure Through Comments', + status: 'Incomplete', + }, + { + id: 'CWE-616', + name: 'Incomplete Identification of Uploaded File Variables (PHP)', + status: 'Incomplete', + }, + { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, + { + id: 'CWE-618', + name: 'Exposed Unsafe ActiveX Method', + status: 'Incomplete', + }, + { + id: 'CWE-619', + name: "Dangling Database Cursor ('Cursor Injection')", + status: 'Incomplete', + }, + { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, + { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, + { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, + { + id: 'CWE-622', + name: 'Improper Validation of Function Hook Arguments', + status: 'Draft', + }, + { + id: 'CWE-623', + name: 'Unsafe ActiveX Control Marked Safe For Scripting', + status: 'Draft', + }, + { + id: 'CWE-624', + name: 'Executable Regular Expression Error', + status: 'Incomplete', + }, + { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, + { + id: 'CWE-626', + name: 'Null Byte Interaction Error (Poison Null Byte)', + status: 'Draft', + }, + { + id: 'CWE-627', + name: 'Dynamic Variable Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-628', + name: 'Function Call with Incorrectly Specified Arguments', + status: 'Draft', + }, + { + id: 'CWE-636', + name: "Not Failing Securely ('Failing Open')", + status: 'Draft', + }, + { + id: 'CWE-637', + name: "Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')", + status: 'Draft', + }, + { id: 'CWE-638', name: 'Not Using Complete Mediation', status: 'Draft' }, + { + id: 'CWE-639', + name: 'Authorization Bypass Through User-Controlled Key', + status: 'Incomplete', + }, + { + id: 'CWE-64', + name: 'Windows Shortcut Following (.LNK)', + status: 'Incomplete', + }, + { + id: 'CWE-640', + name: 'Weak Password Recovery Mechanism for Forgotten Password', + status: 'Incomplete', + }, + { + id: 'CWE-641', + name: 'Improper Restriction of Names for Files and Other Resources', + status: 'Incomplete', + }, + { + id: 'CWE-642', + name: 'External Control of Critical State Data', + status: 'Draft', + }, + { + id: 'CWE-643', + name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-644', + name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', + status: 'Incomplete', + }, + { + id: 'CWE-645', + name: 'Overly Restrictive Account Lockout Mechanism', + status: 'Incomplete', + }, + { + id: 'CWE-646', + name: 'Reliance on File Name or Extension of Externally-Supplied File', + status: 'Incomplete', + }, + { + id: 'CWE-647', + name: 'Use of Non-Canonical URL Paths for Authorization Decisions', + status: 'Incomplete', + }, + { + id: 'CWE-648', + name: 'Incorrect Use of Privileged APIs', + status: 'Incomplete', + }, + { + id: 'CWE-649', + name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', + status: 'Incomplete', + }, + { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, + { + id: 'CWE-650', + name: 'Trusting HTTP Permission Methods on the Server Side', + status: 'Incomplete', + }, + { + id: 'CWE-651', + name: 'Information Exposure Through WSDL File', + status: 'Incomplete', + }, + { + id: 'CWE-652', + name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-653', + name: 'Insufficient Compartmentalization', + status: 'Draft', + }, + { + id: 'CWE-654', + name: 'Reliance on a Single Factor in a Security Decision', + status: 'Draft', + }, + { + id: 'CWE-655', + name: 'Insufficient Psychological Acceptability', + status: 'Draft', + }, + { + id: 'CWE-656', + name: 'Reliance on Security Through Obscurity', + status: 'Draft', + }, + { + id: 'CWE-657', + name: 'Violation of Secure Design Principles', + status: 'Draft', + }, + { + id: 'CWE-66', + name: 'Improper Handling of File Names that Identify Virtual Resources', + status: 'Draft', + }, + { id: 'CWE-662', name: 'Improper Synchronization', status: 'Draft' }, + { + id: 'CWE-663', + name: 'Use of a Non-reentrant Function in a Concurrent Context', + status: 'Draft', + }, + { + id: 'CWE-664', + name: 'Improper Control of a Resource Through its Lifetime', + status: 'Draft', + }, + { id: 'CWE-665', name: 'Improper Initialization', status: 'Draft' }, + { + id: 'CWE-666', + name: 'Operation on Resource in Wrong Phase of Lifetime', + status: 'Draft', + }, + { id: 'CWE-667', name: 'Improper Locking', status: 'Draft' }, + { + id: 'CWE-668', + name: 'Exposure of Resource to Wrong Sphere', + status: 'Draft', + }, + { + id: 'CWE-669', + name: 'Incorrect Resource Transfer Between Spheres', + status: 'Draft', + }, + { + id: 'CWE-67', + name: 'Improper Handling of Windows Device Names', + status: 'Incomplete', + }, + { + id: 'CWE-670', + name: 'Always-Incorrect Control Flow Implementation', + status: 'Draft', + }, + { + id: 'CWE-671', + name: 'Lack of Administrator Control over Security', + status: 'Draft', + }, + { + id: 'CWE-672', + name: 'Operation on a Resource after Expiration or Release', + status: 'Draft', + }, + { + id: 'CWE-673', + name: 'External Influence of Sphere Definition', + status: 'Draft', + }, + { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, + { + id: 'CWE-675', + name: 'Duplicate Operations on Resource', + status: 'Draft', + }, + { + id: 'CWE-676', + name: 'Use of Potentially Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-681', + name: 'Incorrect Conversion between Numeric Types', + status: 'Draft', + }, + { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, + { + id: 'CWE-683', + name: 'Function Call With Incorrect Order of Arguments', + status: 'Draft', + }, + { + id: 'CWE-684', + name: 'Incorrect Provision of Specified Functionality', + status: 'Draft', + }, + { + id: 'CWE-685', + name: 'Function Call With Incorrect Number of Arguments', + status: 'Draft', + }, + { + id: 'CWE-686', + name: 'Function Call With Incorrect Argument Type', + status: 'Draft', + }, + { + id: 'CWE-687', + name: 'Function Call With Incorrectly Specified Argument Value', + status: 'Draft', + }, + { + id: 'CWE-688', + name: 'Function Call With Incorrect Variable or Reference as Argument', + status: 'Draft', + }, + { + id: 'CWE-69', + name: 'Improper Handling of Windows ::DATA Alternate Data Stream', + status: 'Incomplete', + }, + { + id: 'CWE-691', + name: 'Insufficient Control Flow Management', + status: 'Draft', + }, + { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, + { + id: 'CWE-694', + name: 'Use of Multiple Resources with Duplicate Identifier', + status: 'Incomplete', + }, + { + id: 'CWE-695', + name: 'Use of Low-Level Functionality', + status: 'Incomplete', + }, + { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, + { id: 'CWE-697', name: 'Insufficient Comparison', status: 'Incomplete' }, + { + id: 'CWE-698', + name: 'Execution After Redirect (EAR)', + status: 'Incomplete', + }, + { + id: 'CWE-7', + name: 'J2EE Misconfiguration: Missing Custom Error Page', + status: 'Incomplete', + }, + { + id: 'CWE-703', + name: 'Improper Check or Handling of Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-704', + name: 'Incorrect Type Conversion or Cast', + status: 'Incomplete', + }, + { + id: 'CWE-705', + name: 'Incorrect Control Flow Scoping', + status: 'Incomplete', + }, + { + id: 'CWE-706', + name: 'Use of Incorrectly-Resolved Name or Reference', + status: 'Incomplete', + }, + { + id: 'CWE-707', + name: 'Improper Enforcement of Message or Data Structure', + status: 'Incomplete', + }, + { + id: 'CWE-708', + name: 'Incorrect Ownership Assignment', + status: 'Incomplete', + }, + { id: 'CWE-71', name: "Apple '.DS_Store'", status: 'Incomplete' }, + { id: 'CWE-710', name: 'Coding Standards Violation', status: 'Incomplete' }, + { + id: 'CWE-72', + name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', + status: 'Incomplete', + }, + { + id: 'CWE-73', + name: 'External Control of File Name or Path', + status: 'Draft', + }, + { + id: 'CWE-732', + name: 'Incorrect Permission Assignment for Critical Resource', + status: 'Draft', + }, + { + id: 'CWE-733', + name: 'Compiler Optimization Removal or Modification of Security-critical Code', + status: 'Incomplete', + }, + { + id: 'CWE-74', + name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-749', + name: 'Exposed Dangerous Method or Function', + status: 'Incomplete', + }, + { + id: 'CWE-75', + name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', + status: 'Draft', + }, + { + id: 'CWE-754', + name: 'Improper Check for Unusual or Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-755', + name: 'Improper Handling of Exceptional Conditions', + status: 'Incomplete', + }, + { id: 'CWE-756', name: 'Missing Custom Error Page', status: 'Incomplete' }, + { + id: 'CWE-757', + name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", + status: 'Incomplete', + }, + { + id: 'CWE-758', + name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', + status: 'Incomplete', + }, + { + id: 'CWE-759', + name: 'Use of a One-Way Hash without a Salt', + status: 'Incomplete', + }, + { + id: 'CWE-76', + name: 'Improper Neutralization of Equivalent Special Elements', + status: 'Draft', + }, + { + id: 'CWE-760', + name: 'Use of a One-Way Hash with a Predictable Salt', + status: 'Incomplete', + }, + { + id: 'CWE-761', + name: 'Free of Pointer not at Start of Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-762', + name: 'Mismatched Memory Management Routines', + status: 'Incomplete', + }, + { + id: 'CWE-763', + name: 'Release of Invalid Pointer or Reference', + status: 'Incomplete', + }, + { + id: 'CWE-764', + name: 'Multiple Locks of a Critical Resource', + status: 'Incomplete', + }, + { + id: 'CWE-765', + name: 'Multiple Unlocks of a Critical Resource', + status: 'Incomplete', + }, + { + id: 'CWE-766', + name: 'Critical Variable Declared Public', + status: 'Incomplete', + }, + { + id: 'CWE-767', + name: 'Access to Critical Private Variable via Public Method', + status: 'Incomplete', + }, + { + id: 'CWE-768', + name: 'Incorrect Short Circuit Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-77', + name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", + status: 'Draft', + }, + { + id: 'CWE-770', + name: 'Allocation of Resources Without Limits or Throttling', + status: 'Incomplete', + }, + { + id: 'CWE-771', + name: 'Missing Reference to Active Allocated Resource', + status: 'Incomplete', + }, + { + id: 'CWE-772', + name: 'Missing Release of Resource after Effective Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-773', + name: 'Missing Reference to Active File Descriptor or Handle', + status: 'Incomplete', + }, + { + id: 'CWE-774', + name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', + status: 'Incomplete', + }, + { + id: 'CWE-775', + name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-776', + name: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", + status: 'Draft', + }, + { + id: 'CWE-777', + name: 'Regular Expression without Anchors', + status: 'Incomplete', + }, + { id: 'CWE-778', name: 'Insufficient Logging', status: 'Draft' }, + { id: 'CWE-779', name: 'Logging of Excessive Data', status: 'Draft' }, + { + id: 'CWE-78', + name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", + status: 'Draft', + }, + { + id: 'CWE-780', + name: 'Use of RSA Algorithm without OAEP', + status: 'Incomplete', + }, + { + id: 'CWE-781', + name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', + status: 'Draft', + }, + { + id: 'CWE-782', + name: 'Exposed IOCTL with Insufficient Access Control', + status: 'Draft', + }, + { id: 'CWE-783', name: 'Operator Precedence Logic Error', status: 'Draft' }, + { + id: 'CWE-784', + name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', + status: 'Draft', + }, + { + id: 'CWE-785', + name: 'Use of Path Manipulation Function without Maximum-sized Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-786', + name: 'Access of Memory Location Before Start of Buffer', + status: 'Incomplete', + }, + { id: 'CWE-787', name: 'Out-of-bounds Write', status: 'Incomplete' }, + { + id: 'CWE-788', + name: 'Access of Memory Location After End of Buffer', + status: 'Incomplete', + }, + { id: 'CWE-789', name: 'Uncontrolled Memory Allocation', status: 'Draft' }, + { + id: 'CWE-79', + name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + status: 'Usable', + }, + { + id: 'CWE-790', + name: 'Improper Filtering of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-791', + name: 'Incomplete Filtering of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-792', + name: 'Incomplete Filtering of One or More Instances of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-793', + name: 'Only Filtering One Instance of a Special Element', + status: 'Incomplete', + }, + { + id: 'CWE-794', + name: 'Incomplete Filtering of Multiple Instances of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-795', + name: 'Only Filtering Special Elements at a Specified Location', + status: 'Incomplete', + }, + { + id: 'CWE-796', + name: 'Only Filtering Special Elements Relative to a Marker', + status: 'Incomplete', + }, + { + id: 'CWE-797', + name: 'Only Filtering Special Elements at an Absolute Position', + status: 'Incomplete', + }, + { + id: 'CWE-798', + name: 'Use of Hard-coded Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-799', + name: 'Improper Control of Interaction Frequency', + status: 'Incomplete', + }, + { + id: 'CWE-8', + name: 'J2EE Misconfiguration: Entity Bean Declared Remote', + status: 'Incomplete', + }, + { + id: 'CWE-80', + name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', + status: 'Incomplete', + }, + { id: 'CWE-804', name: 'Guessable CAPTCHA', status: 'Incomplete' }, + { + id: 'CWE-805', + name: 'Buffer Access with Incorrect Length Value', + status: 'Incomplete', + }, + { + id: 'CWE-806', + name: 'Buffer Access Using Size of Source Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-807', + name: 'Reliance on Untrusted Inputs in a Security Decision', + status: 'Incomplete', + }, + { + id: 'CWE-81', + name: 'Improper Neutralization of Script in an Error Message Web Page', + status: 'Incomplete', + }, + { + id: 'CWE-82', + name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', + status: 'Incomplete', + }, + { id: 'CWE-820', name: 'Missing Synchronization', status: 'Incomplete' }, + { id: 'CWE-821', name: 'Incorrect Synchronization', status: 'Incomplete' }, + { + id: 'CWE-822', + name: 'Untrusted Pointer Dereference', + status: 'Incomplete', + }, + { + id: 'CWE-823', + name: 'Use of Out-of-range Pointer Offset', + status: 'Incomplete', + }, + { + id: 'CWE-824', + name: 'Access of Uninitialized Pointer', + status: 'Incomplete', + }, + { + id: 'CWE-825', + name: 'Expired Pointer Dereference', + status: 'Incomplete', + }, + { + id: 'CWE-826', + name: 'Premature Release of Resource During Expected Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-827', + name: 'Improper Control of Document Type Definition', + status: 'Incomplete', + }, + { + id: 'CWE-828', + name: 'Signal Handler with Functionality that is not Asynchronous-Safe', + status: 'Incomplete', + }, + { + id: 'CWE-829', + name: 'Inclusion of Functionality from Untrusted Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-83', + name: 'Improper Neutralization of Script in Attributes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-830', + name: 'Inclusion of Web Functionality from an Untrusted Source', + status: 'Incomplete', + }, + { + id: 'CWE-831', + name: 'Signal Handler Function Associated with Multiple Signals', + status: 'Incomplete', + }, + { + id: 'CWE-832', + name: 'Unlock of a Resource that is not Locked', + status: 'Incomplete', + }, + { id: 'CWE-833', name: 'Deadlock', status: 'Incomplete' }, + { id: 'CWE-834', name: 'Excessive Iteration', status: 'Incomplete' }, + { + id: 'CWE-835', + name: "Loop with Unreachable Exit Condition ('Infinite Loop')", + status: 'Incomplete', + }, + { + id: 'CWE-836', + name: 'Use of Password Hash Instead of Password for Authentication', + status: 'Incomplete', + }, + { + id: 'CWE-837', + name: 'Improper Enforcement of a Single, Unique Action', + status: 'Incomplete', + }, + { + id: 'CWE-838', + name: 'Inappropriate Encoding for Output Context', + status: 'Incomplete', + }, + { + id: 'CWE-839', + name: 'Numeric Range Comparison Without Minimum Check', + status: 'Incomplete', + }, + { + id: 'CWE-84', + name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-841', + name: 'Improper Enforcement of Behavioral Workflow', + status: 'Incomplete', + }, + { + id: 'CWE-842', + name: 'Placement of User into Incorrect Group', + status: 'Incomplete', + }, + { + id: 'CWE-843', + name: "Access of Resource Using Incompatible Type ('Type Confusion')", + status: 'Incomplete', + }, + { + id: 'CWE-85', + name: 'Doubled Character XSS Manipulations', + status: 'Draft', + }, + { + id: 'CWE-86', + name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', + status: 'Draft', + }, + { id: 'CWE-862', name: 'Missing Authorization', status: 'Incomplete' }, + { id: 'CWE-863', name: 'Incorrect Authorization', status: 'Incomplete' }, + { + id: 'CWE-87', + name: 'Improper Neutralization of Alternate XSS Syntax', + status: 'Draft', + }, + { + id: 'CWE-88', + name: 'Argument Injection or Modification', + status: 'Draft', + }, + { + id: 'CWE-89', + name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + status: 'Draft', + }, + { + id: 'CWE-9', + name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', + status: 'Draft', + }, + { + id: 'CWE-90', + name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", + status: 'Draft', + }, + { + id: 'CWE-908', + name: 'Use of Uninitialized Resource', + status: 'Incomplete', + }, + { + id: 'CWE-909', + name: 'Missing Initialization of Resource', + status: 'Incomplete', + }, + { + id: 'CWE-91', + name: 'XML Injection (aka Blind XPath Injection)', + status: 'Draft', + }, + { + id: 'CWE-910', + name: 'Use of Expired File Descriptor', + status: 'Incomplete', + }, + { + id: 'CWE-911', + name: 'Improper Update of Reference Count', + status: 'Incomplete', + }, + { id: 'CWE-912', name: 'Hidden Functionality', status: 'Incomplete' }, + { + id: 'CWE-913', + name: 'Improper Control of Dynamically-Managed Code Resources', + status: 'Incomplete', + }, + { + id: 'CWE-914', + name: 'Improper Control of Dynamically-Identified Variables', + status: 'Incomplete', + }, + { + id: 'CWE-915', + name: 'Improperly Controlled Modification of Dynamically-Determined Object Attributes', + status: 'Incomplete', + }, + { + id: 'CWE-916', + name: 'Use of Password Hash With Insufficient Computational Effort', + status: 'Incomplete', + }, + { + id: 'CWE-917', + name: "Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-918', + name: 'Server-Side Request Forgery (SSRF)', + status: 'Incomplete', + }, + { + id: 'CWE-92', + name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', + status: 'Deprecated', + }, + { + id: 'CWE-920', + name: 'Improper Restriction of Power Consumption', + status: 'Incomplete', + }, + { + id: 'CWE-921', + name: 'Storage of Sensitive Data in a Mechanism without Access Control', + status: 'Incomplete', + }, + { + id: 'CWE-922', + name: 'Insecure Storage of Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-923', + name: 'Improper Restriction of Communication Channel to Intended Endpoints', + status: 'Incomplete', + }, + { + id: 'CWE-924', + name: 'Improper Enforcement of Message Integrity During Transmission in a Communication Channel', + status: 'Incomplete', + }, + { + id: 'CWE-925', + name: 'Improper Verification of Intent by Broadcast Receiver', + status: 'Incomplete', + }, + { + id: 'CWE-926', + name: 'Improper Export of Android Application Components', + status: 'Incomplete', + }, + { + id: 'CWE-927', + name: 'Use of Implicit Intent for Sensitive Communication', + status: 'Incomplete', + }, + { + id: 'CWE-93', + name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", + status: 'Draft', + }, + { + id: 'CWE-939', + name: 'Improper Authorization in Handler for Custom URL Scheme', + status: 'Incomplete', + }, + { + id: 'CWE-94', + name: "Improper Control of Generation of Code ('Code Injection')", + status: 'Draft', + }, + { + id: 'CWE-940', + name: 'Improper Verification of Source of a Communication Channel', + status: 'Incomplete', + }, + { + id: 'CWE-941', + name: 'Incorrectly Specified Destination in a Communication Channel', + status: 'Incomplete', + }, + { + id: 'CWE-942', + name: 'Overly Permissive Cross-domain Whitelist', + status: 'Incomplete', + }, + { + id: 'CWE-943', + name: 'Improper Neutralization of Special Elements in Data Query Logic', + status: 'Incomplete', + }, + { + id: 'CWE-95', + name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-96', + name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", + status: 'Draft', + }, + { + id: 'CWE-97', + name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', + status: 'Draft', + }, + { + id: 'CWE-98', + name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", + status: 'Draft', + }, + { + id: 'CWE-99', + name: "Improper Control of Resource Identifiers ('Resource Injection')", + status: 'Draft', + }, + ], +} diff --git a/lib/cwec/2.8.js b/lib/cwec/2.8.js new file mode 100644 index 00000000..731d71d6 --- /dev/null +++ b/lib/cwec/2.8.js @@ -0,0 +1,2999 @@ +export default { + weaknesses: [ + { + id: 'CWE-102', + name: 'Struts: Duplicate Validation Forms', + status: 'Incomplete', + }, + { + id: 'CWE-103', + name: 'Struts: Incomplete validate() Method Definition', + status: 'Draft', + }, + { + id: 'CWE-104', + name: 'Struts: Form Bean Does Not Extend Validation Class', + status: 'Draft', + }, + { + id: 'CWE-105', + name: 'Struts: Form Field Without Validator', + status: 'Draft', + }, + { + id: 'CWE-106', + name: 'Struts: Plug-in Framework not in Use', + status: 'Draft', + }, + { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, + { + id: 'CWE-108', + name: 'Struts: Unvalidated Action Form', + status: 'Incomplete', + }, + { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, + { + id: 'CWE-11', + name: 'ASP.NET Misconfiguration: Creating Debug Binary', + status: 'Draft', + }, + { + id: 'CWE-110', + name: 'Struts: Validator Without Form Field', + status: 'Draft', + }, + { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, + { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, + { + id: 'CWE-113', + name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')", + status: 'Incomplete', + }, + { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, + { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, + { + id: 'CWE-116', + name: 'Improper Encoding or Escaping of Output', + status: 'Draft', + }, + { + id: 'CWE-117', + name: 'Improper Output Neutralization for Logs', + status: 'Draft', + }, + { + id: 'CWE-118', + name: "Improper Access of Indexable Resource ('Range Error')", + status: 'Incomplete', + }, + { + id: 'CWE-119', + name: 'Improper Restriction of Operations within the Bounds of a Memory Buffer', + status: 'Usable', + }, + { + id: 'CWE-12', + name: 'ASP.NET Misconfiguration: Missing Custom Error Page', + status: 'Draft', + }, + { + id: 'CWE-120', + name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", + status: 'Incomplete', + }, + { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, + { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, + { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, + { + id: 'CWE-124', + name: "Buffer Underwrite ('Buffer Underflow')", + status: 'Incomplete', + }, + { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, + { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, + { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, + { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, + { + id: 'CWE-129', + name: 'Improper Validation of Array Index', + status: 'Draft', + }, + { + id: 'CWE-13', + name: 'ASP.NET Misconfiguration: Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-130', + name: 'Improper Handling of Length Parameter Inconsistency ', + status: 'Incomplete', + }, + { + id: 'CWE-131', + name: 'Incorrect Calculation of Buffer Size', + status: 'Draft', + }, + { + id: 'CWE-132', + name: 'DEPRECATED (Duplicate): Miscalculated Null Termination', + status: 'Deprecated', + }, + { id: 'CWE-134', name: 'Uncontrolled Format String', status: 'Draft' }, + { + id: 'CWE-135', + name: 'Incorrect Calculation of Multi-Byte String Length', + status: 'Draft', + }, + { + id: 'CWE-138', + name: 'Improper Neutralization of Special Elements', + status: 'Draft', + }, + { + id: 'CWE-14', + name: 'Compiler Removal of Code to Clear Buffers', + status: 'Draft', + }, + { + id: 'CWE-140', + name: 'Improper Neutralization of Delimiters', + status: 'Draft', + }, + { + id: 'CWE-141', + name: 'Improper Neutralization of Parameter/Argument Delimiters', + status: 'Draft', + }, + { + id: 'CWE-142', + name: 'Improper Neutralization of Value Delimiters', + status: 'Draft', + }, + { + id: 'CWE-143', + name: 'Improper Neutralization of Record Delimiters', + status: 'Draft', + }, + { + id: 'CWE-144', + name: 'Improper Neutralization of Line Delimiters', + status: 'Draft', + }, + { + id: 'CWE-145', + name: 'Improper Neutralization of Section Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-146', + name: 'Improper Neutralization of Expression/Command Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-147', + name: 'Improper Neutralization of Input Terminators', + status: 'Draft', + }, + { + id: 'CWE-148', + name: 'Improper Neutralization of Input Leaders', + status: 'Draft', + }, + { + id: 'CWE-149', + name: 'Improper Neutralization of Quoting Syntax', + status: 'Draft', + }, + { + id: 'CWE-15', + name: 'External Control of System or Configuration Setting', + status: 'Incomplete', + }, + { + id: 'CWE-150', + name: 'Improper Neutralization of Escape, Meta, or Control Sequences', + status: 'Incomplete', + }, + { + id: 'CWE-151', + name: 'Improper Neutralization of Comment Delimiters', + status: 'Draft', + }, + { + id: 'CWE-152', + name: 'Improper Neutralization of Macro Symbols', + status: 'Draft', + }, + { + id: 'CWE-153', + name: 'Improper Neutralization of Substitution Characters', + status: 'Draft', + }, + { + id: 'CWE-154', + name: 'Improper Neutralization of Variable Name Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-155', + name: 'Improper Neutralization of Wildcards or Matching Symbols', + status: 'Draft', + }, + { + id: 'CWE-156', + name: 'Improper Neutralization of Whitespace', + status: 'Draft', + }, + { + id: 'CWE-157', + name: 'Failure to Sanitize Paired Delimiters', + status: 'Draft', + }, + { + id: 'CWE-158', + name: 'Improper Neutralization of Null Byte or NUL Character', + status: 'Incomplete', + }, + { + id: 'CWE-159', + name: 'Failure to Sanitize Special Element', + status: 'Draft', + }, + { + id: 'CWE-160', + name: 'Improper Neutralization of Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-161', + name: 'Improper Neutralization of Multiple Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-162', + name: 'Improper Neutralization of Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-163', + name: 'Improper Neutralization of Multiple Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-164', + name: 'Improper Neutralization of Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-165', + name: 'Improper Neutralization of Multiple Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-166', + name: 'Improper Handling of Missing Special Element', + status: 'Draft', + }, + { + id: 'CWE-167', + name: 'Improper Handling of Additional Special Element', + status: 'Draft', + }, + { + id: 'CWE-168', + name: 'Improper Handling of Inconsistent Special Elements', + status: 'Draft', + }, + { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, + { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, + { + id: 'CWE-173', + name: 'Improper Handling of Alternate Encoding', + status: 'Draft', + }, + { + id: 'CWE-174', + name: 'Double Decoding of the Same Data', + status: 'Draft', + }, + { + id: 'CWE-175', + name: 'Improper Handling of Mixed Encoding', + status: 'Draft', + }, + { + id: 'CWE-176', + name: 'Improper Handling of Unicode Encoding', + status: 'Draft', + }, + { + id: 'CWE-177', + name: 'Improper Handling of URL Encoding (Hex Encoding)', + status: 'Draft', + }, + { + id: 'CWE-178', + name: 'Improper Handling of Case Sensitivity', + status: 'Incomplete', + }, + { + id: 'CWE-179', + name: 'Incorrect Behavior Order: Early Validation', + status: 'Incomplete', + }, + { + id: 'CWE-180', + name: 'Incorrect Behavior Order: Validate Before Canonicalize', + status: 'Draft', + }, + { + id: 'CWE-181', + name: 'Incorrect Behavior Order: Validate Before Filter', + status: 'Draft', + }, + { + id: 'CWE-182', + name: 'Collapse of Data into Unsafe Value', + status: 'Draft', + }, + { id: 'CWE-183', name: 'Permissive Whitelist', status: 'Draft' }, + { id: 'CWE-184', name: 'Incomplete Blacklist', status: 'Draft' }, + { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, + { + id: 'CWE-186', + name: 'Overly Restrictive Regular Expression', + status: 'Draft', + }, + { id: 'CWE-187', name: 'Partial Comparison', status: 'Incomplete' }, + { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, + { + id: 'CWE-190', + name: 'Integer Overflow or Wraparound', + status: 'Incomplete', + }, + { + id: 'CWE-191', + name: 'Integer Underflow (Wrap or Wraparound)', + status: 'Draft', + }, + { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, + { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, + { + id: 'CWE-195', + name: 'Signed to Unsigned Conversion Error', + status: 'Draft', + }, + { + id: 'CWE-196', + name: 'Unsigned to Signed Conversion Error', + status: 'Draft', + }, + { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, + { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, + { id: 'CWE-20', name: 'Improper Input Validation', status: 'Usable' }, + { id: 'CWE-200', name: 'Information Exposure', status: 'Incomplete' }, + { + id: 'CWE-201', + name: 'Information Exposure Through Sent Data', + status: 'Draft', + }, + { + id: 'CWE-202', + name: 'Exposure of Sensitive Data Through Data Queries', + status: 'Draft', + }, + { + id: 'CWE-203', + name: 'Information Exposure Through Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-204', + name: 'Response Discrepancy Information Exposure', + status: 'Incomplete', + }, + { + id: 'CWE-205', + name: 'Information Exposure Through Behavioral Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-206', + name: 'Information Exposure of Internal State Through Behavioral Inconsistency', + status: 'Incomplete', + }, + { + id: 'CWE-207', + name: 'Information Exposure Through an External Behavioral Inconsistency', + status: 'Draft', + }, + { + id: 'CWE-208', + name: 'Information Exposure Through Timing Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-209', + name: 'Information Exposure Through an Error Message', + status: 'Draft', + }, + { + id: 'CWE-210', + name: 'Information Exposure Through Self-generated Error Message', + status: 'Draft', + }, + { + id: 'CWE-211', + name: 'Information Exposure Through Externally-generated Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-212', + name: 'Improper Cross-boundary Removal of Sensitive Data', + status: 'Incomplete', + }, + { + id: 'CWE-213', + name: 'Intentional Information Exposure', + status: 'Draft', + }, + { + id: 'CWE-214', + name: 'Information Exposure Through Process Environment', + status: 'Incomplete', + }, + { + id: 'CWE-215', + name: 'Information Exposure Through Debug Information', + status: 'Draft', + }, + { + id: 'CWE-216', + name: 'Containment Errors (Container Errors)', + status: 'Incomplete', + }, + { + id: 'CWE-217', + name: 'DEPRECATED: Failure to Protect Stored Data from Modification', + status: 'Deprecated', + }, + { + id: 'CWE-218', + name: 'DEPRECATED (Duplicate): Failure to provide confidentiality for stored data', + status: 'Deprecated', + }, + { id: 'CWE-219', name: 'Sensitive Data Under Web Root', status: 'Draft' }, + { + id: 'CWE-22', + name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + status: 'Draft', + }, + { id: 'CWE-220', name: 'Sensitive Data Under FTP Root', status: 'Draft' }, + { + id: 'CWE-221', + name: 'Information Loss or Omission', + status: 'Incomplete', + }, + { + id: 'CWE-222', + name: 'Truncation of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-223', + name: 'Omission of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-224', + name: 'Obscured Security-relevant Information by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-225', + name: 'DEPRECATED (Duplicate): General Information Management Problems', + status: 'Deprecated', + }, + { + id: 'CWE-226', + name: 'Sensitive Information Uncleared Before Release', + status: 'Draft', + }, + { + id: 'CWE-227', + name: "Improper Fulfillment of API Contract ('API Abuse')", + status: 'Draft', + }, + { + id: 'CWE-228', + name: 'Improper Handling of Syntactically Invalid Structure', + status: 'Incomplete', + }, + { + id: 'CWE-229', + name: 'Improper Handling of Values', + status: 'Incomplete', + }, + { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, + { + id: 'CWE-230', + name: 'Improper Handling of Missing Values', + status: 'Draft', + }, + { + id: 'CWE-231', + name: 'Improper Handling of Extra Values', + status: 'Draft', + }, + { + id: 'CWE-232', + name: 'Improper Handling of Undefined Values', + status: 'Draft', + }, + { + id: 'CWE-233', + name: 'Improper Handling of Parameters', + status: 'Incomplete', + }, + { + id: 'CWE-234', + name: 'Failure to Handle Missing Parameter', + status: 'Incomplete', + }, + { + id: 'CWE-235', + name: 'Improper Handling of Extra Parameters', + status: 'Draft', + }, + { + id: 'CWE-236', + name: 'Improper Handling of Undefined Parameters', + status: 'Draft', + }, + { + id: 'CWE-237', + name: 'Improper Handling of Structural Elements', + status: 'Incomplete', + }, + { + id: 'CWE-238', + name: 'Improper Handling of Incomplete Structural Elements', + status: 'Draft', + }, + { + id: 'CWE-239', + name: 'Failure to Handle Incomplete Element', + status: 'Draft', + }, + { + id: 'CWE-24', + name: "Path Traversal: '../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-240', + name: 'Improper Handling of Inconsistent Structural Elements', + status: 'Draft', + }, + { + id: 'CWE-241', + name: 'Improper Handling of Unexpected Data Type', + status: 'Draft', + }, + { + id: 'CWE-242', + name: 'Use of Inherently Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-243', + name: 'Creation of chroot Jail Without Changing Working Directory', + status: 'Draft', + }, + { + id: 'CWE-244', + name: "Improper Clearing of Heap Memory Before Release ('Heap Inspection')", + status: 'Draft', + }, + { + id: 'CWE-245', + name: 'J2EE Bad Practices: Direct Management of Connections', + status: 'Draft', + }, + { + id: 'CWE-246', + name: 'J2EE Bad Practices: Direct Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-247', + name: 'DEPRECATED (Duplicate): Reliance on DNS Lookups in a Security Decision', + status: 'Deprecated', + }, + { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, + { + id: 'CWE-249', + name: 'DEPRECATED: Often Misused: Path Manipulation', + status: 'Deprecated', + }, + { + id: 'CWE-25', + name: "Path Traversal: '/../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-250', + name: 'Execution with Unnecessary Privileges', + status: 'Draft', + }, + { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, + { + id: 'CWE-253', + name: 'Incorrect Check of Function Return Value', + status: 'Incomplete', + }, + { + id: 'CWE-256', + name: 'Plaintext Storage of a Password', + status: 'Incomplete', + }, + { + id: 'CWE-257', + name: 'Storing Passwords in a Recoverable Format', + status: 'Incomplete', + }, + { + id: 'CWE-258', + name: 'Empty Password in Configuration File', + status: 'Incomplete', + }, + { id: 'CWE-259', name: 'Use of Hard-coded Password', status: 'Draft' }, + { + id: 'CWE-26', + name: "Path Traversal: '/dir/../filename'", + status: 'Draft', + }, + { + id: 'CWE-260', + name: 'Password in Configuration File', + status: 'Incomplete', + }, + { + id: 'CWE-261', + name: 'Weak Cryptography for Passwords', + status: 'Incomplete', + }, + { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, + { + id: 'CWE-263', + name: 'Password Aging with Long Expiration', + status: 'Draft', + }, + { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, + { + id: 'CWE-267', + name: 'Privilege Defined With Unsafe Actions', + status: 'Incomplete', + }, + { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, + { + id: 'CWE-269', + name: 'Improper Privilege Management', + status: 'Incomplete', + }, + { + id: 'CWE-27', + name: "Path Traversal: 'dir/../../filename'", + status: 'Draft', + }, + { + id: 'CWE-270', + name: 'Privilege Context Switching Error', + status: 'Draft', + }, + { + id: 'CWE-271', + name: 'Privilege Dropping / Lowering Errors', + status: 'Incomplete', + }, + { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, + { + id: 'CWE-273', + name: 'Improper Check for Dropped Privileges', + status: 'Incomplete', + }, + { + id: 'CWE-274', + name: 'Improper Handling of Insufficient Privileges', + status: 'Draft', + }, + { id: 'CWE-276', name: 'Incorrect Default Permissions', status: 'Draft' }, + { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, + { + id: 'CWE-278', + name: 'Insecure Preserved Inherited Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-279', + name: 'Incorrect Execution-Assigned Permissions', + status: 'Draft', + }, + { + id: 'CWE-28', + name: "Path Traversal: '..\\filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-280', + name: 'Improper Handling of Insufficient Permissions or Privileges ', + status: 'Draft', + }, + { + id: 'CWE-281', + name: 'Improper Preservation of Permissions', + status: 'Draft', + }, + { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, + { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, + { id: 'CWE-284', name: 'Improper Access Control', status: 'Incomplete' }, + { id: 'CWE-285', name: 'Improper Authorization', status: 'Draft' }, + { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, + { id: 'CWE-287', name: 'Improper Authentication', status: 'Draft' }, + { + id: 'CWE-288', + name: 'Authentication Bypass Using an Alternate Path or Channel', + status: 'Incomplete', + }, + { + id: 'CWE-289', + name: 'Authentication Bypass by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-29', + name: "Path Traversal: '\\..\\filename'", + status: 'Incomplete', + }, + { + id: 'CWE-290', + name: 'Authentication Bypass by Spoofing', + status: 'Incomplete', + }, + { + id: 'CWE-291', + name: 'Reliance on IP Address for Authentication', + status: 'Incomplete', + }, + { + id: 'CWE-292', + name: 'DEPRECATED (Duplicate): Trusting Self-reported DNS Name', + status: 'Deprecated', + }, + { + id: 'CWE-293', + name: 'Using Referer Field for Authentication', + status: 'Draft', + }, + { + id: 'CWE-294', + name: 'Authentication Bypass by Capture-replay', + status: 'Incomplete', + }, + { + id: 'CWE-295', + name: 'Improper Certificate Validation', + status: 'Incomplete', + }, + { + id: 'CWE-296', + name: "Improper Following of a Certificate's Chain of Trust", + status: 'Draft', + }, + { + id: 'CWE-297', + name: 'Improper Validation of Certificate with Host Mismatch', + status: 'Incomplete', + }, + { + id: 'CWE-298', + name: 'Improper Validation of Certificate Expiration', + status: 'Draft', + }, + { + id: 'CWE-299', + name: 'Improper Check for Certificate Revocation', + status: 'Draft', + }, + { + id: 'CWE-30', + name: "Path Traversal: '\\dir\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-300', + name: "Channel Accessible by Non-Endpoint ('Man-in-the-Middle')", + status: 'Draft', + }, + { + id: 'CWE-301', + name: 'Reflection Attack in an Authentication Protocol', + status: 'Draft', + }, + { + id: 'CWE-302', + name: 'Authentication Bypass by Assumed-Immutable Data', + status: 'Incomplete', + }, + { + id: 'CWE-303', + name: 'Incorrect Implementation of Authentication Algorithm', + status: 'Draft', + }, + { + id: 'CWE-304', + name: 'Missing Critical Step in Authentication', + status: 'Draft', + }, + { + id: 'CWE-305', + name: 'Authentication Bypass by Primary Weakness', + status: 'Draft', + }, + { + id: 'CWE-306', + name: 'Missing Authentication for Critical Function', + status: 'Draft', + }, + { + id: 'CWE-307', + name: 'Improper Restriction of Excessive Authentication Attempts', + status: 'Draft', + }, + { + id: 'CWE-308', + name: 'Use of Single-factor Authentication', + status: 'Draft', + }, + { + id: 'CWE-309', + name: 'Use of Password System for Primary Authentication', + status: 'Draft', + }, + { + id: 'CWE-31', + name: "Path Traversal: 'dir\\..\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-311', + name: 'Missing Encryption of Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-312', + name: 'Cleartext Storage of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-313', + name: 'Cleartext Storage in a File or on Disk', + status: 'Draft', + }, + { + id: 'CWE-314', + name: 'Cleartext Storage in the Registry', + status: 'Draft', + }, + { + id: 'CWE-315', + name: 'Cleartext Storage of Sensitive Information in a Cookie', + status: 'Draft', + }, + { + id: 'CWE-316', + name: 'Cleartext Storage of Sensitive Information in Memory', + status: 'Draft', + }, + { + id: 'CWE-317', + name: 'Cleartext Storage of Sensitive Information in GUI', + status: 'Draft', + }, + { + id: 'CWE-318', + name: 'Cleartext Storage of Sensitive Information in Executable', + status: 'Draft', + }, + { + id: 'CWE-319', + name: 'Cleartext Transmission of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-32', + name: "Path Traversal: '...' (Triple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-321', + name: 'Use of Hard-coded Cryptographic Key', + status: 'Draft', + }, + { + id: 'CWE-322', + name: 'Key Exchange without Entity Authentication', + status: 'Draft', + }, + { + id: 'CWE-323', + name: 'Reusing a Nonce, Key Pair in Encryption', + status: 'Incomplete', + }, + { + id: 'CWE-324', + name: 'Use of a Key Past its Expiration Date', + status: 'Draft', + }, + { + id: 'CWE-325', + name: 'Missing Required Cryptographic Step', + status: 'Incomplete', + }, + { id: 'CWE-326', name: 'Inadequate Encryption Strength', status: 'Draft' }, + { + id: 'CWE-327', + name: 'Use of a Broken or Risky Cryptographic Algorithm', + status: 'Draft', + }, + { id: 'CWE-328', name: 'Reversible One-Way Hash', status: 'Draft' }, + { + id: 'CWE-329', + name: 'Not Using a Random IV with CBC Mode', + status: 'Draft', + }, + { + id: 'CWE-33', + name: "Path Traversal: '....' (Multiple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-330', + name: 'Use of Insufficiently Random Values', + status: 'Usable', + }, + { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, + { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, + { + id: 'CWE-333', + name: 'Improper Handling of Insufficient Entropy in TRNG', + status: 'Draft', + }, + { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, + { id: 'CWE-335', name: 'PRNG Seed Error', status: 'Draft' }, + { id: 'CWE-336', name: 'Same Seed in PRNG', status: 'Draft' }, + { id: 'CWE-337', name: 'Predictable Seed in PRNG', status: 'Draft' }, + { + id: 'CWE-338', + name: 'Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + }, + { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, + { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, + { id: 'CWE-340', name: 'Predictability Problems', status: 'Incomplete' }, + { + id: 'CWE-341', + name: 'Predictable from Observable State', + status: 'Draft', + }, + { + id: 'CWE-342', + name: 'Predictable Exact Value from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-343', + name: 'Predictable Value Range from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-344', + name: 'Use of Invariant Value in Dynamically Changing Context', + status: 'Draft', + }, + { + id: 'CWE-345', + name: 'Insufficient Verification of Data Authenticity', + status: 'Draft', + }, + { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, + { + id: 'CWE-347', + name: 'Improper Verification of Cryptographic Signature', + status: 'Draft', + }, + { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, + { + id: 'CWE-349', + name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', + status: 'Draft', + }, + { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, + { + id: 'CWE-350', + name: 'Reliance on Reverse DNS Resolution for a Security-Critical Action', + status: 'Draft', + }, + { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, + { + id: 'CWE-353', + name: 'Missing Support for Integrity Check', + status: 'Draft', + }, + { + id: 'CWE-354', + name: 'Improper Validation of Integrity Check Value', + status: 'Draft', + }, + { + id: 'CWE-356', + name: 'Product UI does not Warn User of Unsafe Actions', + status: 'Incomplete', + }, + { + id: 'CWE-357', + name: 'Insufficient UI Warning of Dangerous Operations', + status: 'Draft', + }, + { + id: 'CWE-358', + name: 'Improperly Implemented Security Check for Standard', + status: 'Draft', + }, + { + id: 'CWE-359', + name: "Exposure of Private Information ('Privacy Violation')", + status: 'Incomplete', + }, + { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, + { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, + { + id: 'CWE-362', + name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", + status: 'Draft', + }, + { + id: 'CWE-363', + name: 'Race Condition Enabling Link Following', + status: 'Draft', + }, + { + id: 'CWE-364', + name: 'Signal Handler Race Condition', + status: 'Incomplete', + }, + { id: 'CWE-365', name: 'Race Condition in Switch', status: 'Draft' }, + { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, + { + id: 'CWE-367', + name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', + status: 'Incomplete', + }, + { + id: 'CWE-368', + name: 'Context Switching Race Condition', + status: 'Draft', + }, + { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, + { + id: 'CWE-37', + name: "Path Traversal: '/absolute/pathname/here'", + status: 'Draft', + }, + { + id: 'CWE-370', + name: 'Missing Check for Certificate Revocation after Initial Check', + status: 'Draft', + }, + { + id: 'CWE-372', + name: 'Incomplete Internal State Distinction', + status: 'Draft', + }, + { + id: 'CWE-373', + name: 'DEPRECATED: State Synchronization Error', + status: 'Deprecated', + }, + { + id: 'CWE-374', + name: 'Passing Mutable Objects to an Untrusted Method', + status: 'Draft', + }, + { + id: 'CWE-375', + name: 'Returning a Mutable Object to an Untrusted Caller', + status: 'Draft', + }, + { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, + { + id: 'CWE-378', + name: 'Creation of Temporary File With Insecure Permissions', + status: 'Draft', + }, + { + id: 'CWE-379', + name: 'Creation of Temporary File in Directory with Incorrect Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-38', + name: "Path Traversal: '\\absolute\\pathname\\here'", + status: 'Draft', + }, + { + id: 'CWE-382', + name: 'J2EE Bad Practices: Use of System.exit()', + status: 'Draft', + }, + { + id: 'CWE-383', + name: 'J2EE Bad Practices: Direct Use of Threads', + status: 'Draft', + }, + { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, + { + id: 'CWE-386', + name: 'Symbolic Name not Mapping to Correct Object', + status: 'Draft', + }, + { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, + { + id: 'CWE-390', + name: 'Detection of Error Condition Without Action', + status: 'Draft', + }, + { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, + { + id: 'CWE-392', + name: 'Missing Report of Error Condition', + status: 'Draft', + }, + { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, + { + id: 'CWE-394', + name: 'Unexpected Status Code or Return Value', + status: 'Draft', + }, + { + id: 'CWE-395', + name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', + status: 'Draft', + }, + { + id: 'CWE-396', + name: 'Declaration of Catch for Generic Exception', + status: 'Draft', + }, + { + id: 'CWE-397', + name: 'Declaration of Throws for Generic Exception', + status: 'Draft', + }, + { id: 'CWE-398', name: 'Indicator of Poor Code Quality', status: 'Draft' }, + { + id: 'CWE-40', + name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", + status: 'Draft', + }, + { + id: 'CWE-400', + name: "Uncontrolled Resource Consumption ('Resource Exhaustion')", + status: 'Incomplete', + }, + { + id: 'CWE-401', + name: "Improper Release of Memory Before Removing Last Reference ('Memory Leak')", + status: 'Draft', + }, + { + id: 'CWE-402', + name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", + status: 'Draft', + }, + { + id: 'CWE-403', + name: "Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')", + status: 'Draft', + }, + { + id: 'CWE-404', + name: 'Improper Resource Shutdown or Release', + status: 'Draft', + }, + { + id: 'CWE-405', + name: 'Asymmetric Resource Consumption (Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-406', + name: 'Insufficient Control of Network Message Volume (Network Amplification)', + status: 'Incomplete', + }, + { id: 'CWE-407', name: 'Algorithmic Complexity', status: 'Incomplete' }, + { + id: 'CWE-408', + name: 'Incorrect Behavior Order: Early Amplification', + status: 'Draft', + }, + { + id: 'CWE-409', + name: 'Improper Handling of Highly Compressed Data (Data Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-41', + name: 'Improper Resolution of Path Equivalence', + status: 'Incomplete', + }, + { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, + { + id: 'CWE-412', + name: 'Unrestricted Externally Accessible Lock', + status: 'Incomplete', + }, + { id: 'CWE-413', name: 'Improper Resource Locking', status: 'Draft' }, + { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, + { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, + { id: 'CWE-416', name: 'Use After Free', status: 'Draft' }, + { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, + { + id: 'CWE-42', + name: "Path Equivalence: 'filename.' (Trailing Dot)", + status: 'Incomplete', + }, + { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, + { + id: 'CWE-421', + name: 'Race Condition During Access to Alternate Channel', + status: 'Draft', + }, + { + id: 'CWE-422', + name: "Unprotected Windows Messaging Channel ('Shatter')", + status: 'Draft', + }, + { + id: 'CWE-423', + name: 'DEPRECATED (Duplicate): Proxied Trusted Channel', + status: 'Deprecated', + }, + { + id: 'CWE-424', + name: 'Improper Protection of Alternate Path', + status: 'Draft', + }, + { + id: 'CWE-425', + name: "Direct Request ('Forced Browsing')", + status: 'Incomplete', + }, + { + id: 'CWE-427', + name: 'Uncontrolled Search Path Element', + status: 'Draft', + }, + { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, + { + id: 'CWE-43', + name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-430', + name: 'Deployment of Wrong Handler', + status: 'Incomplete', + }, + { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, + { + id: 'CWE-432', + name: 'Dangerous Signal Handler not Disabled During Sensitive Operations', + status: 'Draft', + }, + { + id: 'CWE-433', + name: 'Unparsed Raw Web Content Delivery', + status: 'Incomplete', + }, + { + id: 'CWE-434', + name: 'Unrestricted Upload of File with Dangerous Type', + status: 'Draft', + }, + { id: 'CWE-435', name: 'Interaction Error', status: 'Draft' }, + { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, + { + id: 'CWE-437', + name: 'Incomplete Model of Endpoint Features', + status: 'Incomplete', + }, + { + id: 'CWE-439', + name: 'Behavioral Change in New Version or Environment', + status: 'Draft', + }, + { + id: 'CWE-44', + name: "Path Equivalence: 'file.name' (Internal Dot)", + status: 'Incomplete', + }, + { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, + { + id: 'CWE-441', + name: "Unintended Proxy or Intermediary ('Confused Deputy')", + status: 'Draft', + }, + { + id: 'CWE-443', + name: 'DEPRECATED (Duplicate): HTTP response splitting', + status: 'Deprecated', + }, + { + id: 'CWE-444', + name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')", + status: 'Incomplete', + }, + { + id: 'CWE-446', + name: 'UI Discrepancy for Security Feature', + status: 'Incomplete', + }, + { + id: 'CWE-447', + name: 'Unimplemented or Unsupported Feature in UI', + status: 'Draft', + }, + { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, + { + id: 'CWE-449', + name: 'The UI Performs the Wrong Action', + status: 'Incomplete', + }, + { + id: 'CWE-45', + name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-450', + name: 'Multiple Interpretations of UI Input', + status: 'Draft', + }, + { + id: 'CWE-451', + name: 'User Interface (UI) Misrepresentation of Critical Information', + status: 'Draft', + }, + { + id: 'CWE-453', + name: 'Insecure Default Variable Initialization', + status: 'Draft', + }, + { + id: 'CWE-454', + name: 'External Initialization of Trusted Variables or Data Stores', + status: 'Draft', + }, + { + id: 'CWE-455', + name: 'Non-exit on Failed Initialization', + status: 'Draft', + }, + { + id: 'CWE-456', + name: 'Missing Initialization of a Variable', + status: 'Draft', + }, + { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, + { + id: 'CWE-458', + name: 'DEPRECATED: Incorrect Initialization', + status: 'Deprecated', + }, + { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, + { + id: 'CWE-46', + name: "Path Equivalence: 'filename ' (Trailing Space)", + status: 'Incomplete', + }, + { + id: 'CWE-460', + name: 'Improper Cleanup on Thrown Exception', + status: 'Draft', + }, + { + id: 'CWE-462', + name: 'Duplicate Key in Associative List (Alist)', + status: 'Incomplete', + }, + { + id: 'CWE-463', + name: 'Deletion of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-464', + name: 'Addition of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-466', + name: 'Return of Pointer Value Outside of Expected Range', + status: 'Draft', + }, + { + id: 'CWE-467', + name: 'Use of sizeof() on a Pointer Type', + status: 'Draft', + }, + { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, + { + id: 'CWE-469', + name: 'Use of Pointer Subtraction to Determine Size', + status: 'Draft', + }, + { + id: 'CWE-47', + name: "Path Equivalence: ' filename' (Leading Space)", + status: 'Incomplete', + }, + { + id: 'CWE-470', + name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", + status: 'Draft', + }, + { + id: 'CWE-471', + name: 'Modification of Assumed-Immutable Data (MAID)', + status: 'Draft', + }, + { + id: 'CWE-472', + name: 'External Control of Assumed-Immutable Web Parameter', + status: 'Draft', + }, + { + id: 'CWE-473', + name: 'PHP External Variable Modification', + status: 'Draft', + }, + { + id: 'CWE-474', + name: 'Use of Function with Inconsistent Implementations', + status: 'Draft', + }, + { + id: 'CWE-475', + name: 'Undefined Behavior for Input to API', + status: 'Incomplete', + }, + { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Draft' }, + { id: 'CWE-477', name: 'Use of Obsolete Functions', status: 'Draft' }, + { + id: 'CWE-478', + name: 'Missing Default Case in Switch Statement', + status: 'Draft', + }, + { + id: 'CWE-479', + name: 'Signal Handler Use of a Non-reentrant Function', + status: 'Draft', + }, + { + id: 'CWE-48', + name: "Path Equivalence: 'file name' (Internal Whitespace)", + status: 'Incomplete', + }, + { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, + { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, + { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, + { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, + { + id: 'CWE-484', + name: 'Omitted Break Statement in Switch', + status: 'Draft', + }, + { id: 'CWE-485', name: 'Insufficient Encapsulation', status: 'Draft' }, + { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, + { + id: 'CWE-487', + name: 'Reliance on Package-level Scope', + status: 'Incomplete', + }, + { + id: 'CWE-488', + name: 'Exposure of Data Element to Wrong Session', + status: 'Draft', + }, + { id: 'CWE-489', name: 'Leftover Debug Code', status: 'Draft' }, + { + id: 'CWE-49', + name: "Path Equivalence: 'filename/' (Trailing Slash)", + status: 'Incomplete', + }, + { + id: 'CWE-491', + name: "Public cloneable() Method Without Final ('Object Hijack')", + status: 'Draft', + }, + { + id: 'CWE-492', + name: 'Use of Inner Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-493', + name: 'Critical Public Variable Without Final Modifier', + status: 'Draft', + }, + { + id: 'CWE-494', + name: 'Download of Code Without Integrity Check', + status: 'Draft', + }, + { + id: 'CWE-495', + name: 'Private Array-Typed Field Returned From A Public Method', + status: 'Draft', + }, + { + id: 'CWE-496', + name: 'Public Data Assigned to Private Array-Typed Field', + status: 'Incomplete', + }, + { + id: 'CWE-497', + name: 'Exposure of System Data to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-498', + name: 'Cloneable Class Containing Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-499', + name: 'Serializable Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-5', + name: 'J2EE Misconfiguration: Data Transmission Without Encryption', + status: 'Draft', + }, + { + id: 'CWE-50', + name: "Path Equivalence: '//multiple/leading/slash'", + status: 'Incomplete', + }, + { + id: 'CWE-500', + name: 'Public Static Field Not Marked Final', + status: 'Draft', + }, + { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, + { + id: 'CWE-502', + name: 'Deserialization of Untrusted Data', + status: 'Draft', + }, + { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, + { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, + { + id: 'CWE-508', + name: 'Non-Replicating Malicious Code', + status: 'Incomplete', + }, + { + id: 'CWE-509', + name: 'Replicating Malicious Code (Virus or Worm)', + status: 'Incomplete', + }, + { + id: 'CWE-51', + name: "Path Equivalence: '/multiple//internal/slash'", + status: 'Incomplete', + }, + { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, + { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, + { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, + { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, + { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, + { + id: 'CWE-516', + name: 'DEPRECATED (Duplicate): Covert Timing Channel', + status: 'Deprecated', + }, + { + id: 'CWE-52', + name: "Path Equivalence: '/multiple/trailing/slash//'", + status: 'Incomplete', + }, + { + id: 'CWE-520', + name: '.NET Misconfiguration: Use of Impersonation', + status: 'Incomplete', + }, + { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, + { + id: 'CWE-522', + name: 'Insufficiently Protected Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-523', + name: 'Unprotected Transport of Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-524', + name: 'Information Exposure Through Caching', + status: 'Incomplete', + }, + { + id: 'CWE-525', + name: 'Information Exposure Through Browser Caching', + status: 'Incomplete', + }, + { + id: 'CWE-526', + name: 'Information Exposure Through Environmental Variables', + status: 'Incomplete', + }, + { + id: 'CWE-527', + name: 'Exposure of CVS Repository to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-528', + name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', + status: 'Draft', + }, + { + id: 'CWE-529', + name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-53', + name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", + status: 'Incomplete', + }, + { + id: 'CWE-530', + name: 'Exposure of Backup File to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-531', + name: 'Information Exposure Through Test Code', + status: 'Incomplete', + }, + { + id: 'CWE-532', + name: 'Information Exposure Through Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-533', + name: 'Information Exposure Through Server Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-534', + name: 'Information Exposure Through Debug Log Files', + status: 'Draft', + }, + { + id: 'CWE-535', + name: 'Information Exposure Through Shell Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-536', + name: 'Information Exposure Through Servlet Runtime Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-537', + name: 'Information Exposure Through Java Runtime Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-538', + name: 'File and Directory Information Exposure', + status: 'Draft', + }, + { + id: 'CWE-539', + name: 'Information Exposure Through Persistent Cookies', + status: 'Incomplete', + }, + { + id: 'CWE-54', + name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", + status: 'Incomplete', + }, + { + id: 'CWE-540', + name: 'Information Exposure Through Source Code', + status: 'Incomplete', + }, + { + id: 'CWE-541', + name: 'Information Exposure Through Include Source Code', + status: 'Incomplete', + }, + { + id: 'CWE-542', + name: 'Information Exposure Through Cleanup Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-543', + name: 'Use of Singleton Pattern Without Synchronization in a Multithreaded Context', + status: 'Incomplete', + }, + { + id: 'CWE-544', + name: 'Missing Standardized Error Handling Mechanism', + status: 'Draft', + }, + { + id: 'CWE-545', + name: 'Use of Dynamic Class Loading', + status: 'Incomplete', + }, + { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, + { + id: 'CWE-547', + name: 'Use of Hard-coded, Security-relevant Constants', + status: 'Draft', + }, + { + id: 'CWE-548', + name: 'Information Exposure Through Directory Listing', + status: 'Draft', + }, + { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, + { + id: 'CWE-55', + name: "Path Equivalence: '/./' (Single Dot Directory)", + status: 'Incomplete', + }, + { + id: 'CWE-550', + name: 'Information Exposure Through Server Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-551', + name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', + status: 'Incomplete', + }, + { + id: 'CWE-552', + name: 'Files or Directories Accessible to External Parties', + status: 'Draft', + }, + { + id: 'CWE-553', + name: 'Command Shell in Externally Accessible Directory', + status: 'Incomplete', + }, + { + id: 'CWE-554', + name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', + status: 'Draft', + }, + { + id: 'CWE-555', + name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-556', + name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', + status: 'Incomplete', + }, + { + id: 'CWE-558', + name: 'Use of getlogin() in Multithreaded Application', + status: 'Draft', + }, + { + id: 'CWE-56', + name: "Path Equivalence: 'filedir*' (Wildcard)", + status: 'Incomplete', + }, + { + id: 'CWE-560', + name: 'Use of umask() with chmod-style Argument', + status: 'Draft', + }, + { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, + { + id: 'CWE-562', + name: 'Return of Stack Variable Address', + status: 'Draft', + }, + { + id: 'CWE-563', + name: "Assignment to Variable without Use ('Unused Variable')", + status: 'Draft', + }, + { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, + { + id: 'CWE-565', + name: 'Reliance on Cookies without Validation and Integrity Checking', + status: 'Incomplete', + }, + { + id: 'CWE-566', + name: 'Authorization Bypass Through User-Controlled SQL Primary Key', + status: 'Incomplete', + }, + { + id: 'CWE-567', + name: 'Unsynchronized Access to Shared Data in a Multithreaded Context', + status: 'Draft', + }, + { + id: 'CWE-568', + name: 'finalize() Method Without super.finalize()', + status: 'Draft', + }, + { + id: 'CWE-57', + name: "Path Equivalence: 'fakedir/../realdir/filename'", + status: 'Incomplete', + }, + { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, + { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, + { + id: 'CWE-572', + name: 'Call to Thread run() instead of start()', + status: 'Draft', + }, + { + id: 'CWE-573', + name: 'Improper Following of Specification by Caller', + status: 'Draft', + }, + { + id: 'CWE-574', + name: 'EJB Bad Practices: Use of Synchronization Primitives', + status: 'Draft', + }, + { + id: 'CWE-575', + name: 'EJB Bad Practices: Use of AWT Swing', + status: 'Draft', + }, + { + id: 'CWE-576', + name: 'EJB Bad Practices: Use of Java I/O', + status: 'Draft', + }, + { + id: 'CWE-577', + name: 'EJB Bad Practices: Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-578', + name: 'EJB Bad Practices: Use of Class Loader', + status: 'Draft', + }, + { + id: 'CWE-579', + name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', + status: 'Draft', + }, + { + id: 'CWE-58', + name: 'Path Equivalence: Windows 8.3 Filename', + status: 'Incomplete', + }, + { + id: 'CWE-580', + name: 'clone() Method Without super.clone()', + status: 'Draft', + }, + { + id: 'CWE-581', + name: 'Object Model Violation: Just One of Equals and Hashcode Defined', + status: 'Draft', + }, + { + id: 'CWE-582', + name: 'Array Declared Public, Final, and Static', + status: 'Draft', + }, + { + id: 'CWE-583', + name: 'finalize() Method Declared Public', + status: 'Incomplete', + }, + { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, + { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, + { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, + { + id: 'CWE-587', + name: 'Assignment of a Fixed Address to a Pointer', + status: 'Draft', + }, + { + id: 'CWE-588', + name: 'Attempt to Access Child of a Non-structure Pointer', + status: 'Incomplete', + }, + { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, + { + id: 'CWE-59', + name: "Improper Link Resolution Before File Access ('Link Following')", + status: 'Draft', + }, + { + id: 'CWE-590', + name: 'Free of Memory not on the Heap', + status: 'Incomplete', + }, + { + id: 'CWE-591', + name: 'Sensitive Data Storage in Improperly Locked Memory', + status: 'Draft', + }, + { + id: 'CWE-592', + name: 'Authentication Bypass Issues', + status: 'Incomplete', + }, + { + id: 'CWE-593', + name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', + status: 'Draft', + }, + { + id: 'CWE-594', + name: 'J2EE Framework: Saving Unserializable Objects to Disk', + status: 'Incomplete', + }, + { + id: 'CWE-595', + name: 'Comparison of Object References Instead of Object Contents', + status: 'Incomplete', + }, + { + id: 'CWE-596', + name: 'Incorrect Semantic Object Comparison', + status: 'Incomplete', + }, + { + id: 'CWE-597', + name: 'Use of Wrong Operator in String Comparison', + status: 'Draft', + }, + { + id: 'CWE-598', + name: 'Information Exposure Through Query Strings in GET Request', + status: 'Draft', + }, + { + id: 'CWE-599', + name: 'Missing Validation of OpenSSL Certificate', + status: 'Incomplete', + }, + { + id: 'CWE-6', + name: 'J2EE Misconfiguration: Insufficient Session-ID Length', + status: 'Incomplete', + }, + { id: 'CWE-600', name: 'Uncaught Exception in Servlet ', status: 'Draft' }, + { + id: 'CWE-601', + name: "URL Redirection to Untrusted Site ('Open Redirect')", + status: 'Draft', + }, + { + id: 'CWE-602', + name: 'Client-Side Enforcement of Server-Side Security', + status: 'Draft', + }, + { + id: 'CWE-603', + name: 'Use of Client-Side Authentication', + status: 'Draft', + }, + { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, + { + id: 'CWE-606', + name: 'Unchecked Input for Loop Condition', + status: 'Draft', + }, + { + id: 'CWE-607', + name: 'Public Static Final Field References Mutable Object', + status: 'Draft', + }, + { + id: 'CWE-608', + name: 'Struts: Non-private Field in ActionForm Class', + status: 'Draft', + }, + { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, + { + id: 'CWE-610', + name: 'Externally Controlled Reference to a Resource in Another Sphere', + status: 'Draft', + }, + { + id: 'CWE-611', + name: "Improper Restriction of XML External Entity Reference ('XXE')", + status: 'Draft', + }, + { + id: 'CWE-612', + name: 'Information Exposure Through Indexing of Private Data', + status: 'Draft', + }, + { + id: 'CWE-613', + name: 'Insufficient Session Expiration', + status: 'Incomplete', + }, + { + id: 'CWE-614', + name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", + status: 'Draft', + }, + { + id: 'CWE-615', + name: 'Information Exposure Through Comments', + status: 'Incomplete', + }, + { + id: 'CWE-616', + name: 'Incomplete Identification of Uploaded File Variables (PHP)', + status: 'Incomplete', + }, + { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, + { + id: 'CWE-618', + name: 'Exposed Unsafe ActiveX Method', + status: 'Incomplete', + }, + { + id: 'CWE-619', + name: "Dangling Database Cursor ('Cursor Injection')", + status: 'Incomplete', + }, + { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, + { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, + { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, + { + id: 'CWE-622', + name: 'Improper Validation of Function Hook Arguments', + status: 'Draft', + }, + { + id: 'CWE-623', + name: 'Unsafe ActiveX Control Marked Safe For Scripting', + status: 'Draft', + }, + { + id: 'CWE-624', + name: 'Executable Regular Expression Error', + status: 'Incomplete', + }, + { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, + { + id: 'CWE-626', + name: 'Null Byte Interaction Error (Poison Null Byte)', + status: 'Draft', + }, + { + id: 'CWE-627', + name: 'Dynamic Variable Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-628', + name: 'Function Call with Incorrectly Specified Arguments', + status: 'Draft', + }, + { + id: 'CWE-636', + name: "Not Failing Securely ('Failing Open')", + status: 'Draft', + }, + { + id: 'CWE-637', + name: "Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')", + status: 'Draft', + }, + { id: 'CWE-638', name: 'Not Using Complete Mediation', status: 'Draft' }, + { + id: 'CWE-639', + name: 'Authorization Bypass Through User-Controlled Key', + status: 'Incomplete', + }, + { + id: 'CWE-64', + name: 'Windows Shortcut Following (.LNK)', + status: 'Incomplete', + }, + { + id: 'CWE-640', + name: 'Weak Password Recovery Mechanism for Forgotten Password', + status: 'Incomplete', + }, + { + id: 'CWE-641', + name: 'Improper Restriction of Names for Files and Other Resources', + status: 'Incomplete', + }, + { + id: 'CWE-642', + name: 'External Control of Critical State Data', + status: 'Draft', + }, + { + id: 'CWE-643', + name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-644', + name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', + status: 'Incomplete', + }, + { + id: 'CWE-645', + name: 'Overly Restrictive Account Lockout Mechanism', + status: 'Incomplete', + }, + { + id: 'CWE-646', + name: 'Reliance on File Name or Extension of Externally-Supplied File', + status: 'Incomplete', + }, + { + id: 'CWE-647', + name: 'Use of Non-Canonical URL Paths for Authorization Decisions', + status: 'Incomplete', + }, + { + id: 'CWE-648', + name: 'Incorrect Use of Privileged APIs', + status: 'Incomplete', + }, + { + id: 'CWE-649', + name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', + status: 'Incomplete', + }, + { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, + { + id: 'CWE-650', + name: 'Trusting HTTP Permission Methods on the Server Side', + status: 'Incomplete', + }, + { + id: 'CWE-651', + name: 'Information Exposure Through WSDL File', + status: 'Incomplete', + }, + { + id: 'CWE-652', + name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-653', + name: 'Insufficient Compartmentalization', + status: 'Draft', + }, + { + id: 'CWE-654', + name: 'Reliance on a Single Factor in a Security Decision', + status: 'Draft', + }, + { + id: 'CWE-655', + name: 'Insufficient Psychological Acceptability', + status: 'Draft', + }, + { + id: 'CWE-656', + name: 'Reliance on Security Through Obscurity', + status: 'Draft', + }, + { + id: 'CWE-657', + name: 'Violation of Secure Design Principles', + status: 'Draft', + }, + { + id: 'CWE-66', + name: 'Improper Handling of File Names that Identify Virtual Resources', + status: 'Draft', + }, + { id: 'CWE-662', name: 'Improper Synchronization', status: 'Draft' }, + { + id: 'CWE-663', + name: 'Use of a Non-reentrant Function in a Concurrent Context', + status: 'Draft', + }, + { + id: 'CWE-664', + name: 'Improper Control of a Resource Through its Lifetime', + status: 'Draft', + }, + { id: 'CWE-665', name: 'Improper Initialization', status: 'Draft' }, + { + id: 'CWE-666', + name: 'Operation on Resource in Wrong Phase of Lifetime', + status: 'Draft', + }, + { id: 'CWE-667', name: 'Improper Locking', status: 'Draft' }, + { + id: 'CWE-668', + name: 'Exposure of Resource to Wrong Sphere', + status: 'Draft', + }, + { + id: 'CWE-669', + name: 'Incorrect Resource Transfer Between Spheres', + status: 'Draft', + }, + { + id: 'CWE-67', + name: 'Improper Handling of Windows Device Names', + status: 'Incomplete', + }, + { + id: 'CWE-670', + name: 'Always-Incorrect Control Flow Implementation', + status: 'Draft', + }, + { + id: 'CWE-671', + name: 'Lack of Administrator Control over Security', + status: 'Draft', + }, + { + id: 'CWE-672', + name: 'Operation on a Resource after Expiration or Release', + status: 'Draft', + }, + { + id: 'CWE-673', + name: 'External Influence of Sphere Definition', + status: 'Draft', + }, + { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, + { + id: 'CWE-675', + name: 'Duplicate Operations on Resource', + status: 'Draft', + }, + { + id: 'CWE-676', + name: 'Use of Potentially Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-681', + name: 'Incorrect Conversion between Numeric Types', + status: 'Draft', + }, + { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, + { + id: 'CWE-683', + name: 'Function Call With Incorrect Order of Arguments', + status: 'Draft', + }, + { + id: 'CWE-684', + name: 'Incorrect Provision of Specified Functionality', + status: 'Draft', + }, + { + id: 'CWE-685', + name: 'Function Call With Incorrect Number of Arguments', + status: 'Draft', + }, + { + id: 'CWE-686', + name: 'Function Call With Incorrect Argument Type', + status: 'Draft', + }, + { + id: 'CWE-687', + name: 'Function Call With Incorrectly Specified Argument Value', + status: 'Draft', + }, + { + id: 'CWE-688', + name: 'Function Call With Incorrect Variable or Reference as Argument', + status: 'Draft', + }, + { + id: 'CWE-69', + name: 'Improper Handling of Windows ::DATA Alternate Data Stream', + status: 'Incomplete', + }, + { + id: 'CWE-691', + name: 'Insufficient Control Flow Management', + status: 'Draft', + }, + { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, + { + id: 'CWE-694', + name: 'Use of Multiple Resources with Duplicate Identifier', + status: 'Incomplete', + }, + { + id: 'CWE-695', + name: 'Use of Low-Level Functionality', + status: 'Incomplete', + }, + { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, + { id: 'CWE-697', name: 'Insufficient Comparison', status: 'Incomplete' }, + { + id: 'CWE-698', + name: 'Execution After Redirect (EAR)', + status: 'Incomplete', + }, + { + id: 'CWE-7', + name: 'J2EE Misconfiguration: Missing Custom Error Page', + status: 'Incomplete', + }, + { + id: 'CWE-703', + name: 'Improper Check or Handling of Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-704', + name: 'Incorrect Type Conversion or Cast', + status: 'Incomplete', + }, + { + id: 'CWE-705', + name: 'Incorrect Control Flow Scoping', + status: 'Incomplete', + }, + { + id: 'CWE-706', + name: 'Use of Incorrectly-Resolved Name or Reference', + status: 'Incomplete', + }, + { + id: 'CWE-707', + name: 'Improper Enforcement of Message or Data Structure', + status: 'Incomplete', + }, + { + id: 'CWE-708', + name: 'Incorrect Ownership Assignment', + status: 'Incomplete', + }, + { id: 'CWE-71', name: "Apple '.DS_Store'", status: 'Incomplete' }, + { id: 'CWE-710', name: 'Coding Standards Violation', status: 'Incomplete' }, + { + id: 'CWE-72', + name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', + status: 'Incomplete', + }, + { + id: 'CWE-73', + name: 'External Control of File Name or Path', + status: 'Draft', + }, + { + id: 'CWE-732', + name: 'Incorrect Permission Assignment for Critical Resource', + status: 'Draft', + }, + { + id: 'CWE-733', + name: 'Compiler Optimization Removal or Modification of Security-critical Code', + status: 'Incomplete', + }, + { + id: 'CWE-74', + name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-749', + name: 'Exposed Dangerous Method or Function', + status: 'Incomplete', + }, + { + id: 'CWE-75', + name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', + status: 'Draft', + }, + { + id: 'CWE-754', + name: 'Improper Check for Unusual or Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-755', + name: 'Improper Handling of Exceptional Conditions', + status: 'Incomplete', + }, + { id: 'CWE-756', name: 'Missing Custom Error Page', status: 'Incomplete' }, + { + id: 'CWE-757', + name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", + status: 'Incomplete', + }, + { + id: 'CWE-758', + name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', + status: 'Incomplete', + }, + { + id: 'CWE-759', + name: 'Use of a One-Way Hash without a Salt', + status: 'Incomplete', + }, + { + id: 'CWE-76', + name: 'Improper Neutralization of Equivalent Special Elements', + status: 'Draft', + }, + { + id: 'CWE-760', + name: 'Use of a One-Way Hash with a Predictable Salt', + status: 'Incomplete', + }, + { + id: 'CWE-761', + name: 'Free of Pointer not at Start of Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-762', + name: 'Mismatched Memory Management Routines', + status: 'Incomplete', + }, + { + id: 'CWE-763', + name: 'Release of Invalid Pointer or Reference', + status: 'Incomplete', + }, + { + id: 'CWE-764', + name: 'Multiple Locks of a Critical Resource', + status: 'Incomplete', + }, + { + id: 'CWE-765', + name: 'Multiple Unlocks of a Critical Resource', + status: 'Incomplete', + }, + { + id: 'CWE-766', + name: 'Critical Variable Declared Public', + status: 'Incomplete', + }, + { + id: 'CWE-767', + name: 'Access to Critical Private Variable via Public Method', + status: 'Incomplete', + }, + { + id: 'CWE-768', + name: 'Incorrect Short Circuit Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-77', + name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", + status: 'Draft', + }, + { + id: 'CWE-770', + name: 'Allocation of Resources Without Limits or Throttling', + status: 'Incomplete', + }, + { + id: 'CWE-771', + name: 'Missing Reference to Active Allocated Resource', + status: 'Incomplete', + }, + { + id: 'CWE-772', + name: 'Missing Release of Resource after Effective Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-773', + name: 'Missing Reference to Active File Descriptor or Handle', + status: 'Incomplete', + }, + { + id: 'CWE-774', + name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', + status: 'Incomplete', + }, + { + id: 'CWE-775', + name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-776', + name: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", + status: 'Draft', + }, + { + id: 'CWE-777', + name: 'Regular Expression without Anchors', + status: 'Incomplete', + }, + { id: 'CWE-778', name: 'Insufficient Logging', status: 'Draft' }, + { id: 'CWE-779', name: 'Logging of Excessive Data', status: 'Draft' }, + { + id: 'CWE-78', + name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", + status: 'Draft', + }, + { + id: 'CWE-780', + name: 'Use of RSA Algorithm without OAEP', + status: 'Incomplete', + }, + { + id: 'CWE-781', + name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', + status: 'Draft', + }, + { + id: 'CWE-782', + name: 'Exposed IOCTL with Insufficient Access Control', + status: 'Draft', + }, + { id: 'CWE-783', name: 'Operator Precedence Logic Error', status: 'Draft' }, + { + id: 'CWE-784', + name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', + status: 'Draft', + }, + { + id: 'CWE-785', + name: 'Use of Path Manipulation Function without Maximum-sized Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-786', + name: 'Access of Memory Location Before Start of Buffer', + status: 'Incomplete', + }, + { id: 'CWE-787', name: 'Out-of-bounds Write', status: 'Incomplete' }, + { + id: 'CWE-788', + name: 'Access of Memory Location After End of Buffer', + status: 'Incomplete', + }, + { id: 'CWE-789', name: 'Uncontrolled Memory Allocation', status: 'Draft' }, + { + id: 'CWE-79', + name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + status: 'Usable', + }, + { + id: 'CWE-790', + name: 'Improper Filtering of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-791', + name: 'Incomplete Filtering of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-792', + name: 'Incomplete Filtering of One or More Instances of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-793', + name: 'Only Filtering One Instance of a Special Element', + status: 'Incomplete', + }, + { + id: 'CWE-794', + name: 'Incomplete Filtering of Multiple Instances of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-795', + name: 'Only Filtering Special Elements at a Specified Location', + status: 'Incomplete', + }, + { + id: 'CWE-796', + name: 'Only Filtering Special Elements Relative to a Marker', + status: 'Incomplete', + }, + { + id: 'CWE-797', + name: 'Only Filtering Special Elements at an Absolute Position', + status: 'Incomplete', + }, + { + id: 'CWE-798', + name: 'Use of Hard-coded Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-799', + name: 'Improper Control of Interaction Frequency', + status: 'Incomplete', + }, + { + id: 'CWE-8', + name: 'J2EE Misconfiguration: Entity Bean Declared Remote', + status: 'Incomplete', + }, + { + id: 'CWE-80', + name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', + status: 'Incomplete', + }, + { id: 'CWE-804', name: 'Guessable CAPTCHA', status: 'Incomplete' }, + { + id: 'CWE-805', + name: 'Buffer Access with Incorrect Length Value', + status: 'Incomplete', + }, + { + id: 'CWE-806', + name: 'Buffer Access Using Size of Source Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-807', + name: 'Reliance on Untrusted Inputs in a Security Decision', + status: 'Incomplete', + }, + { + id: 'CWE-81', + name: 'Improper Neutralization of Script in an Error Message Web Page', + status: 'Incomplete', + }, + { + id: 'CWE-82', + name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', + status: 'Incomplete', + }, + { id: 'CWE-820', name: 'Missing Synchronization', status: 'Incomplete' }, + { id: 'CWE-821', name: 'Incorrect Synchronization', status: 'Incomplete' }, + { + id: 'CWE-822', + name: 'Untrusted Pointer Dereference', + status: 'Incomplete', + }, + { + id: 'CWE-823', + name: 'Use of Out-of-range Pointer Offset', + status: 'Incomplete', + }, + { + id: 'CWE-824', + name: 'Access of Uninitialized Pointer', + status: 'Incomplete', + }, + { + id: 'CWE-825', + name: 'Expired Pointer Dereference', + status: 'Incomplete', + }, + { + id: 'CWE-826', + name: 'Premature Release of Resource During Expected Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-827', + name: 'Improper Control of Document Type Definition', + status: 'Incomplete', + }, + { + id: 'CWE-828', + name: 'Signal Handler with Functionality that is not Asynchronous-Safe', + status: 'Incomplete', + }, + { + id: 'CWE-829', + name: 'Inclusion of Functionality from Untrusted Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-83', + name: 'Improper Neutralization of Script in Attributes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-830', + name: 'Inclusion of Web Functionality from an Untrusted Source', + status: 'Incomplete', + }, + { + id: 'CWE-831', + name: 'Signal Handler Function Associated with Multiple Signals', + status: 'Incomplete', + }, + { + id: 'CWE-832', + name: 'Unlock of a Resource that is not Locked', + status: 'Incomplete', + }, + { id: 'CWE-833', name: 'Deadlock', status: 'Incomplete' }, + { id: 'CWE-834', name: 'Excessive Iteration', status: 'Incomplete' }, + { + id: 'CWE-835', + name: "Loop with Unreachable Exit Condition ('Infinite Loop')", + status: 'Incomplete', + }, + { + id: 'CWE-836', + name: 'Use of Password Hash Instead of Password for Authentication', + status: 'Incomplete', + }, + { + id: 'CWE-837', + name: 'Improper Enforcement of a Single, Unique Action', + status: 'Incomplete', + }, + { + id: 'CWE-838', + name: 'Inappropriate Encoding for Output Context', + status: 'Incomplete', + }, + { + id: 'CWE-839', + name: 'Numeric Range Comparison Without Minimum Check', + status: 'Incomplete', + }, + { + id: 'CWE-84', + name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-841', + name: 'Improper Enforcement of Behavioral Workflow', + status: 'Incomplete', + }, + { + id: 'CWE-842', + name: 'Placement of User into Incorrect Group', + status: 'Incomplete', + }, + { + id: 'CWE-843', + name: "Access of Resource Using Incompatible Type ('Type Confusion')", + status: 'Incomplete', + }, + { + id: 'CWE-85', + name: 'Doubled Character XSS Manipulations', + status: 'Draft', + }, + { + id: 'CWE-86', + name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', + status: 'Draft', + }, + { id: 'CWE-862', name: 'Missing Authorization', status: 'Incomplete' }, + { id: 'CWE-863', name: 'Incorrect Authorization', status: 'Incomplete' }, + { + id: 'CWE-87', + name: 'Improper Neutralization of Alternate XSS Syntax', + status: 'Draft', + }, + { + id: 'CWE-88', + name: 'Argument Injection or Modification', + status: 'Draft', + }, + { + id: 'CWE-89', + name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + status: 'Draft', + }, + { + id: 'CWE-9', + name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', + status: 'Draft', + }, + { + id: 'CWE-90', + name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", + status: 'Draft', + }, + { + id: 'CWE-908', + name: 'Use of Uninitialized Resource', + status: 'Incomplete', + }, + { + id: 'CWE-909', + name: 'Missing Initialization of Resource', + status: 'Incomplete', + }, + { + id: 'CWE-91', + name: 'XML Injection (aka Blind XPath Injection)', + status: 'Draft', + }, + { + id: 'CWE-910', + name: 'Use of Expired File Descriptor', + status: 'Incomplete', + }, + { + id: 'CWE-911', + name: 'Improper Update of Reference Count', + status: 'Incomplete', + }, + { id: 'CWE-912', name: 'Hidden Functionality', status: 'Incomplete' }, + { + id: 'CWE-913', + name: 'Improper Control of Dynamically-Managed Code Resources', + status: 'Incomplete', + }, + { + id: 'CWE-914', + name: 'Improper Control of Dynamically-Identified Variables', + status: 'Incomplete', + }, + { + id: 'CWE-915', + name: 'Improperly Controlled Modification of Dynamically-Determined Object Attributes', + status: 'Incomplete', + }, + { + id: 'CWE-916', + name: 'Use of Password Hash With Insufficient Computational Effort', + status: 'Incomplete', + }, + { + id: 'CWE-917', + name: "Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-918', + name: 'Server-Side Request Forgery (SSRF)', + status: 'Incomplete', + }, + { + id: 'CWE-92', + name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', + status: 'Deprecated', + }, + { + id: 'CWE-920', + name: 'Improper Restriction of Power Consumption', + status: 'Incomplete', + }, + { + id: 'CWE-921', + name: 'Storage of Sensitive Data in a Mechanism without Access Control', + status: 'Incomplete', + }, + { + id: 'CWE-922', + name: 'Insecure Storage of Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-923', + name: 'Improper Restriction of Communication Channel to Intended Endpoints', + status: 'Incomplete', + }, + { + id: 'CWE-924', + name: 'Improper Enforcement of Message Integrity During Transmission in a Communication Channel', + status: 'Incomplete', + }, + { + id: 'CWE-925', + name: 'Improper Verification of Intent by Broadcast Receiver', + status: 'Incomplete', + }, + { + id: 'CWE-926', + name: 'Improper Export of Android Application Components', + status: 'Incomplete', + }, + { + id: 'CWE-927', + name: 'Use of Implicit Intent for Sensitive Communication', + status: 'Incomplete', + }, + { + id: 'CWE-93', + name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", + status: 'Draft', + }, + { + id: 'CWE-939', + name: 'Improper Authorization in Handler for Custom URL Scheme', + status: 'Incomplete', + }, + { + id: 'CWE-94', + name: "Improper Control of Generation of Code ('Code Injection')", + status: 'Draft', + }, + { + id: 'CWE-940', + name: 'Improper Verification of Source of a Communication Channel', + status: 'Incomplete', + }, + { + id: 'CWE-941', + name: 'Incorrectly Specified Destination in a Communication Channel', + status: 'Incomplete', + }, + { + id: 'CWE-942', + name: 'Overly Permissive Cross-domain Whitelist', + status: 'Incomplete', + }, + { + id: 'CWE-943', + name: 'Improper Neutralization of Special Elements in Data Query Logic', + status: 'Incomplete', + }, + { + id: 'CWE-95', + name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-96', + name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", + status: 'Draft', + }, + { + id: 'CWE-97', + name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', + status: 'Draft', + }, + { + id: 'CWE-98', + name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", + status: 'Draft', + }, + { + id: 'CWE-99', + name: "Improper Control of Resource Identifiers ('Resource Injection')", + status: 'Draft', + }, + ], +} diff --git a/lib/cwec/2.9.js b/lib/cwec/2.9.js new file mode 100644 index 00000000..c17a6cab --- /dev/null +++ b/lib/cwec/2.9.js @@ -0,0 +1,3003 @@ +export default { + weaknesses: [ + { + id: 'CWE-102', + name: 'Struts: Duplicate Validation Forms', + status: 'Incomplete', + }, + { + id: 'CWE-103', + name: 'Struts: Incomplete validate() Method Definition', + status: 'Draft', + }, + { + id: 'CWE-104', + name: 'Struts: Form Bean Does Not Extend Validation Class', + status: 'Draft', + }, + { + id: 'CWE-105', + name: 'Struts: Form Field Without Validator', + status: 'Draft', + }, + { + id: 'CWE-106', + name: 'Struts: Plug-in Framework not in Use', + status: 'Draft', + }, + { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, + { + id: 'CWE-108', + name: 'Struts: Unvalidated Action Form', + status: 'Incomplete', + }, + { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, + { + id: 'CWE-11', + name: 'ASP.NET Misconfiguration: Creating Debug Binary', + status: 'Draft', + }, + { + id: 'CWE-110', + name: 'Struts: Validator Without Form Field', + status: 'Draft', + }, + { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, + { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, + { + id: 'CWE-113', + name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')", + status: 'Incomplete', + }, + { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, + { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, + { + id: 'CWE-116', + name: 'Improper Encoding or Escaping of Output', + status: 'Draft', + }, + { + id: 'CWE-117', + name: 'Improper Output Neutralization for Logs', + status: 'Draft', + }, + { + id: 'CWE-118', + name: "Improper Access of Indexable Resource ('Range Error')", + status: 'Incomplete', + }, + { + id: 'CWE-119', + name: 'Improper Restriction of Operations within the Bounds of a Memory Buffer', + status: 'Usable', + }, + { + id: 'CWE-12', + name: 'ASP.NET Misconfiguration: Missing Custom Error Page', + status: 'Draft', + }, + { + id: 'CWE-120', + name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", + status: 'Incomplete', + }, + { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, + { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, + { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, + { + id: 'CWE-124', + name: "Buffer Underwrite ('Buffer Underflow')", + status: 'Incomplete', + }, + { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, + { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, + { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, + { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, + { + id: 'CWE-129', + name: 'Improper Validation of Array Index', + status: 'Draft', + }, + { + id: 'CWE-13', + name: 'ASP.NET Misconfiguration: Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-130', + name: 'Improper Handling of Length Parameter Inconsistency ', + status: 'Incomplete', + }, + { + id: 'CWE-131', + name: 'Incorrect Calculation of Buffer Size', + status: 'Draft', + }, + { + id: 'CWE-132', + name: 'DEPRECATED (Duplicate): Miscalculated Null Termination', + status: 'Deprecated', + }, + { + id: 'CWE-134', + name: 'Use of Externally-Controlled Format String', + status: 'Draft', + }, + { + id: 'CWE-135', + name: 'Incorrect Calculation of Multi-Byte String Length', + status: 'Draft', + }, + { + id: 'CWE-138', + name: 'Improper Neutralization of Special Elements', + status: 'Draft', + }, + { + id: 'CWE-14', + name: 'Compiler Removal of Code to Clear Buffers', + status: 'Draft', + }, + { + id: 'CWE-140', + name: 'Improper Neutralization of Delimiters', + status: 'Draft', + }, + { + id: 'CWE-141', + name: 'Improper Neutralization of Parameter/Argument Delimiters', + status: 'Draft', + }, + { + id: 'CWE-142', + name: 'Improper Neutralization of Value Delimiters', + status: 'Draft', + }, + { + id: 'CWE-143', + name: 'Improper Neutralization of Record Delimiters', + status: 'Draft', + }, + { + id: 'CWE-144', + name: 'Improper Neutralization of Line Delimiters', + status: 'Draft', + }, + { + id: 'CWE-145', + name: 'Improper Neutralization of Section Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-146', + name: 'Improper Neutralization of Expression/Command Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-147', + name: 'Improper Neutralization of Input Terminators', + status: 'Draft', + }, + { + id: 'CWE-148', + name: 'Improper Neutralization of Input Leaders', + status: 'Draft', + }, + { + id: 'CWE-149', + name: 'Improper Neutralization of Quoting Syntax', + status: 'Draft', + }, + { + id: 'CWE-15', + name: 'External Control of System or Configuration Setting', + status: 'Incomplete', + }, + { + id: 'CWE-150', + name: 'Improper Neutralization of Escape, Meta, or Control Sequences', + status: 'Incomplete', + }, + { + id: 'CWE-151', + name: 'Improper Neutralization of Comment Delimiters', + status: 'Draft', + }, + { + id: 'CWE-152', + name: 'Improper Neutralization of Macro Symbols', + status: 'Draft', + }, + { + id: 'CWE-153', + name: 'Improper Neutralization of Substitution Characters', + status: 'Draft', + }, + { + id: 'CWE-154', + name: 'Improper Neutralization of Variable Name Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-155', + name: 'Improper Neutralization of Wildcards or Matching Symbols', + status: 'Draft', + }, + { + id: 'CWE-156', + name: 'Improper Neutralization of Whitespace', + status: 'Draft', + }, + { + id: 'CWE-157', + name: 'Failure to Sanitize Paired Delimiters', + status: 'Draft', + }, + { + id: 'CWE-158', + name: 'Improper Neutralization of Null Byte or NUL Character', + status: 'Incomplete', + }, + { + id: 'CWE-159', + name: 'Failure to Sanitize Special Element', + status: 'Draft', + }, + { + id: 'CWE-160', + name: 'Improper Neutralization of Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-161', + name: 'Improper Neutralization of Multiple Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-162', + name: 'Improper Neutralization of Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-163', + name: 'Improper Neutralization of Multiple Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-164', + name: 'Improper Neutralization of Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-165', + name: 'Improper Neutralization of Multiple Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-166', + name: 'Improper Handling of Missing Special Element', + status: 'Draft', + }, + { + id: 'CWE-167', + name: 'Improper Handling of Additional Special Element', + status: 'Draft', + }, + { + id: 'CWE-168', + name: 'Improper Handling of Inconsistent Special Elements', + status: 'Draft', + }, + { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, + { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, + { + id: 'CWE-173', + name: 'Improper Handling of Alternate Encoding', + status: 'Draft', + }, + { + id: 'CWE-174', + name: 'Double Decoding of the Same Data', + status: 'Draft', + }, + { + id: 'CWE-175', + name: 'Improper Handling of Mixed Encoding', + status: 'Draft', + }, + { + id: 'CWE-176', + name: 'Improper Handling of Unicode Encoding', + status: 'Draft', + }, + { + id: 'CWE-177', + name: 'Improper Handling of URL Encoding (Hex Encoding)', + status: 'Draft', + }, + { + id: 'CWE-178', + name: 'Improper Handling of Case Sensitivity', + status: 'Incomplete', + }, + { + id: 'CWE-179', + name: 'Incorrect Behavior Order: Early Validation', + status: 'Incomplete', + }, + { + id: 'CWE-180', + name: 'Incorrect Behavior Order: Validate Before Canonicalize', + status: 'Draft', + }, + { + id: 'CWE-181', + name: 'Incorrect Behavior Order: Validate Before Filter', + status: 'Draft', + }, + { + id: 'CWE-182', + name: 'Collapse of Data into Unsafe Value', + status: 'Draft', + }, + { id: 'CWE-183', name: 'Permissive Whitelist', status: 'Draft' }, + { id: 'CWE-184', name: 'Incomplete Blacklist', status: 'Draft' }, + { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, + { + id: 'CWE-186', + name: 'Overly Restrictive Regular Expression', + status: 'Draft', + }, + { id: 'CWE-187', name: 'Partial Comparison', status: 'Incomplete' }, + { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, + { + id: 'CWE-190', + name: 'Integer Overflow or Wraparound', + status: 'Incomplete', + }, + { + id: 'CWE-191', + name: 'Integer Underflow (Wrap or Wraparound)', + status: 'Draft', + }, + { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, + { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, + { + id: 'CWE-195', + name: 'Signed to Unsigned Conversion Error', + status: 'Draft', + }, + { + id: 'CWE-196', + name: 'Unsigned to Signed Conversion Error', + status: 'Draft', + }, + { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, + { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, + { id: 'CWE-20', name: 'Improper Input Validation', status: 'Usable' }, + { id: 'CWE-200', name: 'Information Exposure', status: 'Incomplete' }, + { + id: 'CWE-201', + name: 'Information Exposure Through Sent Data', + status: 'Draft', + }, + { + id: 'CWE-202', + name: 'Exposure of Sensitive Data Through Data Queries', + status: 'Draft', + }, + { + id: 'CWE-203', + name: 'Information Exposure Through Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-204', + name: 'Response Discrepancy Information Exposure', + status: 'Incomplete', + }, + { + id: 'CWE-205', + name: 'Information Exposure Through Behavioral Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-206', + name: 'Information Exposure of Internal State Through Behavioral Inconsistency', + status: 'Incomplete', + }, + { + id: 'CWE-207', + name: 'Information Exposure Through an External Behavioral Inconsistency', + status: 'Draft', + }, + { + id: 'CWE-208', + name: 'Information Exposure Through Timing Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-209', + name: 'Information Exposure Through an Error Message', + status: 'Draft', + }, + { + id: 'CWE-210', + name: 'Information Exposure Through Self-generated Error Message', + status: 'Draft', + }, + { + id: 'CWE-211', + name: 'Information Exposure Through Externally-generated Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-212', + name: 'Improper Cross-boundary Removal of Sensitive Data', + status: 'Incomplete', + }, + { + id: 'CWE-213', + name: 'Intentional Information Exposure', + status: 'Draft', + }, + { + id: 'CWE-214', + name: 'Information Exposure Through Process Environment', + status: 'Incomplete', + }, + { + id: 'CWE-215', + name: 'Information Exposure Through Debug Information', + status: 'Draft', + }, + { + id: 'CWE-216', + name: 'Containment Errors (Container Errors)', + status: 'Incomplete', + }, + { + id: 'CWE-217', + name: 'DEPRECATED: Failure to Protect Stored Data from Modification', + status: 'Deprecated', + }, + { + id: 'CWE-218', + name: 'DEPRECATED (Duplicate): Failure to provide confidentiality for stored data', + status: 'Deprecated', + }, + { id: 'CWE-219', name: 'Sensitive Data Under Web Root', status: 'Draft' }, + { + id: 'CWE-22', + name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + status: 'Draft', + }, + { id: 'CWE-220', name: 'Sensitive Data Under FTP Root', status: 'Draft' }, + { + id: 'CWE-221', + name: 'Information Loss or Omission', + status: 'Incomplete', + }, + { + id: 'CWE-222', + name: 'Truncation of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-223', + name: 'Omission of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-224', + name: 'Obscured Security-relevant Information by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-225', + name: 'DEPRECATED (Duplicate): General Information Management Problems', + status: 'Deprecated', + }, + { + id: 'CWE-226', + name: 'Sensitive Information Uncleared Before Release', + status: 'Draft', + }, + { + id: 'CWE-227', + name: "Improper Fulfillment of API Contract ('API Abuse')", + status: 'Draft', + }, + { + id: 'CWE-228', + name: 'Improper Handling of Syntactically Invalid Structure', + status: 'Incomplete', + }, + { + id: 'CWE-229', + name: 'Improper Handling of Values', + status: 'Incomplete', + }, + { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, + { + id: 'CWE-230', + name: 'Improper Handling of Missing Values', + status: 'Draft', + }, + { + id: 'CWE-231', + name: 'Improper Handling of Extra Values', + status: 'Draft', + }, + { + id: 'CWE-232', + name: 'Improper Handling of Undefined Values', + status: 'Draft', + }, + { + id: 'CWE-233', + name: 'Improper Handling of Parameters', + status: 'Incomplete', + }, + { + id: 'CWE-234', + name: 'Failure to Handle Missing Parameter', + status: 'Incomplete', + }, + { + id: 'CWE-235', + name: 'Improper Handling of Extra Parameters', + status: 'Draft', + }, + { + id: 'CWE-236', + name: 'Improper Handling of Undefined Parameters', + status: 'Draft', + }, + { + id: 'CWE-237', + name: 'Improper Handling of Structural Elements', + status: 'Incomplete', + }, + { + id: 'CWE-238', + name: 'Improper Handling of Incomplete Structural Elements', + status: 'Draft', + }, + { + id: 'CWE-239', + name: 'Failure to Handle Incomplete Element', + status: 'Draft', + }, + { + id: 'CWE-24', + name: "Path Traversal: '../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-240', + name: 'Improper Handling of Inconsistent Structural Elements', + status: 'Draft', + }, + { + id: 'CWE-241', + name: 'Improper Handling of Unexpected Data Type', + status: 'Draft', + }, + { + id: 'CWE-242', + name: 'Use of Inherently Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-243', + name: 'Creation of chroot Jail Without Changing Working Directory', + status: 'Draft', + }, + { + id: 'CWE-244', + name: "Improper Clearing of Heap Memory Before Release ('Heap Inspection')", + status: 'Draft', + }, + { + id: 'CWE-245', + name: 'J2EE Bad Practices: Direct Management of Connections', + status: 'Draft', + }, + { + id: 'CWE-246', + name: 'J2EE Bad Practices: Direct Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-247', + name: 'DEPRECATED (Duplicate): Reliance on DNS Lookups in a Security Decision', + status: 'Deprecated', + }, + { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, + { + id: 'CWE-249', + name: 'DEPRECATED: Often Misused: Path Manipulation', + status: 'Deprecated', + }, + { + id: 'CWE-25', + name: "Path Traversal: '/../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-250', + name: 'Execution with Unnecessary Privileges', + status: 'Draft', + }, + { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, + { + id: 'CWE-253', + name: 'Incorrect Check of Function Return Value', + status: 'Incomplete', + }, + { + id: 'CWE-256', + name: 'Plaintext Storage of a Password', + status: 'Incomplete', + }, + { + id: 'CWE-257', + name: 'Storing Passwords in a Recoverable Format', + status: 'Incomplete', + }, + { + id: 'CWE-258', + name: 'Empty Password in Configuration File', + status: 'Incomplete', + }, + { id: 'CWE-259', name: 'Use of Hard-coded Password', status: 'Draft' }, + { + id: 'CWE-26', + name: "Path Traversal: '/dir/../filename'", + status: 'Draft', + }, + { + id: 'CWE-260', + name: 'Password in Configuration File', + status: 'Incomplete', + }, + { + id: 'CWE-261', + name: 'Weak Cryptography for Passwords', + status: 'Incomplete', + }, + { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, + { + id: 'CWE-263', + name: 'Password Aging with Long Expiration', + status: 'Draft', + }, + { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, + { + id: 'CWE-267', + name: 'Privilege Defined With Unsafe Actions', + status: 'Incomplete', + }, + { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, + { + id: 'CWE-269', + name: 'Improper Privilege Management', + status: 'Incomplete', + }, + { + id: 'CWE-27', + name: "Path Traversal: 'dir/../../filename'", + status: 'Draft', + }, + { + id: 'CWE-270', + name: 'Privilege Context Switching Error', + status: 'Draft', + }, + { + id: 'CWE-271', + name: 'Privilege Dropping / Lowering Errors', + status: 'Incomplete', + }, + { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, + { + id: 'CWE-273', + name: 'Improper Check for Dropped Privileges', + status: 'Incomplete', + }, + { + id: 'CWE-274', + name: 'Improper Handling of Insufficient Privileges', + status: 'Draft', + }, + { id: 'CWE-276', name: 'Incorrect Default Permissions', status: 'Draft' }, + { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, + { + id: 'CWE-278', + name: 'Insecure Preserved Inherited Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-279', + name: 'Incorrect Execution-Assigned Permissions', + status: 'Draft', + }, + { + id: 'CWE-28', + name: "Path Traversal: '..\\filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-280', + name: 'Improper Handling of Insufficient Permissions or Privileges ', + status: 'Draft', + }, + { + id: 'CWE-281', + name: 'Improper Preservation of Permissions', + status: 'Draft', + }, + { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, + { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, + { id: 'CWE-284', name: 'Improper Access Control', status: 'Incomplete' }, + { id: 'CWE-285', name: 'Improper Authorization', status: 'Draft' }, + { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, + { id: 'CWE-287', name: 'Improper Authentication', status: 'Draft' }, + { + id: 'CWE-288', + name: 'Authentication Bypass Using an Alternate Path or Channel', + status: 'Incomplete', + }, + { + id: 'CWE-289', + name: 'Authentication Bypass by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-29', + name: "Path Traversal: '\\..\\filename'", + status: 'Incomplete', + }, + { + id: 'CWE-290', + name: 'Authentication Bypass by Spoofing', + status: 'Incomplete', + }, + { + id: 'CWE-291', + name: 'Reliance on IP Address for Authentication', + status: 'Incomplete', + }, + { + id: 'CWE-292', + name: 'DEPRECATED (Duplicate): Trusting Self-reported DNS Name', + status: 'Deprecated', + }, + { + id: 'CWE-293', + name: 'Using Referer Field for Authentication', + status: 'Draft', + }, + { + id: 'CWE-294', + name: 'Authentication Bypass by Capture-replay', + status: 'Incomplete', + }, + { + id: 'CWE-295', + name: 'Improper Certificate Validation', + status: 'Incomplete', + }, + { + id: 'CWE-296', + name: "Improper Following of a Certificate's Chain of Trust", + status: 'Draft', + }, + { + id: 'CWE-297', + name: 'Improper Validation of Certificate with Host Mismatch', + status: 'Incomplete', + }, + { + id: 'CWE-298', + name: 'Improper Validation of Certificate Expiration', + status: 'Draft', + }, + { + id: 'CWE-299', + name: 'Improper Check for Certificate Revocation', + status: 'Draft', + }, + { + id: 'CWE-30', + name: "Path Traversal: '\\dir\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-300', + name: "Channel Accessible by Non-Endpoint ('Man-in-the-Middle')", + status: 'Draft', + }, + { + id: 'CWE-301', + name: 'Reflection Attack in an Authentication Protocol', + status: 'Draft', + }, + { + id: 'CWE-302', + name: 'Authentication Bypass by Assumed-Immutable Data', + status: 'Incomplete', + }, + { + id: 'CWE-303', + name: 'Incorrect Implementation of Authentication Algorithm', + status: 'Draft', + }, + { + id: 'CWE-304', + name: 'Missing Critical Step in Authentication', + status: 'Draft', + }, + { + id: 'CWE-305', + name: 'Authentication Bypass by Primary Weakness', + status: 'Draft', + }, + { + id: 'CWE-306', + name: 'Missing Authentication for Critical Function', + status: 'Draft', + }, + { + id: 'CWE-307', + name: 'Improper Restriction of Excessive Authentication Attempts', + status: 'Draft', + }, + { + id: 'CWE-308', + name: 'Use of Single-factor Authentication', + status: 'Draft', + }, + { + id: 'CWE-309', + name: 'Use of Password System for Primary Authentication', + status: 'Draft', + }, + { + id: 'CWE-31', + name: "Path Traversal: 'dir\\..\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-311', + name: 'Missing Encryption of Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-312', + name: 'Cleartext Storage of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-313', + name: 'Cleartext Storage in a File or on Disk', + status: 'Draft', + }, + { + id: 'CWE-314', + name: 'Cleartext Storage in the Registry', + status: 'Draft', + }, + { + id: 'CWE-315', + name: 'Cleartext Storage of Sensitive Information in a Cookie', + status: 'Draft', + }, + { + id: 'CWE-316', + name: 'Cleartext Storage of Sensitive Information in Memory', + status: 'Draft', + }, + { + id: 'CWE-317', + name: 'Cleartext Storage of Sensitive Information in GUI', + status: 'Draft', + }, + { + id: 'CWE-318', + name: 'Cleartext Storage of Sensitive Information in Executable', + status: 'Draft', + }, + { + id: 'CWE-319', + name: 'Cleartext Transmission of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-32', + name: "Path Traversal: '...' (Triple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-321', + name: 'Use of Hard-coded Cryptographic Key', + status: 'Draft', + }, + { + id: 'CWE-322', + name: 'Key Exchange without Entity Authentication', + status: 'Draft', + }, + { + id: 'CWE-323', + name: 'Reusing a Nonce, Key Pair in Encryption', + status: 'Incomplete', + }, + { + id: 'CWE-324', + name: 'Use of a Key Past its Expiration Date', + status: 'Draft', + }, + { + id: 'CWE-325', + name: 'Missing Required Cryptographic Step', + status: 'Incomplete', + }, + { id: 'CWE-326', name: 'Inadequate Encryption Strength', status: 'Draft' }, + { + id: 'CWE-327', + name: 'Use of a Broken or Risky Cryptographic Algorithm', + status: 'Draft', + }, + { id: 'CWE-328', name: 'Reversible One-Way Hash', status: 'Draft' }, + { + id: 'CWE-329', + name: 'Not Using a Random IV with CBC Mode', + status: 'Draft', + }, + { + id: 'CWE-33', + name: "Path Traversal: '....' (Multiple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-330', + name: 'Use of Insufficiently Random Values', + status: 'Usable', + }, + { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, + { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, + { + id: 'CWE-333', + name: 'Improper Handling of Insufficient Entropy in TRNG', + status: 'Draft', + }, + { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, + { id: 'CWE-335', name: 'PRNG Seed Error', status: 'Draft' }, + { id: 'CWE-336', name: 'Same Seed in PRNG', status: 'Draft' }, + { id: 'CWE-337', name: 'Predictable Seed in PRNG', status: 'Draft' }, + { + id: 'CWE-338', + name: 'Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + }, + { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, + { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, + { id: 'CWE-340', name: 'Predictability Problems', status: 'Incomplete' }, + { + id: 'CWE-341', + name: 'Predictable from Observable State', + status: 'Draft', + }, + { + id: 'CWE-342', + name: 'Predictable Exact Value from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-343', + name: 'Predictable Value Range from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-344', + name: 'Use of Invariant Value in Dynamically Changing Context', + status: 'Draft', + }, + { + id: 'CWE-345', + name: 'Insufficient Verification of Data Authenticity', + status: 'Draft', + }, + { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, + { + id: 'CWE-347', + name: 'Improper Verification of Cryptographic Signature', + status: 'Draft', + }, + { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, + { + id: 'CWE-349', + name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', + status: 'Draft', + }, + { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, + { + id: 'CWE-350', + name: 'Reliance on Reverse DNS Resolution for a Security-Critical Action', + status: 'Draft', + }, + { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, + { + id: 'CWE-353', + name: 'Missing Support for Integrity Check', + status: 'Draft', + }, + { + id: 'CWE-354', + name: 'Improper Validation of Integrity Check Value', + status: 'Draft', + }, + { + id: 'CWE-356', + name: 'Product UI does not Warn User of Unsafe Actions', + status: 'Incomplete', + }, + { + id: 'CWE-357', + name: 'Insufficient UI Warning of Dangerous Operations', + status: 'Draft', + }, + { + id: 'CWE-358', + name: 'Improperly Implemented Security Check for Standard', + status: 'Draft', + }, + { + id: 'CWE-359', + name: "Exposure of Private Information ('Privacy Violation')", + status: 'Incomplete', + }, + { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, + { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, + { + id: 'CWE-362', + name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", + status: 'Draft', + }, + { + id: 'CWE-363', + name: 'Race Condition Enabling Link Following', + status: 'Draft', + }, + { + id: 'CWE-364', + name: 'Signal Handler Race Condition', + status: 'Incomplete', + }, + { id: 'CWE-365', name: 'Race Condition in Switch', status: 'Draft' }, + { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, + { + id: 'CWE-367', + name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', + status: 'Incomplete', + }, + { + id: 'CWE-368', + name: 'Context Switching Race Condition', + status: 'Draft', + }, + { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, + { + id: 'CWE-37', + name: "Path Traversal: '/absolute/pathname/here'", + status: 'Draft', + }, + { + id: 'CWE-370', + name: 'Missing Check for Certificate Revocation after Initial Check', + status: 'Draft', + }, + { + id: 'CWE-372', + name: 'Incomplete Internal State Distinction', + status: 'Draft', + }, + { + id: 'CWE-373', + name: 'DEPRECATED: State Synchronization Error', + status: 'Deprecated', + }, + { + id: 'CWE-374', + name: 'Passing Mutable Objects to an Untrusted Method', + status: 'Draft', + }, + { + id: 'CWE-375', + name: 'Returning a Mutable Object to an Untrusted Caller', + status: 'Draft', + }, + { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, + { + id: 'CWE-378', + name: 'Creation of Temporary File With Insecure Permissions', + status: 'Draft', + }, + { + id: 'CWE-379', + name: 'Creation of Temporary File in Directory with Incorrect Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-38', + name: "Path Traversal: '\\absolute\\pathname\\here'", + status: 'Draft', + }, + { + id: 'CWE-382', + name: 'J2EE Bad Practices: Use of System.exit()', + status: 'Draft', + }, + { + id: 'CWE-383', + name: 'J2EE Bad Practices: Direct Use of Threads', + status: 'Draft', + }, + { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, + { + id: 'CWE-386', + name: 'Symbolic Name not Mapping to Correct Object', + status: 'Draft', + }, + { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, + { + id: 'CWE-390', + name: 'Detection of Error Condition Without Action', + status: 'Draft', + }, + { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, + { + id: 'CWE-392', + name: 'Missing Report of Error Condition', + status: 'Draft', + }, + { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, + { + id: 'CWE-394', + name: 'Unexpected Status Code or Return Value', + status: 'Draft', + }, + { + id: 'CWE-395', + name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', + status: 'Draft', + }, + { + id: 'CWE-396', + name: 'Declaration of Catch for Generic Exception', + status: 'Draft', + }, + { + id: 'CWE-397', + name: 'Declaration of Throws for Generic Exception', + status: 'Draft', + }, + { id: 'CWE-398', name: 'Indicator of Poor Code Quality', status: 'Draft' }, + { + id: 'CWE-40', + name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", + status: 'Draft', + }, + { + id: 'CWE-400', + name: "Uncontrolled Resource Consumption ('Resource Exhaustion')", + status: 'Incomplete', + }, + { + id: 'CWE-401', + name: "Improper Release of Memory Before Removing Last Reference ('Memory Leak')", + status: 'Draft', + }, + { + id: 'CWE-402', + name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", + status: 'Draft', + }, + { + id: 'CWE-403', + name: "Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')", + status: 'Draft', + }, + { + id: 'CWE-404', + name: 'Improper Resource Shutdown or Release', + status: 'Draft', + }, + { + id: 'CWE-405', + name: 'Asymmetric Resource Consumption (Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-406', + name: 'Insufficient Control of Network Message Volume (Network Amplification)', + status: 'Incomplete', + }, + { id: 'CWE-407', name: 'Algorithmic Complexity', status: 'Incomplete' }, + { + id: 'CWE-408', + name: 'Incorrect Behavior Order: Early Amplification', + status: 'Draft', + }, + { + id: 'CWE-409', + name: 'Improper Handling of Highly Compressed Data (Data Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-41', + name: 'Improper Resolution of Path Equivalence', + status: 'Incomplete', + }, + { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, + { + id: 'CWE-412', + name: 'Unrestricted Externally Accessible Lock', + status: 'Incomplete', + }, + { id: 'CWE-413', name: 'Improper Resource Locking', status: 'Draft' }, + { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, + { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, + { id: 'CWE-416', name: 'Use After Free', status: 'Draft' }, + { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, + { + id: 'CWE-42', + name: "Path Equivalence: 'filename.' (Trailing Dot)", + status: 'Incomplete', + }, + { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, + { + id: 'CWE-421', + name: 'Race Condition During Access to Alternate Channel', + status: 'Draft', + }, + { + id: 'CWE-422', + name: "Unprotected Windows Messaging Channel ('Shatter')", + status: 'Draft', + }, + { + id: 'CWE-423', + name: 'DEPRECATED (Duplicate): Proxied Trusted Channel', + status: 'Deprecated', + }, + { + id: 'CWE-424', + name: 'Improper Protection of Alternate Path', + status: 'Draft', + }, + { + id: 'CWE-425', + name: "Direct Request ('Forced Browsing')", + status: 'Incomplete', + }, + { + id: 'CWE-427', + name: 'Uncontrolled Search Path Element', + status: 'Draft', + }, + { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, + { + id: 'CWE-43', + name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-430', + name: 'Deployment of Wrong Handler', + status: 'Incomplete', + }, + { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, + { + id: 'CWE-432', + name: 'Dangerous Signal Handler not Disabled During Sensitive Operations', + status: 'Draft', + }, + { + id: 'CWE-433', + name: 'Unparsed Raw Web Content Delivery', + status: 'Incomplete', + }, + { + id: 'CWE-434', + name: 'Unrestricted Upload of File with Dangerous Type', + status: 'Draft', + }, + { id: 'CWE-435', name: 'Interaction Error', status: 'Draft' }, + { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, + { + id: 'CWE-437', + name: 'Incomplete Model of Endpoint Features', + status: 'Incomplete', + }, + { + id: 'CWE-439', + name: 'Behavioral Change in New Version or Environment', + status: 'Draft', + }, + { + id: 'CWE-44', + name: "Path Equivalence: 'file.name' (Internal Dot)", + status: 'Incomplete', + }, + { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, + { + id: 'CWE-441', + name: "Unintended Proxy or Intermediary ('Confused Deputy')", + status: 'Draft', + }, + { + id: 'CWE-443', + name: 'DEPRECATED (Duplicate): HTTP response splitting', + status: 'Deprecated', + }, + { + id: 'CWE-444', + name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')", + status: 'Incomplete', + }, + { + id: 'CWE-446', + name: 'UI Discrepancy for Security Feature', + status: 'Incomplete', + }, + { + id: 'CWE-447', + name: 'Unimplemented or Unsupported Feature in UI', + status: 'Draft', + }, + { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, + { + id: 'CWE-449', + name: 'The UI Performs the Wrong Action', + status: 'Incomplete', + }, + { + id: 'CWE-45', + name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-450', + name: 'Multiple Interpretations of UI Input', + status: 'Draft', + }, + { + id: 'CWE-451', + name: 'User Interface (UI) Misrepresentation of Critical Information', + status: 'Draft', + }, + { + id: 'CWE-453', + name: 'Insecure Default Variable Initialization', + status: 'Draft', + }, + { + id: 'CWE-454', + name: 'External Initialization of Trusted Variables or Data Stores', + status: 'Draft', + }, + { + id: 'CWE-455', + name: 'Non-exit on Failed Initialization', + status: 'Draft', + }, + { + id: 'CWE-456', + name: 'Missing Initialization of a Variable', + status: 'Draft', + }, + { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, + { + id: 'CWE-458', + name: 'DEPRECATED: Incorrect Initialization', + status: 'Deprecated', + }, + { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, + { + id: 'CWE-46', + name: "Path Equivalence: 'filename ' (Trailing Space)", + status: 'Incomplete', + }, + { + id: 'CWE-460', + name: 'Improper Cleanup on Thrown Exception', + status: 'Draft', + }, + { + id: 'CWE-462', + name: 'Duplicate Key in Associative List (Alist)', + status: 'Incomplete', + }, + { + id: 'CWE-463', + name: 'Deletion of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-464', + name: 'Addition of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-466', + name: 'Return of Pointer Value Outside of Expected Range', + status: 'Draft', + }, + { + id: 'CWE-467', + name: 'Use of sizeof() on a Pointer Type', + status: 'Draft', + }, + { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, + { + id: 'CWE-469', + name: 'Use of Pointer Subtraction to Determine Size', + status: 'Draft', + }, + { + id: 'CWE-47', + name: "Path Equivalence: ' filename' (Leading Space)", + status: 'Incomplete', + }, + { + id: 'CWE-470', + name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", + status: 'Draft', + }, + { + id: 'CWE-471', + name: 'Modification of Assumed-Immutable Data (MAID)', + status: 'Draft', + }, + { + id: 'CWE-472', + name: 'External Control of Assumed-Immutable Web Parameter', + status: 'Draft', + }, + { + id: 'CWE-473', + name: 'PHP External Variable Modification', + status: 'Draft', + }, + { + id: 'CWE-474', + name: 'Use of Function with Inconsistent Implementations', + status: 'Draft', + }, + { + id: 'CWE-475', + name: 'Undefined Behavior for Input to API', + status: 'Incomplete', + }, + { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Draft' }, + { id: 'CWE-477', name: 'Use of Obsolete Functions', status: 'Draft' }, + { + id: 'CWE-478', + name: 'Missing Default Case in Switch Statement', + status: 'Draft', + }, + { + id: 'CWE-479', + name: 'Signal Handler Use of a Non-reentrant Function', + status: 'Draft', + }, + { + id: 'CWE-48', + name: "Path Equivalence: 'file name' (Internal Whitespace)", + status: 'Incomplete', + }, + { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, + { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, + { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, + { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, + { + id: 'CWE-484', + name: 'Omitted Break Statement in Switch', + status: 'Draft', + }, + { id: 'CWE-485', name: 'Insufficient Encapsulation', status: 'Draft' }, + { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, + { + id: 'CWE-487', + name: 'Reliance on Package-level Scope', + status: 'Incomplete', + }, + { + id: 'CWE-488', + name: 'Exposure of Data Element to Wrong Session', + status: 'Draft', + }, + { id: 'CWE-489', name: 'Leftover Debug Code', status: 'Draft' }, + { + id: 'CWE-49', + name: "Path Equivalence: 'filename/' (Trailing Slash)", + status: 'Incomplete', + }, + { + id: 'CWE-491', + name: "Public cloneable() Method Without Final ('Object Hijack')", + status: 'Draft', + }, + { + id: 'CWE-492', + name: 'Use of Inner Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-493', + name: 'Critical Public Variable Without Final Modifier', + status: 'Draft', + }, + { + id: 'CWE-494', + name: 'Download of Code Without Integrity Check', + status: 'Draft', + }, + { + id: 'CWE-495', + name: 'Private Array-Typed Field Returned From A Public Method', + status: 'Draft', + }, + { + id: 'CWE-496', + name: 'Public Data Assigned to Private Array-Typed Field', + status: 'Incomplete', + }, + { + id: 'CWE-497', + name: 'Exposure of System Data to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-498', + name: 'Cloneable Class Containing Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-499', + name: 'Serializable Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-5', + name: 'J2EE Misconfiguration: Data Transmission Without Encryption', + status: 'Draft', + }, + { + id: 'CWE-50', + name: "Path Equivalence: '//multiple/leading/slash'", + status: 'Incomplete', + }, + { + id: 'CWE-500', + name: 'Public Static Field Not Marked Final', + status: 'Draft', + }, + { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, + { + id: 'CWE-502', + name: 'Deserialization of Untrusted Data', + status: 'Draft', + }, + { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, + { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, + { + id: 'CWE-508', + name: 'Non-Replicating Malicious Code', + status: 'Incomplete', + }, + { + id: 'CWE-509', + name: 'Replicating Malicious Code (Virus or Worm)', + status: 'Incomplete', + }, + { + id: 'CWE-51', + name: "Path Equivalence: '/multiple//internal/slash'", + status: 'Incomplete', + }, + { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, + { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, + { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, + { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, + { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, + { + id: 'CWE-516', + name: 'DEPRECATED (Duplicate): Covert Timing Channel', + status: 'Deprecated', + }, + { + id: 'CWE-52', + name: "Path Equivalence: '/multiple/trailing/slash//'", + status: 'Incomplete', + }, + { + id: 'CWE-520', + name: '.NET Misconfiguration: Use of Impersonation', + status: 'Incomplete', + }, + { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, + { + id: 'CWE-522', + name: 'Insufficiently Protected Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-523', + name: 'Unprotected Transport of Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-524', + name: 'Information Exposure Through Caching', + status: 'Incomplete', + }, + { + id: 'CWE-525', + name: 'Information Exposure Through Browser Caching', + status: 'Incomplete', + }, + { + id: 'CWE-526', + name: 'Information Exposure Through Environmental Variables', + status: 'Incomplete', + }, + { + id: 'CWE-527', + name: 'Exposure of CVS Repository to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-528', + name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', + status: 'Draft', + }, + { + id: 'CWE-529', + name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-53', + name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", + status: 'Incomplete', + }, + { + id: 'CWE-530', + name: 'Exposure of Backup File to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-531', + name: 'Information Exposure Through Test Code', + status: 'Incomplete', + }, + { + id: 'CWE-532', + name: 'Information Exposure Through Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-533', + name: 'Information Exposure Through Server Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-534', + name: 'Information Exposure Through Debug Log Files', + status: 'Draft', + }, + { + id: 'CWE-535', + name: 'Information Exposure Through Shell Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-536', + name: 'Information Exposure Through Servlet Runtime Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-537', + name: 'Information Exposure Through Java Runtime Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-538', + name: 'File and Directory Information Exposure', + status: 'Draft', + }, + { + id: 'CWE-539', + name: 'Information Exposure Through Persistent Cookies', + status: 'Incomplete', + }, + { + id: 'CWE-54', + name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", + status: 'Incomplete', + }, + { + id: 'CWE-540', + name: 'Information Exposure Through Source Code', + status: 'Incomplete', + }, + { + id: 'CWE-541', + name: 'Information Exposure Through Include Source Code', + status: 'Incomplete', + }, + { + id: 'CWE-542', + name: 'Information Exposure Through Cleanup Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-543', + name: 'Use of Singleton Pattern Without Synchronization in a Multithreaded Context', + status: 'Incomplete', + }, + { + id: 'CWE-544', + name: 'Missing Standardized Error Handling Mechanism', + status: 'Draft', + }, + { + id: 'CWE-545', + name: 'Use of Dynamic Class Loading', + status: 'Incomplete', + }, + { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, + { + id: 'CWE-547', + name: 'Use of Hard-coded, Security-relevant Constants', + status: 'Draft', + }, + { + id: 'CWE-548', + name: 'Information Exposure Through Directory Listing', + status: 'Draft', + }, + { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, + { + id: 'CWE-55', + name: "Path Equivalence: '/./' (Single Dot Directory)", + status: 'Incomplete', + }, + { + id: 'CWE-550', + name: 'Information Exposure Through Server Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-551', + name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', + status: 'Incomplete', + }, + { + id: 'CWE-552', + name: 'Files or Directories Accessible to External Parties', + status: 'Draft', + }, + { + id: 'CWE-553', + name: 'Command Shell in Externally Accessible Directory', + status: 'Incomplete', + }, + { + id: 'CWE-554', + name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', + status: 'Draft', + }, + { + id: 'CWE-555', + name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-556', + name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', + status: 'Incomplete', + }, + { + id: 'CWE-558', + name: 'Use of getlogin() in Multithreaded Application', + status: 'Draft', + }, + { + id: 'CWE-56', + name: "Path Equivalence: 'filedir*' (Wildcard)", + status: 'Incomplete', + }, + { + id: 'CWE-560', + name: 'Use of umask() with chmod-style Argument', + status: 'Draft', + }, + { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, + { + id: 'CWE-562', + name: 'Return of Stack Variable Address', + status: 'Draft', + }, + { + id: 'CWE-563', + name: "Assignment to Variable without Use ('Unused Variable')", + status: 'Draft', + }, + { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, + { + id: 'CWE-565', + name: 'Reliance on Cookies without Validation and Integrity Checking', + status: 'Incomplete', + }, + { + id: 'CWE-566', + name: 'Authorization Bypass Through User-Controlled SQL Primary Key', + status: 'Incomplete', + }, + { + id: 'CWE-567', + name: 'Unsynchronized Access to Shared Data in a Multithreaded Context', + status: 'Draft', + }, + { + id: 'CWE-568', + name: 'finalize() Method Without super.finalize()', + status: 'Draft', + }, + { + id: 'CWE-57', + name: "Path Equivalence: 'fakedir/../realdir/filename'", + status: 'Incomplete', + }, + { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, + { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, + { + id: 'CWE-572', + name: 'Call to Thread run() instead of start()', + status: 'Draft', + }, + { + id: 'CWE-573', + name: 'Improper Following of Specification by Caller', + status: 'Draft', + }, + { + id: 'CWE-574', + name: 'EJB Bad Practices: Use of Synchronization Primitives', + status: 'Draft', + }, + { + id: 'CWE-575', + name: 'EJB Bad Practices: Use of AWT Swing', + status: 'Draft', + }, + { + id: 'CWE-576', + name: 'EJB Bad Practices: Use of Java I/O', + status: 'Draft', + }, + { + id: 'CWE-577', + name: 'EJB Bad Practices: Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-578', + name: 'EJB Bad Practices: Use of Class Loader', + status: 'Draft', + }, + { + id: 'CWE-579', + name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', + status: 'Draft', + }, + { + id: 'CWE-58', + name: 'Path Equivalence: Windows 8.3 Filename', + status: 'Incomplete', + }, + { + id: 'CWE-580', + name: 'clone() Method Without super.clone()', + status: 'Draft', + }, + { + id: 'CWE-581', + name: 'Object Model Violation: Just One of Equals and Hashcode Defined', + status: 'Draft', + }, + { + id: 'CWE-582', + name: 'Array Declared Public, Final, and Static', + status: 'Draft', + }, + { + id: 'CWE-583', + name: 'finalize() Method Declared Public', + status: 'Incomplete', + }, + { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, + { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, + { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, + { + id: 'CWE-587', + name: 'Assignment of a Fixed Address to a Pointer', + status: 'Draft', + }, + { + id: 'CWE-588', + name: 'Attempt to Access Child of a Non-structure Pointer', + status: 'Incomplete', + }, + { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, + { + id: 'CWE-59', + name: "Improper Link Resolution Before File Access ('Link Following')", + status: 'Draft', + }, + { + id: 'CWE-590', + name: 'Free of Memory not on the Heap', + status: 'Incomplete', + }, + { + id: 'CWE-591', + name: 'Sensitive Data Storage in Improperly Locked Memory', + status: 'Draft', + }, + { + id: 'CWE-592', + name: 'Authentication Bypass Issues', + status: 'Incomplete', + }, + { + id: 'CWE-593', + name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', + status: 'Draft', + }, + { + id: 'CWE-594', + name: 'J2EE Framework: Saving Unserializable Objects to Disk', + status: 'Incomplete', + }, + { + id: 'CWE-595', + name: 'Comparison of Object References Instead of Object Contents', + status: 'Incomplete', + }, + { + id: 'CWE-596', + name: 'Incorrect Semantic Object Comparison', + status: 'Incomplete', + }, + { + id: 'CWE-597', + name: 'Use of Wrong Operator in String Comparison', + status: 'Draft', + }, + { + id: 'CWE-598', + name: 'Information Exposure Through Query Strings in GET Request', + status: 'Draft', + }, + { + id: 'CWE-599', + name: 'Missing Validation of OpenSSL Certificate', + status: 'Incomplete', + }, + { + id: 'CWE-6', + name: 'J2EE Misconfiguration: Insufficient Session-ID Length', + status: 'Incomplete', + }, + { id: 'CWE-600', name: 'Uncaught Exception in Servlet ', status: 'Draft' }, + { + id: 'CWE-601', + name: "URL Redirection to Untrusted Site ('Open Redirect')", + status: 'Draft', + }, + { + id: 'CWE-602', + name: 'Client-Side Enforcement of Server-Side Security', + status: 'Draft', + }, + { + id: 'CWE-603', + name: 'Use of Client-Side Authentication', + status: 'Draft', + }, + { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, + { + id: 'CWE-606', + name: 'Unchecked Input for Loop Condition', + status: 'Draft', + }, + { + id: 'CWE-607', + name: 'Public Static Final Field References Mutable Object', + status: 'Draft', + }, + { + id: 'CWE-608', + name: 'Struts: Non-private Field in ActionForm Class', + status: 'Draft', + }, + { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, + { + id: 'CWE-610', + name: 'Externally Controlled Reference to a Resource in Another Sphere', + status: 'Draft', + }, + { + id: 'CWE-611', + name: "Improper Restriction of XML External Entity Reference ('XXE')", + status: 'Draft', + }, + { + id: 'CWE-612', + name: 'Information Exposure Through Indexing of Private Data', + status: 'Draft', + }, + { + id: 'CWE-613', + name: 'Insufficient Session Expiration', + status: 'Incomplete', + }, + { + id: 'CWE-614', + name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", + status: 'Draft', + }, + { + id: 'CWE-615', + name: 'Information Exposure Through Comments', + status: 'Incomplete', + }, + { + id: 'CWE-616', + name: 'Incomplete Identification of Uploaded File Variables (PHP)', + status: 'Incomplete', + }, + { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, + { + id: 'CWE-618', + name: 'Exposed Unsafe ActiveX Method', + status: 'Incomplete', + }, + { + id: 'CWE-619', + name: "Dangling Database Cursor ('Cursor Injection')", + status: 'Incomplete', + }, + { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, + { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, + { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, + { + id: 'CWE-622', + name: 'Improper Validation of Function Hook Arguments', + status: 'Draft', + }, + { + id: 'CWE-623', + name: 'Unsafe ActiveX Control Marked Safe For Scripting', + status: 'Draft', + }, + { + id: 'CWE-624', + name: 'Executable Regular Expression Error', + status: 'Incomplete', + }, + { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, + { + id: 'CWE-626', + name: 'Null Byte Interaction Error (Poison Null Byte)', + status: 'Draft', + }, + { + id: 'CWE-627', + name: 'Dynamic Variable Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-628', + name: 'Function Call with Incorrectly Specified Arguments', + status: 'Draft', + }, + { + id: 'CWE-636', + name: "Not Failing Securely ('Failing Open')", + status: 'Draft', + }, + { + id: 'CWE-637', + name: "Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')", + status: 'Draft', + }, + { id: 'CWE-638', name: 'Not Using Complete Mediation', status: 'Draft' }, + { + id: 'CWE-639', + name: 'Authorization Bypass Through User-Controlled Key', + status: 'Incomplete', + }, + { + id: 'CWE-64', + name: 'Windows Shortcut Following (.LNK)', + status: 'Incomplete', + }, + { + id: 'CWE-640', + name: 'Weak Password Recovery Mechanism for Forgotten Password', + status: 'Incomplete', + }, + { + id: 'CWE-641', + name: 'Improper Restriction of Names for Files and Other Resources', + status: 'Incomplete', + }, + { + id: 'CWE-642', + name: 'External Control of Critical State Data', + status: 'Draft', + }, + { + id: 'CWE-643', + name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-644', + name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', + status: 'Incomplete', + }, + { + id: 'CWE-645', + name: 'Overly Restrictive Account Lockout Mechanism', + status: 'Incomplete', + }, + { + id: 'CWE-646', + name: 'Reliance on File Name or Extension of Externally-Supplied File', + status: 'Incomplete', + }, + { + id: 'CWE-647', + name: 'Use of Non-Canonical URL Paths for Authorization Decisions', + status: 'Incomplete', + }, + { + id: 'CWE-648', + name: 'Incorrect Use of Privileged APIs', + status: 'Incomplete', + }, + { + id: 'CWE-649', + name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', + status: 'Incomplete', + }, + { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, + { + id: 'CWE-650', + name: 'Trusting HTTP Permission Methods on the Server Side', + status: 'Incomplete', + }, + { + id: 'CWE-651', + name: 'Information Exposure Through WSDL File', + status: 'Incomplete', + }, + { + id: 'CWE-652', + name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-653', + name: 'Insufficient Compartmentalization', + status: 'Draft', + }, + { + id: 'CWE-654', + name: 'Reliance on a Single Factor in a Security Decision', + status: 'Draft', + }, + { + id: 'CWE-655', + name: 'Insufficient Psychological Acceptability', + status: 'Draft', + }, + { + id: 'CWE-656', + name: 'Reliance on Security Through Obscurity', + status: 'Draft', + }, + { + id: 'CWE-657', + name: 'Violation of Secure Design Principles', + status: 'Draft', + }, + { + id: 'CWE-66', + name: 'Improper Handling of File Names that Identify Virtual Resources', + status: 'Draft', + }, + { id: 'CWE-662', name: 'Improper Synchronization', status: 'Draft' }, + { + id: 'CWE-663', + name: 'Use of a Non-reentrant Function in a Concurrent Context', + status: 'Draft', + }, + { + id: 'CWE-664', + name: 'Improper Control of a Resource Through its Lifetime', + status: 'Draft', + }, + { id: 'CWE-665', name: 'Improper Initialization', status: 'Draft' }, + { + id: 'CWE-666', + name: 'Operation on Resource in Wrong Phase of Lifetime', + status: 'Draft', + }, + { id: 'CWE-667', name: 'Improper Locking', status: 'Draft' }, + { + id: 'CWE-668', + name: 'Exposure of Resource to Wrong Sphere', + status: 'Draft', + }, + { + id: 'CWE-669', + name: 'Incorrect Resource Transfer Between Spheres', + status: 'Draft', + }, + { + id: 'CWE-67', + name: 'Improper Handling of Windows Device Names', + status: 'Incomplete', + }, + { + id: 'CWE-670', + name: 'Always-Incorrect Control Flow Implementation', + status: 'Draft', + }, + { + id: 'CWE-671', + name: 'Lack of Administrator Control over Security', + status: 'Draft', + }, + { + id: 'CWE-672', + name: 'Operation on a Resource after Expiration or Release', + status: 'Draft', + }, + { + id: 'CWE-673', + name: 'External Influence of Sphere Definition', + status: 'Draft', + }, + { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, + { + id: 'CWE-675', + name: 'Duplicate Operations on Resource', + status: 'Draft', + }, + { + id: 'CWE-676', + name: 'Use of Potentially Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-681', + name: 'Incorrect Conversion between Numeric Types', + status: 'Draft', + }, + { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, + { + id: 'CWE-683', + name: 'Function Call With Incorrect Order of Arguments', + status: 'Draft', + }, + { + id: 'CWE-684', + name: 'Incorrect Provision of Specified Functionality', + status: 'Draft', + }, + { + id: 'CWE-685', + name: 'Function Call With Incorrect Number of Arguments', + status: 'Draft', + }, + { + id: 'CWE-686', + name: 'Function Call With Incorrect Argument Type', + status: 'Draft', + }, + { + id: 'CWE-687', + name: 'Function Call With Incorrectly Specified Argument Value', + status: 'Draft', + }, + { + id: 'CWE-688', + name: 'Function Call With Incorrect Variable or Reference as Argument', + status: 'Draft', + }, + { + id: 'CWE-69', + name: 'Improper Handling of Windows ::DATA Alternate Data Stream', + status: 'Incomplete', + }, + { + id: 'CWE-691', + name: 'Insufficient Control Flow Management', + status: 'Draft', + }, + { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, + { + id: 'CWE-694', + name: 'Use of Multiple Resources with Duplicate Identifier', + status: 'Incomplete', + }, + { + id: 'CWE-695', + name: 'Use of Low-Level Functionality', + status: 'Incomplete', + }, + { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, + { id: 'CWE-697', name: 'Insufficient Comparison', status: 'Incomplete' }, + { + id: 'CWE-698', + name: 'Execution After Redirect (EAR)', + status: 'Incomplete', + }, + { + id: 'CWE-7', + name: 'J2EE Misconfiguration: Missing Custom Error Page', + status: 'Incomplete', + }, + { + id: 'CWE-703', + name: 'Improper Check or Handling of Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-704', + name: 'Incorrect Type Conversion or Cast', + status: 'Incomplete', + }, + { + id: 'CWE-705', + name: 'Incorrect Control Flow Scoping', + status: 'Incomplete', + }, + { + id: 'CWE-706', + name: 'Use of Incorrectly-Resolved Name or Reference', + status: 'Incomplete', + }, + { + id: 'CWE-707', + name: 'Improper Enforcement of Message or Data Structure', + status: 'Incomplete', + }, + { + id: 'CWE-708', + name: 'Incorrect Ownership Assignment', + status: 'Incomplete', + }, + { id: 'CWE-71', name: "Apple '.DS_Store'", status: 'Incomplete' }, + { id: 'CWE-710', name: 'Coding Standards Violation', status: 'Incomplete' }, + { + id: 'CWE-72', + name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', + status: 'Incomplete', + }, + { + id: 'CWE-73', + name: 'External Control of File Name or Path', + status: 'Draft', + }, + { + id: 'CWE-732', + name: 'Incorrect Permission Assignment for Critical Resource', + status: 'Draft', + }, + { + id: 'CWE-733', + name: 'Compiler Optimization Removal or Modification of Security-critical Code', + status: 'Incomplete', + }, + { + id: 'CWE-74', + name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-749', + name: 'Exposed Dangerous Method or Function', + status: 'Incomplete', + }, + { + id: 'CWE-75', + name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', + status: 'Draft', + }, + { + id: 'CWE-754', + name: 'Improper Check for Unusual or Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-755', + name: 'Improper Handling of Exceptional Conditions', + status: 'Incomplete', + }, + { id: 'CWE-756', name: 'Missing Custom Error Page', status: 'Incomplete' }, + { + id: 'CWE-757', + name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", + status: 'Incomplete', + }, + { + id: 'CWE-758', + name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', + status: 'Incomplete', + }, + { + id: 'CWE-759', + name: 'Use of a One-Way Hash without a Salt', + status: 'Incomplete', + }, + { + id: 'CWE-76', + name: 'Improper Neutralization of Equivalent Special Elements', + status: 'Draft', + }, + { + id: 'CWE-760', + name: 'Use of a One-Way Hash with a Predictable Salt', + status: 'Incomplete', + }, + { + id: 'CWE-761', + name: 'Free of Pointer not at Start of Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-762', + name: 'Mismatched Memory Management Routines', + status: 'Incomplete', + }, + { + id: 'CWE-763', + name: 'Release of Invalid Pointer or Reference', + status: 'Incomplete', + }, + { + id: 'CWE-764', + name: 'Multiple Locks of a Critical Resource', + status: 'Incomplete', + }, + { + id: 'CWE-765', + name: 'Multiple Unlocks of a Critical Resource', + status: 'Incomplete', + }, + { + id: 'CWE-766', + name: 'Critical Variable Declared Public', + status: 'Incomplete', + }, + { + id: 'CWE-767', + name: 'Access to Critical Private Variable via Public Method', + status: 'Incomplete', + }, + { + id: 'CWE-768', + name: 'Incorrect Short Circuit Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-77', + name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", + status: 'Draft', + }, + { + id: 'CWE-770', + name: 'Allocation of Resources Without Limits or Throttling', + status: 'Incomplete', + }, + { + id: 'CWE-771', + name: 'Missing Reference to Active Allocated Resource', + status: 'Incomplete', + }, + { + id: 'CWE-772', + name: 'Missing Release of Resource after Effective Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-773', + name: 'Missing Reference to Active File Descriptor or Handle', + status: 'Incomplete', + }, + { + id: 'CWE-774', + name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', + status: 'Incomplete', + }, + { + id: 'CWE-775', + name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-776', + name: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", + status: 'Draft', + }, + { + id: 'CWE-777', + name: 'Regular Expression without Anchors', + status: 'Incomplete', + }, + { id: 'CWE-778', name: 'Insufficient Logging', status: 'Draft' }, + { id: 'CWE-779', name: 'Logging of Excessive Data', status: 'Draft' }, + { + id: 'CWE-78', + name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", + status: 'Draft', + }, + { + id: 'CWE-780', + name: 'Use of RSA Algorithm without OAEP', + status: 'Incomplete', + }, + { + id: 'CWE-781', + name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', + status: 'Draft', + }, + { + id: 'CWE-782', + name: 'Exposed IOCTL with Insufficient Access Control', + status: 'Draft', + }, + { id: 'CWE-783', name: 'Operator Precedence Logic Error', status: 'Draft' }, + { + id: 'CWE-784', + name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', + status: 'Draft', + }, + { + id: 'CWE-785', + name: 'Use of Path Manipulation Function without Maximum-sized Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-786', + name: 'Access of Memory Location Before Start of Buffer', + status: 'Incomplete', + }, + { id: 'CWE-787', name: 'Out-of-bounds Write', status: 'Incomplete' }, + { + id: 'CWE-788', + name: 'Access of Memory Location After End of Buffer', + status: 'Incomplete', + }, + { id: 'CWE-789', name: 'Uncontrolled Memory Allocation', status: 'Draft' }, + { + id: 'CWE-79', + name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + status: 'Usable', + }, + { + id: 'CWE-790', + name: 'Improper Filtering of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-791', + name: 'Incomplete Filtering of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-792', + name: 'Incomplete Filtering of One or More Instances of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-793', + name: 'Only Filtering One Instance of a Special Element', + status: 'Incomplete', + }, + { + id: 'CWE-794', + name: 'Incomplete Filtering of Multiple Instances of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-795', + name: 'Only Filtering Special Elements at a Specified Location', + status: 'Incomplete', + }, + { + id: 'CWE-796', + name: 'Only Filtering Special Elements Relative to a Marker', + status: 'Incomplete', + }, + { + id: 'CWE-797', + name: 'Only Filtering Special Elements at an Absolute Position', + status: 'Incomplete', + }, + { + id: 'CWE-798', + name: 'Use of Hard-coded Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-799', + name: 'Improper Control of Interaction Frequency', + status: 'Incomplete', + }, + { + id: 'CWE-8', + name: 'J2EE Misconfiguration: Entity Bean Declared Remote', + status: 'Incomplete', + }, + { + id: 'CWE-80', + name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', + status: 'Incomplete', + }, + { id: 'CWE-804', name: 'Guessable CAPTCHA', status: 'Incomplete' }, + { + id: 'CWE-805', + name: 'Buffer Access with Incorrect Length Value', + status: 'Incomplete', + }, + { + id: 'CWE-806', + name: 'Buffer Access Using Size of Source Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-807', + name: 'Reliance on Untrusted Inputs in a Security Decision', + status: 'Incomplete', + }, + { + id: 'CWE-81', + name: 'Improper Neutralization of Script in an Error Message Web Page', + status: 'Incomplete', + }, + { + id: 'CWE-82', + name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', + status: 'Incomplete', + }, + { id: 'CWE-820', name: 'Missing Synchronization', status: 'Incomplete' }, + { id: 'CWE-821', name: 'Incorrect Synchronization', status: 'Incomplete' }, + { + id: 'CWE-822', + name: 'Untrusted Pointer Dereference', + status: 'Incomplete', + }, + { + id: 'CWE-823', + name: 'Use of Out-of-range Pointer Offset', + status: 'Incomplete', + }, + { + id: 'CWE-824', + name: 'Access of Uninitialized Pointer', + status: 'Incomplete', + }, + { + id: 'CWE-825', + name: 'Expired Pointer Dereference', + status: 'Incomplete', + }, + { + id: 'CWE-826', + name: 'Premature Release of Resource During Expected Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-827', + name: 'Improper Control of Document Type Definition', + status: 'Incomplete', + }, + { + id: 'CWE-828', + name: 'Signal Handler with Functionality that is not Asynchronous-Safe', + status: 'Incomplete', + }, + { + id: 'CWE-829', + name: 'Inclusion of Functionality from Untrusted Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-83', + name: 'Improper Neutralization of Script in Attributes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-830', + name: 'Inclusion of Web Functionality from an Untrusted Source', + status: 'Incomplete', + }, + { + id: 'CWE-831', + name: 'Signal Handler Function Associated with Multiple Signals', + status: 'Incomplete', + }, + { + id: 'CWE-832', + name: 'Unlock of a Resource that is not Locked', + status: 'Incomplete', + }, + { id: 'CWE-833', name: 'Deadlock', status: 'Incomplete' }, + { id: 'CWE-834', name: 'Excessive Iteration', status: 'Incomplete' }, + { + id: 'CWE-835', + name: "Loop with Unreachable Exit Condition ('Infinite Loop')", + status: 'Incomplete', + }, + { + id: 'CWE-836', + name: 'Use of Password Hash Instead of Password for Authentication', + status: 'Incomplete', + }, + { + id: 'CWE-837', + name: 'Improper Enforcement of a Single, Unique Action', + status: 'Incomplete', + }, + { + id: 'CWE-838', + name: 'Inappropriate Encoding for Output Context', + status: 'Incomplete', + }, + { + id: 'CWE-839', + name: 'Numeric Range Comparison Without Minimum Check', + status: 'Incomplete', + }, + { + id: 'CWE-84', + name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-841', + name: 'Improper Enforcement of Behavioral Workflow', + status: 'Incomplete', + }, + { + id: 'CWE-842', + name: 'Placement of User into Incorrect Group', + status: 'Incomplete', + }, + { + id: 'CWE-843', + name: "Access of Resource Using Incompatible Type ('Type Confusion')", + status: 'Incomplete', + }, + { + id: 'CWE-85', + name: 'Doubled Character XSS Manipulations', + status: 'Draft', + }, + { + id: 'CWE-86', + name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', + status: 'Draft', + }, + { id: 'CWE-862', name: 'Missing Authorization', status: 'Incomplete' }, + { id: 'CWE-863', name: 'Incorrect Authorization', status: 'Incomplete' }, + { + id: 'CWE-87', + name: 'Improper Neutralization of Alternate XSS Syntax', + status: 'Draft', + }, + { + id: 'CWE-88', + name: 'Argument Injection or Modification', + status: 'Draft', + }, + { + id: 'CWE-89', + name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + status: 'Draft', + }, + { + id: 'CWE-9', + name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', + status: 'Draft', + }, + { + id: 'CWE-90', + name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", + status: 'Draft', + }, + { + id: 'CWE-908', + name: 'Use of Uninitialized Resource', + status: 'Incomplete', + }, + { + id: 'CWE-909', + name: 'Missing Initialization of Resource', + status: 'Incomplete', + }, + { + id: 'CWE-91', + name: 'XML Injection (aka Blind XPath Injection)', + status: 'Draft', + }, + { + id: 'CWE-910', + name: 'Use of Expired File Descriptor', + status: 'Incomplete', + }, + { + id: 'CWE-911', + name: 'Improper Update of Reference Count', + status: 'Incomplete', + }, + { id: 'CWE-912', name: 'Hidden Functionality', status: 'Incomplete' }, + { + id: 'CWE-913', + name: 'Improper Control of Dynamically-Managed Code Resources', + status: 'Incomplete', + }, + { + id: 'CWE-914', + name: 'Improper Control of Dynamically-Identified Variables', + status: 'Incomplete', + }, + { + id: 'CWE-915', + name: 'Improperly Controlled Modification of Dynamically-Determined Object Attributes', + status: 'Incomplete', + }, + { + id: 'CWE-916', + name: 'Use of Password Hash With Insufficient Computational Effort', + status: 'Incomplete', + }, + { + id: 'CWE-917', + name: "Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-918', + name: 'Server-Side Request Forgery (SSRF)', + status: 'Incomplete', + }, + { + id: 'CWE-92', + name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', + status: 'Deprecated', + }, + { + id: 'CWE-920', + name: 'Improper Restriction of Power Consumption', + status: 'Incomplete', + }, + { + id: 'CWE-921', + name: 'Storage of Sensitive Data in a Mechanism without Access Control', + status: 'Incomplete', + }, + { + id: 'CWE-922', + name: 'Insecure Storage of Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-923', + name: 'Improper Restriction of Communication Channel to Intended Endpoints', + status: 'Incomplete', + }, + { + id: 'CWE-924', + name: 'Improper Enforcement of Message Integrity During Transmission in a Communication Channel', + status: 'Incomplete', + }, + { + id: 'CWE-925', + name: 'Improper Verification of Intent by Broadcast Receiver', + status: 'Incomplete', + }, + { + id: 'CWE-926', + name: 'Improper Export of Android Application Components', + status: 'Incomplete', + }, + { + id: 'CWE-927', + name: 'Use of Implicit Intent for Sensitive Communication', + status: 'Incomplete', + }, + { + id: 'CWE-93', + name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", + status: 'Draft', + }, + { + id: 'CWE-939', + name: 'Improper Authorization in Handler for Custom URL Scheme', + status: 'Incomplete', + }, + { + id: 'CWE-94', + name: "Improper Control of Generation of Code ('Code Injection')", + status: 'Draft', + }, + { + id: 'CWE-940', + name: 'Improper Verification of Source of a Communication Channel', + status: 'Incomplete', + }, + { + id: 'CWE-941', + name: 'Incorrectly Specified Destination in a Communication Channel', + status: 'Incomplete', + }, + { + id: 'CWE-942', + name: 'Overly Permissive Cross-domain Whitelist', + status: 'Incomplete', + }, + { + id: 'CWE-943', + name: 'Improper Neutralization of Special Elements in Data Query Logic', + status: 'Incomplete', + }, + { + id: 'CWE-95', + name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-96', + name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", + status: 'Draft', + }, + { + id: 'CWE-97', + name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', + status: 'Draft', + }, + { + id: 'CWE-98', + name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", + status: 'Draft', + }, + { + id: 'CWE-99', + name: "Improper Control of Resource Identifiers ('Resource Injection')", + status: 'Draft', + }, + ], +} diff --git a/lib/cwec/3.0.js b/lib/cwec/3.0.js new file mode 100644 index 00000000..e598e4e5 --- /dev/null +++ b/lib/cwec/3.0.js @@ -0,0 +1,3079 @@ +export default { + date: '2017-11-08', + weaknesses: [ + { + id: 'CWE-1004', + name: "Sensitive Cookie Without 'HttpOnly' Flag", + status: 'Incomplete', + }, + { + id: 'CWE-1007', + name: 'Insufficient Visual Distinction of Homoglyphs Presented to User', + status: 'Incomplete', + }, + { + id: 'CWE-1021', + name: 'Improper Restriction of Rendered UI Layers or Frames', + status: 'Incomplete', + }, + { + id: 'CWE-1022', + name: 'Improper Restriction of Cross-Origin Permission to window.opener.location', + status: 'Draft', + }, + { + id: 'CWE-102', + name: 'Struts: Duplicate Validation Forms', + status: 'Incomplete', + }, + { + id: 'CWE-103', + name: 'Struts: Incomplete validate() Method Definition', + status: 'Draft', + }, + { + id: 'CWE-104', + name: 'Struts: Form Bean Does Not Extend Validation Class', + status: 'Draft', + }, + { + id: 'CWE-105', + name: 'Struts: Form Field Without Validator', + status: 'Draft', + }, + { + id: 'CWE-106', + name: 'Struts: Plug-in Framework not in Use', + status: 'Draft', + }, + { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, + { + id: 'CWE-108', + name: 'Struts: Unvalidated Action Form', + status: 'Incomplete', + }, + { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, + { + id: 'CWE-110', + name: 'Struts: Validator Without Form Field', + status: 'Draft', + }, + { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, + { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, + { + id: 'CWE-113', + name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')", + status: 'Incomplete', + }, + { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, + { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, + { + id: 'CWE-116', + name: 'Improper Encoding or Escaping of Output', + status: 'Draft', + }, + { + id: 'CWE-117', + name: 'Improper Output Neutralization for Logs', + status: 'Draft', + }, + { + id: 'CWE-118', + name: "Incorrect Access of Indexable Resource ('Range Error')", + status: 'Incomplete', + }, + { + id: 'CWE-119', + name: 'Improper Restriction of Operations within the Bounds of a Memory Buffer', + status: 'Usable', + }, + { + id: 'CWE-11', + name: 'ASP.NET Misconfiguration: Creating Debug Binary', + status: 'Draft', + }, + { + id: 'CWE-120', + name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", + status: 'Incomplete', + }, + { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, + { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, + { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, + { + id: 'CWE-124', + name: "Buffer Underwrite ('Buffer Underflow')", + status: 'Incomplete', + }, + { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, + { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, + { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, + { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, + { + id: 'CWE-129', + name: 'Improper Validation of Array Index', + status: 'Draft', + }, + { + id: 'CWE-12', + name: 'ASP.NET Misconfiguration: Missing Custom Error Page', + status: 'Draft', + }, + { + id: 'CWE-130', + name: 'Improper Handling of Length Parameter Inconsistency ', + status: 'Incomplete', + }, + { + id: 'CWE-131', + name: 'Incorrect Calculation of Buffer Size', + status: 'Draft', + }, + { + id: 'CWE-132', + name: 'DEPRECATED (Duplicate): Miscalculated Null Termination', + status: 'Deprecated', + }, + { + id: 'CWE-134', + name: 'Use of Externally-Controlled Format String', + status: 'Draft', + }, + { + id: 'CWE-135', + name: 'Incorrect Calculation of Multi-Byte String Length', + status: 'Draft', + }, + { + id: 'CWE-138', + name: 'Improper Neutralization of Special Elements', + status: 'Draft', + }, + { + id: 'CWE-13', + name: 'ASP.NET Misconfiguration: Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-140', + name: 'Improper Neutralization of Delimiters', + status: 'Draft', + }, + { + id: 'CWE-141', + name: 'Improper Neutralization of Parameter/Argument Delimiters', + status: 'Draft', + }, + { + id: 'CWE-142', + name: 'Improper Neutralization of Value Delimiters', + status: 'Draft', + }, + { + id: 'CWE-143', + name: 'Improper Neutralization of Record Delimiters', + status: 'Draft', + }, + { + id: 'CWE-144', + name: 'Improper Neutralization of Line Delimiters', + status: 'Draft', + }, + { + id: 'CWE-145', + name: 'Improper Neutralization of Section Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-146', + name: 'Improper Neutralization of Expression/Command Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-147', + name: 'Improper Neutralization of Input Terminators', + status: 'Draft', + }, + { + id: 'CWE-148', + name: 'Improper Neutralization of Input Leaders', + status: 'Draft', + }, + { + id: 'CWE-149', + name: 'Improper Neutralization of Quoting Syntax', + status: 'Draft', + }, + { + id: 'CWE-14', + name: 'Compiler Removal of Code to Clear Buffers', + status: 'Draft', + }, + { + id: 'CWE-150', + name: 'Improper Neutralization of Escape, Meta, or Control Sequences', + status: 'Incomplete', + }, + { + id: 'CWE-151', + name: 'Improper Neutralization of Comment Delimiters', + status: 'Draft', + }, + { + id: 'CWE-152', + name: 'Improper Neutralization of Macro Symbols', + status: 'Draft', + }, + { + id: 'CWE-153', + name: 'Improper Neutralization of Substitution Characters', + status: 'Draft', + }, + { + id: 'CWE-154', + name: 'Improper Neutralization of Variable Name Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-155', + name: 'Improper Neutralization of Wildcards or Matching Symbols', + status: 'Draft', + }, + { + id: 'CWE-156', + name: 'Improper Neutralization of Whitespace', + status: 'Draft', + }, + { + id: 'CWE-157', + name: 'Failure to Sanitize Paired Delimiters', + status: 'Draft', + }, + { + id: 'CWE-158', + name: 'Improper Neutralization of Null Byte or NUL Character', + status: 'Incomplete', + }, + { + id: 'CWE-159', + name: 'Failure to Sanitize Special Element', + status: 'Draft', + }, + { + id: 'CWE-15', + name: 'External Control of System or Configuration Setting', + status: 'Incomplete', + }, + { + id: 'CWE-160', + name: 'Improper Neutralization of Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-161', + name: 'Improper Neutralization of Multiple Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-162', + name: 'Improper Neutralization of Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-163', + name: 'Improper Neutralization of Multiple Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-164', + name: 'Improper Neutralization of Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-165', + name: 'Improper Neutralization of Multiple Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-166', + name: 'Improper Handling of Missing Special Element', + status: 'Draft', + }, + { + id: 'CWE-167', + name: 'Improper Handling of Additional Special Element', + status: 'Draft', + }, + { + id: 'CWE-168', + name: 'Improper Handling of Inconsistent Special Elements', + status: 'Draft', + }, + { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, + { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, + { + id: 'CWE-173', + name: 'Improper Handling of Alternate Encoding', + status: 'Draft', + }, + { + id: 'CWE-174', + name: 'Double Decoding of the Same Data', + status: 'Draft', + }, + { + id: 'CWE-175', + name: 'Improper Handling of Mixed Encoding', + status: 'Draft', + }, + { + id: 'CWE-176', + name: 'Improper Handling of Unicode Encoding', + status: 'Draft', + }, + { + id: 'CWE-177', + name: 'Improper Handling of URL Encoding (Hex Encoding)', + status: 'Draft', + }, + { + id: 'CWE-178', + name: 'Improper Handling of Case Sensitivity', + status: 'Incomplete', + }, + { + id: 'CWE-179', + name: 'Incorrect Behavior Order: Early Validation', + status: 'Incomplete', + }, + { + id: 'CWE-180', + name: 'Incorrect Behavior Order: Validate Before Canonicalize', + status: 'Draft', + }, + { + id: 'CWE-181', + name: 'Incorrect Behavior Order: Validate Before Filter', + status: 'Draft', + }, + { + id: 'CWE-182', + name: 'Collapse of Data into Unsafe Value', + status: 'Draft', + }, + { id: 'CWE-183', name: 'Permissive Whitelist', status: 'Draft' }, + { id: 'CWE-184', name: 'Incomplete Blacklist', status: 'Draft' }, + { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, + { + id: 'CWE-186', + name: 'Overly Restrictive Regular Expression', + status: 'Draft', + }, + { id: 'CWE-187', name: 'Partial Comparison', status: 'Incomplete' }, + { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, + { + id: 'CWE-190', + name: 'Integer Overflow or Wraparound', + status: 'Incomplete', + }, + { + id: 'CWE-191', + name: 'Integer Underflow (Wrap or Wraparound)', + status: 'Draft', + }, + { id: 'CWE-192', name: 'Integer Coercion Error', status: 'Incomplete' }, + { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, + { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, + { + id: 'CWE-195', + name: 'Signed to Unsigned Conversion Error', + status: 'Draft', + }, + { + id: 'CWE-196', + name: 'Unsigned to Signed Conversion Error', + status: 'Draft', + }, + { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, + { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, + { id: 'CWE-200', name: 'Information Exposure', status: 'Incomplete' }, + { + id: 'CWE-201', + name: 'Information Exposure Through Sent Data', + status: 'Draft', + }, + { + id: 'CWE-202', + name: 'Exposure of Sensitive Data Through Data Queries', + status: 'Draft', + }, + { + id: 'CWE-203', + name: 'Information Exposure Through Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-204', + name: 'Response Discrepancy Information Exposure', + status: 'Incomplete', + }, + { + id: 'CWE-205', + name: 'Information Exposure Through Behavioral Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-206', + name: 'Information Exposure of Internal State Through Behavioral Inconsistency', + status: 'Incomplete', + }, + { + id: 'CWE-207', + name: 'Information Exposure Through an External Behavioral Inconsistency', + status: 'Draft', + }, + { + id: 'CWE-208', + name: 'Information Exposure Through Timing Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-209', + name: 'Information Exposure Through an Error Message', + status: 'Draft', + }, + { id: 'CWE-20', name: 'Improper Input Validation', status: 'Usable' }, + { + id: 'CWE-210', + name: 'Information Exposure Through Self-generated Error Message', + status: 'Draft', + }, + { + id: 'CWE-211', + name: 'Information Exposure Through Externally-Generated Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-212', + name: 'Improper Cross-boundary Removal of Sensitive Data', + status: 'Incomplete', + }, + { + id: 'CWE-213', + name: 'Intentional Information Exposure', + status: 'Draft', + }, + { + id: 'CWE-214', + name: 'Information Exposure Through Process Environment', + status: 'Incomplete', + }, + { + id: 'CWE-215', + name: 'Information Exposure Through Debug Information', + status: 'Draft', + }, + { + id: 'CWE-216', + name: 'Containment Errors (Container Errors)', + status: 'Incomplete', + }, + { + id: 'CWE-217', + name: 'DEPRECATED: Failure to Protect Stored Data from Modification', + status: 'Deprecated', + }, + { + id: 'CWE-218', + name: 'DEPRECATED (Duplicate): Failure to provide confidentiality for stored data', + status: 'Deprecated', + }, + { id: 'CWE-219', name: 'Sensitive Data Under Web Root', status: 'Draft' }, + { id: 'CWE-220', name: 'Sensitive Data Under FTP Root', status: 'Draft' }, + { + id: 'CWE-221', + name: 'Information Loss or Omission', + status: 'Incomplete', + }, + { + id: 'CWE-222', + name: 'Truncation of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-223', + name: 'Omission of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-224', + name: 'Obscured Security-relevant Information by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-225', + name: 'DEPRECATED (Duplicate): General Information Management Problems', + status: 'Deprecated', + }, + { + id: 'CWE-226', + name: 'Sensitive Information Uncleared Before Release', + status: 'Draft', + }, + { + id: 'CWE-228', + name: 'Improper Handling of Syntactically Invalid Structure', + status: 'Incomplete', + }, + { + id: 'CWE-229', + name: 'Improper Handling of Values', + status: 'Incomplete', + }, + { + id: 'CWE-22', + name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + status: 'Draft', + }, + { + id: 'CWE-230', + name: 'Improper Handling of Missing Values', + status: 'Draft', + }, + { + id: 'CWE-231', + name: 'Improper Handling of Extra Values', + status: 'Draft', + }, + { + id: 'CWE-232', + name: 'Improper Handling of Undefined Values', + status: 'Draft', + }, + { + id: 'CWE-233', + name: 'Improper Handling of Parameters', + status: 'Incomplete', + }, + { + id: 'CWE-234', + name: 'Failure to Handle Missing Parameter', + status: 'Incomplete', + }, + { + id: 'CWE-235', + name: 'Improper Handling of Extra Parameters', + status: 'Draft', + }, + { + id: 'CWE-236', + name: 'Improper Handling of Undefined Parameters', + status: 'Draft', + }, + { + id: 'CWE-237', + name: 'Improper Handling of Structural Elements', + status: 'Incomplete', + }, + { + id: 'CWE-238', + name: 'Improper Handling of Incomplete Structural Elements', + status: 'Draft', + }, + { + id: 'CWE-239', + name: 'Failure to Handle Incomplete Element', + status: 'Draft', + }, + { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, + { + id: 'CWE-240', + name: 'Improper Handling of Inconsistent Structural Elements', + status: 'Draft', + }, + { + id: 'CWE-241', + name: 'Improper Handling of Unexpected Data Type', + status: 'Draft', + }, + { + id: 'CWE-242', + name: 'Use of Inherently Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-243', + name: 'Creation of chroot Jail Without Changing Working Directory', + status: 'Draft', + }, + { + id: 'CWE-244', + name: "Improper Clearing of Heap Memory Before Release ('Heap Inspection')", + status: 'Draft', + }, + { + id: 'CWE-245', + name: 'J2EE Bad Practices: Direct Management of Connections', + status: 'Draft', + }, + { + id: 'CWE-246', + name: 'J2EE Bad Practices: Direct Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-247', + name: 'DEPRECATED (Duplicate): Reliance on DNS Lookups in a Security Decision', + status: 'Deprecated', + }, + { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, + { + id: 'CWE-249', + name: 'DEPRECATED: Often Misused: Path Manipulation', + status: 'Deprecated', + }, + { + id: 'CWE-24', + name: "Path Traversal: '../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-250', + name: 'Execution with Unnecessary Privileges', + status: 'Draft', + }, + { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, + { + id: 'CWE-253', + name: 'Incorrect Check of Function Return Value', + status: 'Incomplete', + }, + { + id: 'CWE-256', + name: 'Plaintext Storage of a Password', + status: 'Incomplete', + }, + { + id: 'CWE-257', + name: 'Storing Passwords in a Recoverable Format', + status: 'Incomplete', + }, + { + id: 'CWE-258', + name: 'Empty Password in Configuration File', + status: 'Incomplete', + }, + { id: 'CWE-259', name: 'Use of Hard-coded Password', status: 'Draft' }, + { + id: 'CWE-25', + name: "Path Traversal: '/../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-260', + name: 'Password in Configuration File', + status: 'Incomplete', + }, + { + id: 'CWE-261', + name: 'Weak Cryptography for Passwords', + status: 'Incomplete', + }, + { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, + { + id: 'CWE-263', + name: 'Password Aging with Long Expiration', + status: 'Draft', + }, + { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, + { + id: 'CWE-267', + name: 'Privilege Defined With Unsafe Actions', + status: 'Incomplete', + }, + { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, + { + id: 'CWE-269', + name: 'Improper Privilege Management', + status: 'Incomplete', + }, + { + id: 'CWE-26', + name: "Path Traversal: '/dir/../filename'", + status: 'Draft', + }, + { + id: 'CWE-270', + name: 'Privilege Context Switching Error', + status: 'Draft', + }, + { + id: 'CWE-271', + name: 'Privilege Dropping / Lowering Errors', + status: 'Incomplete', + }, + { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, + { + id: 'CWE-273', + name: 'Improper Check for Dropped Privileges', + status: 'Incomplete', + }, + { + id: 'CWE-274', + name: 'Improper Handling of Insufficient Privileges', + status: 'Draft', + }, + { id: 'CWE-276', name: 'Incorrect Default Permissions', status: 'Draft' }, + { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, + { + id: 'CWE-278', + name: 'Insecure Preserved Inherited Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-279', + name: 'Incorrect Execution-Assigned Permissions', + status: 'Draft', + }, + { + id: 'CWE-27', + name: "Path Traversal: 'dir/../../filename'", + status: 'Draft', + }, + { + id: 'CWE-280', + name: 'Improper Handling of Insufficient Permissions or Privileges ', + status: 'Draft', + }, + { + id: 'CWE-281', + name: 'Improper Preservation of Permissions', + status: 'Draft', + }, + { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, + { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, + { id: 'CWE-284', name: 'Improper Access Control', status: 'Incomplete' }, + { id: 'CWE-285', name: 'Improper Authorization', status: 'Draft' }, + { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, + { id: 'CWE-287', name: 'Improper Authentication', status: 'Draft' }, + { + id: 'CWE-288', + name: 'Authentication Bypass Using an Alternate Path or Channel', + status: 'Incomplete', + }, + { + id: 'CWE-289', + name: 'Authentication Bypass by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-28', + name: "Path Traversal: '..\\filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-290', + name: 'Authentication Bypass by Spoofing', + status: 'Incomplete', + }, + { + id: 'CWE-291', + name: 'Reliance on IP Address for Authentication', + status: 'Incomplete', + }, + { + id: 'CWE-292', + name: 'DEPRECATED (Duplicate): Trusting Self-reported DNS Name', + status: 'Deprecated', + }, + { + id: 'CWE-293', + name: 'Using Referer Field for Authentication', + status: 'Draft', + }, + { + id: 'CWE-294', + name: 'Authentication Bypass by Capture-replay', + status: 'Incomplete', + }, + { + id: 'CWE-295', + name: 'Improper Certificate Validation', + status: 'Incomplete', + }, + { + id: 'CWE-296', + name: "Improper Following of a Certificate's Chain of Trust", + status: 'Draft', + }, + { + id: 'CWE-297', + name: 'Improper Validation of Certificate with Host Mismatch', + status: 'Incomplete', + }, + { + id: 'CWE-298', + name: 'Improper Validation of Certificate Expiration', + status: 'Draft', + }, + { + id: 'CWE-299', + name: 'Improper Check for Certificate Revocation', + status: 'Draft', + }, + { + id: 'CWE-29', + name: "Path Traversal: '\\..\\filename'", + status: 'Incomplete', + }, + { + id: 'CWE-300', + name: "Channel Accessible by Non-Endpoint ('Man-in-the-Middle')", + status: 'Draft', + }, + { + id: 'CWE-301', + name: 'Reflection Attack in an Authentication Protocol', + status: 'Draft', + }, + { + id: 'CWE-302', + name: 'Authentication Bypass by Assumed-Immutable Data', + status: 'Incomplete', + }, + { + id: 'CWE-303', + name: 'Incorrect Implementation of Authentication Algorithm', + status: 'Draft', + }, + { + id: 'CWE-304', + name: 'Missing Critical Step in Authentication', + status: 'Draft', + }, + { + id: 'CWE-305', + name: 'Authentication Bypass by Primary Weakness', + status: 'Draft', + }, + { + id: 'CWE-306', + name: 'Missing Authentication for Critical Function', + status: 'Draft', + }, + { + id: 'CWE-307', + name: 'Improper Restriction of Excessive Authentication Attempts', + status: 'Draft', + }, + { + id: 'CWE-308', + name: 'Use of Single-factor Authentication', + status: 'Draft', + }, + { + id: 'CWE-309', + name: 'Use of Password System for Primary Authentication', + status: 'Draft', + }, + { + id: 'CWE-30', + name: "Path Traversal: '\\dir\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-311', + name: 'Missing Encryption of Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-312', + name: 'Cleartext Storage of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-313', + name: 'Cleartext Storage in a File or on Disk', + status: 'Draft', + }, + { + id: 'CWE-314', + name: 'Cleartext Storage in the Registry', + status: 'Draft', + }, + { + id: 'CWE-315', + name: 'Cleartext Storage of Sensitive Information in a Cookie', + status: 'Draft', + }, + { + id: 'CWE-316', + name: 'Cleartext Storage of Sensitive Information in Memory', + status: 'Draft', + }, + { + id: 'CWE-317', + name: 'Cleartext Storage of Sensitive Information in GUI', + status: 'Draft', + }, + { + id: 'CWE-318', + name: 'Cleartext Storage of Sensitive Information in Executable', + status: 'Draft', + }, + { + id: 'CWE-319', + name: 'Cleartext Transmission of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-31', + name: "Path Traversal: 'dir\\..\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-321', + name: 'Use of Hard-coded Cryptographic Key', + status: 'Draft', + }, + { + id: 'CWE-322', + name: 'Key Exchange without Entity Authentication', + status: 'Draft', + }, + { + id: 'CWE-323', + name: 'Reusing a Nonce, Key Pair in Encryption', + status: 'Incomplete', + }, + { + id: 'CWE-324', + name: 'Use of a Key Past its Expiration Date', + status: 'Draft', + }, + { + id: 'CWE-325', + name: 'Missing Required Cryptographic Step', + status: 'Incomplete', + }, + { id: 'CWE-326', name: 'Inadequate Encryption Strength', status: 'Draft' }, + { + id: 'CWE-327', + name: 'Use of a Broken or Risky Cryptographic Algorithm', + status: 'Draft', + }, + { id: 'CWE-328', name: 'Reversible One-Way Hash', status: 'Draft' }, + { + id: 'CWE-329', + name: 'Not Using a Random IV with CBC Mode', + status: 'Draft', + }, + { + id: 'CWE-32', + name: "Path Traversal: '...' (Triple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-330', + name: 'Use of Insufficiently Random Values', + status: 'Usable', + }, + { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, + { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, + { + id: 'CWE-333', + name: 'Improper Handling of Insufficient Entropy in TRNG', + status: 'Draft', + }, + { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, + { + id: 'CWE-335', + name: 'Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + }, + { + id: 'CWE-336', + name: 'Same Seed in Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + }, + { + id: 'CWE-337', + name: 'Predictable Seed in Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + }, + { + id: 'CWE-338', + name: 'Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + }, + { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, + { + id: 'CWE-33', + name: "Path Traversal: '....' (Multiple Dot)", + status: 'Incomplete', + }, + { id: 'CWE-340', name: 'Predictability Problems', status: 'Incomplete' }, + { + id: 'CWE-341', + name: 'Predictable from Observable State', + status: 'Draft', + }, + { + id: 'CWE-342', + name: 'Predictable Exact Value from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-343', + name: 'Predictable Value Range from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-344', + name: 'Use of Invariant Value in Dynamically Changing Context', + status: 'Draft', + }, + { + id: 'CWE-345', + name: 'Insufficient Verification of Data Authenticity', + status: 'Draft', + }, + { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, + { + id: 'CWE-347', + name: 'Improper Verification of Cryptographic Signature', + status: 'Draft', + }, + { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, + { + id: 'CWE-349', + name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', + status: 'Draft', + }, + { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, + { + id: 'CWE-350', + name: 'Reliance on Reverse DNS Resolution for a Security-Critical Action', + status: 'Draft', + }, + { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, + { + id: 'CWE-352', + name: 'Cross-Site Request Forgery (CSRF)', + status: 'Draft', + }, + { + id: 'CWE-353', + name: 'Missing Support for Integrity Check', + status: 'Draft', + }, + { + id: 'CWE-354', + name: 'Improper Validation of Integrity Check Value', + status: 'Draft', + }, + { + id: 'CWE-356', + name: 'Product UI does not Warn User of Unsafe Actions', + status: 'Incomplete', + }, + { + id: 'CWE-357', + name: 'Insufficient UI Warning of Dangerous Operations', + status: 'Draft', + }, + { + id: 'CWE-358', + name: 'Improperly Implemented Security Check for Standard', + status: 'Draft', + }, + { + id: 'CWE-359', + name: "Exposure of Private Information ('Privacy Violation')", + status: 'Incomplete', + }, + { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, + { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, + { + id: 'CWE-362', + name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", + status: 'Draft', + }, + { + id: 'CWE-363', + name: 'Race Condition Enabling Link Following', + status: 'Draft', + }, + { + id: 'CWE-364', + name: 'Signal Handler Race Condition', + status: 'Incomplete', + }, + { id: 'CWE-365', name: 'Race Condition in Switch', status: 'Draft' }, + { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, + { + id: 'CWE-367', + name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', + status: 'Incomplete', + }, + { + id: 'CWE-368', + name: 'Context Switching Race Condition', + status: 'Draft', + }, + { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, + { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, + { + id: 'CWE-370', + name: 'Missing Check for Certificate Revocation after Initial Check', + status: 'Draft', + }, + { + id: 'CWE-372', + name: 'Incomplete Internal State Distinction', + status: 'Draft', + }, + { + id: 'CWE-373', + name: 'DEPRECATED: State Synchronization Error', + status: 'Deprecated', + }, + { + id: 'CWE-374', + name: 'Passing Mutable Objects to an Untrusted Method', + status: 'Draft', + }, + { + id: 'CWE-375', + name: 'Returning a Mutable Object to an Untrusted Caller', + status: 'Draft', + }, + { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, + { + id: 'CWE-378', + name: 'Creation of Temporary File With Insecure Permissions', + status: 'Draft', + }, + { + id: 'CWE-379', + name: 'Creation of Temporary File in Directory with Incorrect Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-37', + name: "Path Traversal: '/absolute/pathname/here'", + status: 'Draft', + }, + { + id: 'CWE-382', + name: 'J2EE Bad Practices: Use of System.exit()', + status: 'Draft', + }, + { + id: 'CWE-383', + name: 'J2EE Bad Practices: Direct Use of Threads', + status: 'Draft', + }, + { id: 'CWE-384', name: 'Session Fixation', status: 'Incomplete' }, + { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, + { + id: 'CWE-386', + name: 'Symbolic Name not Mapping to Correct Object', + status: 'Draft', + }, + { + id: 'CWE-38', + name: "Path Traversal: '\\absolute\\pathname\\here'", + status: 'Draft', + }, + { + id: 'CWE-390', + name: 'Detection of Error Condition Without Action', + status: 'Draft', + }, + { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, + { + id: 'CWE-392', + name: 'Missing Report of Error Condition', + status: 'Draft', + }, + { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, + { + id: 'CWE-394', + name: 'Unexpected Status Code or Return Value', + status: 'Draft', + }, + { + id: 'CWE-395', + name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', + status: 'Draft', + }, + { + id: 'CWE-396', + name: 'Declaration of Catch for Generic Exception', + status: 'Draft', + }, + { + id: 'CWE-397', + name: 'Declaration of Throws for Generic Exception', + status: 'Draft', + }, + { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, + { + id: 'CWE-400', + name: "Uncontrolled Resource Consumption ('Resource Exhaustion')", + status: 'Incomplete', + }, + { + id: 'CWE-401', + name: "Improper Release of Memory Before Removing Last Reference ('Memory Leak')", + status: 'Draft', + }, + { + id: 'CWE-402', + name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", + status: 'Draft', + }, + { + id: 'CWE-403', + name: "Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')", + status: 'Draft', + }, + { + id: 'CWE-404', + name: 'Improper Resource Shutdown or Release', + status: 'Draft', + }, + { + id: 'CWE-405', + name: 'Asymmetric Resource Consumption (Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-406', + name: 'Insufficient Control of Network Message Volume (Network Amplification)', + status: 'Incomplete', + }, + { id: 'CWE-407', name: 'Algorithmic Complexity', status: 'Incomplete' }, + { + id: 'CWE-408', + name: 'Incorrect Behavior Order: Early Amplification', + status: 'Draft', + }, + { + id: 'CWE-409', + name: 'Improper Handling of Highly Compressed Data (Data Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-40', + name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", + status: 'Draft', + }, + { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, + { + id: 'CWE-412', + name: 'Unrestricted Externally Accessible Lock', + status: 'Incomplete', + }, + { id: 'CWE-413', name: 'Improper Resource Locking', status: 'Draft' }, + { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, + { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, + { id: 'CWE-416', name: 'Use After Free', status: 'Draft' }, + { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, + { + id: 'CWE-41', + name: 'Improper Resolution of Path Equivalence', + status: 'Incomplete', + }, + { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, + { + id: 'CWE-421', + name: 'Race Condition During Access to Alternate Channel', + status: 'Draft', + }, + { + id: 'CWE-422', + name: "Unprotected Windows Messaging Channel ('Shatter')", + status: 'Draft', + }, + { + id: 'CWE-423', + name: 'DEPRECATED (Duplicate): Proxied Trusted Channel', + status: 'Deprecated', + }, + { + id: 'CWE-424', + name: 'Improper Protection of Alternate Path', + status: 'Draft', + }, + { + id: 'CWE-425', + name: "Direct Request ('Forced Browsing')", + status: 'Incomplete', + }, + { id: 'CWE-426', name: 'Untrusted Search Path', status: 'Draft' }, + { + id: 'CWE-427', + name: 'Uncontrolled Search Path Element', + status: 'Draft', + }, + { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, + { + id: 'CWE-42', + name: "Path Equivalence: 'filename.' (Trailing Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-430', + name: 'Deployment of Wrong Handler', + status: 'Incomplete', + }, + { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, + { + id: 'CWE-432', + name: 'Dangerous Signal Handler not Disabled During Sensitive Operations', + status: 'Draft', + }, + { + id: 'CWE-433', + name: 'Unparsed Raw Web Content Delivery', + status: 'Incomplete', + }, + { + id: 'CWE-434', + name: 'Unrestricted Upload of File with Dangerous Type', + status: 'Draft', + }, + { + id: 'CWE-435', + name: 'Improper Interaction Between Multiple Entities', + status: 'Draft', + }, + { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, + { + id: 'CWE-437', + name: 'Incomplete Model of Endpoint Features', + status: 'Incomplete', + }, + { + id: 'CWE-439', + name: 'Behavioral Change in New Version or Environment', + status: 'Draft', + }, + { + id: 'CWE-43', + name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", + status: 'Incomplete', + }, + { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, + { + id: 'CWE-441', + name: "Unintended Proxy or Intermediary ('Confused Deputy')", + status: 'Draft', + }, + { + id: 'CWE-443', + name: 'DEPRECATED (Duplicate): HTTP response splitting', + status: 'Deprecated', + }, + { + id: 'CWE-444', + name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')", + status: 'Incomplete', + }, + { + id: 'CWE-446', + name: 'UI Discrepancy for Security Feature', + status: 'Incomplete', + }, + { + id: 'CWE-447', + name: 'Unimplemented or Unsupported Feature in UI', + status: 'Draft', + }, + { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, + { + id: 'CWE-449', + name: 'The UI Performs the Wrong Action', + status: 'Incomplete', + }, + { + id: 'CWE-44', + name: "Path Equivalence: 'file.name' (Internal Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-450', + name: 'Multiple Interpretations of UI Input', + status: 'Draft', + }, + { + id: 'CWE-451', + name: 'User Interface (UI) Misrepresentation of Critical Information', + status: 'Draft', + }, + { + id: 'CWE-453', + name: 'Insecure Default Variable Initialization', + status: 'Draft', + }, + { + id: 'CWE-454', + name: 'External Initialization of Trusted Variables or Data Stores', + status: 'Draft', + }, + { + id: 'CWE-455', + name: 'Non-exit on Failed Initialization', + status: 'Draft', + }, + { + id: 'CWE-456', + name: 'Missing Initialization of a Variable', + status: 'Draft', + }, + { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, + { + id: 'CWE-458', + name: 'DEPRECATED: Incorrect Initialization', + status: 'Deprecated', + }, + { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, + { + id: 'CWE-45', + name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-460', + name: 'Improper Cleanup on Thrown Exception', + status: 'Draft', + }, + { + id: 'CWE-462', + name: 'Duplicate Key in Associative List (Alist)', + status: 'Incomplete', + }, + { + id: 'CWE-463', + name: 'Deletion of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-464', + name: 'Addition of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-466', + name: 'Return of Pointer Value Outside of Expected Range', + status: 'Draft', + }, + { + id: 'CWE-467', + name: 'Use of sizeof() on a Pointer Type', + status: 'Draft', + }, + { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, + { + id: 'CWE-469', + name: 'Use of Pointer Subtraction to Determine Size', + status: 'Draft', + }, + { + id: 'CWE-46', + name: "Path Equivalence: 'filename ' (Trailing Space)", + status: 'Incomplete', + }, + { + id: 'CWE-470', + name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", + status: 'Draft', + }, + { + id: 'CWE-471', + name: 'Modification of Assumed-Immutable Data (MAID)', + status: 'Draft', + }, + { + id: 'CWE-472', + name: 'External Control of Assumed-Immutable Web Parameter', + status: 'Draft', + }, + { + id: 'CWE-473', + name: 'PHP External Variable Modification', + status: 'Draft', + }, + { + id: 'CWE-474', + name: 'Use of Function with Inconsistent Implementations', + status: 'Draft', + }, + { + id: 'CWE-475', + name: 'Undefined Behavior for Input to API', + status: 'Incomplete', + }, + { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Draft' }, + { id: 'CWE-477', name: 'Use of Obsolete Function', status: 'Draft' }, + { + id: 'CWE-478', + name: 'Missing Default Case in Switch Statement', + status: 'Draft', + }, + { + id: 'CWE-479', + name: 'Signal Handler Use of a Non-reentrant Function', + status: 'Draft', + }, + { + id: 'CWE-47', + name: "Path Equivalence: ' filename' (Leading Space)", + status: 'Incomplete', + }, + { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, + { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, + { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, + { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, + { + id: 'CWE-484', + name: 'Omitted Break Statement in Switch', + status: 'Draft', + }, + { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, + { + id: 'CWE-487', + name: 'Reliance on Package-level Scope', + status: 'Incomplete', + }, + { + id: 'CWE-488', + name: 'Exposure of Data Element to Wrong Session', + status: 'Draft', + }, + { id: 'CWE-489', name: 'Leftover Debug Code', status: 'Draft' }, + { + id: 'CWE-48', + name: "Path Equivalence: 'file name' (Internal Whitespace)", + status: 'Incomplete', + }, + { + id: 'CWE-491', + name: "Public cloneable() Method Without Final ('Object Hijack')", + status: 'Draft', + }, + { + id: 'CWE-492', + name: 'Use of Inner Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-493', + name: 'Critical Public Variable Without Final Modifier', + status: 'Draft', + }, + { + id: 'CWE-494', + name: 'Download of Code Without Integrity Check', + status: 'Draft', + }, + { + id: 'CWE-495', + name: 'Private Array-Typed Field Returned From A Public Method', + status: 'Draft', + }, + { + id: 'CWE-496', + name: 'Public Data Assigned to Private Array-Typed Field', + status: 'Incomplete', + }, + { + id: 'CWE-497', + name: 'Exposure of System Data to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-498', + name: 'Cloneable Class Containing Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-499', + name: 'Serializable Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-49', + name: "Path Equivalence: 'filename/' (Trailing Slash)", + status: 'Incomplete', + }, + { + id: 'CWE-500', + name: 'Public Static Field Not Marked Final', + status: 'Draft', + }, + { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, + { + id: 'CWE-502', + name: 'Deserialization of Untrusted Data', + status: 'Draft', + }, + { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, + { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, + { + id: 'CWE-508', + name: 'Non-Replicating Malicious Code', + status: 'Incomplete', + }, + { + id: 'CWE-509', + name: 'Replicating Malicious Code (Virus or Worm)', + status: 'Incomplete', + }, + { + id: 'CWE-50', + name: "Path Equivalence: '//multiple/leading/slash'", + status: 'Incomplete', + }, + { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, + { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, + { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, + { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, + { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, + { + id: 'CWE-516', + name: 'DEPRECATED (Duplicate): Covert Timing Channel', + status: 'Deprecated', + }, + { + id: 'CWE-51', + name: "Path Equivalence: '/multiple//internal/slash'", + status: 'Incomplete', + }, + { + id: 'CWE-520', + name: '.NET Misconfiguration: Use of Impersonation', + status: 'Incomplete', + }, + { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, + { + id: 'CWE-522', + name: 'Insufficiently Protected Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-523', + name: 'Unprotected Transport of Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-524', + name: 'Information Exposure Through Caching', + status: 'Incomplete', + }, + { + id: 'CWE-525', + name: 'Information Exposure Through Browser Caching', + status: 'Incomplete', + }, + { + id: 'CWE-526', + name: 'Information Exposure Through Environmental Variables', + status: 'Incomplete', + }, + { + id: 'CWE-527', + name: 'Exposure of CVS Repository to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-528', + name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', + status: 'Draft', + }, + { + id: 'CWE-529', + name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-52', + name: "Path Equivalence: '/multiple/trailing/slash//'", + status: 'Incomplete', + }, + { + id: 'CWE-530', + name: 'Exposure of Backup File to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-531', + name: 'Information Exposure Through Test Code', + status: 'Incomplete', + }, + { + id: 'CWE-532', + name: 'Information Exposure Through Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-533', + name: 'Information Exposure Through Server Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-534', + name: 'Information Exposure Through Debug Log Files', + status: 'Draft', + }, + { + id: 'CWE-535', + name: 'Information Exposure Through Shell Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-536', + name: 'Information Exposure Through Servlet Runtime Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-537', + name: 'Information Exposure Through Java Runtime Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-538', + name: 'File and Directory Information Exposure', + status: 'Draft', + }, + { + id: 'CWE-539', + name: 'Information Exposure Through Persistent Cookies', + status: 'Incomplete', + }, + { + id: 'CWE-53', + name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", + status: 'Incomplete', + }, + { + id: 'CWE-540', + name: 'Information Exposure Through Source Code', + status: 'Incomplete', + }, + { + id: 'CWE-541', + name: 'Information Exposure Through Include Source Code', + status: 'Incomplete', + }, + { + id: 'CWE-542', + name: 'Information Exposure Through Cleanup Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-543', + name: 'Use of Singleton Pattern Without Synchronization in a Multithreaded Context', + status: 'Incomplete', + }, + { + id: 'CWE-544', + name: 'Missing Standardized Error Handling Mechanism', + status: 'Draft', + }, + { + id: 'CWE-545', + name: 'DEPRECATED: Use of Dynamic Class Loading', + status: 'Deprecated', + }, + { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, + { + id: 'CWE-547', + name: 'Use of Hard-coded, Security-relevant Constants', + status: 'Draft', + }, + { + id: 'CWE-548', + name: 'Information Exposure Through Directory Listing', + status: 'Draft', + }, + { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, + { + id: 'CWE-54', + name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", + status: 'Incomplete', + }, + { + id: 'CWE-550', + name: 'Information Exposure Through Server Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-551', + name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', + status: 'Incomplete', + }, + { + id: 'CWE-552', + name: 'Files or Directories Accessible to External Parties', + status: 'Draft', + }, + { + id: 'CWE-553', + name: 'Command Shell in Externally Accessible Directory', + status: 'Incomplete', + }, + { + id: 'CWE-554', + name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', + status: 'Draft', + }, + { + id: 'CWE-555', + name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-556', + name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', + status: 'Incomplete', + }, + { + id: 'CWE-558', + name: 'Use of getlogin() in Multithreaded Application', + status: 'Draft', + }, + { + id: 'CWE-55', + name: "Path Equivalence: '/./' (Single Dot Directory)", + status: 'Incomplete', + }, + { + id: 'CWE-560', + name: 'Use of umask() with chmod-style Argument', + status: 'Draft', + }, + { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, + { + id: 'CWE-562', + name: 'Return of Stack Variable Address', + status: 'Draft', + }, + { + id: 'CWE-563', + name: 'Assignment to Variable without Use', + status: 'Draft', + }, + { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, + { + id: 'CWE-565', + name: 'Reliance on Cookies without Validation and Integrity Checking', + status: 'Incomplete', + }, + { + id: 'CWE-566', + name: 'Authorization Bypass Through User-Controlled SQL Primary Key', + status: 'Incomplete', + }, + { + id: 'CWE-567', + name: 'Unsynchronized Access to Shared Data in a Multithreaded Context', + status: 'Draft', + }, + { + id: 'CWE-568', + name: 'finalize() Method Without super.finalize()', + status: 'Draft', + }, + { + id: 'CWE-56', + name: "Path Equivalence: 'filedir*' (Wildcard)", + status: 'Incomplete', + }, + { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, + { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, + { + id: 'CWE-572', + name: 'Call to Thread run() instead of start()', + status: 'Draft', + }, + { + id: 'CWE-573', + name: 'Improper Following of Specification by Caller', + status: 'Draft', + }, + { + id: 'CWE-574', + name: 'EJB Bad Practices: Use of Synchronization Primitives', + status: 'Draft', + }, + { + id: 'CWE-575', + name: 'EJB Bad Practices: Use of AWT Swing', + status: 'Draft', + }, + { + id: 'CWE-576', + name: 'EJB Bad Practices: Use of Java I/O', + status: 'Draft', + }, + { + id: 'CWE-577', + name: 'EJB Bad Practices: Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-578', + name: 'EJB Bad Practices: Use of Class Loader', + status: 'Draft', + }, + { + id: 'CWE-579', + name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', + status: 'Draft', + }, + { + id: 'CWE-57', + name: "Path Equivalence: 'fakedir/../realdir/filename'", + status: 'Incomplete', + }, + { + id: 'CWE-580', + name: 'clone() Method Without super.clone()', + status: 'Draft', + }, + { + id: 'CWE-581', + name: 'Object Model Violation: Just One of Equals and Hashcode Defined', + status: 'Draft', + }, + { + id: 'CWE-582', + name: 'Array Declared Public, Final, and Static', + status: 'Draft', + }, + { + id: 'CWE-583', + name: 'finalize() Method Declared Public', + status: 'Incomplete', + }, + { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, + { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, + { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, + { + id: 'CWE-587', + name: 'Assignment of a Fixed Address to a Pointer', + status: 'Draft', + }, + { + id: 'CWE-588', + name: 'Attempt to Access Child of a Non-structure Pointer', + status: 'Incomplete', + }, + { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, + { + id: 'CWE-58', + name: 'Path Equivalence: Windows 8.3 Filename', + status: 'Incomplete', + }, + { + id: 'CWE-590', + name: 'Free of Memory not on the Heap', + status: 'Incomplete', + }, + { + id: 'CWE-591', + name: 'Sensitive Data Storage in Improperly Locked Memory', + status: 'Draft', + }, + { + id: 'CWE-592', + name: 'DEPRECATED: Authentication Bypass Issues', + status: 'Deprecated', + }, + { + id: 'CWE-593', + name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', + status: 'Draft', + }, + { + id: 'CWE-594', + name: 'J2EE Framework: Saving Unserializable Objects to Disk', + status: 'Incomplete', + }, + { + id: 'CWE-595', + name: 'Comparison of Object References Instead of Object Contents', + status: 'Incomplete', + }, + { + id: 'CWE-596', + name: 'Incorrect Semantic Object Comparison', + status: 'Incomplete', + }, + { + id: 'CWE-597', + name: 'Use of Wrong Operator in String Comparison', + status: 'Draft', + }, + { + id: 'CWE-598', + name: 'Information Exposure Through Query Strings in GET Request', + status: 'Draft', + }, + { + id: 'CWE-599', + name: 'Missing Validation of OpenSSL Certificate', + status: 'Incomplete', + }, + { + id: 'CWE-59', + name: "Improper Link Resolution Before File Access ('Link Following')", + status: 'Draft', + }, + { + id: 'CWE-5', + name: 'J2EE Misconfiguration: Data Transmission Without Encryption', + status: 'Draft', + }, + { id: 'CWE-600', name: 'Uncaught Exception in Servlet ', status: 'Draft' }, + { + id: 'CWE-601', + name: "URL Redirection to Untrusted Site ('Open Redirect')", + status: 'Draft', + }, + { + id: 'CWE-602', + name: 'Client-Side Enforcement of Server-Side Security', + status: 'Draft', + }, + { + id: 'CWE-603', + name: 'Use of Client-Side Authentication', + status: 'Draft', + }, + { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, + { + id: 'CWE-606', + name: 'Unchecked Input for Loop Condition', + status: 'Draft', + }, + { + id: 'CWE-607', + name: 'Public Static Final Field References Mutable Object', + status: 'Draft', + }, + { + id: 'CWE-608', + name: 'Struts: Non-private Field in ActionForm Class', + status: 'Draft', + }, + { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, + { + id: 'CWE-610', + name: 'Externally Controlled Reference to a Resource in Another Sphere', + status: 'Draft', + }, + { + id: 'CWE-611', + name: "Improper Restriction of XML External Entity Reference ('XXE')", + status: 'Draft', + }, + { + id: 'CWE-612', + name: 'Information Exposure Through Indexing of Private Data', + status: 'Draft', + }, + { + id: 'CWE-613', + name: 'Insufficient Session Expiration', + status: 'Incomplete', + }, + { + id: 'CWE-614', + name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", + status: 'Draft', + }, + { + id: 'CWE-615', + name: 'Information Exposure Through Comments', + status: 'Incomplete', + }, + { + id: 'CWE-616', + name: 'Incomplete Identification of Uploaded File Variables (PHP)', + status: 'Incomplete', + }, + { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, + { + id: 'CWE-618', + name: 'Exposed Unsafe ActiveX Method', + status: 'Incomplete', + }, + { + id: 'CWE-619', + name: "Dangling Database Cursor ('Cursor Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-61', + name: 'UNIX Symbolic Link (Symlink) Following', + status: 'Incomplete', + }, + { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, + { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, + { + id: 'CWE-622', + name: 'Improper Validation of Function Hook Arguments', + status: 'Draft', + }, + { + id: 'CWE-623', + name: 'Unsafe ActiveX Control Marked Safe For Scripting', + status: 'Draft', + }, + { + id: 'CWE-624', + name: 'Executable Regular Expression Error', + status: 'Incomplete', + }, + { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, + { + id: 'CWE-626', + name: 'Null Byte Interaction Error (Poison Null Byte)', + status: 'Draft', + }, + { + id: 'CWE-627', + name: 'Dynamic Variable Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-628', + name: 'Function Call with Incorrectly Specified Arguments', + status: 'Draft', + }, + { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, + { + id: 'CWE-636', + name: "Not Failing Securely ('Failing Open')", + status: 'Draft', + }, + { + id: 'CWE-637', + name: "Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')", + status: 'Draft', + }, + { id: 'CWE-638', name: 'Not Using Complete Mediation', status: 'Draft' }, + { + id: 'CWE-639', + name: 'Authorization Bypass Through User-Controlled Key', + status: 'Incomplete', + }, + { + id: 'CWE-640', + name: 'Weak Password Recovery Mechanism for Forgotten Password', + status: 'Incomplete', + }, + { + id: 'CWE-641', + name: 'Improper Restriction of Names for Files and Other Resources', + status: 'Incomplete', + }, + { + id: 'CWE-642', + name: 'External Control of Critical State Data', + status: 'Draft', + }, + { + id: 'CWE-643', + name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-644', + name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', + status: 'Incomplete', + }, + { + id: 'CWE-645', + name: 'Overly Restrictive Account Lockout Mechanism', + status: 'Incomplete', + }, + { + id: 'CWE-646', + name: 'Reliance on File Name or Extension of Externally-Supplied File', + status: 'Incomplete', + }, + { + id: 'CWE-647', + name: 'Use of Non-Canonical URL Paths for Authorization Decisions', + status: 'Incomplete', + }, + { + id: 'CWE-648', + name: 'Incorrect Use of Privileged APIs', + status: 'Incomplete', + }, + { + id: 'CWE-649', + name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', + status: 'Incomplete', + }, + { + id: 'CWE-64', + name: 'Windows Shortcut Following (.LNK)', + status: 'Incomplete', + }, + { + id: 'CWE-650', + name: 'Trusting HTTP Permission Methods on the Server Side', + status: 'Incomplete', + }, + { + id: 'CWE-651', + name: 'Information Exposure Through WSDL File', + status: 'Incomplete', + }, + { + id: 'CWE-652', + name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-653', + name: 'Insufficient Compartmentalization', + status: 'Draft', + }, + { + id: 'CWE-654', + name: 'Reliance on a Single Factor in a Security Decision', + status: 'Draft', + }, + { + id: 'CWE-655', + name: 'Insufficient Psychological Acceptability', + status: 'Draft', + }, + { + id: 'CWE-656', + name: 'Reliance on Security Through Obscurity', + status: 'Draft', + }, + { + id: 'CWE-657', + name: 'Violation of Secure Design Principles', + status: 'Draft', + }, + { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, + { id: 'CWE-662', name: 'Improper Synchronization', status: 'Draft' }, + { + id: 'CWE-663', + name: 'Use of a Non-reentrant Function in a Concurrent Context', + status: 'Draft', + }, + { + id: 'CWE-664', + name: 'Improper Control of a Resource Through its Lifetime', + status: 'Draft', + }, + { id: 'CWE-665', name: 'Improper Initialization', status: 'Draft' }, + { + id: 'CWE-666', + name: 'Operation on Resource in Wrong Phase of Lifetime', + status: 'Draft', + }, + { id: 'CWE-667', name: 'Improper Locking', status: 'Draft' }, + { + id: 'CWE-668', + name: 'Exposure of Resource to Wrong Sphere', + status: 'Draft', + }, + { + id: 'CWE-669', + name: 'Incorrect Resource Transfer Between Spheres', + status: 'Draft', + }, + { + id: 'CWE-66', + name: 'Improper Handling of File Names that Identify Virtual Resources', + status: 'Draft', + }, + { + id: 'CWE-670', + name: 'Always-Incorrect Control Flow Implementation', + status: 'Draft', + }, + { + id: 'CWE-671', + name: 'Lack of Administrator Control over Security', + status: 'Draft', + }, + { + id: 'CWE-672', + name: 'Operation on a Resource after Expiration or Release', + status: 'Draft', + }, + { + id: 'CWE-673', + name: 'External Influence of Sphere Definition', + status: 'Draft', + }, + { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, + { + id: 'CWE-675', + name: 'Duplicate Operations on Resource', + status: 'Draft', + }, + { + id: 'CWE-676', + name: 'Use of Potentially Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-67', + name: 'Improper Handling of Windows Device Names', + status: 'Incomplete', + }, + { + id: 'CWE-680', + name: 'Integer Overflow to Buffer Overflow', + status: 'Draft', + }, + { + id: 'CWE-681', + name: 'Incorrect Conversion between Numeric Types', + status: 'Draft', + }, + { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, + { + id: 'CWE-683', + name: 'Function Call With Incorrect Order of Arguments', + status: 'Draft', + }, + { + id: 'CWE-684', + name: 'Incorrect Provision of Specified Functionality', + status: 'Draft', + }, + { + id: 'CWE-685', + name: 'Function Call With Incorrect Number of Arguments', + status: 'Draft', + }, + { + id: 'CWE-686', + name: 'Function Call With Incorrect Argument Type', + status: 'Draft', + }, + { + id: 'CWE-687', + name: 'Function Call With Incorrectly Specified Argument Value', + status: 'Draft', + }, + { + id: 'CWE-688', + name: 'Function Call With Incorrect Variable or Reference as Argument', + status: 'Draft', + }, + { + id: 'CWE-689', + name: 'Permission Race Condition During Resource Copy', + status: 'Draft', + }, + { + id: 'CWE-690', + name: 'Unchecked Return Value to NULL Pointer Dereference', + status: 'Draft', + }, + { + id: 'CWE-691', + name: 'Insufficient Control Flow Management', + status: 'Draft', + }, + { + id: 'CWE-692', + name: 'Incomplete Blacklist to Cross-Site Scripting', + status: 'Draft', + }, + { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, + { + id: 'CWE-694', + name: 'Use of Multiple Resources with Duplicate Identifier', + status: 'Incomplete', + }, + { + id: 'CWE-695', + name: 'Use of Low-Level Functionality', + status: 'Incomplete', + }, + { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, + { id: 'CWE-697', name: 'Insufficient Comparison', status: 'Incomplete' }, + { + id: 'CWE-698', + name: 'Execution After Redirect (EAR)', + status: 'Incomplete', + }, + { + id: 'CWE-69', + name: 'Improper Handling of Windows ::DATA Alternate Data Stream', + status: 'Incomplete', + }, + { + id: 'CWE-6', + name: 'J2EE Misconfiguration: Insufficient Session-ID Length', + status: 'Incomplete', + }, + { + id: 'CWE-703', + name: 'Improper Check or Handling of Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-704', + name: 'Incorrect Type Conversion or Cast', + status: 'Incomplete', + }, + { + id: 'CWE-705', + name: 'Incorrect Control Flow Scoping', + status: 'Incomplete', + }, + { + id: 'CWE-706', + name: 'Use of Incorrectly-Resolved Name or Reference', + status: 'Incomplete', + }, + { + id: 'CWE-707', + name: 'Improper Enforcement of Message or Data Structure', + status: 'Incomplete', + }, + { + id: 'CWE-708', + name: 'Incorrect Ownership Assignment', + status: 'Incomplete', + }, + { + id: 'CWE-710', + name: 'Improper Adherence to Coding Standards', + status: 'Incomplete', + }, + { + id: 'CWE-71', + name: "DEPRECATED: Apple '.DS_Store'", + status: 'Deprecated', + }, + { + id: 'CWE-72', + name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', + status: 'Incomplete', + }, + { + id: 'CWE-732', + name: 'Incorrect Permission Assignment for Critical Resource', + status: 'Draft', + }, + { + id: 'CWE-733', + name: 'Compiler Optimization Removal or Modification of Security-critical Code', + status: 'Incomplete', + }, + { + id: 'CWE-73', + name: 'External Control of File Name or Path', + status: 'Draft', + }, + { + id: 'CWE-749', + name: 'Exposed Dangerous Method or Function', + status: 'Incomplete', + }, + { + id: 'CWE-74', + name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-754', + name: 'Improper Check for Unusual or Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-755', + name: 'Improper Handling of Exceptional Conditions', + status: 'Incomplete', + }, + { id: 'CWE-756', name: 'Missing Custom Error Page', status: 'Incomplete' }, + { + id: 'CWE-757', + name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", + status: 'Incomplete', + }, + { + id: 'CWE-758', + name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', + status: 'Incomplete', + }, + { + id: 'CWE-759', + name: 'Use of a One-Way Hash without a Salt', + status: 'Incomplete', + }, + { + id: 'CWE-75', + name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', + status: 'Draft', + }, + { + id: 'CWE-760', + name: 'Use of a One-Way Hash with a Predictable Salt', + status: 'Incomplete', + }, + { + id: 'CWE-761', + name: 'Free of Pointer not at Start of Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-762', + name: 'Mismatched Memory Management Routines', + status: 'Incomplete', + }, + { + id: 'CWE-763', + name: 'Release of Invalid Pointer or Reference', + status: 'Incomplete', + }, + { + id: 'CWE-764', + name: 'Multiple Locks of a Critical Resource', + status: 'Incomplete', + }, + { + id: 'CWE-765', + name: 'Multiple Unlocks of a Critical Resource', + status: 'Incomplete', + }, + { + id: 'CWE-766', + name: 'Critical Variable Declared Public', + status: 'Incomplete', + }, + { + id: 'CWE-767', + name: 'Access to Critical Private Variable via Public Method', + status: 'Incomplete', + }, + { + id: 'CWE-768', + name: 'Incorrect Short Circuit Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-769', + name: 'Uncontrolled File Descriptor Consumption', + status: 'Incomplete', + }, + { + id: 'CWE-76', + name: 'Improper Neutralization of Equivalent Special Elements', + status: 'Draft', + }, + { + id: 'CWE-770', + name: 'Allocation of Resources Without Limits or Throttling', + status: 'Incomplete', + }, + { + id: 'CWE-771', + name: 'Missing Reference to Active Allocated Resource', + status: 'Incomplete', + }, + { + id: 'CWE-772', + name: 'Missing Release of Resource after Effective Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-773', + name: 'Missing Reference to Active File Descriptor or Handle', + status: 'Incomplete', + }, + { + id: 'CWE-774', + name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', + status: 'Incomplete', + }, + { + id: 'CWE-775', + name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-776', + name: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", + status: 'Draft', + }, + { + id: 'CWE-777', + name: 'Regular Expression without Anchors', + status: 'Incomplete', + }, + { id: 'CWE-778', name: 'Insufficient Logging', status: 'Draft' }, + { id: 'CWE-779', name: 'Logging of Excessive Data', status: 'Draft' }, + { + id: 'CWE-77', + name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", + status: 'Draft', + }, + { + id: 'CWE-780', + name: 'Use of RSA Algorithm without OAEP', + status: 'Incomplete', + }, + { + id: 'CWE-781', + name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', + status: 'Draft', + }, + { + id: 'CWE-782', + name: 'Exposed IOCTL with Insufficient Access Control', + status: 'Draft', + }, + { id: 'CWE-783', name: 'Operator Precedence Logic Error', status: 'Draft' }, + { + id: 'CWE-784', + name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', + status: 'Draft', + }, + { + id: 'CWE-785', + name: 'Use of Path Manipulation Function without Maximum-sized Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-786', + name: 'Access of Memory Location Before Start of Buffer', + status: 'Incomplete', + }, + { id: 'CWE-787', name: 'Out-of-bounds Write', status: 'Incomplete' }, + { + id: 'CWE-788', + name: 'Access of Memory Location After End of Buffer', + status: 'Incomplete', + }, + { id: 'CWE-789', name: 'Uncontrolled Memory Allocation', status: 'Draft' }, + { + id: 'CWE-78', + name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", + status: 'Draft', + }, + { + id: 'CWE-790', + name: 'Improper Filtering of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-791', + name: 'Incomplete Filtering of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-792', + name: 'Incomplete Filtering of One or More Instances of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-793', + name: 'Only Filtering One Instance of a Special Element', + status: 'Incomplete', + }, + { + id: 'CWE-794', + name: 'Incomplete Filtering of Multiple Instances of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-795', + name: 'Only Filtering Special Elements at a Specified Location', + status: 'Incomplete', + }, + { + id: 'CWE-796', + name: 'Only Filtering Special Elements Relative to a Marker', + status: 'Incomplete', + }, + { + id: 'CWE-797', + name: 'Only Filtering Special Elements at an Absolute Position', + status: 'Incomplete', + }, + { + id: 'CWE-798', + name: 'Use of Hard-coded Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-799', + name: 'Improper Control of Interaction Frequency', + status: 'Incomplete', + }, + { + id: 'CWE-79', + name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + status: 'Usable', + }, + { + id: 'CWE-7', + name: 'J2EE Misconfiguration: Missing Custom Error Page', + status: 'Incomplete', + }, + { id: 'CWE-804', name: 'Guessable CAPTCHA', status: 'Incomplete' }, + { + id: 'CWE-805', + name: 'Buffer Access with Incorrect Length Value', + status: 'Incomplete', + }, + { + id: 'CWE-806', + name: 'Buffer Access Using Size of Source Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-807', + name: 'Reliance on Untrusted Inputs in a Security Decision', + status: 'Incomplete', + }, + { + id: 'CWE-80', + name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', + status: 'Incomplete', + }, + { + id: 'CWE-81', + name: 'Improper Neutralization of Script in an Error Message Web Page', + status: 'Incomplete', + }, + { id: 'CWE-820', name: 'Missing Synchronization', status: 'Incomplete' }, + { id: 'CWE-821', name: 'Incorrect Synchronization', status: 'Incomplete' }, + { + id: 'CWE-822', + name: 'Untrusted Pointer Dereference', + status: 'Incomplete', + }, + { + id: 'CWE-823', + name: 'Use of Out-of-range Pointer Offset', + status: 'Incomplete', + }, + { + id: 'CWE-824', + name: 'Access of Uninitialized Pointer', + status: 'Incomplete', + }, + { + id: 'CWE-825', + name: 'Expired Pointer Dereference', + status: 'Incomplete', + }, + { + id: 'CWE-826', + name: 'Premature Release of Resource During Expected Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-827', + name: 'Improper Control of Document Type Definition', + status: 'Incomplete', + }, + { + id: 'CWE-828', + name: 'Signal Handler with Functionality that is not Asynchronous-Safe', + status: 'Incomplete', + }, + { + id: 'CWE-829', + name: 'Inclusion of Functionality from Untrusted Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-82', + name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', + status: 'Incomplete', + }, + { + id: 'CWE-830', + name: 'Inclusion of Web Functionality from an Untrusted Source', + status: 'Incomplete', + }, + { + id: 'CWE-831', + name: 'Signal Handler Function Associated with Multiple Signals', + status: 'Incomplete', + }, + { + id: 'CWE-832', + name: 'Unlock of a Resource that is not Locked', + status: 'Incomplete', + }, + { id: 'CWE-833', name: 'Deadlock', status: 'Incomplete' }, + { id: 'CWE-834', name: 'Excessive Iteration', status: 'Incomplete' }, + { + id: 'CWE-835', + name: "Loop with Unreachable Exit Condition ('Infinite Loop')", + status: 'Incomplete', + }, + { + id: 'CWE-836', + name: 'Use of Password Hash Instead of Password for Authentication', + status: 'Incomplete', + }, + { + id: 'CWE-837', + name: 'Improper Enforcement of a Single, Unique Action', + status: 'Incomplete', + }, + { + id: 'CWE-838', + name: 'Inappropriate Encoding for Output Context', + status: 'Incomplete', + }, + { + id: 'CWE-839', + name: 'Numeric Range Comparison Without Minimum Check', + status: 'Incomplete', + }, + { + id: 'CWE-83', + name: 'Improper Neutralization of Script in Attributes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-841', + name: 'Improper Enforcement of Behavioral Workflow', + status: 'Incomplete', + }, + { + id: 'CWE-842', + name: 'Placement of User into Incorrect Group', + status: 'Incomplete', + }, + { + id: 'CWE-843', + name: "Access of Resource Using Incompatible Type ('Type Confusion')", + status: 'Incomplete', + }, + { + id: 'CWE-84', + name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-85', + name: 'Doubled Character XSS Manipulations', + status: 'Draft', + }, + { id: 'CWE-862', name: 'Missing Authorization', status: 'Incomplete' }, + { id: 'CWE-863', name: 'Incorrect Authorization', status: 'Incomplete' }, + { + id: 'CWE-86', + name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', + status: 'Draft', + }, + { + id: 'CWE-87', + name: 'Improper Neutralization of Alternate XSS Syntax', + status: 'Draft', + }, + { + id: 'CWE-88', + name: 'Argument Injection or Modification', + status: 'Draft', + }, + { + id: 'CWE-89', + name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + status: 'Draft', + }, + { + id: 'CWE-8', + name: 'J2EE Misconfiguration: Entity Bean Declared Remote', + status: 'Incomplete', + }, + { + id: 'CWE-908', + name: 'Use of Uninitialized Resource', + status: 'Incomplete', + }, + { + id: 'CWE-909', + name: 'Missing Initialization of Resource', + status: 'Incomplete', + }, + { + id: 'CWE-90', + name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", + status: 'Draft', + }, + { + id: 'CWE-910', + name: 'Use of Expired File Descriptor', + status: 'Incomplete', + }, + { + id: 'CWE-911', + name: 'Improper Update of Reference Count', + status: 'Incomplete', + }, + { id: 'CWE-912', name: 'Hidden Functionality', status: 'Incomplete' }, + { + id: 'CWE-913', + name: 'Improper Control of Dynamically-Managed Code Resources', + status: 'Incomplete', + }, + { + id: 'CWE-914', + name: 'Improper Control of Dynamically-Identified Variables', + status: 'Incomplete', + }, + { + id: 'CWE-915', + name: 'Improperly Controlled Modification of Dynamically-Determined Object Attributes', + status: 'Incomplete', + }, + { + id: 'CWE-916', + name: 'Use of Password Hash With Insufficient Computational Effort', + status: 'Incomplete', + }, + { + id: 'CWE-917', + name: "Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-918', + name: 'Server-Side Request Forgery (SSRF)', + status: 'Incomplete', + }, + { + id: 'CWE-91', + name: 'XML Injection (aka Blind XPath Injection)', + status: 'Draft', + }, + { + id: 'CWE-920', + name: 'Improper Restriction of Power Consumption', + status: 'Incomplete', + }, + { + id: 'CWE-921', + name: 'Storage of Sensitive Data in a Mechanism without Access Control', + status: 'Incomplete', + }, + { + id: 'CWE-922', + name: 'Insecure Storage of Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-923', + name: 'Improper Restriction of Communication Channel to Intended Endpoints', + status: 'Incomplete', + }, + { + id: 'CWE-924', + name: 'Improper Enforcement of Message Integrity During Transmission in a Communication Channel', + status: 'Incomplete', + }, + { + id: 'CWE-925', + name: 'Improper Verification of Intent by Broadcast Receiver', + status: 'Incomplete', + }, + { + id: 'CWE-926', + name: 'Improper Export of Android Application Components', + status: 'Incomplete', + }, + { + id: 'CWE-927', + name: 'Use of Implicit Intent for Sensitive Communication', + status: 'Incomplete', + }, + { + id: 'CWE-92', + name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', + status: 'Deprecated', + }, + { + id: 'CWE-939', + name: 'Improper Authorization in Handler for Custom URL Scheme', + status: 'Incomplete', + }, + { + id: 'CWE-93', + name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", + status: 'Draft', + }, + { + id: 'CWE-940', + name: 'Improper Verification of Source of a Communication Channel', + status: 'Incomplete', + }, + { + id: 'CWE-941', + name: 'Incorrectly Specified Destination in a Communication Channel', + status: 'Incomplete', + }, + { + id: 'CWE-942', + name: 'Overly Permissive Cross-domain Whitelist', + status: 'Incomplete', + }, + { + id: 'CWE-943', + name: 'Improper Neutralization of Special Elements in Data Query Logic', + status: 'Incomplete', + }, + { + id: 'CWE-94', + name: "Improper Control of Generation of Code ('Code Injection')", + status: 'Draft', + }, + { + id: 'CWE-95', + name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-96', + name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", + status: 'Draft', + }, + { + id: 'CWE-97', + name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', + status: 'Draft', + }, + { + id: 'CWE-98', + name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", + status: 'Draft', + }, + { + id: 'CWE-99', + name: "Improper Control of Resource Identifiers ('Resource Injection')", + status: 'Draft', + }, + { + id: 'CWE-9', + name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', + status: 'Draft', + }, + ], +} diff --git a/lib/cwec/3.1.js b/lib/cwec/3.1.js new file mode 100644 index 00000000..385fb587 --- /dev/null +++ b/lib/cwec/3.1.js @@ -0,0 +1,3109 @@ +export default { + date: '2018-03-29', + weaknesses: [ + { + id: 'CWE-1004', + name: "Sensitive Cookie Without 'HttpOnly' Flag", + status: 'Incomplete', + }, + { + id: 'CWE-1007', + name: 'Insufficient Visual Distinction of Homoglyphs Presented to User', + status: 'Incomplete', + }, + { + id: 'CWE-102', + name: 'Struts: Duplicate Validation Forms', + status: 'Incomplete', + }, + { + id: 'CWE-1021', + name: 'Improper Restriction of Rendered UI Layers or Frames', + status: 'Incomplete', + }, + { + id: 'CWE-1022', + name: 'Use of Web Link to Untrusted Target with window.opener Access', + status: 'Incomplete', + }, + { + id: 'CWE-1023', + name: 'Incomplete Comparison with Missing Factors', + status: 'Incomplete', + }, + { + id: 'CWE-1024', + name: 'Comparison of Incompatible Types', + status: 'Incomplete', + }, + { + id: 'CWE-1025', + name: 'Comparison Using Wrong Factors', + status: 'Incomplete', + }, + { + id: 'CWE-103', + name: 'Struts: Incomplete validate() Method Definition', + status: 'Draft', + }, + { + id: 'CWE-1037', + name: 'Processor Optimization Removal or Modification of Security-critical Code', + status: 'Incomplete', + }, + { + id: 'CWE-1038', + name: 'Insecure Automated Optimizations', + status: 'Draft', + }, + { + id: 'CWE-1039', + name: 'Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations', + status: 'Incomplete', + }, + { + id: 'CWE-104', + name: 'Struts: Form Bean Does Not Extend Validation Class', + status: 'Draft', + }, + { + id: 'CWE-105', + name: 'Struts: Form Field Without Validator', + status: 'Draft', + }, + { + id: 'CWE-106', + name: 'Struts: Plug-in Framework not in Use', + status: 'Draft', + }, + { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, + { + id: 'CWE-108', + name: 'Struts: Unvalidated Action Form', + status: 'Incomplete', + }, + { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, + { + id: 'CWE-11', + name: 'ASP.NET Misconfiguration: Creating Debug Binary', + status: 'Draft', + }, + { + id: 'CWE-110', + name: 'Struts: Validator Without Form Field', + status: 'Draft', + }, + { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, + { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, + { + id: 'CWE-113', + name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')", + status: 'Incomplete', + }, + { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, + { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, + { + id: 'CWE-116', + name: 'Improper Encoding or Escaping of Output', + status: 'Draft', + }, + { + id: 'CWE-117', + name: 'Improper Output Neutralization for Logs', + status: 'Draft', + }, + { + id: 'CWE-118', + name: "Incorrect Access of Indexable Resource ('Range Error')", + status: 'Incomplete', + }, + { + id: 'CWE-119', + name: 'Improper Restriction of Operations within the Bounds of a Memory Buffer', + status: 'Usable', + }, + { + id: 'CWE-12', + name: 'ASP.NET Misconfiguration: Missing Custom Error Page', + status: 'Draft', + }, + { + id: 'CWE-120', + name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", + status: 'Incomplete', + }, + { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, + { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, + { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, + { + id: 'CWE-124', + name: "Buffer Underwrite ('Buffer Underflow')", + status: 'Incomplete', + }, + { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, + { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, + { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, + { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, + { + id: 'CWE-129', + name: 'Improper Validation of Array Index', + status: 'Draft', + }, + { + id: 'CWE-13', + name: 'ASP.NET Misconfiguration: Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-130', + name: 'Improper Handling of Length Parameter Inconsistency ', + status: 'Incomplete', + }, + { + id: 'CWE-131', + name: 'Incorrect Calculation of Buffer Size', + status: 'Draft', + }, + { + id: 'CWE-132', + name: 'DEPRECATED (Duplicate): Miscalculated Null Termination', + status: 'Deprecated', + }, + { + id: 'CWE-134', + name: 'Use of Externally-Controlled Format String', + status: 'Draft', + }, + { + id: 'CWE-135', + name: 'Incorrect Calculation of Multi-Byte String Length', + status: 'Draft', + }, + { + id: 'CWE-138', + name: 'Improper Neutralization of Special Elements', + status: 'Draft', + }, + { + id: 'CWE-14', + name: 'Compiler Removal of Code to Clear Buffers', + status: 'Draft', + }, + { + id: 'CWE-140', + name: 'Improper Neutralization of Delimiters', + status: 'Draft', + }, + { + id: 'CWE-141', + name: 'Improper Neutralization of Parameter/Argument Delimiters', + status: 'Draft', + }, + { + id: 'CWE-142', + name: 'Improper Neutralization of Value Delimiters', + status: 'Draft', + }, + { + id: 'CWE-143', + name: 'Improper Neutralization of Record Delimiters', + status: 'Draft', + }, + { + id: 'CWE-144', + name: 'Improper Neutralization of Line Delimiters', + status: 'Draft', + }, + { + id: 'CWE-145', + name: 'Improper Neutralization of Section Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-146', + name: 'Improper Neutralization of Expression/Command Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-147', + name: 'Improper Neutralization of Input Terminators', + status: 'Draft', + }, + { + id: 'CWE-148', + name: 'Improper Neutralization of Input Leaders', + status: 'Draft', + }, + { + id: 'CWE-149', + name: 'Improper Neutralization of Quoting Syntax', + status: 'Draft', + }, + { + id: 'CWE-15', + name: 'External Control of System or Configuration Setting', + status: 'Incomplete', + }, + { + id: 'CWE-150', + name: 'Improper Neutralization of Escape, Meta, or Control Sequences', + status: 'Incomplete', + }, + { + id: 'CWE-151', + name: 'Improper Neutralization of Comment Delimiters', + status: 'Draft', + }, + { + id: 'CWE-152', + name: 'Improper Neutralization of Macro Symbols', + status: 'Draft', + }, + { + id: 'CWE-153', + name: 'Improper Neutralization of Substitution Characters', + status: 'Draft', + }, + { + id: 'CWE-154', + name: 'Improper Neutralization of Variable Name Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-155', + name: 'Improper Neutralization of Wildcards or Matching Symbols', + status: 'Draft', + }, + { + id: 'CWE-156', + name: 'Improper Neutralization of Whitespace', + status: 'Draft', + }, + { + id: 'CWE-157', + name: 'Failure to Sanitize Paired Delimiters', + status: 'Draft', + }, + { + id: 'CWE-158', + name: 'Improper Neutralization of Null Byte or NUL Character', + status: 'Incomplete', + }, + { + id: 'CWE-159', + name: 'Failure to Sanitize Special Element', + status: 'Draft', + }, + { + id: 'CWE-160', + name: 'Improper Neutralization of Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-161', + name: 'Improper Neutralization of Multiple Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-162', + name: 'Improper Neutralization of Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-163', + name: 'Improper Neutralization of Multiple Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-164', + name: 'Improper Neutralization of Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-165', + name: 'Improper Neutralization of Multiple Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-166', + name: 'Improper Handling of Missing Special Element', + status: 'Draft', + }, + { + id: 'CWE-167', + name: 'Improper Handling of Additional Special Element', + status: 'Draft', + }, + { + id: 'CWE-168', + name: 'Improper Handling of Inconsistent Special Elements', + status: 'Draft', + }, + { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, + { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, + { + id: 'CWE-173', + name: 'Improper Handling of Alternate Encoding', + status: 'Draft', + }, + { + id: 'CWE-174', + name: 'Double Decoding of the Same Data', + status: 'Draft', + }, + { + id: 'CWE-175', + name: 'Improper Handling of Mixed Encoding', + status: 'Draft', + }, + { + id: 'CWE-176', + name: 'Improper Handling of Unicode Encoding', + status: 'Draft', + }, + { + id: 'CWE-177', + name: 'Improper Handling of URL Encoding (Hex Encoding)', + status: 'Draft', + }, + { + id: 'CWE-178', + name: 'Improper Handling of Case Sensitivity', + status: 'Incomplete', + }, + { + id: 'CWE-179', + name: 'Incorrect Behavior Order: Early Validation', + status: 'Incomplete', + }, + { + id: 'CWE-180', + name: 'Incorrect Behavior Order: Validate Before Canonicalize', + status: 'Draft', + }, + { + id: 'CWE-181', + name: 'Incorrect Behavior Order: Validate Before Filter', + status: 'Draft', + }, + { + id: 'CWE-182', + name: 'Collapse of Data into Unsafe Value', + status: 'Draft', + }, + { id: 'CWE-183', name: 'Permissive Whitelist', status: 'Draft' }, + { id: 'CWE-184', name: 'Incomplete Blacklist', status: 'Draft' }, + { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, + { + id: 'CWE-186', + name: 'Overly Restrictive Regular Expression', + status: 'Draft', + }, + { id: 'CWE-187', name: 'Partial String Comparison', status: 'Incomplete' }, + { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, + { + id: 'CWE-190', + name: 'Integer Overflow or Wraparound', + status: 'Incomplete', + }, + { + id: 'CWE-191', + name: 'Integer Underflow (Wrap or Wraparound)', + status: 'Draft', + }, + { id: 'CWE-192', name: 'Integer Coercion Error', status: 'Incomplete' }, + { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, + { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, + { + id: 'CWE-195', + name: 'Signed to Unsigned Conversion Error', + status: 'Draft', + }, + { + id: 'CWE-196', + name: 'Unsigned to Signed Conversion Error', + status: 'Draft', + }, + { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, + { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, + { id: 'CWE-20', name: 'Improper Input Validation', status: 'Usable' }, + { id: 'CWE-200', name: 'Information Exposure', status: 'Incomplete' }, + { + id: 'CWE-201', + name: 'Information Exposure Through Sent Data', + status: 'Draft', + }, + { + id: 'CWE-202', + name: 'Exposure of Sensitive Data Through Data Queries', + status: 'Draft', + }, + { + id: 'CWE-203', + name: 'Information Exposure Through Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-204', + name: 'Response Discrepancy Information Exposure', + status: 'Incomplete', + }, + { + id: 'CWE-205', + name: 'Information Exposure Through Behavioral Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-206', + name: 'Information Exposure of Internal State Through Behavioral Inconsistency', + status: 'Incomplete', + }, + { + id: 'CWE-207', + name: 'Information Exposure Through an External Behavioral Inconsistency', + status: 'Draft', + }, + { + id: 'CWE-208', + name: 'Information Exposure Through Timing Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-209', + name: 'Information Exposure Through an Error Message', + status: 'Draft', + }, + { + id: 'CWE-210', + name: 'Information Exposure Through Self-generated Error Message', + status: 'Draft', + }, + { + id: 'CWE-211', + name: 'Information Exposure Through Externally-Generated Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-212', + name: 'Improper Cross-boundary Removal of Sensitive Data', + status: 'Incomplete', + }, + { + id: 'CWE-213', + name: 'Intentional Information Exposure', + status: 'Draft', + }, + { + id: 'CWE-214', + name: 'Information Exposure Through Process Environment', + status: 'Incomplete', + }, + { + id: 'CWE-215', + name: 'Information Exposure Through Debug Information', + status: 'Draft', + }, + { + id: 'CWE-216', + name: 'Containment Errors (Container Errors)', + status: 'Incomplete', + }, + { + id: 'CWE-217', + name: 'DEPRECATED: Failure to Protect Stored Data from Modification', + status: 'Deprecated', + }, + { + id: 'CWE-218', + name: 'DEPRECATED (Duplicate): Failure to provide confidentiality for stored data', + status: 'Deprecated', + }, + { id: 'CWE-219', name: 'Sensitive Data Under Web Root', status: 'Draft' }, + { + id: 'CWE-22', + name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + status: 'Draft', + }, + { id: 'CWE-220', name: 'Sensitive Data Under FTP Root', status: 'Draft' }, + { + id: 'CWE-221', + name: 'Information Loss or Omission', + status: 'Incomplete', + }, + { + id: 'CWE-222', + name: 'Truncation of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-223', + name: 'Omission of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-224', + name: 'Obscured Security-relevant Information by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-225', + name: 'DEPRECATED (Duplicate): General Information Management Problems', + status: 'Deprecated', + }, + { + id: 'CWE-226', + name: 'Sensitive Information Uncleared Before Release', + status: 'Draft', + }, + { + id: 'CWE-228', + name: 'Improper Handling of Syntactically Invalid Structure', + status: 'Incomplete', + }, + { + id: 'CWE-229', + name: 'Improper Handling of Values', + status: 'Incomplete', + }, + { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, + { + id: 'CWE-230', + name: 'Improper Handling of Missing Values', + status: 'Draft', + }, + { + id: 'CWE-231', + name: 'Improper Handling of Extra Values', + status: 'Draft', + }, + { + id: 'CWE-232', + name: 'Improper Handling of Undefined Values', + status: 'Draft', + }, + { + id: 'CWE-233', + name: 'Improper Handling of Parameters', + status: 'Incomplete', + }, + { + id: 'CWE-234', + name: 'Failure to Handle Missing Parameter', + status: 'Incomplete', + }, + { + id: 'CWE-235', + name: 'Improper Handling of Extra Parameters', + status: 'Draft', + }, + { + id: 'CWE-236', + name: 'Improper Handling of Undefined Parameters', + status: 'Draft', + }, + { + id: 'CWE-237', + name: 'Improper Handling of Structural Elements', + status: 'Incomplete', + }, + { + id: 'CWE-238', + name: 'Improper Handling of Incomplete Structural Elements', + status: 'Draft', + }, + { + id: 'CWE-239', + name: 'Failure to Handle Incomplete Element', + status: 'Draft', + }, + { + id: 'CWE-24', + name: "Path Traversal: '../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-240', + name: 'Improper Handling of Inconsistent Structural Elements', + status: 'Draft', + }, + { + id: 'CWE-241', + name: 'Improper Handling of Unexpected Data Type', + status: 'Draft', + }, + { + id: 'CWE-242', + name: 'Use of Inherently Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-243', + name: 'Creation of chroot Jail Without Changing Working Directory', + status: 'Draft', + }, + { + id: 'CWE-244', + name: "Improper Clearing of Heap Memory Before Release ('Heap Inspection')", + status: 'Draft', + }, + { + id: 'CWE-245', + name: 'J2EE Bad Practices: Direct Management of Connections', + status: 'Draft', + }, + { + id: 'CWE-246', + name: 'J2EE Bad Practices: Direct Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-247', + name: 'DEPRECATED (Duplicate): Reliance on DNS Lookups in a Security Decision', + status: 'Deprecated', + }, + { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, + { + id: 'CWE-249', + name: 'DEPRECATED: Often Misused: Path Manipulation', + status: 'Deprecated', + }, + { + id: 'CWE-25', + name: "Path Traversal: '/../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-250', + name: 'Execution with Unnecessary Privileges', + status: 'Draft', + }, + { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, + { + id: 'CWE-253', + name: 'Incorrect Check of Function Return Value', + status: 'Incomplete', + }, + { + id: 'CWE-256', + name: 'Unprotected Storage of Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-257', + name: 'Storing Passwords in a Recoverable Format', + status: 'Incomplete', + }, + { + id: 'CWE-258', + name: 'Empty Password in Configuration File', + status: 'Incomplete', + }, + { id: 'CWE-259', name: 'Use of Hard-coded Password', status: 'Draft' }, + { + id: 'CWE-26', + name: "Path Traversal: '/dir/../filename'", + status: 'Draft', + }, + { + id: 'CWE-260', + name: 'Password in Configuration File', + status: 'Incomplete', + }, + { + id: 'CWE-261', + name: 'Weak Cryptography for Passwords', + status: 'Incomplete', + }, + { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, + { + id: 'CWE-263', + name: 'Password Aging with Long Expiration', + status: 'Draft', + }, + { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, + { + id: 'CWE-267', + name: 'Privilege Defined With Unsafe Actions', + status: 'Incomplete', + }, + { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, + { + id: 'CWE-269', + name: 'Improper Privilege Management', + status: 'Incomplete', + }, + { + id: 'CWE-27', + name: "Path Traversal: 'dir/../../filename'", + status: 'Draft', + }, + { + id: 'CWE-270', + name: 'Privilege Context Switching Error', + status: 'Draft', + }, + { + id: 'CWE-271', + name: 'Privilege Dropping / Lowering Errors', + status: 'Incomplete', + }, + { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, + { + id: 'CWE-273', + name: 'Improper Check for Dropped Privileges', + status: 'Incomplete', + }, + { + id: 'CWE-274', + name: 'Improper Handling of Insufficient Privileges', + status: 'Draft', + }, + { id: 'CWE-276', name: 'Incorrect Default Permissions', status: 'Draft' }, + { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, + { + id: 'CWE-278', + name: 'Insecure Preserved Inherited Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-279', + name: 'Incorrect Execution-Assigned Permissions', + status: 'Draft', + }, + { + id: 'CWE-28', + name: "Path Traversal: '..\\filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-280', + name: 'Improper Handling of Insufficient Permissions or Privileges ', + status: 'Draft', + }, + { + id: 'CWE-281', + name: 'Improper Preservation of Permissions', + status: 'Draft', + }, + { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, + { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, + { id: 'CWE-284', name: 'Improper Access Control', status: 'Incomplete' }, + { id: 'CWE-285', name: 'Improper Authorization', status: 'Draft' }, + { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, + { id: 'CWE-287', name: 'Improper Authentication', status: 'Draft' }, + { + id: 'CWE-288', + name: 'Authentication Bypass Using an Alternate Path or Channel', + status: 'Incomplete', + }, + { + id: 'CWE-289', + name: 'Authentication Bypass by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-29', + name: "Path Traversal: '\\..\\filename'", + status: 'Incomplete', + }, + { + id: 'CWE-290', + name: 'Authentication Bypass by Spoofing', + status: 'Incomplete', + }, + { + id: 'CWE-291', + name: 'Reliance on IP Address for Authentication', + status: 'Incomplete', + }, + { + id: 'CWE-292', + name: 'DEPRECATED (Duplicate): Trusting Self-reported DNS Name', + status: 'Deprecated', + }, + { + id: 'CWE-293', + name: 'Using Referer Field for Authentication', + status: 'Draft', + }, + { + id: 'CWE-294', + name: 'Authentication Bypass by Capture-replay', + status: 'Incomplete', + }, + { + id: 'CWE-295', + name: 'Improper Certificate Validation', + status: 'Incomplete', + }, + { + id: 'CWE-296', + name: "Improper Following of a Certificate's Chain of Trust", + status: 'Draft', + }, + { + id: 'CWE-297', + name: 'Improper Validation of Certificate with Host Mismatch', + status: 'Incomplete', + }, + { + id: 'CWE-298', + name: 'Improper Validation of Certificate Expiration', + status: 'Draft', + }, + { + id: 'CWE-299', + name: 'Improper Check for Certificate Revocation', + status: 'Draft', + }, + { + id: 'CWE-30', + name: "Path Traversal: '\\dir\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-300', + name: "Channel Accessible by Non-Endpoint ('Man-in-the-Middle')", + status: 'Draft', + }, + { + id: 'CWE-301', + name: 'Reflection Attack in an Authentication Protocol', + status: 'Draft', + }, + { + id: 'CWE-302', + name: 'Authentication Bypass by Assumed-Immutable Data', + status: 'Incomplete', + }, + { + id: 'CWE-303', + name: 'Incorrect Implementation of Authentication Algorithm', + status: 'Draft', + }, + { + id: 'CWE-304', + name: 'Missing Critical Step in Authentication', + status: 'Draft', + }, + { + id: 'CWE-305', + name: 'Authentication Bypass by Primary Weakness', + status: 'Draft', + }, + { + id: 'CWE-306', + name: 'Missing Authentication for Critical Function', + status: 'Draft', + }, + { + id: 'CWE-307', + name: 'Improper Restriction of Excessive Authentication Attempts', + status: 'Draft', + }, + { + id: 'CWE-308', + name: 'Use of Single-factor Authentication', + status: 'Draft', + }, + { + id: 'CWE-309', + name: 'Use of Password System for Primary Authentication', + status: 'Draft', + }, + { + id: 'CWE-31', + name: "Path Traversal: 'dir\\..\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-311', + name: 'Missing Encryption of Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-312', + name: 'Cleartext Storage of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-313', + name: 'Cleartext Storage in a File or on Disk', + status: 'Draft', + }, + { + id: 'CWE-314', + name: 'Cleartext Storage in the Registry', + status: 'Draft', + }, + { + id: 'CWE-315', + name: 'Cleartext Storage of Sensitive Information in a Cookie', + status: 'Draft', + }, + { + id: 'CWE-316', + name: 'Cleartext Storage of Sensitive Information in Memory', + status: 'Draft', + }, + { + id: 'CWE-317', + name: 'Cleartext Storage of Sensitive Information in GUI', + status: 'Draft', + }, + { + id: 'CWE-318', + name: 'Cleartext Storage of Sensitive Information in Executable', + status: 'Draft', + }, + { + id: 'CWE-319', + name: 'Cleartext Transmission of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-32', + name: "Path Traversal: '...' (Triple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-321', + name: 'Use of Hard-coded Cryptographic Key', + status: 'Draft', + }, + { + id: 'CWE-322', + name: 'Key Exchange without Entity Authentication', + status: 'Draft', + }, + { + id: 'CWE-323', + name: 'Reusing a Nonce, Key Pair in Encryption', + status: 'Incomplete', + }, + { + id: 'CWE-324', + name: 'Use of a Key Past its Expiration Date', + status: 'Draft', + }, + { + id: 'CWE-325', + name: 'Missing Required Cryptographic Step', + status: 'Incomplete', + }, + { id: 'CWE-326', name: 'Inadequate Encryption Strength', status: 'Draft' }, + { + id: 'CWE-327', + name: 'Use of a Broken or Risky Cryptographic Algorithm', + status: 'Draft', + }, + { id: 'CWE-328', name: 'Reversible One-Way Hash', status: 'Draft' }, + { + id: 'CWE-329', + name: 'Not Using a Random IV with CBC Mode', + status: 'Draft', + }, + { + id: 'CWE-33', + name: "Path Traversal: '....' (Multiple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-330', + name: 'Use of Insufficiently Random Values', + status: 'Usable', + }, + { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, + { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, + { + id: 'CWE-333', + name: 'Improper Handling of Insufficient Entropy in TRNG', + status: 'Draft', + }, + { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, + { + id: 'CWE-335', + name: 'Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + }, + { + id: 'CWE-336', + name: 'Same Seed in Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + }, + { + id: 'CWE-337', + name: 'Predictable Seed in Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + }, + { + id: 'CWE-338', + name: 'Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + }, + { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, + { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, + { id: 'CWE-340', name: 'Predictability Problems', status: 'Incomplete' }, + { + id: 'CWE-341', + name: 'Predictable from Observable State', + status: 'Draft', + }, + { + id: 'CWE-342', + name: 'Predictable Exact Value from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-343', + name: 'Predictable Value Range from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-344', + name: 'Use of Invariant Value in Dynamically Changing Context', + status: 'Draft', + }, + { + id: 'CWE-345', + name: 'Insufficient Verification of Data Authenticity', + status: 'Draft', + }, + { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, + { + id: 'CWE-347', + name: 'Improper Verification of Cryptographic Signature', + status: 'Draft', + }, + { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, + { + id: 'CWE-349', + name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', + status: 'Draft', + }, + { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, + { + id: 'CWE-350', + name: 'Reliance on Reverse DNS Resolution for a Security-Critical Action', + status: 'Draft', + }, + { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, + { + id: 'CWE-352', + name: 'Cross-Site Request Forgery (CSRF)', + status: 'Draft', + }, + { + id: 'CWE-353', + name: 'Missing Support for Integrity Check', + status: 'Draft', + }, + { + id: 'CWE-354', + name: 'Improper Validation of Integrity Check Value', + status: 'Draft', + }, + { + id: 'CWE-356', + name: 'Product UI does not Warn User of Unsafe Actions', + status: 'Incomplete', + }, + { + id: 'CWE-357', + name: 'Insufficient UI Warning of Dangerous Operations', + status: 'Draft', + }, + { + id: 'CWE-358', + name: 'Improperly Implemented Security Check for Standard', + status: 'Draft', + }, + { + id: 'CWE-359', + name: "Exposure of Private Information ('Privacy Violation')", + status: 'Incomplete', + }, + { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, + { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, + { + id: 'CWE-362', + name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", + status: 'Draft', + }, + { + id: 'CWE-363', + name: 'Race Condition Enabling Link Following', + status: 'Draft', + }, + { + id: 'CWE-364', + name: 'Signal Handler Race Condition', + status: 'Incomplete', + }, + { id: 'CWE-365', name: 'Race Condition in Switch', status: 'Draft' }, + { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, + { + id: 'CWE-367', + name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', + status: 'Incomplete', + }, + { + id: 'CWE-368', + name: 'Context Switching Race Condition', + status: 'Draft', + }, + { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, + { + id: 'CWE-37', + name: "Path Traversal: '/absolute/pathname/here'", + status: 'Draft', + }, + { + id: 'CWE-370', + name: 'Missing Check for Certificate Revocation after Initial Check', + status: 'Draft', + }, + { + id: 'CWE-372', + name: 'Incomplete Internal State Distinction', + status: 'Draft', + }, + { + id: 'CWE-373', + name: 'DEPRECATED: State Synchronization Error', + status: 'Deprecated', + }, + { + id: 'CWE-374', + name: 'Passing Mutable Objects to an Untrusted Method', + status: 'Draft', + }, + { + id: 'CWE-375', + name: 'Returning a Mutable Object to an Untrusted Caller', + status: 'Draft', + }, + { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, + { + id: 'CWE-378', + name: 'Creation of Temporary File With Insecure Permissions', + status: 'Draft', + }, + { + id: 'CWE-379', + name: 'Creation of Temporary File in Directory with Incorrect Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-38', + name: "Path Traversal: '\\absolute\\pathname\\here'", + status: 'Draft', + }, + { + id: 'CWE-382', + name: 'J2EE Bad Practices: Use of System.exit()', + status: 'Draft', + }, + { + id: 'CWE-383', + name: 'J2EE Bad Practices: Direct Use of Threads', + status: 'Draft', + }, + { id: 'CWE-384', name: 'Session Fixation', status: 'Incomplete' }, + { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, + { + id: 'CWE-386', + name: 'Symbolic Name not Mapping to Correct Object', + status: 'Draft', + }, + { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, + { + id: 'CWE-390', + name: 'Detection of Error Condition Without Action', + status: 'Draft', + }, + { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, + { + id: 'CWE-392', + name: 'Missing Report of Error Condition', + status: 'Draft', + }, + { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, + { + id: 'CWE-394', + name: 'Unexpected Status Code or Return Value', + status: 'Draft', + }, + { + id: 'CWE-395', + name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', + status: 'Draft', + }, + { + id: 'CWE-396', + name: 'Declaration of Catch for Generic Exception', + status: 'Draft', + }, + { + id: 'CWE-397', + name: 'Declaration of Throws for Generic Exception', + status: 'Draft', + }, + { + id: 'CWE-40', + name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", + status: 'Draft', + }, + { + id: 'CWE-400', + name: "Uncontrolled Resource Consumption ('Resource Exhaustion')", + status: 'Incomplete', + }, + { + id: 'CWE-401', + name: "Improper Release of Memory Before Removing Last Reference ('Memory Leak')", + status: 'Draft', + }, + { + id: 'CWE-402', + name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", + status: 'Draft', + }, + { + id: 'CWE-403', + name: "Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')", + status: 'Draft', + }, + { + id: 'CWE-404', + name: 'Improper Resource Shutdown or Release', + status: 'Draft', + }, + { + id: 'CWE-405', + name: 'Asymmetric Resource Consumption (Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-406', + name: 'Insufficient Control of Network Message Volume (Network Amplification)', + status: 'Incomplete', + }, + { id: 'CWE-407', name: 'Algorithmic Complexity', status: 'Incomplete' }, + { + id: 'CWE-408', + name: 'Incorrect Behavior Order: Early Amplification', + status: 'Draft', + }, + { + id: 'CWE-409', + name: 'Improper Handling of Highly Compressed Data (Data Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-41', + name: 'Improper Resolution of Path Equivalence', + status: 'Incomplete', + }, + { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, + { + id: 'CWE-412', + name: 'Unrestricted Externally Accessible Lock', + status: 'Incomplete', + }, + { id: 'CWE-413', name: 'Improper Resource Locking', status: 'Draft' }, + { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, + { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, + { id: 'CWE-416', name: 'Use After Free', status: 'Draft' }, + { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, + { + id: 'CWE-42', + name: "Path Equivalence: 'filename.' (Trailing Dot)", + status: 'Incomplete', + }, + { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, + { + id: 'CWE-421', + name: 'Race Condition During Access to Alternate Channel', + status: 'Draft', + }, + { + id: 'CWE-422', + name: "Unprotected Windows Messaging Channel ('Shatter')", + status: 'Draft', + }, + { + id: 'CWE-423', + name: 'DEPRECATED (Duplicate): Proxied Trusted Channel', + status: 'Deprecated', + }, + { + id: 'CWE-424', + name: 'Improper Protection of Alternate Path', + status: 'Draft', + }, + { + id: 'CWE-425', + name: "Direct Request ('Forced Browsing')", + status: 'Incomplete', + }, + { id: 'CWE-426', name: 'Untrusted Search Path', status: 'Draft' }, + { + id: 'CWE-427', + name: 'Uncontrolled Search Path Element', + status: 'Draft', + }, + { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, + { + id: 'CWE-43', + name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-430', + name: 'Deployment of Wrong Handler', + status: 'Incomplete', + }, + { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, + { + id: 'CWE-432', + name: 'Dangerous Signal Handler not Disabled During Sensitive Operations', + status: 'Draft', + }, + { + id: 'CWE-433', + name: 'Unparsed Raw Web Content Delivery', + status: 'Incomplete', + }, + { + id: 'CWE-434', + name: 'Unrestricted Upload of File with Dangerous Type', + status: 'Draft', + }, + { + id: 'CWE-435', + name: 'Improper Interaction Between Multiple Correctly-Behaving Entities', + status: 'Draft', + }, + { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, + { + id: 'CWE-437', + name: 'Incomplete Model of Endpoint Features', + status: 'Incomplete', + }, + { + id: 'CWE-439', + name: 'Behavioral Change in New Version or Environment', + status: 'Draft', + }, + { + id: 'CWE-44', + name: "Path Equivalence: 'file.name' (Internal Dot)", + status: 'Incomplete', + }, + { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, + { + id: 'CWE-441', + name: "Unintended Proxy or Intermediary ('Confused Deputy')", + status: 'Draft', + }, + { + id: 'CWE-443', + name: 'DEPRECATED (Duplicate): HTTP response splitting', + status: 'Deprecated', + }, + { + id: 'CWE-444', + name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')", + status: 'Incomplete', + }, + { + id: 'CWE-446', + name: 'UI Discrepancy for Security Feature', + status: 'Incomplete', + }, + { + id: 'CWE-447', + name: 'Unimplemented or Unsupported Feature in UI', + status: 'Draft', + }, + { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, + { + id: 'CWE-449', + name: 'The UI Performs the Wrong Action', + status: 'Incomplete', + }, + { + id: 'CWE-45', + name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-450', + name: 'Multiple Interpretations of UI Input', + status: 'Draft', + }, + { + id: 'CWE-451', + name: 'User Interface (UI) Misrepresentation of Critical Information', + status: 'Draft', + }, + { + id: 'CWE-453', + name: 'Insecure Default Variable Initialization', + status: 'Draft', + }, + { + id: 'CWE-454', + name: 'External Initialization of Trusted Variables or Data Stores', + status: 'Draft', + }, + { + id: 'CWE-455', + name: 'Non-exit on Failed Initialization', + status: 'Draft', + }, + { + id: 'CWE-456', + name: 'Missing Initialization of a Variable', + status: 'Draft', + }, + { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, + { + id: 'CWE-458', + name: 'DEPRECATED: Incorrect Initialization', + status: 'Deprecated', + }, + { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, + { + id: 'CWE-46', + name: "Path Equivalence: 'filename ' (Trailing Space)", + status: 'Incomplete', + }, + { + id: 'CWE-460', + name: 'Improper Cleanup on Thrown Exception', + status: 'Draft', + }, + { + id: 'CWE-462', + name: 'Duplicate Key in Associative List (Alist)', + status: 'Incomplete', + }, + { + id: 'CWE-463', + name: 'Deletion of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-464', + name: 'Addition of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-466', + name: 'Return of Pointer Value Outside of Expected Range', + status: 'Draft', + }, + { + id: 'CWE-467', + name: 'Use of sizeof() on a Pointer Type', + status: 'Draft', + }, + { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, + { + id: 'CWE-469', + name: 'Use of Pointer Subtraction to Determine Size', + status: 'Draft', + }, + { + id: 'CWE-47', + name: "Path Equivalence: ' filename' (Leading Space)", + status: 'Incomplete', + }, + { + id: 'CWE-470', + name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", + status: 'Draft', + }, + { + id: 'CWE-471', + name: 'Modification of Assumed-Immutable Data (MAID)', + status: 'Draft', + }, + { + id: 'CWE-472', + name: 'External Control of Assumed-Immutable Web Parameter', + status: 'Draft', + }, + { + id: 'CWE-473', + name: 'PHP External Variable Modification', + status: 'Draft', + }, + { + id: 'CWE-474', + name: 'Use of Function with Inconsistent Implementations', + status: 'Draft', + }, + { + id: 'CWE-475', + name: 'Undefined Behavior for Input to API', + status: 'Incomplete', + }, + { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Draft' }, + { id: 'CWE-477', name: 'Use of Obsolete Function', status: 'Draft' }, + { + id: 'CWE-478', + name: 'Missing Default Case in Switch Statement', + status: 'Draft', + }, + { + id: 'CWE-479', + name: 'Signal Handler Use of a Non-reentrant Function', + status: 'Draft', + }, + { + id: 'CWE-48', + name: "Path Equivalence: 'file name' (Internal Whitespace)", + status: 'Incomplete', + }, + { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, + { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, + { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, + { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, + { + id: 'CWE-484', + name: 'Omitted Break Statement in Switch', + status: 'Draft', + }, + { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, + { + id: 'CWE-487', + name: 'Reliance on Package-level Scope', + status: 'Incomplete', + }, + { + id: 'CWE-488', + name: 'Exposure of Data Element to Wrong Session', + status: 'Draft', + }, + { id: 'CWE-489', name: 'Leftover Debug Code', status: 'Draft' }, + { + id: 'CWE-49', + name: "Path Equivalence: 'filename/' (Trailing Slash)", + status: 'Incomplete', + }, + { + id: 'CWE-491', + name: "Public cloneable() Method Without Final ('Object Hijack')", + status: 'Draft', + }, + { + id: 'CWE-492', + name: 'Use of Inner Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-493', + name: 'Critical Public Variable Without Final Modifier', + status: 'Draft', + }, + { + id: 'CWE-494', + name: 'Download of Code Without Integrity Check', + status: 'Draft', + }, + { + id: 'CWE-495', + name: 'Private Array-Typed Field Returned From A Public Method', + status: 'Draft', + }, + { + id: 'CWE-496', + name: 'Public Data Assigned to Private Array-Typed Field', + status: 'Incomplete', + }, + { + id: 'CWE-497', + name: 'Exposure of System Data to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-498', + name: 'Cloneable Class Containing Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-499', + name: 'Serializable Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-5', + name: 'J2EE Misconfiguration: Data Transmission Without Encryption', + status: 'Draft', + }, + { + id: 'CWE-50', + name: "Path Equivalence: '//multiple/leading/slash'", + status: 'Incomplete', + }, + { + id: 'CWE-500', + name: 'Public Static Field Not Marked Final', + status: 'Draft', + }, + { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, + { + id: 'CWE-502', + name: 'Deserialization of Untrusted Data', + status: 'Draft', + }, + { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, + { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, + { + id: 'CWE-508', + name: 'Non-Replicating Malicious Code', + status: 'Incomplete', + }, + { + id: 'CWE-509', + name: 'Replicating Malicious Code (Virus or Worm)', + status: 'Incomplete', + }, + { + id: 'CWE-51', + name: "Path Equivalence: '/multiple//internal/slash'", + status: 'Incomplete', + }, + { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, + { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, + { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, + { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, + { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, + { + id: 'CWE-516', + name: 'DEPRECATED (Duplicate): Covert Timing Channel', + status: 'Deprecated', + }, + { + id: 'CWE-52', + name: "Path Equivalence: '/multiple/trailing/slash//'", + status: 'Incomplete', + }, + { + id: 'CWE-520', + name: '.NET Misconfiguration: Use of Impersonation', + status: 'Incomplete', + }, + { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, + { + id: 'CWE-522', + name: 'Insufficiently Protected Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-523', + name: 'Unprotected Transport of Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-524', + name: 'Information Exposure Through Caching', + status: 'Incomplete', + }, + { + id: 'CWE-525', + name: 'Information Exposure Through Browser Caching', + status: 'Incomplete', + }, + { + id: 'CWE-526', + name: 'Information Exposure Through Environmental Variables', + status: 'Incomplete', + }, + { + id: 'CWE-527', + name: 'Exposure of CVS Repository to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-528', + name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', + status: 'Draft', + }, + { + id: 'CWE-529', + name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-53', + name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", + status: 'Incomplete', + }, + { + id: 'CWE-530', + name: 'Exposure of Backup File to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-531', + name: 'Information Exposure Through Test Code', + status: 'Incomplete', + }, + { + id: 'CWE-532', + name: 'Information Exposure Through Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-533', + name: 'DEPRECATED: Information Exposure Through Server Log Files', + status: 'Deprecated', + }, + { + id: 'CWE-534', + name: 'DEPRECATED: Information Exposure Through Debug Log Files', + status: 'Deprecated', + }, + { + id: 'CWE-535', + name: 'Information Exposure Through Shell Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-536', + name: 'Information Exposure Through Servlet Runtime Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-537', + name: 'Information Exposure Through Java Runtime Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-538', + name: 'File and Directory Information Exposure', + status: 'Draft', + }, + { + id: 'CWE-539', + name: 'Information Exposure Through Persistent Cookies', + status: 'Incomplete', + }, + { + id: 'CWE-54', + name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", + status: 'Incomplete', + }, + { + id: 'CWE-540', + name: 'Information Exposure Through Source Code', + status: 'Incomplete', + }, + { + id: 'CWE-541', + name: 'Information Exposure Through Include Source Code', + status: 'Incomplete', + }, + { + id: 'CWE-542', + name: 'DEPRECATED: Information Exposure Through Cleanup Log Files', + status: 'Deprecated', + }, + { + id: 'CWE-543', + name: 'Use of Singleton Pattern Without Synchronization in a Multithreaded Context', + status: 'Incomplete', + }, + { + id: 'CWE-544', + name: 'Missing Standardized Error Handling Mechanism', + status: 'Draft', + }, + { + id: 'CWE-545', + name: 'DEPRECATED: Use of Dynamic Class Loading', + status: 'Deprecated', + }, + { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, + { + id: 'CWE-547', + name: 'Use of Hard-coded, Security-relevant Constants', + status: 'Draft', + }, + { + id: 'CWE-548', + name: 'Information Exposure Through Directory Listing', + status: 'Draft', + }, + { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, + { + id: 'CWE-55', + name: "Path Equivalence: '/./' (Single Dot Directory)", + status: 'Incomplete', + }, + { + id: 'CWE-550', + name: 'Information Exposure Through Server Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-551', + name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', + status: 'Incomplete', + }, + { + id: 'CWE-552', + name: 'Files or Directories Accessible to External Parties', + status: 'Draft', + }, + { + id: 'CWE-553', + name: 'Command Shell in Externally Accessible Directory', + status: 'Incomplete', + }, + { + id: 'CWE-554', + name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', + status: 'Draft', + }, + { + id: 'CWE-555', + name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-556', + name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', + status: 'Incomplete', + }, + { + id: 'CWE-558', + name: 'Use of getlogin() in Multithreaded Application', + status: 'Draft', + }, + { + id: 'CWE-56', + name: "Path Equivalence: 'filedir*' (Wildcard)", + status: 'Incomplete', + }, + { + id: 'CWE-560', + name: 'Use of umask() with chmod-style Argument', + status: 'Draft', + }, + { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, + { + id: 'CWE-562', + name: 'Return of Stack Variable Address', + status: 'Draft', + }, + { + id: 'CWE-563', + name: 'Assignment to Variable without Use', + status: 'Draft', + }, + { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, + { + id: 'CWE-565', + name: 'Reliance on Cookies without Validation and Integrity Checking', + status: 'Incomplete', + }, + { + id: 'CWE-566', + name: 'Authorization Bypass Through User-Controlled SQL Primary Key', + status: 'Incomplete', + }, + { + id: 'CWE-567', + name: 'Unsynchronized Access to Shared Data in a Multithreaded Context', + status: 'Draft', + }, + { + id: 'CWE-568', + name: 'finalize() Method Without super.finalize()', + status: 'Draft', + }, + { + id: 'CWE-57', + name: "Path Equivalence: 'fakedir/../realdir/filename'", + status: 'Incomplete', + }, + { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, + { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, + { + id: 'CWE-572', + name: 'Call to Thread run() instead of start()', + status: 'Draft', + }, + { + id: 'CWE-573', + name: 'Improper Following of Specification by Caller', + status: 'Draft', + }, + { + id: 'CWE-574', + name: 'EJB Bad Practices: Use of Synchronization Primitives', + status: 'Draft', + }, + { + id: 'CWE-575', + name: 'EJB Bad Practices: Use of AWT Swing', + status: 'Draft', + }, + { + id: 'CWE-576', + name: 'EJB Bad Practices: Use of Java I/O', + status: 'Draft', + }, + { + id: 'CWE-577', + name: 'EJB Bad Practices: Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-578', + name: 'EJB Bad Practices: Use of Class Loader', + status: 'Draft', + }, + { + id: 'CWE-579', + name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', + status: 'Draft', + }, + { + id: 'CWE-58', + name: 'Path Equivalence: Windows 8.3 Filename', + status: 'Incomplete', + }, + { + id: 'CWE-580', + name: 'clone() Method Without super.clone()', + status: 'Draft', + }, + { + id: 'CWE-581', + name: 'Object Model Violation: Just One of Equals and Hashcode Defined', + status: 'Draft', + }, + { + id: 'CWE-582', + name: 'Array Declared Public, Final, and Static', + status: 'Draft', + }, + { + id: 'CWE-583', + name: 'finalize() Method Declared Public', + status: 'Incomplete', + }, + { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, + { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, + { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, + { + id: 'CWE-587', + name: 'Assignment of a Fixed Address to a Pointer', + status: 'Draft', + }, + { + id: 'CWE-588', + name: 'Attempt to Access Child of a Non-structure Pointer', + status: 'Incomplete', + }, + { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, + { + id: 'CWE-59', + name: "Improper Link Resolution Before File Access ('Link Following')", + status: 'Draft', + }, + { + id: 'CWE-590', + name: 'Free of Memory not on the Heap', + status: 'Incomplete', + }, + { + id: 'CWE-591', + name: 'Sensitive Data Storage in Improperly Locked Memory', + status: 'Draft', + }, + { + id: 'CWE-592', + name: 'DEPRECATED: Authentication Bypass Issues', + status: 'Deprecated', + }, + { + id: 'CWE-593', + name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', + status: 'Draft', + }, + { + id: 'CWE-594', + name: 'J2EE Framework: Saving Unserializable Objects to Disk', + status: 'Incomplete', + }, + { + id: 'CWE-595', + name: 'Comparison of Object References Instead of Object Contents', + status: 'Incomplete', + }, + { + id: 'CWE-596', + name: 'DEPRECATED: Incorrect Semantic Object Comparison', + status: 'Deprecated', + }, + { + id: 'CWE-597', + name: 'Use of Wrong Operator in String Comparison', + status: 'Draft', + }, + { + id: 'CWE-598', + name: 'Information Exposure Through Query Strings in GET Request', + status: 'Draft', + }, + { + id: 'CWE-599', + name: 'Missing Validation of OpenSSL Certificate', + status: 'Incomplete', + }, + { + id: 'CWE-6', + name: 'J2EE Misconfiguration: Insufficient Session-ID Length', + status: 'Incomplete', + }, + { id: 'CWE-600', name: 'Uncaught Exception in Servlet ', status: 'Draft' }, + { + id: 'CWE-601', + name: "URL Redirection to Untrusted Site ('Open Redirect')", + status: 'Draft', + }, + { + id: 'CWE-602', + name: 'Client-Side Enforcement of Server-Side Security', + status: 'Draft', + }, + { + id: 'CWE-603', + name: 'Use of Client-Side Authentication', + status: 'Draft', + }, + { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, + { + id: 'CWE-606', + name: 'Unchecked Input for Loop Condition', + status: 'Draft', + }, + { + id: 'CWE-607', + name: 'Public Static Final Field References Mutable Object', + status: 'Draft', + }, + { + id: 'CWE-608', + name: 'Struts: Non-private Field in ActionForm Class', + status: 'Draft', + }, + { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, + { + id: 'CWE-61', + name: 'UNIX Symbolic Link (Symlink) Following', + status: 'Incomplete', + }, + { + id: 'CWE-610', + name: 'Externally Controlled Reference to a Resource in Another Sphere', + status: 'Draft', + }, + { + id: 'CWE-611', + name: "Improper Restriction of XML External Entity Reference ('XXE')", + status: 'Draft', + }, + { + id: 'CWE-612', + name: 'Information Exposure Through Indexing of Private Data', + status: 'Draft', + }, + { + id: 'CWE-613', + name: 'Insufficient Session Expiration', + status: 'Incomplete', + }, + { + id: 'CWE-614', + name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", + status: 'Draft', + }, + { + id: 'CWE-615', + name: 'Information Exposure Through Comments', + status: 'Incomplete', + }, + { + id: 'CWE-616', + name: 'Incomplete Identification of Uploaded File Variables (PHP)', + status: 'Incomplete', + }, + { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, + { + id: 'CWE-618', + name: 'Exposed Unsafe ActiveX Method', + status: 'Incomplete', + }, + { + id: 'CWE-619', + name: "Dangling Database Cursor ('Cursor Injection')", + status: 'Incomplete', + }, + { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, + { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, + { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, + { + id: 'CWE-622', + name: 'Improper Validation of Function Hook Arguments', + status: 'Draft', + }, + { + id: 'CWE-623', + name: 'Unsafe ActiveX Control Marked Safe For Scripting', + status: 'Draft', + }, + { + id: 'CWE-624', + name: 'Executable Regular Expression Error', + status: 'Incomplete', + }, + { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, + { + id: 'CWE-626', + name: 'Null Byte Interaction Error (Poison Null Byte)', + status: 'Draft', + }, + { + id: 'CWE-627', + name: 'Dynamic Variable Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-628', + name: 'Function Call with Incorrectly Specified Arguments', + status: 'Draft', + }, + { + id: 'CWE-636', + name: "Not Failing Securely ('Failing Open')", + status: 'Draft', + }, + { + id: 'CWE-637', + name: "Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')", + status: 'Draft', + }, + { id: 'CWE-638', name: 'Not Using Complete Mediation', status: 'Draft' }, + { + id: 'CWE-639', + name: 'Authorization Bypass Through User-Controlled Key', + status: 'Incomplete', + }, + { + id: 'CWE-64', + name: 'Windows Shortcut Following (.LNK)', + status: 'Incomplete', + }, + { + id: 'CWE-640', + name: 'Weak Password Recovery Mechanism for Forgotten Password', + status: 'Incomplete', + }, + { + id: 'CWE-641', + name: 'Improper Restriction of Names for Files and Other Resources', + status: 'Incomplete', + }, + { + id: 'CWE-642', + name: 'External Control of Critical State Data', + status: 'Draft', + }, + { + id: 'CWE-643', + name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-644', + name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', + status: 'Incomplete', + }, + { + id: 'CWE-645', + name: 'Overly Restrictive Account Lockout Mechanism', + status: 'Incomplete', + }, + { + id: 'CWE-646', + name: 'Reliance on File Name or Extension of Externally-Supplied File', + status: 'Incomplete', + }, + { + id: 'CWE-647', + name: 'Use of Non-Canonical URL Paths for Authorization Decisions', + status: 'Incomplete', + }, + { + id: 'CWE-648', + name: 'Incorrect Use of Privileged APIs', + status: 'Incomplete', + }, + { + id: 'CWE-649', + name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', + status: 'Incomplete', + }, + { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, + { + id: 'CWE-650', + name: 'Trusting HTTP Permission Methods on the Server Side', + status: 'Incomplete', + }, + { + id: 'CWE-651', + name: 'Information Exposure Through WSDL File', + status: 'Incomplete', + }, + { + id: 'CWE-652', + name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-653', + name: 'Insufficient Compartmentalization', + status: 'Draft', + }, + { + id: 'CWE-654', + name: 'Reliance on a Single Factor in a Security Decision', + status: 'Draft', + }, + { + id: 'CWE-655', + name: 'Insufficient Psychological Acceptability', + status: 'Draft', + }, + { + id: 'CWE-656', + name: 'Reliance on Security Through Obscurity', + status: 'Draft', + }, + { + id: 'CWE-657', + name: 'Violation of Secure Design Principles', + status: 'Draft', + }, + { + id: 'CWE-66', + name: 'Improper Handling of File Names that Identify Virtual Resources', + status: 'Draft', + }, + { id: 'CWE-662', name: 'Improper Synchronization', status: 'Draft' }, + { + id: 'CWE-663', + name: 'Use of a Non-reentrant Function in a Concurrent Context', + status: 'Draft', + }, + { + id: 'CWE-664', + name: 'Improper Control of a Resource Through its Lifetime', + status: 'Draft', + }, + { id: 'CWE-665', name: 'Improper Initialization', status: 'Draft' }, + { + id: 'CWE-666', + name: 'Operation on Resource in Wrong Phase of Lifetime', + status: 'Draft', + }, + { id: 'CWE-667', name: 'Improper Locking', status: 'Draft' }, + { + id: 'CWE-668', + name: 'Exposure of Resource to Wrong Sphere', + status: 'Draft', + }, + { + id: 'CWE-669', + name: 'Incorrect Resource Transfer Between Spheres', + status: 'Draft', + }, + { + id: 'CWE-67', + name: 'Improper Handling of Windows Device Names', + status: 'Incomplete', + }, + { + id: 'CWE-670', + name: 'Always-Incorrect Control Flow Implementation', + status: 'Draft', + }, + { + id: 'CWE-671', + name: 'Lack of Administrator Control over Security', + status: 'Draft', + }, + { + id: 'CWE-672', + name: 'Operation on a Resource after Expiration or Release', + status: 'Draft', + }, + { + id: 'CWE-673', + name: 'External Influence of Sphere Definition', + status: 'Draft', + }, + { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, + { + id: 'CWE-675', + name: 'Duplicate Operations on Resource', + status: 'Draft', + }, + { + id: 'CWE-676', + name: 'Use of Potentially Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-680', + name: 'Integer Overflow to Buffer Overflow', + status: 'Draft', + }, + { + id: 'CWE-681', + name: 'Incorrect Conversion between Numeric Types', + status: 'Draft', + }, + { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, + { + id: 'CWE-683', + name: 'Function Call With Incorrect Order of Arguments', + status: 'Draft', + }, + { + id: 'CWE-684', + name: 'Incorrect Provision of Specified Functionality', + status: 'Draft', + }, + { + id: 'CWE-685', + name: 'Function Call With Incorrect Number of Arguments', + status: 'Draft', + }, + { + id: 'CWE-686', + name: 'Function Call With Incorrect Argument Type', + status: 'Draft', + }, + { + id: 'CWE-687', + name: 'Function Call With Incorrectly Specified Argument Value', + status: 'Draft', + }, + { + id: 'CWE-688', + name: 'Function Call With Incorrect Variable or Reference as Argument', + status: 'Draft', + }, + { + id: 'CWE-689', + name: 'Permission Race Condition During Resource Copy', + status: 'Draft', + }, + { + id: 'CWE-69', + name: 'Improper Handling of Windows ::DATA Alternate Data Stream', + status: 'Incomplete', + }, + { + id: 'CWE-690', + name: 'Unchecked Return Value to NULL Pointer Dereference', + status: 'Draft', + }, + { + id: 'CWE-691', + name: 'Insufficient Control Flow Management', + status: 'Draft', + }, + { + id: 'CWE-692', + name: 'Incomplete Blacklist to Cross-Site Scripting', + status: 'Draft', + }, + { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, + { + id: 'CWE-694', + name: 'Use of Multiple Resources with Duplicate Identifier', + status: 'Incomplete', + }, + { + id: 'CWE-695', + name: 'Use of Low-Level Functionality', + status: 'Incomplete', + }, + { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, + { id: 'CWE-697', name: 'Incorrect Comparison', status: 'Incomplete' }, + { + id: 'CWE-698', + name: 'Execution After Redirect (EAR)', + status: 'Incomplete', + }, + { + id: 'CWE-7', + name: 'J2EE Misconfiguration: Missing Custom Error Page', + status: 'Incomplete', + }, + { + id: 'CWE-703', + name: 'Improper Check or Handling of Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-704', + name: 'Incorrect Type Conversion or Cast', + status: 'Incomplete', + }, + { + id: 'CWE-705', + name: 'Incorrect Control Flow Scoping', + status: 'Incomplete', + }, + { + id: 'CWE-706', + name: 'Use of Incorrectly-Resolved Name or Reference', + status: 'Incomplete', + }, + { + id: 'CWE-707', + name: 'Improper Enforcement of Message or Data Structure', + status: 'Incomplete', + }, + { + id: 'CWE-708', + name: 'Incorrect Ownership Assignment', + status: 'Incomplete', + }, + { + id: 'CWE-71', + name: "DEPRECATED: Apple '.DS_Store'", + status: 'Deprecated', + }, + { + id: 'CWE-710', + name: 'Improper Adherence to Coding Standards', + status: 'Incomplete', + }, + { + id: 'CWE-72', + name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', + status: 'Incomplete', + }, + { + id: 'CWE-73', + name: 'External Control of File Name or Path', + status: 'Draft', + }, + { + id: 'CWE-732', + name: 'Incorrect Permission Assignment for Critical Resource', + status: 'Draft', + }, + { + id: 'CWE-733', + name: 'Compiler Optimization Removal or Modification of Security-critical Code', + status: 'Incomplete', + }, + { + id: 'CWE-74', + name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-749', + name: 'Exposed Dangerous Method or Function', + status: 'Incomplete', + }, + { + id: 'CWE-75', + name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', + status: 'Draft', + }, + { + id: 'CWE-754', + name: 'Improper Check for Unusual or Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-755', + name: 'Improper Handling of Exceptional Conditions', + status: 'Incomplete', + }, + { id: 'CWE-756', name: 'Missing Custom Error Page', status: 'Incomplete' }, + { + id: 'CWE-757', + name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", + status: 'Incomplete', + }, + { + id: 'CWE-758', + name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', + status: 'Incomplete', + }, + { + id: 'CWE-759', + name: 'Use of a One-Way Hash without a Salt', + status: 'Incomplete', + }, + { + id: 'CWE-76', + name: 'Improper Neutralization of Equivalent Special Elements', + status: 'Draft', + }, + { + id: 'CWE-760', + name: 'Use of a One-Way Hash with a Predictable Salt', + status: 'Incomplete', + }, + { + id: 'CWE-761', + name: 'Free of Pointer not at Start of Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-762', + name: 'Mismatched Memory Management Routines', + status: 'Incomplete', + }, + { + id: 'CWE-763', + name: 'Release of Invalid Pointer or Reference', + status: 'Incomplete', + }, + { + id: 'CWE-764', + name: 'Multiple Locks of a Critical Resource', + status: 'Incomplete', + }, + { + id: 'CWE-765', + name: 'Multiple Unlocks of a Critical Resource', + status: 'Incomplete', + }, + { + id: 'CWE-766', + name: 'Critical Variable Declared Public', + status: 'Incomplete', + }, + { + id: 'CWE-767', + name: 'Access to Critical Private Variable via Public Method', + status: 'Incomplete', + }, + { + id: 'CWE-768', + name: 'Incorrect Short Circuit Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-769', + name: 'Uncontrolled File Descriptor Consumption', + status: 'Incomplete', + }, + { + id: 'CWE-77', + name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", + status: 'Draft', + }, + { + id: 'CWE-770', + name: 'Allocation of Resources Without Limits or Throttling', + status: 'Incomplete', + }, + { + id: 'CWE-771', + name: 'Missing Reference to Active Allocated Resource', + status: 'Incomplete', + }, + { + id: 'CWE-772', + name: 'Missing Release of Resource after Effective Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-773', + name: 'Missing Reference to Active File Descriptor or Handle', + status: 'Incomplete', + }, + { + id: 'CWE-774', + name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', + status: 'Incomplete', + }, + { + id: 'CWE-775', + name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-776', + name: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", + status: 'Draft', + }, + { + id: 'CWE-777', + name: 'Regular Expression without Anchors', + status: 'Incomplete', + }, + { id: 'CWE-778', name: 'Insufficient Logging', status: 'Draft' }, + { id: 'CWE-779', name: 'Logging of Excessive Data', status: 'Draft' }, + { + id: 'CWE-78', + name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", + status: 'Draft', + }, + { + id: 'CWE-780', + name: 'Use of RSA Algorithm without OAEP', + status: 'Incomplete', + }, + { + id: 'CWE-781', + name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', + status: 'Draft', + }, + { + id: 'CWE-782', + name: 'Exposed IOCTL with Insufficient Access Control', + status: 'Draft', + }, + { id: 'CWE-783', name: 'Operator Precedence Logic Error', status: 'Draft' }, + { + id: 'CWE-784', + name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', + status: 'Draft', + }, + { + id: 'CWE-785', + name: 'Use of Path Manipulation Function without Maximum-sized Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-786', + name: 'Access of Memory Location Before Start of Buffer', + status: 'Incomplete', + }, + { id: 'CWE-787', name: 'Out-of-bounds Write', status: 'Incomplete' }, + { + id: 'CWE-788', + name: 'Access of Memory Location After End of Buffer', + status: 'Incomplete', + }, + { id: 'CWE-789', name: 'Uncontrolled Memory Allocation', status: 'Draft' }, + { + id: 'CWE-79', + name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + status: 'Usable', + }, + { + id: 'CWE-790', + name: 'Improper Filtering of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-791', + name: 'Incomplete Filtering of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-792', + name: 'Incomplete Filtering of One or More Instances of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-793', + name: 'Only Filtering One Instance of a Special Element', + status: 'Incomplete', + }, + { + id: 'CWE-794', + name: 'Incomplete Filtering of Multiple Instances of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-795', + name: 'Only Filtering Special Elements at a Specified Location', + status: 'Incomplete', + }, + { + id: 'CWE-796', + name: 'Only Filtering Special Elements Relative to a Marker', + status: 'Incomplete', + }, + { + id: 'CWE-797', + name: 'Only Filtering Special Elements at an Absolute Position', + status: 'Incomplete', + }, + { + id: 'CWE-798', + name: 'Use of Hard-coded Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-799', + name: 'Improper Control of Interaction Frequency', + status: 'Incomplete', + }, + { + id: 'CWE-8', + name: 'J2EE Misconfiguration: Entity Bean Declared Remote', + status: 'Incomplete', + }, + { + id: 'CWE-80', + name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', + status: 'Incomplete', + }, + { id: 'CWE-804', name: 'Guessable CAPTCHA', status: 'Incomplete' }, + { + id: 'CWE-805', + name: 'Buffer Access with Incorrect Length Value', + status: 'Incomplete', + }, + { + id: 'CWE-806', + name: 'Buffer Access Using Size of Source Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-807', + name: 'Reliance on Untrusted Inputs in a Security Decision', + status: 'Incomplete', + }, + { + id: 'CWE-81', + name: 'Improper Neutralization of Script in an Error Message Web Page', + status: 'Incomplete', + }, + { + id: 'CWE-82', + name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', + status: 'Incomplete', + }, + { id: 'CWE-820', name: 'Missing Synchronization', status: 'Incomplete' }, + { id: 'CWE-821', name: 'Incorrect Synchronization', status: 'Incomplete' }, + { + id: 'CWE-822', + name: 'Untrusted Pointer Dereference', + status: 'Incomplete', + }, + { + id: 'CWE-823', + name: 'Use of Out-of-range Pointer Offset', + status: 'Incomplete', + }, + { + id: 'CWE-824', + name: 'Access of Uninitialized Pointer', + status: 'Incomplete', + }, + { + id: 'CWE-825', + name: 'Expired Pointer Dereference', + status: 'Incomplete', + }, + { + id: 'CWE-826', + name: 'Premature Release of Resource During Expected Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-827', + name: 'Improper Control of Document Type Definition', + status: 'Incomplete', + }, + { + id: 'CWE-828', + name: 'Signal Handler with Functionality that is not Asynchronous-Safe', + status: 'Incomplete', + }, + { + id: 'CWE-829', + name: 'Inclusion of Functionality from Untrusted Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-83', + name: 'Improper Neutralization of Script in Attributes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-830', + name: 'Inclusion of Web Functionality from an Untrusted Source', + status: 'Incomplete', + }, + { + id: 'CWE-831', + name: 'Signal Handler Function Associated with Multiple Signals', + status: 'Incomplete', + }, + { + id: 'CWE-832', + name: 'Unlock of a Resource that is not Locked', + status: 'Incomplete', + }, + { id: 'CWE-833', name: 'Deadlock', status: 'Incomplete' }, + { id: 'CWE-834', name: 'Excessive Iteration', status: 'Incomplete' }, + { + id: 'CWE-835', + name: "Loop with Unreachable Exit Condition ('Infinite Loop')", + status: 'Incomplete', + }, + { + id: 'CWE-836', + name: 'Use of Password Hash Instead of Password for Authentication', + status: 'Incomplete', + }, + { + id: 'CWE-837', + name: 'Improper Enforcement of a Single, Unique Action', + status: 'Incomplete', + }, + { + id: 'CWE-838', + name: 'Inappropriate Encoding for Output Context', + status: 'Incomplete', + }, + { + id: 'CWE-839', + name: 'Numeric Range Comparison Without Minimum Check', + status: 'Incomplete', + }, + { + id: 'CWE-84', + name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-841', + name: 'Improper Enforcement of Behavioral Workflow', + status: 'Incomplete', + }, + { + id: 'CWE-842', + name: 'Placement of User into Incorrect Group', + status: 'Incomplete', + }, + { + id: 'CWE-843', + name: "Access of Resource Using Incompatible Type ('Type Confusion')", + status: 'Incomplete', + }, + { + id: 'CWE-85', + name: 'Doubled Character XSS Manipulations', + status: 'Draft', + }, + { + id: 'CWE-86', + name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', + status: 'Draft', + }, + { id: 'CWE-862', name: 'Missing Authorization', status: 'Incomplete' }, + { id: 'CWE-863', name: 'Incorrect Authorization', status: 'Incomplete' }, + { + id: 'CWE-87', + name: 'Improper Neutralization of Alternate XSS Syntax', + status: 'Draft', + }, + { + id: 'CWE-88', + name: 'Argument Injection or Modification', + status: 'Draft', + }, + { + id: 'CWE-89', + name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + status: 'Draft', + }, + { + id: 'CWE-9', + name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', + status: 'Draft', + }, + { + id: 'CWE-90', + name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", + status: 'Draft', + }, + { + id: 'CWE-908', + name: 'Use of Uninitialized Resource', + status: 'Incomplete', + }, + { + id: 'CWE-909', + name: 'Missing Initialization of Resource', + status: 'Incomplete', + }, + { + id: 'CWE-91', + name: 'XML Injection (aka Blind XPath Injection)', + status: 'Draft', + }, + { + id: 'CWE-910', + name: 'Use of Expired File Descriptor', + status: 'Incomplete', + }, + { + id: 'CWE-911', + name: 'Improper Update of Reference Count', + status: 'Incomplete', + }, + { id: 'CWE-912', name: 'Hidden Functionality', status: 'Incomplete' }, + { + id: 'CWE-913', + name: 'Improper Control of Dynamically-Managed Code Resources', + status: 'Incomplete', + }, + { + id: 'CWE-914', + name: 'Improper Control of Dynamically-Identified Variables', + status: 'Incomplete', + }, + { + id: 'CWE-915', + name: 'Improperly Controlled Modification of Dynamically-Determined Object Attributes', + status: 'Incomplete', + }, + { + id: 'CWE-916', + name: 'Use of Password Hash With Insufficient Computational Effort', + status: 'Incomplete', + }, + { + id: 'CWE-917', + name: "Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-918', + name: 'Server-Side Request Forgery (SSRF)', + status: 'Incomplete', + }, + { + id: 'CWE-92', + name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', + status: 'Deprecated', + }, + { + id: 'CWE-920', + name: 'Improper Restriction of Power Consumption', + status: 'Incomplete', + }, + { + id: 'CWE-921', + name: 'Storage of Sensitive Data in a Mechanism without Access Control', + status: 'Incomplete', + }, + { + id: 'CWE-922', + name: 'Insecure Storage of Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-923', + name: 'Improper Restriction of Communication Channel to Intended Endpoints', + status: 'Incomplete', + }, + { + id: 'CWE-924', + name: 'Improper Enforcement of Message Integrity During Transmission in a Communication Channel', + status: 'Incomplete', + }, + { + id: 'CWE-925', + name: 'Improper Verification of Intent by Broadcast Receiver', + status: 'Incomplete', + }, + { + id: 'CWE-926', + name: 'Improper Export of Android Application Components', + status: 'Incomplete', + }, + { + id: 'CWE-927', + name: 'Use of Implicit Intent for Sensitive Communication', + status: 'Incomplete', + }, + { + id: 'CWE-93', + name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", + status: 'Draft', + }, + { + id: 'CWE-939', + name: 'Improper Authorization in Handler for Custom URL Scheme', + status: 'Incomplete', + }, + { + id: 'CWE-94', + name: "Improper Control of Generation of Code ('Code Injection')", + status: 'Draft', + }, + { + id: 'CWE-940', + name: 'Improper Verification of Source of a Communication Channel', + status: 'Incomplete', + }, + { + id: 'CWE-941', + name: 'Incorrectly Specified Destination in a Communication Channel', + status: 'Incomplete', + }, + { + id: 'CWE-942', + name: 'Overly Permissive Cross-domain Whitelist', + status: 'Incomplete', + }, + { + id: 'CWE-943', + name: 'Improper Neutralization of Special Elements in Data Query Logic', + status: 'Incomplete', + }, + { + id: 'CWE-95', + name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-96', + name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", + status: 'Draft', + }, + { + id: 'CWE-97', + name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', + status: 'Draft', + }, + { + id: 'CWE-98', + name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", + status: 'Draft', + }, + { + id: 'CWE-99', + name: "Improper Control of Resource Identifiers ('Resource Injection')", + status: 'Draft', + }, + ], +} diff --git a/lib/cwec/3.2.js b/lib/cwec/3.2.js new file mode 100644 index 00000000..6c06f284 --- /dev/null +++ b/lib/cwec/3.2.js @@ -0,0 +1,3524 @@ +export default { + date: '2019-01-03', + weaknesses: [ + { + id: 'CWE-1004', + name: "Sensitive Cookie Without 'HttpOnly' Flag", + status: 'Incomplete', + }, + { + id: 'CWE-1007', + name: 'Insufficient Visual Distinction of Homoglyphs Presented to User', + status: 'Incomplete', + }, + { + id: 'CWE-102', + name: 'Struts: Duplicate Validation Forms', + status: 'Incomplete', + }, + { + id: 'CWE-1021', + name: 'Improper Restriction of Rendered UI Layers or Frames', + status: 'Incomplete', + }, + { + id: 'CWE-1022', + name: 'Use of Web Link to Untrusted Target with window.opener Access', + status: 'Incomplete', + }, + { + id: 'CWE-1023', + name: 'Incomplete Comparison with Missing Factors', + status: 'Incomplete', + }, + { + id: 'CWE-1024', + name: 'Comparison of Incompatible Types', + status: 'Incomplete', + }, + { + id: 'CWE-1025', + name: 'Comparison Using Wrong Factors', + status: 'Incomplete', + }, + { + id: 'CWE-103', + name: 'Struts: Incomplete validate() Method Definition', + status: 'Draft', + }, + { + id: 'CWE-1037', + name: 'Processor Optimization Removal or Modification of Security-critical Code', + status: 'Incomplete', + }, + { + id: 'CWE-1038', + name: 'Insecure Automated Optimizations', + status: 'Draft', + }, + { + id: 'CWE-1039', + name: 'Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations', + status: 'Incomplete', + }, + { + id: 'CWE-104', + name: 'Struts: Form Bean Does Not Extend Validation Class', + status: 'Draft', + }, + { id: 'CWE-1041', name: 'Use of Redundant Code', status: 'Incomplete' }, + { + id: 'CWE-1042', + name: 'Static Member Data Element outside of a Singleton Class Element', + status: 'Incomplete', + }, + { + id: 'CWE-1043', + name: 'Data Element Aggregating an Excessively Large Number of Non-Primitive Elements', + status: 'Incomplete', + }, + { + id: 'CWE-1044', + name: 'Architecture with Number of Horizontal Layers Outside of Expected Range', + status: 'Incomplete', + }, + { + id: 'CWE-1045', + name: 'Parent Class with a Virtual Destructor and a Child Class without a Virtual Destructor', + status: 'Incomplete', + }, + { + id: 'CWE-1046', + name: 'Creation of Immutable Text Using String Concatenation', + status: 'Incomplete', + }, + { + id: 'CWE-1047', + name: 'Modules with Circular Dependencies', + status: 'Incomplete', + }, + { + id: 'CWE-1048', + name: 'Invokable Control Element with Large Number of Outward Calls', + status: 'Incomplete', + }, + { + id: 'CWE-1049', + name: 'Excessive Data Query Operations in a Large Data Table', + status: 'Incomplete', + }, + { + id: 'CWE-105', + name: 'Struts: Form Field Without Validator', + status: 'Draft', + }, + { + id: 'CWE-1050', + name: 'Excessive Platform Resource Consumption within a Loop', + status: 'Incomplete', + }, + { + id: 'CWE-1051', + name: 'Initialization with Hard-Coded Network Resource Configuration Data', + status: 'Incomplete', + }, + { + id: 'CWE-1052', + name: 'Excessive Use of Hard-Coded Literals in Initialization', + status: 'Incomplete', + }, + { + id: 'CWE-1053', + name: 'Missing Documentation for Design', + status: 'Incomplete', + }, + { + id: 'CWE-1054', + name: 'Invocation of a Control Element at an Unnecessarily Deep Horizontal Layer', + status: 'Incomplete', + }, + { + id: 'CWE-1055', + name: 'Multiple Inheritance from Concrete Classes', + status: 'Incomplete', + }, + { + id: 'CWE-1056', + name: 'Invokable Control Element with Variadic Parameters', + status: 'Incomplete', + }, + { + id: 'CWE-1057', + name: 'Data Access Operations Outside of Expected Data Manager Component', + status: 'Incomplete', + }, + { + id: 'CWE-1058', + name: 'Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element', + status: 'Incomplete', + }, + { id: 'CWE-1059', name: 'Incomplete Documentation', status: 'Incomplete' }, + { + id: 'CWE-106', + name: 'Struts: Plug-in Framework not in Use', + status: 'Draft', + }, + { + id: 'CWE-1060', + name: 'Excessive Number of Inefficient Server-Side Data Accesses', + status: 'Incomplete', + }, + { + id: 'CWE-1061', + name: 'Insufficient Encapsulation', + status: 'Incomplete', + }, + { + id: 'CWE-1062', + name: 'Parent Class with References to Child Class', + status: 'Incomplete', + }, + { + id: 'CWE-1063', + name: 'Creation of Class Instance within a Static Code Block', + status: 'Incomplete', + }, + { + id: 'CWE-1064', + name: 'Invokable Control Element with Signature Containing an Excessive Number of Parameters', + status: 'Incomplete', + }, + { + id: 'CWE-1065', + name: 'Runtime Resource Management Control Element in a Component Built to Run on Application Servers', + status: 'Incomplete', + }, + { + id: 'CWE-1066', + name: 'Missing Serialization Control Element', + status: 'Incomplete', + }, + { + id: 'CWE-1067', + name: 'Excessive Execution of Sequential Searches of Data Resource', + status: 'Incomplete', + }, + { + id: 'CWE-1068', + name: 'Inconsistency Between Implementation and Documented Design', + status: 'Incomplete', + }, + { id: 'CWE-1069', name: 'Empty Exception Block', status: 'Incomplete' }, + { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, + { + id: 'CWE-1070', + name: 'Serializable Data Element Containing non-Serializable Item Elements', + status: 'Incomplete', + }, + { id: 'CWE-1071', name: 'Empty Code Block', status: 'Incomplete' }, + { + id: 'CWE-1072', + name: 'Data Resource Access without Use of Connection Pooling', + status: 'Incomplete', + }, + { + id: 'CWE-1073', + name: 'Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses', + status: 'Incomplete', + }, + { + id: 'CWE-1074', + name: 'Class with Excessively Deep Inheritance', + status: 'Incomplete', + }, + { + id: 'CWE-1075', + name: 'Unconditional Control Flow Transfer outside of Switch Block', + status: 'Incomplete', + }, + { + id: 'CWE-1076', + name: 'Insufficient Adherence to Expected Conventions', + status: 'Incomplete', + }, + { + id: 'CWE-1077', + name: 'Floating Point Comparison with Incorrect Operator', + status: 'Incomplete', + }, + { + id: 'CWE-1078', + name: 'Inappropriate Source Code Style or Formatting', + status: 'Incomplete', + }, + { + id: 'CWE-1079', + name: 'Parent Class without Virtual Destructor Method', + status: 'Incomplete', + }, + { + id: 'CWE-108', + name: 'Struts: Unvalidated Action Form', + status: 'Incomplete', + }, + { + id: 'CWE-1080', + name: 'Source Code File with Excessive Number of Lines of Code', + status: 'Incomplete', + }, + { + id: 'CWE-1082', + name: 'Class Instance Self Destruction Control Element', + status: 'Incomplete', + }, + { + id: 'CWE-1083', + name: 'Data Access from Outside Expected Data Manager Component', + status: 'Incomplete', + }, + { + id: 'CWE-1084', + name: 'Invokable Control Element with Excessive File or Data Access Operations', + status: 'Incomplete', + }, + { + id: 'CWE-1085', + name: 'Invokable Control Element with Excessive Volume of Commented-out Code', + status: 'Incomplete', + }, + { + id: 'CWE-1086', + name: 'Class with Excessive Number of Child Classes', + status: 'Incomplete', + }, + { + id: 'CWE-1087', + name: 'Class with Virtual Method without a Virtual Destructor', + status: 'Incomplete', + }, + { + id: 'CWE-1088', + name: 'Synchronous Access of Remote Resource without Timeout', + status: 'Incomplete', + }, + { + id: 'CWE-1089', + name: 'Large Data Table with Excessive Number of Indices', + status: 'Incomplete', + }, + { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, + { + id: 'CWE-1090', + name: 'Method Containing Access of a Member Element from Another Class', + status: 'Incomplete', + }, + { + id: 'CWE-1091', + name: 'Use of Object without Invoking Destructor Method', + status: 'Incomplete', + }, + { + id: 'CWE-1092', + name: 'Use of Same Invokable Control Element in Multiple Architectural Layers', + status: 'Incomplete', + }, + { + id: 'CWE-1093', + name: 'Excessively Complex Data Representation', + status: 'Incomplete', + }, + { + id: 'CWE-1094', + name: 'Excessive Index Range Scan for a Data Resource', + status: 'Incomplete', + }, + { + id: 'CWE-1095', + name: 'Loop Condition Value Update within the Loop', + status: 'Incomplete', + }, + { + id: 'CWE-1096', + name: 'Singleton Class Instance Creation without Proper Locking or Synchronization', + status: 'Incomplete', + }, + { + id: 'CWE-1097', + name: 'Persistent Storable Data Element without Associated Comparison Control Element', + status: 'Incomplete', + }, + { + id: 'CWE-1098', + name: 'Data Element containing Pointer Item without Proper Copy Control Element', + status: 'Incomplete', + }, + { + id: 'CWE-1099', + name: 'Inconsistent Naming Conventions for Identifiers', + status: 'Incomplete', + }, + { + id: 'CWE-11', + name: 'ASP.NET Misconfiguration: Creating Debug Binary', + status: 'Draft', + }, + { + id: 'CWE-110', + name: 'Struts: Validator Without Form Field', + status: 'Draft', + }, + { + id: 'CWE-1100', + name: 'Insufficient Isolation of System-Dependent Functions', + status: 'Incomplete', + }, + { + id: 'CWE-1101', + name: 'Reliance on Runtime Component in Generated Code', + status: 'Incomplete', + }, + { + id: 'CWE-1102', + name: 'Reliance on Machine-Dependent Data Representation', + status: 'Incomplete', + }, + { + id: 'CWE-1103', + name: 'Use of Platform-Dependent Third Party Components', + status: 'Incomplete', + }, + { + id: 'CWE-1104', + name: 'Use of Unmaintained Third Party Components', + status: 'Incomplete', + }, + { + id: 'CWE-1105', + name: 'Insufficient Encapsulation of Machine-Dependent Functionality', + status: 'Incomplete', + }, + { + id: 'CWE-1106', + name: 'Insufficient Use of Symbolic Constants', + status: 'Incomplete', + }, + { + id: 'CWE-1107', + name: 'Insufficient Isolation of Symbolic Constant Definitions', + status: 'Incomplete', + }, + { + id: 'CWE-1108', + name: 'Excessive Reliance on Global Variables', + status: 'Incomplete', + }, + { + id: 'CWE-1109', + name: 'Use of Same Variable for Multiple Purposes', + status: 'Incomplete', + }, + { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, + { + id: 'CWE-1110', + name: 'Incomplete Design Documentation', + status: 'Incomplete', + }, + { + id: 'CWE-1111', + name: 'Incomplete I/O Documentation', + status: 'Incomplete', + }, + { + id: 'CWE-1112', + name: 'Incomplete Documentation of Program Execution', + status: 'Incomplete', + }, + { + id: 'CWE-1113', + name: 'Inappropriate Comment Style', + status: 'Incomplete', + }, + { + id: 'CWE-1114', + name: 'Inappropriate Whitespace Style', + status: 'Incomplete', + }, + { + id: 'CWE-1115', + name: 'Source Code Element without Standard Prologue', + status: 'Incomplete', + }, + { id: 'CWE-1116', name: 'Inaccurate Comments', status: 'Incomplete' }, + { + id: 'CWE-1117', + name: 'Callable with Insufficient Behavioral Summary', + status: 'Incomplete', + }, + { + id: 'CWE-1118', + name: 'Insufficient Documentation of Error Handling Techniques', + status: 'Incomplete', + }, + { + id: 'CWE-1119', + name: 'Excessive Use of Unconditional Branching', + status: 'Incomplete', + }, + { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, + { id: 'CWE-1120', name: 'Excessive Code Complexity', status: 'Incomplete' }, + { + id: 'CWE-1121', + name: 'Excessive McCabe Cyclomatic Complexity', + status: 'Incomplete', + }, + { + id: 'CWE-1122', + name: 'Excessive Halstead Complexity', + status: 'Incomplete', + }, + { + id: 'CWE-1123', + name: 'Excessive Use of Self-Modifying Code', + status: 'Incomplete', + }, + { id: 'CWE-1124', name: 'Excessively Deep Nesting', status: 'Incomplete' }, + { id: 'CWE-1125', name: 'Excessive Attack Surface', status: 'Incomplete' }, + { + id: 'CWE-1126', + name: 'Declaration of Variable with Unnecessarily Wide Scope', + status: 'Incomplete', + }, + { + id: 'CWE-1127', + name: 'Compilation with Insufficient Warnings or Errors', + status: 'Incomplete', + }, + { + id: 'CWE-113', + name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')", + status: 'Incomplete', + }, + { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, + { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, + { + id: 'CWE-116', + name: 'Improper Encoding or Escaping of Output', + status: 'Draft', + }, + { id: 'CWE-1164', name: 'Irrelevant Code', status: 'Incomplete' }, + { + id: 'CWE-117', + name: 'Improper Output Neutralization for Logs', + status: 'Draft', + }, + { + id: 'CWE-1173', + name: 'Improper Use of Validation Framework', + status: 'Draft', + }, + { + id: 'CWE-1174', + name: 'ASP.NET Misconfiguration: Improper Model Validation', + status: 'Draft', + }, + { + id: 'CWE-1176', + name: 'Inefficient CPU Computation', + status: 'Incomplete', + }, + { id: 'CWE-1177', name: 'Use of Prohibited Code', status: 'Incomplete' }, + { + id: 'CWE-118', + name: "Incorrect Access of Indexable Resource ('Range Error')", + status: 'Incomplete', + }, + { + id: 'CWE-119', + name: 'Improper Restriction of Operations within the Bounds of a Memory Buffer', + status: 'Usable', + }, + { + id: 'CWE-12', + name: 'ASP.NET Misconfiguration: Missing Custom Error Page', + status: 'Draft', + }, + { + id: 'CWE-120', + name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", + status: 'Incomplete', + }, + { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, + { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, + { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, + { + id: 'CWE-124', + name: "Buffer Underwrite ('Buffer Underflow')", + status: 'Incomplete', + }, + { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, + { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, + { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, + { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, + { + id: 'CWE-129', + name: 'Improper Validation of Array Index', + status: 'Draft', + }, + { + id: 'CWE-13', + name: 'ASP.NET Misconfiguration: Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-130', + name: 'Improper Handling of Length Parameter Inconsistency ', + status: 'Incomplete', + }, + { + id: 'CWE-131', + name: 'Incorrect Calculation of Buffer Size', + status: 'Draft', + }, + { + id: 'CWE-132', + name: 'DEPRECATED (Duplicate): Miscalculated Null Termination', + status: 'Deprecated', + }, + { + id: 'CWE-134', + name: 'Use of Externally-Controlled Format String', + status: 'Draft', + }, + { + id: 'CWE-135', + name: 'Incorrect Calculation of Multi-Byte String Length', + status: 'Draft', + }, + { + id: 'CWE-138', + name: 'Improper Neutralization of Special Elements', + status: 'Draft', + }, + { + id: 'CWE-14', + name: 'Compiler Removal of Code to Clear Buffers', + status: 'Draft', + }, + { + id: 'CWE-140', + name: 'Improper Neutralization of Delimiters', + status: 'Draft', + }, + { + id: 'CWE-141', + name: 'Improper Neutralization of Parameter/Argument Delimiters', + status: 'Draft', + }, + { + id: 'CWE-142', + name: 'Improper Neutralization of Value Delimiters', + status: 'Draft', + }, + { + id: 'CWE-143', + name: 'Improper Neutralization of Record Delimiters', + status: 'Draft', + }, + { + id: 'CWE-144', + name: 'Improper Neutralization of Line Delimiters', + status: 'Draft', + }, + { + id: 'CWE-145', + name: 'Improper Neutralization of Section Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-146', + name: 'Improper Neutralization of Expression/Command Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-147', + name: 'Improper Neutralization of Input Terminators', + status: 'Draft', + }, + { + id: 'CWE-148', + name: 'Improper Neutralization of Input Leaders', + status: 'Draft', + }, + { + id: 'CWE-149', + name: 'Improper Neutralization of Quoting Syntax', + status: 'Draft', + }, + { + id: 'CWE-15', + name: 'External Control of System or Configuration Setting', + status: 'Incomplete', + }, + { + id: 'CWE-150', + name: 'Improper Neutralization of Escape, Meta, or Control Sequences', + status: 'Incomplete', + }, + { + id: 'CWE-151', + name: 'Improper Neutralization of Comment Delimiters', + status: 'Draft', + }, + { + id: 'CWE-152', + name: 'Improper Neutralization of Macro Symbols', + status: 'Draft', + }, + { + id: 'CWE-153', + name: 'Improper Neutralization of Substitution Characters', + status: 'Draft', + }, + { + id: 'CWE-154', + name: 'Improper Neutralization of Variable Name Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-155', + name: 'Improper Neutralization of Wildcards or Matching Symbols', + status: 'Draft', + }, + { + id: 'CWE-156', + name: 'Improper Neutralization of Whitespace', + status: 'Draft', + }, + { + id: 'CWE-157', + name: 'Failure to Sanitize Paired Delimiters', + status: 'Draft', + }, + { + id: 'CWE-158', + name: 'Improper Neutralization of Null Byte or NUL Character', + status: 'Incomplete', + }, + { + id: 'CWE-159', + name: 'Failure to Sanitize Special Element', + status: 'Draft', + }, + { + id: 'CWE-160', + name: 'Improper Neutralization of Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-161', + name: 'Improper Neutralization of Multiple Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-162', + name: 'Improper Neutralization of Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-163', + name: 'Improper Neutralization of Multiple Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-164', + name: 'Improper Neutralization of Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-165', + name: 'Improper Neutralization of Multiple Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-166', + name: 'Improper Handling of Missing Special Element', + status: 'Draft', + }, + { + id: 'CWE-167', + name: 'Improper Handling of Additional Special Element', + status: 'Draft', + }, + { + id: 'CWE-168', + name: 'Improper Handling of Inconsistent Special Elements', + status: 'Draft', + }, + { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, + { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, + { + id: 'CWE-173', + name: 'Improper Handling of Alternate Encoding', + status: 'Draft', + }, + { + id: 'CWE-174', + name: 'Double Decoding of the Same Data', + status: 'Draft', + }, + { + id: 'CWE-175', + name: 'Improper Handling of Mixed Encoding', + status: 'Draft', + }, + { + id: 'CWE-176', + name: 'Improper Handling of Unicode Encoding', + status: 'Draft', + }, + { + id: 'CWE-177', + name: 'Improper Handling of URL Encoding (Hex Encoding)', + status: 'Draft', + }, + { + id: 'CWE-178', + name: 'Improper Handling of Case Sensitivity', + status: 'Incomplete', + }, + { + id: 'CWE-179', + name: 'Incorrect Behavior Order: Early Validation', + status: 'Incomplete', + }, + { + id: 'CWE-180', + name: 'Incorrect Behavior Order: Validate Before Canonicalize', + status: 'Draft', + }, + { + id: 'CWE-181', + name: 'Incorrect Behavior Order: Validate Before Filter', + status: 'Draft', + }, + { + id: 'CWE-182', + name: 'Collapse of Data into Unsafe Value', + status: 'Draft', + }, + { id: 'CWE-183', name: 'Permissive Whitelist', status: 'Draft' }, + { id: 'CWE-184', name: 'Incomplete Blacklist', status: 'Draft' }, + { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, + { + id: 'CWE-186', + name: 'Overly Restrictive Regular Expression', + status: 'Draft', + }, + { id: 'CWE-187', name: 'Partial String Comparison', status: 'Incomplete' }, + { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, + { + id: 'CWE-190', + name: 'Integer Overflow or Wraparound', + status: 'Incomplete', + }, + { + id: 'CWE-191', + name: 'Integer Underflow (Wrap or Wraparound)', + status: 'Draft', + }, + { id: 'CWE-192', name: 'Integer Coercion Error', status: 'Incomplete' }, + { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, + { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, + { + id: 'CWE-195', + name: 'Signed to Unsigned Conversion Error', + status: 'Draft', + }, + { + id: 'CWE-196', + name: 'Unsigned to Signed Conversion Error', + status: 'Draft', + }, + { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, + { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, + { id: 'CWE-20', name: 'Improper Input Validation', status: 'Usable' }, + { id: 'CWE-200', name: 'Information Exposure', status: 'Incomplete' }, + { + id: 'CWE-201', + name: 'Information Exposure Through Sent Data', + status: 'Draft', + }, + { + id: 'CWE-202', + name: 'Exposure of Sensitive Data Through Data Queries', + status: 'Draft', + }, + { + id: 'CWE-203', + name: 'Information Exposure Through Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-204', + name: 'Response Discrepancy Information Exposure', + status: 'Incomplete', + }, + { + id: 'CWE-205', + name: 'Information Exposure Through Behavioral Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-206', + name: 'Information Exposure of Internal State Through Behavioral Inconsistency', + status: 'Incomplete', + }, + { + id: 'CWE-207', + name: 'Information Exposure Through an External Behavioral Inconsistency', + status: 'Draft', + }, + { + id: 'CWE-208', + name: 'Information Exposure Through Timing Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-209', + name: 'Information Exposure Through an Error Message', + status: 'Draft', + }, + { + id: 'CWE-210', + name: 'Information Exposure Through Self-generated Error Message', + status: 'Draft', + }, + { + id: 'CWE-211', + name: 'Information Exposure Through Externally-Generated Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-212', + name: 'Improper Cross-boundary Removal of Sensitive Data', + status: 'Incomplete', + }, + { + id: 'CWE-213', + name: 'Intentional Information Exposure', + status: 'Draft', + }, + { + id: 'CWE-214', + name: 'Information Exposure Through Process Environment', + status: 'Incomplete', + }, + { + id: 'CWE-215', + name: 'Information Exposure Through Debug Information', + status: 'Draft', + }, + { + id: 'CWE-216', + name: 'Containment Errors (Container Errors)', + status: 'Incomplete', + }, + { + id: 'CWE-217', + name: 'DEPRECATED: Failure to Protect Stored Data from Modification', + status: 'Deprecated', + }, + { + id: 'CWE-218', + name: 'DEPRECATED (Duplicate): Failure to provide confidentiality for stored data', + status: 'Deprecated', + }, + { id: 'CWE-219', name: 'Sensitive Data Under Web Root', status: 'Draft' }, + { + id: 'CWE-22', + name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + status: 'Draft', + }, + { id: 'CWE-220', name: 'Sensitive Data Under FTP Root', status: 'Draft' }, + { + id: 'CWE-221', + name: 'Information Loss or Omission', + status: 'Incomplete', + }, + { + id: 'CWE-222', + name: 'Truncation of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-223', + name: 'Omission of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-224', + name: 'Obscured Security-relevant Information by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-225', + name: 'DEPRECATED (Duplicate): General Information Management Problems', + status: 'Deprecated', + }, + { + id: 'CWE-226', + name: 'Sensitive Information Uncleared Before Release', + status: 'Draft', + }, + { + id: 'CWE-228', + name: 'Improper Handling of Syntactically Invalid Structure', + status: 'Incomplete', + }, + { + id: 'CWE-229', + name: 'Improper Handling of Values', + status: 'Incomplete', + }, + { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, + { + id: 'CWE-230', + name: 'Improper Handling of Missing Values', + status: 'Draft', + }, + { + id: 'CWE-231', + name: 'Improper Handling of Extra Values', + status: 'Draft', + }, + { + id: 'CWE-232', + name: 'Improper Handling of Undefined Values', + status: 'Draft', + }, + { + id: 'CWE-233', + name: 'Improper Handling of Parameters', + status: 'Incomplete', + }, + { + id: 'CWE-234', + name: 'Failure to Handle Missing Parameter', + status: 'Incomplete', + }, + { + id: 'CWE-235', + name: 'Improper Handling of Extra Parameters', + status: 'Draft', + }, + { + id: 'CWE-236', + name: 'Improper Handling of Undefined Parameters', + status: 'Draft', + }, + { + id: 'CWE-237', + name: 'Improper Handling of Structural Elements', + status: 'Incomplete', + }, + { + id: 'CWE-238', + name: 'Improper Handling of Incomplete Structural Elements', + status: 'Draft', + }, + { + id: 'CWE-239', + name: 'Failure to Handle Incomplete Element', + status: 'Draft', + }, + { + id: 'CWE-24', + name: "Path Traversal: '../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-240', + name: 'Improper Handling of Inconsistent Structural Elements', + status: 'Draft', + }, + { + id: 'CWE-241', + name: 'Improper Handling of Unexpected Data Type', + status: 'Draft', + }, + { + id: 'CWE-242', + name: 'Use of Inherently Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-243', + name: 'Creation of chroot Jail Without Changing Working Directory', + status: 'Draft', + }, + { + id: 'CWE-244', + name: "Improper Clearing of Heap Memory Before Release ('Heap Inspection')", + status: 'Draft', + }, + { + id: 'CWE-245', + name: 'J2EE Bad Practices: Direct Management of Connections', + status: 'Draft', + }, + { + id: 'CWE-246', + name: 'J2EE Bad Practices: Direct Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-247', + name: 'DEPRECATED (Duplicate): Reliance on DNS Lookups in a Security Decision', + status: 'Deprecated', + }, + { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, + { + id: 'CWE-249', + name: 'DEPRECATED: Often Misused: Path Manipulation', + status: 'Deprecated', + }, + { + id: 'CWE-25', + name: "Path Traversal: '/../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-250', + name: 'Execution with Unnecessary Privileges', + status: 'Draft', + }, + { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, + { + id: 'CWE-253', + name: 'Incorrect Check of Function Return Value', + status: 'Incomplete', + }, + { + id: 'CWE-256', + name: 'Unprotected Storage of Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-257', + name: 'Storing Passwords in a Recoverable Format', + status: 'Incomplete', + }, + { + id: 'CWE-258', + name: 'Empty Password in Configuration File', + status: 'Incomplete', + }, + { id: 'CWE-259', name: 'Use of Hard-coded Password', status: 'Draft' }, + { + id: 'CWE-26', + name: "Path Traversal: '/dir/../filename'", + status: 'Draft', + }, + { + id: 'CWE-260', + name: 'Password in Configuration File', + status: 'Incomplete', + }, + { + id: 'CWE-261', + name: 'Weak Cryptography for Passwords', + status: 'Incomplete', + }, + { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, + { + id: 'CWE-263', + name: 'Password Aging with Long Expiration', + status: 'Draft', + }, + { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, + { + id: 'CWE-267', + name: 'Privilege Defined With Unsafe Actions', + status: 'Incomplete', + }, + { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, + { + id: 'CWE-269', + name: 'Improper Privilege Management', + status: 'Incomplete', + }, + { + id: 'CWE-27', + name: "Path Traversal: 'dir/../../filename'", + status: 'Draft', + }, + { + id: 'CWE-270', + name: 'Privilege Context Switching Error', + status: 'Draft', + }, + { + id: 'CWE-271', + name: 'Privilege Dropping / Lowering Errors', + status: 'Incomplete', + }, + { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, + { + id: 'CWE-273', + name: 'Improper Check for Dropped Privileges', + status: 'Incomplete', + }, + { + id: 'CWE-274', + name: 'Improper Handling of Insufficient Privileges', + status: 'Draft', + }, + { id: 'CWE-276', name: 'Incorrect Default Permissions', status: 'Draft' }, + { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, + { + id: 'CWE-278', + name: 'Insecure Preserved Inherited Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-279', + name: 'Incorrect Execution-Assigned Permissions', + status: 'Draft', + }, + { + id: 'CWE-28', + name: "Path Traversal: '..\\filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-280', + name: 'Improper Handling of Insufficient Permissions or Privileges ', + status: 'Draft', + }, + { + id: 'CWE-281', + name: 'Improper Preservation of Permissions', + status: 'Draft', + }, + { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, + { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, + { id: 'CWE-284', name: 'Improper Access Control', status: 'Incomplete' }, + { id: 'CWE-285', name: 'Improper Authorization', status: 'Draft' }, + { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, + { id: 'CWE-287', name: 'Improper Authentication', status: 'Draft' }, + { + id: 'CWE-288', + name: 'Authentication Bypass Using an Alternate Path or Channel', + status: 'Incomplete', + }, + { + id: 'CWE-289', + name: 'Authentication Bypass by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-29', + name: "Path Traversal: '\\..\\filename'", + status: 'Incomplete', + }, + { + id: 'CWE-290', + name: 'Authentication Bypass by Spoofing', + status: 'Incomplete', + }, + { + id: 'CWE-291', + name: 'Reliance on IP Address for Authentication', + status: 'Incomplete', + }, + { + id: 'CWE-292', + name: 'DEPRECATED (Duplicate): Trusting Self-reported DNS Name', + status: 'Deprecated', + }, + { + id: 'CWE-293', + name: 'Using Referer Field for Authentication', + status: 'Draft', + }, + { + id: 'CWE-294', + name: 'Authentication Bypass by Capture-replay', + status: 'Incomplete', + }, + { + id: 'CWE-295', + name: 'Improper Certificate Validation', + status: 'Incomplete', + }, + { + id: 'CWE-296', + name: "Improper Following of a Certificate's Chain of Trust", + status: 'Draft', + }, + { + id: 'CWE-297', + name: 'Improper Validation of Certificate with Host Mismatch', + status: 'Incomplete', + }, + { + id: 'CWE-298', + name: 'Improper Validation of Certificate Expiration', + status: 'Draft', + }, + { + id: 'CWE-299', + name: 'Improper Check for Certificate Revocation', + status: 'Draft', + }, + { + id: 'CWE-30', + name: "Path Traversal: '\\dir\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-300', + name: "Channel Accessible by Non-Endpoint ('Man-in-the-Middle')", + status: 'Draft', + }, + { + id: 'CWE-301', + name: 'Reflection Attack in an Authentication Protocol', + status: 'Draft', + }, + { + id: 'CWE-302', + name: 'Authentication Bypass by Assumed-Immutable Data', + status: 'Incomplete', + }, + { + id: 'CWE-303', + name: 'Incorrect Implementation of Authentication Algorithm', + status: 'Draft', + }, + { + id: 'CWE-304', + name: 'Missing Critical Step in Authentication', + status: 'Draft', + }, + { + id: 'CWE-305', + name: 'Authentication Bypass by Primary Weakness', + status: 'Draft', + }, + { + id: 'CWE-306', + name: 'Missing Authentication for Critical Function', + status: 'Draft', + }, + { + id: 'CWE-307', + name: 'Improper Restriction of Excessive Authentication Attempts', + status: 'Draft', + }, + { + id: 'CWE-308', + name: 'Use of Single-factor Authentication', + status: 'Draft', + }, + { + id: 'CWE-309', + name: 'Use of Password System for Primary Authentication', + status: 'Draft', + }, + { + id: 'CWE-31', + name: "Path Traversal: 'dir\\..\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-311', + name: 'Missing Encryption of Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-312', + name: 'Cleartext Storage of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-313', + name: 'Cleartext Storage in a File or on Disk', + status: 'Draft', + }, + { + id: 'CWE-314', + name: 'Cleartext Storage in the Registry', + status: 'Draft', + }, + { + id: 'CWE-315', + name: 'Cleartext Storage of Sensitive Information in a Cookie', + status: 'Draft', + }, + { + id: 'CWE-316', + name: 'Cleartext Storage of Sensitive Information in Memory', + status: 'Draft', + }, + { + id: 'CWE-317', + name: 'Cleartext Storage of Sensitive Information in GUI', + status: 'Draft', + }, + { + id: 'CWE-318', + name: 'Cleartext Storage of Sensitive Information in Executable', + status: 'Draft', + }, + { + id: 'CWE-319', + name: 'Cleartext Transmission of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-32', + name: "Path Traversal: '...' (Triple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-321', + name: 'Use of Hard-coded Cryptographic Key', + status: 'Draft', + }, + { + id: 'CWE-322', + name: 'Key Exchange without Entity Authentication', + status: 'Draft', + }, + { + id: 'CWE-323', + name: 'Reusing a Nonce, Key Pair in Encryption', + status: 'Incomplete', + }, + { + id: 'CWE-324', + name: 'Use of a Key Past its Expiration Date', + status: 'Draft', + }, + { + id: 'CWE-325', + name: 'Missing Required Cryptographic Step', + status: 'Incomplete', + }, + { id: 'CWE-326', name: 'Inadequate Encryption Strength', status: 'Draft' }, + { + id: 'CWE-327', + name: 'Use of a Broken or Risky Cryptographic Algorithm', + status: 'Draft', + }, + { id: 'CWE-328', name: 'Reversible One-Way Hash', status: 'Draft' }, + { + id: 'CWE-329', + name: 'Not Using a Random IV with CBC Mode', + status: 'Draft', + }, + { + id: 'CWE-33', + name: "Path Traversal: '....' (Multiple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-330', + name: 'Use of Insufficiently Random Values', + status: 'Usable', + }, + { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, + { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, + { + id: 'CWE-333', + name: 'Improper Handling of Insufficient Entropy in TRNG', + status: 'Draft', + }, + { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, + { + id: 'CWE-335', + name: 'Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + }, + { + id: 'CWE-336', + name: 'Same Seed in Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + }, + { + id: 'CWE-337', + name: 'Predictable Seed in Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + }, + { + id: 'CWE-338', + name: 'Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + }, + { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, + { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, + { id: 'CWE-340', name: 'Predictability Problems', status: 'Incomplete' }, + { + id: 'CWE-341', + name: 'Predictable from Observable State', + status: 'Draft', + }, + { + id: 'CWE-342', + name: 'Predictable Exact Value from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-343', + name: 'Predictable Value Range from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-344', + name: 'Use of Invariant Value in Dynamically Changing Context', + status: 'Draft', + }, + { + id: 'CWE-345', + name: 'Insufficient Verification of Data Authenticity', + status: 'Draft', + }, + { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, + { + id: 'CWE-347', + name: 'Improper Verification of Cryptographic Signature', + status: 'Draft', + }, + { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, + { + id: 'CWE-349', + name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', + status: 'Draft', + }, + { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, + { + id: 'CWE-350', + name: 'Reliance on Reverse DNS Resolution for a Security-Critical Action', + status: 'Draft', + }, + { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, + { + id: 'CWE-352', + name: 'Cross-Site Request Forgery (CSRF)', + status: 'Draft', + }, + { + id: 'CWE-353', + name: 'Missing Support for Integrity Check', + status: 'Draft', + }, + { + id: 'CWE-354', + name: 'Improper Validation of Integrity Check Value', + status: 'Draft', + }, + { + id: 'CWE-356', + name: 'Product UI does not Warn User of Unsafe Actions', + status: 'Incomplete', + }, + { + id: 'CWE-357', + name: 'Insufficient UI Warning of Dangerous Operations', + status: 'Draft', + }, + { + id: 'CWE-358', + name: 'Improperly Implemented Security Check for Standard', + status: 'Draft', + }, + { + id: 'CWE-359', + name: "Exposure of Private Information ('Privacy Violation')", + status: 'Incomplete', + }, + { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, + { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, + { + id: 'CWE-362', + name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", + status: 'Draft', + }, + { + id: 'CWE-363', + name: 'Race Condition Enabling Link Following', + status: 'Draft', + }, + { + id: 'CWE-364', + name: 'Signal Handler Race Condition', + status: 'Incomplete', + }, + { id: 'CWE-365', name: 'Race Condition in Switch', status: 'Draft' }, + { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, + { + id: 'CWE-367', + name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', + status: 'Incomplete', + }, + { + id: 'CWE-368', + name: 'Context Switching Race Condition', + status: 'Draft', + }, + { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, + { + id: 'CWE-37', + name: "Path Traversal: '/absolute/pathname/here'", + status: 'Draft', + }, + { + id: 'CWE-370', + name: 'Missing Check for Certificate Revocation after Initial Check', + status: 'Draft', + }, + { + id: 'CWE-372', + name: 'Incomplete Internal State Distinction', + status: 'Draft', + }, + { + id: 'CWE-373', + name: 'DEPRECATED: State Synchronization Error', + status: 'Deprecated', + }, + { + id: 'CWE-374', + name: 'Passing Mutable Objects to an Untrusted Method', + status: 'Draft', + }, + { + id: 'CWE-375', + name: 'Returning a Mutable Object to an Untrusted Caller', + status: 'Draft', + }, + { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, + { + id: 'CWE-378', + name: 'Creation of Temporary File With Insecure Permissions', + status: 'Draft', + }, + { + id: 'CWE-379', + name: 'Creation of Temporary File in Directory with Incorrect Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-38', + name: "Path Traversal: '\\absolute\\pathname\\here'", + status: 'Draft', + }, + { + id: 'CWE-382', + name: 'J2EE Bad Practices: Use of System.exit()', + status: 'Draft', + }, + { + id: 'CWE-383', + name: 'J2EE Bad Practices: Direct Use of Threads', + status: 'Draft', + }, + { id: 'CWE-384', name: 'Session Fixation', status: 'Incomplete' }, + { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, + { + id: 'CWE-386', + name: 'Symbolic Name not Mapping to Correct Object', + status: 'Draft', + }, + { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, + { + id: 'CWE-390', + name: 'Detection of Error Condition Without Action', + status: 'Draft', + }, + { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, + { + id: 'CWE-392', + name: 'Missing Report of Error Condition', + status: 'Draft', + }, + { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, + { + id: 'CWE-394', + name: 'Unexpected Status Code or Return Value', + status: 'Draft', + }, + { + id: 'CWE-395', + name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', + status: 'Draft', + }, + { + id: 'CWE-396', + name: 'Declaration of Catch for Generic Exception', + status: 'Draft', + }, + { + id: 'CWE-397', + name: 'Declaration of Throws for Generic Exception', + status: 'Draft', + }, + { + id: 'CWE-40', + name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", + status: 'Draft', + }, + { + id: 'CWE-400', + name: 'Uncontrolled Resource Consumption', + status: 'Incomplete', + }, + { + id: 'CWE-401', + name: 'Improper Release of Memory Before Removing Last Reference', + status: 'Draft', + }, + { + id: 'CWE-402', + name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", + status: 'Draft', + }, + { + id: 'CWE-403', + name: "Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')", + status: 'Draft', + }, + { + id: 'CWE-404', + name: 'Improper Resource Shutdown or Release', + status: 'Draft', + }, + { + id: 'CWE-405', + name: 'Asymmetric Resource Consumption (Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-406', + name: 'Insufficient Control of Network Message Volume (Network Amplification)', + status: 'Incomplete', + }, + { id: 'CWE-407', name: 'Algorithmic Complexity', status: 'Incomplete' }, + { + id: 'CWE-408', + name: 'Incorrect Behavior Order: Early Amplification', + status: 'Draft', + }, + { + id: 'CWE-409', + name: 'Improper Handling of Highly Compressed Data (Data Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-41', + name: 'Improper Resolution of Path Equivalence', + status: 'Incomplete', + }, + { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, + { + id: 'CWE-412', + name: 'Unrestricted Externally Accessible Lock', + status: 'Incomplete', + }, + { id: 'CWE-413', name: 'Improper Resource Locking', status: 'Draft' }, + { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, + { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, + { id: 'CWE-416', name: 'Use After Free', status: 'Draft' }, + { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, + { + id: 'CWE-42', + name: "Path Equivalence: 'filename.' (Trailing Dot)", + status: 'Incomplete', + }, + { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, + { + id: 'CWE-421', + name: 'Race Condition During Access to Alternate Channel', + status: 'Draft', + }, + { + id: 'CWE-422', + name: "Unprotected Windows Messaging Channel ('Shatter')", + status: 'Draft', + }, + { + id: 'CWE-423', + name: 'DEPRECATED (Duplicate): Proxied Trusted Channel', + status: 'Deprecated', + }, + { + id: 'CWE-424', + name: 'Improper Protection of Alternate Path', + status: 'Draft', + }, + { + id: 'CWE-425', + name: "Direct Request ('Forced Browsing')", + status: 'Incomplete', + }, + { id: 'CWE-426', name: 'Untrusted Search Path', status: 'Draft' }, + { + id: 'CWE-427', + name: 'Uncontrolled Search Path Element', + status: 'Draft', + }, + { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, + { + id: 'CWE-43', + name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-430', + name: 'Deployment of Wrong Handler', + status: 'Incomplete', + }, + { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, + { + id: 'CWE-432', + name: 'Dangerous Signal Handler not Disabled During Sensitive Operations', + status: 'Draft', + }, + { + id: 'CWE-433', + name: 'Unparsed Raw Web Content Delivery', + status: 'Incomplete', + }, + { + id: 'CWE-434', + name: 'Unrestricted Upload of File with Dangerous Type', + status: 'Draft', + }, + { + id: 'CWE-435', + name: 'Improper Interaction Between Multiple Correctly-Behaving Entities', + status: 'Draft', + }, + { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, + { + id: 'CWE-437', + name: 'Incomplete Model of Endpoint Features', + status: 'Incomplete', + }, + { + id: 'CWE-439', + name: 'Behavioral Change in New Version or Environment', + status: 'Draft', + }, + { + id: 'CWE-44', + name: "Path Equivalence: 'file.name' (Internal Dot)", + status: 'Incomplete', + }, + { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, + { + id: 'CWE-441', + name: "Unintended Proxy or Intermediary ('Confused Deputy')", + status: 'Draft', + }, + { + id: 'CWE-443', + name: 'DEPRECATED (Duplicate): HTTP response splitting', + status: 'Deprecated', + }, + { + id: 'CWE-444', + name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')", + status: 'Incomplete', + }, + { + id: 'CWE-446', + name: 'UI Discrepancy for Security Feature', + status: 'Incomplete', + }, + { + id: 'CWE-447', + name: 'Unimplemented or Unsupported Feature in UI', + status: 'Draft', + }, + { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, + { + id: 'CWE-449', + name: 'The UI Performs the Wrong Action', + status: 'Incomplete', + }, + { + id: 'CWE-45', + name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-450', + name: 'Multiple Interpretations of UI Input', + status: 'Draft', + }, + { + id: 'CWE-451', + name: 'User Interface (UI) Misrepresentation of Critical Information', + status: 'Draft', + }, + { + id: 'CWE-453', + name: 'Insecure Default Variable Initialization', + status: 'Draft', + }, + { + id: 'CWE-454', + name: 'External Initialization of Trusted Variables or Data Stores', + status: 'Draft', + }, + { + id: 'CWE-455', + name: 'Non-exit on Failed Initialization', + status: 'Draft', + }, + { + id: 'CWE-456', + name: 'Missing Initialization of a Variable', + status: 'Draft', + }, + { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, + { + id: 'CWE-458', + name: 'DEPRECATED: Incorrect Initialization', + status: 'Deprecated', + }, + { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, + { + id: 'CWE-46', + name: "Path Equivalence: 'filename ' (Trailing Space)", + status: 'Incomplete', + }, + { + id: 'CWE-460', + name: 'Improper Cleanup on Thrown Exception', + status: 'Draft', + }, + { + id: 'CWE-462', + name: 'Duplicate Key in Associative List (Alist)', + status: 'Incomplete', + }, + { + id: 'CWE-463', + name: 'Deletion of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-464', + name: 'Addition of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-466', + name: 'Return of Pointer Value Outside of Expected Range', + status: 'Draft', + }, + { + id: 'CWE-467', + name: 'Use of sizeof() on a Pointer Type', + status: 'Draft', + }, + { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, + { + id: 'CWE-469', + name: 'Use of Pointer Subtraction to Determine Size', + status: 'Draft', + }, + { + id: 'CWE-47', + name: "Path Equivalence: ' filename' (Leading Space)", + status: 'Incomplete', + }, + { + id: 'CWE-470', + name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", + status: 'Draft', + }, + { + id: 'CWE-471', + name: 'Modification of Assumed-Immutable Data (MAID)', + status: 'Draft', + }, + { + id: 'CWE-472', + name: 'External Control of Assumed-Immutable Web Parameter', + status: 'Draft', + }, + { + id: 'CWE-473', + name: 'PHP External Variable Modification', + status: 'Draft', + }, + { + id: 'CWE-474', + name: 'Use of Function with Inconsistent Implementations', + status: 'Draft', + }, + { + id: 'CWE-475', + name: 'Undefined Behavior for Input to API', + status: 'Incomplete', + }, + { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Draft' }, + { id: 'CWE-477', name: 'Use of Obsolete Function', status: 'Draft' }, + { + id: 'CWE-478', + name: 'Missing Default Case in Switch Statement', + status: 'Draft', + }, + { + id: 'CWE-479', + name: 'Signal Handler Use of a Non-reentrant Function', + status: 'Draft', + }, + { + id: 'CWE-48', + name: "Path Equivalence: 'file name' (Internal Whitespace)", + status: 'Incomplete', + }, + { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, + { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, + { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, + { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, + { + id: 'CWE-484', + name: 'Omitted Break Statement in Switch', + status: 'Draft', + }, + { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, + { + id: 'CWE-487', + name: 'Reliance on Package-level Scope', + status: 'Incomplete', + }, + { + id: 'CWE-488', + name: 'Exposure of Data Element to Wrong Session', + status: 'Draft', + }, + { id: 'CWE-489', name: 'Leftover Debug Code', status: 'Draft' }, + { + id: 'CWE-49', + name: "Path Equivalence: 'filename/' (Trailing Slash)", + status: 'Incomplete', + }, + { + id: 'CWE-491', + name: "Public cloneable() Method Without Final ('Object Hijack')", + status: 'Draft', + }, + { + id: 'CWE-492', + name: 'Use of Inner Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-493', + name: 'Critical Public Variable Without Final Modifier', + status: 'Draft', + }, + { + id: 'CWE-494', + name: 'Download of Code Without Integrity Check', + status: 'Draft', + }, + { + id: 'CWE-495', + name: 'Private Data Structure Returned From A Public Method', + status: 'Draft', + }, + { + id: 'CWE-496', + name: 'Public Data Assigned to Private Array-Typed Field', + status: 'Incomplete', + }, + { + id: 'CWE-497', + name: 'Exposure of System Data to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-498', + name: 'Cloneable Class Containing Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-499', + name: 'Serializable Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-5', + name: 'J2EE Misconfiguration: Data Transmission Without Encryption', + status: 'Draft', + }, + { + id: 'CWE-50', + name: "Path Equivalence: '//multiple/leading/slash'", + status: 'Incomplete', + }, + { + id: 'CWE-500', + name: 'Public Static Field Not Marked Final', + status: 'Draft', + }, + { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, + { + id: 'CWE-502', + name: 'Deserialization of Untrusted Data', + status: 'Draft', + }, + { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, + { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, + { + id: 'CWE-508', + name: 'Non-Replicating Malicious Code', + status: 'Incomplete', + }, + { + id: 'CWE-509', + name: 'Replicating Malicious Code (Virus or Worm)', + status: 'Incomplete', + }, + { + id: 'CWE-51', + name: "Path Equivalence: '/multiple//internal/slash'", + status: 'Incomplete', + }, + { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, + { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, + { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, + { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, + { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, + { + id: 'CWE-516', + name: 'DEPRECATED (Duplicate): Covert Timing Channel', + status: 'Deprecated', + }, + { + id: 'CWE-52', + name: "Path Equivalence: '/multiple/trailing/slash//'", + status: 'Incomplete', + }, + { + id: 'CWE-520', + name: '.NET Misconfiguration: Use of Impersonation', + status: 'Incomplete', + }, + { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, + { + id: 'CWE-522', + name: 'Insufficiently Protected Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-523', + name: 'Unprotected Transport of Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-524', + name: 'Information Exposure Through Caching', + status: 'Incomplete', + }, + { + id: 'CWE-525', + name: 'Information Exposure Through Browser Caching', + status: 'Incomplete', + }, + { + id: 'CWE-526', + name: 'Information Exposure Through Environmental Variables', + status: 'Incomplete', + }, + { + id: 'CWE-527', + name: 'Exposure of CVS Repository to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-528', + name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', + status: 'Draft', + }, + { + id: 'CWE-529', + name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-53', + name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", + status: 'Incomplete', + }, + { + id: 'CWE-530', + name: 'Exposure of Backup File to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-531', + name: 'Information Exposure Through Test Code', + status: 'Incomplete', + }, + { + id: 'CWE-532', + name: 'Information Exposure Through Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-533', + name: 'DEPRECATED: Information Exposure Through Server Log Files', + status: 'Deprecated', + }, + { + id: 'CWE-534', + name: 'DEPRECATED: Information Exposure Through Debug Log Files', + status: 'Deprecated', + }, + { + id: 'CWE-535', + name: 'Information Exposure Through Shell Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-536', + name: 'Information Exposure Through Servlet Runtime Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-537', + name: 'Information Exposure Through Java Runtime Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-538', + name: 'File and Directory Information Exposure', + status: 'Draft', + }, + { + id: 'CWE-539', + name: 'Information Exposure Through Persistent Cookies', + status: 'Incomplete', + }, + { + id: 'CWE-54', + name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", + status: 'Incomplete', + }, + { + id: 'CWE-540', + name: 'Information Exposure Through Source Code', + status: 'Incomplete', + }, + { + id: 'CWE-541', + name: 'Information Exposure Through Include Source Code', + status: 'Incomplete', + }, + { + id: 'CWE-542', + name: 'DEPRECATED: Information Exposure Through Cleanup Log Files', + status: 'Deprecated', + }, + { + id: 'CWE-543', + name: 'Use of Singleton Pattern Without Synchronization in a Multithreaded Context', + status: 'Incomplete', + }, + { + id: 'CWE-544', + name: 'Missing Standardized Error Handling Mechanism', + status: 'Draft', + }, + { + id: 'CWE-545', + name: 'DEPRECATED: Use of Dynamic Class Loading', + status: 'Deprecated', + }, + { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, + { + id: 'CWE-547', + name: 'Use of Hard-coded, Security-relevant Constants', + status: 'Draft', + }, + { + id: 'CWE-548', + name: 'Information Exposure Through Directory Listing', + status: 'Draft', + }, + { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, + { + id: 'CWE-55', + name: "Path Equivalence: '/./' (Single Dot Directory)", + status: 'Incomplete', + }, + { + id: 'CWE-550', + name: 'Information Exposure Through Server Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-551', + name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', + status: 'Incomplete', + }, + { + id: 'CWE-552', + name: 'Files or Directories Accessible to External Parties', + status: 'Draft', + }, + { + id: 'CWE-553', + name: 'Command Shell in Externally Accessible Directory', + status: 'Incomplete', + }, + { + id: 'CWE-554', + name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', + status: 'Draft', + }, + { + id: 'CWE-555', + name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-556', + name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', + status: 'Incomplete', + }, + { + id: 'CWE-558', + name: 'Use of getlogin() in Multithreaded Application', + status: 'Draft', + }, + { + id: 'CWE-56', + name: "Path Equivalence: 'filedir*' (Wildcard)", + status: 'Incomplete', + }, + { + id: 'CWE-560', + name: 'Use of umask() with chmod-style Argument', + status: 'Draft', + }, + { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, + { + id: 'CWE-562', + name: 'Return of Stack Variable Address', + status: 'Draft', + }, + { + id: 'CWE-563', + name: 'Assignment to Variable without Use', + status: 'Draft', + }, + { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, + { + id: 'CWE-565', + name: 'Reliance on Cookies without Validation and Integrity Checking', + status: 'Incomplete', + }, + { + id: 'CWE-566', + name: 'Authorization Bypass Through User-Controlled SQL Primary Key', + status: 'Incomplete', + }, + { + id: 'CWE-567', + name: 'Unsynchronized Access to Shared Data in a Multithreaded Context', + status: 'Draft', + }, + { + id: 'CWE-568', + name: 'finalize() Method Without super.finalize()', + status: 'Draft', + }, + { + id: 'CWE-57', + name: "Path Equivalence: 'fakedir/../realdir/filename'", + status: 'Incomplete', + }, + { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, + { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, + { + id: 'CWE-572', + name: 'Call to Thread run() instead of start()', + status: 'Draft', + }, + { + id: 'CWE-573', + name: 'Improper Following of Specification by Caller', + status: 'Draft', + }, + { + id: 'CWE-574', + name: 'EJB Bad Practices: Use of Synchronization Primitives', + status: 'Draft', + }, + { + id: 'CWE-575', + name: 'EJB Bad Practices: Use of AWT Swing', + status: 'Draft', + }, + { + id: 'CWE-576', + name: 'EJB Bad Practices: Use of Java I/O', + status: 'Draft', + }, + { + id: 'CWE-577', + name: 'EJB Bad Practices: Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-578', + name: 'EJB Bad Practices: Use of Class Loader', + status: 'Draft', + }, + { + id: 'CWE-579', + name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', + status: 'Draft', + }, + { + id: 'CWE-58', + name: 'Path Equivalence: Windows 8.3 Filename', + status: 'Incomplete', + }, + { + id: 'CWE-580', + name: 'clone() Method Without super.clone()', + status: 'Draft', + }, + { + id: 'CWE-581', + name: 'Object Model Violation: Just One of Equals and Hashcode Defined', + status: 'Draft', + }, + { + id: 'CWE-582', + name: 'Array Declared Public, Final, and Static', + status: 'Draft', + }, + { + id: 'CWE-583', + name: 'finalize() Method Declared Public', + status: 'Incomplete', + }, + { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, + { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, + { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, + { + id: 'CWE-587', + name: 'Assignment of a Fixed Address to a Pointer', + status: 'Draft', + }, + { + id: 'CWE-588', + name: 'Attempt to Access Child of a Non-structure Pointer', + status: 'Incomplete', + }, + { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, + { + id: 'CWE-59', + name: "Improper Link Resolution Before File Access ('Link Following')", + status: 'Draft', + }, + { + id: 'CWE-590', + name: 'Free of Memory not on the Heap', + status: 'Incomplete', + }, + { + id: 'CWE-591', + name: 'Sensitive Data Storage in Improperly Locked Memory', + status: 'Draft', + }, + { + id: 'CWE-592', + name: 'DEPRECATED: Authentication Bypass Issues', + status: 'Deprecated', + }, + { + id: 'CWE-593', + name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', + status: 'Draft', + }, + { + id: 'CWE-594', + name: 'J2EE Framework: Saving Unserializable Objects to Disk', + status: 'Incomplete', + }, + { + id: 'CWE-595', + name: 'Comparison of Object References Instead of Object Contents', + status: 'Incomplete', + }, + { + id: 'CWE-596', + name: 'DEPRECATED: Incorrect Semantic Object Comparison', + status: 'Deprecated', + }, + { + id: 'CWE-597', + name: 'Use of Wrong Operator in String Comparison', + status: 'Draft', + }, + { + id: 'CWE-598', + name: 'Information Exposure Through Query Strings in GET Request', + status: 'Draft', + }, + { + id: 'CWE-599', + name: 'Missing Validation of OpenSSL Certificate', + status: 'Incomplete', + }, + { + id: 'CWE-6', + name: 'J2EE Misconfiguration: Insufficient Session-ID Length', + status: 'Incomplete', + }, + { id: 'CWE-600', name: 'Uncaught Exception in Servlet ', status: 'Draft' }, + { + id: 'CWE-601', + name: "URL Redirection to Untrusted Site ('Open Redirect')", + status: 'Draft', + }, + { + id: 'CWE-602', + name: 'Client-Side Enforcement of Server-Side Security', + status: 'Draft', + }, + { + id: 'CWE-603', + name: 'Use of Client-Side Authentication', + status: 'Draft', + }, + { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, + { + id: 'CWE-606', + name: 'Unchecked Input for Loop Condition', + status: 'Draft', + }, + { + id: 'CWE-607', + name: 'Public Static Final Field References Mutable Object', + status: 'Draft', + }, + { + id: 'CWE-608', + name: 'Struts: Non-private Field in ActionForm Class', + status: 'Draft', + }, + { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, + { + id: 'CWE-61', + name: 'UNIX Symbolic Link (Symlink) Following', + status: 'Incomplete', + }, + { + id: 'CWE-610', + name: 'Externally Controlled Reference to a Resource in Another Sphere', + status: 'Draft', + }, + { + id: 'CWE-611', + name: "Improper Restriction of XML External Entity Reference ('XXE')", + status: 'Draft', + }, + { + id: 'CWE-612', + name: 'Information Exposure Through Indexing of Private Data', + status: 'Draft', + }, + { + id: 'CWE-613', + name: 'Insufficient Session Expiration', + status: 'Incomplete', + }, + { + id: 'CWE-614', + name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", + status: 'Draft', + }, + { + id: 'CWE-615', + name: 'Information Exposure Through Comments', + status: 'Incomplete', + }, + { + id: 'CWE-616', + name: 'Incomplete Identification of Uploaded File Variables (PHP)', + status: 'Incomplete', + }, + { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, + { + id: 'CWE-618', + name: 'Exposed Unsafe ActiveX Method', + status: 'Incomplete', + }, + { + id: 'CWE-619', + name: "Dangling Database Cursor ('Cursor Injection')", + status: 'Incomplete', + }, + { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, + { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, + { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, + { + id: 'CWE-622', + name: 'Improper Validation of Function Hook Arguments', + status: 'Draft', + }, + { + id: 'CWE-623', + name: 'Unsafe ActiveX Control Marked Safe For Scripting', + status: 'Draft', + }, + { + id: 'CWE-624', + name: 'Executable Regular Expression Error', + status: 'Incomplete', + }, + { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, + { + id: 'CWE-626', + name: 'Null Byte Interaction Error (Poison Null Byte)', + status: 'Draft', + }, + { + id: 'CWE-627', + name: 'Dynamic Variable Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-628', + name: 'Function Call with Incorrectly Specified Arguments', + status: 'Draft', + }, + { + id: 'CWE-636', + name: "Not Failing Securely ('Failing Open')", + status: 'Draft', + }, + { + id: 'CWE-637', + name: "Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')", + status: 'Draft', + }, + { id: 'CWE-638', name: 'Not Using Complete Mediation', status: 'Draft' }, + { + id: 'CWE-639', + name: 'Authorization Bypass Through User-Controlled Key', + status: 'Incomplete', + }, + { + id: 'CWE-64', + name: 'Windows Shortcut Following (.LNK)', + status: 'Incomplete', + }, + { + id: 'CWE-640', + name: 'Weak Password Recovery Mechanism for Forgotten Password', + status: 'Incomplete', + }, + { + id: 'CWE-641', + name: 'Improper Restriction of Names for Files and Other Resources', + status: 'Incomplete', + }, + { + id: 'CWE-642', + name: 'External Control of Critical State Data', + status: 'Draft', + }, + { + id: 'CWE-643', + name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-644', + name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', + status: 'Incomplete', + }, + { + id: 'CWE-645', + name: 'Overly Restrictive Account Lockout Mechanism', + status: 'Incomplete', + }, + { + id: 'CWE-646', + name: 'Reliance on File Name or Extension of Externally-Supplied File', + status: 'Incomplete', + }, + { + id: 'CWE-647', + name: 'Use of Non-Canonical URL Paths for Authorization Decisions', + status: 'Incomplete', + }, + { + id: 'CWE-648', + name: 'Incorrect Use of Privileged APIs', + status: 'Incomplete', + }, + { + id: 'CWE-649', + name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', + status: 'Incomplete', + }, + { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, + { + id: 'CWE-650', + name: 'Trusting HTTP Permission Methods on the Server Side', + status: 'Incomplete', + }, + { + id: 'CWE-651', + name: 'Information Exposure Through WSDL File', + status: 'Incomplete', + }, + { + id: 'CWE-652', + name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-653', + name: 'Insufficient Compartmentalization', + status: 'Draft', + }, + { + id: 'CWE-654', + name: 'Reliance on a Single Factor in a Security Decision', + status: 'Draft', + }, + { + id: 'CWE-655', + name: 'Insufficient Psychological Acceptability', + status: 'Draft', + }, + { + id: 'CWE-656', + name: 'Reliance on Security Through Obscurity', + status: 'Draft', + }, + { + id: 'CWE-657', + name: 'Violation of Secure Design Principles', + status: 'Draft', + }, + { + id: 'CWE-66', + name: 'Improper Handling of File Names that Identify Virtual Resources', + status: 'Draft', + }, + { id: 'CWE-662', name: 'Improper Synchronization', status: 'Draft' }, + { + id: 'CWE-663', + name: 'Use of a Non-reentrant Function in a Concurrent Context', + status: 'Draft', + }, + { + id: 'CWE-664', + name: 'Improper Control of a Resource Through its Lifetime', + status: 'Draft', + }, + { id: 'CWE-665', name: 'Improper Initialization', status: 'Draft' }, + { + id: 'CWE-666', + name: 'Operation on Resource in Wrong Phase of Lifetime', + status: 'Draft', + }, + { id: 'CWE-667', name: 'Improper Locking', status: 'Draft' }, + { + id: 'CWE-668', + name: 'Exposure of Resource to Wrong Sphere', + status: 'Draft', + }, + { + id: 'CWE-669', + name: 'Incorrect Resource Transfer Between Spheres', + status: 'Draft', + }, + { + id: 'CWE-67', + name: 'Improper Handling of Windows Device Names', + status: 'Incomplete', + }, + { + id: 'CWE-670', + name: 'Always-Incorrect Control Flow Implementation', + status: 'Draft', + }, + { + id: 'CWE-671', + name: 'Lack of Administrator Control over Security', + status: 'Draft', + }, + { + id: 'CWE-672', + name: 'Operation on a Resource after Expiration or Release', + status: 'Draft', + }, + { + id: 'CWE-673', + name: 'External Influence of Sphere Definition', + status: 'Draft', + }, + { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, + { + id: 'CWE-675', + name: 'Duplicate Operations on Resource', + status: 'Draft', + }, + { + id: 'CWE-676', + name: 'Use of Potentially Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-680', + name: 'Integer Overflow to Buffer Overflow', + status: 'Draft', + }, + { + id: 'CWE-681', + name: 'Incorrect Conversion between Numeric Types', + status: 'Draft', + }, + { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, + { + id: 'CWE-683', + name: 'Function Call With Incorrect Order of Arguments', + status: 'Draft', + }, + { + id: 'CWE-684', + name: 'Incorrect Provision of Specified Functionality', + status: 'Draft', + }, + { + id: 'CWE-685', + name: 'Function Call With Incorrect Number of Arguments', + status: 'Draft', + }, + { + id: 'CWE-686', + name: 'Function Call With Incorrect Argument Type', + status: 'Draft', + }, + { + id: 'CWE-687', + name: 'Function Call With Incorrectly Specified Argument Value', + status: 'Draft', + }, + { + id: 'CWE-688', + name: 'Function Call With Incorrect Variable or Reference as Argument', + status: 'Draft', + }, + { + id: 'CWE-689', + name: 'Permission Race Condition During Resource Copy', + status: 'Draft', + }, + { + id: 'CWE-69', + name: 'Improper Handling of Windows ::DATA Alternate Data Stream', + status: 'Incomplete', + }, + { + id: 'CWE-690', + name: 'Unchecked Return Value to NULL Pointer Dereference', + status: 'Draft', + }, + { + id: 'CWE-691', + name: 'Insufficient Control Flow Management', + status: 'Draft', + }, + { + id: 'CWE-692', + name: 'Incomplete Blacklist to Cross-Site Scripting', + status: 'Draft', + }, + { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, + { + id: 'CWE-694', + name: 'Use of Multiple Resources with Duplicate Identifier', + status: 'Incomplete', + }, + { + id: 'CWE-695', + name: 'Use of Low-Level Functionality', + status: 'Incomplete', + }, + { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, + { id: 'CWE-697', name: 'Incorrect Comparison', status: 'Incomplete' }, + { + id: 'CWE-698', + name: 'Execution After Redirect (EAR)', + status: 'Incomplete', + }, + { + id: 'CWE-7', + name: 'J2EE Misconfiguration: Missing Custom Error Page', + status: 'Incomplete', + }, + { + id: 'CWE-703', + name: 'Improper Check or Handling of Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-704', + name: 'Incorrect Type Conversion or Cast', + status: 'Incomplete', + }, + { + id: 'CWE-705', + name: 'Incorrect Control Flow Scoping', + status: 'Incomplete', + }, + { + id: 'CWE-706', + name: 'Use of Incorrectly-Resolved Name or Reference', + status: 'Incomplete', + }, + { + id: 'CWE-707', + name: 'Improper Enforcement of Message or Data Structure', + status: 'Incomplete', + }, + { + id: 'CWE-708', + name: 'Incorrect Ownership Assignment', + status: 'Incomplete', + }, + { + id: 'CWE-71', + name: "DEPRECATED: Apple '.DS_Store'", + status: 'Deprecated', + }, + { + id: 'CWE-710', + name: 'Improper Adherence to Coding Standards', + status: 'Incomplete', + }, + { + id: 'CWE-72', + name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', + status: 'Incomplete', + }, + { + id: 'CWE-73', + name: 'External Control of File Name or Path', + status: 'Draft', + }, + { + id: 'CWE-732', + name: 'Incorrect Permission Assignment for Critical Resource', + status: 'Draft', + }, + { + id: 'CWE-733', + name: 'Compiler Optimization Removal or Modification of Security-critical Code', + status: 'Incomplete', + }, + { + id: 'CWE-74', + name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-749', + name: 'Exposed Dangerous Method or Function', + status: 'Incomplete', + }, + { + id: 'CWE-75', + name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', + status: 'Draft', + }, + { + id: 'CWE-754', + name: 'Improper Check for Unusual or Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-755', + name: 'Improper Handling of Exceptional Conditions', + status: 'Incomplete', + }, + { id: 'CWE-756', name: 'Missing Custom Error Page', status: 'Incomplete' }, + { + id: 'CWE-757', + name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", + status: 'Incomplete', + }, + { + id: 'CWE-758', + name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', + status: 'Incomplete', + }, + { + id: 'CWE-759', + name: 'Use of a One-Way Hash without a Salt', + status: 'Incomplete', + }, + { + id: 'CWE-76', + name: 'Improper Neutralization of Equivalent Special Elements', + status: 'Draft', + }, + { + id: 'CWE-760', + name: 'Use of a One-Way Hash with a Predictable Salt', + status: 'Incomplete', + }, + { + id: 'CWE-761', + name: 'Free of Pointer not at Start of Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-762', + name: 'Mismatched Memory Management Routines', + status: 'Incomplete', + }, + { + id: 'CWE-763', + name: 'Release of Invalid Pointer or Reference', + status: 'Incomplete', + }, + { + id: 'CWE-764', + name: 'Multiple Locks of a Critical Resource', + status: 'Incomplete', + }, + { + id: 'CWE-765', + name: 'Multiple Unlocks of a Critical Resource', + status: 'Incomplete', + }, + { + id: 'CWE-766', + name: 'Critical Data Element Declared Public', + status: 'Incomplete', + }, + { + id: 'CWE-767', + name: 'Access to Critical Private Variable via Public Method', + status: 'Incomplete', + }, + { + id: 'CWE-768', + name: 'Incorrect Short Circuit Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-769', + name: 'DEPRECATED: Uncontrolled File Descriptor Consumption', + status: 'Deprecated', + }, + { + id: 'CWE-77', + name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", + status: 'Draft', + }, + { + id: 'CWE-770', + name: 'Allocation of Resources Without Limits or Throttling', + status: 'Incomplete', + }, + { + id: 'CWE-771', + name: 'Missing Reference to Active Allocated Resource', + status: 'Incomplete', + }, + { + id: 'CWE-772', + name: 'Missing Release of Resource after Effective Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-773', + name: 'Missing Reference to Active File Descriptor or Handle', + status: 'Incomplete', + }, + { + id: 'CWE-774', + name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', + status: 'Incomplete', + }, + { + id: 'CWE-775', + name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-776', + name: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", + status: 'Draft', + }, + { + id: 'CWE-777', + name: 'Regular Expression without Anchors', + status: 'Incomplete', + }, + { id: 'CWE-778', name: 'Insufficient Logging', status: 'Draft' }, + { id: 'CWE-779', name: 'Logging of Excessive Data', status: 'Draft' }, + { + id: 'CWE-78', + name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", + status: 'Draft', + }, + { + id: 'CWE-780', + name: 'Use of RSA Algorithm without OAEP', + status: 'Incomplete', + }, + { + id: 'CWE-781', + name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', + status: 'Draft', + }, + { + id: 'CWE-782', + name: 'Exposed IOCTL with Insufficient Access Control', + status: 'Draft', + }, + { id: 'CWE-783', name: 'Operator Precedence Logic Error', status: 'Draft' }, + { + id: 'CWE-784', + name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', + status: 'Draft', + }, + { + id: 'CWE-785', + name: 'Use of Path Manipulation Function without Maximum-sized Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-786', + name: 'Access of Memory Location Before Start of Buffer', + status: 'Incomplete', + }, + { id: 'CWE-787', name: 'Out-of-bounds Write', status: 'Incomplete' }, + { + id: 'CWE-788', + name: 'Access of Memory Location After End of Buffer', + status: 'Incomplete', + }, + { id: 'CWE-789', name: 'Uncontrolled Memory Allocation', status: 'Draft' }, + { + id: 'CWE-79', + name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + status: 'Usable', + }, + { + id: 'CWE-790', + name: 'Improper Filtering of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-791', + name: 'Incomplete Filtering of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-792', + name: 'Incomplete Filtering of One or More Instances of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-793', + name: 'Only Filtering One Instance of a Special Element', + status: 'Incomplete', + }, + { + id: 'CWE-794', + name: 'Incomplete Filtering of Multiple Instances of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-795', + name: 'Only Filtering Special Elements at a Specified Location', + status: 'Incomplete', + }, + { + id: 'CWE-796', + name: 'Only Filtering Special Elements Relative to a Marker', + status: 'Incomplete', + }, + { + id: 'CWE-797', + name: 'Only Filtering Special Elements at an Absolute Position', + status: 'Incomplete', + }, + { + id: 'CWE-798', + name: 'Use of Hard-coded Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-799', + name: 'Improper Control of Interaction Frequency', + status: 'Incomplete', + }, + { + id: 'CWE-8', + name: 'J2EE Misconfiguration: Entity Bean Declared Remote', + status: 'Incomplete', + }, + { + id: 'CWE-80', + name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', + status: 'Incomplete', + }, + { id: 'CWE-804', name: 'Guessable CAPTCHA', status: 'Incomplete' }, + { + id: 'CWE-805', + name: 'Buffer Access with Incorrect Length Value', + status: 'Incomplete', + }, + { + id: 'CWE-806', + name: 'Buffer Access Using Size of Source Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-807', + name: 'Reliance on Untrusted Inputs in a Security Decision', + status: 'Incomplete', + }, + { + id: 'CWE-81', + name: 'Improper Neutralization of Script in an Error Message Web Page', + status: 'Incomplete', + }, + { + id: 'CWE-82', + name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', + status: 'Incomplete', + }, + { id: 'CWE-820', name: 'Missing Synchronization', status: 'Incomplete' }, + { id: 'CWE-821', name: 'Incorrect Synchronization', status: 'Incomplete' }, + { + id: 'CWE-822', + name: 'Untrusted Pointer Dereference', + status: 'Incomplete', + }, + { + id: 'CWE-823', + name: 'Use of Out-of-range Pointer Offset', + status: 'Incomplete', + }, + { + id: 'CWE-824', + name: 'Access of Uninitialized Pointer', + status: 'Incomplete', + }, + { + id: 'CWE-825', + name: 'Expired Pointer Dereference', + status: 'Incomplete', + }, + { + id: 'CWE-826', + name: 'Premature Release of Resource During Expected Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-827', + name: 'Improper Control of Document Type Definition', + status: 'Incomplete', + }, + { + id: 'CWE-828', + name: 'Signal Handler with Functionality that is not Asynchronous-Safe', + status: 'Incomplete', + }, + { + id: 'CWE-829', + name: 'Inclusion of Functionality from Untrusted Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-83', + name: 'Improper Neutralization of Script in Attributes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-830', + name: 'Inclusion of Web Functionality from an Untrusted Source', + status: 'Incomplete', + }, + { + id: 'CWE-831', + name: 'Signal Handler Function Associated with Multiple Signals', + status: 'Incomplete', + }, + { + id: 'CWE-832', + name: 'Unlock of a Resource that is not Locked', + status: 'Incomplete', + }, + { id: 'CWE-833', name: 'Deadlock', status: 'Incomplete' }, + { id: 'CWE-834', name: 'Excessive Iteration', status: 'Incomplete' }, + { + id: 'CWE-835', + name: "Loop with Unreachable Exit Condition ('Infinite Loop')", + status: 'Incomplete', + }, + { + id: 'CWE-836', + name: 'Use of Password Hash Instead of Password for Authentication', + status: 'Incomplete', + }, + { + id: 'CWE-837', + name: 'Improper Enforcement of a Single, Unique Action', + status: 'Incomplete', + }, + { + id: 'CWE-838', + name: 'Inappropriate Encoding for Output Context', + status: 'Incomplete', + }, + { + id: 'CWE-839', + name: 'Numeric Range Comparison Without Minimum Check', + status: 'Incomplete', + }, + { + id: 'CWE-84', + name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-841', + name: 'Improper Enforcement of Behavioral Workflow', + status: 'Incomplete', + }, + { + id: 'CWE-842', + name: 'Placement of User into Incorrect Group', + status: 'Incomplete', + }, + { + id: 'CWE-843', + name: "Access of Resource Using Incompatible Type ('Type Confusion')", + status: 'Incomplete', + }, + { + id: 'CWE-85', + name: 'Doubled Character XSS Manipulations', + status: 'Draft', + }, + { + id: 'CWE-86', + name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', + status: 'Draft', + }, + { id: 'CWE-862', name: 'Missing Authorization', status: 'Incomplete' }, + { id: 'CWE-863', name: 'Incorrect Authorization', status: 'Incomplete' }, + { + id: 'CWE-87', + name: 'Improper Neutralization of Alternate XSS Syntax', + status: 'Draft', + }, + { + id: 'CWE-88', + name: 'Argument Injection or Modification', + status: 'Draft', + }, + { + id: 'CWE-89', + name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + status: 'Draft', + }, + { + id: 'CWE-9', + name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', + status: 'Draft', + }, + { + id: 'CWE-90', + name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", + status: 'Draft', + }, + { + id: 'CWE-908', + name: 'Use of Uninitialized Resource', + status: 'Incomplete', + }, + { + id: 'CWE-909', + name: 'Missing Initialization of Resource', + status: 'Incomplete', + }, + { + id: 'CWE-91', + name: 'XML Injection (aka Blind XPath Injection)', + status: 'Draft', + }, + { + id: 'CWE-910', + name: 'Use of Expired File Descriptor', + status: 'Incomplete', + }, + { + id: 'CWE-911', + name: 'Improper Update of Reference Count', + status: 'Incomplete', + }, + { id: 'CWE-912', name: 'Hidden Functionality', status: 'Incomplete' }, + { + id: 'CWE-913', + name: 'Improper Control of Dynamically-Managed Code Resources', + status: 'Incomplete', + }, + { + id: 'CWE-914', + name: 'Improper Control of Dynamically-Identified Variables', + status: 'Incomplete', + }, + { + id: 'CWE-915', + name: 'Improperly Controlled Modification of Dynamically-Determined Object Attributes', + status: 'Incomplete', + }, + { + id: 'CWE-916', + name: 'Use of Password Hash With Insufficient Computational Effort', + status: 'Incomplete', + }, + { + id: 'CWE-917', + name: "Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-918', + name: 'Server-Side Request Forgery (SSRF)', + status: 'Incomplete', + }, + { + id: 'CWE-92', + name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', + status: 'Deprecated', + }, + { + id: 'CWE-920', + name: 'Improper Restriction of Power Consumption', + status: 'Incomplete', + }, + { + id: 'CWE-921', + name: 'Storage of Sensitive Data in a Mechanism without Access Control', + status: 'Incomplete', + }, + { + id: 'CWE-922', + name: 'Insecure Storage of Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-923', + name: 'Improper Restriction of Communication Channel to Intended Endpoints', + status: 'Incomplete', + }, + { + id: 'CWE-924', + name: 'Improper Enforcement of Message Integrity During Transmission in a Communication Channel', + status: 'Incomplete', + }, + { + id: 'CWE-925', + name: 'Improper Verification of Intent by Broadcast Receiver', + status: 'Incomplete', + }, + { + id: 'CWE-926', + name: 'Improper Export of Android Application Components', + status: 'Incomplete', + }, + { + id: 'CWE-927', + name: 'Use of Implicit Intent for Sensitive Communication', + status: 'Incomplete', + }, + { + id: 'CWE-93', + name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", + status: 'Draft', + }, + { + id: 'CWE-939', + name: 'Improper Authorization in Handler for Custom URL Scheme', + status: 'Incomplete', + }, + { + id: 'CWE-94', + name: "Improper Control of Generation of Code ('Code Injection')", + status: 'Draft', + }, + { + id: 'CWE-940', + name: 'Improper Verification of Source of a Communication Channel', + status: 'Incomplete', + }, + { + id: 'CWE-941', + name: 'Incorrectly Specified Destination in a Communication Channel', + status: 'Incomplete', + }, + { + id: 'CWE-942', + name: 'Overly Permissive Cross-domain Whitelist', + status: 'Incomplete', + }, + { + id: 'CWE-943', + name: 'Improper Neutralization of Special Elements in Data Query Logic', + status: 'Incomplete', + }, + { + id: 'CWE-95', + name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-96', + name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", + status: 'Draft', + }, + { + id: 'CWE-97', + name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', + status: 'Draft', + }, + { + id: 'CWE-98', + name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", + status: 'Draft', + }, + { + id: 'CWE-99', + name: "Improper Control of Resource Identifiers ('Resource Injection')", + status: 'Draft', + }, + ], +} diff --git a/lib/cwec/3.3.js b/lib/cwec/3.3.js new file mode 100644 index 00000000..fb5ea747 --- /dev/null +++ b/lib/cwec/3.3.js @@ -0,0 +1,3538 @@ +export default { + date: '2019-06-20', + weaknesses: [ + { + id: 'CWE-1004', + name: "Sensitive Cookie Without 'HttpOnly' Flag", + status: 'Incomplete', + }, + { + id: 'CWE-1007', + name: 'Insufficient Visual Distinction of Homoglyphs Presented to User', + status: 'Incomplete', + }, + { + id: 'CWE-102', + name: 'Struts: Duplicate Validation Forms', + status: 'Incomplete', + }, + { + id: 'CWE-1021', + name: 'Improper Restriction of Rendered UI Layers or Frames', + status: 'Incomplete', + }, + { + id: 'CWE-1022', + name: 'Use of Web Link to Untrusted Target with window.opener Access', + status: 'Incomplete', + }, + { + id: 'CWE-1023', + name: 'Incomplete Comparison with Missing Factors', + status: 'Incomplete', + }, + { + id: 'CWE-1024', + name: 'Comparison of Incompatible Types', + status: 'Incomplete', + }, + { + id: 'CWE-1025', + name: 'Comparison Using Wrong Factors', + status: 'Incomplete', + }, + { + id: 'CWE-103', + name: 'Struts: Incomplete validate() Method Definition', + status: 'Draft', + }, + { + id: 'CWE-1037', + name: 'Processor Optimization Removal or Modification of Security-critical Code', + status: 'Incomplete', + }, + { + id: 'CWE-1038', + name: 'Insecure Automated Optimizations', + status: 'Draft', + }, + { + id: 'CWE-1039', + name: 'Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations', + status: 'Incomplete', + }, + { + id: 'CWE-104', + name: 'Struts: Form Bean Does Not Extend Validation Class', + status: 'Draft', + }, + { id: 'CWE-1041', name: 'Use of Redundant Code', status: 'Incomplete' }, + { + id: 'CWE-1042', + name: 'Static Member Data Element outside of a Singleton Class Element', + status: 'Incomplete', + }, + { + id: 'CWE-1043', + name: 'Data Element Aggregating an Excessively Large Number of Non-Primitive Elements', + status: 'Incomplete', + }, + { + id: 'CWE-1044', + name: 'Architecture with Number of Horizontal Layers Outside of Expected Range', + status: 'Incomplete', + }, + { + id: 'CWE-1045', + name: 'Parent Class with a Virtual Destructor and a Child Class without a Virtual Destructor', + status: 'Incomplete', + }, + { + id: 'CWE-1046', + name: 'Creation of Immutable Text Using String Concatenation', + status: 'Incomplete', + }, + { + id: 'CWE-1047', + name: 'Modules with Circular Dependencies', + status: 'Incomplete', + }, + { + id: 'CWE-1048', + name: 'Invokable Control Element with Large Number of Outward Calls', + status: 'Incomplete', + }, + { + id: 'CWE-1049', + name: 'Excessive Data Query Operations in a Large Data Table', + status: 'Incomplete', + }, + { + id: 'CWE-105', + name: 'Struts: Form Field Without Validator', + status: 'Draft', + }, + { + id: 'CWE-1050', + name: 'Excessive Platform Resource Consumption within a Loop', + status: 'Incomplete', + }, + { + id: 'CWE-1051', + name: 'Initialization with Hard-Coded Network Resource Configuration Data', + status: 'Incomplete', + }, + { + id: 'CWE-1052', + name: 'Excessive Use of Hard-Coded Literals in Initialization', + status: 'Incomplete', + }, + { + id: 'CWE-1053', + name: 'Missing Documentation for Design', + status: 'Incomplete', + }, + { + id: 'CWE-1054', + name: 'Invocation of a Control Element at an Unnecessarily Deep Horizontal Layer', + status: 'Incomplete', + }, + { + id: 'CWE-1055', + name: 'Multiple Inheritance from Concrete Classes', + status: 'Incomplete', + }, + { + id: 'CWE-1056', + name: 'Invokable Control Element with Variadic Parameters', + status: 'Incomplete', + }, + { + id: 'CWE-1057', + name: 'Data Access Operations Outside of Expected Data Manager Component', + status: 'Incomplete', + }, + { + id: 'CWE-1058', + name: 'Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element', + status: 'Incomplete', + }, + { id: 'CWE-1059', name: 'Incomplete Documentation', status: 'Incomplete' }, + { + id: 'CWE-106', + name: 'Struts: Plug-in Framework not in Use', + status: 'Draft', + }, + { + id: 'CWE-1060', + name: 'Excessive Number of Inefficient Server-Side Data Accesses', + status: 'Incomplete', + }, + { + id: 'CWE-1061', + name: 'Insufficient Encapsulation', + status: 'Incomplete', + }, + { + id: 'CWE-1062', + name: 'Parent Class with References to Child Class', + status: 'Incomplete', + }, + { + id: 'CWE-1063', + name: 'Creation of Class Instance within a Static Code Block', + status: 'Incomplete', + }, + { + id: 'CWE-1064', + name: 'Invokable Control Element with Signature Containing an Excessive Number of Parameters', + status: 'Incomplete', + }, + { + id: 'CWE-1065', + name: 'Runtime Resource Management Control Element in a Component Built to Run on Application Servers', + status: 'Incomplete', + }, + { + id: 'CWE-1066', + name: 'Missing Serialization Control Element', + status: 'Incomplete', + }, + { + id: 'CWE-1067', + name: 'Excessive Execution of Sequential Searches of Data Resource', + status: 'Incomplete', + }, + { + id: 'CWE-1068', + name: 'Inconsistency Between Implementation and Documented Design', + status: 'Incomplete', + }, + { id: 'CWE-1069', name: 'Empty Exception Block', status: 'Incomplete' }, + { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, + { + id: 'CWE-1070', + name: 'Serializable Data Element Containing non-Serializable Item Elements', + status: 'Incomplete', + }, + { id: 'CWE-1071', name: 'Empty Code Block', status: 'Incomplete' }, + { + id: 'CWE-1072', + name: 'Data Resource Access without Use of Connection Pooling', + status: 'Incomplete', + }, + { + id: 'CWE-1073', + name: 'Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses', + status: 'Incomplete', + }, + { + id: 'CWE-1074', + name: 'Class with Excessively Deep Inheritance', + status: 'Incomplete', + }, + { + id: 'CWE-1075', + name: 'Unconditional Control Flow Transfer outside of Switch Block', + status: 'Incomplete', + }, + { + id: 'CWE-1076', + name: 'Insufficient Adherence to Expected Conventions', + status: 'Incomplete', + }, + { + id: 'CWE-1077', + name: 'Floating Point Comparison with Incorrect Operator', + status: 'Incomplete', + }, + { + id: 'CWE-1078', + name: 'Inappropriate Source Code Style or Formatting', + status: 'Incomplete', + }, + { + id: 'CWE-1079', + name: 'Parent Class without Virtual Destructor Method', + status: 'Incomplete', + }, + { + id: 'CWE-108', + name: 'Struts: Unvalidated Action Form', + status: 'Incomplete', + }, + { + id: 'CWE-1080', + name: 'Source Code File with Excessive Number of Lines of Code', + status: 'Incomplete', + }, + { + id: 'CWE-1082', + name: 'Class Instance Self Destruction Control Element', + status: 'Incomplete', + }, + { + id: 'CWE-1083', + name: 'Data Access from Outside Expected Data Manager Component', + status: 'Incomplete', + }, + { + id: 'CWE-1084', + name: 'Invokable Control Element with Excessive File or Data Access Operations', + status: 'Incomplete', + }, + { + id: 'CWE-1085', + name: 'Invokable Control Element with Excessive Volume of Commented-out Code', + status: 'Incomplete', + }, + { + id: 'CWE-1086', + name: 'Class with Excessive Number of Child Classes', + status: 'Incomplete', + }, + { + id: 'CWE-1087', + name: 'Class with Virtual Method without a Virtual Destructor', + status: 'Incomplete', + }, + { + id: 'CWE-1088', + name: 'Synchronous Access of Remote Resource without Timeout', + status: 'Incomplete', + }, + { + id: 'CWE-1089', + name: 'Large Data Table with Excessive Number of Indices', + status: 'Incomplete', + }, + { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, + { + id: 'CWE-1090', + name: 'Method Containing Access of a Member Element from Another Class', + status: 'Incomplete', + }, + { + id: 'CWE-1091', + name: 'Use of Object without Invoking Destructor Method', + status: 'Incomplete', + }, + { + id: 'CWE-1092', + name: 'Use of Same Invokable Control Element in Multiple Architectural Layers', + status: 'Incomplete', + }, + { + id: 'CWE-1093', + name: 'Excessively Complex Data Representation', + status: 'Incomplete', + }, + { + id: 'CWE-1094', + name: 'Excessive Index Range Scan for a Data Resource', + status: 'Incomplete', + }, + { + id: 'CWE-1095', + name: 'Loop Condition Value Update within the Loop', + status: 'Incomplete', + }, + { + id: 'CWE-1096', + name: 'Singleton Class Instance Creation without Proper Locking or Synchronization', + status: 'Incomplete', + }, + { + id: 'CWE-1097', + name: 'Persistent Storable Data Element without Associated Comparison Control Element', + status: 'Incomplete', + }, + { + id: 'CWE-1098', + name: 'Data Element containing Pointer Item without Proper Copy Control Element', + status: 'Incomplete', + }, + { + id: 'CWE-1099', + name: 'Inconsistent Naming Conventions for Identifiers', + status: 'Incomplete', + }, + { + id: 'CWE-11', + name: 'ASP.NET Misconfiguration: Creating Debug Binary', + status: 'Draft', + }, + { + id: 'CWE-110', + name: 'Struts: Validator Without Form Field', + status: 'Draft', + }, + { + id: 'CWE-1100', + name: 'Insufficient Isolation of System-Dependent Functions', + status: 'Incomplete', + }, + { + id: 'CWE-1101', + name: 'Reliance on Runtime Component in Generated Code', + status: 'Incomplete', + }, + { + id: 'CWE-1102', + name: 'Reliance on Machine-Dependent Data Representation', + status: 'Incomplete', + }, + { + id: 'CWE-1103', + name: 'Use of Platform-Dependent Third Party Components', + status: 'Incomplete', + }, + { + id: 'CWE-1104', + name: 'Use of Unmaintained Third Party Components', + status: 'Incomplete', + }, + { + id: 'CWE-1105', + name: 'Insufficient Encapsulation of Machine-Dependent Functionality', + status: 'Incomplete', + }, + { + id: 'CWE-1106', + name: 'Insufficient Use of Symbolic Constants', + status: 'Incomplete', + }, + { + id: 'CWE-1107', + name: 'Insufficient Isolation of Symbolic Constant Definitions', + status: 'Incomplete', + }, + { + id: 'CWE-1108', + name: 'Excessive Reliance on Global Variables', + status: 'Incomplete', + }, + { + id: 'CWE-1109', + name: 'Use of Same Variable for Multiple Purposes', + status: 'Incomplete', + }, + { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, + { + id: 'CWE-1110', + name: 'Incomplete Design Documentation', + status: 'Incomplete', + }, + { + id: 'CWE-1111', + name: 'Incomplete I/O Documentation', + status: 'Incomplete', + }, + { + id: 'CWE-1112', + name: 'Incomplete Documentation of Program Execution', + status: 'Incomplete', + }, + { + id: 'CWE-1113', + name: 'Inappropriate Comment Style', + status: 'Incomplete', + }, + { + id: 'CWE-1114', + name: 'Inappropriate Whitespace Style', + status: 'Incomplete', + }, + { + id: 'CWE-1115', + name: 'Source Code Element without Standard Prologue', + status: 'Incomplete', + }, + { id: 'CWE-1116', name: 'Inaccurate Comments', status: 'Incomplete' }, + { + id: 'CWE-1117', + name: 'Callable with Insufficient Behavioral Summary', + status: 'Incomplete', + }, + { + id: 'CWE-1118', + name: 'Insufficient Documentation of Error Handling Techniques', + status: 'Incomplete', + }, + { + id: 'CWE-1119', + name: 'Excessive Use of Unconditional Branching', + status: 'Incomplete', + }, + { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, + { id: 'CWE-1120', name: 'Excessive Code Complexity', status: 'Incomplete' }, + { + id: 'CWE-1121', + name: 'Excessive McCabe Cyclomatic Complexity', + status: 'Incomplete', + }, + { + id: 'CWE-1122', + name: 'Excessive Halstead Complexity', + status: 'Incomplete', + }, + { + id: 'CWE-1123', + name: 'Excessive Use of Self-Modifying Code', + status: 'Incomplete', + }, + { id: 'CWE-1124', name: 'Excessively Deep Nesting', status: 'Incomplete' }, + { id: 'CWE-1125', name: 'Excessive Attack Surface', status: 'Incomplete' }, + { + id: 'CWE-1126', + name: 'Declaration of Variable with Unnecessarily Wide Scope', + status: 'Incomplete', + }, + { + id: 'CWE-1127', + name: 'Compilation with Insufficient Warnings or Errors', + status: 'Incomplete', + }, + { + id: 'CWE-113', + name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')", + status: 'Incomplete', + }, + { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, + { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, + { + id: 'CWE-116', + name: 'Improper Encoding or Escaping of Output', + status: 'Draft', + }, + { id: 'CWE-1164', name: 'Irrelevant Code', status: 'Incomplete' }, + { + id: 'CWE-117', + name: 'Improper Output Neutralization for Logs', + status: 'Draft', + }, + { + id: 'CWE-1173', + name: 'Improper Use of Validation Framework', + status: 'Draft', + }, + { + id: 'CWE-1174', + name: 'ASP.NET Misconfiguration: Improper Model Validation', + status: 'Draft', + }, + { + id: 'CWE-1176', + name: 'Inefficient CPU Computation', + status: 'Incomplete', + }, + { id: 'CWE-1177', name: 'Use of Prohibited Code', status: 'Incomplete' }, + { + id: 'CWE-118', + name: "Incorrect Access of Indexable Resource ('Range Error')", + status: 'Incomplete', + }, + { + id: 'CWE-1187', + name: 'Use of Uninitialized Resource', + status: 'Incomplete', + }, + { + id: 'CWE-1188', + name: 'Insecure Default Initialization of Resource', + status: 'Incomplete', + }, + { + id: 'CWE-119', + name: 'Improper Restriction of Operations within the Bounds of a Memory Buffer', + status: 'Usable', + }, + { + id: 'CWE-12', + name: 'ASP.NET Misconfiguration: Missing Custom Error Page', + status: 'Draft', + }, + { + id: 'CWE-120', + name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", + status: 'Incomplete', + }, + { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, + { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, + { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, + { + id: 'CWE-124', + name: "Buffer Underwrite ('Buffer Underflow')", + status: 'Incomplete', + }, + { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, + { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, + { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, + { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, + { + id: 'CWE-129', + name: 'Improper Validation of Array Index', + status: 'Draft', + }, + { + id: 'CWE-13', + name: 'ASP.NET Misconfiguration: Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-130', + name: 'Improper Handling of Length Parameter Inconsistency ', + status: 'Incomplete', + }, + { + id: 'CWE-131', + name: 'Incorrect Calculation of Buffer Size', + status: 'Draft', + }, + { + id: 'CWE-132', + name: 'DEPRECATED (Duplicate): Miscalculated Null Termination', + status: 'Deprecated', + }, + { + id: 'CWE-134', + name: 'Use of Externally-Controlled Format String', + status: 'Draft', + }, + { + id: 'CWE-135', + name: 'Incorrect Calculation of Multi-Byte String Length', + status: 'Draft', + }, + { + id: 'CWE-138', + name: 'Improper Neutralization of Special Elements', + status: 'Draft', + }, + { + id: 'CWE-14', + name: 'Compiler Removal of Code to Clear Buffers', + status: 'Draft', + }, + { + id: 'CWE-140', + name: 'Improper Neutralization of Delimiters', + status: 'Draft', + }, + { + id: 'CWE-141', + name: 'Improper Neutralization of Parameter/Argument Delimiters', + status: 'Draft', + }, + { + id: 'CWE-142', + name: 'Improper Neutralization of Value Delimiters', + status: 'Draft', + }, + { + id: 'CWE-143', + name: 'Improper Neutralization of Record Delimiters', + status: 'Draft', + }, + { + id: 'CWE-144', + name: 'Improper Neutralization of Line Delimiters', + status: 'Draft', + }, + { + id: 'CWE-145', + name: 'Improper Neutralization of Section Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-146', + name: 'Improper Neutralization of Expression/Command Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-147', + name: 'Improper Neutralization of Input Terminators', + status: 'Draft', + }, + { + id: 'CWE-148', + name: 'Improper Neutralization of Input Leaders', + status: 'Draft', + }, + { + id: 'CWE-149', + name: 'Improper Neutralization of Quoting Syntax', + status: 'Draft', + }, + { + id: 'CWE-15', + name: 'External Control of System or Configuration Setting', + status: 'Incomplete', + }, + { + id: 'CWE-150', + name: 'Improper Neutralization of Escape, Meta, or Control Sequences', + status: 'Incomplete', + }, + { + id: 'CWE-151', + name: 'Improper Neutralization of Comment Delimiters', + status: 'Draft', + }, + { + id: 'CWE-152', + name: 'Improper Neutralization of Macro Symbols', + status: 'Draft', + }, + { + id: 'CWE-153', + name: 'Improper Neutralization of Substitution Characters', + status: 'Draft', + }, + { + id: 'CWE-154', + name: 'Improper Neutralization of Variable Name Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-155', + name: 'Improper Neutralization of Wildcards or Matching Symbols', + status: 'Draft', + }, + { + id: 'CWE-156', + name: 'Improper Neutralization of Whitespace', + status: 'Draft', + }, + { + id: 'CWE-157', + name: 'Failure to Sanitize Paired Delimiters', + status: 'Draft', + }, + { + id: 'CWE-158', + name: 'Improper Neutralization of Null Byte or NUL Character', + status: 'Incomplete', + }, + { + id: 'CWE-159', + name: 'Failure to Sanitize Special Element', + status: 'Draft', + }, + { + id: 'CWE-160', + name: 'Improper Neutralization of Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-161', + name: 'Improper Neutralization of Multiple Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-162', + name: 'Improper Neutralization of Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-163', + name: 'Improper Neutralization of Multiple Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-164', + name: 'Improper Neutralization of Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-165', + name: 'Improper Neutralization of Multiple Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-166', + name: 'Improper Handling of Missing Special Element', + status: 'Draft', + }, + { + id: 'CWE-167', + name: 'Improper Handling of Additional Special Element', + status: 'Draft', + }, + { + id: 'CWE-168', + name: 'Improper Handling of Inconsistent Special Elements', + status: 'Draft', + }, + { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, + { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, + { + id: 'CWE-173', + name: 'Improper Handling of Alternate Encoding', + status: 'Draft', + }, + { + id: 'CWE-174', + name: 'Double Decoding of the Same Data', + status: 'Draft', + }, + { + id: 'CWE-175', + name: 'Improper Handling of Mixed Encoding', + status: 'Draft', + }, + { + id: 'CWE-176', + name: 'Improper Handling of Unicode Encoding', + status: 'Draft', + }, + { + id: 'CWE-177', + name: 'Improper Handling of URL Encoding (Hex Encoding)', + status: 'Draft', + }, + { + id: 'CWE-178', + name: 'Improper Handling of Case Sensitivity', + status: 'Incomplete', + }, + { + id: 'CWE-179', + name: 'Incorrect Behavior Order: Early Validation', + status: 'Incomplete', + }, + { + id: 'CWE-180', + name: 'Incorrect Behavior Order: Validate Before Canonicalize', + status: 'Draft', + }, + { + id: 'CWE-181', + name: 'Incorrect Behavior Order: Validate Before Filter', + status: 'Draft', + }, + { + id: 'CWE-182', + name: 'Collapse of Data into Unsafe Value', + status: 'Draft', + }, + { id: 'CWE-183', name: 'Permissive Whitelist', status: 'Draft' }, + { id: 'CWE-184', name: 'Incomplete Blacklist', status: 'Draft' }, + { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, + { + id: 'CWE-186', + name: 'Overly Restrictive Regular Expression', + status: 'Draft', + }, + { id: 'CWE-187', name: 'Partial String Comparison', status: 'Incomplete' }, + { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, + { + id: 'CWE-190', + name: 'Integer Overflow or Wraparound', + status: 'Incomplete', + }, + { + id: 'CWE-191', + name: 'Integer Underflow (Wrap or Wraparound)', + status: 'Draft', + }, + { id: 'CWE-192', name: 'Integer Coercion Error', status: 'Incomplete' }, + { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, + { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, + { + id: 'CWE-195', + name: 'Signed to Unsigned Conversion Error', + status: 'Draft', + }, + { + id: 'CWE-196', + name: 'Unsigned to Signed Conversion Error', + status: 'Draft', + }, + { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, + { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, + { id: 'CWE-20', name: 'Improper Input Validation', status: 'Usable' }, + { id: 'CWE-200', name: 'Information Exposure', status: 'Incomplete' }, + { + id: 'CWE-201', + name: 'Information Exposure Through Sent Data', + status: 'Draft', + }, + { + id: 'CWE-202', + name: 'Exposure of Sensitive Data Through Data Queries', + status: 'Draft', + }, + { + id: 'CWE-203', + name: 'Information Exposure Through Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-204', + name: 'Response Discrepancy Information Exposure', + status: 'Incomplete', + }, + { + id: 'CWE-205', + name: 'Information Exposure Through Behavioral Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-206', + name: 'Information Exposure of Internal State Through Behavioral Inconsistency', + status: 'Incomplete', + }, + { + id: 'CWE-207', + name: 'Information Exposure Through an External Behavioral Inconsistency', + status: 'Draft', + }, + { + id: 'CWE-208', + name: 'Information Exposure Through Timing Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-209', + name: 'Information Exposure Through an Error Message', + status: 'Draft', + }, + { + id: 'CWE-210', + name: 'Information Exposure Through Self-generated Error Message', + status: 'Draft', + }, + { + id: 'CWE-211', + name: 'Information Exposure Through Externally-Generated Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-212', + name: 'Improper Cross-boundary Removal of Sensitive Data', + status: 'Incomplete', + }, + { + id: 'CWE-213', + name: 'Intentional Information Exposure', + status: 'Draft', + }, + { + id: 'CWE-214', + name: 'Information Exposure Through Process Environment', + status: 'Incomplete', + }, + { + id: 'CWE-215', + name: 'Information Exposure Through Debug Information', + status: 'Draft', + }, + { + id: 'CWE-216', + name: 'Containment Errors (Container Errors)', + status: 'Incomplete', + }, + { + id: 'CWE-217', + name: 'DEPRECATED: Failure to Protect Stored Data from Modification', + status: 'Deprecated', + }, + { + id: 'CWE-218', + name: 'DEPRECATED (Duplicate): Failure to provide confidentiality for stored data', + status: 'Deprecated', + }, + { id: 'CWE-219', name: 'Sensitive Data Under Web Root', status: 'Draft' }, + { + id: 'CWE-22', + name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + status: 'Draft', + }, + { id: 'CWE-220', name: 'Sensitive Data Under FTP Root', status: 'Draft' }, + { + id: 'CWE-221', + name: 'Information Loss or Omission', + status: 'Incomplete', + }, + { + id: 'CWE-222', + name: 'Truncation of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-223', + name: 'Omission of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-224', + name: 'Obscured Security-relevant Information by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-225', + name: 'DEPRECATED (Duplicate): General Information Management Problems', + status: 'Deprecated', + }, + { + id: 'CWE-226', + name: 'Sensitive Information Uncleared Before Release', + status: 'Draft', + }, + { + id: 'CWE-228', + name: 'Improper Handling of Syntactically Invalid Structure', + status: 'Incomplete', + }, + { + id: 'CWE-229', + name: 'Improper Handling of Values', + status: 'Incomplete', + }, + { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, + { + id: 'CWE-230', + name: 'Improper Handling of Missing Values', + status: 'Draft', + }, + { + id: 'CWE-231', + name: 'Improper Handling of Extra Values', + status: 'Draft', + }, + { + id: 'CWE-232', + name: 'Improper Handling of Undefined Values', + status: 'Draft', + }, + { + id: 'CWE-233', + name: 'Improper Handling of Parameters', + status: 'Incomplete', + }, + { + id: 'CWE-234', + name: 'Failure to Handle Missing Parameter', + status: 'Incomplete', + }, + { + id: 'CWE-235', + name: 'Improper Handling of Extra Parameters', + status: 'Draft', + }, + { + id: 'CWE-236', + name: 'Improper Handling of Undefined Parameters', + status: 'Draft', + }, + { + id: 'CWE-237', + name: 'Improper Handling of Structural Elements', + status: 'Incomplete', + }, + { + id: 'CWE-238', + name: 'Improper Handling of Incomplete Structural Elements', + status: 'Draft', + }, + { + id: 'CWE-239', + name: 'Failure to Handle Incomplete Element', + status: 'Draft', + }, + { + id: 'CWE-24', + name: "Path Traversal: '../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-240', + name: 'Improper Handling of Inconsistent Structural Elements', + status: 'Draft', + }, + { + id: 'CWE-241', + name: 'Improper Handling of Unexpected Data Type', + status: 'Draft', + }, + { + id: 'CWE-242', + name: 'Use of Inherently Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-243', + name: 'Creation of chroot Jail Without Changing Working Directory', + status: 'Draft', + }, + { + id: 'CWE-244', + name: "Improper Clearing of Heap Memory Before Release ('Heap Inspection')", + status: 'Draft', + }, + { + id: 'CWE-245', + name: 'J2EE Bad Practices: Direct Management of Connections', + status: 'Draft', + }, + { + id: 'CWE-246', + name: 'J2EE Bad Practices: Direct Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-247', + name: 'DEPRECATED (Duplicate): Reliance on DNS Lookups in a Security Decision', + status: 'Deprecated', + }, + { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, + { + id: 'CWE-249', + name: 'DEPRECATED: Often Misused: Path Manipulation', + status: 'Deprecated', + }, + { + id: 'CWE-25', + name: "Path Traversal: '/../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-250', + name: 'Execution with Unnecessary Privileges', + status: 'Draft', + }, + { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, + { + id: 'CWE-253', + name: 'Incorrect Check of Function Return Value', + status: 'Incomplete', + }, + { + id: 'CWE-256', + name: 'Unprotected Storage of Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-257', + name: 'Storing Passwords in a Recoverable Format', + status: 'Incomplete', + }, + { + id: 'CWE-258', + name: 'Empty Password in Configuration File', + status: 'Incomplete', + }, + { id: 'CWE-259', name: 'Use of Hard-coded Password', status: 'Draft' }, + { + id: 'CWE-26', + name: "Path Traversal: '/dir/../filename'", + status: 'Draft', + }, + { + id: 'CWE-260', + name: 'Password in Configuration File', + status: 'Incomplete', + }, + { + id: 'CWE-261', + name: 'Weak Cryptography for Passwords', + status: 'Incomplete', + }, + { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, + { + id: 'CWE-263', + name: 'Password Aging with Long Expiration', + status: 'Draft', + }, + { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, + { + id: 'CWE-267', + name: 'Privilege Defined With Unsafe Actions', + status: 'Incomplete', + }, + { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, + { + id: 'CWE-269', + name: 'Improper Privilege Management', + status: 'Incomplete', + }, + { + id: 'CWE-27', + name: "Path Traversal: 'dir/../../filename'", + status: 'Draft', + }, + { + id: 'CWE-270', + name: 'Privilege Context Switching Error', + status: 'Draft', + }, + { + id: 'CWE-271', + name: 'Privilege Dropping / Lowering Errors', + status: 'Incomplete', + }, + { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, + { + id: 'CWE-273', + name: 'Improper Check for Dropped Privileges', + status: 'Incomplete', + }, + { + id: 'CWE-274', + name: 'Improper Handling of Insufficient Privileges', + status: 'Draft', + }, + { id: 'CWE-276', name: 'Incorrect Default Permissions', status: 'Draft' }, + { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, + { + id: 'CWE-278', + name: 'Insecure Preserved Inherited Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-279', + name: 'Incorrect Execution-Assigned Permissions', + status: 'Draft', + }, + { + id: 'CWE-28', + name: "Path Traversal: '..\\filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-280', + name: 'Improper Handling of Insufficient Permissions or Privileges ', + status: 'Draft', + }, + { + id: 'CWE-281', + name: 'Improper Preservation of Permissions', + status: 'Draft', + }, + { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, + { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, + { id: 'CWE-284', name: 'Improper Access Control', status: 'Incomplete' }, + { id: 'CWE-285', name: 'Improper Authorization', status: 'Draft' }, + { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, + { id: 'CWE-287', name: 'Improper Authentication', status: 'Draft' }, + { + id: 'CWE-288', + name: 'Authentication Bypass Using an Alternate Path or Channel', + status: 'Incomplete', + }, + { + id: 'CWE-289', + name: 'Authentication Bypass by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-29', + name: "Path Traversal: '\\..\\filename'", + status: 'Incomplete', + }, + { + id: 'CWE-290', + name: 'Authentication Bypass by Spoofing', + status: 'Incomplete', + }, + { + id: 'CWE-291', + name: 'Reliance on IP Address for Authentication', + status: 'Incomplete', + }, + { + id: 'CWE-292', + name: 'DEPRECATED (Duplicate): Trusting Self-reported DNS Name', + status: 'Deprecated', + }, + { + id: 'CWE-293', + name: 'Using Referer Field for Authentication', + status: 'Draft', + }, + { + id: 'CWE-294', + name: 'Authentication Bypass by Capture-replay', + status: 'Incomplete', + }, + { + id: 'CWE-295', + name: 'Improper Certificate Validation', + status: 'Incomplete', + }, + { + id: 'CWE-296', + name: "Improper Following of a Certificate's Chain of Trust", + status: 'Draft', + }, + { + id: 'CWE-297', + name: 'Improper Validation of Certificate with Host Mismatch', + status: 'Incomplete', + }, + { + id: 'CWE-298', + name: 'Improper Validation of Certificate Expiration', + status: 'Draft', + }, + { + id: 'CWE-299', + name: 'Improper Check for Certificate Revocation', + status: 'Draft', + }, + { + id: 'CWE-30', + name: "Path Traversal: '\\dir\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-300', + name: "Channel Accessible by Non-Endpoint ('Man-in-the-Middle')", + status: 'Draft', + }, + { + id: 'CWE-301', + name: 'Reflection Attack in an Authentication Protocol', + status: 'Draft', + }, + { + id: 'CWE-302', + name: 'Authentication Bypass by Assumed-Immutable Data', + status: 'Incomplete', + }, + { + id: 'CWE-303', + name: 'Incorrect Implementation of Authentication Algorithm', + status: 'Draft', + }, + { + id: 'CWE-304', + name: 'Missing Critical Step in Authentication', + status: 'Draft', + }, + { + id: 'CWE-305', + name: 'Authentication Bypass by Primary Weakness', + status: 'Draft', + }, + { + id: 'CWE-306', + name: 'Missing Authentication for Critical Function', + status: 'Draft', + }, + { + id: 'CWE-307', + name: 'Improper Restriction of Excessive Authentication Attempts', + status: 'Draft', + }, + { + id: 'CWE-308', + name: 'Use of Single-factor Authentication', + status: 'Draft', + }, + { + id: 'CWE-309', + name: 'Use of Password System for Primary Authentication', + status: 'Draft', + }, + { + id: 'CWE-31', + name: "Path Traversal: 'dir\\..\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-311', + name: 'Missing Encryption of Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-312', + name: 'Cleartext Storage of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-313', + name: 'Cleartext Storage in a File or on Disk', + status: 'Draft', + }, + { + id: 'CWE-314', + name: 'Cleartext Storage in the Registry', + status: 'Draft', + }, + { + id: 'CWE-315', + name: 'Cleartext Storage of Sensitive Information in a Cookie', + status: 'Draft', + }, + { + id: 'CWE-316', + name: 'Cleartext Storage of Sensitive Information in Memory', + status: 'Draft', + }, + { + id: 'CWE-317', + name: 'Cleartext Storage of Sensitive Information in GUI', + status: 'Draft', + }, + { + id: 'CWE-318', + name: 'Cleartext Storage of Sensitive Information in Executable', + status: 'Draft', + }, + { + id: 'CWE-319', + name: 'Cleartext Transmission of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-32', + name: "Path Traversal: '...' (Triple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-321', + name: 'Use of Hard-coded Cryptographic Key', + status: 'Draft', + }, + { + id: 'CWE-322', + name: 'Key Exchange without Entity Authentication', + status: 'Draft', + }, + { + id: 'CWE-323', + name: 'Reusing a Nonce, Key Pair in Encryption', + status: 'Incomplete', + }, + { + id: 'CWE-324', + name: 'Use of a Key Past its Expiration Date', + status: 'Draft', + }, + { + id: 'CWE-325', + name: 'Missing Required Cryptographic Step', + status: 'Incomplete', + }, + { id: 'CWE-326', name: 'Inadequate Encryption Strength', status: 'Draft' }, + { + id: 'CWE-327', + name: 'Use of a Broken or Risky Cryptographic Algorithm', + status: 'Draft', + }, + { id: 'CWE-328', name: 'Reversible One-Way Hash', status: 'Draft' }, + { + id: 'CWE-329', + name: 'Not Using a Random IV with CBC Mode', + status: 'Draft', + }, + { + id: 'CWE-33', + name: "Path Traversal: '....' (Multiple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-330', + name: 'Use of Insufficiently Random Values', + status: 'Usable', + }, + { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, + { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, + { + id: 'CWE-333', + name: 'Improper Handling of Insufficient Entropy in TRNG', + status: 'Draft', + }, + { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, + { + id: 'CWE-335', + name: 'Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + }, + { + id: 'CWE-336', + name: 'Same Seed in Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + }, + { + id: 'CWE-337', + name: 'Predictable Seed in Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + }, + { + id: 'CWE-338', + name: 'Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + }, + { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, + { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, + { id: 'CWE-340', name: 'Predictability Problems', status: 'Incomplete' }, + { + id: 'CWE-341', + name: 'Predictable from Observable State', + status: 'Draft', + }, + { + id: 'CWE-342', + name: 'Predictable Exact Value from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-343', + name: 'Predictable Value Range from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-344', + name: 'Use of Invariant Value in Dynamically Changing Context', + status: 'Draft', + }, + { + id: 'CWE-345', + name: 'Insufficient Verification of Data Authenticity', + status: 'Draft', + }, + { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, + { + id: 'CWE-347', + name: 'Improper Verification of Cryptographic Signature', + status: 'Draft', + }, + { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, + { + id: 'CWE-349', + name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', + status: 'Draft', + }, + { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, + { + id: 'CWE-350', + name: 'Reliance on Reverse DNS Resolution for a Security-Critical Action', + status: 'Draft', + }, + { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, + { + id: 'CWE-352', + name: 'Cross-Site Request Forgery (CSRF)', + status: 'Draft', + }, + { + id: 'CWE-353', + name: 'Missing Support for Integrity Check', + status: 'Draft', + }, + { + id: 'CWE-354', + name: 'Improper Validation of Integrity Check Value', + status: 'Draft', + }, + { + id: 'CWE-356', + name: 'Product UI does not Warn User of Unsafe Actions', + status: 'Incomplete', + }, + { + id: 'CWE-357', + name: 'Insufficient UI Warning of Dangerous Operations', + status: 'Draft', + }, + { + id: 'CWE-358', + name: 'Improperly Implemented Security Check for Standard', + status: 'Draft', + }, + { + id: 'CWE-359', + name: "Exposure of Private Information ('Privacy Violation')", + status: 'Incomplete', + }, + { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, + { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, + { + id: 'CWE-362', + name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", + status: 'Draft', + }, + { + id: 'CWE-363', + name: 'Race Condition Enabling Link Following', + status: 'Draft', + }, + { + id: 'CWE-364', + name: 'Signal Handler Race Condition', + status: 'Incomplete', + }, + { id: 'CWE-365', name: 'Race Condition in Switch', status: 'Draft' }, + { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, + { + id: 'CWE-367', + name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', + status: 'Incomplete', + }, + { + id: 'CWE-368', + name: 'Context Switching Race Condition', + status: 'Draft', + }, + { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, + { + id: 'CWE-37', + name: "Path Traversal: '/absolute/pathname/here'", + status: 'Draft', + }, + { + id: 'CWE-370', + name: 'Missing Check for Certificate Revocation after Initial Check', + status: 'Draft', + }, + { + id: 'CWE-372', + name: 'Incomplete Internal State Distinction', + status: 'Draft', + }, + { + id: 'CWE-373', + name: 'DEPRECATED: State Synchronization Error', + status: 'Deprecated', + }, + { + id: 'CWE-374', + name: 'Passing Mutable Objects to an Untrusted Method', + status: 'Draft', + }, + { + id: 'CWE-375', + name: 'Returning a Mutable Object to an Untrusted Caller', + status: 'Draft', + }, + { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, + { + id: 'CWE-378', + name: 'Creation of Temporary File With Insecure Permissions', + status: 'Draft', + }, + { + id: 'CWE-379', + name: 'Creation of Temporary File in Directory with Incorrect Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-38', + name: "Path Traversal: '\\absolute\\pathname\\here'", + status: 'Draft', + }, + { + id: 'CWE-382', + name: 'J2EE Bad Practices: Use of System.exit()', + status: 'Draft', + }, + { + id: 'CWE-383', + name: 'J2EE Bad Practices: Direct Use of Threads', + status: 'Draft', + }, + { id: 'CWE-384', name: 'Session Fixation', status: 'Incomplete' }, + { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, + { + id: 'CWE-386', + name: 'Symbolic Name not Mapping to Correct Object', + status: 'Draft', + }, + { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, + { + id: 'CWE-390', + name: 'Detection of Error Condition Without Action', + status: 'Draft', + }, + { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, + { + id: 'CWE-392', + name: 'Missing Report of Error Condition', + status: 'Draft', + }, + { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, + { + id: 'CWE-394', + name: 'Unexpected Status Code or Return Value', + status: 'Draft', + }, + { + id: 'CWE-395', + name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', + status: 'Draft', + }, + { + id: 'CWE-396', + name: 'Declaration of Catch for Generic Exception', + status: 'Draft', + }, + { + id: 'CWE-397', + name: 'Declaration of Throws for Generic Exception', + status: 'Draft', + }, + { + id: 'CWE-40', + name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", + status: 'Draft', + }, + { + id: 'CWE-400', + name: 'Uncontrolled Resource Consumption', + status: 'Incomplete', + }, + { + id: 'CWE-401', + name: 'Missing Release of Memory after Effective Lifetime', + status: 'Draft', + }, + { + id: 'CWE-402', + name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", + status: 'Draft', + }, + { + id: 'CWE-403', + name: "Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')", + status: 'Draft', + }, + { + id: 'CWE-404', + name: 'Improper Resource Shutdown or Release', + status: 'Draft', + }, + { + id: 'CWE-405', + name: 'Asymmetric Resource Consumption (Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-406', + name: 'Insufficient Control of Network Message Volume (Network Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-407', + name: 'Inefficient Algorithmic Complexity', + status: 'Incomplete', + }, + { + id: 'CWE-408', + name: 'Incorrect Behavior Order: Early Amplification', + status: 'Draft', + }, + { + id: 'CWE-409', + name: 'Improper Handling of Highly Compressed Data (Data Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-41', + name: 'Improper Resolution of Path Equivalence', + status: 'Incomplete', + }, + { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, + { + id: 'CWE-412', + name: 'Unrestricted Externally Accessible Lock', + status: 'Incomplete', + }, + { id: 'CWE-413', name: 'Improper Resource Locking', status: 'Draft' }, + { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, + { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, + { id: 'CWE-416', name: 'Use After Free', status: 'Draft' }, + { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, + { + id: 'CWE-42', + name: "Path Equivalence: 'filename.' (Trailing Dot)", + status: 'Incomplete', + }, + { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, + { + id: 'CWE-421', + name: 'Race Condition During Access to Alternate Channel', + status: 'Draft', + }, + { + id: 'CWE-422', + name: "Unprotected Windows Messaging Channel ('Shatter')", + status: 'Draft', + }, + { + id: 'CWE-423', + name: 'DEPRECATED (Duplicate): Proxied Trusted Channel', + status: 'Deprecated', + }, + { + id: 'CWE-424', + name: 'Improper Protection of Alternate Path', + status: 'Draft', + }, + { + id: 'CWE-425', + name: "Direct Request ('Forced Browsing')", + status: 'Incomplete', + }, + { id: 'CWE-426', name: 'Untrusted Search Path', status: 'Draft' }, + { + id: 'CWE-427', + name: 'Uncontrolled Search Path Element', + status: 'Draft', + }, + { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, + { + id: 'CWE-43', + name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-430', + name: 'Deployment of Wrong Handler', + status: 'Incomplete', + }, + { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, + { + id: 'CWE-432', + name: 'Dangerous Signal Handler not Disabled During Sensitive Operations', + status: 'Draft', + }, + { + id: 'CWE-433', + name: 'Unparsed Raw Web Content Delivery', + status: 'Incomplete', + }, + { + id: 'CWE-434', + name: 'Unrestricted Upload of File with Dangerous Type', + status: 'Draft', + }, + { + id: 'CWE-435', + name: 'Improper Interaction Between Multiple Correctly-Behaving Entities', + status: 'Draft', + }, + { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, + { + id: 'CWE-437', + name: 'Incomplete Model of Endpoint Features', + status: 'Incomplete', + }, + { + id: 'CWE-439', + name: 'Behavioral Change in New Version or Environment', + status: 'Draft', + }, + { + id: 'CWE-44', + name: "Path Equivalence: 'file.name' (Internal Dot)", + status: 'Incomplete', + }, + { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, + { + id: 'CWE-441', + name: "Unintended Proxy or Intermediary ('Confused Deputy')", + status: 'Draft', + }, + { + id: 'CWE-443', + name: 'DEPRECATED (Duplicate): HTTP response splitting', + status: 'Deprecated', + }, + { + id: 'CWE-444', + name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')", + status: 'Incomplete', + }, + { + id: 'CWE-446', + name: 'UI Discrepancy for Security Feature', + status: 'Incomplete', + }, + { + id: 'CWE-447', + name: 'Unimplemented or Unsupported Feature in UI', + status: 'Draft', + }, + { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, + { + id: 'CWE-449', + name: 'The UI Performs the Wrong Action', + status: 'Incomplete', + }, + { + id: 'CWE-45', + name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-450', + name: 'Multiple Interpretations of UI Input', + status: 'Draft', + }, + { + id: 'CWE-451', + name: 'User Interface (UI) Misrepresentation of Critical Information', + status: 'Draft', + }, + { + id: 'CWE-453', + name: 'Insecure Default Variable Initialization', + status: 'Draft', + }, + { + id: 'CWE-454', + name: 'External Initialization of Trusted Variables or Data Stores', + status: 'Draft', + }, + { + id: 'CWE-455', + name: 'Non-exit on Failed Initialization', + status: 'Draft', + }, + { + id: 'CWE-456', + name: 'Missing Initialization of a Variable', + status: 'Draft', + }, + { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, + { + id: 'CWE-458', + name: 'DEPRECATED: Incorrect Initialization', + status: 'Deprecated', + }, + { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, + { + id: 'CWE-46', + name: "Path Equivalence: 'filename ' (Trailing Space)", + status: 'Incomplete', + }, + { + id: 'CWE-460', + name: 'Improper Cleanup on Thrown Exception', + status: 'Draft', + }, + { + id: 'CWE-462', + name: 'Duplicate Key in Associative List (Alist)', + status: 'Incomplete', + }, + { + id: 'CWE-463', + name: 'Deletion of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-464', + name: 'Addition of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-466', + name: 'Return of Pointer Value Outside of Expected Range', + status: 'Draft', + }, + { + id: 'CWE-467', + name: 'Use of sizeof() on a Pointer Type', + status: 'Draft', + }, + { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, + { + id: 'CWE-469', + name: 'Use of Pointer Subtraction to Determine Size', + status: 'Draft', + }, + { + id: 'CWE-47', + name: "Path Equivalence: ' filename' (Leading Space)", + status: 'Incomplete', + }, + { + id: 'CWE-470', + name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", + status: 'Draft', + }, + { + id: 'CWE-471', + name: 'Modification of Assumed-Immutable Data (MAID)', + status: 'Draft', + }, + { + id: 'CWE-472', + name: 'External Control of Assumed-Immutable Web Parameter', + status: 'Draft', + }, + { + id: 'CWE-473', + name: 'PHP External Variable Modification', + status: 'Draft', + }, + { + id: 'CWE-474', + name: 'Use of Function with Inconsistent Implementations', + status: 'Draft', + }, + { + id: 'CWE-475', + name: 'Undefined Behavior for Input to API', + status: 'Incomplete', + }, + { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Draft' }, + { id: 'CWE-477', name: 'Use of Obsolete Function', status: 'Draft' }, + { + id: 'CWE-478', + name: 'Missing Default Case in Switch Statement', + status: 'Draft', + }, + { + id: 'CWE-479', + name: 'Signal Handler Use of a Non-reentrant Function', + status: 'Draft', + }, + { + id: 'CWE-48', + name: "Path Equivalence: 'file name' (Internal Whitespace)", + status: 'Incomplete', + }, + { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, + { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, + { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, + { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, + { + id: 'CWE-484', + name: 'Omitted Break Statement in Switch', + status: 'Draft', + }, + { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, + { + id: 'CWE-487', + name: 'Reliance on Package-level Scope', + status: 'Incomplete', + }, + { + id: 'CWE-488', + name: 'Exposure of Data Element to Wrong Session', + status: 'Draft', + }, + { id: 'CWE-489', name: 'Leftover Debug Code', status: 'Draft' }, + { + id: 'CWE-49', + name: "Path Equivalence: 'filename/' (Trailing Slash)", + status: 'Incomplete', + }, + { + id: 'CWE-491', + name: "Public cloneable() Method Without Final ('Object Hijack')", + status: 'Draft', + }, + { + id: 'CWE-492', + name: 'Use of Inner Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-493', + name: 'Critical Public Variable Without Final Modifier', + status: 'Draft', + }, + { + id: 'CWE-494', + name: 'Download of Code Without Integrity Check', + status: 'Draft', + }, + { + id: 'CWE-495', + name: 'Private Data Structure Returned From A Public Method', + status: 'Draft', + }, + { + id: 'CWE-496', + name: 'Public Data Assigned to Private Array-Typed Field', + status: 'Incomplete', + }, + { + id: 'CWE-497', + name: 'Exposure of System Data to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-498', + name: 'Cloneable Class Containing Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-499', + name: 'Serializable Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-5', + name: 'J2EE Misconfiguration: Data Transmission Without Encryption', + status: 'Draft', + }, + { + id: 'CWE-50', + name: "Path Equivalence: '//multiple/leading/slash'", + status: 'Incomplete', + }, + { + id: 'CWE-500', + name: 'Public Static Field Not Marked Final', + status: 'Draft', + }, + { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, + { + id: 'CWE-502', + name: 'Deserialization of Untrusted Data', + status: 'Draft', + }, + { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, + { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, + { + id: 'CWE-508', + name: 'Non-Replicating Malicious Code', + status: 'Incomplete', + }, + { + id: 'CWE-509', + name: 'Replicating Malicious Code (Virus or Worm)', + status: 'Incomplete', + }, + { + id: 'CWE-51', + name: "Path Equivalence: '/multiple//internal/slash'", + status: 'Incomplete', + }, + { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, + { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, + { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, + { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, + { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, + { + id: 'CWE-516', + name: 'DEPRECATED (Duplicate): Covert Timing Channel', + status: 'Deprecated', + }, + { + id: 'CWE-52', + name: "Path Equivalence: '/multiple/trailing/slash//'", + status: 'Incomplete', + }, + { + id: 'CWE-520', + name: '.NET Misconfiguration: Use of Impersonation', + status: 'Incomplete', + }, + { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, + { + id: 'CWE-522', + name: 'Insufficiently Protected Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-523', + name: 'Unprotected Transport of Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-524', + name: 'Information Exposure Through Caching', + status: 'Incomplete', + }, + { + id: 'CWE-525', + name: 'Information Exposure Through Browser Caching', + status: 'Incomplete', + }, + { + id: 'CWE-526', + name: 'Information Exposure Through Environmental Variables', + status: 'Incomplete', + }, + { + id: 'CWE-527', + name: 'Exposure of CVS Repository to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-528', + name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', + status: 'Draft', + }, + { + id: 'CWE-529', + name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-53', + name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", + status: 'Incomplete', + }, + { + id: 'CWE-530', + name: 'Exposure of Backup File to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-531', + name: 'Information Exposure Through Test Code', + status: 'Incomplete', + }, + { + id: 'CWE-532', + name: 'Inclusion of Sensitive Information in Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-533', + name: 'DEPRECATED: Information Exposure Through Server Log Files', + status: 'Deprecated', + }, + { + id: 'CWE-534', + name: 'DEPRECATED: Information Exposure Through Debug Log Files', + status: 'Deprecated', + }, + { + id: 'CWE-535', + name: 'Information Exposure Through Shell Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-536', + name: 'Information Exposure Through Servlet Runtime Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-537', + name: 'Information Exposure Through Java Runtime Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-538', + name: 'File and Directory Information Exposure', + status: 'Draft', + }, + { + id: 'CWE-539', + name: 'Information Exposure Through Persistent Cookies', + status: 'Incomplete', + }, + { + id: 'CWE-54', + name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", + status: 'Incomplete', + }, + { + id: 'CWE-540', + name: 'Information Exposure Through Source Code', + status: 'Incomplete', + }, + { + id: 'CWE-541', + name: 'Information Exposure Through Include Source Code', + status: 'Incomplete', + }, + { + id: 'CWE-542', + name: 'DEPRECATED: Information Exposure Through Cleanup Log Files', + status: 'Deprecated', + }, + { + id: 'CWE-543', + name: 'Use of Singleton Pattern Without Synchronization in a Multithreaded Context', + status: 'Incomplete', + }, + { + id: 'CWE-544', + name: 'Missing Standardized Error Handling Mechanism', + status: 'Draft', + }, + { + id: 'CWE-545', + name: 'DEPRECATED: Use of Dynamic Class Loading', + status: 'Deprecated', + }, + { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, + { + id: 'CWE-547', + name: 'Use of Hard-coded, Security-relevant Constants', + status: 'Draft', + }, + { + id: 'CWE-548', + name: 'Information Exposure Through Directory Listing', + status: 'Draft', + }, + { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, + { + id: 'CWE-55', + name: "Path Equivalence: '/./' (Single Dot Directory)", + status: 'Incomplete', + }, + { + id: 'CWE-550', + name: 'Information Exposure Through Server Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-551', + name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', + status: 'Incomplete', + }, + { + id: 'CWE-552', + name: 'Files or Directories Accessible to External Parties', + status: 'Draft', + }, + { + id: 'CWE-553', + name: 'Command Shell in Externally Accessible Directory', + status: 'Incomplete', + }, + { + id: 'CWE-554', + name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', + status: 'Draft', + }, + { + id: 'CWE-555', + name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-556', + name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', + status: 'Incomplete', + }, + { + id: 'CWE-558', + name: 'Use of getlogin() in Multithreaded Application', + status: 'Draft', + }, + { + id: 'CWE-56', + name: "Path Equivalence: 'filedir*' (Wildcard)", + status: 'Incomplete', + }, + { + id: 'CWE-560', + name: 'Use of umask() with chmod-style Argument', + status: 'Draft', + }, + { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, + { + id: 'CWE-562', + name: 'Return of Stack Variable Address', + status: 'Draft', + }, + { + id: 'CWE-563', + name: 'Assignment to Variable without Use', + status: 'Draft', + }, + { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, + { + id: 'CWE-565', + name: 'Reliance on Cookies without Validation and Integrity Checking', + status: 'Incomplete', + }, + { + id: 'CWE-566', + name: 'Authorization Bypass Through User-Controlled SQL Primary Key', + status: 'Incomplete', + }, + { + id: 'CWE-567', + name: 'Unsynchronized Access to Shared Data in a Multithreaded Context', + status: 'Draft', + }, + { + id: 'CWE-568', + name: 'finalize() Method Without super.finalize()', + status: 'Draft', + }, + { + id: 'CWE-57', + name: "Path Equivalence: 'fakedir/../realdir/filename'", + status: 'Incomplete', + }, + { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, + { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, + { + id: 'CWE-572', + name: 'Call to Thread run() instead of start()', + status: 'Draft', + }, + { + id: 'CWE-573', + name: 'Improper Following of Specification by Caller', + status: 'Draft', + }, + { + id: 'CWE-574', + name: 'EJB Bad Practices: Use of Synchronization Primitives', + status: 'Draft', + }, + { + id: 'CWE-575', + name: 'EJB Bad Practices: Use of AWT Swing', + status: 'Draft', + }, + { + id: 'CWE-576', + name: 'EJB Bad Practices: Use of Java I/O', + status: 'Draft', + }, + { + id: 'CWE-577', + name: 'EJB Bad Practices: Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-578', + name: 'EJB Bad Practices: Use of Class Loader', + status: 'Draft', + }, + { + id: 'CWE-579', + name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', + status: 'Draft', + }, + { + id: 'CWE-58', + name: 'Path Equivalence: Windows 8.3 Filename', + status: 'Incomplete', + }, + { + id: 'CWE-580', + name: 'clone() Method Without super.clone()', + status: 'Draft', + }, + { + id: 'CWE-581', + name: 'Object Model Violation: Just One of Equals and Hashcode Defined', + status: 'Draft', + }, + { + id: 'CWE-582', + name: 'Array Declared Public, Final, and Static', + status: 'Draft', + }, + { + id: 'CWE-583', + name: 'finalize() Method Declared Public', + status: 'Incomplete', + }, + { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, + { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, + { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, + { + id: 'CWE-587', + name: 'Assignment of a Fixed Address to a Pointer', + status: 'Draft', + }, + { + id: 'CWE-588', + name: 'Attempt to Access Child of a Non-structure Pointer', + status: 'Incomplete', + }, + { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, + { + id: 'CWE-59', + name: "Improper Link Resolution Before File Access ('Link Following')", + status: 'Draft', + }, + { + id: 'CWE-590', + name: 'Free of Memory not on the Heap', + status: 'Incomplete', + }, + { + id: 'CWE-591', + name: 'Sensitive Data Storage in Improperly Locked Memory', + status: 'Draft', + }, + { + id: 'CWE-592', + name: 'DEPRECATED: Authentication Bypass Issues', + status: 'Deprecated', + }, + { + id: 'CWE-593', + name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', + status: 'Draft', + }, + { + id: 'CWE-594', + name: 'J2EE Framework: Saving Unserializable Objects to Disk', + status: 'Incomplete', + }, + { + id: 'CWE-595', + name: 'Comparison of Object References Instead of Object Contents', + status: 'Incomplete', + }, + { + id: 'CWE-596', + name: 'DEPRECATED: Incorrect Semantic Object Comparison', + status: 'Deprecated', + }, + { + id: 'CWE-597', + name: 'Use of Wrong Operator in String Comparison', + status: 'Draft', + }, + { + id: 'CWE-598', + name: 'Information Exposure Through Query Strings in GET Request', + status: 'Draft', + }, + { + id: 'CWE-599', + name: 'Missing Validation of OpenSSL Certificate', + status: 'Incomplete', + }, + { + id: 'CWE-6', + name: 'J2EE Misconfiguration: Insufficient Session-ID Length', + status: 'Incomplete', + }, + { id: 'CWE-600', name: 'Uncaught Exception in Servlet ', status: 'Draft' }, + { + id: 'CWE-601', + name: "URL Redirection to Untrusted Site ('Open Redirect')", + status: 'Draft', + }, + { + id: 'CWE-602', + name: 'Client-Side Enforcement of Server-Side Security', + status: 'Draft', + }, + { + id: 'CWE-603', + name: 'Use of Client-Side Authentication', + status: 'Draft', + }, + { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, + { + id: 'CWE-606', + name: 'Unchecked Input for Loop Condition', + status: 'Draft', + }, + { + id: 'CWE-607', + name: 'Public Static Final Field References Mutable Object', + status: 'Draft', + }, + { + id: 'CWE-608', + name: 'Struts: Non-private Field in ActionForm Class', + status: 'Draft', + }, + { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, + { + id: 'CWE-61', + name: 'UNIX Symbolic Link (Symlink) Following', + status: 'Incomplete', + }, + { + id: 'CWE-610', + name: 'Externally Controlled Reference to a Resource in Another Sphere', + status: 'Draft', + }, + { + id: 'CWE-611', + name: 'Improper Restriction of XML External Entity Reference', + status: 'Draft', + }, + { + id: 'CWE-612', + name: 'Information Exposure Through Indexing of Private Data', + status: 'Draft', + }, + { + id: 'CWE-613', + name: 'Insufficient Session Expiration', + status: 'Incomplete', + }, + { + id: 'CWE-614', + name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", + status: 'Draft', + }, + { + id: 'CWE-615', + name: 'Information Exposure Through Comments', + status: 'Incomplete', + }, + { + id: 'CWE-616', + name: 'Incomplete Identification of Uploaded File Variables (PHP)', + status: 'Incomplete', + }, + { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, + { + id: 'CWE-618', + name: 'Exposed Unsafe ActiveX Method', + status: 'Incomplete', + }, + { + id: 'CWE-619', + name: "Dangling Database Cursor ('Cursor Injection')", + status: 'Incomplete', + }, + { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, + { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, + { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, + { + id: 'CWE-622', + name: 'Improper Validation of Function Hook Arguments', + status: 'Draft', + }, + { + id: 'CWE-623', + name: 'Unsafe ActiveX Control Marked Safe For Scripting', + status: 'Draft', + }, + { + id: 'CWE-624', + name: 'Executable Regular Expression Error', + status: 'Incomplete', + }, + { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, + { + id: 'CWE-626', + name: 'Null Byte Interaction Error (Poison Null Byte)', + status: 'Draft', + }, + { + id: 'CWE-627', + name: 'Dynamic Variable Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-628', + name: 'Function Call with Incorrectly Specified Arguments', + status: 'Draft', + }, + { + id: 'CWE-636', + name: "Not Failing Securely ('Failing Open')", + status: 'Draft', + }, + { + id: 'CWE-637', + name: "Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')", + status: 'Draft', + }, + { id: 'CWE-638', name: 'Not Using Complete Mediation', status: 'Draft' }, + { + id: 'CWE-639', + name: 'Authorization Bypass Through User-Controlled Key', + status: 'Incomplete', + }, + { + id: 'CWE-64', + name: 'Windows Shortcut Following (.LNK)', + status: 'Incomplete', + }, + { + id: 'CWE-640', + name: 'Weak Password Recovery Mechanism for Forgotten Password', + status: 'Incomplete', + }, + { + id: 'CWE-641', + name: 'Improper Restriction of Names for Files and Other Resources', + status: 'Incomplete', + }, + { + id: 'CWE-642', + name: 'External Control of Critical State Data', + status: 'Draft', + }, + { + id: 'CWE-643', + name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-644', + name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', + status: 'Incomplete', + }, + { + id: 'CWE-645', + name: 'Overly Restrictive Account Lockout Mechanism', + status: 'Incomplete', + }, + { + id: 'CWE-646', + name: 'Reliance on File Name or Extension of Externally-Supplied File', + status: 'Incomplete', + }, + { + id: 'CWE-647', + name: 'Use of Non-Canonical URL Paths for Authorization Decisions', + status: 'Incomplete', + }, + { + id: 'CWE-648', + name: 'Incorrect Use of Privileged APIs', + status: 'Incomplete', + }, + { + id: 'CWE-649', + name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', + status: 'Incomplete', + }, + { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, + { + id: 'CWE-650', + name: 'Trusting HTTP Permission Methods on the Server Side', + status: 'Incomplete', + }, + { + id: 'CWE-651', + name: 'Information Exposure Through WSDL File', + status: 'Incomplete', + }, + { + id: 'CWE-652', + name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-653', + name: 'Insufficient Compartmentalization', + status: 'Draft', + }, + { + id: 'CWE-654', + name: 'Reliance on a Single Factor in a Security Decision', + status: 'Draft', + }, + { + id: 'CWE-655', + name: 'Insufficient Psychological Acceptability', + status: 'Draft', + }, + { + id: 'CWE-656', + name: 'Reliance on Security Through Obscurity', + status: 'Draft', + }, + { + id: 'CWE-657', + name: 'Violation of Secure Design Principles', + status: 'Draft', + }, + { + id: 'CWE-66', + name: 'Improper Handling of File Names that Identify Virtual Resources', + status: 'Draft', + }, + { id: 'CWE-662', name: 'Improper Synchronization', status: 'Draft' }, + { + id: 'CWE-663', + name: 'Use of a Non-reentrant Function in a Concurrent Context', + status: 'Draft', + }, + { + id: 'CWE-664', + name: 'Improper Control of a Resource Through its Lifetime', + status: 'Draft', + }, + { id: 'CWE-665', name: 'Improper Initialization', status: 'Draft' }, + { + id: 'CWE-666', + name: 'Operation on Resource in Wrong Phase of Lifetime', + status: 'Draft', + }, + { id: 'CWE-667', name: 'Improper Locking', status: 'Draft' }, + { + id: 'CWE-668', + name: 'Exposure of Resource to Wrong Sphere', + status: 'Draft', + }, + { + id: 'CWE-669', + name: 'Incorrect Resource Transfer Between Spheres', + status: 'Draft', + }, + { + id: 'CWE-67', + name: 'Improper Handling of Windows Device Names', + status: 'Incomplete', + }, + { + id: 'CWE-670', + name: 'Always-Incorrect Control Flow Implementation', + status: 'Draft', + }, + { + id: 'CWE-671', + name: 'Lack of Administrator Control over Security', + status: 'Draft', + }, + { + id: 'CWE-672', + name: 'Operation on a Resource after Expiration or Release', + status: 'Draft', + }, + { + id: 'CWE-673', + name: 'External Influence of Sphere Definition', + status: 'Draft', + }, + { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, + { + id: 'CWE-675', + name: 'Duplicate Operations on Resource', + status: 'Draft', + }, + { + id: 'CWE-676', + name: 'Use of Potentially Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-680', + name: 'Integer Overflow to Buffer Overflow', + status: 'Draft', + }, + { + id: 'CWE-681', + name: 'Incorrect Conversion between Numeric Types', + status: 'Draft', + }, + { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, + { + id: 'CWE-683', + name: 'Function Call With Incorrect Order of Arguments', + status: 'Draft', + }, + { + id: 'CWE-684', + name: 'Incorrect Provision of Specified Functionality', + status: 'Draft', + }, + { + id: 'CWE-685', + name: 'Function Call With Incorrect Number of Arguments', + status: 'Draft', + }, + { + id: 'CWE-686', + name: 'Function Call With Incorrect Argument Type', + status: 'Draft', + }, + { + id: 'CWE-687', + name: 'Function Call With Incorrectly Specified Argument Value', + status: 'Draft', + }, + { + id: 'CWE-688', + name: 'Function Call With Incorrect Variable or Reference as Argument', + status: 'Draft', + }, + { + id: 'CWE-689', + name: 'Permission Race Condition During Resource Copy', + status: 'Draft', + }, + { + id: 'CWE-69', + name: 'Improper Handling of Windows ::DATA Alternate Data Stream', + status: 'Incomplete', + }, + { + id: 'CWE-690', + name: 'Unchecked Return Value to NULL Pointer Dereference', + status: 'Draft', + }, + { + id: 'CWE-691', + name: 'Insufficient Control Flow Management', + status: 'Draft', + }, + { + id: 'CWE-692', + name: 'Incomplete Blacklist to Cross-Site Scripting', + status: 'Draft', + }, + { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, + { + id: 'CWE-694', + name: 'Use of Multiple Resources with Duplicate Identifier', + status: 'Incomplete', + }, + { + id: 'CWE-695', + name: 'Use of Low-Level Functionality', + status: 'Incomplete', + }, + { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, + { id: 'CWE-697', name: 'Incorrect Comparison', status: 'Incomplete' }, + { + id: 'CWE-698', + name: 'Execution After Redirect (EAR)', + status: 'Incomplete', + }, + { + id: 'CWE-7', + name: 'J2EE Misconfiguration: Missing Custom Error Page', + status: 'Incomplete', + }, + { + id: 'CWE-703', + name: 'Improper Check or Handling of Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-704', + name: 'Incorrect Type Conversion or Cast', + status: 'Incomplete', + }, + { + id: 'CWE-705', + name: 'Incorrect Control Flow Scoping', + status: 'Incomplete', + }, + { + id: 'CWE-706', + name: 'Use of Incorrectly-Resolved Name or Reference', + status: 'Incomplete', + }, + { + id: 'CWE-707', + name: 'Improper Enforcement of Message or Data Structure', + status: 'Incomplete', + }, + { + id: 'CWE-708', + name: 'Incorrect Ownership Assignment', + status: 'Incomplete', + }, + { + id: 'CWE-71', + name: "DEPRECATED: Apple '.DS_Store'", + status: 'Deprecated', + }, + { + id: 'CWE-710', + name: 'Improper Adherence to Coding Standards', + status: 'Incomplete', + }, + { + id: 'CWE-72', + name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', + status: 'Incomplete', + }, + { + id: 'CWE-73', + name: 'External Control of File Name or Path', + status: 'Draft', + }, + { + id: 'CWE-732', + name: 'Incorrect Permission Assignment for Critical Resource', + status: 'Draft', + }, + { + id: 'CWE-733', + name: 'Compiler Optimization Removal or Modification of Security-critical Code', + status: 'Incomplete', + }, + { + id: 'CWE-74', + name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-749', + name: 'Exposed Dangerous Method or Function', + status: 'Incomplete', + }, + { + id: 'CWE-75', + name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', + status: 'Draft', + }, + { + id: 'CWE-754', + name: 'Improper Check for Unusual or Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-755', + name: 'Improper Handling of Exceptional Conditions', + status: 'Incomplete', + }, + { id: 'CWE-756', name: 'Missing Custom Error Page', status: 'Incomplete' }, + { + id: 'CWE-757', + name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", + status: 'Incomplete', + }, + { + id: 'CWE-758', + name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', + status: 'Incomplete', + }, + { + id: 'CWE-759', + name: 'Use of a One-Way Hash without a Salt', + status: 'Incomplete', + }, + { + id: 'CWE-76', + name: 'Improper Neutralization of Equivalent Special Elements', + status: 'Draft', + }, + { + id: 'CWE-760', + name: 'Use of a One-Way Hash with a Predictable Salt', + status: 'Incomplete', + }, + { + id: 'CWE-761', + name: 'Free of Pointer not at Start of Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-762', + name: 'Mismatched Memory Management Routines', + status: 'Incomplete', + }, + { + id: 'CWE-763', + name: 'Release of Invalid Pointer or Reference', + status: 'Incomplete', + }, + { + id: 'CWE-764', + name: 'Multiple Locks of a Critical Resource', + status: 'Incomplete', + }, + { + id: 'CWE-765', + name: 'Multiple Unlocks of a Critical Resource', + status: 'Incomplete', + }, + { + id: 'CWE-766', + name: 'Critical Data Element Declared Public', + status: 'Incomplete', + }, + { + id: 'CWE-767', + name: 'Access to Critical Private Variable via Public Method', + status: 'Incomplete', + }, + { + id: 'CWE-768', + name: 'Incorrect Short Circuit Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-769', + name: 'DEPRECATED: Uncontrolled File Descriptor Consumption', + status: 'Deprecated', + }, + { + id: 'CWE-77', + name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", + status: 'Draft', + }, + { + id: 'CWE-770', + name: 'Allocation of Resources Without Limits or Throttling', + status: 'Incomplete', + }, + { + id: 'CWE-771', + name: 'Missing Reference to Active Allocated Resource', + status: 'Incomplete', + }, + { + id: 'CWE-772', + name: 'Missing Release of Resource after Effective Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-773', + name: 'Missing Reference to Active File Descriptor or Handle', + status: 'Incomplete', + }, + { + id: 'CWE-774', + name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', + status: 'Incomplete', + }, + { + id: 'CWE-775', + name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-776', + name: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", + status: 'Draft', + }, + { + id: 'CWE-777', + name: 'Regular Expression without Anchors', + status: 'Incomplete', + }, + { id: 'CWE-778', name: 'Insufficient Logging', status: 'Draft' }, + { id: 'CWE-779', name: 'Logging of Excessive Data', status: 'Draft' }, + { + id: 'CWE-78', + name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", + status: 'Draft', + }, + { + id: 'CWE-780', + name: 'Use of RSA Algorithm without OAEP', + status: 'Incomplete', + }, + { + id: 'CWE-781', + name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', + status: 'Draft', + }, + { + id: 'CWE-782', + name: 'Exposed IOCTL with Insufficient Access Control', + status: 'Draft', + }, + { id: 'CWE-783', name: 'Operator Precedence Logic Error', status: 'Draft' }, + { + id: 'CWE-784', + name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', + status: 'Draft', + }, + { + id: 'CWE-785', + name: 'Use of Path Manipulation Function without Maximum-sized Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-786', + name: 'Access of Memory Location Before Start of Buffer', + status: 'Incomplete', + }, + { id: 'CWE-787', name: 'Out-of-bounds Write', status: 'Incomplete' }, + { + id: 'CWE-788', + name: 'Access of Memory Location After End of Buffer', + status: 'Incomplete', + }, + { id: 'CWE-789', name: 'Uncontrolled Memory Allocation', status: 'Draft' }, + { + id: 'CWE-79', + name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + status: 'Usable', + }, + { + id: 'CWE-790', + name: 'Improper Filtering of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-791', + name: 'Incomplete Filtering of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-792', + name: 'Incomplete Filtering of One or More Instances of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-793', + name: 'Only Filtering One Instance of a Special Element', + status: 'Incomplete', + }, + { + id: 'CWE-794', + name: 'Incomplete Filtering of Multiple Instances of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-795', + name: 'Only Filtering Special Elements at a Specified Location', + status: 'Incomplete', + }, + { + id: 'CWE-796', + name: 'Only Filtering Special Elements Relative to a Marker', + status: 'Incomplete', + }, + { + id: 'CWE-797', + name: 'Only Filtering Special Elements at an Absolute Position', + status: 'Incomplete', + }, + { + id: 'CWE-798', + name: 'Use of Hard-coded Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-799', + name: 'Improper Control of Interaction Frequency', + status: 'Incomplete', + }, + { + id: 'CWE-8', + name: 'J2EE Misconfiguration: Entity Bean Declared Remote', + status: 'Incomplete', + }, + { + id: 'CWE-80', + name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', + status: 'Incomplete', + }, + { id: 'CWE-804', name: 'Guessable CAPTCHA', status: 'Incomplete' }, + { + id: 'CWE-805', + name: 'Buffer Access with Incorrect Length Value', + status: 'Incomplete', + }, + { + id: 'CWE-806', + name: 'Buffer Access Using Size of Source Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-807', + name: 'Reliance on Untrusted Inputs in a Security Decision', + status: 'Incomplete', + }, + { + id: 'CWE-81', + name: 'Improper Neutralization of Script in an Error Message Web Page', + status: 'Incomplete', + }, + { + id: 'CWE-82', + name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', + status: 'Incomplete', + }, + { id: 'CWE-820', name: 'Missing Synchronization', status: 'Incomplete' }, + { id: 'CWE-821', name: 'Incorrect Synchronization', status: 'Incomplete' }, + { + id: 'CWE-822', + name: 'Untrusted Pointer Dereference', + status: 'Incomplete', + }, + { + id: 'CWE-823', + name: 'Use of Out-of-range Pointer Offset', + status: 'Incomplete', + }, + { + id: 'CWE-824', + name: 'Access of Uninitialized Pointer', + status: 'Incomplete', + }, + { + id: 'CWE-825', + name: 'Expired Pointer Dereference', + status: 'Incomplete', + }, + { + id: 'CWE-826', + name: 'Premature Release of Resource During Expected Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-827', + name: 'Improper Control of Document Type Definition', + status: 'Incomplete', + }, + { + id: 'CWE-828', + name: 'Signal Handler with Functionality that is not Asynchronous-Safe', + status: 'Incomplete', + }, + { + id: 'CWE-829', + name: 'Inclusion of Functionality from Untrusted Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-83', + name: 'Improper Neutralization of Script in Attributes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-830', + name: 'Inclusion of Web Functionality from an Untrusted Source', + status: 'Incomplete', + }, + { + id: 'CWE-831', + name: 'Signal Handler Function Associated with Multiple Signals', + status: 'Incomplete', + }, + { + id: 'CWE-832', + name: 'Unlock of a Resource that is not Locked', + status: 'Incomplete', + }, + { id: 'CWE-833', name: 'Deadlock', status: 'Incomplete' }, + { id: 'CWE-834', name: 'Excessive Iteration', status: 'Incomplete' }, + { + id: 'CWE-835', + name: "Loop with Unreachable Exit Condition ('Infinite Loop')", + status: 'Incomplete', + }, + { + id: 'CWE-836', + name: 'Use of Password Hash Instead of Password for Authentication', + status: 'Incomplete', + }, + { + id: 'CWE-837', + name: 'Improper Enforcement of a Single, Unique Action', + status: 'Incomplete', + }, + { + id: 'CWE-838', + name: 'Inappropriate Encoding for Output Context', + status: 'Incomplete', + }, + { + id: 'CWE-839', + name: 'Numeric Range Comparison Without Minimum Check', + status: 'Incomplete', + }, + { + id: 'CWE-84', + name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-841', + name: 'Improper Enforcement of Behavioral Workflow', + status: 'Incomplete', + }, + { + id: 'CWE-842', + name: 'Placement of User into Incorrect Group', + status: 'Incomplete', + }, + { + id: 'CWE-843', + name: "Access of Resource Using Incompatible Type ('Type Confusion')", + status: 'Incomplete', + }, + { + id: 'CWE-85', + name: 'Doubled Character XSS Manipulations', + status: 'Draft', + }, + { + id: 'CWE-86', + name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', + status: 'Draft', + }, + { id: 'CWE-862', name: 'Missing Authorization', status: 'Incomplete' }, + { id: 'CWE-863', name: 'Incorrect Authorization', status: 'Incomplete' }, + { + id: 'CWE-87', + name: 'Improper Neutralization of Alternate XSS Syntax', + status: 'Draft', + }, + { + id: 'CWE-88', + name: 'Argument Injection or Modification', + status: 'Draft', + }, + { + id: 'CWE-89', + name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + status: 'Draft', + }, + { + id: 'CWE-9', + name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', + status: 'Draft', + }, + { + id: 'CWE-90', + name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", + status: 'Draft', + }, + { + id: 'CWE-908', + name: 'Use of Uninitialized Resource', + status: 'Incomplete', + }, + { + id: 'CWE-909', + name: 'Missing Initialization of Resource', + status: 'Incomplete', + }, + { + id: 'CWE-91', + name: 'XML Injection (aka Blind XPath Injection)', + status: 'Draft', + }, + { + id: 'CWE-910', + name: 'Use of Expired File Descriptor', + status: 'Incomplete', + }, + { + id: 'CWE-911', + name: 'Improper Update of Reference Count', + status: 'Incomplete', + }, + { id: 'CWE-912', name: 'Hidden Functionality', status: 'Incomplete' }, + { + id: 'CWE-913', + name: 'Improper Control of Dynamically-Managed Code Resources', + status: 'Incomplete', + }, + { + id: 'CWE-914', + name: 'Improper Control of Dynamically-Identified Variables', + status: 'Incomplete', + }, + { + id: 'CWE-915', + name: 'Improperly Controlled Modification of Dynamically-Determined Object Attributes', + status: 'Incomplete', + }, + { + id: 'CWE-916', + name: 'Use of Password Hash With Insufficient Computational Effort', + status: 'Incomplete', + }, + { + id: 'CWE-917', + name: "Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-918', + name: 'Server-Side Request Forgery (SSRF)', + status: 'Incomplete', + }, + { + id: 'CWE-92', + name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', + status: 'Deprecated', + }, + { + id: 'CWE-920', + name: 'Improper Restriction of Power Consumption', + status: 'Incomplete', + }, + { + id: 'CWE-921', + name: 'Storage of Sensitive Data in a Mechanism without Access Control', + status: 'Incomplete', + }, + { + id: 'CWE-922', + name: 'Insecure Storage of Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-923', + name: 'Improper Restriction of Communication Channel to Intended Endpoints', + status: 'Incomplete', + }, + { + id: 'CWE-924', + name: 'Improper Enforcement of Message Integrity During Transmission in a Communication Channel', + status: 'Incomplete', + }, + { + id: 'CWE-925', + name: 'Improper Verification of Intent by Broadcast Receiver', + status: 'Incomplete', + }, + { + id: 'CWE-926', + name: 'Improper Export of Android Application Components', + status: 'Incomplete', + }, + { + id: 'CWE-927', + name: 'Use of Implicit Intent for Sensitive Communication', + status: 'Incomplete', + }, + { + id: 'CWE-93', + name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", + status: 'Draft', + }, + { + id: 'CWE-939', + name: 'Improper Authorization in Handler for Custom URL Scheme', + status: 'Incomplete', + }, + { + id: 'CWE-94', + name: "Improper Control of Generation of Code ('Code Injection')", + status: 'Draft', + }, + { + id: 'CWE-940', + name: 'Improper Verification of Source of a Communication Channel', + status: 'Incomplete', + }, + { + id: 'CWE-941', + name: 'Incorrectly Specified Destination in a Communication Channel', + status: 'Incomplete', + }, + { + id: 'CWE-942', + name: 'Overly Permissive Cross-domain Whitelist', + status: 'Incomplete', + }, + { + id: 'CWE-943', + name: 'Improper Neutralization of Special Elements in Data Query Logic', + status: 'Incomplete', + }, + { + id: 'CWE-95', + name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-96', + name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", + status: 'Draft', + }, + { + id: 'CWE-97', + name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', + status: 'Draft', + }, + { + id: 'CWE-98', + name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", + status: 'Draft', + }, + { + id: 'CWE-99', + name: "Improper Control of Resource Identifiers ('Resource Injection')", + status: 'Draft', + }, + ], +} diff --git a/lib/cwec/3.4.1.js b/lib/cwec/3.4.1.js new file mode 100644 index 00000000..2d2ef91c --- /dev/null +++ b/lib/cwec/3.4.1.js @@ -0,0 +1,3522 @@ +export default { + date: '2019-09-23', + weaknesses: [ + { + id: 'CWE-1004', + name: "Sensitive Cookie Without 'HttpOnly' Flag", + status: 'Incomplete', + }, + { + id: 'CWE-1007', + name: 'Insufficient Visual Distinction of Homoglyphs Presented to User', + status: 'Incomplete', + }, + { + id: 'CWE-102', + name: 'Struts: Duplicate Validation Forms', + status: 'Incomplete', + }, + { + id: 'CWE-1021', + name: 'Improper Restriction of Rendered UI Layers or Frames', + status: 'Incomplete', + }, + { + id: 'CWE-1022', + name: 'Use of Web Link to Untrusted Target with window.opener Access', + status: 'Incomplete', + }, + { + id: 'CWE-1023', + name: 'Incomplete Comparison with Missing Factors', + status: 'Incomplete', + }, + { + id: 'CWE-1024', + name: 'Comparison of Incompatible Types', + status: 'Incomplete', + }, + { + id: 'CWE-1025', + name: 'Comparison Using Wrong Factors', + status: 'Incomplete', + }, + { + id: 'CWE-103', + name: 'Struts: Incomplete validate() Method Definition', + status: 'Draft', + }, + { + id: 'CWE-1037', + name: 'Processor Optimization Removal or Modification of Security-critical Code', + status: 'Incomplete', + }, + { + id: 'CWE-1038', + name: 'Insecure Automated Optimizations', + status: 'Draft', + }, + { + id: 'CWE-1039', + name: 'Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations', + status: 'Incomplete', + }, + { + id: 'CWE-104', + name: 'Struts: Form Bean Does Not Extend Validation Class', + status: 'Draft', + }, + { id: 'CWE-1041', name: 'Use of Redundant Code', status: 'Incomplete' }, + { + id: 'CWE-1042', + name: 'Static Member Data Element outside of a Singleton Class Element', + status: 'Incomplete', + }, + { + id: 'CWE-1043', + name: 'Data Element Aggregating an Excessively Large Number of Non-Primitive Elements', + status: 'Incomplete', + }, + { + id: 'CWE-1044', + name: 'Architecture with Number of Horizontal Layers Outside of Expected Range', + status: 'Incomplete', + }, + { + id: 'CWE-1045', + name: 'Parent Class with a Virtual Destructor and a Child Class without a Virtual Destructor', + status: 'Incomplete', + }, + { + id: 'CWE-1046', + name: 'Creation of Immutable Text Using String Concatenation', + status: 'Incomplete', + }, + { + id: 'CWE-1047', + name: 'Modules with Circular Dependencies', + status: 'Incomplete', + }, + { + id: 'CWE-1048', + name: 'Invokable Control Element with Large Number of Outward Calls', + status: 'Incomplete', + }, + { + id: 'CWE-1049', + name: 'Excessive Data Query Operations in a Large Data Table', + status: 'Incomplete', + }, + { + id: 'CWE-105', + name: 'Struts: Form Field Without Validator', + status: 'Draft', + }, + { + id: 'CWE-1050', + name: 'Excessive Platform Resource Consumption within a Loop', + status: 'Incomplete', + }, + { + id: 'CWE-1051', + name: 'Initialization with Hard-Coded Network Resource Configuration Data', + status: 'Incomplete', + }, + { + id: 'CWE-1052', + name: 'Excessive Use of Hard-Coded Literals in Initialization', + status: 'Incomplete', + }, + { + id: 'CWE-1053', + name: 'Missing Documentation for Design', + status: 'Incomplete', + }, + { + id: 'CWE-1054', + name: 'Invocation of a Control Element at an Unnecessarily Deep Horizontal Layer', + status: 'Incomplete', + }, + { + id: 'CWE-1055', + name: 'Multiple Inheritance from Concrete Classes', + status: 'Incomplete', + }, + { + id: 'CWE-1056', + name: 'Invokable Control Element with Variadic Parameters', + status: 'Incomplete', + }, + { + id: 'CWE-1057', + name: 'Data Access Operations Outside of Expected Data Manager Component', + status: 'Incomplete', + }, + { + id: 'CWE-1058', + name: 'Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element', + status: 'Incomplete', + }, + { id: 'CWE-1059', name: 'Incomplete Documentation', status: 'Incomplete' }, + { + id: 'CWE-106', + name: 'Struts: Plug-in Framework not in Use', + status: 'Draft', + }, + { + id: 'CWE-1060', + name: 'Excessive Number of Inefficient Server-Side Data Accesses', + status: 'Incomplete', + }, + { + id: 'CWE-1061', + name: 'Insufficient Encapsulation', + status: 'Incomplete', + }, + { + id: 'CWE-1062', + name: 'Parent Class with References to Child Class', + status: 'Incomplete', + }, + { + id: 'CWE-1063', + name: 'Creation of Class Instance within a Static Code Block', + status: 'Incomplete', + }, + { + id: 'CWE-1064', + name: 'Invokable Control Element with Signature Containing an Excessive Number of Parameters', + status: 'Incomplete', + }, + { + id: 'CWE-1065', + name: 'Runtime Resource Management Control Element in a Component Built to Run on Application Servers', + status: 'Incomplete', + }, + { + id: 'CWE-1066', + name: 'Missing Serialization Control Element', + status: 'Incomplete', + }, + { + id: 'CWE-1067', + name: 'Excessive Execution of Sequential Searches of Data Resource', + status: 'Incomplete', + }, + { + id: 'CWE-1068', + name: 'Inconsistency Between Implementation and Documented Design', + status: 'Incomplete', + }, + { id: 'CWE-1069', name: 'Empty Exception Block', status: 'Incomplete' }, + { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, + { + id: 'CWE-1070', + name: 'Serializable Data Element Containing non-Serializable Item Elements', + status: 'Incomplete', + }, + { id: 'CWE-1071', name: 'Empty Code Block', status: 'Incomplete' }, + { + id: 'CWE-1072', + name: 'Data Resource Access without Use of Connection Pooling', + status: 'Incomplete', + }, + { + id: 'CWE-1073', + name: 'Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses', + status: 'Incomplete', + }, + { + id: 'CWE-1074', + name: 'Class with Excessively Deep Inheritance', + status: 'Incomplete', + }, + { + id: 'CWE-1075', + name: 'Unconditional Control Flow Transfer outside of Switch Block', + status: 'Incomplete', + }, + { + id: 'CWE-1076', + name: 'Insufficient Adherence to Expected Conventions', + status: 'Incomplete', + }, + { + id: 'CWE-1077', + name: 'Floating Point Comparison with Incorrect Operator', + status: 'Incomplete', + }, + { + id: 'CWE-1078', + name: 'Inappropriate Source Code Style or Formatting', + status: 'Incomplete', + }, + { + id: 'CWE-1079', + name: 'Parent Class without Virtual Destructor Method', + status: 'Incomplete', + }, + { + id: 'CWE-108', + name: 'Struts: Unvalidated Action Form', + status: 'Incomplete', + }, + { + id: 'CWE-1080', + name: 'Source Code File with Excessive Number of Lines of Code', + status: 'Incomplete', + }, + { + id: 'CWE-1082', + name: 'Class Instance Self Destruction Control Element', + status: 'Incomplete', + }, + { + id: 'CWE-1083', + name: 'Data Access from Outside Expected Data Manager Component', + status: 'Incomplete', + }, + { + id: 'CWE-1084', + name: 'Invokable Control Element with Excessive File or Data Access Operations', + status: 'Incomplete', + }, + { + id: 'CWE-1085', + name: 'Invokable Control Element with Excessive Volume of Commented-out Code', + status: 'Incomplete', + }, + { + id: 'CWE-1086', + name: 'Class with Excessive Number of Child Classes', + status: 'Incomplete', + }, + { + id: 'CWE-1087', + name: 'Class with Virtual Method without a Virtual Destructor', + status: 'Incomplete', + }, + { + id: 'CWE-1088', + name: 'Synchronous Access of Remote Resource without Timeout', + status: 'Incomplete', + }, + { + id: 'CWE-1089', + name: 'Large Data Table with Excessive Number of Indices', + status: 'Incomplete', + }, + { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, + { + id: 'CWE-1090', + name: 'Method Containing Access of a Member Element from Another Class', + status: 'Incomplete', + }, + { + id: 'CWE-1091', + name: 'Use of Object without Invoking Destructor Method', + status: 'Incomplete', + }, + { + id: 'CWE-1092', + name: 'Use of Same Invokable Control Element in Multiple Architectural Layers', + status: 'Incomplete', + }, + { + id: 'CWE-1093', + name: 'Excessively Complex Data Representation', + status: 'Incomplete', + }, + { + id: 'CWE-1094', + name: 'Excessive Index Range Scan for a Data Resource', + status: 'Incomplete', + }, + { + id: 'CWE-1095', + name: 'Loop Condition Value Update within the Loop', + status: 'Incomplete', + }, + { + id: 'CWE-1096', + name: 'Singleton Class Instance Creation without Proper Locking or Synchronization', + status: 'Incomplete', + }, + { + id: 'CWE-1097', + name: 'Persistent Storable Data Element without Associated Comparison Control Element', + status: 'Incomplete', + }, + { + id: 'CWE-1098', + name: 'Data Element containing Pointer Item without Proper Copy Control Element', + status: 'Incomplete', + }, + { + id: 'CWE-1099', + name: 'Inconsistent Naming Conventions for Identifiers', + status: 'Incomplete', + }, + { + id: 'CWE-11', + name: 'ASP.NET Misconfiguration: Creating Debug Binary', + status: 'Draft', + }, + { + id: 'CWE-110', + name: 'Struts: Validator Without Form Field', + status: 'Draft', + }, + { + id: 'CWE-1100', + name: 'Insufficient Isolation of System-Dependent Functions', + status: 'Incomplete', + }, + { + id: 'CWE-1101', + name: 'Reliance on Runtime Component in Generated Code', + status: 'Incomplete', + }, + { + id: 'CWE-1102', + name: 'Reliance on Machine-Dependent Data Representation', + status: 'Incomplete', + }, + { + id: 'CWE-1103', + name: 'Use of Platform-Dependent Third Party Components', + status: 'Incomplete', + }, + { + id: 'CWE-1104', + name: 'Use of Unmaintained Third Party Components', + status: 'Incomplete', + }, + { + id: 'CWE-1105', + name: 'Insufficient Encapsulation of Machine-Dependent Functionality', + status: 'Incomplete', + }, + { + id: 'CWE-1106', + name: 'Insufficient Use of Symbolic Constants', + status: 'Incomplete', + }, + { + id: 'CWE-1107', + name: 'Insufficient Isolation of Symbolic Constant Definitions', + status: 'Incomplete', + }, + { + id: 'CWE-1108', + name: 'Excessive Reliance on Global Variables', + status: 'Incomplete', + }, + { + id: 'CWE-1109', + name: 'Use of Same Variable for Multiple Purposes', + status: 'Incomplete', + }, + { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, + { + id: 'CWE-1110', + name: 'Incomplete Design Documentation', + status: 'Incomplete', + }, + { + id: 'CWE-1111', + name: 'Incomplete I/O Documentation', + status: 'Incomplete', + }, + { + id: 'CWE-1112', + name: 'Incomplete Documentation of Program Execution', + status: 'Incomplete', + }, + { + id: 'CWE-1113', + name: 'Inappropriate Comment Style', + status: 'Incomplete', + }, + { + id: 'CWE-1114', + name: 'Inappropriate Whitespace Style', + status: 'Incomplete', + }, + { + id: 'CWE-1115', + name: 'Source Code Element without Standard Prologue', + status: 'Incomplete', + }, + { id: 'CWE-1116', name: 'Inaccurate Comments', status: 'Incomplete' }, + { + id: 'CWE-1117', + name: 'Callable with Insufficient Behavioral Summary', + status: 'Incomplete', + }, + { + id: 'CWE-1118', + name: 'Insufficient Documentation of Error Handling Techniques', + status: 'Incomplete', + }, + { + id: 'CWE-1119', + name: 'Excessive Use of Unconditional Branching', + status: 'Incomplete', + }, + { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, + { id: 'CWE-1120', name: 'Excessive Code Complexity', status: 'Incomplete' }, + { + id: 'CWE-1121', + name: 'Excessive McCabe Cyclomatic Complexity', + status: 'Incomplete', + }, + { + id: 'CWE-1122', + name: 'Excessive Halstead Complexity', + status: 'Incomplete', + }, + { + id: 'CWE-1123', + name: 'Excessive Use of Self-Modifying Code', + status: 'Incomplete', + }, + { id: 'CWE-1124', name: 'Excessively Deep Nesting', status: 'Incomplete' }, + { id: 'CWE-1125', name: 'Excessive Attack Surface', status: 'Incomplete' }, + { + id: 'CWE-1126', + name: 'Declaration of Variable with Unnecessarily Wide Scope', + status: 'Incomplete', + }, + { + id: 'CWE-1127', + name: 'Compilation with Insufficient Warnings or Errors', + status: 'Incomplete', + }, + { + id: 'CWE-113', + name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')", + status: 'Incomplete', + }, + { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, + { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, + { + id: 'CWE-116', + name: 'Improper Encoding or Escaping of Output', + status: 'Draft', + }, + { id: 'CWE-1164', name: 'Irrelevant Code', status: 'Incomplete' }, + { + id: 'CWE-117', + name: 'Improper Output Neutralization for Logs', + status: 'Draft', + }, + { + id: 'CWE-1173', + name: 'Improper Use of Validation Framework', + status: 'Draft', + }, + { + id: 'CWE-1174', + name: 'ASP.NET Misconfiguration: Improper Model Validation', + status: 'Draft', + }, + { + id: 'CWE-1176', + name: 'Inefficient CPU Computation', + status: 'Incomplete', + }, + { id: 'CWE-1177', name: 'Use of Prohibited Code', status: 'Incomplete' }, + { + id: 'CWE-118', + name: "Incorrect Access of Indexable Resource ('Range Error')", + status: 'Incomplete', + }, + { + id: 'CWE-1187', + name: 'Use of Uninitialized Resource', + status: 'Incomplete', + }, + { + id: 'CWE-1188', + name: 'Insecure Default Initialization of Resource', + status: 'Incomplete', + }, + { + id: 'CWE-119', + name: 'Improper Restriction of Operations within the Bounds of a Memory Buffer', + status: 'Stable', + }, + { + id: 'CWE-12', + name: 'ASP.NET Misconfiguration: Missing Custom Error Page', + status: 'Draft', + }, + { + id: 'CWE-120', + name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", + status: 'Incomplete', + }, + { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, + { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, + { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, + { + id: 'CWE-124', + name: "Buffer Underwrite ('Buffer Underflow')", + status: 'Incomplete', + }, + { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, + { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, + { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, + { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, + { + id: 'CWE-129', + name: 'Improper Validation of Array Index', + status: 'Draft', + }, + { + id: 'CWE-13', + name: 'ASP.NET Misconfiguration: Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-130', + name: 'Improper Handling of Length Parameter Inconsistency ', + status: 'Incomplete', + }, + { + id: 'CWE-131', + name: 'Incorrect Calculation of Buffer Size', + status: 'Draft', + }, + { + id: 'CWE-132', + name: 'DEPRECATED (Duplicate): Miscalculated Null Termination', + status: 'Deprecated', + }, + { + id: 'CWE-134', + name: 'Use of Externally-Controlled Format String', + status: 'Draft', + }, + { + id: 'CWE-135', + name: 'Incorrect Calculation of Multi-Byte String Length', + status: 'Draft', + }, + { + id: 'CWE-138', + name: 'Improper Neutralization of Special Elements', + status: 'Draft', + }, + { + id: 'CWE-14', + name: 'Compiler Removal of Code to Clear Buffers', + status: 'Draft', + }, + { + id: 'CWE-140', + name: 'Improper Neutralization of Delimiters', + status: 'Draft', + }, + { + id: 'CWE-141', + name: 'Improper Neutralization of Parameter/Argument Delimiters', + status: 'Draft', + }, + { + id: 'CWE-142', + name: 'Improper Neutralization of Value Delimiters', + status: 'Draft', + }, + { + id: 'CWE-143', + name: 'Improper Neutralization of Record Delimiters', + status: 'Draft', + }, + { + id: 'CWE-144', + name: 'Improper Neutralization of Line Delimiters', + status: 'Draft', + }, + { + id: 'CWE-145', + name: 'Improper Neutralization of Section Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-146', + name: 'Improper Neutralization of Expression/Command Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-147', + name: 'Improper Neutralization of Input Terminators', + status: 'Draft', + }, + { + id: 'CWE-148', + name: 'Improper Neutralization of Input Leaders', + status: 'Draft', + }, + { + id: 'CWE-149', + name: 'Improper Neutralization of Quoting Syntax', + status: 'Draft', + }, + { + id: 'CWE-15', + name: 'External Control of System or Configuration Setting', + status: 'Incomplete', + }, + { + id: 'CWE-150', + name: 'Improper Neutralization of Escape, Meta, or Control Sequences', + status: 'Incomplete', + }, + { + id: 'CWE-151', + name: 'Improper Neutralization of Comment Delimiters', + status: 'Draft', + }, + { + id: 'CWE-152', + name: 'Improper Neutralization of Macro Symbols', + status: 'Draft', + }, + { + id: 'CWE-153', + name: 'Improper Neutralization of Substitution Characters', + status: 'Draft', + }, + { + id: 'CWE-154', + name: 'Improper Neutralization of Variable Name Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-155', + name: 'Improper Neutralization of Wildcards or Matching Symbols', + status: 'Draft', + }, + { + id: 'CWE-156', + name: 'Improper Neutralization of Whitespace', + status: 'Draft', + }, + { + id: 'CWE-157', + name: 'Failure to Sanitize Paired Delimiters', + status: 'Draft', + }, + { + id: 'CWE-158', + name: 'Improper Neutralization of Null Byte or NUL Character', + status: 'Incomplete', + }, + { + id: 'CWE-159', + name: 'Failure to Sanitize Special Element', + status: 'Draft', + }, + { + id: 'CWE-160', + name: 'Improper Neutralization of Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-161', + name: 'Improper Neutralization of Multiple Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-162', + name: 'Improper Neutralization of Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-163', + name: 'Improper Neutralization of Multiple Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-164', + name: 'Improper Neutralization of Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-165', + name: 'Improper Neutralization of Multiple Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-166', + name: 'Improper Handling of Missing Special Element', + status: 'Draft', + }, + { + id: 'CWE-167', + name: 'Improper Handling of Additional Special Element', + status: 'Draft', + }, + { + id: 'CWE-168', + name: 'Improper Handling of Inconsistent Special Elements', + status: 'Draft', + }, + { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, + { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, + { + id: 'CWE-173', + name: 'Improper Handling of Alternate Encoding', + status: 'Draft', + }, + { + id: 'CWE-174', + name: 'Double Decoding of the Same Data', + status: 'Draft', + }, + { + id: 'CWE-175', + name: 'Improper Handling of Mixed Encoding', + status: 'Draft', + }, + { + id: 'CWE-176', + name: 'Improper Handling of Unicode Encoding', + status: 'Draft', + }, + { + id: 'CWE-177', + name: 'Improper Handling of URL Encoding (Hex Encoding)', + status: 'Draft', + }, + { + id: 'CWE-178', + name: 'Improper Handling of Case Sensitivity', + status: 'Incomplete', + }, + { + id: 'CWE-179', + name: 'Incorrect Behavior Order: Early Validation', + status: 'Incomplete', + }, + { + id: 'CWE-180', + name: 'Incorrect Behavior Order: Validate Before Canonicalize', + status: 'Draft', + }, + { + id: 'CWE-181', + name: 'Incorrect Behavior Order: Validate Before Filter', + status: 'Draft', + }, + { + id: 'CWE-182', + name: 'Collapse of Data into Unsafe Value', + status: 'Draft', + }, + { id: 'CWE-183', name: 'Permissive Whitelist', status: 'Draft' }, + { id: 'CWE-184', name: 'Incomplete Blacklist', status: 'Draft' }, + { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, + { + id: 'CWE-186', + name: 'Overly Restrictive Regular Expression', + status: 'Draft', + }, + { id: 'CWE-187', name: 'Partial String Comparison', status: 'Incomplete' }, + { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, + { id: 'CWE-190', name: 'Integer Overflow or Wraparound', status: 'Stable' }, + { + id: 'CWE-191', + name: 'Integer Underflow (Wrap or Wraparound)', + status: 'Draft', + }, + { id: 'CWE-192', name: 'Integer Coercion Error', status: 'Incomplete' }, + { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, + { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, + { + id: 'CWE-195', + name: 'Signed to Unsigned Conversion Error', + status: 'Draft', + }, + { + id: 'CWE-196', + name: 'Unsigned to Signed Conversion Error', + status: 'Draft', + }, + { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, + { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, + { id: 'CWE-20', name: 'Improper Input Validation', status: 'Stable' }, + { id: 'CWE-200', name: 'Information Exposure', status: 'Draft' }, + { + id: 'CWE-201', + name: 'Information Exposure Through Sent Data', + status: 'Draft', + }, + { + id: 'CWE-202', + name: 'Exposure of Sensitive Data Through Data Queries', + status: 'Draft', + }, + { + id: 'CWE-203', + name: 'Information Exposure Through Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-204', + name: 'Response Discrepancy Information Exposure', + status: 'Incomplete', + }, + { + id: 'CWE-205', + name: 'Information Exposure Through Behavioral Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-206', + name: 'Information Exposure of Internal State Through Behavioral Inconsistency', + status: 'Incomplete', + }, + { + id: 'CWE-207', + name: 'Information Exposure Through an External Behavioral Inconsistency', + status: 'Draft', + }, + { + id: 'CWE-208', + name: 'Information Exposure Through Timing Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-209', + name: 'Information Exposure Through an Error Message', + status: 'Draft', + }, + { + id: 'CWE-210', + name: 'Information Exposure Through Self-generated Error Message', + status: 'Draft', + }, + { + id: 'CWE-211', + name: 'Information Exposure Through Externally-Generated Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-212', + name: 'Improper Cross-boundary Removal of Sensitive Data', + status: 'Incomplete', + }, + { + id: 'CWE-213', + name: 'Intentional Information Exposure', + status: 'Draft', + }, + { + id: 'CWE-214', + name: 'Information Exposure Through Process Environment', + status: 'Incomplete', + }, + { + id: 'CWE-215', + name: 'Information Exposure Through Debug Information', + status: 'Draft', + }, + { + id: 'CWE-216', + name: 'Containment Errors (Container Errors)', + status: 'Incomplete', + }, + { + id: 'CWE-217', + name: 'DEPRECATED: Failure to Protect Stored Data from Modification', + status: 'Deprecated', + }, + { + id: 'CWE-218', + name: 'DEPRECATED (Duplicate): Failure to provide confidentiality for stored data', + status: 'Deprecated', + }, + { id: 'CWE-219', name: 'Sensitive Data Under Web Root', status: 'Draft' }, + { + id: 'CWE-22', + name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + status: 'Stable', + }, + { id: 'CWE-220', name: 'Sensitive Data Under FTP Root', status: 'Draft' }, + { + id: 'CWE-221', + name: 'Information Loss or Omission', + status: 'Incomplete', + }, + { + id: 'CWE-222', + name: 'Truncation of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-223', + name: 'Omission of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-224', + name: 'Obscured Security-relevant Information by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-225', + name: 'DEPRECATED (Duplicate): General Information Management Problems', + status: 'Deprecated', + }, + { + id: 'CWE-226', + name: 'Sensitive Information Uncleared Before Release', + status: 'Draft', + }, + { + id: 'CWE-228', + name: 'Improper Handling of Syntactically Invalid Structure', + status: 'Incomplete', + }, + { + id: 'CWE-229', + name: 'Improper Handling of Values', + status: 'Incomplete', + }, + { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, + { + id: 'CWE-230', + name: 'Improper Handling of Missing Values', + status: 'Draft', + }, + { + id: 'CWE-231', + name: 'Improper Handling of Extra Values', + status: 'Draft', + }, + { + id: 'CWE-232', + name: 'Improper Handling of Undefined Values', + status: 'Draft', + }, + { + id: 'CWE-233', + name: 'Improper Handling of Parameters', + status: 'Incomplete', + }, + { + id: 'CWE-234', + name: 'Failure to Handle Missing Parameter', + status: 'Incomplete', + }, + { + id: 'CWE-235', + name: 'Improper Handling of Extra Parameters', + status: 'Draft', + }, + { + id: 'CWE-236', + name: 'Improper Handling of Undefined Parameters', + status: 'Draft', + }, + { + id: 'CWE-237', + name: 'Improper Handling of Structural Elements', + status: 'Incomplete', + }, + { + id: 'CWE-238', + name: 'Improper Handling of Incomplete Structural Elements', + status: 'Draft', + }, + { + id: 'CWE-239', + name: 'Failure to Handle Incomplete Element', + status: 'Draft', + }, + { + id: 'CWE-24', + name: "Path Traversal: '../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-240', + name: 'Improper Handling of Inconsistent Structural Elements', + status: 'Draft', + }, + { + id: 'CWE-241', + name: 'Improper Handling of Unexpected Data Type', + status: 'Draft', + }, + { + id: 'CWE-242', + name: 'Use of Inherently Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-243', + name: 'Creation of chroot Jail Without Changing Working Directory', + status: 'Draft', + }, + { + id: 'CWE-244', + name: "Improper Clearing of Heap Memory Before Release ('Heap Inspection')", + status: 'Draft', + }, + { + id: 'CWE-245', + name: 'J2EE Bad Practices: Direct Management of Connections', + status: 'Draft', + }, + { + id: 'CWE-246', + name: 'J2EE Bad Practices: Direct Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-247', + name: 'DEPRECATED (Duplicate): Reliance on DNS Lookups in a Security Decision', + status: 'Deprecated', + }, + { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, + { + id: 'CWE-249', + name: 'DEPRECATED: Often Misused: Path Manipulation', + status: 'Deprecated', + }, + { + id: 'CWE-25', + name: "Path Traversal: '/../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-250', + name: 'Execution with Unnecessary Privileges', + status: 'Draft', + }, + { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, + { + id: 'CWE-253', + name: 'Incorrect Check of Function Return Value', + status: 'Incomplete', + }, + { + id: 'CWE-256', + name: 'Unprotected Storage of Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-257', + name: 'Storing Passwords in a Recoverable Format', + status: 'Incomplete', + }, + { + id: 'CWE-258', + name: 'Empty Password in Configuration File', + status: 'Incomplete', + }, + { id: 'CWE-259', name: 'Use of Hard-coded Password', status: 'Draft' }, + { + id: 'CWE-26', + name: "Path Traversal: '/dir/../filename'", + status: 'Draft', + }, + { + id: 'CWE-260', + name: 'Password in Configuration File', + status: 'Incomplete', + }, + { + id: 'CWE-261', + name: 'Weak Cryptography for Passwords', + status: 'Incomplete', + }, + { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, + { + id: 'CWE-263', + name: 'Password Aging with Long Expiration', + status: 'Draft', + }, + { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, + { + id: 'CWE-267', + name: 'Privilege Defined With Unsafe Actions', + status: 'Incomplete', + }, + { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, + { id: 'CWE-269', name: 'Improper Privilege Management', status: 'Draft' }, + { + id: 'CWE-27', + name: "Path Traversal: 'dir/../../filename'", + status: 'Draft', + }, + { + id: 'CWE-270', + name: 'Privilege Context Switching Error', + status: 'Draft', + }, + { + id: 'CWE-271', + name: 'Privilege Dropping / Lowering Errors', + status: 'Incomplete', + }, + { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, + { + id: 'CWE-273', + name: 'Improper Check for Dropped Privileges', + status: 'Incomplete', + }, + { + id: 'CWE-274', + name: 'Improper Handling of Insufficient Privileges', + status: 'Draft', + }, + { id: 'CWE-276', name: 'Incorrect Default Permissions', status: 'Draft' }, + { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, + { + id: 'CWE-278', + name: 'Insecure Preserved Inherited Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-279', + name: 'Incorrect Execution-Assigned Permissions', + status: 'Draft', + }, + { + id: 'CWE-28', + name: "Path Traversal: '..\\filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-280', + name: 'Improper Handling of Insufficient Permissions or Privileges ', + status: 'Draft', + }, + { + id: 'CWE-281', + name: 'Improper Preservation of Permissions', + status: 'Draft', + }, + { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, + { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, + { id: 'CWE-284', name: 'Improper Access Control', status: 'Incomplete' }, + { id: 'CWE-285', name: 'Improper Authorization', status: 'Draft' }, + { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, + { id: 'CWE-287', name: 'Improper Authentication', status: 'Draft' }, + { + id: 'CWE-288', + name: 'Authentication Bypass Using an Alternate Path or Channel', + status: 'Incomplete', + }, + { + id: 'CWE-289', + name: 'Authentication Bypass by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-29', + name: "Path Traversal: '\\..\\filename'", + status: 'Incomplete', + }, + { + id: 'CWE-290', + name: 'Authentication Bypass by Spoofing', + status: 'Incomplete', + }, + { + id: 'CWE-291', + name: 'Reliance on IP Address for Authentication', + status: 'Incomplete', + }, + { + id: 'CWE-292', + name: 'DEPRECATED (Duplicate): Trusting Self-reported DNS Name', + status: 'Deprecated', + }, + { + id: 'CWE-293', + name: 'Using Referer Field for Authentication', + status: 'Draft', + }, + { + id: 'CWE-294', + name: 'Authentication Bypass by Capture-replay', + status: 'Incomplete', + }, + { id: 'CWE-295', name: 'Improper Certificate Validation', status: 'Draft' }, + { + id: 'CWE-296', + name: "Improper Following of a Certificate's Chain of Trust", + status: 'Draft', + }, + { + id: 'CWE-297', + name: 'Improper Validation of Certificate with Host Mismatch', + status: 'Incomplete', + }, + { + id: 'CWE-298', + name: 'Improper Validation of Certificate Expiration', + status: 'Draft', + }, + { + id: 'CWE-299', + name: 'Improper Check for Certificate Revocation', + status: 'Draft', + }, + { + id: 'CWE-30', + name: "Path Traversal: '\\dir\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-300', + name: "Channel Accessible by Non-Endpoint ('Man-in-the-Middle')", + status: 'Draft', + }, + { + id: 'CWE-301', + name: 'Reflection Attack in an Authentication Protocol', + status: 'Draft', + }, + { + id: 'CWE-302', + name: 'Authentication Bypass by Assumed-Immutable Data', + status: 'Incomplete', + }, + { + id: 'CWE-303', + name: 'Incorrect Implementation of Authentication Algorithm', + status: 'Draft', + }, + { + id: 'CWE-304', + name: 'Missing Critical Step in Authentication', + status: 'Draft', + }, + { + id: 'CWE-305', + name: 'Authentication Bypass by Primary Weakness', + status: 'Draft', + }, + { + id: 'CWE-306', + name: 'Missing Authentication for Critical Function', + status: 'Draft', + }, + { + id: 'CWE-307', + name: 'Improper Restriction of Excessive Authentication Attempts', + status: 'Draft', + }, + { + id: 'CWE-308', + name: 'Use of Single-factor Authentication', + status: 'Draft', + }, + { + id: 'CWE-309', + name: 'Use of Password System for Primary Authentication', + status: 'Draft', + }, + { + id: 'CWE-31', + name: "Path Traversal: 'dir\\..\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-311', + name: 'Missing Encryption of Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-312', + name: 'Cleartext Storage of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-313', + name: 'Cleartext Storage in a File or on Disk', + status: 'Draft', + }, + { + id: 'CWE-314', + name: 'Cleartext Storage in the Registry', + status: 'Draft', + }, + { + id: 'CWE-315', + name: 'Cleartext Storage of Sensitive Information in a Cookie', + status: 'Draft', + }, + { + id: 'CWE-316', + name: 'Cleartext Storage of Sensitive Information in Memory', + status: 'Draft', + }, + { + id: 'CWE-317', + name: 'Cleartext Storage of Sensitive Information in GUI', + status: 'Draft', + }, + { + id: 'CWE-318', + name: 'Cleartext Storage of Sensitive Information in Executable', + status: 'Draft', + }, + { + id: 'CWE-319', + name: 'Cleartext Transmission of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-32', + name: "Path Traversal: '...' (Triple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-321', + name: 'Use of Hard-coded Cryptographic Key', + status: 'Draft', + }, + { + id: 'CWE-322', + name: 'Key Exchange without Entity Authentication', + status: 'Draft', + }, + { + id: 'CWE-323', + name: 'Reusing a Nonce, Key Pair in Encryption', + status: 'Incomplete', + }, + { + id: 'CWE-324', + name: 'Use of a Key Past its Expiration Date', + status: 'Draft', + }, + { + id: 'CWE-325', + name: 'Missing Required Cryptographic Step', + status: 'Incomplete', + }, + { id: 'CWE-326', name: 'Inadequate Encryption Strength', status: 'Draft' }, + { + id: 'CWE-327', + name: 'Use of a Broken or Risky Cryptographic Algorithm', + status: 'Draft', + }, + { id: 'CWE-328', name: 'Reversible One-Way Hash', status: 'Draft' }, + { + id: 'CWE-329', + name: 'Not Using a Random IV with CBC Mode', + status: 'Draft', + }, + { + id: 'CWE-33', + name: "Path Traversal: '....' (Multiple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-330', + name: 'Use of Insufficiently Random Values', + status: 'Stable', + }, + { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, + { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, + { + id: 'CWE-333', + name: 'Improper Handling of Insufficient Entropy in TRNG', + status: 'Draft', + }, + { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, + { + id: 'CWE-335', + name: 'Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + }, + { + id: 'CWE-336', + name: 'Same Seed in Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + }, + { + id: 'CWE-337', + name: 'Predictable Seed in Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + }, + { + id: 'CWE-338', + name: 'Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + }, + { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, + { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, + { id: 'CWE-340', name: 'Predictability Problems', status: 'Incomplete' }, + { + id: 'CWE-341', + name: 'Predictable from Observable State', + status: 'Draft', + }, + { + id: 'CWE-342', + name: 'Predictable Exact Value from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-343', + name: 'Predictable Value Range from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-344', + name: 'Use of Invariant Value in Dynamically Changing Context', + status: 'Draft', + }, + { + id: 'CWE-345', + name: 'Insufficient Verification of Data Authenticity', + status: 'Draft', + }, + { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, + { + id: 'CWE-347', + name: 'Improper Verification of Cryptographic Signature', + status: 'Draft', + }, + { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, + { + id: 'CWE-349', + name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', + status: 'Draft', + }, + { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, + { + id: 'CWE-350', + name: 'Reliance on Reverse DNS Resolution for a Security-Critical Action', + status: 'Draft', + }, + { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, + { + id: 'CWE-352', + name: 'Cross-Site Request Forgery (CSRF)', + status: 'Stable', + }, + { + id: 'CWE-353', + name: 'Missing Support for Integrity Check', + status: 'Draft', + }, + { + id: 'CWE-354', + name: 'Improper Validation of Integrity Check Value', + status: 'Draft', + }, + { + id: 'CWE-356', + name: 'Product UI does not Warn User of Unsafe Actions', + status: 'Incomplete', + }, + { + id: 'CWE-357', + name: 'Insufficient UI Warning of Dangerous Operations', + status: 'Draft', + }, + { + id: 'CWE-358', + name: 'Improperly Implemented Security Check for Standard', + status: 'Draft', + }, + { + id: 'CWE-359', + name: "Exposure of Private Information ('Privacy Violation')", + status: 'Incomplete', + }, + { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, + { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, + { + id: 'CWE-362', + name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", + status: 'Draft', + }, + { + id: 'CWE-363', + name: 'Race Condition Enabling Link Following', + status: 'Draft', + }, + { + id: 'CWE-364', + name: 'Signal Handler Race Condition', + status: 'Incomplete', + }, + { id: 'CWE-365', name: 'Race Condition in Switch', status: 'Draft' }, + { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, + { + id: 'CWE-367', + name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', + status: 'Incomplete', + }, + { + id: 'CWE-368', + name: 'Context Switching Race Condition', + status: 'Draft', + }, + { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, + { + id: 'CWE-37', + name: "Path Traversal: '/absolute/pathname/here'", + status: 'Draft', + }, + { + id: 'CWE-370', + name: 'Missing Check for Certificate Revocation after Initial Check', + status: 'Draft', + }, + { + id: 'CWE-372', + name: 'Incomplete Internal State Distinction', + status: 'Draft', + }, + { + id: 'CWE-373', + name: 'DEPRECATED: State Synchronization Error', + status: 'Deprecated', + }, + { + id: 'CWE-374', + name: 'Passing Mutable Objects to an Untrusted Method', + status: 'Draft', + }, + { + id: 'CWE-375', + name: 'Returning a Mutable Object to an Untrusted Caller', + status: 'Draft', + }, + { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, + { + id: 'CWE-378', + name: 'Creation of Temporary File With Insecure Permissions', + status: 'Draft', + }, + { + id: 'CWE-379', + name: 'Creation of Temporary File in Directory with Incorrect Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-38', + name: "Path Traversal: '\\absolute\\pathname\\here'", + status: 'Draft', + }, + { + id: 'CWE-382', + name: 'J2EE Bad Practices: Use of System.exit()', + status: 'Draft', + }, + { + id: 'CWE-383', + name: 'J2EE Bad Practices: Direct Use of Threads', + status: 'Draft', + }, + { id: 'CWE-384', name: 'Session Fixation', status: 'Incomplete' }, + { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, + { + id: 'CWE-386', + name: 'Symbolic Name not Mapping to Correct Object', + status: 'Draft', + }, + { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, + { + id: 'CWE-390', + name: 'Detection of Error Condition Without Action', + status: 'Draft', + }, + { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, + { + id: 'CWE-392', + name: 'Missing Report of Error Condition', + status: 'Draft', + }, + { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, + { + id: 'CWE-394', + name: 'Unexpected Status Code or Return Value', + status: 'Draft', + }, + { + id: 'CWE-395', + name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', + status: 'Draft', + }, + { + id: 'CWE-396', + name: 'Declaration of Catch for Generic Exception', + status: 'Draft', + }, + { + id: 'CWE-397', + name: 'Declaration of Throws for Generic Exception', + status: 'Draft', + }, + { + id: 'CWE-40', + name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", + status: 'Draft', + }, + { + id: 'CWE-400', + name: 'Uncontrolled Resource Consumption', + status: 'Draft', + }, + { + id: 'CWE-401', + name: 'Missing Release of Memory after Effective Lifetime', + status: 'Draft', + }, + { + id: 'CWE-402', + name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", + status: 'Draft', + }, + { + id: 'CWE-403', + name: "Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')", + status: 'Draft', + }, + { + id: 'CWE-404', + name: 'Improper Resource Shutdown or Release', + status: 'Draft', + }, + { + id: 'CWE-405', + name: 'Asymmetric Resource Consumption (Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-406', + name: 'Insufficient Control of Network Message Volume (Network Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-407', + name: 'Inefficient Algorithmic Complexity', + status: 'Incomplete', + }, + { + id: 'CWE-408', + name: 'Incorrect Behavior Order: Early Amplification', + status: 'Draft', + }, + { + id: 'CWE-409', + name: 'Improper Handling of Highly Compressed Data (Data Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-41', + name: 'Improper Resolution of Path Equivalence', + status: 'Incomplete', + }, + { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, + { + id: 'CWE-412', + name: 'Unrestricted Externally Accessible Lock', + status: 'Incomplete', + }, + { id: 'CWE-413', name: 'Improper Resource Locking', status: 'Draft' }, + { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, + { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, + { id: 'CWE-416', name: 'Use After Free', status: 'Stable' }, + { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, + { + id: 'CWE-42', + name: "Path Equivalence: 'filename.' (Trailing Dot)", + status: 'Incomplete', + }, + { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, + { + id: 'CWE-421', + name: 'Race Condition During Access to Alternate Channel', + status: 'Draft', + }, + { + id: 'CWE-422', + name: "Unprotected Windows Messaging Channel ('Shatter')", + status: 'Draft', + }, + { + id: 'CWE-423', + name: 'DEPRECATED (Duplicate): Proxied Trusted Channel', + status: 'Deprecated', + }, + { + id: 'CWE-424', + name: 'Improper Protection of Alternate Path', + status: 'Draft', + }, + { + id: 'CWE-425', + name: "Direct Request ('Forced Browsing')", + status: 'Incomplete', + }, + { id: 'CWE-426', name: 'Untrusted Search Path', status: 'Stable' }, + { + id: 'CWE-427', + name: 'Uncontrolled Search Path Element', + status: 'Draft', + }, + { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, + { + id: 'CWE-43', + name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-430', + name: 'Deployment of Wrong Handler', + status: 'Incomplete', + }, + { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, + { + id: 'CWE-432', + name: 'Dangerous Signal Handler not Disabled During Sensitive Operations', + status: 'Draft', + }, + { + id: 'CWE-433', + name: 'Unparsed Raw Web Content Delivery', + status: 'Incomplete', + }, + { + id: 'CWE-434', + name: 'Unrestricted Upload of File with Dangerous Type', + status: 'Draft', + }, + { + id: 'CWE-435', + name: 'Improper Interaction Between Multiple Correctly-Behaving Entities', + status: 'Draft', + }, + { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, + { + id: 'CWE-437', + name: 'Incomplete Model of Endpoint Features', + status: 'Incomplete', + }, + { + id: 'CWE-439', + name: 'Behavioral Change in New Version or Environment', + status: 'Draft', + }, + { + id: 'CWE-44', + name: "Path Equivalence: 'file.name' (Internal Dot)", + status: 'Incomplete', + }, + { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, + { + id: 'CWE-441', + name: "Unintended Proxy or Intermediary ('Confused Deputy')", + status: 'Draft', + }, + { + id: 'CWE-443', + name: 'DEPRECATED (Duplicate): HTTP response splitting', + status: 'Deprecated', + }, + { + id: 'CWE-444', + name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')", + status: 'Incomplete', + }, + { + id: 'CWE-446', + name: 'UI Discrepancy for Security Feature', + status: 'Incomplete', + }, + { + id: 'CWE-447', + name: 'Unimplemented or Unsupported Feature in UI', + status: 'Draft', + }, + { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, + { + id: 'CWE-449', + name: 'The UI Performs the Wrong Action', + status: 'Incomplete', + }, + { + id: 'CWE-45', + name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-450', + name: 'Multiple Interpretations of UI Input', + status: 'Draft', + }, + { + id: 'CWE-451', + name: 'User Interface (UI) Misrepresentation of Critical Information', + status: 'Draft', + }, + { + id: 'CWE-453', + name: 'Insecure Default Variable Initialization', + status: 'Draft', + }, + { + id: 'CWE-454', + name: 'External Initialization of Trusted Variables or Data Stores', + status: 'Draft', + }, + { + id: 'CWE-455', + name: 'Non-exit on Failed Initialization', + status: 'Draft', + }, + { + id: 'CWE-456', + name: 'Missing Initialization of a Variable', + status: 'Draft', + }, + { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, + { + id: 'CWE-458', + name: 'DEPRECATED: Incorrect Initialization', + status: 'Deprecated', + }, + { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, + { + id: 'CWE-46', + name: "Path Equivalence: 'filename ' (Trailing Space)", + status: 'Incomplete', + }, + { + id: 'CWE-460', + name: 'Improper Cleanup on Thrown Exception', + status: 'Draft', + }, + { + id: 'CWE-462', + name: 'Duplicate Key in Associative List (Alist)', + status: 'Incomplete', + }, + { + id: 'CWE-463', + name: 'Deletion of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-464', + name: 'Addition of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-466', + name: 'Return of Pointer Value Outside of Expected Range', + status: 'Draft', + }, + { + id: 'CWE-467', + name: 'Use of sizeof() on a Pointer Type', + status: 'Draft', + }, + { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, + { + id: 'CWE-469', + name: 'Use of Pointer Subtraction to Determine Size', + status: 'Draft', + }, + { + id: 'CWE-47', + name: "Path Equivalence: ' filename' (Leading Space)", + status: 'Incomplete', + }, + { + id: 'CWE-470', + name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", + status: 'Draft', + }, + { + id: 'CWE-471', + name: 'Modification of Assumed-Immutable Data (MAID)', + status: 'Draft', + }, + { + id: 'CWE-472', + name: 'External Control of Assumed-Immutable Web Parameter', + status: 'Draft', + }, + { + id: 'CWE-473', + name: 'PHP External Variable Modification', + status: 'Draft', + }, + { + id: 'CWE-474', + name: 'Use of Function with Inconsistent Implementations', + status: 'Draft', + }, + { + id: 'CWE-475', + name: 'Undefined Behavior for Input to API', + status: 'Incomplete', + }, + { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Stable' }, + { id: 'CWE-477', name: 'Use of Obsolete Function', status: 'Draft' }, + { + id: 'CWE-478', + name: 'Missing Default Case in Switch Statement', + status: 'Draft', + }, + { + id: 'CWE-479', + name: 'Signal Handler Use of a Non-reentrant Function', + status: 'Draft', + }, + { + id: 'CWE-48', + name: "Path Equivalence: 'file name' (Internal Whitespace)", + status: 'Incomplete', + }, + { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, + { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, + { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, + { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, + { + id: 'CWE-484', + name: 'Omitted Break Statement in Switch', + status: 'Draft', + }, + { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, + { + id: 'CWE-487', + name: 'Reliance on Package-level Scope', + status: 'Incomplete', + }, + { + id: 'CWE-488', + name: 'Exposure of Data Element to Wrong Session', + status: 'Draft', + }, + { id: 'CWE-489', name: 'Leftover Debug Code', status: 'Draft' }, + { + id: 'CWE-49', + name: "Path Equivalence: 'filename/' (Trailing Slash)", + status: 'Incomplete', + }, + { + id: 'CWE-491', + name: "Public cloneable() Method Without Final ('Object Hijack')", + status: 'Draft', + }, + { + id: 'CWE-492', + name: 'Use of Inner Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-493', + name: 'Critical Public Variable Without Final Modifier', + status: 'Draft', + }, + { + id: 'CWE-494', + name: 'Download of Code Without Integrity Check', + status: 'Draft', + }, + { + id: 'CWE-495', + name: 'Private Data Structure Returned From A Public Method', + status: 'Draft', + }, + { + id: 'CWE-496', + name: 'Public Data Assigned to Private Array-Typed Field', + status: 'Incomplete', + }, + { + id: 'CWE-497', + name: 'Exposure of System Data to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-498', + name: 'Cloneable Class Containing Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-499', + name: 'Serializable Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-5', + name: 'J2EE Misconfiguration: Data Transmission Without Encryption', + status: 'Draft', + }, + { + id: 'CWE-50', + name: "Path Equivalence: '//multiple/leading/slash'", + status: 'Incomplete', + }, + { + id: 'CWE-500', + name: 'Public Static Field Not Marked Final', + status: 'Draft', + }, + { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, + { + id: 'CWE-502', + name: 'Deserialization of Untrusted Data', + status: 'Draft', + }, + { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, + { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, + { + id: 'CWE-508', + name: 'Non-Replicating Malicious Code', + status: 'Incomplete', + }, + { + id: 'CWE-509', + name: 'Replicating Malicious Code (Virus or Worm)', + status: 'Incomplete', + }, + { + id: 'CWE-51', + name: "Path Equivalence: '/multiple//internal/slash'", + status: 'Incomplete', + }, + { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, + { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, + { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, + { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, + { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, + { + id: 'CWE-516', + name: 'DEPRECATED (Duplicate): Covert Timing Channel', + status: 'Deprecated', + }, + { + id: 'CWE-52', + name: "Path Equivalence: '/multiple/trailing/slash//'", + status: 'Incomplete', + }, + { + id: 'CWE-520', + name: '.NET Misconfiguration: Use of Impersonation', + status: 'Incomplete', + }, + { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, + { + id: 'CWE-522', + name: 'Insufficiently Protected Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-523', + name: 'Unprotected Transport of Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-524', + name: 'Information Exposure Through Caching', + status: 'Incomplete', + }, + { + id: 'CWE-525', + name: 'Information Exposure Through Browser Caching', + status: 'Incomplete', + }, + { + id: 'CWE-526', + name: 'Information Exposure Through Environmental Variables', + status: 'Incomplete', + }, + { + id: 'CWE-527', + name: 'Exposure of CVS Repository to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-528', + name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', + status: 'Draft', + }, + { + id: 'CWE-529', + name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-53', + name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", + status: 'Incomplete', + }, + { + id: 'CWE-530', + name: 'Exposure of Backup File to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-531', + name: 'Information Exposure Through Test Code', + status: 'Incomplete', + }, + { + id: 'CWE-532', + name: 'Inclusion of Sensitive Information in Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-533', + name: 'DEPRECATED: Information Exposure Through Server Log Files', + status: 'Deprecated', + }, + { + id: 'CWE-534', + name: 'DEPRECATED: Information Exposure Through Debug Log Files', + status: 'Deprecated', + }, + { + id: 'CWE-535', + name: 'Information Exposure Through Shell Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-536', + name: 'Information Exposure Through Servlet Runtime Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-537', + name: 'Information Exposure Through Java Runtime Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-538', + name: 'File and Directory Information Exposure', + status: 'Draft', + }, + { + id: 'CWE-539', + name: 'Information Exposure Through Persistent Cookies', + status: 'Incomplete', + }, + { + id: 'CWE-54', + name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", + status: 'Incomplete', + }, + { + id: 'CWE-540', + name: 'Information Exposure Through Source Code', + status: 'Incomplete', + }, + { + id: 'CWE-541', + name: 'Information Exposure Through Include Source Code', + status: 'Incomplete', + }, + { + id: 'CWE-542', + name: 'DEPRECATED: Information Exposure Through Cleanup Log Files', + status: 'Deprecated', + }, + { + id: 'CWE-543', + name: 'Use of Singleton Pattern Without Synchronization in a Multithreaded Context', + status: 'Incomplete', + }, + { + id: 'CWE-544', + name: 'Missing Standardized Error Handling Mechanism', + status: 'Draft', + }, + { + id: 'CWE-545', + name: 'DEPRECATED: Use of Dynamic Class Loading', + status: 'Deprecated', + }, + { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, + { + id: 'CWE-547', + name: 'Use of Hard-coded, Security-relevant Constants', + status: 'Draft', + }, + { + id: 'CWE-548', + name: 'Information Exposure Through Directory Listing', + status: 'Draft', + }, + { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, + { + id: 'CWE-55', + name: "Path Equivalence: '/./' (Single Dot Directory)", + status: 'Incomplete', + }, + { + id: 'CWE-550', + name: 'Information Exposure Through Server Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-551', + name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', + status: 'Incomplete', + }, + { + id: 'CWE-552', + name: 'Files or Directories Accessible to External Parties', + status: 'Draft', + }, + { + id: 'CWE-553', + name: 'Command Shell in Externally Accessible Directory', + status: 'Incomplete', + }, + { + id: 'CWE-554', + name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', + status: 'Draft', + }, + { + id: 'CWE-555', + name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-556', + name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', + status: 'Incomplete', + }, + { + id: 'CWE-558', + name: 'Use of getlogin() in Multithreaded Application', + status: 'Draft', + }, + { + id: 'CWE-56', + name: "Path Equivalence: 'filedir*' (Wildcard)", + status: 'Incomplete', + }, + { + id: 'CWE-560', + name: 'Use of umask() with chmod-style Argument', + status: 'Draft', + }, + { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, + { + id: 'CWE-562', + name: 'Return of Stack Variable Address', + status: 'Draft', + }, + { + id: 'CWE-563', + name: 'Assignment to Variable without Use', + status: 'Draft', + }, + { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, + { + id: 'CWE-565', + name: 'Reliance on Cookies without Validation and Integrity Checking', + status: 'Incomplete', + }, + { + id: 'CWE-566', + name: 'Authorization Bypass Through User-Controlled SQL Primary Key', + status: 'Incomplete', + }, + { + id: 'CWE-567', + name: 'Unsynchronized Access to Shared Data in a Multithreaded Context', + status: 'Draft', + }, + { + id: 'CWE-568', + name: 'finalize() Method Without super.finalize()', + status: 'Draft', + }, + { + id: 'CWE-57', + name: "Path Equivalence: 'fakedir/../realdir/filename'", + status: 'Incomplete', + }, + { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, + { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, + { + id: 'CWE-572', + name: 'Call to Thread run() instead of start()', + status: 'Draft', + }, + { + id: 'CWE-573', + name: 'Improper Following of Specification by Caller', + status: 'Draft', + }, + { + id: 'CWE-574', + name: 'EJB Bad Practices: Use of Synchronization Primitives', + status: 'Draft', + }, + { + id: 'CWE-575', + name: 'EJB Bad Practices: Use of AWT Swing', + status: 'Draft', + }, + { + id: 'CWE-576', + name: 'EJB Bad Practices: Use of Java I/O', + status: 'Draft', + }, + { + id: 'CWE-577', + name: 'EJB Bad Practices: Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-578', + name: 'EJB Bad Practices: Use of Class Loader', + status: 'Draft', + }, + { + id: 'CWE-579', + name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', + status: 'Draft', + }, + { + id: 'CWE-58', + name: 'Path Equivalence: Windows 8.3 Filename', + status: 'Incomplete', + }, + { + id: 'CWE-580', + name: 'clone() Method Without super.clone()', + status: 'Draft', + }, + { + id: 'CWE-581', + name: 'Object Model Violation: Just One of Equals and Hashcode Defined', + status: 'Draft', + }, + { + id: 'CWE-582', + name: 'Array Declared Public, Final, and Static', + status: 'Draft', + }, + { + id: 'CWE-583', + name: 'finalize() Method Declared Public', + status: 'Incomplete', + }, + { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, + { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, + { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, + { + id: 'CWE-587', + name: 'Assignment of a Fixed Address to a Pointer', + status: 'Draft', + }, + { + id: 'CWE-588', + name: 'Attempt to Access Child of a Non-structure Pointer', + status: 'Incomplete', + }, + { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, + { + id: 'CWE-59', + name: "Improper Link Resolution Before File Access ('Link Following')", + status: 'Draft', + }, + { + id: 'CWE-590', + name: 'Free of Memory not on the Heap', + status: 'Incomplete', + }, + { + id: 'CWE-591', + name: 'Sensitive Data Storage in Improperly Locked Memory', + status: 'Draft', + }, + { + id: 'CWE-592', + name: 'DEPRECATED: Authentication Bypass Issues', + status: 'Deprecated', + }, + { + id: 'CWE-593', + name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', + status: 'Draft', + }, + { + id: 'CWE-594', + name: 'J2EE Framework: Saving Unserializable Objects to Disk', + status: 'Incomplete', + }, + { + id: 'CWE-595', + name: 'Comparison of Object References Instead of Object Contents', + status: 'Incomplete', + }, + { + id: 'CWE-596', + name: 'DEPRECATED: Incorrect Semantic Object Comparison', + status: 'Deprecated', + }, + { + id: 'CWE-597', + name: 'Use of Wrong Operator in String Comparison', + status: 'Draft', + }, + { + id: 'CWE-598', + name: 'Information Exposure Through Query Strings in GET Request', + status: 'Draft', + }, + { + id: 'CWE-599', + name: 'Missing Validation of OpenSSL Certificate', + status: 'Incomplete', + }, + { + id: 'CWE-6', + name: 'J2EE Misconfiguration: Insufficient Session-ID Length', + status: 'Incomplete', + }, + { id: 'CWE-600', name: 'Uncaught Exception in Servlet ', status: 'Draft' }, + { + id: 'CWE-601', + name: "URL Redirection to Untrusted Site ('Open Redirect')", + status: 'Draft', + }, + { + id: 'CWE-602', + name: 'Client-Side Enforcement of Server-Side Security', + status: 'Draft', + }, + { + id: 'CWE-603', + name: 'Use of Client-Side Authentication', + status: 'Draft', + }, + { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, + { + id: 'CWE-606', + name: 'Unchecked Input for Loop Condition', + status: 'Draft', + }, + { + id: 'CWE-607', + name: 'Public Static Final Field References Mutable Object', + status: 'Draft', + }, + { + id: 'CWE-608', + name: 'Struts: Non-private Field in ActionForm Class', + status: 'Draft', + }, + { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, + { + id: 'CWE-61', + name: 'UNIX Symbolic Link (Symlink) Following', + status: 'Incomplete', + }, + { + id: 'CWE-610', + name: 'Externally Controlled Reference to a Resource in Another Sphere', + status: 'Draft', + }, + { + id: 'CWE-611', + name: 'Improper Restriction of XML External Entity Reference', + status: 'Draft', + }, + { + id: 'CWE-612', + name: 'Information Exposure Through Indexing of Private Data', + status: 'Draft', + }, + { + id: 'CWE-613', + name: 'Insufficient Session Expiration', + status: 'Incomplete', + }, + { + id: 'CWE-614', + name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", + status: 'Draft', + }, + { + id: 'CWE-615', + name: 'Information Exposure Through Comments', + status: 'Incomplete', + }, + { + id: 'CWE-616', + name: 'Incomplete Identification of Uploaded File Variables (PHP)', + status: 'Incomplete', + }, + { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, + { + id: 'CWE-618', + name: 'Exposed Unsafe ActiveX Method', + status: 'Incomplete', + }, + { + id: 'CWE-619', + name: "Dangling Database Cursor ('Cursor Injection')", + status: 'Incomplete', + }, + { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, + { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, + { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, + { + id: 'CWE-622', + name: 'Improper Validation of Function Hook Arguments', + status: 'Draft', + }, + { + id: 'CWE-623', + name: 'Unsafe ActiveX Control Marked Safe For Scripting', + status: 'Draft', + }, + { + id: 'CWE-624', + name: 'Executable Regular Expression Error', + status: 'Incomplete', + }, + { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, + { + id: 'CWE-626', + name: 'Null Byte Interaction Error (Poison Null Byte)', + status: 'Draft', + }, + { + id: 'CWE-627', + name: 'Dynamic Variable Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-628', + name: 'Function Call with Incorrectly Specified Arguments', + status: 'Draft', + }, + { + id: 'CWE-636', + name: "Not Failing Securely ('Failing Open')", + status: 'Draft', + }, + { + id: 'CWE-637', + name: "Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')", + status: 'Draft', + }, + { id: 'CWE-638', name: 'Not Using Complete Mediation', status: 'Draft' }, + { + id: 'CWE-639', + name: 'Authorization Bypass Through User-Controlled Key', + status: 'Incomplete', + }, + { + id: 'CWE-64', + name: 'Windows Shortcut Following (.LNK)', + status: 'Incomplete', + }, + { + id: 'CWE-640', + name: 'Weak Password Recovery Mechanism for Forgotten Password', + status: 'Incomplete', + }, + { + id: 'CWE-641', + name: 'Improper Restriction of Names for Files and Other Resources', + status: 'Incomplete', + }, + { + id: 'CWE-642', + name: 'External Control of Critical State Data', + status: 'Draft', + }, + { + id: 'CWE-643', + name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-644', + name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', + status: 'Incomplete', + }, + { + id: 'CWE-645', + name: 'Overly Restrictive Account Lockout Mechanism', + status: 'Incomplete', + }, + { + id: 'CWE-646', + name: 'Reliance on File Name or Extension of Externally-Supplied File', + status: 'Incomplete', + }, + { + id: 'CWE-647', + name: 'Use of Non-Canonical URL Paths for Authorization Decisions', + status: 'Incomplete', + }, + { + id: 'CWE-648', + name: 'Incorrect Use of Privileged APIs', + status: 'Incomplete', + }, + { + id: 'CWE-649', + name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', + status: 'Incomplete', + }, + { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, + { + id: 'CWE-650', + name: 'Trusting HTTP Permission Methods on the Server Side', + status: 'Incomplete', + }, + { + id: 'CWE-651', + name: 'Information Exposure Through WSDL File', + status: 'Incomplete', + }, + { + id: 'CWE-652', + name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-653', + name: 'Insufficient Compartmentalization', + status: 'Draft', + }, + { + id: 'CWE-654', + name: 'Reliance on a Single Factor in a Security Decision', + status: 'Draft', + }, + { + id: 'CWE-655', + name: 'Insufficient Psychological Acceptability', + status: 'Draft', + }, + { + id: 'CWE-656', + name: 'Reliance on Security Through Obscurity', + status: 'Draft', + }, + { + id: 'CWE-657', + name: 'Violation of Secure Design Principles', + status: 'Draft', + }, + { + id: 'CWE-66', + name: 'Improper Handling of File Names that Identify Virtual Resources', + status: 'Draft', + }, + { id: 'CWE-662', name: 'Improper Synchronization', status: 'Draft' }, + { + id: 'CWE-663', + name: 'Use of a Non-reentrant Function in a Concurrent Context', + status: 'Draft', + }, + { + id: 'CWE-664', + name: 'Improper Control of a Resource Through its Lifetime', + status: 'Draft', + }, + { id: 'CWE-665', name: 'Improper Initialization', status: 'Draft' }, + { + id: 'CWE-666', + name: 'Operation on Resource in Wrong Phase of Lifetime', + status: 'Draft', + }, + { id: 'CWE-667', name: 'Improper Locking', status: 'Draft' }, + { + id: 'CWE-668', + name: 'Exposure of Resource to Wrong Sphere', + status: 'Draft', + }, + { + id: 'CWE-669', + name: 'Incorrect Resource Transfer Between Spheres', + status: 'Draft', + }, + { + id: 'CWE-67', + name: 'Improper Handling of Windows Device Names', + status: 'Incomplete', + }, + { + id: 'CWE-670', + name: 'Always-Incorrect Control Flow Implementation', + status: 'Draft', + }, + { + id: 'CWE-671', + name: 'Lack of Administrator Control over Security', + status: 'Draft', + }, + { + id: 'CWE-672', + name: 'Operation on a Resource after Expiration or Release', + status: 'Draft', + }, + { + id: 'CWE-673', + name: 'External Influence of Sphere Definition', + status: 'Draft', + }, + { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, + { + id: 'CWE-675', + name: 'Duplicate Operations on Resource', + status: 'Draft', + }, + { + id: 'CWE-676', + name: 'Use of Potentially Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-680', + name: 'Integer Overflow to Buffer Overflow', + status: 'Draft', + }, + { + id: 'CWE-681', + name: 'Incorrect Conversion between Numeric Types', + status: 'Draft', + }, + { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, + { + id: 'CWE-683', + name: 'Function Call With Incorrect Order of Arguments', + status: 'Draft', + }, + { + id: 'CWE-684', + name: 'Incorrect Provision of Specified Functionality', + status: 'Draft', + }, + { + id: 'CWE-685', + name: 'Function Call With Incorrect Number of Arguments', + status: 'Draft', + }, + { + id: 'CWE-686', + name: 'Function Call With Incorrect Argument Type', + status: 'Draft', + }, + { + id: 'CWE-687', + name: 'Function Call With Incorrectly Specified Argument Value', + status: 'Draft', + }, + { + id: 'CWE-688', + name: 'Function Call With Incorrect Variable or Reference as Argument', + status: 'Draft', + }, + { + id: 'CWE-689', + name: 'Permission Race Condition During Resource Copy', + status: 'Draft', + }, + { + id: 'CWE-69', + name: 'Improper Handling of Windows ::DATA Alternate Data Stream', + status: 'Incomplete', + }, + { + id: 'CWE-690', + name: 'Unchecked Return Value to NULL Pointer Dereference', + status: 'Draft', + }, + { + id: 'CWE-691', + name: 'Insufficient Control Flow Management', + status: 'Draft', + }, + { + id: 'CWE-692', + name: 'Incomplete Blacklist to Cross-Site Scripting', + status: 'Draft', + }, + { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, + { + id: 'CWE-694', + name: 'Use of Multiple Resources with Duplicate Identifier', + status: 'Incomplete', + }, + { + id: 'CWE-695', + name: 'Use of Low-Level Functionality', + status: 'Incomplete', + }, + { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, + { id: 'CWE-697', name: 'Incorrect Comparison', status: 'Incomplete' }, + { + id: 'CWE-698', + name: 'Execution After Redirect (EAR)', + status: 'Incomplete', + }, + { + id: 'CWE-7', + name: 'J2EE Misconfiguration: Missing Custom Error Page', + status: 'Incomplete', + }, + { + id: 'CWE-703', + name: 'Improper Check or Handling of Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-704', + name: 'Incorrect Type Conversion or Cast', + status: 'Incomplete', + }, + { + id: 'CWE-705', + name: 'Incorrect Control Flow Scoping', + status: 'Incomplete', + }, + { + id: 'CWE-706', + name: 'Use of Incorrectly-Resolved Name or Reference', + status: 'Incomplete', + }, + { + id: 'CWE-707', + name: 'Improper Enforcement of Message or Data Structure', + status: 'Incomplete', + }, + { + id: 'CWE-708', + name: 'Incorrect Ownership Assignment', + status: 'Incomplete', + }, + { + id: 'CWE-71', + name: "DEPRECATED: Apple '.DS_Store'", + status: 'Deprecated', + }, + { + id: 'CWE-710', + name: 'Improper Adherence to Coding Standards', + status: 'Incomplete', + }, + { + id: 'CWE-72', + name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', + status: 'Incomplete', + }, + { + id: 'CWE-73', + name: 'External Control of File Name or Path', + status: 'Draft', + }, + { + id: 'CWE-732', + name: 'Incorrect Permission Assignment for Critical Resource', + status: 'Draft', + }, + { + id: 'CWE-733', + name: 'Compiler Optimization Removal or Modification of Security-critical Code', + status: 'Incomplete', + }, + { + id: 'CWE-74', + name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-749', + name: 'Exposed Dangerous Method or Function', + status: 'Incomplete', + }, + { + id: 'CWE-75', + name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', + status: 'Draft', + }, + { + id: 'CWE-754', + name: 'Improper Check for Unusual or Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-755', + name: 'Improper Handling of Exceptional Conditions', + status: 'Incomplete', + }, + { id: 'CWE-756', name: 'Missing Custom Error Page', status: 'Incomplete' }, + { + id: 'CWE-757', + name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", + status: 'Incomplete', + }, + { + id: 'CWE-758', + name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', + status: 'Incomplete', + }, + { + id: 'CWE-759', + name: 'Use of a One-Way Hash without a Salt', + status: 'Incomplete', + }, + { + id: 'CWE-76', + name: 'Improper Neutralization of Equivalent Special Elements', + status: 'Draft', + }, + { + id: 'CWE-760', + name: 'Use of a One-Way Hash with a Predictable Salt', + status: 'Incomplete', + }, + { + id: 'CWE-761', + name: 'Free of Pointer not at Start of Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-762', + name: 'Mismatched Memory Management Routines', + status: 'Incomplete', + }, + { + id: 'CWE-763', + name: 'Release of Invalid Pointer or Reference', + status: 'Incomplete', + }, + { + id: 'CWE-764', + name: 'Multiple Locks of a Critical Resource', + status: 'Incomplete', + }, + { + id: 'CWE-765', + name: 'Multiple Unlocks of a Critical Resource', + status: 'Incomplete', + }, + { + id: 'CWE-766', + name: 'Critical Data Element Declared Public', + status: 'Incomplete', + }, + { + id: 'CWE-767', + name: 'Access to Critical Private Variable via Public Method', + status: 'Incomplete', + }, + { + id: 'CWE-768', + name: 'Incorrect Short Circuit Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-769', + name: 'DEPRECATED: Uncontrolled File Descriptor Consumption', + status: 'Deprecated', + }, + { + id: 'CWE-77', + name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", + status: 'Draft', + }, + { + id: 'CWE-770', + name: 'Allocation of Resources Without Limits or Throttling', + status: 'Incomplete', + }, + { + id: 'CWE-771', + name: 'Missing Reference to Active Allocated Resource', + status: 'Incomplete', + }, + { + id: 'CWE-772', + name: 'Missing Release of Resource after Effective Lifetime', + status: 'Draft', + }, + { + id: 'CWE-773', + name: 'Missing Reference to Active File Descriptor or Handle', + status: 'Incomplete', + }, + { + id: 'CWE-774', + name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', + status: 'Incomplete', + }, + { + id: 'CWE-775', + name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-776', + name: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", + status: 'Draft', + }, + { + id: 'CWE-777', + name: 'Regular Expression without Anchors', + status: 'Incomplete', + }, + { id: 'CWE-778', name: 'Insufficient Logging', status: 'Draft' }, + { id: 'CWE-779', name: 'Logging of Excessive Data', status: 'Draft' }, + { + id: 'CWE-78', + name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", + status: 'Stable', + }, + { + id: 'CWE-780', + name: 'Use of RSA Algorithm without OAEP', + status: 'Incomplete', + }, + { + id: 'CWE-781', + name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', + status: 'Draft', + }, + { + id: 'CWE-782', + name: 'Exposed IOCTL with Insufficient Access Control', + status: 'Draft', + }, + { id: 'CWE-783', name: 'Operator Precedence Logic Error', status: 'Draft' }, + { + id: 'CWE-784', + name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', + status: 'Draft', + }, + { + id: 'CWE-785', + name: 'Use of Path Manipulation Function without Maximum-sized Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-786', + name: 'Access of Memory Location Before Start of Buffer', + status: 'Incomplete', + }, + { id: 'CWE-787', name: 'Out-of-bounds Write', status: 'Draft' }, + { + id: 'CWE-788', + name: 'Access of Memory Location After End of Buffer', + status: 'Incomplete', + }, + { id: 'CWE-789', name: 'Uncontrolled Memory Allocation', status: 'Draft' }, + { + id: 'CWE-79', + name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + status: 'Stable', + }, + { + id: 'CWE-790', + name: 'Improper Filtering of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-791', + name: 'Incomplete Filtering of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-792', + name: 'Incomplete Filtering of One or More Instances of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-793', + name: 'Only Filtering One Instance of a Special Element', + status: 'Incomplete', + }, + { + id: 'CWE-794', + name: 'Incomplete Filtering of Multiple Instances of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-795', + name: 'Only Filtering Special Elements at a Specified Location', + status: 'Incomplete', + }, + { + id: 'CWE-796', + name: 'Only Filtering Special Elements Relative to a Marker', + status: 'Incomplete', + }, + { + id: 'CWE-797', + name: 'Only Filtering Special Elements at an Absolute Position', + status: 'Incomplete', + }, + { id: 'CWE-798', name: 'Use of Hard-coded Credentials', status: 'Draft' }, + { + id: 'CWE-799', + name: 'Improper Control of Interaction Frequency', + status: 'Incomplete', + }, + { + id: 'CWE-8', + name: 'J2EE Misconfiguration: Entity Bean Declared Remote', + status: 'Incomplete', + }, + { + id: 'CWE-80', + name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', + status: 'Incomplete', + }, + { id: 'CWE-804', name: 'Guessable CAPTCHA', status: 'Incomplete' }, + { + id: 'CWE-805', + name: 'Buffer Access with Incorrect Length Value', + status: 'Incomplete', + }, + { + id: 'CWE-806', + name: 'Buffer Access Using Size of Source Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-807', + name: 'Reliance on Untrusted Inputs in a Security Decision', + status: 'Incomplete', + }, + { + id: 'CWE-81', + name: 'Improper Neutralization of Script in an Error Message Web Page', + status: 'Incomplete', + }, + { + id: 'CWE-82', + name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', + status: 'Incomplete', + }, + { id: 'CWE-820', name: 'Missing Synchronization', status: 'Incomplete' }, + { id: 'CWE-821', name: 'Incorrect Synchronization', status: 'Incomplete' }, + { + id: 'CWE-822', + name: 'Untrusted Pointer Dereference', + status: 'Incomplete', + }, + { + id: 'CWE-823', + name: 'Use of Out-of-range Pointer Offset', + status: 'Incomplete', + }, + { + id: 'CWE-824', + name: 'Access of Uninitialized Pointer', + status: 'Incomplete', + }, + { + id: 'CWE-825', + name: 'Expired Pointer Dereference', + status: 'Incomplete', + }, + { + id: 'CWE-826', + name: 'Premature Release of Resource During Expected Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-827', + name: 'Improper Control of Document Type Definition', + status: 'Incomplete', + }, + { + id: 'CWE-828', + name: 'Signal Handler with Functionality that is not Asynchronous-Safe', + status: 'Incomplete', + }, + { + id: 'CWE-829', + name: 'Inclusion of Functionality from Untrusted Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-83', + name: 'Improper Neutralization of Script in Attributes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-830', + name: 'Inclusion of Web Functionality from an Untrusted Source', + status: 'Incomplete', + }, + { + id: 'CWE-831', + name: 'Signal Handler Function Associated with Multiple Signals', + status: 'Incomplete', + }, + { + id: 'CWE-832', + name: 'Unlock of a Resource that is not Locked', + status: 'Incomplete', + }, + { id: 'CWE-833', name: 'Deadlock', status: 'Incomplete' }, + { id: 'CWE-834', name: 'Excessive Iteration', status: 'Incomplete' }, + { + id: 'CWE-835', + name: "Loop with Unreachable Exit Condition ('Infinite Loop')", + status: 'Incomplete', + }, + { + id: 'CWE-836', + name: 'Use of Password Hash Instead of Password for Authentication', + status: 'Incomplete', + }, + { + id: 'CWE-837', + name: 'Improper Enforcement of a Single, Unique Action', + status: 'Incomplete', + }, + { + id: 'CWE-838', + name: 'Inappropriate Encoding for Output Context', + status: 'Incomplete', + }, + { + id: 'CWE-839', + name: 'Numeric Range Comparison Without Minimum Check', + status: 'Incomplete', + }, + { + id: 'CWE-84', + name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-841', + name: 'Improper Enforcement of Behavioral Workflow', + status: 'Incomplete', + }, + { + id: 'CWE-842', + name: 'Placement of User into Incorrect Group', + status: 'Incomplete', + }, + { + id: 'CWE-843', + name: "Access of Resource Using Incompatible Type ('Type Confusion')", + status: 'Incomplete', + }, + { + id: 'CWE-85', + name: 'Doubled Character XSS Manipulations', + status: 'Draft', + }, + { + id: 'CWE-86', + name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', + status: 'Draft', + }, + { id: 'CWE-862', name: 'Missing Authorization', status: 'Incomplete' }, + { id: 'CWE-863', name: 'Incorrect Authorization', status: 'Incomplete' }, + { + id: 'CWE-87', + name: 'Improper Neutralization of Alternate XSS Syntax', + status: 'Draft', + }, + { + id: 'CWE-88', + name: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", + status: 'Draft', + }, + { + id: 'CWE-89', + name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + status: 'Stable', + }, + { + id: 'CWE-9', + name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', + status: 'Draft', + }, + { + id: 'CWE-90', + name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", + status: 'Draft', + }, + { + id: 'CWE-908', + name: 'Use of Uninitialized Resource', + status: 'Incomplete', + }, + { + id: 'CWE-909', + name: 'Missing Initialization of Resource', + status: 'Incomplete', + }, + { + id: 'CWE-91', + name: 'XML Injection (aka Blind XPath Injection)', + status: 'Draft', + }, + { + id: 'CWE-910', + name: 'Use of Expired File Descriptor', + status: 'Incomplete', + }, + { + id: 'CWE-911', + name: 'Improper Update of Reference Count', + status: 'Incomplete', + }, + { id: 'CWE-912', name: 'Hidden Functionality', status: 'Incomplete' }, + { + id: 'CWE-913', + name: 'Improper Control of Dynamically-Managed Code Resources', + status: 'Incomplete', + }, + { + id: 'CWE-914', + name: 'Improper Control of Dynamically-Identified Variables', + status: 'Incomplete', + }, + { + id: 'CWE-915', + name: 'Improperly Controlled Modification of Dynamically-Determined Object Attributes', + status: 'Incomplete', + }, + { + id: 'CWE-916', + name: 'Use of Password Hash With Insufficient Computational Effort', + status: 'Incomplete', + }, + { + id: 'CWE-917', + name: "Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-918', + name: 'Server-Side Request Forgery (SSRF)', + status: 'Incomplete', + }, + { + id: 'CWE-92', + name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', + status: 'Deprecated', + }, + { + id: 'CWE-920', + name: 'Improper Restriction of Power Consumption', + status: 'Incomplete', + }, + { + id: 'CWE-921', + name: 'Storage of Sensitive Data in a Mechanism without Access Control', + status: 'Incomplete', + }, + { + id: 'CWE-922', + name: 'Insecure Storage of Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-923', + name: 'Improper Restriction of Communication Channel to Intended Endpoints', + status: 'Incomplete', + }, + { + id: 'CWE-924', + name: 'Improper Enforcement of Message Integrity During Transmission in a Communication Channel', + status: 'Incomplete', + }, + { + id: 'CWE-925', + name: 'Improper Verification of Intent by Broadcast Receiver', + status: 'Incomplete', + }, + { + id: 'CWE-926', + name: 'Improper Export of Android Application Components', + status: 'Incomplete', + }, + { + id: 'CWE-927', + name: 'Use of Implicit Intent for Sensitive Communication', + status: 'Incomplete', + }, + { + id: 'CWE-93', + name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", + status: 'Draft', + }, + { + id: 'CWE-939', + name: 'Improper Authorization in Handler for Custom URL Scheme', + status: 'Incomplete', + }, + { + id: 'CWE-94', + name: "Improper Control of Generation of Code ('Code Injection')", + status: 'Draft', + }, + { + id: 'CWE-940', + name: 'Improper Verification of Source of a Communication Channel', + status: 'Incomplete', + }, + { + id: 'CWE-941', + name: 'Incorrectly Specified Destination in a Communication Channel', + status: 'Incomplete', + }, + { + id: 'CWE-942', + name: 'Overly Permissive Cross-domain Whitelist', + status: 'Incomplete', + }, + { + id: 'CWE-943', + name: 'Improper Neutralization of Special Elements in Data Query Logic', + status: 'Incomplete', + }, + { + id: 'CWE-95', + name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-96', + name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", + status: 'Draft', + }, + { + id: 'CWE-97', + name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', + status: 'Draft', + }, + { + id: 'CWE-98', + name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", + status: 'Draft', + }, + { + id: 'CWE-99', + name: "Improper Control of Resource Identifiers ('Resource Injection')", + status: 'Draft', + }, + ], +} diff --git a/lib/cwec/3.4.js b/lib/cwec/3.4.js new file mode 100644 index 00000000..ee32e9c6 --- /dev/null +++ b/lib/cwec/3.4.js @@ -0,0 +1,3522 @@ +export default { + date: '2019-09-19', + weaknesses: [ + { + id: 'CWE-1004', + name: "Sensitive Cookie Without 'HttpOnly' Flag", + status: 'Incomplete', + }, + { + id: 'CWE-1007', + name: 'Insufficient Visual Distinction of Homoglyphs Presented to User', + status: 'Incomplete', + }, + { + id: 'CWE-102', + name: 'Struts: Duplicate Validation Forms', + status: 'Incomplete', + }, + { + id: 'CWE-1021', + name: 'Improper Restriction of Rendered UI Layers or Frames', + status: 'Incomplete', + }, + { + id: 'CWE-1022', + name: 'Use of Web Link to Untrusted Target with window.opener Access', + status: 'Incomplete', + }, + { + id: 'CWE-1023', + name: 'Incomplete Comparison with Missing Factors', + status: 'Incomplete', + }, + { + id: 'CWE-1024', + name: 'Comparison of Incompatible Types', + status: 'Incomplete', + }, + { + id: 'CWE-1025', + name: 'Comparison Using Wrong Factors', + status: 'Incomplete', + }, + { + id: 'CWE-103', + name: 'Struts: Incomplete validate() Method Definition', + status: 'Draft', + }, + { + id: 'CWE-1037', + name: 'Processor Optimization Removal or Modification of Security-critical Code', + status: 'Incomplete', + }, + { + id: 'CWE-1038', + name: 'Insecure Automated Optimizations', + status: 'Draft', + }, + { + id: 'CWE-1039', + name: 'Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations', + status: 'Incomplete', + }, + { + id: 'CWE-104', + name: 'Struts: Form Bean Does Not Extend Validation Class', + status: 'Draft', + }, + { id: 'CWE-1041', name: 'Use of Redundant Code', status: 'Incomplete' }, + { + id: 'CWE-1042', + name: 'Static Member Data Element outside of a Singleton Class Element', + status: 'Incomplete', + }, + { + id: 'CWE-1043', + name: 'Data Element Aggregating an Excessively Large Number of Non-Primitive Elements', + status: 'Incomplete', + }, + { + id: 'CWE-1044', + name: 'Architecture with Number of Horizontal Layers Outside of Expected Range', + status: 'Incomplete', + }, + { + id: 'CWE-1045', + name: 'Parent Class with a Virtual Destructor and a Child Class without a Virtual Destructor', + status: 'Incomplete', + }, + { + id: 'CWE-1046', + name: 'Creation of Immutable Text Using String Concatenation', + status: 'Incomplete', + }, + { + id: 'CWE-1047', + name: 'Modules with Circular Dependencies', + status: 'Incomplete', + }, + { + id: 'CWE-1048', + name: 'Invokable Control Element with Large Number of Outward Calls', + status: 'Incomplete', + }, + { + id: 'CWE-1049', + name: 'Excessive Data Query Operations in a Large Data Table', + status: 'Incomplete', + }, + { + id: 'CWE-105', + name: 'Struts: Form Field Without Validator', + status: 'Draft', + }, + { + id: 'CWE-1050', + name: 'Excessive Platform Resource Consumption within a Loop', + status: 'Incomplete', + }, + { + id: 'CWE-1051', + name: 'Initialization with Hard-Coded Network Resource Configuration Data', + status: 'Incomplete', + }, + { + id: 'CWE-1052', + name: 'Excessive Use of Hard-Coded Literals in Initialization', + status: 'Incomplete', + }, + { + id: 'CWE-1053', + name: 'Missing Documentation for Design', + status: 'Incomplete', + }, + { + id: 'CWE-1054', + name: 'Invocation of a Control Element at an Unnecessarily Deep Horizontal Layer', + status: 'Incomplete', + }, + { + id: 'CWE-1055', + name: 'Multiple Inheritance from Concrete Classes', + status: 'Incomplete', + }, + { + id: 'CWE-1056', + name: 'Invokable Control Element with Variadic Parameters', + status: 'Incomplete', + }, + { + id: 'CWE-1057', + name: 'Data Access Operations Outside of Expected Data Manager Component', + status: 'Incomplete', + }, + { + id: 'CWE-1058', + name: 'Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element', + status: 'Incomplete', + }, + { id: 'CWE-1059', name: 'Incomplete Documentation', status: 'Incomplete' }, + { + id: 'CWE-106', + name: 'Struts: Plug-in Framework not in Use', + status: 'Draft', + }, + { + id: 'CWE-1060', + name: 'Excessive Number of Inefficient Server-Side Data Accesses', + status: 'Incomplete', + }, + { + id: 'CWE-1061', + name: 'Insufficient Encapsulation', + status: 'Incomplete', + }, + { + id: 'CWE-1062', + name: 'Parent Class with References to Child Class', + status: 'Incomplete', + }, + { + id: 'CWE-1063', + name: 'Creation of Class Instance within a Static Code Block', + status: 'Incomplete', + }, + { + id: 'CWE-1064', + name: 'Invokable Control Element with Signature Containing an Excessive Number of Parameters', + status: 'Incomplete', + }, + { + id: 'CWE-1065', + name: 'Runtime Resource Management Control Element in a Component Built to Run on Application Servers', + status: 'Incomplete', + }, + { + id: 'CWE-1066', + name: 'Missing Serialization Control Element', + status: 'Incomplete', + }, + { + id: 'CWE-1067', + name: 'Excessive Execution of Sequential Searches of Data Resource', + status: 'Incomplete', + }, + { + id: 'CWE-1068', + name: 'Inconsistency Between Implementation and Documented Design', + status: 'Incomplete', + }, + { id: 'CWE-1069', name: 'Empty Exception Block', status: 'Incomplete' }, + { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, + { + id: 'CWE-1070', + name: 'Serializable Data Element Containing non-Serializable Item Elements', + status: 'Incomplete', + }, + { id: 'CWE-1071', name: 'Empty Code Block', status: 'Incomplete' }, + { + id: 'CWE-1072', + name: 'Data Resource Access without Use of Connection Pooling', + status: 'Incomplete', + }, + { + id: 'CWE-1073', + name: 'Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses', + status: 'Incomplete', + }, + { + id: 'CWE-1074', + name: 'Class with Excessively Deep Inheritance', + status: 'Incomplete', + }, + { + id: 'CWE-1075', + name: 'Unconditional Control Flow Transfer outside of Switch Block', + status: 'Incomplete', + }, + { + id: 'CWE-1076', + name: 'Insufficient Adherence to Expected Conventions', + status: 'Incomplete', + }, + { + id: 'CWE-1077', + name: 'Floating Point Comparison with Incorrect Operator', + status: 'Incomplete', + }, + { + id: 'CWE-1078', + name: 'Inappropriate Source Code Style or Formatting', + status: 'Incomplete', + }, + { + id: 'CWE-1079', + name: 'Parent Class without Virtual Destructor Method', + status: 'Incomplete', + }, + { + id: 'CWE-108', + name: 'Struts: Unvalidated Action Form', + status: 'Incomplete', + }, + { + id: 'CWE-1080', + name: 'Source Code File with Excessive Number of Lines of Code', + status: 'Incomplete', + }, + { + id: 'CWE-1082', + name: 'Class Instance Self Destruction Control Element', + status: 'Incomplete', + }, + { + id: 'CWE-1083', + name: 'Data Access from Outside Expected Data Manager Component', + status: 'Incomplete', + }, + { + id: 'CWE-1084', + name: 'Invokable Control Element with Excessive File or Data Access Operations', + status: 'Incomplete', + }, + { + id: 'CWE-1085', + name: 'Invokable Control Element with Excessive Volume of Commented-out Code', + status: 'Incomplete', + }, + { + id: 'CWE-1086', + name: 'Class with Excessive Number of Child Classes', + status: 'Incomplete', + }, + { + id: 'CWE-1087', + name: 'Class with Virtual Method without a Virtual Destructor', + status: 'Incomplete', + }, + { + id: 'CWE-1088', + name: 'Synchronous Access of Remote Resource without Timeout', + status: 'Incomplete', + }, + { + id: 'CWE-1089', + name: 'Large Data Table with Excessive Number of Indices', + status: 'Incomplete', + }, + { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, + { + id: 'CWE-1090', + name: 'Method Containing Access of a Member Element from Another Class', + status: 'Incomplete', + }, + { + id: 'CWE-1091', + name: 'Use of Object without Invoking Destructor Method', + status: 'Incomplete', + }, + { + id: 'CWE-1092', + name: 'Use of Same Invokable Control Element in Multiple Architectural Layers', + status: 'Incomplete', + }, + { + id: 'CWE-1093', + name: 'Excessively Complex Data Representation', + status: 'Incomplete', + }, + { + id: 'CWE-1094', + name: 'Excessive Index Range Scan for a Data Resource', + status: 'Incomplete', + }, + { + id: 'CWE-1095', + name: 'Loop Condition Value Update within the Loop', + status: 'Incomplete', + }, + { + id: 'CWE-1096', + name: 'Singleton Class Instance Creation without Proper Locking or Synchronization', + status: 'Incomplete', + }, + { + id: 'CWE-1097', + name: 'Persistent Storable Data Element without Associated Comparison Control Element', + status: 'Incomplete', + }, + { + id: 'CWE-1098', + name: 'Data Element containing Pointer Item without Proper Copy Control Element', + status: 'Incomplete', + }, + { + id: 'CWE-1099', + name: 'Inconsistent Naming Conventions for Identifiers', + status: 'Incomplete', + }, + { + id: 'CWE-11', + name: 'ASP.NET Misconfiguration: Creating Debug Binary', + status: 'Draft', + }, + { + id: 'CWE-110', + name: 'Struts: Validator Without Form Field', + status: 'Draft', + }, + { + id: 'CWE-1100', + name: 'Insufficient Isolation of System-Dependent Functions', + status: 'Incomplete', + }, + { + id: 'CWE-1101', + name: 'Reliance on Runtime Component in Generated Code', + status: 'Incomplete', + }, + { + id: 'CWE-1102', + name: 'Reliance on Machine-Dependent Data Representation', + status: 'Incomplete', + }, + { + id: 'CWE-1103', + name: 'Use of Platform-Dependent Third Party Components', + status: 'Incomplete', + }, + { + id: 'CWE-1104', + name: 'Use of Unmaintained Third Party Components', + status: 'Incomplete', + }, + { + id: 'CWE-1105', + name: 'Insufficient Encapsulation of Machine-Dependent Functionality', + status: 'Incomplete', + }, + { + id: 'CWE-1106', + name: 'Insufficient Use of Symbolic Constants', + status: 'Incomplete', + }, + { + id: 'CWE-1107', + name: 'Insufficient Isolation of Symbolic Constant Definitions', + status: 'Incomplete', + }, + { + id: 'CWE-1108', + name: 'Excessive Reliance on Global Variables', + status: 'Incomplete', + }, + { + id: 'CWE-1109', + name: 'Use of Same Variable for Multiple Purposes', + status: 'Incomplete', + }, + { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, + { + id: 'CWE-1110', + name: 'Incomplete Design Documentation', + status: 'Incomplete', + }, + { + id: 'CWE-1111', + name: 'Incomplete I/O Documentation', + status: 'Incomplete', + }, + { + id: 'CWE-1112', + name: 'Incomplete Documentation of Program Execution', + status: 'Incomplete', + }, + { + id: 'CWE-1113', + name: 'Inappropriate Comment Style', + status: 'Incomplete', + }, + { + id: 'CWE-1114', + name: 'Inappropriate Whitespace Style', + status: 'Incomplete', + }, + { + id: 'CWE-1115', + name: 'Source Code Element without Standard Prologue', + status: 'Incomplete', + }, + { id: 'CWE-1116', name: 'Inaccurate Comments', status: 'Incomplete' }, + { + id: 'CWE-1117', + name: 'Callable with Insufficient Behavioral Summary', + status: 'Incomplete', + }, + { + id: 'CWE-1118', + name: 'Insufficient Documentation of Error Handling Techniques', + status: 'Incomplete', + }, + { + id: 'CWE-1119', + name: 'Excessive Use of Unconditional Branching', + status: 'Incomplete', + }, + { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, + { id: 'CWE-1120', name: 'Excessive Code Complexity', status: 'Incomplete' }, + { + id: 'CWE-1121', + name: 'Excessive McCabe Cyclomatic Complexity', + status: 'Incomplete', + }, + { + id: 'CWE-1122', + name: 'Excessive Halstead Complexity', + status: 'Incomplete', + }, + { + id: 'CWE-1123', + name: 'Excessive Use of Self-Modifying Code', + status: 'Incomplete', + }, + { id: 'CWE-1124', name: 'Excessively Deep Nesting', status: 'Incomplete' }, + { id: 'CWE-1125', name: 'Excessive Attack Surface', status: 'Incomplete' }, + { + id: 'CWE-1126', + name: 'Declaration of Variable with Unnecessarily Wide Scope', + status: 'Incomplete', + }, + { + id: 'CWE-1127', + name: 'Compilation with Insufficient Warnings or Errors', + status: 'Incomplete', + }, + { + id: 'CWE-113', + name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')", + status: 'Incomplete', + }, + { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, + { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, + { + id: 'CWE-116', + name: 'Improper Encoding or Escaping of Output', + status: 'Draft', + }, + { id: 'CWE-1164', name: 'Irrelevant Code', status: 'Incomplete' }, + { + id: 'CWE-117', + name: 'Improper Output Neutralization for Logs', + status: 'Draft', + }, + { + id: 'CWE-1173', + name: 'Improper Use of Validation Framework', + status: 'Draft', + }, + { + id: 'CWE-1174', + name: 'ASP.NET Misconfiguration: Improper Model Validation', + status: 'Draft', + }, + { + id: 'CWE-1176', + name: 'Inefficient CPU Computation', + status: 'Incomplete', + }, + { id: 'CWE-1177', name: 'Use of Prohibited Code', status: 'Incomplete' }, + { + id: 'CWE-118', + name: "Incorrect Access of Indexable Resource ('Range Error')", + status: 'Incomplete', + }, + { + id: 'CWE-1187', + name: 'Use of Uninitialized Resource', + status: 'Incomplete', + }, + { + id: 'CWE-1188', + name: 'Insecure Default Initialization of Resource', + status: 'Incomplete', + }, + { + id: 'CWE-119', + name: 'Improper Restriction of Operations within the Bounds of a Memory Buffer', + status: 'Stable', + }, + { + id: 'CWE-12', + name: 'ASP.NET Misconfiguration: Missing Custom Error Page', + status: 'Draft', + }, + { + id: 'CWE-120', + name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", + status: 'Incomplete', + }, + { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, + { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, + { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, + { + id: 'CWE-124', + name: "Buffer Underwrite ('Buffer Underflow')", + status: 'Incomplete', + }, + { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, + { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, + { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, + { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, + { + id: 'CWE-129', + name: 'Improper Validation of Array Index', + status: 'Draft', + }, + { + id: 'CWE-13', + name: 'ASP.NET Misconfiguration: Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-130', + name: 'Improper Handling of Length Parameter Inconsistency ', + status: 'Incomplete', + }, + { + id: 'CWE-131', + name: 'Incorrect Calculation of Buffer Size', + status: 'Draft', + }, + { + id: 'CWE-132', + name: 'DEPRECATED (Duplicate): Miscalculated Null Termination', + status: 'Deprecated', + }, + { + id: 'CWE-134', + name: 'Use of Externally-Controlled Format String', + status: 'Draft', + }, + { + id: 'CWE-135', + name: 'Incorrect Calculation of Multi-Byte String Length', + status: 'Draft', + }, + { + id: 'CWE-138', + name: 'Improper Neutralization of Special Elements', + status: 'Draft', + }, + { + id: 'CWE-14', + name: 'Compiler Removal of Code to Clear Buffers', + status: 'Draft', + }, + { + id: 'CWE-140', + name: 'Improper Neutralization of Delimiters', + status: 'Draft', + }, + { + id: 'CWE-141', + name: 'Improper Neutralization of Parameter/Argument Delimiters', + status: 'Draft', + }, + { + id: 'CWE-142', + name: 'Improper Neutralization of Value Delimiters', + status: 'Draft', + }, + { + id: 'CWE-143', + name: 'Improper Neutralization of Record Delimiters', + status: 'Draft', + }, + { + id: 'CWE-144', + name: 'Improper Neutralization of Line Delimiters', + status: 'Draft', + }, + { + id: 'CWE-145', + name: 'Improper Neutralization of Section Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-146', + name: 'Improper Neutralization of Expression/Command Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-147', + name: 'Improper Neutralization of Input Terminators', + status: 'Draft', + }, + { + id: 'CWE-148', + name: 'Improper Neutralization of Input Leaders', + status: 'Draft', + }, + { + id: 'CWE-149', + name: 'Improper Neutralization of Quoting Syntax', + status: 'Draft', + }, + { + id: 'CWE-15', + name: 'External Control of System or Configuration Setting', + status: 'Incomplete', + }, + { + id: 'CWE-150', + name: 'Improper Neutralization of Escape, Meta, or Control Sequences', + status: 'Incomplete', + }, + { + id: 'CWE-151', + name: 'Improper Neutralization of Comment Delimiters', + status: 'Draft', + }, + { + id: 'CWE-152', + name: 'Improper Neutralization of Macro Symbols', + status: 'Draft', + }, + { + id: 'CWE-153', + name: 'Improper Neutralization of Substitution Characters', + status: 'Draft', + }, + { + id: 'CWE-154', + name: 'Improper Neutralization of Variable Name Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-155', + name: 'Improper Neutralization of Wildcards or Matching Symbols', + status: 'Draft', + }, + { + id: 'CWE-156', + name: 'Improper Neutralization of Whitespace', + status: 'Draft', + }, + { + id: 'CWE-157', + name: 'Failure to Sanitize Paired Delimiters', + status: 'Draft', + }, + { + id: 'CWE-158', + name: 'Improper Neutralization of Null Byte or NUL Character', + status: 'Incomplete', + }, + { + id: 'CWE-159', + name: 'Failure to Sanitize Special Element', + status: 'Draft', + }, + { + id: 'CWE-160', + name: 'Improper Neutralization of Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-161', + name: 'Improper Neutralization of Multiple Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-162', + name: 'Improper Neutralization of Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-163', + name: 'Improper Neutralization of Multiple Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-164', + name: 'Improper Neutralization of Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-165', + name: 'Improper Neutralization of Multiple Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-166', + name: 'Improper Handling of Missing Special Element', + status: 'Draft', + }, + { + id: 'CWE-167', + name: 'Improper Handling of Additional Special Element', + status: 'Draft', + }, + { + id: 'CWE-168', + name: 'Improper Handling of Inconsistent Special Elements', + status: 'Draft', + }, + { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, + { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, + { + id: 'CWE-173', + name: 'Improper Handling of Alternate Encoding', + status: 'Draft', + }, + { + id: 'CWE-174', + name: 'Double Decoding of the Same Data', + status: 'Draft', + }, + { + id: 'CWE-175', + name: 'Improper Handling of Mixed Encoding', + status: 'Draft', + }, + { + id: 'CWE-176', + name: 'Improper Handling of Unicode Encoding', + status: 'Draft', + }, + { + id: 'CWE-177', + name: 'Improper Handling of URL Encoding (Hex Encoding)', + status: 'Draft', + }, + { + id: 'CWE-178', + name: 'Improper Handling of Case Sensitivity', + status: 'Incomplete', + }, + { + id: 'CWE-179', + name: 'Incorrect Behavior Order: Early Validation', + status: 'Incomplete', + }, + { + id: 'CWE-180', + name: 'Incorrect Behavior Order: Validate Before Canonicalize', + status: 'Draft', + }, + { + id: 'CWE-181', + name: 'Incorrect Behavior Order: Validate Before Filter', + status: 'Draft', + }, + { + id: 'CWE-182', + name: 'Collapse of Data into Unsafe Value', + status: 'Draft', + }, + { id: 'CWE-183', name: 'Permissive Whitelist', status: 'Draft' }, + { id: 'CWE-184', name: 'Incomplete Blacklist', status: 'Draft' }, + { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, + { + id: 'CWE-186', + name: 'Overly Restrictive Regular Expression', + status: 'Draft', + }, + { id: 'CWE-187', name: 'Partial String Comparison', status: 'Incomplete' }, + { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, + { id: 'CWE-190', name: 'Integer Overflow or Wraparound', status: 'Stable' }, + { + id: 'CWE-191', + name: 'Integer Underflow (Wrap or Wraparound)', + status: 'Draft', + }, + { id: 'CWE-192', name: 'Integer Coercion Error', status: 'Incomplete' }, + { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, + { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, + { + id: 'CWE-195', + name: 'Signed to Unsigned Conversion Error', + status: 'Draft', + }, + { + id: 'CWE-196', + name: 'Unsigned to Signed Conversion Error', + status: 'Draft', + }, + { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, + { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, + { id: 'CWE-20', name: 'Improper Input Validation', status: 'Stable' }, + { id: 'CWE-200', name: 'Information Exposure', status: 'Draft' }, + { + id: 'CWE-201', + name: 'Information Exposure Through Sent Data', + status: 'Draft', + }, + { + id: 'CWE-202', + name: 'Exposure of Sensitive Data Through Data Queries', + status: 'Draft', + }, + { + id: 'CWE-203', + name: 'Information Exposure Through Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-204', + name: 'Response Discrepancy Information Exposure', + status: 'Incomplete', + }, + { + id: 'CWE-205', + name: 'Information Exposure Through Behavioral Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-206', + name: 'Information Exposure of Internal State Through Behavioral Inconsistency', + status: 'Incomplete', + }, + { + id: 'CWE-207', + name: 'Information Exposure Through an External Behavioral Inconsistency', + status: 'Draft', + }, + { + id: 'CWE-208', + name: 'Information Exposure Through Timing Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-209', + name: 'Information Exposure Through an Error Message', + status: 'Draft', + }, + { + id: 'CWE-210', + name: 'Information Exposure Through Self-generated Error Message', + status: 'Draft', + }, + { + id: 'CWE-211', + name: 'Information Exposure Through Externally-Generated Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-212', + name: 'Improper Cross-boundary Removal of Sensitive Data', + status: 'Incomplete', + }, + { + id: 'CWE-213', + name: 'Intentional Information Exposure', + status: 'Draft', + }, + { + id: 'CWE-214', + name: 'Information Exposure Through Process Environment', + status: 'Incomplete', + }, + { + id: 'CWE-215', + name: 'Information Exposure Through Debug Information', + status: 'Draft', + }, + { + id: 'CWE-216', + name: 'Containment Errors (Container Errors)', + status: 'Incomplete', + }, + { + id: 'CWE-217', + name: 'DEPRECATED: Failure to Protect Stored Data from Modification', + status: 'Deprecated', + }, + { + id: 'CWE-218', + name: 'DEPRECATED (Duplicate): Failure to provide confidentiality for stored data', + status: 'Deprecated', + }, + { id: 'CWE-219', name: 'Sensitive Data Under Web Root', status: 'Draft' }, + { + id: 'CWE-22', + name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + status: 'Stable', + }, + { id: 'CWE-220', name: 'Sensitive Data Under FTP Root', status: 'Draft' }, + { + id: 'CWE-221', + name: 'Information Loss or Omission', + status: 'Incomplete', + }, + { + id: 'CWE-222', + name: 'Truncation of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-223', + name: 'Omission of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-224', + name: 'Obscured Security-relevant Information by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-225', + name: 'DEPRECATED (Duplicate): General Information Management Problems', + status: 'Deprecated', + }, + { + id: 'CWE-226', + name: 'Sensitive Information Uncleared Before Release', + status: 'Draft', + }, + { + id: 'CWE-228', + name: 'Improper Handling of Syntactically Invalid Structure', + status: 'Incomplete', + }, + { + id: 'CWE-229', + name: 'Improper Handling of Values', + status: 'Incomplete', + }, + { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, + { + id: 'CWE-230', + name: 'Improper Handling of Missing Values', + status: 'Draft', + }, + { + id: 'CWE-231', + name: 'Improper Handling of Extra Values', + status: 'Draft', + }, + { + id: 'CWE-232', + name: 'Improper Handling of Undefined Values', + status: 'Draft', + }, + { + id: 'CWE-233', + name: 'Improper Handling of Parameters', + status: 'Incomplete', + }, + { + id: 'CWE-234', + name: 'Failure to Handle Missing Parameter', + status: 'Incomplete', + }, + { + id: 'CWE-235', + name: 'Improper Handling of Extra Parameters', + status: 'Draft', + }, + { + id: 'CWE-236', + name: 'Improper Handling of Undefined Parameters', + status: 'Draft', + }, + { + id: 'CWE-237', + name: 'Improper Handling of Structural Elements', + status: 'Incomplete', + }, + { + id: 'CWE-238', + name: 'Improper Handling of Incomplete Structural Elements', + status: 'Draft', + }, + { + id: 'CWE-239', + name: 'Failure to Handle Incomplete Element', + status: 'Draft', + }, + { + id: 'CWE-24', + name: "Path Traversal: '../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-240', + name: 'Improper Handling of Inconsistent Structural Elements', + status: 'Draft', + }, + { + id: 'CWE-241', + name: 'Improper Handling of Unexpected Data Type', + status: 'Draft', + }, + { + id: 'CWE-242', + name: 'Use of Inherently Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-243', + name: 'Creation of chroot Jail Without Changing Working Directory', + status: 'Draft', + }, + { + id: 'CWE-244', + name: "Improper Clearing of Heap Memory Before Release ('Heap Inspection')", + status: 'Draft', + }, + { + id: 'CWE-245', + name: 'J2EE Bad Practices: Direct Management of Connections', + status: 'Draft', + }, + { + id: 'CWE-246', + name: 'J2EE Bad Practices: Direct Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-247', + name: 'DEPRECATED (Duplicate): Reliance on DNS Lookups in a Security Decision', + status: 'Deprecated', + }, + { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, + { + id: 'CWE-249', + name: 'DEPRECATED: Often Misused: Path Manipulation', + status: 'Deprecated', + }, + { + id: 'CWE-25', + name: "Path Traversal: '/../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-250', + name: 'Execution with Unnecessary Privileges', + status: 'Draft', + }, + { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, + { + id: 'CWE-253', + name: 'Incorrect Check of Function Return Value', + status: 'Incomplete', + }, + { + id: 'CWE-256', + name: 'Unprotected Storage of Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-257', + name: 'Storing Passwords in a Recoverable Format', + status: 'Incomplete', + }, + { + id: 'CWE-258', + name: 'Empty Password in Configuration File', + status: 'Incomplete', + }, + { id: 'CWE-259', name: 'Use of Hard-coded Password', status: 'Draft' }, + { + id: 'CWE-26', + name: "Path Traversal: '/dir/../filename'", + status: 'Draft', + }, + { + id: 'CWE-260', + name: 'Password in Configuration File', + status: 'Incomplete', + }, + { + id: 'CWE-261', + name: 'Weak Cryptography for Passwords', + status: 'Incomplete', + }, + { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, + { + id: 'CWE-263', + name: 'Password Aging with Long Expiration', + status: 'Draft', + }, + { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, + { + id: 'CWE-267', + name: 'Privilege Defined With Unsafe Actions', + status: 'Incomplete', + }, + { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, + { id: 'CWE-269', name: 'Improper Privilege Management', status: 'Draft' }, + { + id: 'CWE-27', + name: "Path Traversal: 'dir/../../filename'", + status: 'Draft', + }, + { + id: 'CWE-270', + name: 'Privilege Context Switching Error', + status: 'Draft', + }, + { + id: 'CWE-271', + name: 'Privilege Dropping / Lowering Errors', + status: 'Incomplete', + }, + { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, + { + id: 'CWE-273', + name: 'Improper Check for Dropped Privileges', + status: 'Incomplete', + }, + { + id: 'CWE-274', + name: 'Improper Handling of Insufficient Privileges', + status: 'Draft', + }, + { id: 'CWE-276', name: 'Incorrect Default Permissions', status: 'Draft' }, + { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, + { + id: 'CWE-278', + name: 'Insecure Preserved Inherited Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-279', + name: 'Incorrect Execution-Assigned Permissions', + status: 'Draft', + }, + { + id: 'CWE-28', + name: "Path Traversal: '..\\filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-280', + name: 'Improper Handling of Insufficient Permissions or Privileges ', + status: 'Draft', + }, + { + id: 'CWE-281', + name: 'Improper Preservation of Permissions', + status: 'Draft', + }, + { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, + { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, + { id: 'CWE-284', name: 'Improper Access Control', status: 'Incomplete' }, + { id: 'CWE-285', name: 'Improper Authorization', status: 'Draft' }, + { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, + { id: 'CWE-287', name: 'Improper Authentication', status: 'Draft' }, + { + id: 'CWE-288', + name: 'Authentication Bypass Using an Alternate Path or Channel', + status: 'Incomplete', + }, + { + id: 'CWE-289', + name: 'Authentication Bypass by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-29', + name: "Path Traversal: '\\..\\filename'", + status: 'Incomplete', + }, + { + id: 'CWE-290', + name: 'Authentication Bypass by Spoofing', + status: 'Incomplete', + }, + { + id: 'CWE-291', + name: 'Reliance on IP Address for Authentication', + status: 'Incomplete', + }, + { + id: 'CWE-292', + name: 'DEPRECATED (Duplicate): Trusting Self-reported DNS Name', + status: 'Deprecated', + }, + { + id: 'CWE-293', + name: 'Using Referer Field for Authentication', + status: 'Draft', + }, + { + id: 'CWE-294', + name: 'Authentication Bypass by Capture-replay', + status: 'Incomplete', + }, + { id: 'CWE-295', name: 'Improper Certificate Validation', status: 'Draft' }, + { + id: 'CWE-296', + name: "Improper Following of a Certificate's Chain of Trust", + status: 'Draft', + }, + { + id: 'CWE-297', + name: 'Improper Validation of Certificate with Host Mismatch', + status: 'Incomplete', + }, + { + id: 'CWE-298', + name: 'Improper Validation of Certificate Expiration', + status: 'Draft', + }, + { + id: 'CWE-299', + name: 'Improper Check for Certificate Revocation', + status: 'Draft', + }, + { + id: 'CWE-30', + name: "Path Traversal: '\\dir\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-300', + name: "Channel Accessible by Non-Endpoint ('Man-in-the-Middle')", + status: 'Draft', + }, + { + id: 'CWE-301', + name: 'Reflection Attack in an Authentication Protocol', + status: 'Draft', + }, + { + id: 'CWE-302', + name: 'Authentication Bypass by Assumed-Immutable Data', + status: 'Incomplete', + }, + { + id: 'CWE-303', + name: 'Incorrect Implementation of Authentication Algorithm', + status: 'Draft', + }, + { + id: 'CWE-304', + name: 'Missing Critical Step in Authentication', + status: 'Draft', + }, + { + id: 'CWE-305', + name: 'Authentication Bypass by Primary Weakness', + status: 'Draft', + }, + { + id: 'CWE-306', + name: 'Missing Authentication for Critical Function', + status: 'Draft', + }, + { + id: 'CWE-307', + name: 'Improper Restriction of Excessive Authentication Attempts', + status: 'Draft', + }, + { + id: 'CWE-308', + name: 'Use of Single-factor Authentication', + status: 'Draft', + }, + { + id: 'CWE-309', + name: 'Use of Password System for Primary Authentication', + status: 'Draft', + }, + { + id: 'CWE-31', + name: "Path Traversal: 'dir\\..\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-311', + name: 'Missing Encryption of Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-312', + name: 'Cleartext Storage of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-313', + name: 'Cleartext Storage in a File or on Disk', + status: 'Draft', + }, + { + id: 'CWE-314', + name: 'Cleartext Storage in the Registry', + status: 'Draft', + }, + { + id: 'CWE-315', + name: 'Cleartext Storage of Sensitive Information in a Cookie', + status: 'Draft', + }, + { + id: 'CWE-316', + name: 'Cleartext Storage of Sensitive Information in Memory', + status: 'Draft', + }, + { + id: 'CWE-317', + name: 'Cleartext Storage of Sensitive Information in GUI', + status: 'Draft', + }, + { + id: 'CWE-318', + name: 'Cleartext Storage of Sensitive Information in Executable', + status: 'Draft', + }, + { + id: 'CWE-319', + name: 'Cleartext Transmission of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-32', + name: "Path Traversal: '...' (Triple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-321', + name: 'Use of Hard-coded Cryptographic Key', + status: 'Draft', + }, + { + id: 'CWE-322', + name: 'Key Exchange without Entity Authentication', + status: 'Draft', + }, + { + id: 'CWE-323', + name: 'Reusing a Nonce, Key Pair in Encryption', + status: 'Incomplete', + }, + { + id: 'CWE-324', + name: 'Use of a Key Past its Expiration Date', + status: 'Draft', + }, + { + id: 'CWE-325', + name: 'Missing Required Cryptographic Step', + status: 'Incomplete', + }, + { id: 'CWE-326', name: 'Inadequate Encryption Strength', status: 'Draft' }, + { + id: 'CWE-327', + name: 'Use of a Broken or Risky Cryptographic Algorithm', + status: 'Draft', + }, + { id: 'CWE-328', name: 'Reversible One-Way Hash', status: 'Draft' }, + { + id: 'CWE-329', + name: 'Not Using a Random IV with CBC Mode', + status: 'Draft', + }, + { + id: 'CWE-33', + name: "Path Traversal: '....' (Multiple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-330', + name: 'Use of Insufficiently Random Values', + status: 'Stable', + }, + { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, + { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, + { + id: 'CWE-333', + name: 'Improper Handling of Insufficient Entropy in TRNG', + status: 'Draft', + }, + { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, + { + id: 'CWE-335', + name: 'Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + }, + { + id: 'CWE-336', + name: 'Same Seed in Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + }, + { + id: 'CWE-337', + name: 'Predictable Seed in Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + }, + { + id: 'CWE-338', + name: 'Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + }, + { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, + { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, + { id: 'CWE-340', name: 'Predictability Problems', status: 'Incomplete' }, + { + id: 'CWE-341', + name: 'Predictable from Observable State', + status: 'Draft', + }, + { + id: 'CWE-342', + name: 'Predictable Exact Value from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-343', + name: 'Predictable Value Range from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-344', + name: 'Use of Invariant Value in Dynamically Changing Context', + status: 'Draft', + }, + { + id: 'CWE-345', + name: 'Insufficient Verification of Data Authenticity', + status: 'Draft', + }, + { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, + { + id: 'CWE-347', + name: 'Improper Verification of Cryptographic Signature', + status: 'Draft', + }, + { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, + { + id: 'CWE-349', + name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', + status: 'Draft', + }, + { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, + { + id: 'CWE-350', + name: 'Reliance on Reverse DNS Resolution for a Security-Critical Action', + status: 'Draft', + }, + { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, + { + id: 'CWE-352', + name: 'Cross-Site Request Forgery (CSRF)', + status: 'Stable', + }, + { + id: 'CWE-353', + name: 'Missing Support for Integrity Check', + status: 'Draft', + }, + { + id: 'CWE-354', + name: 'Improper Validation of Integrity Check Value', + status: 'Draft', + }, + { + id: 'CWE-356', + name: 'Product UI does not Warn User of Unsafe Actions', + status: 'Incomplete', + }, + { + id: 'CWE-357', + name: 'Insufficient UI Warning of Dangerous Operations', + status: 'Draft', + }, + { + id: 'CWE-358', + name: 'Improperly Implemented Security Check for Standard', + status: 'Draft', + }, + { + id: 'CWE-359', + name: "Exposure of Private Information ('Privacy Violation')", + status: 'Incomplete', + }, + { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, + { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, + { + id: 'CWE-362', + name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", + status: 'Draft', + }, + { + id: 'CWE-363', + name: 'Race Condition Enabling Link Following', + status: 'Draft', + }, + { + id: 'CWE-364', + name: 'Signal Handler Race Condition', + status: 'Incomplete', + }, + { id: 'CWE-365', name: 'Race Condition in Switch', status: 'Draft' }, + { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, + { + id: 'CWE-367', + name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', + status: 'Incomplete', + }, + { + id: 'CWE-368', + name: 'Context Switching Race Condition', + status: 'Draft', + }, + { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, + { + id: 'CWE-37', + name: "Path Traversal: '/absolute/pathname/here'", + status: 'Draft', + }, + { + id: 'CWE-370', + name: 'Missing Check for Certificate Revocation after Initial Check', + status: 'Draft', + }, + { + id: 'CWE-372', + name: 'Incomplete Internal State Distinction', + status: 'Draft', + }, + { + id: 'CWE-373', + name: 'DEPRECATED: State Synchronization Error', + status: 'Deprecated', + }, + { + id: 'CWE-374', + name: 'Passing Mutable Objects to an Untrusted Method', + status: 'Draft', + }, + { + id: 'CWE-375', + name: 'Returning a Mutable Object to an Untrusted Caller', + status: 'Draft', + }, + { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, + { + id: 'CWE-378', + name: 'Creation of Temporary File With Insecure Permissions', + status: 'Draft', + }, + { + id: 'CWE-379', + name: 'Creation of Temporary File in Directory with Incorrect Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-38', + name: "Path Traversal: '\\absolute\\pathname\\here'", + status: 'Draft', + }, + { + id: 'CWE-382', + name: 'J2EE Bad Practices: Use of System.exit()', + status: 'Draft', + }, + { + id: 'CWE-383', + name: 'J2EE Bad Practices: Direct Use of Threads', + status: 'Draft', + }, + { id: 'CWE-384', name: 'Session Fixation', status: 'Incomplete' }, + { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, + { + id: 'CWE-386', + name: 'Symbolic Name not Mapping to Correct Object', + status: 'Draft', + }, + { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, + { + id: 'CWE-390', + name: 'Detection of Error Condition Without Action', + status: 'Draft', + }, + { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, + { + id: 'CWE-392', + name: 'Missing Report of Error Condition', + status: 'Draft', + }, + { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, + { + id: 'CWE-394', + name: 'Unexpected Status Code or Return Value', + status: 'Draft', + }, + { + id: 'CWE-395', + name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', + status: 'Draft', + }, + { + id: 'CWE-396', + name: 'Declaration of Catch for Generic Exception', + status: 'Draft', + }, + { + id: 'CWE-397', + name: 'Declaration of Throws for Generic Exception', + status: 'Draft', + }, + { + id: 'CWE-40', + name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", + status: 'Draft', + }, + { + id: 'CWE-400', + name: 'Uncontrolled Resource Consumption', + status: 'Draft', + }, + { + id: 'CWE-401', + name: 'Missing Release of Memory after Effective Lifetime', + status: 'Draft', + }, + { + id: 'CWE-402', + name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", + status: 'Draft', + }, + { + id: 'CWE-403', + name: "Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')", + status: 'Draft', + }, + { + id: 'CWE-404', + name: 'Improper Resource Shutdown or Release', + status: 'Draft', + }, + { + id: 'CWE-405', + name: 'Asymmetric Resource Consumption (Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-406', + name: 'Insufficient Control of Network Message Volume (Network Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-407', + name: 'Inefficient Algorithmic Complexity', + status: 'Incomplete', + }, + { + id: 'CWE-408', + name: 'Incorrect Behavior Order: Early Amplification', + status: 'Draft', + }, + { + id: 'CWE-409', + name: 'Improper Handling of Highly Compressed Data (Data Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-41', + name: 'Improper Resolution of Path Equivalence', + status: 'Incomplete', + }, + { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, + { + id: 'CWE-412', + name: 'Unrestricted Externally Accessible Lock', + status: 'Incomplete', + }, + { id: 'CWE-413', name: 'Improper Resource Locking', status: 'Draft' }, + { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, + { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, + { id: 'CWE-416', name: 'Use After Free', status: 'Stable' }, + { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, + { + id: 'CWE-42', + name: "Path Equivalence: 'filename.' (Trailing Dot)", + status: 'Incomplete', + }, + { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, + { + id: 'CWE-421', + name: 'Race Condition During Access to Alternate Channel', + status: 'Draft', + }, + { + id: 'CWE-422', + name: "Unprotected Windows Messaging Channel ('Shatter')", + status: 'Draft', + }, + { + id: 'CWE-423', + name: 'DEPRECATED (Duplicate): Proxied Trusted Channel', + status: 'Deprecated', + }, + { + id: 'CWE-424', + name: 'Improper Protection of Alternate Path', + status: 'Draft', + }, + { + id: 'CWE-425', + name: "Direct Request ('Forced Browsing')", + status: 'Incomplete', + }, + { id: 'CWE-426', name: 'Untrusted Search Path', status: 'Stable' }, + { + id: 'CWE-427', + name: 'Uncontrolled Search Path Element', + status: 'Draft', + }, + { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, + { + id: 'CWE-43', + name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-430', + name: 'Deployment of Wrong Handler', + status: 'Incomplete', + }, + { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, + { + id: 'CWE-432', + name: 'Dangerous Signal Handler not Disabled During Sensitive Operations', + status: 'Draft', + }, + { + id: 'CWE-433', + name: 'Unparsed Raw Web Content Delivery', + status: 'Incomplete', + }, + { + id: 'CWE-434', + name: 'Unrestricted Upload of File with Dangerous Type', + status: 'Draft', + }, + { + id: 'CWE-435', + name: 'Improper Interaction Between Multiple Correctly-Behaving Entities', + status: 'Draft', + }, + { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, + { + id: 'CWE-437', + name: 'Incomplete Model of Endpoint Features', + status: 'Incomplete', + }, + { + id: 'CWE-439', + name: 'Behavioral Change in New Version or Environment', + status: 'Draft', + }, + { + id: 'CWE-44', + name: "Path Equivalence: 'file.name' (Internal Dot)", + status: 'Incomplete', + }, + { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, + { + id: 'CWE-441', + name: "Unintended Proxy or Intermediary ('Confused Deputy')", + status: 'Draft', + }, + { + id: 'CWE-443', + name: 'DEPRECATED (Duplicate): HTTP response splitting', + status: 'Deprecated', + }, + { + id: 'CWE-444', + name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')", + status: 'Incomplete', + }, + { + id: 'CWE-446', + name: 'UI Discrepancy for Security Feature', + status: 'Incomplete', + }, + { + id: 'CWE-447', + name: 'Unimplemented or Unsupported Feature in UI', + status: 'Draft', + }, + { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, + { + id: 'CWE-449', + name: 'The UI Performs the Wrong Action', + status: 'Incomplete', + }, + { + id: 'CWE-45', + name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-450', + name: 'Multiple Interpretations of UI Input', + status: 'Draft', + }, + { + id: 'CWE-451', + name: 'User Interface (UI) Misrepresentation of Critical Information', + status: 'Draft', + }, + { + id: 'CWE-453', + name: 'Insecure Default Variable Initialization', + status: 'Draft', + }, + { + id: 'CWE-454', + name: 'External Initialization of Trusted Variables or Data Stores', + status: 'Draft', + }, + { + id: 'CWE-455', + name: 'Non-exit on Failed Initialization', + status: 'Draft', + }, + { + id: 'CWE-456', + name: 'Missing Initialization of a Variable', + status: 'Draft', + }, + { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, + { + id: 'CWE-458', + name: 'DEPRECATED: Incorrect Initialization', + status: 'Deprecated', + }, + { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, + { + id: 'CWE-46', + name: "Path Equivalence: 'filename ' (Trailing Space)", + status: 'Incomplete', + }, + { + id: 'CWE-460', + name: 'Improper Cleanup on Thrown Exception', + status: 'Draft', + }, + { + id: 'CWE-462', + name: 'Duplicate Key in Associative List (Alist)', + status: 'Incomplete', + }, + { + id: 'CWE-463', + name: 'Deletion of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-464', + name: 'Addition of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-466', + name: 'Return of Pointer Value Outside of Expected Range', + status: 'Draft', + }, + { + id: 'CWE-467', + name: 'Use of sizeof() on a Pointer Type', + status: 'Draft', + }, + { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, + { + id: 'CWE-469', + name: 'Use of Pointer Subtraction to Determine Size', + status: 'Draft', + }, + { + id: 'CWE-47', + name: "Path Equivalence: ' filename' (Leading Space)", + status: 'Incomplete', + }, + { + id: 'CWE-470', + name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", + status: 'Draft', + }, + { + id: 'CWE-471', + name: 'Modification of Assumed-Immutable Data (MAID)', + status: 'Draft', + }, + { + id: 'CWE-472', + name: 'External Control of Assumed-Immutable Web Parameter', + status: 'Draft', + }, + { + id: 'CWE-473', + name: 'PHP External Variable Modification', + status: 'Draft', + }, + { + id: 'CWE-474', + name: 'Use of Function with Inconsistent Implementations', + status: 'Draft', + }, + { + id: 'CWE-475', + name: 'Undefined Behavior for Input to API', + status: 'Incomplete', + }, + { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Stable' }, + { id: 'CWE-477', name: 'Use of Obsolete Function', status: 'Draft' }, + { + id: 'CWE-478', + name: 'Missing Default Case in Switch Statement', + status: 'Draft', + }, + { + id: 'CWE-479', + name: 'Signal Handler Use of a Non-reentrant Function', + status: 'Draft', + }, + { + id: 'CWE-48', + name: "Path Equivalence: 'file name' (Internal Whitespace)", + status: 'Incomplete', + }, + { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, + { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, + { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, + { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, + { + id: 'CWE-484', + name: 'Omitted Break Statement in Switch', + status: 'Draft', + }, + { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, + { + id: 'CWE-487', + name: 'Reliance on Package-level Scope', + status: 'Incomplete', + }, + { + id: 'CWE-488', + name: 'Exposure of Data Element to Wrong Session', + status: 'Draft', + }, + { id: 'CWE-489', name: 'Leftover Debug Code', status: 'Draft' }, + { + id: 'CWE-49', + name: "Path Equivalence: 'filename/' (Trailing Slash)", + status: 'Incomplete', + }, + { + id: 'CWE-491', + name: "Public cloneable() Method Without Final ('Object Hijack')", + status: 'Draft', + }, + { + id: 'CWE-492', + name: 'Use of Inner Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-493', + name: 'Critical Public Variable Without Final Modifier', + status: 'Draft', + }, + { + id: 'CWE-494', + name: 'Download of Code Without Integrity Check', + status: 'Draft', + }, + { + id: 'CWE-495', + name: 'Private Data Structure Returned From A Public Method', + status: 'Draft', + }, + { + id: 'CWE-496', + name: 'Public Data Assigned to Private Array-Typed Field', + status: 'Incomplete', + }, + { + id: 'CWE-497', + name: 'Exposure of System Data to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-498', + name: 'Cloneable Class Containing Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-499', + name: 'Serializable Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-5', + name: 'J2EE Misconfiguration: Data Transmission Without Encryption', + status: 'Draft', + }, + { + id: 'CWE-50', + name: "Path Equivalence: '//multiple/leading/slash'", + status: 'Incomplete', + }, + { + id: 'CWE-500', + name: 'Public Static Field Not Marked Final', + status: 'Draft', + }, + { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, + { + id: 'CWE-502', + name: 'Deserialization of Untrusted Data', + status: 'Draft', + }, + { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, + { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, + { + id: 'CWE-508', + name: 'Non-Replicating Malicious Code', + status: 'Incomplete', + }, + { + id: 'CWE-509', + name: 'Replicating Malicious Code (Virus or Worm)', + status: 'Incomplete', + }, + { + id: 'CWE-51', + name: "Path Equivalence: '/multiple//internal/slash'", + status: 'Incomplete', + }, + { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, + { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, + { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, + { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, + { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, + { + id: 'CWE-516', + name: 'DEPRECATED (Duplicate): Covert Timing Channel', + status: 'Deprecated', + }, + { + id: 'CWE-52', + name: "Path Equivalence: '/multiple/trailing/slash//'", + status: 'Incomplete', + }, + { + id: 'CWE-520', + name: '.NET Misconfiguration: Use of Impersonation', + status: 'Incomplete', + }, + { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, + { + id: 'CWE-522', + name: 'Insufficiently Protected Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-523', + name: 'Unprotected Transport of Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-524', + name: 'Information Exposure Through Caching', + status: 'Incomplete', + }, + { + id: 'CWE-525', + name: 'Information Exposure Through Browser Caching', + status: 'Incomplete', + }, + { + id: 'CWE-526', + name: 'Information Exposure Through Environmental Variables', + status: 'Incomplete', + }, + { + id: 'CWE-527', + name: 'Exposure of CVS Repository to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-528', + name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', + status: 'Draft', + }, + { + id: 'CWE-529', + name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-53', + name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", + status: 'Incomplete', + }, + { + id: 'CWE-530', + name: 'Exposure of Backup File to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-531', + name: 'Information Exposure Through Test Code', + status: 'Incomplete', + }, + { + id: 'CWE-532', + name: 'Inclusion of Sensitive Information in Log Files', + status: 'Incomplete', + }, + { + id: 'CWE-533', + name: 'DEPRECATED: Information Exposure Through Server Log Files', + status: 'Deprecated', + }, + { + id: 'CWE-534', + name: 'DEPRECATED: Information Exposure Through Debug Log Files', + status: 'Deprecated', + }, + { + id: 'CWE-535', + name: 'Information Exposure Through Shell Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-536', + name: 'Information Exposure Through Servlet Runtime Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-537', + name: 'Information Exposure Through Java Runtime Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-538', + name: 'File and Directory Information Exposure', + status: 'Draft', + }, + { + id: 'CWE-539', + name: 'Information Exposure Through Persistent Cookies', + status: 'Incomplete', + }, + { + id: 'CWE-54', + name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", + status: 'Incomplete', + }, + { + id: 'CWE-540', + name: 'Information Exposure Through Source Code', + status: 'Incomplete', + }, + { + id: 'CWE-541', + name: 'Information Exposure Through Include Source Code', + status: 'Incomplete', + }, + { + id: 'CWE-542', + name: 'DEPRECATED: Information Exposure Through Cleanup Log Files', + status: 'Deprecated', + }, + { + id: 'CWE-543', + name: 'Use of Singleton Pattern Without Synchronization in a Multithreaded Context', + status: 'Incomplete', + }, + { + id: 'CWE-544', + name: 'Missing Standardized Error Handling Mechanism', + status: 'Draft', + }, + { + id: 'CWE-545', + name: 'DEPRECATED: Use of Dynamic Class Loading', + status: 'Deprecated', + }, + { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, + { + id: 'CWE-547', + name: 'Use of Hard-coded, Security-relevant Constants', + status: 'Draft', + }, + { + id: 'CWE-548', + name: 'Information Exposure Through Directory Listing', + status: 'Draft', + }, + { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, + { + id: 'CWE-55', + name: "Path Equivalence: '/./' (Single Dot Directory)", + status: 'Incomplete', + }, + { + id: 'CWE-550', + name: 'Information Exposure Through Server Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-551', + name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', + status: 'Incomplete', + }, + { + id: 'CWE-552', + name: 'Files or Directories Accessible to External Parties', + status: 'Draft', + }, + { + id: 'CWE-553', + name: 'Command Shell in Externally Accessible Directory', + status: 'Incomplete', + }, + { + id: 'CWE-554', + name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', + status: 'Draft', + }, + { + id: 'CWE-555', + name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-556', + name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', + status: 'Incomplete', + }, + { + id: 'CWE-558', + name: 'Use of getlogin() in Multithreaded Application', + status: 'Draft', + }, + { + id: 'CWE-56', + name: "Path Equivalence: 'filedir*' (Wildcard)", + status: 'Incomplete', + }, + { + id: 'CWE-560', + name: 'Use of umask() with chmod-style Argument', + status: 'Draft', + }, + { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, + { + id: 'CWE-562', + name: 'Return of Stack Variable Address', + status: 'Draft', + }, + { + id: 'CWE-563', + name: 'Assignment to Variable without Use', + status: 'Draft', + }, + { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, + { + id: 'CWE-565', + name: 'Reliance on Cookies without Validation and Integrity Checking', + status: 'Incomplete', + }, + { + id: 'CWE-566', + name: 'Authorization Bypass Through User-Controlled SQL Primary Key', + status: 'Incomplete', + }, + { + id: 'CWE-567', + name: 'Unsynchronized Access to Shared Data in a Multithreaded Context', + status: 'Draft', + }, + { + id: 'CWE-568', + name: 'finalize() Method Without super.finalize()', + status: 'Draft', + }, + { + id: 'CWE-57', + name: "Path Equivalence: 'fakedir/../realdir/filename'", + status: 'Incomplete', + }, + { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, + { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, + { + id: 'CWE-572', + name: 'Call to Thread run() instead of start()', + status: 'Draft', + }, + { + id: 'CWE-573', + name: 'Improper Following of Specification by Caller', + status: 'Draft', + }, + { + id: 'CWE-574', + name: 'EJB Bad Practices: Use of Synchronization Primitives', + status: 'Draft', + }, + { + id: 'CWE-575', + name: 'EJB Bad Practices: Use of AWT Swing', + status: 'Draft', + }, + { + id: 'CWE-576', + name: 'EJB Bad Practices: Use of Java I/O', + status: 'Draft', + }, + { + id: 'CWE-577', + name: 'EJB Bad Practices: Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-578', + name: 'EJB Bad Practices: Use of Class Loader', + status: 'Draft', + }, + { + id: 'CWE-579', + name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', + status: 'Draft', + }, + { + id: 'CWE-58', + name: 'Path Equivalence: Windows 8.3 Filename', + status: 'Incomplete', + }, + { + id: 'CWE-580', + name: 'clone() Method Without super.clone()', + status: 'Draft', + }, + { + id: 'CWE-581', + name: 'Object Model Violation: Just One of Equals and Hashcode Defined', + status: 'Draft', + }, + { + id: 'CWE-582', + name: 'Array Declared Public, Final, and Static', + status: 'Draft', + }, + { + id: 'CWE-583', + name: 'finalize() Method Declared Public', + status: 'Incomplete', + }, + { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, + { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, + { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, + { + id: 'CWE-587', + name: 'Assignment of a Fixed Address to a Pointer', + status: 'Draft', + }, + { + id: 'CWE-588', + name: 'Attempt to Access Child of a Non-structure Pointer', + status: 'Incomplete', + }, + { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, + { + id: 'CWE-59', + name: "Improper Link Resolution Before File Access ('Link Following')", + status: 'Draft', + }, + { + id: 'CWE-590', + name: 'Free of Memory not on the Heap', + status: 'Incomplete', + }, + { + id: 'CWE-591', + name: 'Sensitive Data Storage in Improperly Locked Memory', + status: 'Draft', + }, + { + id: 'CWE-592', + name: 'DEPRECATED: Authentication Bypass Issues', + status: 'Deprecated', + }, + { + id: 'CWE-593', + name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', + status: 'Draft', + }, + { + id: 'CWE-594', + name: 'J2EE Framework: Saving Unserializable Objects to Disk', + status: 'Incomplete', + }, + { + id: 'CWE-595', + name: 'Comparison of Object References Instead of Object Contents', + status: 'Incomplete', + }, + { + id: 'CWE-596', + name: 'DEPRECATED: Incorrect Semantic Object Comparison', + status: 'Deprecated', + }, + { + id: 'CWE-597', + name: 'Use of Wrong Operator in String Comparison', + status: 'Draft', + }, + { + id: 'CWE-598', + name: 'Information Exposure Through Query Strings in GET Request', + status: 'Draft', + }, + { + id: 'CWE-599', + name: 'Missing Validation of OpenSSL Certificate', + status: 'Incomplete', + }, + { + id: 'CWE-6', + name: 'J2EE Misconfiguration: Insufficient Session-ID Length', + status: 'Incomplete', + }, + { id: 'CWE-600', name: 'Uncaught Exception in Servlet ', status: 'Draft' }, + { + id: 'CWE-601', + name: "URL Redirection to Untrusted Site ('Open Redirect')", + status: 'Draft', + }, + { + id: 'CWE-602', + name: 'Client-Side Enforcement of Server-Side Security', + status: 'Draft', + }, + { + id: 'CWE-603', + name: 'Use of Client-Side Authentication', + status: 'Draft', + }, + { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, + { + id: 'CWE-606', + name: 'Unchecked Input for Loop Condition', + status: 'Draft', + }, + { + id: 'CWE-607', + name: 'Public Static Final Field References Mutable Object', + status: 'Draft', + }, + { + id: 'CWE-608', + name: 'Struts: Non-private Field in ActionForm Class', + status: 'Draft', + }, + { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, + { + id: 'CWE-61', + name: 'UNIX Symbolic Link (Symlink) Following', + status: 'Incomplete', + }, + { + id: 'CWE-610', + name: 'Externally Controlled Reference to a Resource in Another Sphere', + status: 'Draft', + }, + { + id: 'CWE-611', + name: 'Improper Restriction of XML External Entity Reference', + status: 'Draft', + }, + { + id: 'CWE-612', + name: 'Information Exposure Through Indexing of Private Data', + status: 'Draft', + }, + { + id: 'CWE-613', + name: 'Insufficient Session Expiration', + status: 'Incomplete', + }, + { + id: 'CWE-614', + name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", + status: 'Draft', + }, + { + id: 'CWE-615', + name: 'Information Exposure Through Comments', + status: 'Incomplete', + }, + { + id: 'CWE-616', + name: 'Incomplete Identification of Uploaded File Variables (PHP)', + status: 'Incomplete', + }, + { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, + { + id: 'CWE-618', + name: 'Exposed Unsafe ActiveX Method', + status: 'Incomplete', + }, + { + id: 'CWE-619', + name: "Dangling Database Cursor ('Cursor Injection')", + status: 'Incomplete', + }, + { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, + { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, + { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, + { + id: 'CWE-622', + name: 'Improper Validation of Function Hook Arguments', + status: 'Draft', + }, + { + id: 'CWE-623', + name: 'Unsafe ActiveX Control Marked Safe For Scripting', + status: 'Draft', + }, + { + id: 'CWE-624', + name: 'Executable Regular Expression Error', + status: 'Incomplete', + }, + { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, + { + id: 'CWE-626', + name: 'Null Byte Interaction Error (Poison Null Byte)', + status: 'Draft', + }, + { + id: 'CWE-627', + name: 'Dynamic Variable Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-628', + name: 'Function Call with Incorrectly Specified Arguments', + status: 'Draft', + }, + { + id: 'CWE-636', + name: "Not Failing Securely ('Failing Open')", + status: 'Draft', + }, + { + id: 'CWE-637', + name: "Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')", + status: 'Draft', + }, + { id: 'CWE-638', name: 'Not Using Complete Mediation', status: 'Draft' }, + { + id: 'CWE-639', + name: 'Authorization Bypass Through User-Controlled Key', + status: 'Incomplete', + }, + { + id: 'CWE-64', + name: 'Windows Shortcut Following (.LNK)', + status: 'Incomplete', + }, + { + id: 'CWE-640', + name: 'Weak Password Recovery Mechanism for Forgotten Password', + status: 'Incomplete', + }, + { + id: 'CWE-641', + name: 'Improper Restriction of Names for Files and Other Resources', + status: 'Incomplete', + }, + { + id: 'CWE-642', + name: 'External Control of Critical State Data', + status: 'Draft', + }, + { + id: 'CWE-643', + name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-644', + name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', + status: 'Incomplete', + }, + { + id: 'CWE-645', + name: 'Overly Restrictive Account Lockout Mechanism', + status: 'Incomplete', + }, + { + id: 'CWE-646', + name: 'Reliance on File Name or Extension of Externally-Supplied File', + status: 'Incomplete', + }, + { + id: 'CWE-647', + name: 'Use of Non-Canonical URL Paths for Authorization Decisions', + status: 'Incomplete', + }, + { + id: 'CWE-648', + name: 'Incorrect Use of Privileged APIs', + status: 'Incomplete', + }, + { + id: 'CWE-649', + name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', + status: 'Incomplete', + }, + { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, + { + id: 'CWE-650', + name: 'Trusting HTTP Permission Methods on the Server Side', + status: 'Incomplete', + }, + { + id: 'CWE-651', + name: 'Information Exposure Through WSDL File', + status: 'Incomplete', + }, + { + id: 'CWE-652', + name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-653', + name: 'Insufficient Compartmentalization', + status: 'Draft', + }, + { + id: 'CWE-654', + name: 'Reliance on a Single Factor in a Security Decision', + status: 'Draft', + }, + { + id: 'CWE-655', + name: 'Insufficient Psychological Acceptability', + status: 'Draft', + }, + { + id: 'CWE-656', + name: 'Reliance on Security Through Obscurity', + status: 'Draft', + }, + { + id: 'CWE-657', + name: 'Violation of Secure Design Principles', + status: 'Draft', + }, + { + id: 'CWE-66', + name: 'Improper Handling of File Names that Identify Virtual Resources', + status: 'Draft', + }, + { id: 'CWE-662', name: 'Improper Synchronization', status: 'Draft' }, + { + id: 'CWE-663', + name: 'Use of a Non-reentrant Function in a Concurrent Context', + status: 'Draft', + }, + { + id: 'CWE-664', + name: 'Improper Control of a Resource Through its Lifetime', + status: 'Draft', + }, + { id: 'CWE-665', name: 'Improper Initialization', status: 'Draft' }, + { + id: 'CWE-666', + name: 'Operation on Resource in Wrong Phase of Lifetime', + status: 'Draft', + }, + { id: 'CWE-667', name: 'Improper Locking', status: 'Draft' }, + { + id: 'CWE-668', + name: 'Exposure of Resource to Wrong Sphere', + status: 'Draft', + }, + { + id: 'CWE-669', + name: 'Incorrect Resource Transfer Between Spheres', + status: 'Draft', + }, + { + id: 'CWE-67', + name: 'Improper Handling of Windows Device Names', + status: 'Incomplete', + }, + { + id: 'CWE-670', + name: 'Always-Incorrect Control Flow Implementation', + status: 'Draft', + }, + { + id: 'CWE-671', + name: 'Lack of Administrator Control over Security', + status: 'Draft', + }, + { + id: 'CWE-672', + name: 'Operation on a Resource after Expiration or Release', + status: 'Draft', + }, + { + id: 'CWE-673', + name: 'External Influence of Sphere Definition', + status: 'Draft', + }, + { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, + { + id: 'CWE-675', + name: 'Duplicate Operations on Resource', + status: 'Draft', + }, + { + id: 'CWE-676', + name: 'Use of Potentially Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-680', + name: 'Integer Overflow to Buffer Overflow', + status: 'Draft', + }, + { + id: 'CWE-681', + name: 'Incorrect Conversion between Numeric Types', + status: 'Draft', + }, + { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, + { + id: 'CWE-683', + name: 'Function Call With Incorrect Order of Arguments', + status: 'Draft', + }, + { + id: 'CWE-684', + name: 'Incorrect Provision of Specified Functionality', + status: 'Draft', + }, + { + id: 'CWE-685', + name: 'Function Call With Incorrect Number of Arguments', + status: 'Draft', + }, + { + id: 'CWE-686', + name: 'Function Call With Incorrect Argument Type', + status: 'Draft', + }, + { + id: 'CWE-687', + name: 'Function Call With Incorrectly Specified Argument Value', + status: 'Draft', + }, + { + id: 'CWE-688', + name: 'Function Call With Incorrect Variable or Reference as Argument', + status: 'Draft', + }, + { + id: 'CWE-689', + name: 'Permission Race Condition During Resource Copy', + status: 'Draft', + }, + { + id: 'CWE-69', + name: 'Improper Handling of Windows ::DATA Alternate Data Stream', + status: 'Incomplete', + }, + { + id: 'CWE-690', + name: 'Unchecked Return Value to NULL Pointer Dereference', + status: 'Draft', + }, + { + id: 'CWE-691', + name: 'Insufficient Control Flow Management', + status: 'Draft', + }, + { + id: 'CWE-692', + name: 'Incomplete Blacklist to Cross-Site Scripting', + status: 'Draft', + }, + { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, + { + id: 'CWE-694', + name: 'Use of Multiple Resources with Duplicate Identifier', + status: 'Incomplete', + }, + { + id: 'CWE-695', + name: 'Use of Low-Level Functionality', + status: 'Incomplete', + }, + { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, + { id: 'CWE-697', name: 'Incorrect Comparison', status: 'Incomplete' }, + { + id: 'CWE-698', + name: 'Execution After Redirect (EAR)', + status: 'Incomplete', + }, + { + id: 'CWE-7', + name: 'J2EE Misconfiguration: Missing Custom Error Page', + status: 'Incomplete', + }, + { + id: 'CWE-703', + name: 'Improper Check or Handling of Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-704', + name: 'Incorrect Type Conversion or Cast', + status: 'Incomplete', + }, + { + id: 'CWE-705', + name: 'Incorrect Control Flow Scoping', + status: 'Incomplete', + }, + { + id: 'CWE-706', + name: 'Use of Incorrectly-Resolved Name or Reference', + status: 'Incomplete', + }, + { + id: 'CWE-707', + name: 'Improper Enforcement of Message or Data Structure', + status: 'Incomplete', + }, + { + id: 'CWE-708', + name: 'Incorrect Ownership Assignment', + status: 'Incomplete', + }, + { + id: 'CWE-71', + name: "DEPRECATED: Apple '.DS_Store'", + status: 'Deprecated', + }, + { + id: 'CWE-710', + name: 'Improper Adherence to Coding Standards', + status: 'Incomplete', + }, + { + id: 'CWE-72', + name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', + status: 'Incomplete', + }, + { + id: 'CWE-73', + name: 'External Control of File Name or Path', + status: 'Draft', + }, + { + id: 'CWE-732', + name: 'Incorrect Permission Assignment for Critical Resource', + status: 'Draft', + }, + { + id: 'CWE-733', + name: 'Compiler Optimization Removal or Modification of Security-critical Code', + status: 'Incomplete', + }, + { + id: 'CWE-74', + name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-749', + name: 'Exposed Dangerous Method or Function', + status: 'Incomplete', + }, + { + id: 'CWE-75', + name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', + status: 'Draft', + }, + { + id: 'CWE-754', + name: 'Improper Check for Unusual or Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-755', + name: 'Improper Handling of Exceptional Conditions', + status: 'Incomplete', + }, + { id: 'CWE-756', name: 'Missing Custom Error Page', status: 'Incomplete' }, + { + id: 'CWE-757', + name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", + status: 'Incomplete', + }, + { + id: 'CWE-758', + name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', + status: 'Incomplete', + }, + { + id: 'CWE-759', + name: 'Use of a One-Way Hash without a Salt', + status: 'Incomplete', + }, + { + id: 'CWE-76', + name: 'Improper Neutralization of Equivalent Special Elements', + status: 'Draft', + }, + { + id: 'CWE-760', + name: 'Use of a One-Way Hash with a Predictable Salt', + status: 'Incomplete', + }, + { + id: 'CWE-761', + name: 'Free of Pointer not at Start of Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-762', + name: 'Mismatched Memory Management Routines', + status: 'Incomplete', + }, + { + id: 'CWE-763', + name: 'Release of Invalid Pointer or Reference', + status: 'Incomplete', + }, + { + id: 'CWE-764', + name: 'Multiple Locks of a Critical Resource', + status: 'Incomplete', + }, + { + id: 'CWE-765', + name: 'Multiple Unlocks of a Critical Resource', + status: 'Incomplete', + }, + { + id: 'CWE-766', + name: 'Critical Data Element Declared Public', + status: 'Incomplete', + }, + { + id: 'CWE-767', + name: 'Access to Critical Private Variable via Public Method', + status: 'Incomplete', + }, + { + id: 'CWE-768', + name: 'Incorrect Short Circuit Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-769', + name: 'DEPRECATED: Uncontrolled File Descriptor Consumption', + status: 'Deprecated', + }, + { + id: 'CWE-77', + name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", + status: 'Draft', + }, + { + id: 'CWE-770', + name: 'Allocation of Resources Without Limits or Throttling', + status: 'Incomplete', + }, + { + id: 'CWE-771', + name: 'Missing Reference to Active Allocated Resource', + status: 'Incomplete', + }, + { + id: 'CWE-772', + name: 'Missing Release of Resource after Effective Lifetime', + status: 'Draft', + }, + { + id: 'CWE-773', + name: 'Missing Reference to Active File Descriptor or Handle', + status: 'Incomplete', + }, + { + id: 'CWE-774', + name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', + status: 'Incomplete', + }, + { + id: 'CWE-775', + name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-776', + name: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", + status: 'Draft', + }, + { + id: 'CWE-777', + name: 'Regular Expression without Anchors', + status: 'Incomplete', + }, + { id: 'CWE-778', name: 'Insufficient Logging', status: 'Draft' }, + { id: 'CWE-779', name: 'Logging of Excessive Data', status: 'Draft' }, + { + id: 'CWE-78', + name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", + status: 'Stable', + }, + { + id: 'CWE-780', + name: 'Use of RSA Algorithm without OAEP', + status: 'Incomplete', + }, + { + id: 'CWE-781', + name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', + status: 'Draft', + }, + { + id: 'CWE-782', + name: 'Exposed IOCTL with Insufficient Access Control', + status: 'Draft', + }, + { id: 'CWE-783', name: 'Operator Precedence Logic Error', status: 'Draft' }, + { + id: 'CWE-784', + name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', + status: 'Draft', + }, + { + id: 'CWE-785', + name: 'Use of Path Manipulation Function without Maximum-sized Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-786', + name: 'Access of Memory Location Before Start of Buffer', + status: 'Incomplete', + }, + { id: 'CWE-787', name: 'Out-of-bounds Write', status: 'Draft' }, + { + id: 'CWE-788', + name: 'Access of Memory Location After End of Buffer', + status: 'Incomplete', + }, + { id: 'CWE-789', name: 'Uncontrolled Memory Allocation', status: 'Draft' }, + { + id: 'CWE-79', + name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + status: 'Stable', + }, + { + id: 'CWE-790', + name: 'Improper Filtering of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-791', + name: 'Incomplete Filtering of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-792', + name: 'Incomplete Filtering of One or More Instances of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-793', + name: 'Only Filtering One Instance of a Special Element', + status: 'Incomplete', + }, + { + id: 'CWE-794', + name: 'Incomplete Filtering of Multiple Instances of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-795', + name: 'Only Filtering Special Elements at a Specified Location', + status: 'Incomplete', + }, + { + id: 'CWE-796', + name: 'Only Filtering Special Elements Relative to a Marker', + status: 'Incomplete', + }, + { + id: 'CWE-797', + name: 'Only Filtering Special Elements at an Absolute Position', + status: 'Incomplete', + }, + { id: 'CWE-798', name: 'Use of Hard-coded Credentials', status: 'Draft' }, + { + id: 'CWE-799', + name: 'Improper Control of Interaction Frequency', + status: 'Incomplete', + }, + { + id: 'CWE-8', + name: 'J2EE Misconfiguration: Entity Bean Declared Remote', + status: 'Incomplete', + }, + { + id: 'CWE-80', + name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', + status: 'Incomplete', + }, + { id: 'CWE-804', name: 'Guessable CAPTCHA', status: 'Incomplete' }, + { + id: 'CWE-805', + name: 'Buffer Access with Incorrect Length Value', + status: 'Incomplete', + }, + { + id: 'CWE-806', + name: 'Buffer Access Using Size of Source Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-807', + name: 'Reliance on Untrusted Inputs in a Security Decision', + status: 'Incomplete', + }, + { + id: 'CWE-81', + name: 'Improper Neutralization of Script in an Error Message Web Page', + status: 'Incomplete', + }, + { + id: 'CWE-82', + name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', + status: 'Incomplete', + }, + { id: 'CWE-820', name: 'Missing Synchronization', status: 'Incomplete' }, + { id: 'CWE-821', name: 'Incorrect Synchronization', status: 'Incomplete' }, + { + id: 'CWE-822', + name: 'Untrusted Pointer Dereference', + status: 'Incomplete', + }, + { + id: 'CWE-823', + name: 'Use of Out-of-range Pointer Offset', + status: 'Incomplete', + }, + { + id: 'CWE-824', + name: 'Access of Uninitialized Pointer', + status: 'Incomplete', + }, + { + id: 'CWE-825', + name: 'Expired Pointer Dereference', + status: 'Incomplete', + }, + { + id: 'CWE-826', + name: 'Premature Release of Resource During Expected Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-827', + name: 'Improper Control of Document Type Definition', + status: 'Incomplete', + }, + { + id: 'CWE-828', + name: 'Signal Handler with Functionality that is not Asynchronous-Safe', + status: 'Incomplete', + }, + { + id: 'CWE-829', + name: 'Inclusion of Functionality from Untrusted Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-83', + name: 'Improper Neutralization of Script in Attributes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-830', + name: 'Inclusion of Web Functionality from an Untrusted Source', + status: 'Incomplete', + }, + { + id: 'CWE-831', + name: 'Signal Handler Function Associated with Multiple Signals', + status: 'Incomplete', + }, + { + id: 'CWE-832', + name: 'Unlock of a Resource that is not Locked', + status: 'Incomplete', + }, + { id: 'CWE-833', name: 'Deadlock', status: 'Incomplete' }, + { id: 'CWE-834', name: 'Excessive Iteration', status: 'Incomplete' }, + { + id: 'CWE-835', + name: "Loop with Unreachable Exit Condition ('Infinite Loop')", + status: 'Incomplete', + }, + { + id: 'CWE-836', + name: 'Use of Password Hash Instead of Password for Authentication', + status: 'Incomplete', + }, + { + id: 'CWE-837', + name: 'Improper Enforcement of a Single, Unique Action', + status: 'Incomplete', + }, + { + id: 'CWE-838', + name: 'Inappropriate Encoding for Output Context', + status: 'Incomplete', + }, + { + id: 'CWE-839', + name: 'Numeric Range Comparison Without Minimum Check', + status: 'Incomplete', + }, + { + id: 'CWE-84', + name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-841', + name: 'Improper Enforcement of Behavioral Workflow', + status: 'Incomplete', + }, + { + id: 'CWE-842', + name: 'Placement of User into Incorrect Group', + status: 'Incomplete', + }, + { + id: 'CWE-843', + name: "Access of Resource Using Incompatible Type ('Type Confusion')", + status: 'Incomplete', + }, + { + id: 'CWE-85', + name: 'Doubled Character XSS Manipulations', + status: 'Draft', + }, + { + id: 'CWE-86', + name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', + status: 'Draft', + }, + { id: 'CWE-862', name: 'Missing Authorization', status: 'Incomplete' }, + { id: 'CWE-863', name: 'Incorrect Authorization', status: 'Incomplete' }, + { + id: 'CWE-87', + name: 'Improper Neutralization of Alternate XSS Syntax', + status: 'Draft', + }, + { + id: 'CWE-88', + name: "Improper Delimitation of Arguments in a Command ('Argument Injection')", + status: 'Draft', + }, + { + id: 'CWE-89', + name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + status: 'Stable', + }, + { + id: 'CWE-9', + name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', + status: 'Draft', + }, + { + id: 'CWE-90', + name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", + status: 'Draft', + }, + { + id: 'CWE-908', + name: 'Use of Uninitialized Resource', + status: 'Incomplete', + }, + { + id: 'CWE-909', + name: 'Missing Initialization of Resource', + status: 'Incomplete', + }, + { + id: 'CWE-91', + name: 'XML Injection (aka Blind XPath Injection)', + status: 'Draft', + }, + { + id: 'CWE-910', + name: 'Use of Expired File Descriptor', + status: 'Incomplete', + }, + { + id: 'CWE-911', + name: 'Improper Update of Reference Count', + status: 'Incomplete', + }, + { id: 'CWE-912', name: 'Hidden Functionality', status: 'Incomplete' }, + { + id: 'CWE-913', + name: 'Improper Control of Dynamically-Managed Code Resources', + status: 'Incomplete', + }, + { + id: 'CWE-914', + name: 'Improper Control of Dynamically-Identified Variables', + status: 'Incomplete', + }, + { + id: 'CWE-915', + name: 'Improperly Controlled Modification of Dynamically-Determined Object Attributes', + status: 'Incomplete', + }, + { + id: 'CWE-916', + name: 'Use of Password Hash With Insufficient Computational Effort', + status: 'Incomplete', + }, + { + id: 'CWE-917', + name: "Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-918', + name: 'Server-Side Request Forgery (SSRF)', + status: 'Incomplete', + }, + { + id: 'CWE-92', + name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', + status: 'Deprecated', + }, + { + id: 'CWE-920', + name: 'Improper Restriction of Power Consumption', + status: 'Incomplete', + }, + { + id: 'CWE-921', + name: 'Storage of Sensitive Data in a Mechanism without Access Control', + status: 'Incomplete', + }, + { + id: 'CWE-922', + name: 'Insecure Storage of Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-923', + name: 'Improper Restriction of Communication Channel to Intended Endpoints', + status: 'Incomplete', + }, + { + id: 'CWE-924', + name: 'Improper Enforcement of Message Integrity During Transmission in a Communication Channel', + status: 'Incomplete', + }, + { + id: 'CWE-925', + name: 'Improper Verification of Intent by Broadcast Receiver', + status: 'Incomplete', + }, + { + id: 'CWE-926', + name: 'Improper Export of Android Application Components', + status: 'Incomplete', + }, + { + id: 'CWE-927', + name: 'Use of Implicit Intent for Sensitive Communication', + status: 'Incomplete', + }, + { + id: 'CWE-93', + name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", + status: 'Draft', + }, + { + id: 'CWE-939', + name: 'Improper Authorization in Handler for Custom URL Scheme', + status: 'Incomplete', + }, + { + id: 'CWE-94', + name: "Improper Control of Generation of Code ('Code Injection')", + status: 'Draft', + }, + { + id: 'CWE-940', + name: 'Improper Verification of Source of a Communication Channel', + status: 'Incomplete', + }, + { + id: 'CWE-941', + name: 'Incorrectly Specified Destination in a Communication Channel', + status: 'Incomplete', + }, + { + id: 'CWE-942', + name: 'Overly Permissive Cross-domain Whitelist', + status: 'Incomplete', + }, + { + id: 'CWE-943', + name: 'Improper Neutralization of Special Elements in Data Query Logic', + status: 'Incomplete', + }, + { + id: 'CWE-95', + name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-96', + name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", + status: 'Draft', + }, + { + id: 'CWE-97', + name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', + status: 'Draft', + }, + { + id: 'CWE-98', + name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", + status: 'Draft', + }, + { + id: 'CWE-99', + name: "Improper Control of Resource Identifiers ('Resource Injection')", + status: 'Draft', + }, + ], +} diff --git a/lib/cwec/4.0.js b/lib/cwec/4.0.js new file mode 100644 index 00000000..a9a7fa82 --- /dev/null +++ b/lib/cwec/4.0.js @@ -0,0 +1,3699 @@ +export default { + date: '2020-02-24', + weaknesses: [ + { + id: 'CWE-1004', + name: "Sensitive Cookie Without 'HttpOnly' Flag", + status: 'Incomplete', + }, + { + id: 'CWE-1007', + name: 'Insufficient Visual Distinction of Homoglyphs Presented to User', + status: 'Incomplete', + }, + { + id: 'CWE-102', + name: 'Struts: Duplicate Validation Forms', + status: 'Incomplete', + }, + { + id: 'CWE-1021', + name: 'Improper Restriction of Rendered UI Layers or Frames', + status: 'Incomplete', + }, + { + id: 'CWE-1022', + name: 'Use of Web Link to Untrusted Target with window.opener Access', + status: 'Incomplete', + }, + { + id: 'CWE-1023', + name: 'Incomplete Comparison with Missing Factors', + status: 'Incomplete', + }, + { + id: 'CWE-1024', + name: 'Comparison of Incompatible Types', + status: 'Incomplete', + }, + { + id: 'CWE-1025', + name: 'Comparison Using Wrong Factors', + status: 'Incomplete', + }, + { + id: 'CWE-103', + name: 'Struts: Incomplete validate() Method Definition', + status: 'Draft', + }, + { + id: 'CWE-1037', + name: 'Processor Optimization Removal or Modification of Security-critical Code', + status: 'Incomplete', + }, + { + id: 'CWE-1038', + name: 'Insecure Automated Optimizations', + status: 'Draft', + }, + { + id: 'CWE-1039', + name: 'Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations', + status: 'Incomplete', + }, + { + id: 'CWE-104', + name: 'Struts: Form Bean Does Not Extend Validation Class', + status: 'Draft', + }, + { id: 'CWE-1041', name: 'Use of Redundant Code', status: 'Incomplete' }, + { + id: 'CWE-1042', + name: 'Static Member Data Element outside of a Singleton Class Element', + status: 'Incomplete', + }, + { + id: 'CWE-1043', + name: 'Data Element Aggregating an Excessively Large Number of Non-Primitive Elements', + status: 'Incomplete', + }, + { + id: 'CWE-1044', + name: 'Architecture with Number of Horizontal Layers Outside of Expected Range', + status: 'Incomplete', + }, + { + id: 'CWE-1045', + name: 'Parent Class with a Virtual Destructor and a Child Class without a Virtual Destructor', + status: 'Incomplete', + }, + { + id: 'CWE-1046', + name: 'Creation of Immutable Text Using String Concatenation', + status: 'Incomplete', + }, + { + id: 'CWE-1047', + name: 'Modules with Circular Dependencies', + status: 'Incomplete', + }, + { + id: 'CWE-1048', + name: 'Invokable Control Element with Large Number of Outward Calls', + status: 'Incomplete', + }, + { + id: 'CWE-1049', + name: 'Excessive Data Query Operations in a Large Data Table', + status: 'Incomplete', + }, + { + id: 'CWE-105', + name: 'Struts: Form Field Without Validator', + status: 'Draft', + }, + { + id: 'CWE-1050', + name: 'Excessive Platform Resource Consumption within a Loop', + status: 'Incomplete', + }, + { + id: 'CWE-1051', + name: 'Initialization with Hard-Coded Network Resource Configuration Data', + status: 'Incomplete', + }, + { + id: 'CWE-1052', + name: 'Excessive Use of Hard-Coded Literals in Initialization', + status: 'Incomplete', + }, + { + id: 'CWE-1053', + name: 'Missing Documentation for Design', + status: 'Incomplete', + }, + { + id: 'CWE-1054', + name: 'Invocation of a Control Element at an Unnecessarily Deep Horizontal Layer', + status: 'Incomplete', + }, + { + id: 'CWE-1055', + name: 'Multiple Inheritance from Concrete Classes', + status: 'Incomplete', + }, + { + id: 'CWE-1056', + name: 'Invokable Control Element with Variadic Parameters', + status: 'Incomplete', + }, + { + id: 'CWE-1057', + name: 'Data Access Operations Outside of Expected Data Manager Component', + status: 'Incomplete', + }, + { + id: 'CWE-1058', + name: 'Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element', + status: 'Incomplete', + }, + { id: 'CWE-1059', name: 'Incomplete Documentation', status: 'Incomplete' }, + { + id: 'CWE-106', + name: 'Struts: Plug-in Framework not in Use', + status: 'Draft', + }, + { + id: 'CWE-1060', + name: 'Excessive Number of Inefficient Server-Side Data Accesses', + status: 'Incomplete', + }, + { + id: 'CWE-1061', + name: 'Insufficient Encapsulation', + status: 'Incomplete', + }, + { + id: 'CWE-1062', + name: 'Parent Class with References to Child Class', + status: 'Incomplete', + }, + { + id: 'CWE-1063', + name: 'Creation of Class Instance within a Static Code Block', + status: 'Incomplete', + }, + { + id: 'CWE-1064', + name: 'Invokable Control Element with Signature Containing an Excessive Number of Parameters', + status: 'Incomplete', + }, + { + id: 'CWE-1065', + name: 'Runtime Resource Management Control Element in a Component Built to Run on Application Servers', + status: 'Incomplete', + }, + { + id: 'CWE-1066', + name: 'Missing Serialization Control Element', + status: 'Incomplete', + }, + { + id: 'CWE-1067', + name: 'Excessive Execution of Sequential Searches of Data Resource', + status: 'Incomplete', + }, + { + id: 'CWE-1068', + name: 'Inconsistency Between Implementation and Documented Design', + status: 'Incomplete', + }, + { id: 'CWE-1069', name: 'Empty Exception Block', status: 'Incomplete' }, + { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, + { + id: 'CWE-1070', + name: 'Serializable Data Element Containing non-Serializable Item Elements', + status: 'Incomplete', + }, + { id: 'CWE-1071', name: 'Empty Code Block', status: 'Incomplete' }, + { + id: 'CWE-1072', + name: 'Data Resource Access without Use of Connection Pooling', + status: 'Incomplete', + }, + { + id: 'CWE-1073', + name: 'Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses', + status: 'Incomplete', + }, + { + id: 'CWE-1074', + name: 'Class with Excessively Deep Inheritance', + status: 'Incomplete', + }, + { + id: 'CWE-1075', + name: 'Unconditional Control Flow Transfer outside of Switch Block', + status: 'Incomplete', + }, + { + id: 'CWE-1076', + name: 'Insufficient Adherence to Expected Conventions', + status: 'Incomplete', + }, + { + id: 'CWE-1077', + name: 'Floating Point Comparison with Incorrect Operator', + status: 'Incomplete', + }, + { + id: 'CWE-1078', + name: 'Inappropriate Source Code Style or Formatting', + status: 'Incomplete', + }, + { + id: 'CWE-1079', + name: 'Parent Class without Virtual Destructor Method', + status: 'Incomplete', + }, + { + id: 'CWE-108', + name: 'Struts: Unvalidated Action Form', + status: 'Incomplete', + }, + { + id: 'CWE-1080', + name: 'Source Code File with Excessive Number of Lines of Code', + status: 'Incomplete', + }, + { + id: 'CWE-1082', + name: 'Class Instance Self Destruction Control Element', + status: 'Incomplete', + }, + { + id: 'CWE-1083', + name: 'Data Access from Outside Expected Data Manager Component', + status: 'Incomplete', + }, + { + id: 'CWE-1084', + name: 'Invokable Control Element with Excessive File or Data Access Operations', + status: 'Incomplete', + }, + { + id: 'CWE-1085', + name: 'Invokable Control Element with Excessive Volume of Commented-out Code', + status: 'Incomplete', + }, + { + id: 'CWE-1086', + name: 'Class with Excessive Number of Child Classes', + status: 'Incomplete', + }, + { + id: 'CWE-1087', + name: 'Class with Virtual Method without a Virtual Destructor', + status: 'Incomplete', + }, + { + id: 'CWE-1088', + name: 'Synchronous Access of Remote Resource without Timeout', + status: 'Incomplete', + }, + { + id: 'CWE-1089', + name: 'Large Data Table with Excessive Number of Indices', + status: 'Incomplete', + }, + { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, + { + id: 'CWE-1090', + name: 'Method Containing Access of a Member Element from Another Class', + status: 'Incomplete', + }, + { + id: 'CWE-1091', + name: 'Use of Object without Invoking Destructor Method', + status: 'Incomplete', + }, + { + id: 'CWE-1092', + name: 'Use of Same Invokable Control Element in Multiple Architectural Layers', + status: 'Incomplete', + }, + { + id: 'CWE-1093', + name: 'Excessively Complex Data Representation', + status: 'Incomplete', + }, + { + id: 'CWE-1094', + name: 'Excessive Index Range Scan for a Data Resource', + status: 'Incomplete', + }, + { + id: 'CWE-1095', + name: 'Loop Condition Value Update within the Loop', + status: 'Incomplete', + }, + { + id: 'CWE-1096', + name: 'Singleton Class Instance Creation without Proper Locking or Synchronization', + status: 'Incomplete', + }, + { + id: 'CWE-1097', + name: 'Persistent Storable Data Element without Associated Comparison Control Element', + status: 'Incomplete', + }, + { + id: 'CWE-1098', + name: 'Data Element containing Pointer Item without Proper Copy Control Element', + status: 'Incomplete', + }, + { + id: 'CWE-1099', + name: 'Inconsistent Naming Conventions for Identifiers', + status: 'Incomplete', + }, + { + id: 'CWE-11', + name: 'ASP.NET Misconfiguration: Creating Debug Binary', + status: 'Draft', + }, + { + id: 'CWE-110', + name: 'Struts: Validator Without Form Field', + status: 'Draft', + }, + { + id: 'CWE-1100', + name: 'Insufficient Isolation of System-Dependent Functions', + status: 'Incomplete', + }, + { + id: 'CWE-1101', + name: 'Reliance on Runtime Component in Generated Code', + status: 'Incomplete', + }, + { + id: 'CWE-1102', + name: 'Reliance on Machine-Dependent Data Representation', + status: 'Incomplete', + }, + { + id: 'CWE-1103', + name: 'Use of Platform-Dependent Third Party Components', + status: 'Incomplete', + }, + { + id: 'CWE-1104', + name: 'Use of Unmaintained Third Party Components', + status: 'Incomplete', + }, + { + id: 'CWE-1105', + name: 'Insufficient Encapsulation of Machine-Dependent Functionality', + status: 'Incomplete', + }, + { + id: 'CWE-1106', + name: 'Insufficient Use of Symbolic Constants', + status: 'Incomplete', + }, + { + id: 'CWE-1107', + name: 'Insufficient Isolation of Symbolic Constant Definitions', + status: 'Incomplete', + }, + { + id: 'CWE-1108', + name: 'Excessive Reliance on Global Variables', + status: 'Incomplete', + }, + { + id: 'CWE-1109', + name: 'Use of Same Variable for Multiple Purposes', + status: 'Incomplete', + }, + { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, + { + id: 'CWE-1110', + name: 'Incomplete Design Documentation', + status: 'Incomplete', + }, + { + id: 'CWE-1111', + name: 'Incomplete I/O Documentation', + status: 'Incomplete', + }, + { + id: 'CWE-1112', + name: 'Incomplete Documentation of Program Execution', + status: 'Incomplete', + }, + { + id: 'CWE-1113', + name: 'Inappropriate Comment Style', + status: 'Incomplete', + }, + { + id: 'CWE-1114', + name: 'Inappropriate Whitespace Style', + status: 'Incomplete', + }, + { + id: 'CWE-1115', + name: 'Source Code Element without Standard Prologue', + status: 'Incomplete', + }, + { id: 'CWE-1116', name: 'Inaccurate Comments', status: 'Incomplete' }, + { + id: 'CWE-1117', + name: 'Callable with Insufficient Behavioral Summary', + status: 'Incomplete', + }, + { + id: 'CWE-1118', + name: 'Insufficient Documentation of Error Handling Techniques', + status: 'Incomplete', + }, + { + id: 'CWE-1119', + name: 'Excessive Use of Unconditional Branching', + status: 'Incomplete', + }, + { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, + { id: 'CWE-1120', name: 'Excessive Code Complexity', status: 'Incomplete' }, + { + id: 'CWE-1121', + name: 'Excessive McCabe Cyclomatic Complexity', + status: 'Incomplete', + }, + { + id: 'CWE-1122', + name: 'Excessive Halstead Complexity', + status: 'Incomplete', + }, + { + id: 'CWE-1123', + name: 'Excessive Use of Self-Modifying Code', + status: 'Incomplete', + }, + { id: 'CWE-1124', name: 'Excessively Deep Nesting', status: 'Incomplete' }, + { id: 'CWE-1125', name: 'Excessive Attack Surface', status: 'Incomplete' }, + { + id: 'CWE-1126', + name: 'Declaration of Variable with Unnecessarily Wide Scope', + status: 'Incomplete', + }, + { + id: 'CWE-1127', + name: 'Compilation with Insufficient Warnings or Errors', + status: 'Incomplete', + }, + { + id: 'CWE-113', + name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')", + status: 'Incomplete', + }, + { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, + { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, + { + id: 'CWE-116', + name: 'Improper Encoding or Escaping of Output', + status: 'Draft', + }, + { id: 'CWE-1164', name: 'Irrelevant Code', status: 'Incomplete' }, + { + id: 'CWE-117', + name: 'Improper Output Neutralization for Logs', + status: 'Draft', + }, + { + id: 'CWE-1173', + name: 'Improper Use of Validation Framework', + status: 'Draft', + }, + { + id: 'CWE-1174', + name: 'ASP.NET Misconfiguration: Improper Model Validation', + status: 'Draft', + }, + { + id: 'CWE-1176', + name: 'Inefficient CPU Computation', + status: 'Incomplete', + }, + { id: 'CWE-1177', name: 'Use of Prohibited Code', status: 'Incomplete' }, + { + id: 'CWE-118', + name: "Incorrect Access of Indexable Resource ('Range Error')", + status: 'Incomplete', + }, + { + id: 'CWE-1187', + name: 'DEPRECATED: Use of Uninitialized Resource', + status: 'Deprecated', + }, + { + id: 'CWE-1188', + name: 'Insecure Default Initialization of Resource', + status: 'Incomplete', + }, + { + id: 'CWE-1189', + name: 'Improper Isolation of Shared Resources on System-on-Chip (SoC)', + status: 'Draft', + }, + { + id: 'CWE-119', + name: 'Improper Restriction of Operations within the Bounds of a Memory Buffer', + status: 'Stable', + }, + { + id: 'CWE-1190', + name: 'DMA Device Enabled Too Early in Boot Phase', + status: 'Draft', + }, + { + id: 'CWE-1191', + name: 'Exposed Chip Debug Interface With Insufficient Access Control', + status: 'Draft', + }, + { + id: 'CWE-1192', + name: 'System-on-Chip (SoC) Using Components without Unique, Immutable Identifiers', + status: 'Draft', + }, + { + id: 'CWE-1193', + name: 'Power-On of Untrusted Execution Core Before Enabling Fabric Access Control', + status: 'Draft', + }, + { + id: 'CWE-12', + name: 'ASP.NET Misconfiguration: Missing Custom Error Page', + status: 'Draft', + }, + { + id: 'CWE-120', + name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", + status: 'Incomplete', + }, + { + id: 'CWE-1209', + name: 'Failure to Disable Reserved Bits', + status: 'Incomplete', + }, + { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, + { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, + { + id: 'CWE-1220', + name: 'Insufficient Granularity of Access Control', + status: 'Incomplete', + }, + { + id: 'CWE-1221', + name: 'Incorrect Register Defaults or Module Parameters', + status: 'Incomplete', + }, + { + id: 'CWE-1222', + name: 'Insufficient Granularity of Address Regions Protected by Register Locks', + status: 'Incomplete', + }, + { + id: 'CWE-1223', + name: 'Race Condition for Write-Once Attributes', + status: 'Incomplete', + }, + { + id: 'CWE-1224', + name: 'Improper Restriction of Write-Once Bit Fields', + status: 'Incomplete', + }, + { + id: 'CWE-1229', + name: 'Creation of Emergent Resource', + status: 'Incomplete', + }, + { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, + { + id: 'CWE-1230', + name: 'Exposure of Sensitive Information Through Metadata', + status: 'Incomplete', + }, + { + id: 'CWE-1231', + name: 'Improper Implementation of Lock Protection Registers', + status: 'Incomplete', + }, + { + id: 'CWE-1232', + name: 'Improper Lock Behavior After Power State Transition', + status: 'Incomplete', + }, + { + id: 'CWE-1233', + name: 'Improper Hardware Lock Protection for Security Sensitive Controls', + status: 'Incomplete', + }, + { + id: 'CWE-1234', + name: 'Hardware Internal or Debug Modes Allow Override of Locks', + status: 'Incomplete', + }, + { + id: 'CWE-1235', + name: 'Incorrect Use of Autoboxing and Unboxing for Performance Critical Operations', + status: 'Incomplete', + }, + { + id: 'CWE-1236', + name: 'Improper Neutralization of Formula Elements in a CSV File', + status: 'Incomplete', + }, + { + id: 'CWE-1239', + name: 'Improper Zeroization of Hardware Register', + status: 'Draft', + }, + { + id: 'CWE-124', + name: "Buffer Underwrite ('Buffer Underflow')", + status: 'Incomplete', + }, + { + id: 'CWE-1240', + name: 'Use of a Risky Cryptographic Primitive', + status: 'Draft', + }, + { + id: 'CWE-1241', + name: 'Use of Predictable Algorithm in Random Number Generator', + status: 'Draft', + }, + { + id: 'CWE-1242', + name: 'Inclusion of Undocumented Features or Chicken Bits', + status: 'Incomplete', + }, + { + id: 'CWE-1243', + name: 'Exposure of Security-Sensitive Fuse Values During Debug', + status: 'Incomplete', + }, + { + id: 'CWE-1244', + name: 'Improper Authorization on Physical Debug and Test Interfaces', + status: 'Incomplete', + }, + { + id: 'CWE-1245', + name: 'Improper Finite State Machines (FSMs) in Hardware Logic', + status: 'Incomplete', + }, + { + id: 'CWE-1246', + name: 'Improper Write Handling in Limited-write Non-Volatile Memories', + status: 'Incomplete', + }, + { + id: 'CWE-1247', + name: 'Missing Protection Against Voltage and Clock Glitches', + status: 'Incomplete', + }, + { + id: 'CWE-1248', + name: 'Semiconductor Defects in Hardware Logic with Security-Sensitive Implications', + status: 'Incomplete', + }, + { + id: 'CWE-1249', + name: 'Application-Level Admin Tool with Inconsistent View of Underlying Operating System', + status: 'Incomplete', + }, + { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, + { + id: 'CWE-1250', + name: 'Improper Preservation of Consistency Between Independent Representations of Shared State', + status: 'Incomplete', + }, + { + id: 'CWE-1251', + name: 'Mirrored Regions with Different Values', + status: 'Incomplete', + }, + { + id: 'CWE-1252', + name: 'CPU Hardware Not Configured to Support Exclusivity of Write and Execute Operations', + status: 'Incomplete', + }, + { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, + { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, + { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, + { + id: 'CWE-129', + name: 'Improper Validation of Array Index', + status: 'Draft', + }, + { + id: 'CWE-13', + name: 'ASP.NET Misconfiguration: Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-130', + name: 'Improper Handling of Length Parameter Inconsistency', + status: 'Incomplete', + }, + { + id: 'CWE-131', + name: 'Incorrect Calculation of Buffer Size', + status: 'Draft', + }, + { + id: 'CWE-132', + name: 'DEPRECATED (Duplicate): Miscalculated Null Termination', + status: 'Deprecated', + }, + { + id: 'CWE-134', + name: 'Use of Externally-Controlled Format String', + status: 'Draft', + }, + { + id: 'CWE-135', + name: 'Incorrect Calculation of Multi-Byte String Length', + status: 'Draft', + }, + { + id: 'CWE-138', + name: 'Improper Neutralization of Special Elements', + status: 'Draft', + }, + { + id: 'CWE-14', + name: 'Compiler Removal of Code to Clear Buffers', + status: 'Draft', + }, + { + id: 'CWE-140', + name: 'Improper Neutralization of Delimiters', + status: 'Draft', + }, + { + id: 'CWE-141', + name: 'Improper Neutralization of Parameter/Argument Delimiters', + status: 'Draft', + }, + { + id: 'CWE-142', + name: 'Improper Neutralization of Value Delimiters', + status: 'Draft', + }, + { + id: 'CWE-143', + name: 'Improper Neutralization of Record Delimiters', + status: 'Draft', + }, + { + id: 'CWE-144', + name: 'Improper Neutralization of Line Delimiters', + status: 'Draft', + }, + { + id: 'CWE-145', + name: 'Improper Neutralization of Section Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-146', + name: 'Improper Neutralization of Expression/Command Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-147', + name: 'Improper Neutralization of Input Terminators', + status: 'Draft', + }, + { + id: 'CWE-148', + name: 'Improper Neutralization of Input Leaders', + status: 'Draft', + }, + { + id: 'CWE-149', + name: 'Improper Neutralization of Quoting Syntax', + status: 'Draft', + }, + { + id: 'CWE-15', + name: 'External Control of System or Configuration Setting', + status: 'Incomplete', + }, + { + id: 'CWE-150', + name: 'Improper Neutralization of Escape, Meta, or Control Sequences', + status: 'Incomplete', + }, + { + id: 'CWE-151', + name: 'Improper Neutralization of Comment Delimiters', + status: 'Draft', + }, + { + id: 'CWE-152', + name: 'Improper Neutralization of Macro Symbols', + status: 'Draft', + }, + { + id: 'CWE-153', + name: 'Improper Neutralization of Substitution Characters', + status: 'Draft', + }, + { + id: 'CWE-154', + name: 'Improper Neutralization of Variable Name Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-155', + name: 'Improper Neutralization of Wildcards or Matching Symbols', + status: 'Draft', + }, + { + id: 'CWE-156', + name: 'Improper Neutralization of Whitespace', + status: 'Draft', + }, + { + id: 'CWE-157', + name: 'Failure to Sanitize Paired Delimiters', + status: 'Draft', + }, + { + id: 'CWE-158', + name: 'Improper Neutralization of Null Byte or NUL Character', + status: 'Incomplete', + }, + { + id: 'CWE-159', + name: 'Improper Handling of Invalid Use of Special Elements', + status: 'Draft', + }, + { + id: 'CWE-160', + name: 'Improper Neutralization of Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-161', + name: 'Improper Neutralization of Multiple Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-162', + name: 'Improper Neutralization of Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-163', + name: 'Improper Neutralization of Multiple Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-164', + name: 'Improper Neutralization of Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-165', + name: 'Improper Neutralization of Multiple Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-166', + name: 'Improper Handling of Missing Special Element', + status: 'Draft', + }, + { + id: 'CWE-167', + name: 'Improper Handling of Additional Special Element', + status: 'Draft', + }, + { + id: 'CWE-168', + name: 'Improper Handling of Inconsistent Special Elements', + status: 'Draft', + }, + { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, + { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, + { + id: 'CWE-173', + name: 'Improper Handling of Alternate Encoding', + status: 'Draft', + }, + { + id: 'CWE-174', + name: 'Double Decoding of the Same Data', + status: 'Draft', + }, + { + id: 'CWE-175', + name: 'Improper Handling of Mixed Encoding', + status: 'Draft', + }, + { + id: 'CWE-176', + name: 'Improper Handling of Unicode Encoding', + status: 'Draft', + }, + { + id: 'CWE-177', + name: 'Improper Handling of URL Encoding (Hex Encoding)', + status: 'Draft', + }, + { + id: 'CWE-178', + name: 'Improper Handling of Case Sensitivity', + status: 'Incomplete', + }, + { + id: 'CWE-179', + name: 'Incorrect Behavior Order: Early Validation', + status: 'Incomplete', + }, + { + id: 'CWE-180', + name: 'Incorrect Behavior Order: Validate Before Canonicalize', + status: 'Draft', + }, + { + id: 'CWE-181', + name: 'Incorrect Behavior Order: Validate Before Filter', + status: 'Draft', + }, + { + id: 'CWE-182', + name: 'Collapse of Data into Unsafe Value', + status: 'Draft', + }, + { + id: 'CWE-183', + name: 'Permissive List of Allowed Inputs', + status: 'Draft', + }, + { + id: 'CWE-184', + name: 'Incomplete List of Disallowed Inputs', + status: 'Draft', + }, + { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, + { + id: 'CWE-186', + name: 'Overly Restrictive Regular Expression', + status: 'Draft', + }, + { id: 'CWE-187', name: 'Partial String Comparison', status: 'Incomplete' }, + { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, + { id: 'CWE-190', name: 'Integer Overflow or Wraparound', status: 'Stable' }, + { + id: 'CWE-191', + name: 'Integer Underflow (Wrap or Wraparound)', + status: 'Draft', + }, + { id: 'CWE-192', name: 'Integer Coercion Error', status: 'Incomplete' }, + { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, + { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, + { + id: 'CWE-195', + name: 'Signed to Unsigned Conversion Error', + status: 'Draft', + }, + { + id: 'CWE-196', + name: 'Unsigned to Signed Conversion Error', + status: 'Draft', + }, + { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, + { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, + { id: 'CWE-20', name: 'Improper Input Validation', status: 'Stable' }, + { + id: 'CWE-200', + name: 'Exposure of Sensitive Information to an Unauthorized Actor', + status: 'Draft', + }, + { + id: 'CWE-201', + name: 'Exposure of Sensitive Information Through Sent Data', + status: 'Draft', + }, + { + id: 'CWE-202', + name: 'Exposure of Sensitive Information Through Data Queries', + status: 'Draft', + }, + { id: 'CWE-203', name: 'Observable Discrepancy', status: 'Incomplete' }, + { + id: 'CWE-204', + name: 'Observable Response Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-205', + name: 'Observable Behavioral Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-206', + name: 'Observable Internal Behavioral Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-207', + name: 'Observable Behavioral Discrepancy With Equivalent Products', + status: 'Draft', + }, + { + id: 'CWE-208', + name: 'Observable Timing Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-209', + name: 'Generation of Error Message Containing Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-210', + name: 'Self-generated Error Message Containing Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-211', + name: 'Externally-Generated Error Message Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-212', + name: 'Improper Removal of Sensitive Information Before Storage or Transfer', + status: 'Incomplete', + }, + { + id: 'CWE-213', + name: 'Exposure of Sensitive Information Due to Incompatible Policies', + status: 'Draft', + }, + { + id: 'CWE-214', + name: 'Invocation of Process Using Visible Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-215', + name: 'Insertion of Sensitive Information Into Debugging Code', + status: 'Draft', + }, + { + id: 'CWE-216', + name: 'DEPRECATED: Containment Errors (Container Errors)', + status: 'Deprecated', + }, + { + id: 'CWE-217', + name: 'DEPRECATED: Failure to Protect Stored Data from Modification', + status: 'Deprecated', + }, + { + id: 'CWE-218', + name: 'DEPRECATED (Duplicate): Failure to provide confidentiality for stored data', + status: 'Deprecated', + }, + { + id: 'CWE-219', + name: 'Storage of File with Sensitive Data Under Web Root', + status: 'Draft', + }, + { + id: 'CWE-22', + name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + status: 'Stable', + }, + { + id: 'CWE-220', + name: 'Storage of File With Sensitive Data Under FTP Root', + status: 'Draft', + }, + { + id: 'CWE-221', + name: 'Information Loss or Omission', + status: 'Incomplete', + }, + { + id: 'CWE-222', + name: 'Truncation of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-223', + name: 'Omission of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-224', + name: 'Obscured Security-relevant Information by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-225', + name: 'DEPRECATED (Duplicate): General Information Management Problems', + status: 'Deprecated', + }, + { + id: 'CWE-226', + name: 'Sensitive Information Uncleared in Resource Before Release for Reuse', + status: 'Draft', + }, + { + id: 'CWE-228', + name: 'Improper Handling of Syntactically Invalid Structure', + status: 'Incomplete', + }, + { + id: 'CWE-229', + name: 'Improper Handling of Values', + status: 'Incomplete', + }, + { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, + { + id: 'CWE-230', + name: 'Improper Handling of Missing Values', + status: 'Draft', + }, + { + id: 'CWE-231', + name: 'Improper Handling of Extra Values', + status: 'Draft', + }, + { + id: 'CWE-232', + name: 'Improper Handling of Undefined Values', + status: 'Draft', + }, + { + id: 'CWE-233', + name: 'Improper Handling of Parameters', + status: 'Incomplete', + }, + { + id: 'CWE-234', + name: 'Failure to Handle Missing Parameter', + status: 'Incomplete', + }, + { + id: 'CWE-235', + name: 'Improper Handling of Extra Parameters', + status: 'Draft', + }, + { + id: 'CWE-236', + name: 'Improper Handling of Undefined Parameters', + status: 'Draft', + }, + { + id: 'CWE-237', + name: 'Improper Handling of Structural Elements', + status: 'Incomplete', + }, + { + id: 'CWE-238', + name: 'Improper Handling of Incomplete Structural Elements', + status: 'Draft', + }, + { + id: 'CWE-239', + name: 'Failure to Handle Incomplete Element', + status: 'Draft', + }, + { + id: 'CWE-24', + name: "Path Traversal: '../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-240', + name: 'Improper Handling of Inconsistent Structural Elements', + status: 'Draft', + }, + { + id: 'CWE-241', + name: 'Improper Handling of Unexpected Data Type', + status: 'Draft', + }, + { + id: 'CWE-242', + name: 'Use of Inherently Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-243', + name: 'Creation of chroot Jail Without Changing Working Directory', + status: 'Draft', + }, + { + id: 'CWE-244', + name: "Improper Clearing of Heap Memory Before Release ('Heap Inspection')", + status: 'Draft', + }, + { + id: 'CWE-245', + name: 'J2EE Bad Practices: Direct Management of Connections', + status: 'Draft', + }, + { + id: 'CWE-246', + name: 'J2EE Bad Practices: Direct Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-247', + name: 'DEPRECATED (Duplicate): Reliance on DNS Lookups in a Security Decision', + status: 'Deprecated', + }, + { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, + { + id: 'CWE-249', + name: 'DEPRECATED: Often Misused: Path Manipulation', + status: 'Deprecated', + }, + { + id: 'CWE-25', + name: "Path Traversal: '/../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-250', + name: 'Execution with Unnecessary Privileges', + status: 'Draft', + }, + { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, + { + id: 'CWE-253', + name: 'Incorrect Check of Function Return Value', + status: 'Incomplete', + }, + { + id: 'CWE-256', + name: 'Unprotected Storage of Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-257', + name: 'Storing Passwords in a Recoverable Format', + status: 'Incomplete', + }, + { + id: 'CWE-258', + name: 'Empty Password in Configuration File', + status: 'Incomplete', + }, + { id: 'CWE-259', name: 'Use of Hard-coded Password', status: 'Draft' }, + { + id: 'CWE-26', + name: "Path Traversal: '/dir/../filename'", + status: 'Draft', + }, + { + id: 'CWE-260', + name: 'Password in Configuration File', + status: 'Incomplete', + }, + { id: 'CWE-261', name: 'Weak Encoding for Password', status: 'Incomplete' }, + { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, + { + id: 'CWE-263', + name: 'Password Aging with Long Expiration', + status: 'Draft', + }, + { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, + { + id: 'CWE-267', + name: 'Privilege Defined With Unsafe Actions', + status: 'Incomplete', + }, + { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, + { id: 'CWE-269', name: 'Improper Privilege Management', status: 'Draft' }, + { + id: 'CWE-27', + name: "Path Traversal: 'dir/../../filename'", + status: 'Draft', + }, + { + id: 'CWE-270', + name: 'Privilege Context Switching Error', + status: 'Draft', + }, + { + id: 'CWE-271', + name: 'Privilege Dropping / Lowering Errors', + status: 'Incomplete', + }, + { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, + { + id: 'CWE-273', + name: 'Improper Check for Dropped Privileges', + status: 'Incomplete', + }, + { + id: 'CWE-274', + name: 'Improper Handling of Insufficient Privileges', + status: 'Draft', + }, + { id: 'CWE-276', name: 'Incorrect Default Permissions', status: 'Draft' }, + { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, + { + id: 'CWE-278', + name: 'Insecure Preserved Inherited Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-279', + name: 'Incorrect Execution-Assigned Permissions', + status: 'Draft', + }, + { + id: 'CWE-28', + name: "Path Traversal: '..\\filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-280', + name: 'Improper Handling of Insufficient Permissions or Privileges ', + status: 'Draft', + }, + { + id: 'CWE-281', + name: 'Improper Preservation of Permissions', + status: 'Draft', + }, + { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, + { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, + { id: 'CWE-284', name: 'Improper Access Control', status: 'Incomplete' }, + { id: 'CWE-285', name: 'Improper Authorization', status: 'Draft' }, + { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, + { id: 'CWE-287', name: 'Improper Authentication', status: 'Draft' }, + { + id: 'CWE-288', + name: 'Authentication Bypass Using an Alternate Path or Channel', + status: 'Incomplete', + }, + { + id: 'CWE-289', + name: 'Authentication Bypass by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-29', + name: "Path Traversal: '\\..\\filename'", + status: 'Incomplete', + }, + { + id: 'CWE-290', + name: 'Authentication Bypass by Spoofing', + status: 'Incomplete', + }, + { + id: 'CWE-291', + name: 'Reliance on IP Address for Authentication', + status: 'Incomplete', + }, + { + id: 'CWE-292', + name: 'DEPRECATED (Duplicate): Trusting Self-reported DNS Name', + status: 'Deprecated', + }, + { + id: 'CWE-293', + name: 'Using Referer Field for Authentication', + status: 'Draft', + }, + { + id: 'CWE-294', + name: 'Authentication Bypass by Capture-replay', + status: 'Incomplete', + }, + { id: 'CWE-295', name: 'Improper Certificate Validation', status: 'Draft' }, + { + id: 'CWE-296', + name: "Improper Following of a Certificate's Chain of Trust", + status: 'Draft', + }, + { + id: 'CWE-297', + name: 'Improper Validation of Certificate with Host Mismatch', + status: 'Incomplete', + }, + { + id: 'CWE-298', + name: 'Improper Validation of Certificate Expiration', + status: 'Draft', + }, + { + id: 'CWE-299', + name: 'Improper Check for Certificate Revocation', + status: 'Draft', + }, + { + id: 'CWE-30', + name: "Path Traversal: '\\dir\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-300', + name: 'Channel Accessible by Non-Endpoint', + status: 'Draft', + }, + { + id: 'CWE-301', + name: 'Reflection Attack in an Authentication Protocol', + status: 'Draft', + }, + { + id: 'CWE-302', + name: 'Authentication Bypass by Assumed-Immutable Data', + status: 'Incomplete', + }, + { + id: 'CWE-303', + name: 'Incorrect Implementation of Authentication Algorithm', + status: 'Draft', + }, + { + id: 'CWE-304', + name: 'Missing Critical Step in Authentication', + status: 'Draft', + }, + { + id: 'CWE-305', + name: 'Authentication Bypass by Primary Weakness', + status: 'Draft', + }, + { + id: 'CWE-306', + name: 'Missing Authentication for Critical Function', + status: 'Draft', + }, + { + id: 'CWE-307', + name: 'Improper Restriction of Excessive Authentication Attempts', + status: 'Draft', + }, + { + id: 'CWE-308', + name: 'Use of Single-factor Authentication', + status: 'Draft', + }, + { + id: 'CWE-309', + name: 'Use of Password System for Primary Authentication', + status: 'Draft', + }, + { + id: 'CWE-31', + name: "Path Traversal: 'dir\\..\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-311', + name: 'Missing Encryption of Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-312', + name: 'Cleartext Storage of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-313', + name: 'Cleartext Storage in a File or on Disk', + status: 'Draft', + }, + { + id: 'CWE-314', + name: 'Cleartext Storage in the Registry', + status: 'Draft', + }, + { + id: 'CWE-315', + name: 'Cleartext Storage of Sensitive Information in a Cookie', + status: 'Draft', + }, + { + id: 'CWE-316', + name: 'Cleartext Storage of Sensitive Information in Memory', + status: 'Draft', + }, + { + id: 'CWE-317', + name: 'Cleartext Storage of Sensitive Information in GUI', + status: 'Draft', + }, + { + id: 'CWE-318', + name: 'Cleartext Storage of Sensitive Information in Executable', + status: 'Draft', + }, + { + id: 'CWE-319', + name: 'Cleartext Transmission of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-32', + name: "Path Traversal: '...' (Triple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-321', + name: 'Use of Hard-coded Cryptographic Key', + status: 'Draft', + }, + { + id: 'CWE-322', + name: 'Key Exchange without Entity Authentication', + status: 'Draft', + }, + { + id: 'CWE-323', + name: 'Reusing a Nonce, Key Pair in Encryption', + status: 'Incomplete', + }, + { + id: 'CWE-324', + name: 'Use of a Key Past its Expiration Date', + status: 'Draft', + }, + { + id: 'CWE-325', + name: 'Missing Required Cryptographic Step', + status: 'Draft', + }, + { id: 'CWE-326', name: 'Inadequate Encryption Strength', status: 'Draft' }, + { + id: 'CWE-327', + name: 'Use of a Broken or Risky Cryptographic Algorithm', + status: 'Draft', + }, + { id: 'CWE-328', name: 'Reversible One-Way Hash', status: 'Draft' }, + { + id: 'CWE-329', + name: 'Not Using a Random IV with CBC Mode', + status: 'Draft', + }, + { + id: 'CWE-33', + name: "Path Traversal: '....' (Multiple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-330', + name: 'Use of Insufficiently Random Values', + status: 'Stable', + }, + { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, + { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, + { + id: 'CWE-333', + name: 'Improper Handling of Insufficient Entropy in TRNG', + status: 'Draft', + }, + { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, + { + id: 'CWE-335', + name: 'Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + }, + { + id: 'CWE-336', + name: 'Same Seed in Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + }, + { + id: 'CWE-337', + name: 'Predictable Seed in Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + }, + { + id: 'CWE-338', + name: 'Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + }, + { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, + { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, + { + id: 'CWE-340', + name: 'Generation of Predictable Numbers or Identifiers', + status: 'Incomplete', + }, + { + id: 'CWE-341', + name: 'Predictable from Observable State', + status: 'Draft', + }, + { + id: 'CWE-342', + name: 'Predictable Exact Value from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-343', + name: 'Predictable Value Range from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-344', + name: 'Use of Invariant Value in Dynamically Changing Context', + status: 'Draft', + }, + { + id: 'CWE-345', + name: 'Insufficient Verification of Data Authenticity', + status: 'Draft', + }, + { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, + { + id: 'CWE-347', + name: 'Improper Verification of Cryptographic Signature', + status: 'Draft', + }, + { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, + { + id: 'CWE-349', + name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', + status: 'Draft', + }, + { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, + { + id: 'CWE-350', + name: 'Reliance on Reverse DNS Resolution for a Security-Critical Action', + status: 'Draft', + }, + { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, + { + id: 'CWE-352', + name: 'Cross-Site Request Forgery (CSRF)', + status: 'Stable', + }, + { + id: 'CWE-353', + name: 'Missing Support for Integrity Check', + status: 'Draft', + }, + { + id: 'CWE-354', + name: 'Improper Validation of Integrity Check Value', + status: 'Draft', + }, + { + id: 'CWE-356', + name: 'Product UI does not Warn User of Unsafe Actions', + status: 'Incomplete', + }, + { + id: 'CWE-357', + name: 'Insufficient UI Warning of Dangerous Operations', + status: 'Draft', + }, + { + id: 'CWE-358', + name: 'Improperly Implemented Security Check for Standard', + status: 'Draft', + }, + { + id: 'CWE-359', + name: 'Exposure of Private Personal Information to an Unauthorized Actor', + status: 'Incomplete', + }, + { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, + { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, + { + id: 'CWE-362', + name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", + status: 'Draft', + }, + { + id: 'CWE-363', + name: 'Race Condition Enabling Link Following', + status: 'Draft', + }, + { + id: 'CWE-364', + name: 'Signal Handler Race Condition', + status: 'Incomplete', + }, + { id: 'CWE-365', name: 'Race Condition in Switch', status: 'Draft' }, + { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, + { + id: 'CWE-367', + name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', + status: 'Incomplete', + }, + { + id: 'CWE-368', + name: 'Context Switching Race Condition', + status: 'Draft', + }, + { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, + { + id: 'CWE-37', + name: "Path Traversal: '/absolute/pathname/here'", + status: 'Draft', + }, + { + id: 'CWE-370', + name: 'Missing Check for Certificate Revocation after Initial Check', + status: 'Draft', + }, + { + id: 'CWE-372', + name: 'Incomplete Internal State Distinction', + status: 'Draft', + }, + { + id: 'CWE-373', + name: 'DEPRECATED: State Synchronization Error', + status: 'Deprecated', + }, + { + id: 'CWE-374', + name: 'Passing Mutable Objects to an Untrusted Method', + status: 'Draft', + }, + { + id: 'CWE-375', + name: 'Returning a Mutable Object to an Untrusted Caller', + status: 'Draft', + }, + { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, + { + id: 'CWE-378', + name: 'Creation of Temporary File With Insecure Permissions', + status: 'Draft', + }, + { + id: 'CWE-379', + name: 'Creation of Temporary File in Directory with Insecure Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-38', + name: "Path Traversal: '\\absolute\\pathname\\here'", + status: 'Draft', + }, + { + id: 'CWE-382', + name: 'J2EE Bad Practices: Use of System.exit()', + status: 'Draft', + }, + { + id: 'CWE-383', + name: 'J2EE Bad Practices: Direct Use of Threads', + status: 'Draft', + }, + { id: 'CWE-384', name: 'Session Fixation', status: 'Incomplete' }, + { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, + { + id: 'CWE-386', + name: 'Symbolic Name not Mapping to Correct Object', + status: 'Draft', + }, + { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, + { + id: 'CWE-390', + name: 'Detection of Error Condition Without Action', + status: 'Draft', + }, + { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, + { + id: 'CWE-392', + name: 'Missing Report of Error Condition', + status: 'Draft', + }, + { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, + { + id: 'CWE-394', + name: 'Unexpected Status Code or Return Value', + status: 'Draft', + }, + { + id: 'CWE-395', + name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', + status: 'Draft', + }, + { + id: 'CWE-396', + name: 'Declaration of Catch for Generic Exception', + status: 'Draft', + }, + { + id: 'CWE-397', + name: 'Declaration of Throws for Generic Exception', + status: 'Draft', + }, + { + id: 'CWE-40', + name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", + status: 'Draft', + }, + { + id: 'CWE-400', + name: 'Uncontrolled Resource Consumption', + status: 'Draft', + }, + { + id: 'CWE-401', + name: 'Missing Release of Memory after Effective Lifetime', + status: 'Draft', + }, + { + id: 'CWE-402', + name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", + status: 'Draft', + }, + { + id: 'CWE-403', + name: "Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')", + status: 'Draft', + }, + { + id: 'CWE-404', + name: 'Improper Resource Shutdown or Release', + status: 'Draft', + }, + { + id: 'CWE-405', + name: 'Asymmetric Resource Consumption (Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-406', + name: 'Insufficient Control of Network Message Volume (Network Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-407', + name: 'Inefficient Algorithmic Complexity', + status: 'Incomplete', + }, + { + id: 'CWE-408', + name: 'Incorrect Behavior Order: Early Amplification', + status: 'Draft', + }, + { + id: 'CWE-409', + name: 'Improper Handling of Highly Compressed Data (Data Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-41', + name: 'Improper Resolution of Path Equivalence', + status: 'Incomplete', + }, + { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, + { + id: 'CWE-412', + name: 'Unrestricted Externally Accessible Lock', + status: 'Incomplete', + }, + { id: 'CWE-413', name: 'Improper Resource Locking', status: 'Draft' }, + { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, + { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, + { id: 'CWE-416', name: 'Use After Free', status: 'Stable' }, + { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, + { + id: 'CWE-42', + name: "Path Equivalence: 'filename.' (Trailing Dot)", + status: 'Incomplete', + }, + { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, + { + id: 'CWE-421', + name: 'Race Condition During Access to Alternate Channel', + status: 'Draft', + }, + { + id: 'CWE-422', + name: "Unprotected Windows Messaging Channel ('Shatter')", + status: 'Draft', + }, + { + id: 'CWE-423', + name: 'DEPRECATED (Duplicate): Proxied Trusted Channel', + status: 'Deprecated', + }, + { + id: 'CWE-424', + name: 'Improper Protection of Alternate Path', + status: 'Draft', + }, + { + id: 'CWE-425', + name: "Direct Request ('Forced Browsing')", + status: 'Incomplete', + }, + { id: 'CWE-426', name: 'Untrusted Search Path', status: 'Stable' }, + { + id: 'CWE-427', + name: 'Uncontrolled Search Path Element', + status: 'Draft', + }, + { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, + { + id: 'CWE-43', + name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-430', + name: 'Deployment of Wrong Handler', + status: 'Incomplete', + }, + { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, + { + id: 'CWE-432', + name: 'Dangerous Signal Handler not Disabled During Sensitive Operations', + status: 'Draft', + }, + { + id: 'CWE-433', + name: 'Unparsed Raw Web Content Delivery', + status: 'Incomplete', + }, + { + id: 'CWE-434', + name: 'Unrestricted Upload of File with Dangerous Type', + status: 'Draft', + }, + { + id: 'CWE-435', + name: 'Improper Interaction Between Multiple Correctly-Behaving Entities', + status: 'Draft', + }, + { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, + { + id: 'CWE-437', + name: 'Incomplete Model of Endpoint Features', + status: 'Incomplete', + }, + { + id: 'CWE-439', + name: 'Behavioral Change in New Version or Environment', + status: 'Draft', + }, + { + id: 'CWE-44', + name: "Path Equivalence: 'file.name' (Internal Dot)", + status: 'Incomplete', + }, + { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, + { + id: 'CWE-441', + name: "Unintended Proxy or Intermediary ('Confused Deputy')", + status: 'Draft', + }, + { + id: 'CWE-443', + name: 'DEPRECATED (Duplicate): HTTP response splitting', + status: 'Deprecated', + }, + { + id: 'CWE-444', + name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')", + status: 'Incomplete', + }, + { + id: 'CWE-446', + name: 'UI Discrepancy for Security Feature', + status: 'Incomplete', + }, + { + id: 'CWE-447', + name: 'Unimplemented or Unsupported Feature in UI', + status: 'Draft', + }, + { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, + { + id: 'CWE-449', + name: 'The UI Performs the Wrong Action', + status: 'Incomplete', + }, + { + id: 'CWE-45', + name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-450', + name: 'Multiple Interpretations of UI Input', + status: 'Draft', + }, + { + id: 'CWE-451', + name: 'User Interface (UI) Misrepresentation of Critical Information', + status: 'Draft', + }, + { + id: 'CWE-453', + name: 'Insecure Default Variable Initialization', + status: 'Draft', + }, + { + id: 'CWE-454', + name: 'External Initialization of Trusted Variables or Data Stores', + status: 'Draft', + }, + { + id: 'CWE-455', + name: 'Non-exit on Failed Initialization', + status: 'Draft', + }, + { + id: 'CWE-456', + name: 'Missing Initialization of a Variable', + status: 'Draft', + }, + { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, + { + id: 'CWE-458', + name: 'DEPRECATED: Incorrect Initialization', + status: 'Deprecated', + }, + { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, + { + id: 'CWE-46', + name: "Path Equivalence: 'filename ' (Trailing Space)", + status: 'Incomplete', + }, + { + id: 'CWE-460', + name: 'Improper Cleanup on Thrown Exception', + status: 'Draft', + }, + { + id: 'CWE-462', + name: 'Duplicate Key in Associative List (Alist)', + status: 'Incomplete', + }, + { + id: 'CWE-463', + name: 'Deletion of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-464', + name: 'Addition of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-466', + name: 'Return of Pointer Value Outside of Expected Range', + status: 'Draft', + }, + { + id: 'CWE-467', + name: 'Use of sizeof() on a Pointer Type', + status: 'Draft', + }, + { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, + { + id: 'CWE-469', + name: 'Use of Pointer Subtraction to Determine Size', + status: 'Draft', + }, + { + id: 'CWE-47', + name: "Path Equivalence: ' filename' (Leading Space)", + status: 'Incomplete', + }, + { + id: 'CWE-470', + name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", + status: 'Draft', + }, + { + id: 'CWE-471', + name: 'Modification of Assumed-Immutable Data (MAID)', + status: 'Draft', + }, + { + id: 'CWE-472', + name: 'External Control of Assumed-Immutable Web Parameter', + status: 'Draft', + }, + { + id: 'CWE-473', + name: 'PHP External Variable Modification', + status: 'Draft', + }, + { + id: 'CWE-474', + name: 'Use of Function with Inconsistent Implementations', + status: 'Draft', + }, + { + id: 'CWE-475', + name: 'Undefined Behavior for Input to API', + status: 'Incomplete', + }, + { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Stable' }, + { id: 'CWE-477', name: 'Use of Obsolete Function', status: 'Draft' }, + { + id: 'CWE-478', + name: 'Missing Default Case in Switch Statement', + status: 'Draft', + }, + { + id: 'CWE-479', + name: 'Signal Handler Use of a Non-reentrant Function', + status: 'Draft', + }, + { + id: 'CWE-48', + name: "Path Equivalence: 'file name' (Internal Whitespace)", + status: 'Incomplete', + }, + { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, + { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, + { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, + { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, + { + id: 'CWE-484', + name: 'Omitted Break Statement in Switch', + status: 'Draft', + }, + { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, + { + id: 'CWE-487', + name: 'Reliance on Package-level Scope', + status: 'Incomplete', + }, + { + id: 'CWE-488', + name: 'Exposure of Data Element to Wrong Session', + status: 'Draft', + }, + { id: 'CWE-489', name: 'Active Debug Code', status: 'Draft' }, + { + id: 'CWE-49', + name: "Path Equivalence: 'filename/' (Trailing Slash)", + status: 'Incomplete', + }, + { + id: 'CWE-491', + name: "Public cloneable() Method Without Final ('Object Hijack')", + status: 'Draft', + }, + { + id: 'CWE-492', + name: 'Use of Inner Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-493', + name: 'Critical Public Variable Without Final Modifier', + status: 'Draft', + }, + { + id: 'CWE-494', + name: 'Download of Code Without Integrity Check', + status: 'Draft', + }, + { + id: 'CWE-495', + name: 'Private Data Structure Returned From A Public Method', + status: 'Draft', + }, + { + id: 'CWE-496', + name: 'Public Data Assigned to Private Array-Typed Field', + status: 'Incomplete', + }, + { + id: 'CWE-497', + name: 'Exposure of Sensitive System Information to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-498', + name: 'Cloneable Class Containing Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-499', + name: 'Serializable Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-5', + name: 'J2EE Misconfiguration: Data Transmission Without Encryption', + status: 'Draft', + }, + { + id: 'CWE-50', + name: "Path Equivalence: '//multiple/leading/slash'", + status: 'Incomplete', + }, + { + id: 'CWE-500', + name: 'Public Static Field Not Marked Final', + status: 'Draft', + }, + { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, + { + id: 'CWE-502', + name: 'Deserialization of Untrusted Data', + status: 'Draft', + }, + { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, + { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, + { + id: 'CWE-508', + name: 'Non-Replicating Malicious Code', + status: 'Incomplete', + }, + { + id: 'CWE-509', + name: 'Replicating Malicious Code (Virus or Worm)', + status: 'Incomplete', + }, + { + id: 'CWE-51', + name: "Path Equivalence: '/multiple//internal/slash'", + status: 'Incomplete', + }, + { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, + { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, + { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, + { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, + { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, + { + id: 'CWE-516', + name: 'DEPRECATED (Duplicate): Covert Timing Channel', + status: 'Deprecated', + }, + { + id: 'CWE-52', + name: "Path Equivalence: '/multiple/trailing/slash//'", + status: 'Incomplete', + }, + { + id: 'CWE-520', + name: '.NET Misconfiguration: Use of Impersonation', + status: 'Incomplete', + }, + { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, + { + id: 'CWE-522', + name: 'Insufficiently Protected Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-523', + name: 'Unprotected Transport of Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-524', + name: 'Use of Cache Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-525', + name: 'Use of Web Browser Cache Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-526', + name: 'Exposure of Sensitive Information Through Environmental Variables', + status: 'Incomplete', + }, + { + id: 'CWE-527', + name: 'Exposure of Version-Control Repository to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-528', + name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', + status: 'Draft', + }, + { + id: 'CWE-529', + name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-53', + name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", + status: 'Incomplete', + }, + { + id: 'CWE-530', + name: 'Exposure of Backup File to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-531', + name: 'Inclusion of Sensitive Information in Test Code', + status: 'Incomplete', + }, + { + id: 'CWE-532', + name: 'Insertion of Sensitive Information into Log File', + status: 'Incomplete', + }, + { + id: 'CWE-533', + name: 'DEPRECATED: Information Exposure Through Server Log Files', + status: 'Deprecated', + }, + { + id: 'CWE-534', + name: 'DEPRECATED: Information Exposure Through Debug Log Files', + status: 'Deprecated', + }, + { + id: 'CWE-535', + name: 'Exposure of Information Through Shell Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-536', + name: 'Servlet Runtime Error Message Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-537', + name: 'Java Runtime Error Message Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-538', + name: 'Insertion of Sensitive Information into Externally-Accessible File or Directory', + status: 'Draft', + }, + { + id: 'CWE-539', + name: 'Use of Persistent Cookies Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-54', + name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", + status: 'Incomplete', + }, + { + id: 'CWE-540', + name: 'Inclusion of Sensitive Information in Source Code', + status: 'Incomplete', + }, + { + id: 'CWE-541', + name: 'Inclusion of Sensitive Information in an Include File', + status: 'Incomplete', + }, + { + id: 'CWE-542', + name: 'DEPRECATED: Information Exposure Through Cleanup Log Files', + status: 'Deprecated', + }, + { + id: 'CWE-543', + name: 'Use of Singleton Pattern Without Synchronization in a Multithreaded Context', + status: 'Incomplete', + }, + { + id: 'CWE-544', + name: 'Missing Standardized Error Handling Mechanism', + status: 'Draft', + }, + { + id: 'CWE-545', + name: 'DEPRECATED: Use of Dynamic Class Loading', + status: 'Deprecated', + }, + { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, + { + id: 'CWE-547', + name: 'Use of Hard-coded, Security-relevant Constants', + status: 'Draft', + }, + { + id: 'CWE-548', + name: 'Exposure of Information Through Directory Listing', + status: 'Draft', + }, + { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, + { + id: 'CWE-55', + name: "Path Equivalence: '/./' (Single Dot Directory)", + status: 'Incomplete', + }, + { + id: 'CWE-550', + name: 'Server-generated Error Message Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-551', + name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', + status: 'Incomplete', + }, + { + id: 'CWE-552', + name: 'Files or Directories Accessible to External Parties', + status: 'Draft', + }, + { + id: 'CWE-553', + name: 'Command Shell in Externally Accessible Directory', + status: 'Incomplete', + }, + { + id: 'CWE-554', + name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', + status: 'Draft', + }, + { + id: 'CWE-555', + name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-556', + name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', + status: 'Incomplete', + }, + { + id: 'CWE-558', + name: 'Use of getlogin() in Multithreaded Application', + status: 'Draft', + }, + { + id: 'CWE-56', + name: "Path Equivalence: 'filedir*' (Wildcard)", + status: 'Incomplete', + }, + { + id: 'CWE-560', + name: 'Use of umask() with chmod-style Argument', + status: 'Draft', + }, + { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, + { + id: 'CWE-562', + name: 'Return of Stack Variable Address', + status: 'Draft', + }, + { + id: 'CWE-563', + name: 'Assignment to Variable without Use', + status: 'Draft', + }, + { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, + { + id: 'CWE-565', + name: 'Reliance on Cookies without Validation and Integrity Checking', + status: 'Incomplete', + }, + { + id: 'CWE-566', + name: 'Authorization Bypass Through User-Controlled SQL Primary Key', + status: 'Incomplete', + }, + { + id: 'CWE-567', + name: 'Unsynchronized Access to Shared Data in a Multithreaded Context', + status: 'Draft', + }, + { + id: 'CWE-568', + name: 'finalize() Method Without super.finalize()', + status: 'Draft', + }, + { + id: 'CWE-57', + name: "Path Equivalence: 'fakedir/../realdir/filename'", + status: 'Incomplete', + }, + { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, + { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, + { + id: 'CWE-572', + name: 'Call to Thread run() instead of start()', + status: 'Draft', + }, + { + id: 'CWE-573', + name: 'Improper Following of Specification by Caller', + status: 'Draft', + }, + { + id: 'CWE-574', + name: 'EJB Bad Practices: Use of Synchronization Primitives', + status: 'Draft', + }, + { + id: 'CWE-575', + name: 'EJB Bad Practices: Use of AWT Swing', + status: 'Draft', + }, + { + id: 'CWE-576', + name: 'EJB Bad Practices: Use of Java I/O', + status: 'Draft', + }, + { + id: 'CWE-577', + name: 'EJB Bad Practices: Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-578', + name: 'EJB Bad Practices: Use of Class Loader', + status: 'Draft', + }, + { + id: 'CWE-579', + name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', + status: 'Draft', + }, + { + id: 'CWE-58', + name: 'Path Equivalence: Windows 8.3 Filename', + status: 'Incomplete', + }, + { + id: 'CWE-580', + name: 'clone() Method Without super.clone()', + status: 'Draft', + }, + { + id: 'CWE-581', + name: 'Object Model Violation: Just One of Equals and Hashcode Defined', + status: 'Draft', + }, + { + id: 'CWE-582', + name: 'Array Declared Public, Final, and Static', + status: 'Draft', + }, + { + id: 'CWE-583', + name: 'finalize() Method Declared Public', + status: 'Incomplete', + }, + { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, + { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, + { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, + { + id: 'CWE-587', + name: 'Assignment of a Fixed Address to a Pointer', + status: 'Draft', + }, + { + id: 'CWE-588', + name: 'Attempt to Access Child of a Non-structure Pointer', + status: 'Incomplete', + }, + { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, + { + id: 'CWE-59', + name: "Improper Link Resolution Before File Access ('Link Following')", + status: 'Draft', + }, + { + id: 'CWE-590', + name: 'Free of Memory not on the Heap', + status: 'Incomplete', + }, + { + id: 'CWE-591', + name: 'Sensitive Data Storage in Improperly Locked Memory', + status: 'Draft', + }, + { + id: 'CWE-592', + name: 'DEPRECATED: Authentication Bypass Issues', + status: 'Deprecated', + }, + { + id: 'CWE-593', + name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', + status: 'Draft', + }, + { + id: 'CWE-594', + name: 'J2EE Framework: Saving Unserializable Objects to Disk', + status: 'Incomplete', + }, + { + id: 'CWE-595', + name: 'Comparison of Object References Instead of Object Contents', + status: 'Incomplete', + }, + { + id: 'CWE-596', + name: 'DEPRECATED: Incorrect Semantic Object Comparison', + status: 'Deprecated', + }, + { + id: 'CWE-597', + name: 'Use of Wrong Operator in String Comparison', + status: 'Draft', + }, + { + id: 'CWE-598', + name: 'Use of GET Request Method With Sensitive Query Strings', + status: 'Draft', + }, + { + id: 'CWE-599', + name: 'Missing Validation of OpenSSL Certificate', + status: 'Incomplete', + }, + { + id: 'CWE-6', + name: 'J2EE Misconfiguration: Insufficient Session-ID Length', + status: 'Incomplete', + }, + { id: 'CWE-600', name: 'Uncaught Exception in Servlet ', status: 'Draft' }, + { + id: 'CWE-601', + name: "URL Redirection to Untrusted Site ('Open Redirect')", + status: 'Draft', + }, + { + id: 'CWE-602', + name: 'Client-Side Enforcement of Server-Side Security', + status: 'Draft', + }, + { + id: 'CWE-603', + name: 'Use of Client-Side Authentication', + status: 'Draft', + }, + { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, + { + id: 'CWE-606', + name: 'Unchecked Input for Loop Condition', + status: 'Draft', + }, + { + id: 'CWE-607', + name: 'Public Static Final Field References Mutable Object', + status: 'Draft', + }, + { + id: 'CWE-608', + name: 'Struts: Non-private Field in ActionForm Class', + status: 'Draft', + }, + { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, + { + id: 'CWE-61', + name: 'UNIX Symbolic Link (Symlink) Following', + status: 'Incomplete', + }, + { + id: 'CWE-610', + name: 'Externally Controlled Reference to a Resource in Another Sphere', + status: 'Draft', + }, + { + id: 'CWE-611', + name: 'Improper Restriction of XML External Entity Reference', + status: 'Draft', + }, + { + id: 'CWE-612', + name: 'Improper Authorization of Index Containing Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-613', + name: 'Insufficient Session Expiration', + status: 'Incomplete', + }, + { + id: 'CWE-614', + name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", + status: 'Draft', + }, + { + id: 'CWE-615', + name: 'Inclusion of Sensitive Information in Source Code Comments', + status: 'Incomplete', + }, + { + id: 'CWE-616', + name: 'Incomplete Identification of Uploaded File Variables (PHP)', + status: 'Incomplete', + }, + { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, + { + id: 'CWE-618', + name: 'Exposed Unsafe ActiveX Method', + status: 'Incomplete', + }, + { + id: 'CWE-619', + name: "Dangling Database Cursor ('Cursor Injection')", + status: 'Incomplete', + }, + { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, + { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, + { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, + { + id: 'CWE-622', + name: 'Improper Validation of Function Hook Arguments', + status: 'Draft', + }, + { + id: 'CWE-623', + name: 'Unsafe ActiveX Control Marked Safe For Scripting', + status: 'Draft', + }, + { + id: 'CWE-624', + name: 'Executable Regular Expression Error', + status: 'Incomplete', + }, + { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, + { + id: 'CWE-626', + name: 'Null Byte Interaction Error (Poison Null Byte)', + status: 'Draft', + }, + { + id: 'CWE-627', + name: 'Dynamic Variable Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-628', + name: 'Function Call with Incorrectly Specified Arguments', + status: 'Draft', + }, + { + id: 'CWE-636', + name: "Not Failing Securely ('Failing Open')", + status: 'Draft', + }, + { + id: 'CWE-637', + name: "Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')", + status: 'Draft', + }, + { id: 'CWE-638', name: 'Not Using Complete Mediation', status: 'Draft' }, + { + id: 'CWE-639', + name: 'Authorization Bypass Through User-Controlled Key', + status: 'Incomplete', + }, + { + id: 'CWE-64', + name: 'Windows Shortcut Following (.LNK)', + status: 'Incomplete', + }, + { + id: 'CWE-640', + name: 'Weak Password Recovery Mechanism for Forgotten Password', + status: 'Incomplete', + }, + { + id: 'CWE-641', + name: 'Improper Restriction of Names for Files and Other Resources', + status: 'Incomplete', + }, + { + id: 'CWE-642', + name: 'External Control of Critical State Data', + status: 'Draft', + }, + { + id: 'CWE-643', + name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-644', + name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', + status: 'Incomplete', + }, + { + id: 'CWE-645', + name: 'Overly Restrictive Account Lockout Mechanism', + status: 'Incomplete', + }, + { + id: 'CWE-646', + name: 'Reliance on File Name or Extension of Externally-Supplied File', + status: 'Incomplete', + }, + { + id: 'CWE-647', + name: 'Use of Non-Canonical URL Paths for Authorization Decisions', + status: 'Incomplete', + }, + { + id: 'CWE-648', + name: 'Incorrect Use of Privileged APIs', + status: 'Incomplete', + }, + { + id: 'CWE-649', + name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', + status: 'Incomplete', + }, + { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, + { + id: 'CWE-650', + name: 'Trusting HTTP Permission Methods on the Server Side', + status: 'Incomplete', + }, + { + id: 'CWE-651', + name: 'Exposure of WSDL File Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-652', + name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-653', + name: 'Insufficient Compartmentalization', + status: 'Draft', + }, + { + id: 'CWE-654', + name: 'Reliance on a Single Factor in a Security Decision', + status: 'Draft', + }, + { + id: 'CWE-655', + name: 'Insufficient Psychological Acceptability', + status: 'Draft', + }, + { + id: 'CWE-656', + name: 'Reliance on Security Through Obscurity', + status: 'Draft', + }, + { + id: 'CWE-657', + name: 'Violation of Secure Design Principles', + status: 'Draft', + }, + { + id: 'CWE-66', + name: 'Improper Handling of File Names that Identify Virtual Resources', + status: 'Draft', + }, + { id: 'CWE-662', name: 'Improper Synchronization', status: 'Draft' }, + { + id: 'CWE-663', + name: 'Use of a Non-reentrant Function in a Concurrent Context', + status: 'Draft', + }, + { + id: 'CWE-664', + name: 'Improper Control of a Resource Through its Lifetime', + status: 'Draft', + }, + { id: 'CWE-665', name: 'Improper Initialization', status: 'Draft' }, + { + id: 'CWE-666', + name: 'Operation on Resource in Wrong Phase of Lifetime', + status: 'Draft', + }, + { id: 'CWE-667', name: 'Improper Locking', status: 'Draft' }, + { + id: 'CWE-668', + name: 'Exposure of Resource to Wrong Sphere', + status: 'Draft', + }, + { + id: 'CWE-669', + name: 'Incorrect Resource Transfer Between Spheres', + status: 'Draft', + }, + { + id: 'CWE-67', + name: 'Improper Handling of Windows Device Names', + status: 'Incomplete', + }, + { + id: 'CWE-670', + name: 'Always-Incorrect Control Flow Implementation', + status: 'Draft', + }, + { + id: 'CWE-671', + name: 'Lack of Administrator Control over Security', + status: 'Draft', + }, + { + id: 'CWE-672', + name: 'Operation on a Resource after Expiration or Release', + status: 'Draft', + }, + { + id: 'CWE-673', + name: 'External Influence of Sphere Definition', + status: 'Draft', + }, + { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, + { + id: 'CWE-675', + name: 'Duplicate Operations on Resource', + status: 'Draft', + }, + { + id: 'CWE-676', + name: 'Use of Potentially Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-680', + name: 'Integer Overflow to Buffer Overflow', + status: 'Draft', + }, + { + id: 'CWE-681', + name: 'Incorrect Conversion between Numeric Types', + status: 'Draft', + }, + { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, + { + id: 'CWE-683', + name: 'Function Call With Incorrect Order of Arguments', + status: 'Draft', + }, + { + id: 'CWE-684', + name: 'Incorrect Provision of Specified Functionality', + status: 'Draft', + }, + { + id: 'CWE-685', + name: 'Function Call With Incorrect Number of Arguments', + status: 'Draft', + }, + { + id: 'CWE-686', + name: 'Function Call With Incorrect Argument Type', + status: 'Draft', + }, + { + id: 'CWE-687', + name: 'Function Call With Incorrectly Specified Argument Value', + status: 'Draft', + }, + { + id: 'CWE-688', + name: 'Function Call With Incorrect Variable or Reference as Argument', + status: 'Draft', + }, + { + id: 'CWE-689', + name: 'Permission Race Condition During Resource Copy', + status: 'Draft', + }, + { + id: 'CWE-69', + name: 'Improper Handling of Windows ::DATA Alternate Data Stream', + status: 'Incomplete', + }, + { + id: 'CWE-690', + name: 'Unchecked Return Value to NULL Pointer Dereference', + status: 'Draft', + }, + { + id: 'CWE-691', + name: 'Insufficient Control Flow Management', + status: 'Draft', + }, + { + id: 'CWE-692', + name: 'Incomplete Blacklist to Cross-Site Scripting', + status: 'Draft', + }, + { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, + { + id: 'CWE-694', + name: 'Use of Multiple Resources with Duplicate Identifier', + status: 'Incomplete', + }, + { + id: 'CWE-695', + name: 'Use of Low-Level Functionality', + status: 'Incomplete', + }, + { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, + { id: 'CWE-697', name: 'Incorrect Comparison', status: 'Incomplete' }, + { + id: 'CWE-698', + name: 'Execution After Redirect (EAR)', + status: 'Incomplete', + }, + { + id: 'CWE-7', + name: 'J2EE Misconfiguration: Missing Custom Error Page', + status: 'Incomplete', + }, + { + id: 'CWE-703', + name: 'Improper Check or Handling of Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-704', + name: 'Incorrect Type Conversion or Cast', + status: 'Incomplete', + }, + { + id: 'CWE-705', + name: 'Incorrect Control Flow Scoping', + status: 'Incomplete', + }, + { + id: 'CWE-706', + name: 'Use of Incorrectly-Resolved Name or Reference', + status: 'Incomplete', + }, + { id: 'CWE-707', name: 'Improper Neutralization', status: 'Incomplete' }, + { + id: 'CWE-708', + name: 'Incorrect Ownership Assignment', + status: 'Incomplete', + }, + { + id: 'CWE-71', + name: "DEPRECATED: Apple '.DS_Store'", + status: 'Deprecated', + }, + { + id: 'CWE-710', + name: 'Improper Adherence to Coding Standards', + status: 'Incomplete', + }, + { + id: 'CWE-72', + name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', + status: 'Incomplete', + }, + { + id: 'CWE-73', + name: 'External Control of File Name or Path', + status: 'Draft', + }, + { + id: 'CWE-732', + name: 'Incorrect Permission Assignment for Critical Resource', + status: 'Draft', + }, + { + id: 'CWE-733', + name: 'Compiler Optimization Removal or Modification of Security-critical Code', + status: 'Incomplete', + }, + { + id: 'CWE-74', + name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-749', + name: 'Exposed Dangerous Method or Function', + status: 'Incomplete', + }, + { + id: 'CWE-75', + name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', + status: 'Draft', + }, + { + id: 'CWE-754', + name: 'Improper Check for Unusual or Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-755', + name: 'Improper Handling of Exceptional Conditions', + status: 'Incomplete', + }, + { id: 'CWE-756', name: 'Missing Custom Error Page', status: 'Incomplete' }, + { + id: 'CWE-757', + name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", + status: 'Incomplete', + }, + { + id: 'CWE-758', + name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', + status: 'Incomplete', + }, + { + id: 'CWE-759', + name: 'Use of a One-Way Hash without a Salt', + status: 'Incomplete', + }, + { + id: 'CWE-76', + name: 'Improper Neutralization of Equivalent Special Elements', + status: 'Draft', + }, + { + id: 'CWE-760', + name: 'Use of a One-Way Hash with a Predictable Salt', + status: 'Incomplete', + }, + { + id: 'CWE-761', + name: 'Free of Pointer not at Start of Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-762', + name: 'Mismatched Memory Management Routines', + status: 'Incomplete', + }, + { + id: 'CWE-763', + name: 'Release of Invalid Pointer or Reference', + status: 'Incomplete', + }, + { + id: 'CWE-764', + name: 'Multiple Locks of a Critical Resource', + status: 'Incomplete', + }, + { + id: 'CWE-765', + name: 'Multiple Unlocks of a Critical Resource', + status: 'Incomplete', + }, + { + id: 'CWE-766', + name: 'Critical Data Element Declared Public', + status: 'Incomplete', + }, + { + id: 'CWE-767', + name: 'Access to Critical Private Variable via Public Method', + status: 'Incomplete', + }, + { + id: 'CWE-768', + name: 'Incorrect Short Circuit Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-769', + name: 'DEPRECATED: Uncontrolled File Descriptor Consumption', + status: 'Deprecated', + }, + { + id: 'CWE-77', + name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", + status: 'Draft', + }, + { + id: 'CWE-770', + name: 'Allocation of Resources Without Limits or Throttling', + status: 'Incomplete', + }, + { + id: 'CWE-771', + name: 'Missing Reference to Active Allocated Resource', + status: 'Incomplete', + }, + { + id: 'CWE-772', + name: 'Missing Release of Resource after Effective Lifetime', + status: 'Draft', + }, + { + id: 'CWE-773', + name: 'Missing Reference to Active File Descriptor or Handle', + status: 'Incomplete', + }, + { + id: 'CWE-774', + name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', + status: 'Incomplete', + }, + { + id: 'CWE-775', + name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-776', + name: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", + status: 'Draft', + }, + { + id: 'CWE-777', + name: 'Regular Expression without Anchors', + status: 'Incomplete', + }, + { id: 'CWE-778', name: 'Insufficient Logging', status: 'Draft' }, + { id: 'CWE-779', name: 'Logging of Excessive Data', status: 'Draft' }, + { + id: 'CWE-78', + name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", + status: 'Stable', + }, + { + id: 'CWE-780', + name: 'Use of RSA Algorithm without OAEP', + status: 'Incomplete', + }, + { + id: 'CWE-781', + name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', + status: 'Draft', + }, + { + id: 'CWE-782', + name: 'Exposed IOCTL with Insufficient Access Control', + status: 'Draft', + }, + { id: 'CWE-783', name: 'Operator Precedence Logic Error', status: 'Draft' }, + { + id: 'CWE-784', + name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', + status: 'Draft', + }, + { + id: 'CWE-785', + name: 'Use of Path Manipulation Function without Maximum-sized Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-786', + name: 'Access of Memory Location Before Start of Buffer', + status: 'Incomplete', + }, + { id: 'CWE-787', name: 'Out-of-bounds Write', status: 'Draft' }, + { + id: 'CWE-788', + name: 'Access of Memory Location After End of Buffer', + status: 'Incomplete', + }, + { id: 'CWE-789', name: 'Uncontrolled Memory Allocation', status: 'Draft' }, + { + id: 'CWE-79', + name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + status: 'Stable', + }, + { + id: 'CWE-790', + name: 'Improper Filtering of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-791', + name: 'Incomplete Filtering of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-792', + name: 'Incomplete Filtering of One or More Instances of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-793', + name: 'Only Filtering One Instance of a Special Element', + status: 'Incomplete', + }, + { + id: 'CWE-794', + name: 'Incomplete Filtering of Multiple Instances of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-795', + name: 'Only Filtering Special Elements at a Specified Location', + status: 'Incomplete', + }, + { + id: 'CWE-796', + name: 'Only Filtering Special Elements Relative to a Marker', + status: 'Incomplete', + }, + { + id: 'CWE-797', + name: 'Only Filtering Special Elements at an Absolute Position', + status: 'Incomplete', + }, + { id: 'CWE-798', name: 'Use of Hard-coded Credentials', status: 'Draft' }, + { + id: 'CWE-799', + name: 'Improper Control of Interaction Frequency', + status: 'Incomplete', + }, + { + id: 'CWE-8', + name: 'J2EE Misconfiguration: Entity Bean Declared Remote', + status: 'Incomplete', + }, + { + id: 'CWE-80', + name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', + status: 'Incomplete', + }, + { id: 'CWE-804', name: 'Guessable CAPTCHA', status: 'Incomplete' }, + { + id: 'CWE-805', + name: 'Buffer Access with Incorrect Length Value', + status: 'Incomplete', + }, + { + id: 'CWE-806', + name: 'Buffer Access Using Size of Source Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-807', + name: 'Reliance on Untrusted Inputs in a Security Decision', + status: 'Incomplete', + }, + { + id: 'CWE-81', + name: 'Improper Neutralization of Script in an Error Message Web Page', + status: 'Incomplete', + }, + { + id: 'CWE-82', + name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', + status: 'Incomplete', + }, + { id: 'CWE-820', name: 'Missing Synchronization', status: 'Incomplete' }, + { id: 'CWE-821', name: 'Incorrect Synchronization', status: 'Incomplete' }, + { + id: 'CWE-822', + name: 'Untrusted Pointer Dereference', + status: 'Incomplete', + }, + { + id: 'CWE-823', + name: 'Use of Out-of-range Pointer Offset', + status: 'Incomplete', + }, + { + id: 'CWE-824', + name: 'Access of Uninitialized Pointer', + status: 'Incomplete', + }, + { + id: 'CWE-825', + name: 'Expired Pointer Dereference', + status: 'Incomplete', + }, + { + id: 'CWE-826', + name: 'Premature Release of Resource During Expected Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-827', + name: 'Improper Control of Document Type Definition', + status: 'Incomplete', + }, + { + id: 'CWE-828', + name: 'Signal Handler with Functionality that is not Asynchronous-Safe', + status: 'Incomplete', + }, + { + id: 'CWE-829', + name: 'Inclusion of Functionality from Untrusted Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-83', + name: 'Improper Neutralization of Script in Attributes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-830', + name: 'Inclusion of Web Functionality from an Untrusted Source', + status: 'Incomplete', + }, + { + id: 'CWE-831', + name: 'Signal Handler Function Associated with Multiple Signals', + status: 'Incomplete', + }, + { + id: 'CWE-832', + name: 'Unlock of a Resource that is not Locked', + status: 'Incomplete', + }, + { id: 'CWE-833', name: 'Deadlock', status: 'Incomplete' }, + { id: 'CWE-834', name: 'Excessive Iteration', status: 'Incomplete' }, + { + id: 'CWE-835', + name: "Loop with Unreachable Exit Condition ('Infinite Loop')", + status: 'Incomplete', + }, + { + id: 'CWE-836', + name: 'Use of Password Hash Instead of Password for Authentication', + status: 'Incomplete', + }, + { + id: 'CWE-837', + name: 'Improper Enforcement of a Single, Unique Action', + status: 'Incomplete', + }, + { + id: 'CWE-838', + name: 'Inappropriate Encoding for Output Context', + status: 'Incomplete', + }, + { + id: 'CWE-839', + name: 'Numeric Range Comparison Without Minimum Check', + status: 'Incomplete', + }, + { + id: 'CWE-84', + name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-841', + name: 'Improper Enforcement of Behavioral Workflow', + status: 'Incomplete', + }, + { + id: 'CWE-842', + name: 'Placement of User into Incorrect Group', + status: 'Incomplete', + }, + { + id: 'CWE-843', + name: "Access of Resource Using Incompatible Type ('Type Confusion')", + status: 'Incomplete', + }, + { + id: 'CWE-85', + name: 'Doubled Character XSS Manipulations', + status: 'Draft', + }, + { + id: 'CWE-86', + name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', + status: 'Draft', + }, + { id: 'CWE-862', name: 'Missing Authorization', status: 'Incomplete' }, + { id: 'CWE-863', name: 'Incorrect Authorization', status: 'Incomplete' }, + { + id: 'CWE-87', + name: 'Improper Neutralization of Alternate XSS Syntax', + status: 'Draft', + }, + { + id: 'CWE-88', + name: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", + status: 'Draft', + }, + { + id: 'CWE-89', + name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + status: 'Stable', + }, + { + id: 'CWE-9', + name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', + status: 'Draft', + }, + { + id: 'CWE-90', + name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", + status: 'Draft', + }, + { + id: 'CWE-908', + name: 'Use of Uninitialized Resource', + status: 'Incomplete', + }, + { + id: 'CWE-909', + name: 'Missing Initialization of Resource', + status: 'Incomplete', + }, + { + id: 'CWE-91', + name: 'XML Injection (aka Blind XPath Injection)', + status: 'Draft', + }, + { + id: 'CWE-910', + name: 'Use of Expired File Descriptor', + status: 'Incomplete', + }, + { + id: 'CWE-911', + name: 'Improper Update of Reference Count', + status: 'Incomplete', + }, + { id: 'CWE-912', name: 'Hidden Functionality', status: 'Incomplete' }, + { + id: 'CWE-913', + name: 'Improper Control of Dynamically-Managed Code Resources', + status: 'Incomplete', + }, + { + id: 'CWE-914', + name: 'Improper Control of Dynamically-Identified Variables', + status: 'Incomplete', + }, + { + id: 'CWE-915', + name: 'Improperly Controlled Modification of Dynamically-Determined Object Attributes', + status: 'Incomplete', + }, + { + id: 'CWE-916', + name: 'Use of Password Hash With Insufficient Computational Effort', + status: 'Incomplete', + }, + { + id: 'CWE-917', + name: "Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-918', + name: 'Server-Side Request Forgery (SSRF)', + status: 'Incomplete', + }, + { + id: 'CWE-92', + name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', + status: 'Deprecated', + }, + { + id: 'CWE-920', + name: 'Improper Restriction of Power Consumption', + status: 'Incomplete', + }, + { + id: 'CWE-921', + name: 'Storage of Sensitive Data in a Mechanism without Access Control', + status: 'Incomplete', + }, + { + id: 'CWE-922', + name: 'Insecure Storage of Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-923', + name: 'Improper Restriction of Communication Channel to Intended Endpoints', + status: 'Incomplete', + }, + { + id: 'CWE-924', + name: 'Improper Enforcement of Message Integrity During Transmission in a Communication Channel', + status: 'Incomplete', + }, + { + id: 'CWE-925', + name: 'Improper Verification of Intent by Broadcast Receiver', + status: 'Incomplete', + }, + { + id: 'CWE-926', + name: 'Improper Export of Android Application Components', + status: 'Incomplete', + }, + { + id: 'CWE-927', + name: 'Use of Implicit Intent for Sensitive Communication', + status: 'Incomplete', + }, + { + id: 'CWE-93', + name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", + status: 'Draft', + }, + { + id: 'CWE-939', + name: 'Improper Authorization in Handler for Custom URL Scheme', + status: 'Incomplete', + }, + { + id: 'CWE-94', + name: "Improper Control of Generation of Code ('Code Injection')", + status: 'Draft', + }, + { + id: 'CWE-940', + name: 'Improper Verification of Source of a Communication Channel', + status: 'Incomplete', + }, + { + id: 'CWE-941', + name: 'Incorrectly Specified Destination in a Communication Channel', + status: 'Incomplete', + }, + { + id: 'CWE-942', + name: 'Overly Permissive Cross-domain Whitelist', + status: 'Incomplete', + }, + { + id: 'CWE-943', + name: 'Improper Neutralization of Special Elements in Data Query Logic', + status: 'Incomplete', + }, + { + id: 'CWE-95', + name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-96', + name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", + status: 'Draft', + }, + { + id: 'CWE-97', + name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', + status: 'Draft', + }, + { + id: 'CWE-98', + name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", + status: 'Draft', + }, + { + id: 'CWE-99', + name: "Improper Control of Resource Identifiers ('Resource Injection')", + status: 'Draft', + }, + ], +} diff --git a/lib/cwec/4.1.js b/lib/cwec/4.1.js new file mode 100644 index 00000000..813bde3a --- /dev/null +++ b/lib/cwec/4.1.js @@ -0,0 +1,3871 @@ +export default { + date: '2020-06-25', + weaknesses: [ + { + id: 'CWE-1004', + name: "Sensitive Cookie Without 'HttpOnly' Flag", + status: 'Incomplete', + }, + { + id: 'CWE-1007', + name: 'Insufficient Visual Distinction of Homoglyphs Presented to User', + status: 'Incomplete', + }, + { + id: 'CWE-102', + name: 'Struts: Duplicate Validation Forms', + status: 'Incomplete', + }, + { + id: 'CWE-1021', + name: 'Improper Restriction of Rendered UI Layers or Frames', + status: 'Incomplete', + }, + { + id: 'CWE-1022', + name: 'Use of Web Link to Untrusted Target with window.opener Access', + status: 'Incomplete', + }, + { + id: 'CWE-1023', + name: 'Incomplete Comparison with Missing Factors', + status: 'Incomplete', + }, + { + id: 'CWE-1024', + name: 'Comparison of Incompatible Types', + status: 'Incomplete', + }, + { + id: 'CWE-1025', + name: 'Comparison Using Wrong Factors', + status: 'Incomplete', + }, + { + id: 'CWE-103', + name: 'Struts: Incomplete validate() Method Definition', + status: 'Draft', + }, + { + id: 'CWE-1037', + name: 'Processor Optimization Removal or Modification of Security-critical Code', + status: 'Incomplete', + }, + { + id: 'CWE-1038', + name: 'Insecure Automated Optimizations', + status: 'Draft', + }, + { + id: 'CWE-1039', + name: 'Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations', + status: 'Incomplete', + }, + { + id: 'CWE-104', + name: 'Struts: Form Bean Does Not Extend Validation Class', + status: 'Draft', + }, + { id: 'CWE-1041', name: 'Use of Redundant Code', status: 'Incomplete' }, + { + id: 'CWE-1042', + name: 'Static Member Data Element outside of a Singleton Class Element', + status: 'Incomplete', + }, + { + id: 'CWE-1043', + name: 'Data Element Aggregating an Excessively Large Number of Non-Primitive Elements', + status: 'Incomplete', + }, + { + id: 'CWE-1044', + name: 'Architecture with Number of Horizontal Layers Outside of Expected Range', + status: 'Incomplete', + }, + { + id: 'CWE-1045', + name: 'Parent Class with a Virtual Destructor and a Child Class without a Virtual Destructor', + status: 'Incomplete', + }, + { + id: 'CWE-1046', + name: 'Creation of Immutable Text Using String Concatenation', + status: 'Incomplete', + }, + { + id: 'CWE-1047', + name: 'Modules with Circular Dependencies', + status: 'Incomplete', + }, + { + id: 'CWE-1048', + name: 'Invokable Control Element with Large Number of Outward Calls', + status: 'Incomplete', + }, + { + id: 'CWE-1049', + name: 'Excessive Data Query Operations in a Large Data Table', + status: 'Incomplete', + }, + { + id: 'CWE-105', + name: 'Struts: Form Field Without Validator', + status: 'Draft', + }, + { + id: 'CWE-1050', + name: 'Excessive Platform Resource Consumption within a Loop', + status: 'Incomplete', + }, + { + id: 'CWE-1051', + name: 'Initialization with Hard-Coded Network Resource Configuration Data', + status: 'Incomplete', + }, + { + id: 'CWE-1052', + name: 'Excessive Use of Hard-Coded Literals in Initialization', + status: 'Incomplete', + }, + { + id: 'CWE-1053', + name: 'Missing Documentation for Design', + status: 'Incomplete', + }, + { + id: 'CWE-1054', + name: 'Invocation of a Control Element at an Unnecessarily Deep Horizontal Layer', + status: 'Incomplete', + }, + { + id: 'CWE-1055', + name: 'Multiple Inheritance from Concrete Classes', + status: 'Incomplete', + }, + { + id: 'CWE-1056', + name: 'Invokable Control Element with Variadic Parameters', + status: 'Incomplete', + }, + { + id: 'CWE-1057', + name: 'Data Access Operations Outside of Expected Data Manager Component', + status: 'Incomplete', + }, + { + id: 'CWE-1058', + name: 'Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element', + status: 'Incomplete', + }, + { id: 'CWE-1059', name: 'Incomplete Documentation', status: 'Incomplete' }, + { + id: 'CWE-106', + name: 'Struts: Plug-in Framework not in Use', + status: 'Draft', + }, + { + id: 'CWE-1060', + name: 'Excessive Number of Inefficient Server-Side Data Accesses', + status: 'Incomplete', + }, + { + id: 'CWE-1061', + name: 'Insufficient Encapsulation', + status: 'Incomplete', + }, + { + id: 'CWE-1062', + name: 'Parent Class with References to Child Class', + status: 'Incomplete', + }, + { + id: 'CWE-1063', + name: 'Creation of Class Instance within a Static Code Block', + status: 'Incomplete', + }, + { + id: 'CWE-1064', + name: 'Invokable Control Element with Signature Containing an Excessive Number of Parameters', + status: 'Incomplete', + }, + { + id: 'CWE-1065', + name: 'Runtime Resource Management Control Element in a Component Built to Run on Application Servers', + status: 'Incomplete', + }, + { + id: 'CWE-1066', + name: 'Missing Serialization Control Element', + status: 'Incomplete', + }, + { + id: 'CWE-1067', + name: 'Excessive Execution of Sequential Searches of Data Resource', + status: 'Incomplete', + }, + { + id: 'CWE-1068', + name: 'Inconsistency Between Implementation and Documented Design', + status: 'Incomplete', + }, + { id: 'CWE-1069', name: 'Empty Exception Block', status: 'Incomplete' }, + { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, + { + id: 'CWE-1070', + name: 'Serializable Data Element Containing non-Serializable Item Elements', + status: 'Incomplete', + }, + { id: 'CWE-1071', name: 'Empty Code Block', status: 'Incomplete' }, + { + id: 'CWE-1072', + name: 'Data Resource Access without Use of Connection Pooling', + status: 'Incomplete', + }, + { + id: 'CWE-1073', + name: 'Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses', + status: 'Incomplete', + }, + { + id: 'CWE-1074', + name: 'Class with Excessively Deep Inheritance', + status: 'Incomplete', + }, + { + id: 'CWE-1075', + name: 'Unconditional Control Flow Transfer outside of Switch Block', + status: 'Incomplete', + }, + { + id: 'CWE-1076', + name: 'Insufficient Adherence to Expected Conventions', + status: 'Incomplete', + }, + { + id: 'CWE-1077', + name: 'Floating Point Comparison with Incorrect Operator', + status: 'Incomplete', + }, + { + id: 'CWE-1078', + name: 'Inappropriate Source Code Style or Formatting', + status: 'Incomplete', + }, + { + id: 'CWE-1079', + name: 'Parent Class without Virtual Destructor Method', + status: 'Incomplete', + }, + { + id: 'CWE-108', + name: 'Struts: Unvalidated Action Form', + status: 'Incomplete', + }, + { + id: 'CWE-1080', + name: 'Source Code File with Excessive Number of Lines of Code', + status: 'Incomplete', + }, + { + id: 'CWE-1082', + name: 'Class Instance Self Destruction Control Element', + status: 'Incomplete', + }, + { + id: 'CWE-1083', + name: 'Data Access from Outside Expected Data Manager Component', + status: 'Incomplete', + }, + { + id: 'CWE-1084', + name: 'Invokable Control Element with Excessive File or Data Access Operations', + status: 'Incomplete', + }, + { + id: 'CWE-1085', + name: 'Invokable Control Element with Excessive Volume of Commented-out Code', + status: 'Incomplete', + }, + { + id: 'CWE-1086', + name: 'Class with Excessive Number of Child Classes', + status: 'Incomplete', + }, + { + id: 'CWE-1087', + name: 'Class with Virtual Method without a Virtual Destructor', + status: 'Incomplete', + }, + { + id: 'CWE-1088', + name: 'Synchronous Access of Remote Resource without Timeout', + status: 'Incomplete', + }, + { + id: 'CWE-1089', + name: 'Large Data Table with Excessive Number of Indices', + status: 'Incomplete', + }, + { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, + { + id: 'CWE-1090', + name: 'Method Containing Access of a Member Element from Another Class', + status: 'Incomplete', + }, + { + id: 'CWE-1091', + name: 'Use of Object without Invoking Destructor Method', + status: 'Incomplete', + }, + { + id: 'CWE-1092', + name: 'Use of Same Invokable Control Element in Multiple Architectural Layers', + status: 'Incomplete', + }, + { + id: 'CWE-1093', + name: 'Excessively Complex Data Representation', + status: 'Incomplete', + }, + { + id: 'CWE-1094', + name: 'Excessive Index Range Scan for a Data Resource', + status: 'Incomplete', + }, + { + id: 'CWE-1095', + name: 'Loop Condition Value Update within the Loop', + status: 'Incomplete', + }, + { + id: 'CWE-1096', + name: 'Singleton Class Instance Creation without Proper Locking or Synchronization', + status: 'Incomplete', + }, + { + id: 'CWE-1097', + name: 'Persistent Storable Data Element without Associated Comparison Control Element', + status: 'Incomplete', + }, + { + id: 'CWE-1098', + name: 'Data Element containing Pointer Item without Proper Copy Control Element', + status: 'Incomplete', + }, + { + id: 'CWE-1099', + name: 'Inconsistent Naming Conventions for Identifiers', + status: 'Incomplete', + }, + { + id: 'CWE-11', + name: 'ASP.NET Misconfiguration: Creating Debug Binary', + status: 'Draft', + }, + { + id: 'CWE-110', + name: 'Struts: Validator Without Form Field', + status: 'Draft', + }, + { + id: 'CWE-1100', + name: 'Insufficient Isolation of System-Dependent Functions', + status: 'Incomplete', + }, + { + id: 'CWE-1101', + name: 'Reliance on Runtime Component in Generated Code', + status: 'Incomplete', + }, + { + id: 'CWE-1102', + name: 'Reliance on Machine-Dependent Data Representation', + status: 'Incomplete', + }, + { + id: 'CWE-1103', + name: 'Use of Platform-Dependent Third Party Components', + status: 'Incomplete', + }, + { + id: 'CWE-1104', + name: 'Use of Unmaintained Third Party Components', + status: 'Incomplete', + }, + { + id: 'CWE-1105', + name: 'Insufficient Encapsulation of Machine-Dependent Functionality', + status: 'Incomplete', + }, + { + id: 'CWE-1106', + name: 'Insufficient Use of Symbolic Constants', + status: 'Incomplete', + }, + { + id: 'CWE-1107', + name: 'Insufficient Isolation of Symbolic Constant Definitions', + status: 'Incomplete', + }, + { + id: 'CWE-1108', + name: 'Excessive Reliance on Global Variables', + status: 'Incomplete', + }, + { + id: 'CWE-1109', + name: 'Use of Same Variable for Multiple Purposes', + status: 'Incomplete', + }, + { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, + { + id: 'CWE-1110', + name: 'Incomplete Design Documentation', + status: 'Incomplete', + }, + { + id: 'CWE-1111', + name: 'Incomplete I/O Documentation', + status: 'Incomplete', + }, + { + id: 'CWE-1112', + name: 'Incomplete Documentation of Program Execution', + status: 'Incomplete', + }, + { + id: 'CWE-1113', + name: 'Inappropriate Comment Style', + status: 'Incomplete', + }, + { + id: 'CWE-1114', + name: 'Inappropriate Whitespace Style', + status: 'Incomplete', + }, + { + id: 'CWE-1115', + name: 'Source Code Element without Standard Prologue', + status: 'Incomplete', + }, + { id: 'CWE-1116', name: 'Inaccurate Comments', status: 'Incomplete' }, + { + id: 'CWE-1117', + name: 'Callable with Insufficient Behavioral Summary', + status: 'Incomplete', + }, + { + id: 'CWE-1118', + name: 'Insufficient Documentation of Error Handling Techniques', + status: 'Incomplete', + }, + { + id: 'CWE-1119', + name: 'Excessive Use of Unconditional Branching', + status: 'Incomplete', + }, + { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, + { id: 'CWE-1120', name: 'Excessive Code Complexity', status: 'Incomplete' }, + { + id: 'CWE-1121', + name: 'Excessive McCabe Cyclomatic Complexity', + status: 'Incomplete', + }, + { + id: 'CWE-1122', + name: 'Excessive Halstead Complexity', + status: 'Incomplete', + }, + { + id: 'CWE-1123', + name: 'Excessive Use of Self-Modifying Code', + status: 'Incomplete', + }, + { id: 'CWE-1124', name: 'Excessively Deep Nesting', status: 'Incomplete' }, + { id: 'CWE-1125', name: 'Excessive Attack Surface', status: 'Incomplete' }, + { + id: 'CWE-1126', + name: 'Declaration of Variable with Unnecessarily Wide Scope', + status: 'Incomplete', + }, + { + id: 'CWE-1127', + name: 'Compilation with Insufficient Warnings or Errors', + status: 'Incomplete', + }, + { + id: 'CWE-113', + name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')", + status: 'Incomplete', + }, + { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, + { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, + { + id: 'CWE-116', + name: 'Improper Encoding or Escaping of Output', + status: 'Draft', + }, + { id: 'CWE-1164', name: 'Irrelevant Code', status: 'Incomplete' }, + { + id: 'CWE-117', + name: 'Improper Output Neutralization for Logs', + status: 'Draft', + }, + { + id: 'CWE-1173', + name: 'Improper Use of Validation Framework', + status: 'Draft', + }, + { + id: 'CWE-1174', + name: 'ASP.NET Misconfiguration: Improper Model Validation', + status: 'Draft', + }, + { + id: 'CWE-1176', + name: 'Inefficient CPU Computation', + status: 'Incomplete', + }, + { id: 'CWE-1177', name: 'Use of Prohibited Code', status: 'Incomplete' }, + { + id: 'CWE-118', + name: "Incorrect Access of Indexable Resource ('Range Error')", + status: 'Incomplete', + }, + { + id: 'CWE-1187', + name: 'DEPRECATED: Use of Uninitialized Resource', + status: 'Deprecated', + }, + { + id: 'CWE-1188', + name: 'Insecure Default Initialization of Resource', + status: 'Incomplete', + }, + { + id: 'CWE-1189', + name: 'Improper Isolation of Shared Resources on System-on-Chip (SoC)', + status: 'Draft', + }, + { + id: 'CWE-119', + name: 'Improper Restriction of Operations within the Bounds of a Memory Buffer', + status: 'Stable', + }, + { + id: 'CWE-1190', + name: 'DMA Device Enabled Too Early in Boot Phase', + status: 'Draft', + }, + { + id: 'CWE-1191', + name: 'Exposed Chip Debug and or Test Interface With Insufficient Access Control', + status: 'Draft', + }, + { + id: 'CWE-1192', + name: 'System-on-Chip (SoC) Using Components without Unique, Immutable Identifiers', + status: 'Draft', + }, + { + id: 'CWE-1193', + name: 'Power-On of Untrusted Execution Core Before Enabling Fabric Access Control', + status: 'Draft', + }, + { + id: 'CWE-12', + name: 'ASP.NET Misconfiguration: Missing Custom Error Page', + status: 'Draft', + }, + { + id: 'CWE-120', + name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", + status: 'Incomplete', + }, + { + id: 'CWE-1209', + name: 'Failure to Disable Reserved Bits', + status: 'Incomplete', + }, + { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, + { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, + { + id: 'CWE-1220', + name: 'Insufficient Granularity of Access Control', + status: 'Incomplete', + }, + { + id: 'CWE-1221', + name: 'Incorrect Register Defaults or Module Parameters', + status: 'Incomplete', + }, + { + id: 'CWE-1222', + name: 'Insufficient Granularity of Address Regions Protected by Register Locks', + status: 'Incomplete', + }, + { + id: 'CWE-1223', + name: 'Race Condition for Write-Once Attributes', + status: 'Incomplete', + }, + { + id: 'CWE-1224', + name: 'Improper Restriction of Write-Once Bit Fields', + status: 'Incomplete', + }, + { + id: 'CWE-1229', + name: 'Creation of Emergent Resource', + status: 'Incomplete', + }, + { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, + { + id: 'CWE-1230', + name: 'Exposure of Sensitive Information Through Metadata', + status: 'Incomplete', + }, + { + id: 'CWE-1231', + name: 'Improper Implementation of Lock Protection Registers', + status: 'Incomplete', + }, + { + id: 'CWE-1232', + name: 'Improper Lock Behavior After Power State Transition', + status: 'Incomplete', + }, + { + id: 'CWE-1233', + name: 'Improper Hardware Lock Protection for Security Sensitive Controls', + status: 'Incomplete', + }, + { + id: 'CWE-1234', + name: 'Hardware Internal or Debug Modes Allow Override of Locks', + status: 'Incomplete', + }, + { + id: 'CWE-1235', + name: 'Incorrect Use of Autoboxing and Unboxing for Performance Critical Operations', + status: 'Incomplete', + }, + { + id: 'CWE-1236', + name: 'Improper Neutralization of Formula Elements in a CSV File', + status: 'Incomplete', + }, + { + id: 'CWE-1239', + name: 'Improper Zeroization of Hardware Register', + status: 'Draft', + }, + { + id: 'CWE-124', + name: "Buffer Underwrite ('Buffer Underflow')", + status: 'Incomplete', + }, + { + id: 'CWE-1240', + name: 'Use of a Risky Cryptographic Primitive', + status: 'Draft', + }, + { + id: 'CWE-1241', + name: 'Use of Predictable Algorithm in Random Number Generator', + status: 'Draft', + }, + { + id: 'CWE-1242', + name: 'Inclusion of Undocumented Features or Chicken Bits', + status: 'Incomplete', + }, + { + id: 'CWE-1243', + name: 'Exposure of Security-Sensitive Fuse Values During Debug', + status: 'Incomplete', + }, + { + id: 'CWE-1244', + name: 'Improper Authorization on Physical Debug and Test Interfaces', + status: 'Incomplete', + }, + { + id: 'CWE-1245', + name: 'Improper Finite State Machines (FSMs) in Hardware Logic', + status: 'Incomplete', + }, + { + id: 'CWE-1246', + name: 'Improper Write Handling in Limited-write Non-Volatile Memories', + status: 'Incomplete', + }, + { + id: 'CWE-1247', + name: 'Missing Protection Against Voltage and Clock Glitches', + status: 'Incomplete', + }, + { + id: 'CWE-1248', + name: 'Semiconductor Defects in Hardware Logic with Security-Sensitive Implications', + status: 'Incomplete', + }, + { + id: 'CWE-1249', + name: 'Application-Level Admin Tool with Inconsistent View of Underlying Operating System', + status: 'Incomplete', + }, + { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, + { + id: 'CWE-1250', + name: 'Improper Preservation of Consistency Between Independent Representations of Shared State', + status: 'Incomplete', + }, + { + id: 'CWE-1251', + name: 'Mirrored Regions with Different Values', + status: 'Incomplete', + }, + { + id: 'CWE-1252', + name: 'CPU Hardware Not Configured to Support Exclusivity of Write and Execute Operations', + status: 'Incomplete', + }, + { + id: 'CWE-1253', + name: 'Incorrect Selection of Fuse Values', + status: 'Draft', + }, + { + id: 'CWE-1254', + name: 'Incorrect Comparison Logic Granularity', + status: 'Draft', + }, + { + id: 'CWE-1256', + name: 'Hardware Features Enable Physical Attacks from Software', + status: 'Incomplete', + }, + { + id: 'CWE-1257', + name: 'Improper Access Control Applied to Mirrored or Aliased Memory Regions', + status: 'Incomplete', + }, + { + id: 'CWE-1258', + name: 'Sensitive Information Uncleared During Hardware Debug Flows', + status: 'Draft', + }, + { + id: 'CWE-1259', + name: 'Improper Protection of Security Identifiers', + status: 'Incomplete', + }, + { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, + { + id: 'CWE-1260', + name: 'Improper Handling of Overlap Between Protected Memory Ranges', + status: 'Draft', + }, + { + id: 'CWE-1261', + name: 'Improper Handling of Single Event Upsets', + status: 'Draft', + }, + { + id: 'CWE-1262', + name: 'Register Interface Allows Software Access to Sensitive Data or Security Settings', + status: 'Incomplete', + }, + { + id: 'CWE-1263', + name: 'Insufficient Physical Protection Mechanism', + status: 'Incomplete', + }, + { + id: 'CWE-1264', + name: 'Hardware Logic with Insecure De-Synchronization between Control and Data Channels', + status: 'Incomplete', + }, + { + id: 'CWE-1265', + name: 'Unintended Reentrant Invocation of Non-reentrant Code Via Nested Calls', + status: 'Draft', + }, + { + id: 'CWE-1266', + name: 'Improper Scrubbing of Sensitive Data from Decommissioned Device', + status: 'Incomplete', + }, + { id: 'CWE-1267', name: 'Policy Uses Obsolete Encoding', status: 'Draft' }, + { + id: 'CWE-1268', + name: 'Agents Included in Control Policy are not Contained in Less-Privileged Policy', + status: 'Draft', + }, + { + id: 'CWE-1269', + name: 'Product Released in Non-Release Configuration', + status: 'Incomplete', + }, + { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, + { + id: 'CWE-1270', + name: 'Generation of Incorrect Security Identifiers', + status: 'Incomplete', + }, + { + id: 'CWE-1271', + name: 'Missing Known Value on Reset for Registers Holding Security Settings', + status: 'Incomplete', + }, + { + id: 'CWE-1272', + name: 'Debug/Power State Transitions Leak Information', + status: 'Incomplete', + }, + { + id: 'CWE-1273', + name: 'Device Unlock Credential Sharing', + status: 'Incomplete', + }, + { + id: 'CWE-1274', + name: 'Insufficient Protections on the Volatile Memory Containing Boot Code', + status: 'Incomplete', + }, + { + id: 'CWE-1275', + name: 'Sensitive Cookie with Improper SameSite Attribute', + status: 'Incomplete', + }, + { + id: 'CWE-1276', + name: 'Hardware Block Incorrectly Connected to Larger System', + status: 'Incomplete', + }, + { id: 'CWE-1277', name: 'Firmware Not Updateable', status: 'Incomplete' }, + { + id: 'CWE-1278', + name: 'Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques', + status: 'Incomplete', + }, + { + id: 'CWE-1279', + name: 'Cryptographic Primitives used without Successful Self-Test', + status: 'Incomplete', + }, + { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, + { + id: 'CWE-1280', + name: 'Access Control Check Implemented After Asset is Accessed', + status: 'Incomplete', + }, + { + id: 'CWE-1281', + name: 'Sequence of Processor Instructions Leads to Unexpected Behavior (Halt and Catch Fire)', + status: 'Incomplete', + }, + { + id: 'CWE-1282', + name: 'Assumed-Immutable Data Stored in Writable Memory', + status: 'Incomplete', + }, + { + id: 'CWE-1283', + name: 'Mutable Attestation or Measurement Reporting Data', + status: 'Incomplete', + }, + { + id: 'CWE-1284', + name: 'Improper Validation of Specified Quantity in Input', + status: 'Incomplete', + }, + { + id: 'CWE-1285', + name: 'Improper Validation of Specified Index, Position, or Offset in Input', + status: 'Incomplete', + }, + { + id: 'CWE-1286', + name: 'Improper Validation of Syntactic Correctness of Input', + status: 'Incomplete', + }, + { + id: 'CWE-1287', + name: 'Improper Validation of Specified Type of Input', + status: 'Incomplete', + }, + { + id: 'CWE-1288', + name: 'Improper Validation of Consistency within Input', + status: 'Incomplete', + }, + { + id: 'CWE-1289', + name: 'Improper Validation of Unsafe Equivalence in Input', + status: 'Incomplete', + }, + { + id: 'CWE-129', + name: 'Improper Validation of Array Index', + status: 'Draft', + }, + { + id: 'CWE-13', + name: 'ASP.NET Misconfiguration: Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-130', + name: 'Improper Handling of Length Parameter Inconsistency', + status: 'Incomplete', + }, + { + id: 'CWE-131', + name: 'Incorrect Calculation of Buffer Size', + status: 'Draft', + }, + { + id: 'CWE-132', + name: 'DEPRECATED (Duplicate): Miscalculated Null Termination', + status: 'Deprecated', + }, + { + id: 'CWE-134', + name: 'Use of Externally-Controlled Format String', + status: 'Draft', + }, + { + id: 'CWE-135', + name: 'Incorrect Calculation of Multi-Byte String Length', + status: 'Draft', + }, + { + id: 'CWE-138', + name: 'Improper Neutralization of Special Elements', + status: 'Draft', + }, + { + id: 'CWE-14', + name: 'Compiler Removal of Code to Clear Buffers', + status: 'Draft', + }, + { + id: 'CWE-140', + name: 'Improper Neutralization of Delimiters', + status: 'Draft', + }, + { + id: 'CWE-141', + name: 'Improper Neutralization of Parameter/Argument Delimiters', + status: 'Draft', + }, + { + id: 'CWE-142', + name: 'Improper Neutralization of Value Delimiters', + status: 'Draft', + }, + { + id: 'CWE-143', + name: 'Improper Neutralization of Record Delimiters', + status: 'Draft', + }, + { + id: 'CWE-144', + name: 'Improper Neutralization of Line Delimiters', + status: 'Draft', + }, + { + id: 'CWE-145', + name: 'Improper Neutralization of Section Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-146', + name: 'Improper Neutralization of Expression/Command Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-147', + name: 'Improper Neutralization of Input Terminators', + status: 'Draft', + }, + { + id: 'CWE-148', + name: 'Improper Neutralization of Input Leaders', + status: 'Draft', + }, + { + id: 'CWE-149', + name: 'Improper Neutralization of Quoting Syntax', + status: 'Draft', + }, + { + id: 'CWE-15', + name: 'External Control of System or Configuration Setting', + status: 'Incomplete', + }, + { + id: 'CWE-150', + name: 'Improper Neutralization of Escape, Meta, or Control Sequences', + status: 'Incomplete', + }, + { + id: 'CWE-151', + name: 'Improper Neutralization of Comment Delimiters', + status: 'Draft', + }, + { + id: 'CWE-152', + name: 'Improper Neutralization of Macro Symbols', + status: 'Draft', + }, + { + id: 'CWE-153', + name: 'Improper Neutralization of Substitution Characters', + status: 'Draft', + }, + { + id: 'CWE-154', + name: 'Improper Neutralization of Variable Name Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-155', + name: 'Improper Neutralization of Wildcards or Matching Symbols', + status: 'Draft', + }, + { + id: 'CWE-156', + name: 'Improper Neutralization of Whitespace', + status: 'Draft', + }, + { + id: 'CWE-157', + name: 'Failure to Sanitize Paired Delimiters', + status: 'Draft', + }, + { + id: 'CWE-158', + name: 'Improper Neutralization of Null Byte or NUL Character', + status: 'Incomplete', + }, + { + id: 'CWE-159', + name: 'Improper Handling of Invalid Use of Special Elements', + status: 'Draft', + }, + { + id: 'CWE-160', + name: 'Improper Neutralization of Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-161', + name: 'Improper Neutralization of Multiple Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-162', + name: 'Improper Neutralization of Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-163', + name: 'Improper Neutralization of Multiple Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-164', + name: 'Improper Neutralization of Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-165', + name: 'Improper Neutralization of Multiple Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-166', + name: 'Improper Handling of Missing Special Element', + status: 'Draft', + }, + { + id: 'CWE-167', + name: 'Improper Handling of Additional Special Element', + status: 'Draft', + }, + { + id: 'CWE-168', + name: 'Improper Handling of Inconsistent Special Elements', + status: 'Draft', + }, + { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, + { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, + { + id: 'CWE-173', + name: 'Improper Handling of Alternate Encoding', + status: 'Draft', + }, + { + id: 'CWE-174', + name: 'Double Decoding of the Same Data', + status: 'Draft', + }, + { + id: 'CWE-175', + name: 'Improper Handling of Mixed Encoding', + status: 'Draft', + }, + { + id: 'CWE-176', + name: 'Improper Handling of Unicode Encoding', + status: 'Draft', + }, + { + id: 'CWE-177', + name: 'Improper Handling of URL Encoding (Hex Encoding)', + status: 'Draft', + }, + { + id: 'CWE-178', + name: 'Improper Handling of Case Sensitivity', + status: 'Incomplete', + }, + { + id: 'CWE-179', + name: 'Incorrect Behavior Order: Early Validation', + status: 'Incomplete', + }, + { + id: 'CWE-180', + name: 'Incorrect Behavior Order: Validate Before Canonicalize', + status: 'Draft', + }, + { + id: 'CWE-181', + name: 'Incorrect Behavior Order: Validate Before Filter', + status: 'Draft', + }, + { + id: 'CWE-182', + name: 'Collapse of Data into Unsafe Value', + status: 'Draft', + }, + { + id: 'CWE-183', + name: 'Permissive List of Allowed Inputs', + status: 'Draft', + }, + { + id: 'CWE-184', + name: 'Incomplete List of Disallowed Inputs', + status: 'Draft', + }, + { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, + { + id: 'CWE-186', + name: 'Overly Restrictive Regular Expression', + status: 'Draft', + }, + { id: 'CWE-187', name: 'Partial String Comparison', status: 'Incomplete' }, + { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, + { id: 'CWE-190', name: 'Integer Overflow or Wraparound', status: 'Stable' }, + { + id: 'CWE-191', + name: 'Integer Underflow (Wrap or Wraparound)', + status: 'Draft', + }, + { id: 'CWE-192', name: 'Integer Coercion Error', status: 'Incomplete' }, + { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, + { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, + { + id: 'CWE-195', + name: 'Signed to Unsigned Conversion Error', + status: 'Draft', + }, + { + id: 'CWE-196', + name: 'Unsigned to Signed Conversion Error', + status: 'Draft', + }, + { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, + { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, + { id: 'CWE-20', name: 'Improper Input Validation', status: 'Stable' }, + { + id: 'CWE-200', + name: 'Exposure of Sensitive Information to an Unauthorized Actor', + status: 'Draft', + }, + { + id: 'CWE-201', + name: 'Exposure of Sensitive Information Through Sent Data', + status: 'Draft', + }, + { + id: 'CWE-202', + name: 'Exposure of Sensitive Information Through Data Queries', + status: 'Draft', + }, + { id: 'CWE-203', name: 'Observable Discrepancy', status: 'Incomplete' }, + { + id: 'CWE-204', + name: 'Observable Response Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-205', + name: 'Observable Behavioral Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-206', + name: 'Observable Internal Behavioral Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-207', + name: 'Observable Behavioral Discrepancy With Equivalent Products', + status: 'Draft', + }, + { + id: 'CWE-208', + name: 'Observable Timing Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-209', + name: 'Generation of Error Message Containing Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-210', + name: 'Self-generated Error Message Containing Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-211', + name: 'Externally-Generated Error Message Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-212', + name: 'Improper Removal of Sensitive Information Before Storage or Transfer', + status: 'Incomplete', + }, + { + id: 'CWE-213', + name: 'Exposure of Sensitive Information Due to Incompatible Policies', + status: 'Draft', + }, + { + id: 'CWE-214', + name: 'Invocation of Process Using Visible Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-215', + name: 'Insertion of Sensitive Information Into Debugging Code', + status: 'Draft', + }, + { + id: 'CWE-216', + name: 'DEPRECATED: Containment Errors (Container Errors)', + status: 'Deprecated', + }, + { + id: 'CWE-217', + name: 'DEPRECATED: Failure to Protect Stored Data from Modification', + status: 'Deprecated', + }, + { + id: 'CWE-218', + name: 'DEPRECATED (Duplicate): Failure to provide confidentiality for stored data', + status: 'Deprecated', + }, + { + id: 'CWE-219', + name: 'Storage of File with Sensitive Data Under Web Root', + status: 'Draft', + }, + { + id: 'CWE-22', + name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + status: 'Stable', + }, + { + id: 'CWE-220', + name: 'Storage of File With Sensitive Data Under FTP Root', + status: 'Draft', + }, + { + id: 'CWE-221', + name: 'Information Loss or Omission', + status: 'Incomplete', + }, + { + id: 'CWE-222', + name: 'Truncation of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-223', + name: 'Omission of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-224', + name: 'Obscured Security-relevant Information by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-225', + name: 'DEPRECATED (Duplicate): General Information Management Problems', + status: 'Deprecated', + }, + { + id: 'CWE-226', + name: 'Sensitive Information Uncleared in Resource Before Release for Reuse', + status: 'Draft', + }, + { + id: 'CWE-228', + name: 'Improper Handling of Syntactically Invalid Structure', + status: 'Incomplete', + }, + { + id: 'CWE-229', + name: 'Improper Handling of Values', + status: 'Incomplete', + }, + { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, + { + id: 'CWE-230', + name: 'Improper Handling of Missing Values', + status: 'Draft', + }, + { + id: 'CWE-231', + name: 'Improper Handling of Extra Values', + status: 'Draft', + }, + { + id: 'CWE-232', + name: 'Improper Handling of Undefined Values', + status: 'Draft', + }, + { + id: 'CWE-233', + name: 'Improper Handling of Parameters', + status: 'Incomplete', + }, + { + id: 'CWE-234', + name: 'Failure to Handle Missing Parameter', + status: 'Incomplete', + }, + { + id: 'CWE-235', + name: 'Improper Handling of Extra Parameters', + status: 'Draft', + }, + { + id: 'CWE-236', + name: 'Improper Handling of Undefined Parameters', + status: 'Draft', + }, + { + id: 'CWE-237', + name: 'Improper Handling of Structural Elements', + status: 'Incomplete', + }, + { + id: 'CWE-238', + name: 'Improper Handling of Incomplete Structural Elements', + status: 'Draft', + }, + { + id: 'CWE-239', + name: 'Failure to Handle Incomplete Element', + status: 'Draft', + }, + { + id: 'CWE-24', + name: "Path Traversal: '../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-240', + name: 'Improper Handling of Inconsistent Structural Elements', + status: 'Draft', + }, + { + id: 'CWE-241', + name: 'Improper Handling of Unexpected Data Type', + status: 'Draft', + }, + { + id: 'CWE-242', + name: 'Use of Inherently Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-243', + name: 'Creation of chroot Jail Without Changing Working Directory', + status: 'Draft', + }, + { + id: 'CWE-244', + name: "Improper Clearing of Heap Memory Before Release ('Heap Inspection')", + status: 'Draft', + }, + { + id: 'CWE-245', + name: 'J2EE Bad Practices: Direct Management of Connections', + status: 'Draft', + }, + { + id: 'CWE-246', + name: 'J2EE Bad Practices: Direct Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-247', + name: 'DEPRECATED (Duplicate): Reliance on DNS Lookups in a Security Decision', + status: 'Deprecated', + }, + { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, + { + id: 'CWE-249', + name: 'DEPRECATED: Often Misused: Path Manipulation', + status: 'Deprecated', + }, + { + id: 'CWE-25', + name: "Path Traversal: '/../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-250', + name: 'Execution with Unnecessary Privileges', + status: 'Draft', + }, + { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, + { + id: 'CWE-253', + name: 'Incorrect Check of Function Return Value', + status: 'Incomplete', + }, + { + id: 'CWE-256', + name: 'Unprotected Storage of Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-257', + name: 'Storing Passwords in a Recoverable Format', + status: 'Incomplete', + }, + { + id: 'CWE-258', + name: 'Empty Password in Configuration File', + status: 'Incomplete', + }, + { id: 'CWE-259', name: 'Use of Hard-coded Password', status: 'Draft' }, + { + id: 'CWE-26', + name: "Path Traversal: '/dir/../filename'", + status: 'Draft', + }, + { + id: 'CWE-260', + name: 'Password in Configuration File', + status: 'Incomplete', + }, + { id: 'CWE-261', name: 'Weak Encoding for Password', status: 'Incomplete' }, + { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, + { + id: 'CWE-263', + name: 'Password Aging with Long Expiration', + status: 'Draft', + }, + { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, + { + id: 'CWE-267', + name: 'Privilege Defined With Unsafe Actions', + status: 'Incomplete', + }, + { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, + { id: 'CWE-269', name: 'Improper Privilege Management', status: 'Draft' }, + { + id: 'CWE-27', + name: "Path Traversal: 'dir/../../filename'", + status: 'Draft', + }, + { + id: 'CWE-270', + name: 'Privilege Context Switching Error', + status: 'Draft', + }, + { + id: 'CWE-271', + name: 'Privilege Dropping / Lowering Errors', + status: 'Incomplete', + }, + { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, + { + id: 'CWE-273', + name: 'Improper Check for Dropped Privileges', + status: 'Incomplete', + }, + { + id: 'CWE-274', + name: 'Improper Handling of Insufficient Privileges', + status: 'Draft', + }, + { id: 'CWE-276', name: 'Incorrect Default Permissions', status: 'Draft' }, + { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, + { + id: 'CWE-278', + name: 'Insecure Preserved Inherited Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-279', + name: 'Incorrect Execution-Assigned Permissions', + status: 'Draft', + }, + { + id: 'CWE-28', + name: "Path Traversal: '..\\filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-280', + name: 'Improper Handling of Insufficient Permissions or Privileges ', + status: 'Draft', + }, + { + id: 'CWE-281', + name: 'Improper Preservation of Permissions', + status: 'Draft', + }, + { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, + { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, + { id: 'CWE-284', name: 'Improper Access Control', status: 'Incomplete' }, + { id: 'CWE-285', name: 'Improper Authorization', status: 'Draft' }, + { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, + { id: 'CWE-287', name: 'Improper Authentication', status: 'Draft' }, + { + id: 'CWE-288', + name: 'Authentication Bypass Using an Alternate Path or Channel', + status: 'Incomplete', + }, + { + id: 'CWE-289', + name: 'Authentication Bypass by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-29', + name: "Path Traversal: '\\..\\filename'", + status: 'Incomplete', + }, + { + id: 'CWE-290', + name: 'Authentication Bypass by Spoofing', + status: 'Incomplete', + }, + { + id: 'CWE-291', + name: 'Reliance on IP Address for Authentication', + status: 'Incomplete', + }, + { + id: 'CWE-292', + name: 'DEPRECATED (Duplicate): Trusting Self-reported DNS Name', + status: 'Deprecated', + }, + { + id: 'CWE-293', + name: 'Using Referer Field for Authentication', + status: 'Draft', + }, + { + id: 'CWE-294', + name: 'Authentication Bypass by Capture-replay', + status: 'Incomplete', + }, + { id: 'CWE-295', name: 'Improper Certificate Validation', status: 'Draft' }, + { + id: 'CWE-296', + name: "Improper Following of a Certificate's Chain of Trust", + status: 'Draft', + }, + { + id: 'CWE-297', + name: 'Improper Validation of Certificate with Host Mismatch', + status: 'Incomplete', + }, + { + id: 'CWE-298', + name: 'Improper Validation of Certificate Expiration', + status: 'Draft', + }, + { + id: 'CWE-299', + name: 'Improper Check for Certificate Revocation', + status: 'Draft', + }, + { + id: 'CWE-30', + name: "Path Traversal: '\\dir\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-300', + name: 'Channel Accessible by Non-Endpoint', + status: 'Draft', + }, + { + id: 'CWE-301', + name: 'Reflection Attack in an Authentication Protocol', + status: 'Draft', + }, + { + id: 'CWE-302', + name: 'Authentication Bypass by Assumed-Immutable Data', + status: 'Incomplete', + }, + { + id: 'CWE-303', + name: 'Incorrect Implementation of Authentication Algorithm', + status: 'Draft', + }, + { + id: 'CWE-304', + name: 'Missing Critical Step in Authentication', + status: 'Draft', + }, + { + id: 'CWE-305', + name: 'Authentication Bypass by Primary Weakness', + status: 'Draft', + }, + { + id: 'CWE-306', + name: 'Missing Authentication for Critical Function', + status: 'Draft', + }, + { + id: 'CWE-307', + name: 'Improper Restriction of Excessive Authentication Attempts', + status: 'Draft', + }, + { + id: 'CWE-308', + name: 'Use of Single-factor Authentication', + status: 'Draft', + }, + { + id: 'CWE-309', + name: 'Use of Password System for Primary Authentication', + status: 'Draft', + }, + { + id: 'CWE-31', + name: "Path Traversal: 'dir\\..\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-311', + name: 'Missing Encryption of Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-312', + name: 'Cleartext Storage of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-313', + name: 'Cleartext Storage in a File or on Disk', + status: 'Draft', + }, + { + id: 'CWE-314', + name: 'Cleartext Storage in the Registry', + status: 'Draft', + }, + { + id: 'CWE-315', + name: 'Cleartext Storage of Sensitive Information in a Cookie', + status: 'Draft', + }, + { + id: 'CWE-316', + name: 'Cleartext Storage of Sensitive Information in Memory', + status: 'Draft', + }, + { + id: 'CWE-317', + name: 'Cleartext Storage of Sensitive Information in GUI', + status: 'Draft', + }, + { + id: 'CWE-318', + name: 'Cleartext Storage of Sensitive Information in Executable', + status: 'Draft', + }, + { + id: 'CWE-319', + name: 'Cleartext Transmission of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-32', + name: "Path Traversal: '...' (Triple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-321', + name: 'Use of Hard-coded Cryptographic Key', + status: 'Draft', + }, + { + id: 'CWE-322', + name: 'Key Exchange without Entity Authentication', + status: 'Draft', + }, + { + id: 'CWE-323', + name: 'Reusing a Nonce, Key Pair in Encryption', + status: 'Incomplete', + }, + { + id: 'CWE-324', + name: 'Use of a Key Past its Expiration Date', + status: 'Draft', + }, + { + id: 'CWE-325', + name: 'Missing Required Cryptographic Step', + status: 'Draft', + }, + { id: 'CWE-326', name: 'Inadequate Encryption Strength', status: 'Draft' }, + { + id: 'CWE-327', + name: 'Use of a Broken or Risky Cryptographic Algorithm', + status: 'Draft', + }, + { id: 'CWE-328', name: 'Reversible One-Way Hash', status: 'Draft' }, + { + id: 'CWE-329', + name: 'Not Using a Random IV with CBC Mode', + status: 'Draft', + }, + { + id: 'CWE-33', + name: "Path Traversal: '....' (Multiple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-330', + name: 'Use of Insufficiently Random Values', + status: 'Stable', + }, + { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, + { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, + { + id: 'CWE-333', + name: 'Improper Handling of Insufficient Entropy in TRNG', + status: 'Draft', + }, + { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, + { + id: 'CWE-335', + name: 'Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + }, + { + id: 'CWE-336', + name: 'Same Seed in Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + }, + { + id: 'CWE-337', + name: 'Predictable Seed in Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + }, + { + id: 'CWE-338', + name: 'Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + }, + { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, + { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, + { + id: 'CWE-340', + name: 'Generation of Predictable Numbers or Identifiers', + status: 'Incomplete', + }, + { + id: 'CWE-341', + name: 'Predictable from Observable State', + status: 'Draft', + }, + { + id: 'CWE-342', + name: 'Predictable Exact Value from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-343', + name: 'Predictable Value Range from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-344', + name: 'Use of Invariant Value in Dynamically Changing Context', + status: 'Draft', + }, + { + id: 'CWE-345', + name: 'Insufficient Verification of Data Authenticity', + status: 'Draft', + }, + { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, + { + id: 'CWE-347', + name: 'Improper Verification of Cryptographic Signature', + status: 'Draft', + }, + { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, + { + id: 'CWE-349', + name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', + status: 'Draft', + }, + { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, + { + id: 'CWE-350', + name: 'Reliance on Reverse DNS Resolution for a Security-Critical Action', + status: 'Draft', + }, + { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, + { + id: 'CWE-352', + name: 'Cross-Site Request Forgery (CSRF)', + status: 'Stable', + }, + { + id: 'CWE-353', + name: 'Missing Support for Integrity Check', + status: 'Draft', + }, + { + id: 'CWE-354', + name: 'Improper Validation of Integrity Check Value', + status: 'Draft', + }, + { + id: 'CWE-356', + name: 'Product UI does not Warn User of Unsafe Actions', + status: 'Incomplete', + }, + { + id: 'CWE-357', + name: 'Insufficient UI Warning of Dangerous Operations', + status: 'Draft', + }, + { + id: 'CWE-358', + name: 'Improperly Implemented Security Check for Standard', + status: 'Draft', + }, + { + id: 'CWE-359', + name: 'Exposure of Private Personal Information to an Unauthorized Actor', + status: 'Incomplete', + }, + { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, + { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, + { + id: 'CWE-362', + name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", + status: 'Draft', + }, + { + id: 'CWE-363', + name: 'Race Condition Enabling Link Following', + status: 'Draft', + }, + { + id: 'CWE-364', + name: 'Signal Handler Race Condition', + status: 'Incomplete', + }, + { id: 'CWE-365', name: 'Race Condition in Switch', status: 'Draft' }, + { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, + { + id: 'CWE-367', + name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', + status: 'Incomplete', + }, + { + id: 'CWE-368', + name: 'Context Switching Race Condition', + status: 'Draft', + }, + { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, + { + id: 'CWE-37', + name: "Path Traversal: '/absolute/pathname/here'", + status: 'Draft', + }, + { + id: 'CWE-370', + name: 'Missing Check for Certificate Revocation after Initial Check', + status: 'Draft', + }, + { + id: 'CWE-372', + name: 'Incomplete Internal State Distinction', + status: 'Draft', + }, + { + id: 'CWE-373', + name: 'DEPRECATED: State Synchronization Error', + status: 'Deprecated', + }, + { + id: 'CWE-374', + name: 'Passing Mutable Objects to an Untrusted Method', + status: 'Draft', + }, + { + id: 'CWE-375', + name: 'Returning a Mutable Object to an Untrusted Caller', + status: 'Draft', + }, + { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, + { + id: 'CWE-378', + name: 'Creation of Temporary File With Insecure Permissions', + status: 'Draft', + }, + { + id: 'CWE-379', + name: 'Creation of Temporary File in Directory with Insecure Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-38', + name: "Path Traversal: '\\absolute\\pathname\\here'", + status: 'Draft', + }, + { + id: 'CWE-382', + name: 'J2EE Bad Practices: Use of System.exit()', + status: 'Draft', + }, + { + id: 'CWE-383', + name: 'J2EE Bad Practices: Direct Use of Threads', + status: 'Draft', + }, + { id: 'CWE-384', name: 'Session Fixation', status: 'Incomplete' }, + { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, + { + id: 'CWE-386', + name: 'Symbolic Name not Mapping to Correct Object', + status: 'Draft', + }, + { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, + { + id: 'CWE-390', + name: 'Detection of Error Condition Without Action', + status: 'Draft', + }, + { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, + { + id: 'CWE-392', + name: 'Missing Report of Error Condition', + status: 'Draft', + }, + { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, + { + id: 'CWE-394', + name: 'Unexpected Status Code or Return Value', + status: 'Draft', + }, + { + id: 'CWE-395', + name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', + status: 'Draft', + }, + { + id: 'CWE-396', + name: 'Declaration of Catch for Generic Exception', + status: 'Draft', + }, + { + id: 'CWE-397', + name: 'Declaration of Throws for Generic Exception', + status: 'Draft', + }, + { + id: 'CWE-40', + name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", + status: 'Draft', + }, + { + id: 'CWE-400', + name: 'Uncontrolled Resource Consumption', + status: 'Draft', + }, + { + id: 'CWE-401', + name: 'Missing Release of Memory after Effective Lifetime', + status: 'Draft', + }, + { + id: 'CWE-402', + name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", + status: 'Draft', + }, + { + id: 'CWE-403', + name: "Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')", + status: 'Draft', + }, + { + id: 'CWE-404', + name: 'Improper Resource Shutdown or Release', + status: 'Draft', + }, + { + id: 'CWE-405', + name: 'Asymmetric Resource Consumption (Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-406', + name: 'Insufficient Control of Network Message Volume (Network Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-407', + name: 'Inefficient Algorithmic Complexity', + status: 'Incomplete', + }, + { + id: 'CWE-408', + name: 'Incorrect Behavior Order: Early Amplification', + status: 'Draft', + }, + { + id: 'CWE-409', + name: 'Improper Handling of Highly Compressed Data (Data Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-41', + name: 'Improper Resolution of Path Equivalence', + status: 'Incomplete', + }, + { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, + { + id: 'CWE-412', + name: 'Unrestricted Externally Accessible Lock', + status: 'Incomplete', + }, + { id: 'CWE-413', name: 'Improper Resource Locking', status: 'Draft' }, + { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, + { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, + { id: 'CWE-416', name: 'Use After Free', status: 'Stable' }, + { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, + { + id: 'CWE-42', + name: "Path Equivalence: 'filename.' (Trailing Dot)", + status: 'Incomplete', + }, + { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, + { + id: 'CWE-421', + name: 'Race Condition During Access to Alternate Channel', + status: 'Draft', + }, + { + id: 'CWE-422', + name: "Unprotected Windows Messaging Channel ('Shatter')", + status: 'Draft', + }, + { + id: 'CWE-423', + name: 'DEPRECATED (Duplicate): Proxied Trusted Channel', + status: 'Deprecated', + }, + { + id: 'CWE-424', + name: 'Improper Protection of Alternate Path', + status: 'Draft', + }, + { + id: 'CWE-425', + name: "Direct Request ('Forced Browsing')", + status: 'Incomplete', + }, + { id: 'CWE-426', name: 'Untrusted Search Path', status: 'Stable' }, + { + id: 'CWE-427', + name: 'Uncontrolled Search Path Element', + status: 'Draft', + }, + { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, + { + id: 'CWE-43', + name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-430', + name: 'Deployment of Wrong Handler', + status: 'Incomplete', + }, + { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, + { + id: 'CWE-432', + name: 'Dangerous Signal Handler not Disabled During Sensitive Operations', + status: 'Draft', + }, + { + id: 'CWE-433', + name: 'Unparsed Raw Web Content Delivery', + status: 'Incomplete', + }, + { + id: 'CWE-434', + name: 'Unrestricted Upload of File with Dangerous Type', + status: 'Draft', + }, + { + id: 'CWE-435', + name: 'Improper Interaction Between Multiple Correctly-Behaving Entities', + status: 'Draft', + }, + { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, + { + id: 'CWE-437', + name: 'Incomplete Model of Endpoint Features', + status: 'Incomplete', + }, + { + id: 'CWE-439', + name: 'Behavioral Change in New Version or Environment', + status: 'Draft', + }, + { + id: 'CWE-44', + name: "Path Equivalence: 'file.name' (Internal Dot)", + status: 'Incomplete', + }, + { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, + { + id: 'CWE-441', + name: "Unintended Proxy or Intermediary ('Confused Deputy')", + status: 'Draft', + }, + { + id: 'CWE-443', + name: 'DEPRECATED (Duplicate): HTTP response splitting', + status: 'Deprecated', + }, + { + id: 'CWE-444', + name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')", + status: 'Incomplete', + }, + { + id: 'CWE-446', + name: 'UI Discrepancy for Security Feature', + status: 'Incomplete', + }, + { + id: 'CWE-447', + name: 'Unimplemented or Unsupported Feature in UI', + status: 'Draft', + }, + { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, + { + id: 'CWE-449', + name: 'The UI Performs the Wrong Action', + status: 'Incomplete', + }, + { + id: 'CWE-45', + name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-450', + name: 'Multiple Interpretations of UI Input', + status: 'Draft', + }, + { + id: 'CWE-451', + name: 'User Interface (UI) Misrepresentation of Critical Information', + status: 'Draft', + }, + { + id: 'CWE-453', + name: 'Insecure Default Variable Initialization', + status: 'Draft', + }, + { + id: 'CWE-454', + name: 'External Initialization of Trusted Variables or Data Stores', + status: 'Draft', + }, + { + id: 'CWE-455', + name: 'Non-exit on Failed Initialization', + status: 'Draft', + }, + { + id: 'CWE-456', + name: 'Missing Initialization of a Variable', + status: 'Draft', + }, + { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, + { + id: 'CWE-458', + name: 'DEPRECATED: Incorrect Initialization', + status: 'Deprecated', + }, + { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, + { + id: 'CWE-46', + name: "Path Equivalence: 'filename ' (Trailing Space)", + status: 'Incomplete', + }, + { + id: 'CWE-460', + name: 'Improper Cleanup on Thrown Exception', + status: 'Draft', + }, + { + id: 'CWE-462', + name: 'Duplicate Key in Associative List (Alist)', + status: 'Incomplete', + }, + { + id: 'CWE-463', + name: 'Deletion of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-464', + name: 'Addition of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-466', + name: 'Return of Pointer Value Outside of Expected Range', + status: 'Draft', + }, + { + id: 'CWE-467', + name: 'Use of sizeof() on a Pointer Type', + status: 'Draft', + }, + { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, + { + id: 'CWE-469', + name: 'Use of Pointer Subtraction to Determine Size', + status: 'Draft', + }, + { + id: 'CWE-47', + name: "Path Equivalence: ' filename' (Leading Space)", + status: 'Incomplete', + }, + { + id: 'CWE-470', + name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", + status: 'Draft', + }, + { + id: 'CWE-471', + name: 'Modification of Assumed-Immutable Data (MAID)', + status: 'Draft', + }, + { + id: 'CWE-472', + name: 'External Control of Assumed-Immutable Web Parameter', + status: 'Draft', + }, + { + id: 'CWE-473', + name: 'PHP External Variable Modification', + status: 'Draft', + }, + { + id: 'CWE-474', + name: 'Use of Function with Inconsistent Implementations', + status: 'Draft', + }, + { + id: 'CWE-475', + name: 'Undefined Behavior for Input to API', + status: 'Incomplete', + }, + { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Stable' }, + { id: 'CWE-477', name: 'Use of Obsolete Function', status: 'Draft' }, + { + id: 'CWE-478', + name: 'Missing Default Case in Switch Statement', + status: 'Draft', + }, + { + id: 'CWE-479', + name: 'Signal Handler Use of a Non-reentrant Function', + status: 'Draft', + }, + { + id: 'CWE-48', + name: "Path Equivalence: 'file name' (Internal Whitespace)", + status: 'Incomplete', + }, + { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, + { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, + { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, + { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, + { + id: 'CWE-484', + name: 'Omitted Break Statement in Switch', + status: 'Draft', + }, + { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, + { + id: 'CWE-487', + name: 'Reliance on Package-level Scope', + status: 'Incomplete', + }, + { + id: 'CWE-488', + name: 'Exposure of Data Element to Wrong Session', + status: 'Draft', + }, + { id: 'CWE-489', name: 'Active Debug Code', status: 'Draft' }, + { + id: 'CWE-49', + name: "Path Equivalence: 'filename/' (Trailing Slash)", + status: 'Incomplete', + }, + { + id: 'CWE-491', + name: "Public cloneable() Method Without Final ('Object Hijack')", + status: 'Draft', + }, + { + id: 'CWE-492', + name: 'Use of Inner Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-493', + name: 'Critical Public Variable Without Final Modifier', + status: 'Draft', + }, + { + id: 'CWE-494', + name: 'Download of Code Without Integrity Check', + status: 'Draft', + }, + { + id: 'CWE-495', + name: 'Private Data Structure Returned From A Public Method', + status: 'Draft', + }, + { + id: 'CWE-496', + name: 'Public Data Assigned to Private Array-Typed Field', + status: 'Incomplete', + }, + { + id: 'CWE-497', + name: 'Exposure of Sensitive System Information to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-498', + name: 'Cloneable Class Containing Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-499', + name: 'Serializable Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-5', + name: 'J2EE Misconfiguration: Data Transmission Without Encryption', + status: 'Draft', + }, + { + id: 'CWE-50', + name: "Path Equivalence: '//multiple/leading/slash'", + status: 'Incomplete', + }, + { + id: 'CWE-500', + name: 'Public Static Field Not Marked Final', + status: 'Draft', + }, + { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, + { + id: 'CWE-502', + name: 'Deserialization of Untrusted Data', + status: 'Draft', + }, + { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, + { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, + { + id: 'CWE-508', + name: 'Non-Replicating Malicious Code', + status: 'Incomplete', + }, + { + id: 'CWE-509', + name: 'Replicating Malicious Code (Virus or Worm)', + status: 'Incomplete', + }, + { + id: 'CWE-51', + name: "Path Equivalence: '/multiple//internal/slash'", + status: 'Incomplete', + }, + { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, + { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, + { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, + { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, + { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, + { + id: 'CWE-516', + name: 'DEPRECATED (Duplicate): Covert Timing Channel', + status: 'Deprecated', + }, + { + id: 'CWE-52', + name: "Path Equivalence: '/multiple/trailing/slash//'", + status: 'Incomplete', + }, + { + id: 'CWE-520', + name: '.NET Misconfiguration: Use of Impersonation', + status: 'Incomplete', + }, + { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, + { + id: 'CWE-522', + name: 'Insufficiently Protected Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-523', + name: 'Unprotected Transport of Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-524', + name: 'Use of Cache Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-525', + name: 'Use of Web Browser Cache Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-526', + name: 'Exposure of Sensitive Information Through Environmental Variables', + status: 'Incomplete', + }, + { + id: 'CWE-527', + name: 'Exposure of Version-Control Repository to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-528', + name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', + status: 'Draft', + }, + { + id: 'CWE-529', + name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-53', + name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", + status: 'Incomplete', + }, + { + id: 'CWE-530', + name: 'Exposure of Backup File to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-531', + name: 'Inclusion of Sensitive Information in Test Code', + status: 'Incomplete', + }, + { + id: 'CWE-532', + name: 'Insertion of Sensitive Information into Log File', + status: 'Incomplete', + }, + { + id: 'CWE-533', + name: 'DEPRECATED: Information Exposure Through Server Log Files', + status: 'Deprecated', + }, + { + id: 'CWE-534', + name: 'DEPRECATED: Information Exposure Through Debug Log Files', + status: 'Deprecated', + }, + { + id: 'CWE-535', + name: 'Exposure of Information Through Shell Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-536', + name: 'Servlet Runtime Error Message Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-537', + name: 'Java Runtime Error Message Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-538', + name: 'Insertion of Sensitive Information into Externally-Accessible File or Directory', + status: 'Draft', + }, + { + id: 'CWE-539', + name: 'Use of Persistent Cookies Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-54', + name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", + status: 'Incomplete', + }, + { + id: 'CWE-540', + name: 'Inclusion of Sensitive Information in Source Code', + status: 'Incomplete', + }, + { + id: 'CWE-541', + name: 'Inclusion of Sensitive Information in an Include File', + status: 'Incomplete', + }, + { + id: 'CWE-542', + name: 'DEPRECATED: Information Exposure Through Cleanup Log Files', + status: 'Deprecated', + }, + { + id: 'CWE-543', + name: 'Use of Singleton Pattern Without Synchronization in a Multithreaded Context', + status: 'Incomplete', + }, + { + id: 'CWE-544', + name: 'Missing Standardized Error Handling Mechanism', + status: 'Draft', + }, + { + id: 'CWE-545', + name: 'DEPRECATED: Use of Dynamic Class Loading', + status: 'Deprecated', + }, + { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, + { + id: 'CWE-547', + name: 'Use of Hard-coded, Security-relevant Constants', + status: 'Draft', + }, + { + id: 'CWE-548', + name: 'Exposure of Information Through Directory Listing', + status: 'Draft', + }, + { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, + { + id: 'CWE-55', + name: "Path Equivalence: '/./' (Single Dot Directory)", + status: 'Incomplete', + }, + { + id: 'CWE-550', + name: 'Server-generated Error Message Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-551', + name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', + status: 'Incomplete', + }, + { + id: 'CWE-552', + name: 'Files or Directories Accessible to External Parties', + status: 'Draft', + }, + { + id: 'CWE-553', + name: 'Command Shell in Externally Accessible Directory', + status: 'Incomplete', + }, + { + id: 'CWE-554', + name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', + status: 'Draft', + }, + { + id: 'CWE-555', + name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-556', + name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', + status: 'Incomplete', + }, + { + id: 'CWE-558', + name: 'Use of getlogin() in Multithreaded Application', + status: 'Draft', + }, + { + id: 'CWE-56', + name: "Path Equivalence: 'filedir*' (Wildcard)", + status: 'Incomplete', + }, + { + id: 'CWE-560', + name: 'Use of umask() with chmod-style Argument', + status: 'Draft', + }, + { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, + { + id: 'CWE-562', + name: 'Return of Stack Variable Address', + status: 'Draft', + }, + { + id: 'CWE-563', + name: 'Assignment to Variable without Use', + status: 'Draft', + }, + { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, + { + id: 'CWE-565', + name: 'Reliance on Cookies without Validation and Integrity Checking', + status: 'Incomplete', + }, + { + id: 'CWE-566', + name: 'Authorization Bypass Through User-Controlled SQL Primary Key', + status: 'Incomplete', + }, + { + id: 'CWE-567', + name: 'Unsynchronized Access to Shared Data in a Multithreaded Context', + status: 'Draft', + }, + { + id: 'CWE-568', + name: 'finalize() Method Without super.finalize()', + status: 'Draft', + }, + { + id: 'CWE-57', + name: "Path Equivalence: 'fakedir/../realdir/filename'", + status: 'Incomplete', + }, + { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, + { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, + { + id: 'CWE-572', + name: 'Call to Thread run() instead of start()', + status: 'Draft', + }, + { + id: 'CWE-573', + name: 'Improper Following of Specification by Caller', + status: 'Draft', + }, + { + id: 'CWE-574', + name: 'EJB Bad Practices: Use of Synchronization Primitives', + status: 'Draft', + }, + { + id: 'CWE-575', + name: 'EJB Bad Practices: Use of AWT Swing', + status: 'Draft', + }, + { + id: 'CWE-576', + name: 'EJB Bad Practices: Use of Java I/O', + status: 'Draft', + }, + { + id: 'CWE-577', + name: 'EJB Bad Practices: Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-578', + name: 'EJB Bad Practices: Use of Class Loader', + status: 'Draft', + }, + { + id: 'CWE-579', + name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', + status: 'Draft', + }, + { + id: 'CWE-58', + name: 'Path Equivalence: Windows 8.3 Filename', + status: 'Incomplete', + }, + { + id: 'CWE-580', + name: 'clone() Method Without super.clone()', + status: 'Draft', + }, + { + id: 'CWE-581', + name: 'Object Model Violation: Just One of Equals and Hashcode Defined', + status: 'Draft', + }, + { + id: 'CWE-582', + name: 'Array Declared Public, Final, and Static', + status: 'Draft', + }, + { + id: 'CWE-583', + name: 'finalize() Method Declared Public', + status: 'Incomplete', + }, + { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, + { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, + { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, + { + id: 'CWE-587', + name: 'Assignment of a Fixed Address to a Pointer', + status: 'Draft', + }, + { + id: 'CWE-588', + name: 'Attempt to Access Child of a Non-structure Pointer', + status: 'Incomplete', + }, + { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, + { + id: 'CWE-59', + name: "Improper Link Resolution Before File Access ('Link Following')", + status: 'Draft', + }, + { + id: 'CWE-590', + name: 'Free of Memory not on the Heap', + status: 'Incomplete', + }, + { + id: 'CWE-591', + name: 'Sensitive Data Storage in Improperly Locked Memory', + status: 'Draft', + }, + { + id: 'CWE-592', + name: 'DEPRECATED: Authentication Bypass Issues', + status: 'Deprecated', + }, + { + id: 'CWE-593', + name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', + status: 'Draft', + }, + { + id: 'CWE-594', + name: 'J2EE Framework: Saving Unserializable Objects to Disk', + status: 'Incomplete', + }, + { + id: 'CWE-595', + name: 'Comparison of Object References Instead of Object Contents', + status: 'Incomplete', + }, + { + id: 'CWE-596', + name: 'DEPRECATED: Incorrect Semantic Object Comparison', + status: 'Deprecated', + }, + { + id: 'CWE-597', + name: 'Use of Wrong Operator in String Comparison', + status: 'Draft', + }, + { + id: 'CWE-598', + name: 'Use of GET Request Method With Sensitive Query Strings', + status: 'Draft', + }, + { + id: 'CWE-599', + name: 'Missing Validation of OpenSSL Certificate', + status: 'Incomplete', + }, + { + id: 'CWE-6', + name: 'J2EE Misconfiguration: Insufficient Session-ID Length', + status: 'Incomplete', + }, + { id: 'CWE-600', name: 'Uncaught Exception in Servlet ', status: 'Draft' }, + { + id: 'CWE-601', + name: "URL Redirection to Untrusted Site ('Open Redirect')", + status: 'Draft', + }, + { + id: 'CWE-602', + name: 'Client-Side Enforcement of Server-Side Security', + status: 'Draft', + }, + { + id: 'CWE-603', + name: 'Use of Client-Side Authentication', + status: 'Draft', + }, + { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, + { + id: 'CWE-606', + name: 'Unchecked Input for Loop Condition', + status: 'Draft', + }, + { + id: 'CWE-607', + name: 'Public Static Final Field References Mutable Object', + status: 'Draft', + }, + { + id: 'CWE-608', + name: 'Struts: Non-private Field in ActionForm Class', + status: 'Draft', + }, + { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, + { + id: 'CWE-61', + name: 'UNIX Symbolic Link (Symlink) Following', + status: 'Incomplete', + }, + { + id: 'CWE-610', + name: 'Externally Controlled Reference to a Resource in Another Sphere', + status: 'Draft', + }, + { + id: 'CWE-611', + name: 'Improper Restriction of XML External Entity Reference', + status: 'Draft', + }, + { + id: 'CWE-612', + name: 'Improper Authorization of Index Containing Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-613', + name: 'Insufficient Session Expiration', + status: 'Incomplete', + }, + { + id: 'CWE-614', + name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", + status: 'Draft', + }, + { + id: 'CWE-615', + name: 'Inclusion of Sensitive Information in Source Code Comments', + status: 'Incomplete', + }, + { + id: 'CWE-616', + name: 'Incomplete Identification of Uploaded File Variables (PHP)', + status: 'Incomplete', + }, + { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, + { + id: 'CWE-618', + name: 'Exposed Unsafe ActiveX Method', + status: 'Incomplete', + }, + { + id: 'CWE-619', + name: "Dangling Database Cursor ('Cursor Injection')", + status: 'Incomplete', + }, + { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, + { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, + { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, + { + id: 'CWE-622', + name: 'Improper Validation of Function Hook Arguments', + status: 'Draft', + }, + { + id: 'CWE-623', + name: 'Unsafe ActiveX Control Marked Safe For Scripting', + status: 'Draft', + }, + { + id: 'CWE-624', + name: 'Executable Regular Expression Error', + status: 'Incomplete', + }, + { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, + { + id: 'CWE-626', + name: 'Null Byte Interaction Error (Poison Null Byte)', + status: 'Draft', + }, + { + id: 'CWE-627', + name: 'Dynamic Variable Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-628', + name: 'Function Call with Incorrectly Specified Arguments', + status: 'Draft', + }, + { + id: 'CWE-636', + name: "Not Failing Securely ('Failing Open')", + status: 'Draft', + }, + { + id: 'CWE-637', + name: "Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')", + status: 'Draft', + }, + { id: 'CWE-638', name: 'Not Using Complete Mediation', status: 'Draft' }, + { + id: 'CWE-639', + name: 'Authorization Bypass Through User-Controlled Key', + status: 'Incomplete', + }, + { + id: 'CWE-64', + name: 'Windows Shortcut Following (.LNK)', + status: 'Incomplete', + }, + { + id: 'CWE-640', + name: 'Weak Password Recovery Mechanism for Forgotten Password', + status: 'Incomplete', + }, + { + id: 'CWE-641', + name: 'Improper Restriction of Names for Files and Other Resources', + status: 'Incomplete', + }, + { + id: 'CWE-642', + name: 'External Control of Critical State Data', + status: 'Draft', + }, + { + id: 'CWE-643', + name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-644', + name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', + status: 'Incomplete', + }, + { + id: 'CWE-645', + name: 'Overly Restrictive Account Lockout Mechanism', + status: 'Incomplete', + }, + { + id: 'CWE-646', + name: 'Reliance on File Name or Extension of Externally-Supplied File', + status: 'Incomplete', + }, + { + id: 'CWE-647', + name: 'Use of Non-Canonical URL Paths for Authorization Decisions', + status: 'Incomplete', + }, + { + id: 'CWE-648', + name: 'Incorrect Use of Privileged APIs', + status: 'Incomplete', + }, + { + id: 'CWE-649', + name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', + status: 'Incomplete', + }, + { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, + { + id: 'CWE-650', + name: 'Trusting HTTP Permission Methods on the Server Side', + status: 'Incomplete', + }, + { + id: 'CWE-651', + name: 'Exposure of WSDL File Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-652', + name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-653', + name: 'Insufficient Compartmentalization', + status: 'Draft', + }, + { + id: 'CWE-654', + name: 'Reliance on a Single Factor in a Security Decision', + status: 'Draft', + }, + { + id: 'CWE-655', + name: 'Insufficient Psychological Acceptability', + status: 'Draft', + }, + { + id: 'CWE-656', + name: 'Reliance on Security Through Obscurity', + status: 'Draft', + }, + { + id: 'CWE-657', + name: 'Violation of Secure Design Principles', + status: 'Draft', + }, + { + id: 'CWE-66', + name: 'Improper Handling of File Names that Identify Virtual Resources', + status: 'Draft', + }, + { id: 'CWE-662', name: 'Improper Synchronization', status: 'Draft' }, + { + id: 'CWE-663', + name: 'Use of a Non-reentrant Function in a Concurrent Context', + status: 'Draft', + }, + { + id: 'CWE-664', + name: 'Improper Control of a Resource Through its Lifetime', + status: 'Draft', + }, + { id: 'CWE-665', name: 'Improper Initialization', status: 'Draft' }, + { + id: 'CWE-666', + name: 'Operation on Resource in Wrong Phase of Lifetime', + status: 'Draft', + }, + { id: 'CWE-667', name: 'Improper Locking', status: 'Draft' }, + { + id: 'CWE-668', + name: 'Exposure of Resource to Wrong Sphere', + status: 'Draft', + }, + { + id: 'CWE-669', + name: 'Incorrect Resource Transfer Between Spheres', + status: 'Draft', + }, + { + id: 'CWE-67', + name: 'Improper Handling of Windows Device Names', + status: 'Incomplete', + }, + { + id: 'CWE-670', + name: 'Always-Incorrect Control Flow Implementation', + status: 'Draft', + }, + { + id: 'CWE-671', + name: 'Lack of Administrator Control over Security', + status: 'Draft', + }, + { + id: 'CWE-672', + name: 'Operation on a Resource after Expiration or Release', + status: 'Draft', + }, + { + id: 'CWE-673', + name: 'External Influence of Sphere Definition', + status: 'Draft', + }, + { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, + { + id: 'CWE-675', + name: 'Duplicate Operations on Resource', + status: 'Draft', + }, + { + id: 'CWE-676', + name: 'Use of Potentially Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-680', + name: 'Integer Overflow to Buffer Overflow', + status: 'Draft', + }, + { + id: 'CWE-681', + name: 'Incorrect Conversion between Numeric Types', + status: 'Draft', + }, + { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, + { + id: 'CWE-683', + name: 'Function Call With Incorrect Order of Arguments', + status: 'Draft', + }, + { + id: 'CWE-684', + name: 'Incorrect Provision of Specified Functionality', + status: 'Draft', + }, + { + id: 'CWE-685', + name: 'Function Call With Incorrect Number of Arguments', + status: 'Draft', + }, + { + id: 'CWE-686', + name: 'Function Call With Incorrect Argument Type', + status: 'Draft', + }, + { + id: 'CWE-687', + name: 'Function Call With Incorrectly Specified Argument Value', + status: 'Draft', + }, + { + id: 'CWE-688', + name: 'Function Call With Incorrect Variable or Reference as Argument', + status: 'Draft', + }, + { + id: 'CWE-689', + name: 'Permission Race Condition During Resource Copy', + status: 'Draft', + }, + { + id: 'CWE-69', + name: 'Improper Handling of Windows ::DATA Alternate Data Stream', + status: 'Incomplete', + }, + { + id: 'CWE-690', + name: 'Unchecked Return Value to NULL Pointer Dereference', + status: 'Draft', + }, + { + id: 'CWE-691', + name: 'Insufficient Control Flow Management', + status: 'Draft', + }, + { + id: 'CWE-692', + name: 'Incomplete Denylist to Cross-Site Scripting', + status: 'Draft', + }, + { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, + { + id: 'CWE-694', + name: 'Use of Multiple Resources with Duplicate Identifier', + status: 'Incomplete', + }, + { + id: 'CWE-695', + name: 'Use of Low-Level Functionality', + status: 'Incomplete', + }, + { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, + { id: 'CWE-697', name: 'Incorrect Comparison', status: 'Incomplete' }, + { + id: 'CWE-698', + name: 'Execution After Redirect (EAR)', + status: 'Incomplete', + }, + { + id: 'CWE-7', + name: 'J2EE Misconfiguration: Missing Custom Error Page', + status: 'Incomplete', + }, + { + id: 'CWE-703', + name: 'Improper Check or Handling of Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-704', + name: 'Incorrect Type Conversion or Cast', + status: 'Incomplete', + }, + { + id: 'CWE-705', + name: 'Incorrect Control Flow Scoping', + status: 'Incomplete', + }, + { + id: 'CWE-706', + name: 'Use of Incorrectly-Resolved Name or Reference', + status: 'Incomplete', + }, + { id: 'CWE-707', name: 'Improper Neutralization', status: 'Incomplete' }, + { + id: 'CWE-708', + name: 'Incorrect Ownership Assignment', + status: 'Incomplete', + }, + { + id: 'CWE-71', + name: "DEPRECATED: Apple '.DS_Store'", + status: 'Deprecated', + }, + { + id: 'CWE-710', + name: 'Improper Adherence to Coding Standards', + status: 'Incomplete', + }, + { + id: 'CWE-72', + name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', + status: 'Incomplete', + }, + { + id: 'CWE-73', + name: 'External Control of File Name or Path', + status: 'Draft', + }, + { + id: 'CWE-732', + name: 'Incorrect Permission Assignment for Critical Resource', + status: 'Draft', + }, + { + id: 'CWE-733', + name: 'Compiler Optimization Removal or Modification of Security-critical Code', + status: 'Incomplete', + }, + { + id: 'CWE-74', + name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-749', + name: 'Exposed Dangerous Method or Function', + status: 'Incomplete', + }, + { + id: 'CWE-75', + name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', + status: 'Draft', + }, + { + id: 'CWE-754', + name: 'Improper Check for Unusual or Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-755', + name: 'Improper Handling of Exceptional Conditions', + status: 'Incomplete', + }, + { id: 'CWE-756', name: 'Missing Custom Error Page', status: 'Incomplete' }, + { + id: 'CWE-757', + name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", + status: 'Incomplete', + }, + { + id: 'CWE-758', + name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', + status: 'Incomplete', + }, + { + id: 'CWE-759', + name: 'Use of a One-Way Hash without a Salt', + status: 'Incomplete', + }, + { + id: 'CWE-76', + name: 'Improper Neutralization of Equivalent Special Elements', + status: 'Draft', + }, + { + id: 'CWE-760', + name: 'Use of a One-Way Hash with a Predictable Salt', + status: 'Incomplete', + }, + { + id: 'CWE-761', + name: 'Free of Pointer not at Start of Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-762', + name: 'Mismatched Memory Management Routines', + status: 'Incomplete', + }, + { + id: 'CWE-763', + name: 'Release of Invalid Pointer or Reference', + status: 'Incomplete', + }, + { + id: 'CWE-764', + name: 'Multiple Locks of a Critical Resource', + status: 'Incomplete', + }, + { + id: 'CWE-765', + name: 'Multiple Unlocks of a Critical Resource', + status: 'Incomplete', + }, + { + id: 'CWE-766', + name: 'Critical Data Element Declared Public', + status: 'Incomplete', + }, + { + id: 'CWE-767', + name: 'Access to Critical Private Variable via Public Method', + status: 'Incomplete', + }, + { + id: 'CWE-768', + name: 'Incorrect Short Circuit Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-769', + name: 'DEPRECATED: Uncontrolled File Descriptor Consumption', + status: 'Deprecated', + }, + { + id: 'CWE-77', + name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", + status: 'Draft', + }, + { + id: 'CWE-770', + name: 'Allocation of Resources Without Limits or Throttling', + status: 'Incomplete', + }, + { + id: 'CWE-771', + name: 'Missing Reference to Active Allocated Resource', + status: 'Incomplete', + }, + { + id: 'CWE-772', + name: 'Missing Release of Resource after Effective Lifetime', + status: 'Draft', + }, + { + id: 'CWE-773', + name: 'Missing Reference to Active File Descriptor or Handle', + status: 'Incomplete', + }, + { + id: 'CWE-774', + name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', + status: 'Incomplete', + }, + { + id: 'CWE-775', + name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-776', + name: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", + status: 'Draft', + }, + { + id: 'CWE-777', + name: 'Regular Expression without Anchors', + status: 'Incomplete', + }, + { id: 'CWE-778', name: 'Insufficient Logging', status: 'Draft' }, + { id: 'CWE-779', name: 'Logging of Excessive Data', status: 'Draft' }, + { + id: 'CWE-78', + name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", + status: 'Stable', + }, + { + id: 'CWE-780', + name: 'Use of RSA Algorithm without OAEP', + status: 'Incomplete', + }, + { + id: 'CWE-781', + name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', + status: 'Draft', + }, + { + id: 'CWE-782', + name: 'Exposed IOCTL with Insufficient Access Control', + status: 'Draft', + }, + { id: 'CWE-783', name: 'Operator Precedence Logic Error', status: 'Draft' }, + { + id: 'CWE-784', + name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', + status: 'Draft', + }, + { + id: 'CWE-785', + name: 'Use of Path Manipulation Function without Maximum-sized Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-786', + name: 'Access of Memory Location Before Start of Buffer', + status: 'Incomplete', + }, + { id: 'CWE-787', name: 'Out-of-bounds Write', status: 'Draft' }, + { + id: 'CWE-788', + name: 'Access of Memory Location After End of Buffer', + status: 'Incomplete', + }, + { id: 'CWE-789', name: 'Uncontrolled Memory Allocation', status: 'Draft' }, + { + id: 'CWE-79', + name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + status: 'Stable', + }, + { + id: 'CWE-790', + name: 'Improper Filtering of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-791', + name: 'Incomplete Filtering of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-792', + name: 'Incomplete Filtering of One or More Instances of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-793', + name: 'Only Filtering One Instance of a Special Element', + status: 'Incomplete', + }, + { + id: 'CWE-794', + name: 'Incomplete Filtering of Multiple Instances of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-795', + name: 'Only Filtering Special Elements at a Specified Location', + status: 'Incomplete', + }, + { + id: 'CWE-796', + name: 'Only Filtering Special Elements Relative to a Marker', + status: 'Incomplete', + }, + { + id: 'CWE-797', + name: 'Only Filtering Special Elements at an Absolute Position', + status: 'Incomplete', + }, + { id: 'CWE-798', name: 'Use of Hard-coded Credentials', status: 'Draft' }, + { + id: 'CWE-799', + name: 'Improper Control of Interaction Frequency', + status: 'Incomplete', + }, + { + id: 'CWE-8', + name: 'J2EE Misconfiguration: Entity Bean Declared Remote', + status: 'Incomplete', + }, + { + id: 'CWE-80', + name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', + status: 'Incomplete', + }, + { id: 'CWE-804', name: 'Guessable CAPTCHA', status: 'Incomplete' }, + { + id: 'CWE-805', + name: 'Buffer Access with Incorrect Length Value', + status: 'Incomplete', + }, + { + id: 'CWE-806', + name: 'Buffer Access Using Size of Source Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-807', + name: 'Reliance on Untrusted Inputs in a Security Decision', + status: 'Incomplete', + }, + { + id: 'CWE-81', + name: 'Improper Neutralization of Script in an Error Message Web Page', + status: 'Incomplete', + }, + { + id: 'CWE-82', + name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', + status: 'Incomplete', + }, + { id: 'CWE-820', name: 'Missing Synchronization', status: 'Incomplete' }, + { id: 'CWE-821', name: 'Incorrect Synchronization', status: 'Incomplete' }, + { + id: 'CWE-822', + name: 'Untrusted Pointer Dereference', + status: 'Incomplete', + }, + { + id: 'CWE-823', + name: 'Use of Out-of-range Pointer Offset', + status: 'Incomplete', + }, + { + id: 'CWE-824', + name: 'Access of Uninitialized Pointer', + status: 'Incomplete', + }, + { + id: 'CWE-825', + name: 'Expired Pointer Dereference', + status: 'Incomplete', + }, + { + id: 'CWE-826', + name: 'Premature Release of Resource During Expected Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-827', + name: 'Improper Control of Document Type Definition', + status: 'Incomplete', + }, + { + id: 'CWE-828', + name: 'Signal Handler with Functionality that is not Asynchronous-Safe', + status: 'Incomplete', + }, + { + id: 'CWE-829', + name: 'Inclusion of Functionality from Untrusted Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-83', + name: 'Improper Neutralization of Script in Attributes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-830', + name: 'Inclusion of Web Functionality from an Untrusted Source', + status: 'Incomplete', + }, + { + id: 'CWE-831', + name: 'Signal Handler Function Associated with Multiple Signals', + status: 'Incomplete', + }, + { + id: 'CWE-832', + name: 'Unlock of a Resource that is not Locked', + status: 'Incomplete', + }, + { id: 'CWE-833', name: 'Deadlock', status: 'Incomplete' }, + { id: 'CWE-834', name: 'Excessive Iteration', status: 'Incomplete' }, + { + id: 'CWE-835', + name: "Loop with Unreachable Exit Condition ('Infinite Loop')", + status: 'Incomplete', + }, + { + id: 'CWE-836', + name: 'Use of Password Hash Instead of Password for Authentication', + status: 'Incomplete', + }, + { + id: 'CWE-837', + name: 'Improper Enforcement of a Single, Unique Action', + status: 'Incomplete', + }, + { + id: 'CWE-838', + name: 'Inappropriate Encoding for Output Context', + status: 'Incomplete', + }, + { + id: 'CWE-839', + name: 'Numeric Range Comparison Without Minimum Check', + status: 'Incomplete', + }, + { + id: 'CWE-84', + name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-841', + name: 'Improper Enforcement of Behavioral Workflow', + status: 'Incomplete', + }, + { + id: 'CWE-842', + name: 'Placement of User into Incorrect Group', + status: 'Incomplete', + }, + { + id: 'CWE-843', + name: "Access of Resource Using Incompatible Type ('Type Confusion')", + status: 'Incomplete', + }, + { + id: 'CWE-85', + name: 'Doubled Character XSS Manipulations', + status: 'Draft', + }, + { + id: 'CWE-86', + name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', + status: 'Draft', + }, + { id: 'CWE-862', name: 'Missing Authorization', status: 'Incomplete' }, + { id: 'CWE-863', name: 'Incorrect Authorization', status: 'Incomplete' }, + { + id: 'CWE-87', + name: 'Improper Neutralization of Alternate XSS Syntax', + status: 'Draft', + }, + { + id: 'CWE-88', + name: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", + status: 'Draft', + }, + { + id: 'CWE-89', + name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + status: 'Stable', + }, + { + id: 'CWE-9', + name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', + status: 'Draft', + }, + { + id: 'CWE-90', + name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", + status: 'Draft', + }, + { + id: 'CWE-908', + name: 'Use of Uninitialized Resource', + status: 'Incomplete', + }, + { + id: 'CWE-909', + name: 'Missing Initialization of Resource', + status: 'Incomplete', + }, + { + id: 'CWE-91', + name: 'XML Injection (aka Blind XPath Injection)', + status: 'Draft', + }, + { + id: 'CWE-910', + name: 'Use of Expired File Descriptor', + status: 'Incomplete', + }, + { + id: 'CWE-911', + name: 'Improper Update of Reference Count', + status: 'Incomplete', + }, + { id: 'CWE-912', name: 'Hidden Functionality', status: 'Incomplete' }, + { + id: 'CWE-913', + name: 'Improper Control of Dynamically-Managed Code Resources', + status: 'Incomplete', + }, + { + id: 'CWE-914', + name: 'Improper Control of Dynamically-Identified Variables', + status: 'Incomplete', + }, + { + id: 'CWE-915', + name: 'Improperly Controlled Modification of Dynamically-Determined Object Attributes', + status: 'Incomplete', + }, + { + id: 'CWE-916', + name: 'Use of Password Hash With Insufficient Computational Effort', + status: 'Incomplete', + }, + { + id: 'CWE-917', + name: "Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-918', + name: 'Server-Side Request Forgery (SSRF)', + status: 'Incomplete', + }, + { + id: 'CWE-92', + name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', + status: 'Deprecated', + }, + { + id: 'CWE-920', + name: 'Improper Restriction of Power Consumption', + status: 'Incomplete', + }, + { + id: 'CWE-921', + name: 'Storage of Sensitive Data in a Mechanism without Access Control', + status: 'Incomplete', + }, + { + id: 'CWE-922', + name: 'Insecure Storage of Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-923', + name: 'Improper Restriction of Communication Channel to Intended Endpoints', + status: 'Incomplete', + }, + { + id: 'CWE-924', + name: 'Improper Enforcement of Message Integrity During Transmission in a Communication Channel', + status: 'Incomplete', + }, + { + id: 'CWE-925', + name: 'Improper Verification of Intent by Broadcast Receiver', + status: 'Incomplete', + }, + { + id: 'CWE-926', + name: 'Improper Export of Android Application Components', + status: 'Incomplete', + }, + { + id: 'CWE-927', + name: 'Use of Implicit Intent for Sensitive Communication', + status: 'Incomplete', + }, + { + id: 'CWE-93', + name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", + status: 'Draft', + }, + { + id: 'CWE-939', + name: 'Improper Authorization in Handler for Custom URL Scheme', + status: 'Incomplete', + }, + { + id: 'CWE-94', + name: "Improper Control of Generation of Code ('Code Injection')", + status: 'Draft', + }, + { + id: 'CWE-940', + name: 'Improper Verification of Source of a Communication Channel', + status: 'Incomplete', + }, + { + id: 'CWE-941', + name: 'Incorrectly Specified Destination in a Communication Channel', + status: 'Incomplete', + }, + { + id: 'CWE-942', + name: 'Permissive Cross-domain Policy with Untrusted Domains', + status: 'Incomplete', + }, + { + id: 'CWE-943', + name: 'Improper Neutralization of Special Elements in Data Query Logic', + status: 'Incomplete', + }, + { + id: 'CWE-95', + name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-96', + name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", + status: 'Draft', + }, + { + id: 'CWE-97', + name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', + status: 'Draft', + }, + { + id: 'CWE-98', + name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", + status: 'Draft', + }, + { + id: 'CWE-99', + name: "Improper Control of Resource Identifiers ('Resource Injection')", + status: 'Draft', + }, + ], +} diff --git a/lib/cwec/4.10.js b/lib/cwec/4.10.js new file mode 100644 index 00000000..8029f8f1 --- /dev/null +++ b/lib/cwec/4.10.js @@ -0,0 +1,4167 @@ +export default { + date: '2023-01-31', + weaknesses: [ + { + id: 'CWE-1004', + name: "Sensitive Cookie Without 'HttpOnly' Flag", + status: 'Incomplete', + }, + { + id: 'CWE-1007', + name: 'Insufficient Visual Distinction of Homoglyphs Presented to User', + status: 'Incomplete', + }, + { + id: 'CWE-102', + name: 'Struts: Duplicate Validation Forms', + status: 'Incomplete', + }, + { + id: 'CWE-1021', + name: 'Improper Restriction of Rendered UI Layers or Frames', + status: 'Incomplete', + }, + { + id: 'CWE-1022', + name: 'Use of Web Link to Untrusted Target with window.opener Access', + status: 'Incomplete', + }, + { + id: 'CWE-1023', + name: 'Incomplete Comparison with Missing Factors', + status: 'Incomplete', + }, + { + id: 'CWE-1024', + name: 'Comparison of Incompatible Types', + status: 'Incomplete', + }, + { + id: 'CWE-1025', + name: 'Comparison Using Wrong Factors', + status: 'Incomplete', + }, + { + id: 'CWE-103', + name: 'Struts: Incomplete validate() Method Definition', + status: 'Draft', + }, + { + id: 'CWE-1037', + name: 'Processor Optimization Removal or Modification of Security-critical Code', + status: 'Incomplete', + }, + { + id: 'CWE-1038', + name: 'Insecure Automated Optimizations', + status: 'Draft', + }, + { + id: 'CWE-1039', + name: 'Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations', + status: 'Incomplete', + }, + { + id: 'CWE-104', + name: 'Struts: Form Bean Does Not Extend Validation Class', + status: 'Draft', + }, + { id: 'CWE-1041', name: 'Use of Redundant Code', status: 'Incomplete' }, + { + id: 'CWE-1042', + name: 'Static Member Data Element outside of a Singleton Class Element', + status: 'Incomplete', + }, + { + id: 'CWE-1043', + name: 'Data Element Aggregating an Excessively Large Number of Non-Primitive Elements', + status: 'Incomplete', + }, + { + id: 'CWE-1044', + name: 'Architecture with Number of Horizontal Layers Outside of Expected Range', + status: 'Incomplete', + }, + { + id: 'CWE-1045', + name: 'Parent Class with a Virtual Destructor and a Child Class without a Virtual Destructor', + status: 'Incomplete', + }, + { + id: 'CWE-1046', + name: 'Creation of Immutable Text Using String Concatenation', + status: 'Incomplete', + }, + { + id: 'CWE-1047', + name: 'Modules with Circular Dependencies', + status: 'Incomplete', + }, + { + id: 'CWE-1048', + name: 'Invokable Control Element with Large Number of Outward Calls', + status: 'Incomplete', + }, + { + id: 'CWE-1049', + name: 'Excessive Data Query Operations in a Large Data Table', + status: 'Incomplete', + }, + { + id: 'CWE-105', + name: 'Struts: Form Field Without Validator', + status: 'Draft', + }, + { + id: 'CWE-1050', + name: 'Excessive Platform Resource Consumption within a Loop', + status: 'Incomplete', + }, + { + id: 'CWE-1051', + name: 'Initialization with Hard-Coded Network Resource Configuration Data', + status: 'Incomplete', + }, + { + id: 'CWE-1052', + name: 'Excessive Use of Hard-Coded Literals in Initialization', + status: 'Incomplete', + }, + { + id: 'CWE-1053', + name: 'Missing Documentation for Design', + status: 'Incomplete', + }, + { + id: 'CWE-1054', + name: 'Invocation of a Control Element at an Unnecessarily Deep Horizontal Layer', + status: 'Incomplete', + }, + { + id: 'CWE-1055', + name: 'Multiple Inheritance from Concrete Classes', + status: 'Incomplete', + }, + { + id: 'CWE-1056', + name: 'Invokable Control Element with Variadic Parameters', + status: 'Incomplete', + }, + { + id: 'CWE-1057', + name: 'Data Access Operations Outside of Expected Data Manager Component', + status: 'Incomplete', + }, + { + id: 'CWE-1058', + name: 'Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element', + status: 'Incomplete', + }, + { + id: 'CWE-1059', + name: 'Insufficient Technical Documentation', + status: 'Incomplete', + }, + { + id: 'CWE-106', + name: 'Struts: Plug-in Framework not in Use', + status: 'Draft', + }, + { + id: 'CWE-1060', + name: 'Excessive Number of Inefficient Server-Side Data Accesses', + status: 'Incomplete', + }, + { + id: 'CWE-1061', + name: 'Insufficient Encapsulation', + status: 'Incomplete', + }, + { + id: 'CWE-1062', + name: 'Parent Class with References to Child Class', + status: 'Incomplete', + }, + { + id: 'CWE-1063', + name: 'Creation of Class Instance within a Static Code Block', + status: 'Incomplete', + }, + { + id: 'CWE-1064', + name: 'Invokable Control Element with Signature Containing an Excessive Number of Parameters', + status: 'Incomplete', + }, + { + id: 'CWE-1065', + name: 'Runtime Resource Management Control Element in a Component Built to Run on Application Servers', + status: 'Incomplete', + }, + { + id: 'CWE-1066', + name: 'Missing Serialization Control Element', + status: 'Incomplete', + }, + { + id: 'CWE-1067', + name: 'Excessive Execution of Sequential Searches of Data Resource', + status: 'Incomplete', + }, + { + id: 'CWE-1068', + name: 'Inconsistency Between Implementation and Documented Design', + status: 'Incomplete', + }, + { id: 'CWE-1069', name: 'Empty Exception Block', status: 'Incomplete' }, + { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, + { + id: 'CWE-1070', + name: 'Serializable Data Element Containing non-Serializable Item Elements', + status: 'Incomplete', + }, + { id: 'CWE-1071', name: 'Empty Code Block', status: 'Incomplete' }, + { + id: 'CWE-1072', + name: 'Data Resource Access without Use of Connection Pooling', + status: 'Incomplete', + }, + { + id: 'CWE-1073', + name: 'Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses', + status: 'Incomplete', + }, + { + id: 'CWE-1074', + name: 'Class with Excessively Deep Inheritance', + status: 'Incomplete', + }, + { + id: 'CWE-1075', + name: 'Unconditional Control Flow Transfer outside of Switch Block', + status: 'Incomplete', + }, + { + id: 'CWE-1076', + name: 'Insufficient Adherence to Expected Conventions', + status: 'Incomplete', + }, + { + id: 'CWE-1077', + name: 'Floating Point Comparison with Incorrect Operator', + status: 'Incomplete', + }, + { + id: 'CWE-1078', + name: 'Inappropriate Source Code Style or Formatting', + status: 'Incomplete', + }, + { + id: 'CWE-1079', + name: 'Parent Class without Virtual Destructor Method', + status: 'Incomplete', + }, + { + id: 'CWE-108', + name: 'Struts: Unvalidated Action Form', + status: 'Incomplete', + }, + { + id: 'CWE-1080', + name: 'Source Code File with Excessive Number of Lines of Code', + status: 'Incomplete', + }, + { + id: 'CWE-1082', + name: 'Class Instance Self Destruction Control Element', + status: 'Incomplete', + }, + { + id: 'CWE-1083', + name: 'Data Access from Outside Expected Data Manager Component', + status: 'Incomplete', + }, + { + id: 'CWE-1084', + name: 'Invokable Control Element with Excessive File or Data Access Operations', + status: 'Incomplete', + }, + { + id: 'CWE-1085', + name: 'Invokable Control Element with Excessive Volume of Commented-out Code', + status: 'Incomplete', + }, + { + id: 'CWE-1086', + name: 'Class with Excessive Number of Child Classes', + status: 'Incomplete', + }, + { + id: 'CWE-1087', + name: 'Class with Virtual Method without a Virtual Destructor', + status: 'Incomplete', + }, + { + id: 'CWE-1088', + name: 'Synchronous Access of Remote Resource without Timeout', + status: 'Incomplete', + }, + { + id: 'CWE-1089', + name: 'Large Data Table with Excessive Number of Indices', + status: 'Incomplete', + }, + { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, + { + id: 'CWE-1090', + name: 'Method Containing Access of a Member Element from Another Class', + status: 'Incomplete', + }, + { + id: 'CWE-1091', + name: 'Use of Object without Invoking Destructor Method', + status: 'Incomplete', + }, + { + id: 'CWE-1092', + name: 'Use of Same Invokable Control Element in Multiple Architectural Layers', + status: 'Incomplete', + }, + { + id: 'CWE-1093', + name: 'Excessively Complex Data Representation', + status: 'Incomplete', + }, + { + id: 'CWE-1094', + name: 'Excessive Index Range Scan for a Data Resource', + status: 'Incomplete', + }, + { + id: 'CWE-1095', + name: 'Loop Condition Value Update within the Loop', + status: 'Incomplete', + }, + { + id: 'CWE-1096', + name: 'Singleton Class Instance Creation without Proper Locking or Synchronization', + status: 'Incomplete', + }, + { + id: 'CWE-1097', + name: 'Persistent Storable Data Element without Associated Comparison Control Element', + status: 'Incomplete', + }, + { + id: 'CWE-1098', + name: 'Data Element containing Pointer Item without Proper Copy Control Element', + status: 'Incomplete', + }, + { + id: 'CWE-1099', + name: 'Inconsistent Naming Conventions for Identifiers', + status: 'Incomplete', + }, + { + id: 'CWE-11', + name: 'ASP.NET Misconfiguration: Creating Debug Binary', + status: 'Draft', + }, + { + id: 'CWE-110', + name: 'Struts: Validator Without Form Field', + status: 'Draft', + }, + { + id: 'CWE-1100', + name: 'Insufficient Isolation of System-Dependent Functions', + status: 'Incomplete', + }, + { + id: 'CWE-1101', + name: 'Reliance on Runtime Component in Generated Code', + status: 'Incomplete', + }, + { + id: 'CWE-1102', + name: 'Reliance on Machine-Dependent Data Representation', + status: 'Incomplete', + }, + { + id: 'CWE-1103', + name: 'Use of Platform-Dependent Third Party Components', + status: 'Incomplete', + }, + { + id: 'CWE-1104', + name: 'Use of Unmaintained Third Party Components', + status: 'Incomplete', + }, + { + id: 'CWE-1105', + name: 'Insufficient Encapsulation of Machine-Dependent Functionality', + status: 'Incomplete', + }, + { + id: 'CWE-1106', + name: 'Insufficient Use of Symbolic Constants', + status: 'Incomplete', + }, + { + id: 'CWE-1107', + name: 'Insufficient Isolation of Symbolic Constant Definitions', + status: 'Incomplete', + }, + { + id: 'CWE-1108', + name: 'Excessive Reliance on Global Variables', + status: 'Incomplete', + }, + { + id: 'CWE-1109', + name: 'Use of Same Variable for Multiple Purposes', + status: 'Incomplete', + }, + { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, + { + id: 'CWE-1110', + name: 'Incomplete Design Documentation', + status: 'Incomplete', + }, + { + id: 'CWE-1111', + name: 'Incomplete I/O Documentation', + status: 'Incomplete', + }, + { + id: 'CWE-1112', + name: 'Incomplete Documentation of Program Execution', + status: 'Incomplete', + }, + { + id: 'CWE-1113', + name: 'Inappropriate Comment Style', + status: 'Incomplete', + }, + { + id: 'CWE-1114', + name: 'Inappropriate Whitespace Style', + status: 'Incomplete', + }, + { + id: 'CWE-1115', + name: 'Source Code Element without Standard Prologue', + status: 'Incomplete', + }, + { id: 'CWE-1116', name: 'Inaccurate Comments', status: 'Incomplete' }, + { + id: 'CWE-1117', + name: 'Callable with Insufficient Behavioral Summary', + status: 'Incomplete', + }, + { + id: 'CWE-1118', + name: 'Insufficient Documentation of Error Handling Techniques', + status: 'Incomplete', + }, + { + id: 'CWE-1119', + name: 'Excessive Use of Unconditional Branching', + status: 'Incomplete', + }, + { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, + { id: 'CWE-1120', name: 'Excessive Code Complexity', status: 'Incomplete' }, + { + id: 'CWE-1121', + name: 'Excessive McCabe Cyclomatic Complexity', + status: 'Incomplete', + }, + { + id: 'CWE-1122', + name: 'Excessive Halstead Complexity', + status: 'Incomplete', + }, + { + id: 'CWE-1123', + name: 'Excessive Use of Self-Modifying Code', + status: 'Incomplete', + }, + { id: 'CWE-1124', name: 'Excessively Deep Nesting', status: 'Incomplete' }, + { id: 'CWE-1125', name: 'Excessive Attack Surface', status: 'Incomplete' }, + { + id: 'CWE-1126', + name: 'Declaration of Variable with Unnecessarily Wide Scope', + status: 'Incomplete', + }, + { + id: 'CWE-1127', + name: 'Compilation with Insufficient Warnings or Errors', + status: 'Incomplete', + }, + { + id: 'CWE-113', + name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')", + status: 'Incomplete', + }, + { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, + { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, + { + id: 'CWE-116', + name: 'Improper Encoding or Escaping of Output', + status: 'Draft', + }, + { id: 'CWE-1164', name: 'Irrelevant Code', status: 'Incomplete' }, + { + id: 'CWE-117', + name: 'Improper Output Neutralization for Logs', + status: 'Draft', + }, + { + id: 'CWE-1173', + name: 'Improper Use of Validation Framework', + status: 'Draft', + }, + { + id: 'CWE-1174', + name: 'ASP.NET Misconfiguration: Improper Model Validation', + status: 'Draft', + }, + { + id: 'CWE-1176', + name: 'Inefficient CPU Computation', + status: 'Incomplete', + }, + { id: 'CWE-1177', name: 'Use of Prohibited Code', status: 'Incomplete' }, + { + id: 'CWE-118', + name: "Incorrect Access of Indexable Resource ('Range Error')", + status: 'Incomplete', + }, + { + id: 'CWE-1187', + name: 'DEPRECATED: Use of Uninitialized Resource', + status: 'Deprecated', + }, + { + id: 'CWE-1188', + name: 'Insecure Default Initialization of Resource', + status: 'Incomplete', + }, + { + id: 'CWE-1189', + name: 'Improper Isolation of Shared Resources on System-on-a-Chip (SoC)', + status: 'Stable', + }, + { + id: 'CWE-119', + name: 'Improper Restriction of Operations within the Bounds of a Memory Buffer', + status: 'Stable', + }, + { + id: 'CWE-1190', + name: 'DMA Device Enabled Too Early in Boot Phase', + status: 'Draft', + }, + { + id: 'CWE-1191', + name: 'On-Chip Debug and Test Interface With Improper Access Control', + status: 'Stable', + }, + { + id: 'CWE-1192', + name: 'System-on-Chip (SoC) Using Components without Unique, Immutable Identifiers', + status: 'Draft', + }, + { + id: 'CWE-1193', + name: 'Power-On of Untrusted Execution Core Before Enabling Fabric Access Control', + status: 'Draft', + }, + { + id: 'CWE-12', + name: 'ASP.NET Misconfiguration: Missing Custom Error Page', + status: 'Draft', + }, + { + id: 'CWE-120', + name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", + status: 'Incomplete', + }, + { + id: 'CWE-1204', + name: 'Generation of Weak Initialization Vector (IV)', + status: 'Incomplete', + }, + { + id: 'CWE-1209', + name: 'Failure to Disable Reserved Bits', + status: 'Incomplete', + }, + { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, + { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, + { + id: 'CWE-1220', + name: 'Insufficient Granularity of Access Control', + status: 'Incomplete', + }, + { + id: 'CWE-1221', + name: 'Incorrect Register Defaults or Module Parameters', + status: 'Incomplete', + }, + { + id: 'CWE-1222', + name: 'Insufficient Granularity of Address Regions Protected by Register Locks', + status: 'Incomplete', + }, + { + id: 'CWE-1223', + name: 'Race Condition for Write-Once Attributes', + status: 'Incomplete', + }, + { + id: 'CWE-1224', + name: 'Improper Restriction of Write-Once Bit Fields', + status: 'Incomplete', + }, + { + id: 'CWE-1229', + name: 'Creation of Emergent Resource', + status: 'Incomplete', + }, + { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, + { + id: 'CWE-1230', + name: 'Exposure of Sensitive Information Through Metadata', + status: 'Incomplete', + }, + { + id: 'CWE-1231', + name: 'Improper Prevention of Lock Bit Modification', + status: 'Stable', + }, + { + id: 'CWE-1232', + name: 'Improper Lock Behavior After Power State Transition', + status: 'Incomplete', + }, + { + id: 'CWE-1233', + name: 'Security-Sensitive Hardware Controls with Missing Lock Bit Protection', + status: 'Stable', + }, + { + id: 'CWE-1234', + name: 'Hardware Internal or Debug Modes Allow Override of Locks', + status: 'Incomplete', + }, + { + id: 'CWE-1235', + name: 'Incorrect Use of Autoboxing and Unboxing for Performance Critical Operations', + status: 'Incomplete', + }, + { + id: 'CWE-1236', + name: 'Improper Neutralization of Formula Elements in a CSV File', + status: 'Incomplete', + }, + { + id: 'CWE-1239', + name: 'Improper Zeroization of Hardware Register', + status: 'Draft', + }, + { + id: 'CWE-124', + name: "Buffer Underwrite ('Buffer Underflow')", + status: 'Incomplete', + }, + { + id: 'CWE-1240', + name: 'Use of a Cryptographic Primitive with a Risky Implementation', + status: 'Draft', + }, + { + id: 'CWE-1241', + name: 'Use of Predictable Algorithm in Random Number Generator', + status: 'Draft', + }, + { + id: 'CWE-1242', + name: 'Inclusion of Undocumented Features or Chicken Bits', + status: 'Incomplete', + }, + { + id: 'CWE-1243', + name: 'Sensitive Non-Volatile Information Not Protected During Debug', + status: 'Incomplete', + }, + { + id: 'CWE-1244', + name: 'Internal Asset Exposed to Unsafe Debug Access Level or State', + status: 'Stable', + }, + { + id: 'CWE-1245', + name: 'Improper Finite State Machines (FSMs) in Hardware Logic', + status: 'Incomplete', + }, + { + id: 'CWE-1246', + name: 'Improper Write Handling in Limited-write Non-Volatile Memories', + status: 'Incomplete', + }, + { + id: 'CWE-1247', + name: 'Improper Protection Against Voltage and Clock Glitches', + status: 'Stable', + }, + { + id: 'CWE-1248', + name: 'Semiconductor Defects in Hardware Logic with Security-Sensitive Implications', + status: 'Incomplete', + }, + { + id: 'CWE-1249', + name: 'Application-Level Admin Tool with Inconsistent View of Underlying Operating System', + status: 'Incomplete', + }, + { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, + { + id: 'CWE-1250', + name: 'Improper Preservation of Consistency Between Independent Representations of Shared State', + status: 'Incomplete', + }, + { + id: 'CWE-1251', + name: 'Mirrored Regions with Different Values', + status: 'Incomplete', + }, + { + id: 'CWE-1252', + name: 'CPU Hardware Not Configured to Support Exclusivity of Write and Execute Operations', + status: 'Incomplete', + }, + { + id: 'CWE-1253', + name: 'Incorrect Selection of Fuse Values', + status: 'Draft', + }, + { + id: 'CWE-1254', + name: 'Incorrect Comparison Logic Granularity', + status: 'Draft', + }, + { + id: 'CWE-1255', + name: 'Comparison Logic is Vulnerable to Power Side-Channel Attacks', + status: 'Draft', + }, + { + id: 'CWE-1256', + name: 'Improper Restriction of Software Interfaces to Hardware Features', + status: 'Stable', + }, + { + id: 'CWE-1257', + name: 'Improper Access Control Applied to Mirrored or Aliased Memory Regions', + status: 'Incomplete', + }, + { + id: 'CWE-1258', + name: 'Exposure of Sensitive System Information Due to Uncleared Debug Information', + status: 'Draft', + }, + { + id: 'CWE-1259', + name: 'Improper Restriction of Security Token Assignment', + status: 'Incomplete', + }, + { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, + { + id: 'CWE-1260', + name: 'Improper Handling of Overlap Between Protected Memory Ranges', + status: 'Stable', + }, + { + id: 'CWE-1261', + name: 'Improper Handling of Single Event Upsets', + status: 'Draft', + }, + { + id: 'CWE-1262', + name: 'Improper Access Control for Register Interface', + status: 'Stable', + }, + { + id: 'CWE-1263', + name: 'Improper Physical Access Control', + status: 'Incomplete', + }, + { + id: 'CWE-1264', + name: 'Hardware Logic with Insecure De-Synchronization between Control and Data Channels', + status: 'Incomplete', + }, + { + id: 'CWE-1265', + name: 'Unintended Reentrant Invocation of Non-reentrant Code Via Nested Calls', + status: 'Draft', + }, + { + id: 'CWE-1266', + name: 'Improper Scrubbing of Sensitive Data from Decommissioned Device', + status: 'Incomplete', + }, + { id: 'CWE-1267', name: 'Policy Uses Obsolete Encoding', status: 'Draft' }, + { + id: 'CWE-1268', + name: 'Policy Privileges are not Assigned Consistently Between Control and Data Agents', + status: 'Draft', + }, + { + id: 'CWE-1269', + name: 'Product Released in Non-Release Configuration', + status: 'Incomplete', + }, + { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, + { + id: 'CWE-1270', + name: 'Generation of Incorrect Security Tokens', + status: 'Incomplete', + }, + { + id: 'CWE-1271', + name: 'Uninitialized Value on Reset for Registers Holding Security Settings', + status: 'Incomplete', + }, + { + id: 'CWE-1272', + name: 'Sensitive Information Uncleared Before Debug/Power State Transition', + status: 'Stable', + }, + { + id: 'CWE-1273', + name: 'Device Unlock Credential Sharing', + status: 'Incomplete', + }, + { + id: 'CWE-1274', + name: 'Improper Access Control for Volatile Memory Containing Boot Code', + status: 'Stable', + }, + { + id: 'CWE-1275', + name: 'Sensitive Cookie with Improper SameSite Attribute', + status: 'Incomplete', + }, + { + id: 'CWE-1276', + name: 'Hardware Child Block Incorrectly Connected to Parent System', + status: 'Incomplete', + }, + { id: 'CWE-1277', name: 'Firmware Not Updateable', status: 'Draft' }, + { + id: 'CWE-1278', + name: 'Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques', + status: 'Incomplete', + }, + { + id: 'CWE-1279', + name: 'Cryptographic Operations are run Before Supporting Units are Ready', + status: 'Incomplete', + }, + { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, + { + id: 'CWE-1280', + name: 'Access Control Check Implemented After Asset is Accessed', + status: 'Incomplete', + }, + { + id: 'CWE-1281', + name: 'Sequence of Processor Instructions Leads to Unexpected Behavior', + status: 'Incomplete', + }, + { + id: 'CWE-1282', + name: 'Assumed-Immutable Data is Stored in Writable Memory', + status: 'Incomplete', + }, + { + id: 'CWE-1283', + name: 'Mutable Attestation or Measurement Reporting Data', + status: 'Incomplete', + }, + { + id: 'CWE-1284', + name: 'Improper Validation of Specified Quantity in Input', + status: 'Incomplete', + }, + { + id: 'CWE-1285', + name: 'Improper Validation of Specified Index, Position, or Offset in Input', + status: 'Incomplete', + }, + { + id: 'CWE-1286', + name: 'Improper Validation of Syntactic Correctness of Input', + status: 'Incomplete', + }, + { + id: 'CWE-1287', + name: 'Improper Validation of Specified Type of Input', + status: 'Incomplete', + }, + { + id: 'CWE-1288', + name: 'Improper Validation of Consistency within Input', + status: 'Incomplete', + }, + { + id: 'CWE-1289', + name: 'Improper Validation of Unsafe Equivalence in Input', + status: 'Incomplete', + }, + { + id: 'CWE-129', + name: 'Improper Validation of Array Index', + status: 'Draft', + }, + { + id: 'CWE-1290', + name: 'Incorrect Decoding of Security Identifiers ', + status: 'Incomplete', + }, + { + id: 'CWE-1291', + name: 'Public Key Re-Use for Signing both Debug and Production Code', + status: 'Draft', + }, + { + id: 'CWE-1292', + name: 'Incorrect Conversion of Security Identifiers', + status: 'Draft', + }, + { + id: 'CWE-1293', + name: 'Missing Source Correlation of Multiple Independent Data', + status: 'Draft', + }, + { + id: 'CWE-1294', + name: 'Insecure Security Identifier Mechanism', + status: 'Incomplete', + }, + { + id: 'CWE-1295', + name: 'Debug Messages Revealing Unnecessary Information', + status: 'Incomplete', + }, + { + id: 'CWE-1296', + name: 'Incorrect Chaining or Granularity of Debug Components', + status: 'Incomplete', + }, + { + id: 'CWE-1297', + name: 'Unprotected Confidential Information on Device is Accessible by OSAT Vendors', + status: 'Incomplete', + }, + { + id: 'CWE-1298', + name: 'Hardware Logic Contains Race Conditions', + status: 'Draft', + }, + { + id: 'CWE-1299', + name: 'Missing Protection Mechanism for Alternate Hardware Interface', + status: 'Draft', + }, + { + id: 'CWE-13', + name: 'ASP.NET Misconfiguration: Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-130', + name: 'Improper Handling of Length Parameter Inconsistency', + status: 'Incomplete', + }, + { + id: 'CWE-1300', + name: 'Improper Protection of Physical Side Channels', + status: 'Stable', + }, + { + id: 'CWE-1301', + name: 'Insufficient or Incomplete Data Removal within Hardware Component', + status: 'Incomplete', + }, + { + id: 'CWE-1302', + name: 'Missing Security Identifier', + status: 'Incomplete', + }, + { + id: 'CWE-1303', + name: 'Non-Transparent Sharing of Microarchitectural Resources', + status: 'Draft', + }, + { + id: 'CWE-1304', + name: 'Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation', + status: 'Draft', + }, + { + id: 'CWE-131', + name: 'Incorrect Calculation of Buffer Size', + status: 'Draft', + }, + { + id: 'CWE-1310', + name: 'Missing Ability to Patch ROM Code', + status: 'Draft', + }, + { + id: 'CWE-1311', + name: 'Improper Translation of Security Attributes by Fabric Bridge', + status: 'Draft', + }, + { + id: 'CWE-1312', + name: 'Missing Protection for Mirrored Regions in On-Chip Fabric Firewall', + status: 'Draft', + }, + { + id: 'CWE-1313', + name: 'Hardware Allows Activation of Test or Debug Logic at Runtime', + status: 'Draft', + }, + { + id: 'CWE-1314', + name: 'Missing Write Protection for Parametric Data Values', + status: 'Draft', + }, + { + id: 'CWE-1315', + name: 'Improper Setting of Bus Controlling Capability in Fabric End-point', + status: 'Incomplete', + }, + { + id: 'CWE-1316', + name: 'Fabric-Address Map Allows Programming of Unwarranted Overlaps of Protected and Unprotected Ranges', + status: 'Draft', + }, + { + id: 'CWE-1317', + name: 'Improper Access Control in Fabric Bridge', + status: 'Draft', + }, + { + id: 'CWE-1318', + name: 'Missing Support for Security Features in On-chip Fabrics or Buses', + status: 'Incomplete', + }, + { + id: 'CWE-1319', + name: 'Improper Protection against Electromagnetic Fault Injection (EM-FI)', + status: 'Incomplete', + }, + { + id: 'CWE-132', + name: 'DEPRECATED: Miscalculated Null Termination', + status: 'Deprecated', + }, + { + id: 'CWE-1320', + name: 'Improper Protection for Outbound Error Messages and Alert Signals', + status: 'Draft', + }, + { + id: 'CWE-1321', + name: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", + status: 'Incomplete', + }, + { + id: 'CWE-1322', + name: 'Use of Blocking Code in Single-threaded, Non-blocking Context', + status: 'Incomplete', + }, + { + id: 'CWE-1323', + name: 'Improper Management of Sensitive Trace Data', + status: 'Draft', + }, + { + id: 'CWE-1324', + name: 'DEPRECATED: Sensitive Information Accessible by Physical Probing of JTAG Interface', + status: 'Deprecated', + }, + { + id: 'CWE-1325', + name: 'Improperly Controlled Sequential Memory Allocation', + status: 'Incomplete', + }, + { + id: 'CWE-1326', + name: 'Missing Immutable Root of Trust in Hardware', + status: 'Draft', + }, + { + id: 'CWE-1327', + name: 'Binding to an Unrestricted IP Address', + status: 'Incomplete', + }, + { + id: 'CWE-1328', + name: 'Security Version Number Mutable to Older Versions', + status: 'Draft', + }, + { + id: 'CWE-1329', + name: 'Reliance on Component That is Not Updateable', + status: 'Incomplete', + }, + { + id: 'CWE-1330', + name: 'Remanent Data Readable after Memory Erase', + status: 'Draft', + }, + { + id: 'CWE-1331', + name: 'Improper Isolation of Shared Resources in Network On Chip (NoC)', + status: 'Stable', + }, + { + id: 'CWE-1332', + name: 'Improper Handling of Faults that Lead to Instruction Skips', + status: 'Stable', + }, + { + id: 'CWE-1333', + name: 'Inefficient Regular Expression Complexity', + status: 'Draft', + }, + { + id: 'CWE-1334', + name: 'Unauthorized Error Injection Can Degrade Hardware Redundancy', + status: 'Draft', + }, + { + id: 'CWE-1335', + name: 'Incorrect Bitwise Shift of Integer', + status: 'Draft', + }, + { + id: 'CWE-1336', + name: 'Improper Neutralization of Special Elements Used in a Template Engine', + status: 'Incomplete', + }, + { + id: 'CWE-1338', + name: 'Improper Protections Against Hardware Overheating', + status: 'Draft', + }, + { + id: 'CWE-1339', + name: 'Insufficient Precision or Accuracy of a Real Number', + status: 'Draft', + }, + { + id: 'CWE-134', + name: 'Use of Externally-Controlled Format String', + status: 'Draft', + }, + { + id: 'CWE-1341', + name: 'Multiple Releases of Same Resource or Handle', + status: 'Incomplete', + }, + { + id: 'CWE-1342', + name: 'Information Exposure through Microarchitectural State after Transient Execution', + status: 'Incomplete', + }, + { + id: 'CWE-135', + name: 'Incorrect Calculation of Multi-Byte String Length', + status: 'Draft', + }, + { + id: 'CWE-1351', + name: 'Improper Handling of Hardware Behavior in Exceptionally Cold Environments', + status: 'Incomplete', + }, + { + id: 'CWE-1357', + name: 'Reliance on Insufficiently Trustworthy Component', + status: 'Incomplete', + }, + { + id: 'CWE-138', + name: 'Improper Neutralization of Special Elements', + status: 'Draft', + }, + { + id: 'CWE-1384', + name: 'Improper Handling of Physical or Environmental Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-1385', + name: 'Missing Origin Validation in WebSockets', + status: 'Incomplete', + }, + { + id: 'CWE-1386', + name: 'Insecure Operation on Windows Junction / Mount Point', + status: 'Incomplete', + }, + { + id: 'CWE-1389', + name: 'Incorrect Parsing of Numbers with Different Radices', + status: 'Incomplete', + }, + { id: 'CWE-1390', name: 'Weak Authentication', status: 'Incomplete' }, + { id: 'CWE-1391', name: 'Use of Weak Credentials', status: 'Incomplete' }, + { + id: 'CWE-1392', + name: 'Use of Default Credentials', + status: 'Incomplete', + }, + { id: 'CWE-1393', name: 'Use of Default Password', status: 'Incomplete' }, + { + id: 'CWE-1394', + name: 'Use of Default Cryptographic Key', + status: 'Incomplete', + }, + { + id: 'CWE-1395', + name: 'Dependency on Vulnerable Third-Party Component', + status: 'Incomplete', + }, + { + id: 'CWE-14', + name: 'Compiler Removal of Code to Clear Buffers', + status: 'Draft', + }, + { + id: 'CWE-140', + name: 'Improper Neutralization of Delimiters', + status: 'Draft', + }, + { + id: 'CWE-141', + name: 'Improper Neutralization of Parameter/Argument Delimiters', + status: 'Draft', + }, + { + id: 'CWE-142', + name: 'Improper Neutralization of Value Delimiters', + status: 'Draft', + }, + { + id: 'CWE-143', + name: 'Improper Neutralization of Record Delimiters', + status: 'Draft', + }, + { + id: 'CWE-144', + name: 'Improper Neutralization of Line Delimiters', + status: 'Draft', + }, + { + id: 'CWE-145', + name: 'Improper Neutralization of Section Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-146', + name: 'Improper Neutralization of Expression/Command Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-147', + name: 'Improper Neutralization of Input Terminators', + status: 'Draft', + }, + { + id: 'CWE-148', + name: 'Improper Neutralization of Input Leaders', + status: 'Draft', + }, + { + id: 'CWE-149', + name: 'Improper Neutralization of Quoting Syntax', + status: 'Draft', + }, + { + id: 'CWE-15', + name: 'External Control of System or Configuration Setting', + status: 'Incomplete', + }, + { + id: 'CWE-150', + name: 'Improper Neutralization of Escape, Meta, or Control Sequences', + status: 'Incomplete', + }, + { + id: 'CWE-151', + name: 'Improper Neutralization of Comment Delimiters', + status: 'Draft', + }, + { + id: 'CWE-152', + name: 'Improper Neutralization of Macro Symbols', + status: 'Draft', + }, + { + id: 'CWE-153', + name: 'Improper Neutralization of Substitution Characters', + status: 'Draft', + }, + { + id: 'CWE-154', + name: 'Improper Neutralization of Variable Name Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-155', + name: 'Improper Neutralization of Wildcards or Matching Symbols', + status: 'Draft', + }, + { + id: 'CWE-156', + name: 'Improper Neutralization of Whitespace', + status: 'Draft', + }, + { + id: 'CWE-157', + name: 'Failure to Sanitize Paired Delimiters', + status: 'Draft', + }, + { + id: 'CWE-158', + name: 'Improper Neutralization of Null Byte or NUL Character', + status: 'Incomplete', + }, + { + id: 'CWE-159', + name: 'Improper Handling of Invalid Use of Special Elements', + status: 'Draft', + }, + { + id: 'CWE-160', + name: 'Improper Neutralization of Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-161', + name: 'Improper Neutralization of Multiple Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-162', + name: 'Improper Neutralization of Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-163', + name: 'Improper Neutralization of Multiple Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-164', + name: 'Improper Neutralization of Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-165', + name: 'Improper Neutralization of Multiple Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-166', + name: 'Improper Handling of Missing Special Element', + status: 'Draft', + }, + { + id: 'CWE-167', + name: 'Improper Handling of Additional Special Element', + status: 'Draft', + }, + { + id: 'CWE-168', + name: 'Improper Handling of Inconsistent Special Elements', + status: 'Draft', + }, + { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, + { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, + { + id: 'CWE-173', + name: 'Improper Handling of Alternate Encoding', + status: 'Draft', + }, + { + id: 'CWE-174', + name: 'Double Decoding of the Same Data', + status: 'Draft', + }, + { + id: 'CWE-175', + name: 'Improper Handling of Mixed Encoding', + status: 'Draft', + }, + { + id: 'CWE-176', + name: 'Improper Handling of Unicode Encoding', + status: 'Draft', + }, + { + id: 'CWE-177', + name: 'Improper Handling of URL Encoding (Hex Encoding)', + status: 'Draft', + }, + { + id: 'CWE-178', + name: 'Improper Handling of Case Sensitivity', + status: 'Incomplete', + }, + { + id: 'CWE-179', + name: 'Incorrect Behavior Order: Early Validation', + status: 'Incomplete', + }, + { + id: 'CWE-180', + name: 'Incorrect Behavior Order: Validate Before Canonicalize', + status: 'Draft', + }, + { + id: 'CWE-181', + name: 'Incorrect Behavior Order: Validate Before Filter', + status: 'Draft', + }, + { + id: 'CWE-182', + name: 'Collapse of Data into Unsafe Value', + status: 'Draft', + }, + { + id: 'CWE-183', + name: 'Permissive List of Allowed Inputs', + status: 'Draft', + }, + { + id: 'CWE-184', + name: 'Incomplete List of Disallowed Inputs', + status: 'Draft', + }, + { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, + { + id: 'CWE-186', + name: 'Overly Restrictive Regular Expression', + status: 'Draft', + }, + { id: 'CWE-187', name: 'Partial String Comparison', status: 'Incomplete' }, + { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, + { id: 'CWE-190', name: 'Integer Overflow or Wraparound', status: 'Stable' }, + { + id: 'CWE-191', + name: 'Integer Underflow (Wrap or Wraparound)', + status: 'Draft', + }, + { id: 'CWE-192', name: 'Integer Coercion Error', status: 'Incomplete' }, + { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, + { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, + { + id: 'CWE-195', + name: 'Signed to Unsigned Conversion Error', + status: 'Draft', + }, + { + id: 'CWE-196', + name: 'Unsigned to Signed Conversion Error', + status: 'Draft', + }, + { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, + { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, + { id: 'CWE-20', name: 'Improper Input Validation', status: 'Stable' }, + { + id: 'CWE-200', + name: 'Exposure of Sensitive Information to an Unauthorized Actor', + status: 'Draft', + }, + { + id: 'CWE-201', + name: 'Insertion of Sensitive Information Into Sent Data', + status: 'Draft', + }, + { + id: 'CWE-202', + name: 'Exposure of Sensitive Information Through Data Queries', + status: 'Draft', + }, + { id: 'CWE-203', name: 'Observable Discrepancy', status: 'Incomplete' }, + { + id: 'CWE-204', + name: 'Observable Response Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-205', + name: 'Observable Behavioral Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-206', + name: 'Observable Internal Behavioral Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-207', + name: 'Observable Behavioral Discrepancy With Equivalent Products', + status: 'Draft', + }, + { + id: 'CWE-208', + name: 'Observable Timing Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-209', + name: 'Generation of Error Message Containing Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-210', + name: 'Self-generated Error Message Containing Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-211', + name: 'Externally-Generated Error Message Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-212', + name: 'Improper Removal of Sensitive Information Before Storage or Transfer', + status: 'Incomplete', + }, + { + id: 'CWE-213', + name: 'Exposure of Sensitive Information Due to Incompatible Policies', + status: 'Draft', + }, + { + id: 'CWE-214', + name: 'Invocation of Process Using Visible Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-215', + name: 'Insertion of Sensitive Information Into Debugging Code', + status: 'Draft', + }, + { + id: 'CWE-216', + name: 'DEPRECATED: Containment Errors (Container Errors)', + status: 'Deprecated', + }, + { + id: 'CWE-217', + name: 'DEPRECATED: Failure to Protect Stored Data from Modification', + status: 'Deprecated', + }, + { + id: 'CWE-218', + name: 'DEPRECATED: Failure to provide confidentiality for stored data', + status: 'Deprecated', + }, + { + id: 'CWE-219', + name: 'Storage of File with Sensitive Data Under Web Root', + status: 'Draft', + }, + { + id: 'CWE-22', + name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + status: 'Stable', + }, + { + id: 'CWE-220', + name: 'Storage of File With Sensitive Data Under FTP Root', + status: 'Draft', + }, + { + id: 'CWE-221', + name: 'Information Loss or Omission', + status: 'Incomplete', + }, + { + id: 'CWE-222', + name: 'Truncation of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-223', + name: 'Omission of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-224', + name: 'Obscured Security-relevant Information by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-225', + name: 'DEPRECATED: General Information Management Problems', + status: 'Deprecated', + }, + { + id: 'CWE-226', + name: 'Sensitive Information in Resource Not Removed Before Reuse', + status: 'Draft', + }, + { + id: 'CWE-228', + name: 'Improper Handling of Syntactically Invalid Structure', + status: 'Incomplete', + }, + { + id: 'CWE-229', + name: 'Improper Handling of Values', + status: 'Incomplete', + }, + { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, + { + id: 'CWE-230', + name: 'Improper Handling of Missing Values', + status: 'Draft', + }, + { + id: 'CWE-231', + name: 'Improper Handling of Extra Values', + status: 'Draft', + }, + { + id: 'CWE-232', + name: 'Improper Handling of Undefined Values', + status: 'Draft', + }, + { + id: 'CWE-233', + name: 'Improper Handling of Parameters', + status: 'Incomplete', + }, + { + id: 'CWE-234', + name: 'Failure to Handle Missing Parameter', + status: 'Incomplete', + }, + { + id: 'CWE-235', + name: 'Improper Handling of Extra Parameters', + status: 'Draft', + }, + { + id: 'CWE-236', + name: 'Improper Handling of Undefined Parameters', + status: 'Draft', + }, + { + id: 'CWE-237', + name: 'Improper Handling of Structural Elements', + status: 'Incomplete', + }, + { + id: 'CWE-238', + name: 'Improper Handling of Incomplete Structural Elements', + status: 'Draft', + }, + { + id: 'CWE-239', + name: 'Failure to Handle Incomplete Element', + status: 'Draft', + }, + { + id: 'CWE-24', + name: "Path Traversal: '../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-240', + name: 'Improper Handling of Inconsistent Structural Elements', + status: 'Draft', + }, + { + id: 'CWE-241', + name: 'Improper Handling of Unexpected Data Type', + status: 'Draft', + }, + { + id: 'CWE-242', + name: 'Use of Inherently Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-243', + name: 'Creation of chroot Jail Without Changing Working Directory', + status: 'Draft', + }, + { + id: 'CWE-244', + name: "Improper Clearing of Heap Memory Before Release ('Heap Inspection')", + status: 'Draft', + }, + { + id: 'CWE-245', + name: 'J2EE Bad Practices: Direct Management of Connections', + status: 'Draft', + }, + { + id: 'CWE-246', + name: 'J2EE Bad Practices: Direct Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-247', + name: 'DEPRECATED: Reliance on DNS Lookups in a Security Decision', + status: 'Deprecated', + }, + { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, + { + id: 'CWE-249', + name: 'DEPRECATED: Often Misused: Path Manipulation', + status: 'Deprecated', + }, + { + id: 'CWE-25', + name: "Path Traversal: '/../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-250', + name: 'Execution with Unnecessary Privileges', + status: 'Draft', + }, + { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, + { + id: 'CWE-253', + name: 'Incorrect Check of Function Return Value', + status: 'Incomplete', + }, + { + id: 'CWE-256', + name: 'Plaintext Storage of a Password', + status: 'Incomplete', + }, + { + id: 'CWE-257', + name: 'Storing Passwords in a Recoverable Format', + status: 'Incomplete', + }, + { + id: 'CWE-258', + name: 'Empty Password in Configuration File', + status: 'Incomplete', + }, + { id: 'CWE-259', name: 'Use of Hard-coded Password', status: 'Draft' }, + { + id: 'CWE-26', + name: "Path Traversal: '/dir/../filename'", + status: 'Draft', + }, + { + id: 'CWE-260', + name: 'Password in Configuration File', + status: 'Incomplete', + }, + { id: 'CWE-261', name: 'Weak Encoding for Password', status: 'Incomplete' }, + { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, + { + id: 'CWE-263', + name: 'Password Aging with Long Expiration', + status: 'Draft', + }, + { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, + { + id: 'CWE-267', + name: 'Privilege Defined With Unsafe Actions', + status: 'Incomplete', + }, + { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, + { id: 'CWE-269', name: 'Improper Privilege Management', status: 'Draft' }, + { + id: 'CWE-27', + name: "Path Traversal: 'dir/../../filename'", + status: 'Draft', + }, + { + id: 'CWE-270', + name: 'Privilege Context Switching Error', + status: 'Draft', + }, + { + id: 'CWE-271', + name: 'Privilege Dropping / Lowering Errors', + status: 'Incomplete', + }, + { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, + { + id: 'CWE-273', + name: 'Improper Check for Dropped Privileges', + status: 'Incomplete', + }, + { + id: 'CWE-274', + name: 'Improper Handling of Insufficient Privileges', + status: 'Draft', + }, + { id: 'CWE-276', name: 'Incorrect Default Permissions', status: 'Draft' }, + { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, + { + id: 'CWE-278', + name: 'Insecure Preserved Inherited Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-279', + name: 'Incorrect Execution-Assigned Permissions', + status: 'Draft', + }, + { + id: 'CWE-28', + name: "Path Traversal: '..\\filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-280', + name: 'Improper Handling of Insufficient Permissions or Privileges ', + status: 'Draft', + }, + { + id: 'CWE-281', + name: 'Improper Preservation of Permissions', + status: 'Draft', + }, + { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, + { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, + { id: 'CWE-284', name: 'Improper Access Control', status: 'Incomplete' }, + { id: 'CWE-285', name: 'Improper Authorization', status: 'Draft' }, + { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, + { id: 'CWE-287', name: 'Improper Authentication', status: 'Draft' }, + { + id: 'CWE-288', + name: 'Authentication Bypass Using an Alternate Path or Channel', + status: 'Incomplete', + }, + { + id: 'CWE-289', + name: 'Authentication Bypass by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-29', + name: "Path Traversal: '\\..\\filename'", + status: 'Incomplete', + }, + { + id: 'CWE-290', + name: 'Authentication Bypass by Spoofing', + status: 'Incomplete', + }, + { + id: 'CWE-291', + name: 'Reliance on IP Address for Authentication', + status: 'Incomplete', + }, + { + id: 'CWE-292', + name: 'DEPRECATED: Trusting Self-reported DNS Name', + status: 'Deprecated', + }, + { + id: 'CWE-293', + name: 'Using Referer Field for Authentication', + status: 'Draft', + }, + { + id: 'CWE-294', + name: 'Authentication Bypass by Capture-replay', + status: 'Incomplete', + }, + { id: 'CWE-295', name: 'Improper Certificate Validation', status: 'Draft' }, + { + id: 'CWE-296', + name: "Improper Following of a Certificate's Chain of Trust", + status: 'Draft', + }, + { + id: 'CWE-297', + name: 'Improper Validation of Certificate with Host Mismatch', + status: 'Incomplete', + }, + { + id: 'CWE-298', + name: 'Improper Validation of Certificate Expiration', + status: 'Draft', + }, + { + id: 'CWE-299', + name: 'Improper Check for Certificate Revocation', + status: 'Draft', + }, + { + id: 'CWE-30', + name: "Path Traversal: '\\dir\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-300', + name: 'Channel Accessible by Non-Endpoint', + status: 'Draft', + }, + { + id: 'CWE-301', + name: 'Reflection Attack in an Authentication Protocol', + status: 'Draft', + }, + { + id: 'CWE-302', + name: 'Authentication Bypass by Assumed-Immutable Data', + status: 'Incomplete', + }, + { + id: 'CWE-303', + name: 'Incorrect Implementation of Authentication Algorithm', + status: 'Draft', + }, + { + id: 'CWE-304', + name: 'Missing Critical Step in Authentication', + status: 'Draft', + }, + { + id: 'CWE-305', + name: 'Authentication Bypass by Primary Weakness', + status: 'Draft', + }, + { + id: 'CWE-306', + name: 'Missing Authentication for Critical Function', + status: 'Draft', + }, + { + id: 'CWE-307', + name: 'Improper Restriction of Excessive Authentication Attempts', + status: 'Draft', + }, + { + id: 'CWE-308', + name: 'Use of Single-factor Authentication', + status: 'Draft', + }, + { + id: 'CWE-309', + name: 'Use of Password System for Primary Authentication', + status: 'Draft', + }, + { + id: 'CWE-31', + name: "Path Traversal: 'dir\\..\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-311', + name: 'Missing Encryption of Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-312', + name: 'Cleartext Storage of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-313', + name: 'Cleartext Storage in a File or on Disk', + status: 'Draft', + }, + { + id: 'CWE-314', + name: 'Cleartext Storage in the Registry', + status: 'Draft', + }, + { + id: 'CWE-315', + name: 'Cleartext Storage of Sensitive Information in a Cookie', + status: 'Draft', + }, + { + id: 'CWE-316', + name: 'Cleartext Storage of Sensitive Information in Memory', + status: 'Draft', + }, + { + id: 'CWE-317', + name: 'Cleartext Storage of Sensitive Information in GUI', + status: 'Draft', + }, + { + id: 'CWE-318', + name: 'Cleartext Storage of Sensitive Information in Executable', + status: 'Draft', + }, + { + id: 'CWE-319', + name: 'Cleartext Transmission of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-32', + name: "Path Traversal: '...' (Triple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-321', + name: 'Use of Hard-coded Cryptographic Key', + status: 'Draft', + }, + { + id: 'CWE-322', + name: 'Key Exchange without Entity Authentication', + status: 'Draft', + }, + { + id: 'CWE-323', + name: 'Reusing a Nonce, Key Pair in Encryption', + status: 'Incomplete', + }, + { + id: 'CWE-324', + name: 'Use of a Key Past its Expiration Date', + status: 'Draft', + }, + { id: 'CWE-325', name: 'Missing Cryptographic Step', status: 'Draft' }, + { id: 'CWE-326', name: 'Inadequate Encryption Strength', status: 'Draft' }, + { + id: 'CWE-327', + name: 'Use of a Broken or Risky Cryptographic Algorithm', + status: 'Draft', + }, + { id: 'CWE-328', name: 'Use of Weak Hash', status: 'Draft' }, + { + id: 'CWE-329', + name: 'Generation of Predictable IV with CBC Mode', + status: 'Draft', + }, + { + id: 'CWE-33', + name: "Path Traversal: '....' (Multiple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-330', + name: 'Use of Insufficiently Random Values', + status: 'Stable', + }, + { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, + { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, + { + id: 'CWE-333', + name: 'Improper Handling of Insufficient Entropy in TRNG', + status: 'Draft', + }, + { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, + { + id: 'CWE-335', + name: 'Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + }, + { + id: 'CWE-336', + name: 'Same Seed in Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + }, + { + id: 'CWE-337', + name: 'Predictable Seed in Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + }, + { + id: 'CWE-338', + name: 'Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + }, + { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, + { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, + { + id: 'CWE-340', + name: 'Generation of Predictable Numbers or Identifiers', + status: 'Incomplete', + }, + { + id: 'CWE-341', + name: 'Predictable from Observable State', + status: 'Draft', + }, + { + id: 'CWE-342', + name: 'Predictable Exact Value from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-343', + name: 'Predictable Value Range from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-344', + name: 'Use of Invariant Value in Dynamically Changing Context', + status: 'Draft', + }, + { + id: 'CWE-345', + name: 'Insufficient Verification of Data Authenticity', + status: 'Draft', + }, + { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, + { + id: 'CWE-347', + name: 'Improper Verification of Cryptographic Signature', + status: 'Draft', + }, + { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, + { + id: 'CWE-349', + name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', + status: 'Draft', + }, + { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, + { + id: 'CWE-350', + name: 'Reliance on Reverse DNS Resolution for a Security-Critical Action', + status: 'Draft', + }, + { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, + { + id: 'CWE-352', + name: 'Cross-Site Request Forgery (CSRF)', + status: 'Stable', + }, + { + id: 'CWE-353', + name: 'Missing Support for Integrity Check', + status: 'Draft', + }, + { + id: 'CWE-354', + name: 'Improper Validation of Integrity Check Value', + status: 'Draft', + }, + { + id: 'CWE-356', + name: 'Product UI does not Warn User of Unsafe Actions', + status: 'Incomplete', + }, + { + id: 'CWE-357', + name: 'Insufficient UI Warning of Dangerous Operations', + status: 'Draft', + }, + { + id: 'CWE-358', + name: 'Improperly Implemented Security Check for Standard', + status: 'Draft', + }, + { + id: 'CWE-359', + name: 'Exposure of Private Personal Information to an Unauthorized Actor', + status: 'Incomplete', + }, + { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, + { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, + { + id: 'CWE-362', + name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", + status: 'Draft', + }, + { + id: 'CWE-363', + name: 'Race Condition Enabling Link Following', + status: 'Draft', + }, + { + id: 'CWE-364', + name: 'Signal Handler Race Condition', + status: 'Incomplete', + }, + { + id: 'CWE-365', + name: 'DEPRECATED: Race Condition in Switch', + status: 'Deprecated', + }, + { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, + { + id: 'CWE-367', + name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', + status: 'Incomplete', + }, + { + id: 'CWE-368', + name: 'Context Switching Race Condition', + status: 'Draft', + }, + { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, + { + id: 'CWE-37', + name: "Path Traversal: '/absolute/pathname/here'", + status: 'Draft', + }, + { + id: 'CWE-370', + name: 'Missing Check for Certificate Revocation after Initial Check', + status: 'Draft', + }, + { + id: 'CWE-372', + name: 'Incomplete Internal State Distinction', + status: 'Draft', + }, + { + id: 'CWE-373', + name: 'DEPRECATED: State Synchronization Error', + status: 'Deprecated', + }, + { + id: 'CWE-374', + name: 'Passing Mutable Objects to an Untrusted Method', + status: 'Draft', + }, + { + id: 'CWE-375', + name: 'Returning a Mutable Object to an Untrusted Caller', + status: 'Draft', + }, + { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, + { + id: 'CWE-378', + name: 'Creation of Temporary File With Insecure Permissions', + status: 'Draft', + }, + { + id: 'CWE-379', + name: 'Creation of Temporary File in Directory with Insecure Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-38', + name: "Path Traversal: '\\absolute\\pathname\\here'", + status: 'Draft', + }, + { + id: 'CWE-382', + name: 'J2EE Bad Practices: Use of System.exit()', + status: 'Draft', + }, + { + id: 'CWE-383', + name: 'J2EE Bad Practices: Direct Use of Threads', + status: 'Draft', + }, + { id: 'CWE-384', name: 'Session Fixation', status: 'Incomplete' }, + { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, + { + id: 'CWE-386', + name: 'Symbolic Name not Mapping to Correct Object', + status: 'Draft', + }, + { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, + { + id: 'CWE-390', + name: 'Detection of Error Condition Without Action', + status: 'Draft', + }, + { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, + { + id: 'CWE-392', + name: 'Missing Report of Error Condition', + status: 'Draft', + }, + { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, + { + id: 'CWE-394', + name: 'Unexpected Status Code or Return Value', + status: 'Draft', + }, + { + id: 'CWE-395', + name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', + status: 'Draft', + }, + { + id: 'CWE-396', + name: 'Declaration of Catch for Generic Exception', + status: 'Draft', + }, + { + id: 'CWE-397', + name: 'Declaration of Throws for Generic Exception', + status: 'Draft', + }, + { + id: 'CWE-40', + name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", + status: 'Draft', + }, + { + id: 'CWE-400', + name: 'Uncontrolled Resource Consumption', + status: 'Draft', + }, + { + id: 'CWE-401', + name: 'Missing Release of Memory after Effective Lifetime', + status: 'Draft', + }, + { + id: 'CWE-402', + name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", + status: 'Draft', + }, + { + id: 'CWE-403', + name: "Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')", + status: 'Draft', + }, + { + id: 'CWE-404', + name: 'Improper Resource Shutdown or Release', + status: 'Draft', + }, + { + id: 'CWE-405', + name: 'Asymmetric Resource Consumption (Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-406', + name: 'Insufficient Control of Network Message Volume (Network Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-407', + name: 'Inefficient Algorithmic Complexity', + status: 'Incomplete', + }, + { + id: 'CWE-408', + name: 'Incorrect Behavior Order: Early Amplification', + status: 'Draft', + }, + { + id: 'CWE-409', + name: 'Improper Handling of Highly Compressed Data (Data Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-41', + name: 'Improper Resolution of Path Equivalence', + status: 'Incomplete', + }, + { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, + { + id: 'CWE-412', + name: 'Unrestricted Externally Accessible Lock', + status: 'Incomplete', + }, + { id: 'CWE-413', name: 'Improper Resource Locking', status: 'Draft' }, + { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, + { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, + { id: 'CWE-416', name: 'Use After Free', status: 'Stable' }, + { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, + { + id: 'CWE-42', + name: "Path Equivalence: 'filename.' (Trailing Dot)", + status: 'Incomplete', + }, + { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, + { + id: 'CWE-421', + name: 'Race Condition During Access to Alternate Channel', + status: 'Draft', + }, + { + id: 'CWE-422', + name: "Unprotected Windows Messaging Channel ('Shatter')", + status: 'Draft', + }, + { + id: 'CWE-423', + name: 'DEPRECATED: Proxied Trusted Channel', + status: 'Deprecated', + }, + { + id: 'CWE-424', + name: 'Improper Protection of Alternate Path', + status: 'Draft', + }, + { + id: 'CWE-425', + name: "Direct Request ('Forced Browsing')", + status: 'Incomplete', + }, + { id: 'CWE-426', name: 'Untrusted Search Path', status: 'Stable' }, + { + id: 'CWE-427', + name: 'Uncontrolled Search Path Element', + status: 'Draft', + }, + { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, + { + id: 'CWE-43', + name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-430', + name: 'Deployment of Wrong Handler', + status: 'Incomplete', + }, + { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, + { + id: 'CWE-432', + name: 'Dangerous Signal Handler not Disabled During Sensitive Operations', + status: 'Draft', + }, + { + id: 'CWE-433', + name: 'Unparsed Raw Web Content Delivery', + status: 'Incomplete', + }, + { + id: 'CWE-434', + name: 'Unrestricted Upload of File with Dangerous Type', + status: 'Draft', + }, + { + id: 'CWE-435', + name: 'Improper Interaction Between Multiple Correctly-Behaving Entities', + status: 'Draft', + }, + { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, + { + id: 'CWE-437', + name: 'Incomplete Model of Endpoint Features', + status: 'Incomplete', + }, + { + id: 'CWE-439', + name: 'Behavioral Change in New Version or Environment', + status: 'Draft', + }, + { + id: 'CWE-44', + name: "Path Equivalence: 'file.name' (Internal Dot)", + status: 'Incomplete', + }, + { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, + { + id: 'CWE-441', + name: "Unintended Proxy or Intermediary ('Confused Deputy')", + status: 'Draft', + }, + { + id: 'CWE-443', + name: 'DEPRECATED: HTTP response splitting', + status: 'Deprecated', + }, + { + id: 'CWE-444', + name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", + status: 'Incomplete', + }, + { + id: 'CWE-446', + name: 'UI Discrepancy for Security Feature', + status: 'Incomplete', + }, + { + id: 'CWE-447', + name: 'Unimplemented or Unsupported Feature in UI', + status: 'Draft', + }, + { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, + { + id: 'CWE-449', + name: 'The UI Performs the Wrong Action', + status: 'Incomplete', + }, + { + id: 'CWE-45', + name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-450', + name: 'Multiple Interpretations of UI Input', + status: 'Draft', + }, + { + id: 'CWE-451', + name: 'User Interface (UI) Misrepresentation of Critical Information', + status: 'Draft', + }, + { + id: 'CWE-453', + name: 'Insecure Default Variable Initialization', + status: 'Draft', + }, + { + id: 'CWE-454', + name: 'External Initialization of Trusted Variables or Data Stores', + status: 'Draft', + }, + { + id: 'CWE-455', + name: 'Non-exit on Failed Initialization', + status: 'Draft', + }, + { + id: 'CWE-456', + name: 'Missing Initialization of a Variable', + status: 'Draft', + }, + { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, + { + id: 'CWE-458', + name: 'DEPRECATED: Incorrect Initialization', + status: 'Deprecated', + }, + { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, + { + id: 'CWE-46', + name: "Path Equivalence: 'filename ' (Trailing Space)", + status: 'Incomplete', + }, + { + id: 'CWE-460', + name: 'Improper Cleanup on Thrown Exception', + status: 'Draft', + }, + { + id: 'CWE-462', + name: 'Duplicate Key in Associative List (Alist)', + status: 'Incomplete', + }, + { + id: 'CWE-463', + name: 'Deletion of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-464', + name: 'Addition of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-466', + name: 'Return of Pointer Value Outside of Expected Range', + status: 'Draft', + }, + { + id: 'CWE-467', + name: 'Use of sizeof() on a Pointer Type', + status: 'Draft', + }, + { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, + { + id: 'CWE-469', + name: 'Use of Pointer Subtraction to Determine Size', + status: 'Draft', + }, + { + id: 'CWE-47', + name: "Path Equivalence: ' filename' (Leading Space)", + status: 'Incomplete', + }, + { + id: 'CWE-470', + name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", + status: 'Draft', + }, + { + id: 'CWE-471', + name: 'Modification of Assumed-Immutable Data (MAID)', + status: 'Draft', + }, + { + id: 'CWE-472', + name: 'External Control of Assumed-Immutable Web Parameter', + status: 'Draft', + }, + { + id: 'CWE-473', + name: 'PHP External Variable Modification', + status: 'Draft', + }, + { + id: 'CWE-474', + name: 'Use of Function with Inconsistent Implementations', + status: 'Draft', + }, + { + id: 'CWE-475', + name: 'Undefined Behavior for Input to API', + status: 'Incomplete', + }, + { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Stable' }, + { id: 'CWE-477', name: 'Use of Obsolete Function', status: 'Draft' }, + { + id: 'CWE-478', + name: 'Missing Default Case in Multiple Condition Expression', + status: 'Draft', + }, + { + id: 'CWE-479', + name: 'Signal Handler Use of a Non-reentrant Function', + status: 'Draft', + }, + { + id: 'CWE-48', + name: "Path Equivalence: 'file name' (Internal Whitespace)", + status: 'Incomplete', + }, + { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, + { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, + { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, + { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, + { + id: 'CWE-484', + name: 'Omitted Break Statement in Switch', + status: 'Draft', + }, + { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, + { + id: 'CWE-487', + name: 'Reliance on Package-level Scope', + status: 'Incomplete', + }, + { + id: 'CWE-488', + name: 'Exposure of Data Element to Wrong Session', + status: 'Draft', + }, + { id: 'CWE-489', name: 'Active Debug Code', status: 'Draft' }, + { + id: 'CWE-49', + name: "Path Equivalence: 'filename/' (Trailing Slash)", + status: 'Incomplete', + }, + { + id: 'CWE-491', + name: "Public cloneable() Method Without Final ('Object Hijack')", + status: 'Draft', + }, + { + id: 'CWE-492', + name: 'Use of Inner Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-493', + name: 'Critical Public Variable Without Final Modifier', + status: 'Draft', + }, + { + id: 'CWE-494', + name: 'Download of Code Without Integrity Check', + status: 'Draft', + }, + { + id: 'CWE-495', + name: 'Private Data Structure Returned From A Public Method', + status: 'Draft', + }, + { + id: 'CWE-496', + name: 'Public Data Assigned to Private Array-Typed Field', + status: 'Incomplete', + }, + { + id: 'CWE-497', + name: 'Exposure of Sensitive System Information to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-498', + name: 'Cloneable Class Containing Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-499', + name: 'Serializable Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-5', + name: 'J2EE Misconfiguration: Data Transmission Without Encryption', + status: 'Draft', + }, + { + id: 'CWE-50', + name: "Path Equivalence: '//multiple/leading/slash'", + status: 'Incomplete', + }, + { + id: 'CWE-500', + name: 'Public Static Field Not Marked Final', + status: 'Draft', + }, + { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, + { + id: 'CWE-502', + name: 'Deserialization of Untrusted Data', + status: 'Draft', + }, + { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, + { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, + { + id: 'CWE-508', + name: 'Non-Replicating Malicious Code', + status: 'Incomplete', + }, + { + id: 'CWE-509', + name: 'Replicating Malicious Code (Virus or Worm)', + status: 'Incomplete', + }, + { + id: 'CWE-51', + name: "Path Equivalence: '/multiple//internal/slash'", + status: 'Incomplete', + }, + { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, + { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, + { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, + { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, + { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, + { + id: 'CWE-516', + name: 'DEPRECATED: Covert Timing Channel', + status: 'Deprecated', + }, + { + id: 'CWE-52', + name: "Path Equivalence: '/multiple/trailing/slash//'", + status: 'Incomplete', + }, + { + id: 'CWE-520', + name: '.NET Misconfiguration: Use of Impersonation', + status: 'Incomplete', + }, + { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, + { + id: 'CWE-522', + name: 'Insufficiently Protected Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-523', + name: 'Unprotected Transport of Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-524', + name: 'Use of Cache Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-525', + name: 'Use of Web Browser Cache Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-526', + name: 'Cleartext Storage of Sensitive Information in an Environment Variable', + status: 'Incomplete', + }, + { + id: 'CWE-527', + name: 'Exposure of Version-Control Repository to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-528', + name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', + status: 'Draft', + }, + { + id: 'CWE-529', + name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-53', + name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", + status: 'Incomplete', + }, + { + id: 'CWE-530', + name: 'Exposure of Backup File to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-531', + name: 'Inclusion of Sensitive Information in Test Code', + status: 'Incomplete', + }, + { + id: 'CWE-532', + name: 'Insertion of Sensitive Information into Log File', + status: 'Incomplete', + }, + { + id: 'CWE-533', + name: 'DEPRECATED: Information Exposure Through Server Log Files', + status: 'Deprecated', + }, + { + id: 'CWE-534', + name: 'DEPRECATED: Information Exposure Through Debug Log Files', + status: 'Deprecated', + }, + { + id: 'CWE-535', + name: 'Exposure of Information Through Shell Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-536', + name: 'Servlet Runtime Error Message Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-537', + name: 'Java Runtime Error Message Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-538', + name: 'Insertion of Sensitive Information into Externally-Accessible File or Directory', + status: 'Draft', + }, + { + id: 'CWE-539', + name: 'Use of Persistent Cookies Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-54', + name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", + status: 'Incomplete', + }, + { + id: 'CWE-540', + name: 'Inclusion of Sensitive Information in Source Code', + status: 'Incomplete', + }, + { + id: 'CWE-541', + name: 'Inclusion of Sensitive Information in an Include File', + status: 'Incomplete', + }, + { + id: 'CWE-542', + name: 'DEPRECATED: Information Exposure Through Cleanup Log Files', + status: 'Deprecated', + }, + { + id: 'CWE-543', + name: 'Use of Singleton Pattern Without Synchronization in a Multithreaded Context', + status: 'Incomplete', + }, + { + id: 'CWE-544', + name: 'Missing Standardized Error Handling Mechanism', + status: 'Draft', + }, + { + id: 'CWE-545', + name: 'DEPRECATED: Use of Dynamic Class Loading', + status: 'Deprecated', + }, + { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, + { + id: 'CWE-547', + name: 'Use of Hard-coded, Security-relevant Constants', + status: 'Draft', + }, + { + id: 'CWE-548', + name: 'Exposure of Information Through Directory Listing', + status: 'Draft', + }, + { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, + { + id: 'CWE-55', + name: "Path Equivalence: '/./' (Single Dot Directory)", + status: 'Incomplete', + }, + { + id: 'CWE-550', + name: 'Server-generated Error Message Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-551', + name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', + status: 'Incomplete', + }, + { + id: 'CWE-552', + name: 'Files or Directories Accessible to External Parties', + status: 'Draft', + }, + { + id: 'CWE-553', + name: 'Command Shell in Externally Accessible Directory', + status: 'Incomplete', + }, + { + id: 'CWE-554', + name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', + status: 'Draft', + }, + { + id: 'CWE-555', + name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-556', + name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', + status: 'Incomplete', + }, + { + id: 'CWE-558', + name: 'Use of getlogin() in Multithreaded Application', + status: 'Draft', + }, + { + id: 'CWE-56', + name: "Path Equivalence: 'filedir*' (Wildcard)", + status: 'Incomplete', + }, + { + id: 'CWE-560', + name: 'Use of umask() with chmod-style Argument', + status: 'Draft', + }, + { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, + { + id: 'CWE-562', + name: 'Return of Stack Variable Address', + status: 'Draft', + }, + { + id: 'CWE-563', + name: 'Assignment to Variable without Use', + status: 'Draft', + }, + { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, + { + id: 'CWE-565', + name: 'Reliance on Cookies without Validation and Integrity Checking', + status: 'Incomplete', + }, + { + id: 'CWE-566', + name: 'Authorization Bypass Through User-Controlled SQL Primary Key', + status: 'Incomplete', + }, + { + id: 'CWE-567', + name: 'Unsynchronized Access to Shared Data in a Multithreaded Context', + status: 'Draft', + }, + { + id: 'CWE-568', + name: 'finalize() Method Without super.finalize()', + status: 'Draft', + }, + { + id: 'CWE-57', + name: "Path Equivalence: 'fakedir/../realdir/filename'", + status: 'Incomplete', + }, + { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, + { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, + { + id: 'CWE-572', + name: 'Call to Thread run() instead of start()', + status: 'Draft', + }, + { + id: 'CWE-573', + name: 'Improper Following of Specification by Caller', + status: 'Draft', + }, + { + id: 'CWE-574', + name: 'EJB Bad Practices: Use of Synchronization Primitives', + status: 'Draft', + }, + { + id: 'CWE-575', + name: 'EJB Bad Practices: Use of AWT Swing', + status: 'Draft', + }, + { + id: 'CWE-576', + name: 'EJB Bad Practices: Use of Java I/O', + status: 'Draft', + }, + { + id: 'CWE-577', + name: 'EJB Bad Practices: Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-578', + name: 'EJB Bad Practices: Use of Class Loader', + status: 'Draft', + }, + { + id: 'CWE-579', + name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', + status: 'Draft', + }, + { + id: 'CWE-58', + name: 'Path Equivalence: Windows 8.3 Filename', + status: 'Incomplete', + }, + { + id: 'CWE-580', + name: 'clone() Method Without super.clone()', + status: 'Draft', + }, + { + id: 'CWE-581', + name: 'Object Model Violation: Just One of Equals and Hashcode Defined', + status: 'Draft', + }, + { + id: 'CWE-582', + name: 'Array Declared Public, Final, and Static', + status: 'Draft', + }, + { + id: 'CWE-583', + name: 'finalize() Method Declared Public', + status: 'Incomplete', + }, + { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, + { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, + { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, + { + id: 'CWE-587', + name: 'Assignment of a Fixed Address to a Pointer', + status: 'Draft', + }, + { + id: 'CWE-588', + name: 'Attempt to Access Child of a Non-structure Pointer', + status: 'Incomplete', + }, + { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, + { + id: 'CWE-59', + name: "Improper Link Resolution Before File Access ('Link Following')", + status: 'Draft', + }, + { + id: 'CWE-590', + name: 'Free of Memory not on the Heap', + status: 'Incomplete', + }, + { + id: 'CWE-591', + name: 'Sensitive Data Storage in Improperly Locked Memory', + status: 'Draft', + }, + { + id: 'CWE-592', + name: 'DEPRECATED: Authentication Bypass Issues', + status: 'Deprecated', + }, + { + id: 'CWE-593', + name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', + status: 'Draft', + }, + { + id: 'CWE-594', + name: 'J2EE Framework: Saving Unserializable Objects to Disk', + status: 'Incomplete', + }, + { + id: 'CWE-595', + name: 'Comparison of Object References Instead of Object Contents', + status: 'Incomplete', + }, + { + id: 'CWE-596', + name: 'DEPRECATED: Incorrect Semantic Object Comparison', + status: 'Deprecated', + }, + { + id: 'CWE-597', + name: 'Use of Wrong Operator in String Comparison', + status: 'Draft', + }, + { + id: 'CWE-598', + name: 'Use of GET Request Method With Sensitive Query Strings', + status: 'Draft', + }, + { + id: 'CWE-599', + name: 'Missing Validation of OpenSSL Certificate', + status: 'Incomplete', + }, + { + id: 'CWE-6', + name: 'J2EE Misconfiguration: Insufficient Session-ID Length', + status: 'Incomplete', + }, + { id: 'CWE-600', name: 'Uncaught Exception in Servlet ', status: 'Draft' }, + { + id: 'CWE-601', + name: "URL Redirection to Untrusted Site ('Open Redirect')", + status: 'Draft', + }, + { + id: 'CWE-602', + name: 'Client-Side Enforcement of Server-Side Security', + status: 'Draft', + }, + { + id: 'CWE-603', + name: 'Use of Client-Side Authentication', + status: 'Draft', + }, + { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, + { + id: 'CWE-606', + name: 'Unchecked Input for Loop Condition', + status: 'Draft', + }, + { + id: 'CWE-607', + name: 'Public Static Final Field References Mutable Object', + status: 'Draft', + }, + { + id: 'CWE-608', + name: 'Struts: Non-private Field in ActionForm Class', + status: 'Draft', + }, + { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, + { + id: 'CWE-61', + name: 'UNIX Symbolic Link (Symlink) Following', + status: 'Incomplete', + }, + { + id: 'CWE-610', + name: 'Externally Controlled Reference to a Resource in Another Sphere', + status: 'Draft', + }, + { + id: 'CWE-611', + name: 'Improper Restriction of XML External Entity Reference', + status: 'Draft', + }, + { + id: 'CWE-612', + name: 'Improper Authorization of Index Containing Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-613', + name: 'Insufficient Session Expiration', + status: 'Incomplete', + }, + { + id: 'CWE-614', + name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", + status: 'Draft', + }, + { + id: 'CWE-615', + name: 'Inclusion of Sensitive Information in Source Code Comments', + status: 'Incomplete', + }, + { + id: 'CWE-616', + name: 'Incomplete Identification of Uploaded File Variables (PHP)', + status: 'Incomplete', + }, + { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, + { + id: 'CWE-618', + name: 'Exposed Unsafe ActiveX Method', + status: 'Incomplete', + }, + { + id: 'CWE-619', + name: "Dangling Database Cursor ('Cursor Injection')", + status: 'Incomplete', + }, + { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, + { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, + { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, + { + id: 'CWE-622', + name: 'Improper Validation of Function Hook Arguments', + status: 'Draft', + }, + { + id: 'CWE-623', + name: 'Unsafe ActiveX Control Marked Safe For Scripting', + status: 'Draft', + }, + { + id: 'CWE-624', + name: 'Executable Regular Expression Error', + status: 'Incomplete', + }, + { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, + { + id: 'CWE-626', + name: 'Null Byte Interaction Error (Poison Null Byte)', + status: 'Draft', + }, + { + id: 'CWE-627', + name: 'Dynamic Variable Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-628', + name: 'Function Call with Incorrectly Specified Arguments', + status: 'Draft', + }, + { + id: 'CWE-636', + name: "Not Failing Securely ('Failing Open')", + status: 'Draft', + }, + { + id: 'CWE-637', + name: "Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')", + status: 'Draft', + }, + { id: 'CWE-638', name: 'Not Using Complete Mediation', status: 'Draft' }, + { + id: 'CWE-639', + name: 'Authorization Bypass Through User-Controlled Key', + status: 'Incomplete', + }, + { + id: 'CWE-64', + name: 'Windows Shortcut Following (.LNK)', + status: 'Incomplete', + }, + { + id: 'CWE-640', + name: 'Weak Password Recovery Mechanism for Forgotten Password', + status: 'Incomplete', + }, + { + id: 'CWE-641', + name: 'Improper Restriction of Names for Files and Other Resources', + status: 'Incomplete', + }, + { + id: 'CWE-642', + name: 'External Control of Critical State Data', + status: 'Draft', + }, + { + id: 'CWE-643', + name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-644', + name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', + status: 'Incomplete', + }, + { + id: 'CWE-645', + name: 'Overly Restrictive Account Lockout Mechanism', + status: 'Incomplete', + }, + { + id: 'CWE-646', + name: 'Reliance on File Name or Extension of Externally-Supplied File', + status: 'Incomplete', + }, + { + id: 'CWE-647', + name: 'Use of Non-Canonical URL Paths for Authorization Decisions', + status: 'Incomplete', + }, + { + id: 'CWE-648', + name: 'Incorrect Use of Privileged APIs', + status: 'Incomplete', + }, + { + id: 'CWE-649', + name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', + status: 'Incomplete', + }, + { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, + { + id: 'CWE-650', + name: 'Trusting HTTP Permission Methods on the Server Side', + status: 'Incomplete', + }, + { + id: 'CWE-651', + name: 'Exposure of WSDL File Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-652', + name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-653', + name: 'Improper Isolation or Compartmentalization', + status: 'Draft', + }, + { + id: 'CWE-654', + name: 'Reliance on a Single Factor in a Security Decision', + status: 'Draft', + }, + { + id: 'CWE-655', + name: 'Insufficient Psychological Acceptability', + status: 'Draft', + }, + { + id: 'CWE-656', + name: 'Reliance on Security Through Obscurity', + status: 'Draft', + }, + { + id: 'CWE-657', + name: 'Violation of Secure Design Principles', + status: 'Draft', + }, + { + id: 'CWE-66', + name: 'Improper Handling of File Names that Identify Virtual Resources', + status: 'Draft', + }, + { id: 'CWE-662', name: 'Improper Synchronization', status: 'Draft' }, + { + id: 'CWE-663', + name: 'Use of a Non-reentrant Function in a Concurrent Context', + status: 'Draft', + }, + { + id: 'CWE-664', + name: 'Improper Control of a Resource Through its Lifetime', + status: 'Draft', + }, + { id: 'CWE-665', name: 'Improper Initialization', status: 'Draft' }, + { + id: 'CWE-666', + name: 'Operation on Resource in Wrong Phase of Lifetime', + status: 'Draft', + }, + { id: 'CWE-667', name: 'Improper Locking', status: 'Draft' }, + { + id: 'CWE-668', + name: 'Exposure of Resource to Wrong Sphere', + status: 'Draft', + }, + { + id: 'CWE-669', + name: 'Incorrect Resource Transfer Between Spheres', + status: 'Draft', + }, + { + id: 'CWE-67', + name: 'Improper Handling of Windows Device Names', + status: 'Incomplete', + }, + { + id: 'CWE-670', + name: 'Always-Incorrect Control Flow Implementation', + status: 'Draft', + }, + { + id: 'CWE-671', + name: 'Lack of Administrator Control over Security', + status: 'Draft', + }, + { + id: 'CWE-672', + name: 'Operation on a Resource after Expiration or Release', + status: 'Draft', + }, + { + id: 'CWE-673', + name: 'External Influence of Sphere Definition', + status: 'Draft', + }, + { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, + { + id: 'CWE-675', + name: 'Multiple Operations on Resource in Single-Operation Context', + status: 'Draft', + }, + { + id: 'CWE-676', + name: 'Use of Potentially Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-680', + name: 'Integer Overflow to Buffer Overflow', + status: 'Draft', + }, + { + id: 'CWE-681', + name: 'Incorrect Conversion between Numeric Types', + status: 'Draft', + }, + { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, + { + id: 'CWE-683', + name: 'Function Call With Incorrect Order of Arguments', + status: 'Draft', + }, + { + id: 'CWE-684', + name: 'Incorrect Provision of Specified Functionality', + status: 'Draft', + }, + { + id: 'CWE-685', + name: 'Function Call With Incorrect Number of Arguments', + status: 'Draft', + }, + { + id: 'CWE-686', + name: 'Function Call With Incorrect Argument Type', + status: 'Draft', + }, + { + id: 'CWE-687', + name: 'Function Call With Incorrectly Specified Argument Value', + status: 'Draft', + }, + { + id: 'CWE-688', + name: 'Function Call With Incorrect Variable or Reference as Argument', + status: 'Draft', + }, + { + id: 'CWE-689', + name: 'Permission Race Condition During Resource Copy', + status: 'Draft', + }, + { + id: 'CWE-69', + name: 'Improper Handling of Windows ::DATA Alternate Data Stream', + status: 'Incomplete', + }, + { + id: 'CWE-690', + name: 'Unchecked Return Value to NULL Pointer Dereference', + status: 'Draft', + }, + { + id: 'CWE-691', + name: 'Insufficient Control Flow Management', + status: 'Draft', + }, + { + id: 'CWE-692', + name: 'Incomplete Denylist to Cross-Site Scripting', + status: 'Draft', + }, + { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, + { + id: 'CWE-694', + name: 'Use of Multiple Resources with Duplicate Identifier', + status: 'Incomplete', + }, + { + id: 'CWE-695', + name: 'Use of Low-Level Functionality', + status: 'Incomplete', + }, + { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, + { id: 'CWE-697', name: 'Incorrect Comparison', status: 'Incomplete' }, + { + id: 'CWE-698', + name: 'Execution After Redirect (EAR)', + status: 'Incomplete', + }, + { + id: 'CWE-7', + name: 'J2EE Misconfiguration: Missing Custom Error Page', + status: 'Incomplete', + }, + { + id: 'CWE-703', + name: 'Improper Check or Handling of Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-704', + name: 'Incorrect Type Conversion or Cast', + status: 'Incomplete', + }, + { + id: 'CWE-705', + name: 'Incorrect Control Flow Scoping', + status: 'Incomplete', + }, + { + id: 'CWE-706', + name: 'Use of Incorrectly-Resolved Name or Reference', + status: 'Incomplete', + }, + { id: 'CWE-707', name: 'Improper Neutralization', status: 'Incomplete' }, + { + id: 'CWE-708', + name: 'Incorrect Ownership Assignment', + status: 'Incomplete', + }, + { + id: 'CWE-71', + name: "DEPRECATED: Apple '.DS_Store'", + status: 'Deprecated', + }, + { + id: 'CWE-710', + name: 'Improper Adherence to Coding Standards', + status: 'Incomplete', + }, + { + id: 'CWE-72', + name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', + status: 'Incomplete', + }, + { + id: 'CWE-73', + name: 'External Control of File Name or Path', + status: 'Draft', + }, + { + id: 'CWE-732', + name: 'Incorrect Permission Assignment for Critical Resource', + status: 'Draft', + }, + { + id: 'CWE-733', + name: 'Compiler Optimization Removal or Modification of Security-critical Code', + status: 'Incomplete', + }, + { + id: 'CWE-74', + name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-749', + name: 'Exposed Dangerous Method or Function', + status: 'Incomplete', + }, + { + id: 'CWE-75', + name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', + status: 'Draft', + }, + { + id: 'CWE-754', + name: 'Improper Check for Unusual or Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-755', + name: 'Improper Handling of Exceptional Conditions', + status: 'Incomplete', + }, + { id: 'CWE-756', name: 'Missing Custom Error Page', status: 'Incomplete' }, + { + id: 'CWE-757', + name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", + status: 'Incomplete', + }, + { + id: 'CWE-758', + name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', + status: 'Incomplete', + }, + { + id: 'CWE-759', + name: 'Use of a One-Way Hash without a Salt', + status: 'Incomplete', + }, + { + id: 'CWE-76', + name: 'Improper Neutralization of Equivalent Special Elements', + status: 'Draft', + }, + { + id: 'CWE-760', + name: 'Use of a One-Way Hash with a Predictable Salt', + status: 'Incomplete', + }, + { + id: 'CWE-761', + name: 'Free of Pointer not at Start of Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-762', + name: 'Mismatched Memory Management Routines', + status: 'Incomplete', + }, + { + id: 'CWE-763', + name: 'Release of Invalid Pointer or Reference', + status: 'Incomplete', + }, + { + id: 'CWE-764', + name: 'Multiple Locks of a Critical Resource', + status: 'Incomplete', + }, + { + id: 'CWE-765', + name: 'Multiple Unlocks of a Critical Resource', + status: 'Incomplete', + }, + { + id: 'CWE-766', + name: 'Critical Data Element Declared Public', + status: 'Incomplete', + }, + { + id: 'CWE-767', + name: 'Access to Critical Private Variable via Public Method', + status: 'Incomplete', + }, + { + id: 'CWE-768', + name: 'Incorrect Short Circuit Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-769', + name: 'DEPRECATED: Uncontrolled File Descriptor Consumption', + status: 'Deprecated', + }, + { + id: 'CWE-77', + name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", + status: 'Draft', + }, + { + id: 'CWE-770', + name: 'Allocation of Resources Without Limits or Throttling', + status: 'Incomplete', + }, + { + id: 'CWE-771', + name: 'Missing Reference to Active Allocated Resource', + status: 'Incomplete', + }, + { + id: 'CWE-772', + name: 'Missing Release of Resource after Effective Lifetime', + status: 'Draft', + }, + { + id: 'CWE-773', + name: 'Missing Reference to Active File Descriptor or Handle', + status: 'Incomplete', + }, + { + id: 'CWE-774', + name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', + status: 'Incomplete', + }, + { + id: 'CWE-775', + name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-776', + name: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", + status: 'Draft', + }, + { + id: 'CWE-777', + name: 'Regular Expression without Anchors', + status: 'Incomplete', + }, + { id: 'CWE-778', name: 'Insufficient Logging', status: 'Draft' }, + { id: 'CWE-779', name: 'Logging of Excessive Data', status: 'Draft' }, + { + id: 'CWE-78', + name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", + status: 'Stable', + }, + { + id: 'CWE-780', + name: 'Use of RSA Algorithm without OAEP', + status: 'Incomplete', + }, + { + id: 'CWE-781', + name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', + status: 'Draft', + }, + { + id: 'CWE-782', + name: 'Exposed IOCTL with Insufficient Access Control', + status: 'Draft', + }, + { id: 'CWE-783', name: 'Operator Precedence Logic Error', status: 'Draft' }, + { + id: 'CWE-784', + name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', + status: 'Draft', + }, + { + id: 'CWE-785', + name: 'Use of Path Manipulation Function without Maximum-sized Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-786', + name: 'Access of Memory Location Before Start of Buffer', + status: 'Incomplete', + }, + { id: 'CWE-787', name: 'Out-of-bounds Write', status: 'Draft' }, + { + id: 'CWE-788', + name: 'Access of Memory Location After End of Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-789', + name: 'Memory Allocation with Excessive Size Value', + status: 'Draft', + }, + { + id: 'CWE-79', + name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + status: 'Stable', + }, + { + id: 'CWE-790', + name: 'Improper Filtering of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-791', + name: 'Incomplete Filtering of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-792', + name: 'Incomplete Filtering of One or More Instances of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-793', + name: 'Only Filtering One Instance of a Special Element', + status: 'Incomplete', + }, + { + id: 'CWE-794', + name: 'Incomplete Filtering of Multiple Instances of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-795', + name: 'Only Filtering Special Elements at a Specified Location', + status: 'Incomplete', + }, + { + id: 'CWE-796', + name: 'Only Filtering Special Elements Relative to a Marker', + status: 'Incomplete', + }, + { + id: 'CWE-797', + name: 'Only Filtering Special Elements at an Absolute Position', + status: 'Incomplete', + }, + { id: 'CWE-798', name: 'Use of Hard-coded Credentials', status: 'Draft' }, + { + id: 'CWE-799', + name: 'Improper Control of Interaction Frequency', + status: 'Incomplete', + }, + { + id: 'CWE-8', + name: 'J2EE Misconfiguration: Entity Bean Declared Remote', + status: 'Incomplete', + }, + { + id: 'CWE-80', + name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', + status: 'Incomplete', + }, + { id: 'CWE-804', name: 'Guessable CAPTCHA', status: 'Incomplete' }, + { + id: 'CWE-805', + name: 'Buffer Access with Incorrect Length Value', + status: 'Incomplete', + }, + { + id: 'CWE-806', + name: 'Buffer Access Using Size of Source Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-807', + name: 'Reliance on Untrusted Inputs in a Security Decision', + status: 'Incomplete', + }, + { + id: 'CWE-81', + name: 'Improper Neutralization of Script in an Error Message Web Page', + status: 'Incomplete', + }, + { + id: 'CWE-82', + name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', + status: 'Incomplete', + }, + { id: 'CWE-820', name: 'Missing Synchronization', status: 'Incomplete' }, + { id: 'CWE-821', name: 'Incorrect Synchronization', status: 'Incomplete' }, + { + id: 'CWE-822', + name: 'Untrusted Pointer Dereference', + status: 'Incomplete', + }, + { + id: 'CWE-823', + name: 'Use of Out-of-range Pointer Offset', + status: 'Incomplete', + }, + { + id: 'CWE-824', + name: 'Access of Uninitialized Pointer', + status: 'Incomplete', + }, + { + id: 'CWE-825', + name: 'Expired Pointer Dereference', + status: 'Incomplete', + }, + { + id: 'CWE-826', + name: 'Premature Release of Resource During Expected Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-827', + name: 'Improper Control of Document Type Definition', + status: 'Incomplete', + }, + { + id: 'CWE-828', + name: 'Signal Handler with Functionality that is not Asynchronous-Safe', + status: 'Incomplete', + }, + { + id: 'CWE-829', + name: 'Inclusion of Functionality from Untrusted Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-83', + name: 'Improper Neutralization of Script in Attributes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-830', + name: 'Inclusion of Web Functionality from an Untrusted Source', + status: 'Incomplete', + }, + { + id: 'CWE-831', + name: 'Signal Handler Function Associated with Multiple Signals', + status: 'Incomplete', + }, + { + id: 'CWE-832', + name: 'Unlock of a Resource that is not Locked', + status: 'Incomplete', + }, + { id: 'CWE-833', name: 'Deadlock', status: 'Incomplete' }, + { id: 'CWE-834', name: 'Excessive Iteration', status: 'Incomplete' }, + { + id: 'CWE-835', + name: "Loop with Unreachable Exit Condition ('Infinite Loop')", + status: 'Incomplete', + }, + { + id: 'CWE-836', + name: 'Use of Password Hash Instead of Password for Authentication', + status: 'Incomplete', + }, + { + id: 'CWE-837', + name: 'Improper Enforcement of a Single, Unique Action', + status: 'Incomplete', + }, + { + id: 'CWE-838', + name: 'Inappropriate Encoding for Output Context', + status: 'Incomplete', + }, + { + id: 'CWE-839', + name: 'Numeric Range Comparison Without Minimum Check', + status: 'Incomplete', + }, + { + id: 'CWE-84', + name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-841', + name: 'Improper Enforcement of Behavioral Workflow', + status: 'Incomplete', + }, + { + id: 'CWE-842', + name: 'Placement of User into Incorrect Group', + status: 'Incomplete', + }, + { + id: 'CWE-843', + name: "Access of Resource Using Incompatible Type ('Type Confusion')", + status: 'Incomplete', + }, + { + id: 'CWE-85', + name: 'Doubled Character XSS Manipulations', + status: 'Draft', + }, + { + id: 'CWE-86', + name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', + status: 'Draft', + }, + { id: 'CWE-862', name: 'Missing Authorization', status: 'Incomplete' }, + { id: 'CWE-863', name: 'Incorrect Authorization', status: 'Incomplete' }, + { + id: 'CWE-87', + name: 'Improper Neutralization of Alternate XSS Syntax', + status: 'Draft', + }, + { + id: 'CWE-88', + name: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", + status: 'Draft', + }, + { + id: 'CWE-89', + name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + status: 'Stable', + }, + { + id: 'CWE-9', + name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', + status: 'Draft', + }, + { + id: 'CWE-90', + name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", + status: 'Draft', + }, + { + id: 'CWE-908', + name: 'Use of Uninitialized Resource', + status: 'Incomplete', + }, + { + id: 'CWE-909', + name: 'Missing Initialization of Resource', + status: 'Incomplete', + }, + { + id: 'CWE-91', + name: 'XML Injection (aka Blind XPath Injection)', + status: 'Draft', + }, + { + id: 'CWE-910', + name: 'Use of Expired File Descriptor', + status: 'Incomplete', + }, + { + id: 'CWE-911', + name: 'Improper Update of Reference Count', + status: 'Incomplete', + }, + { id: 'CWE-912', name: 'Hidden Functionality', status: 'Incomplete' }, + { + id: 'CWE-913', + name: 'Improper Control of Dynamically-Managed Code Resources', + status: 'Incomplete', + }, + { + id: 'CWE-914', + name: 'Improper Control of Dynamically-Identified Variables', + status: 'Incomplete', + }, + { + id: 'CWE-915', + name: 'Improperly Controlled Modification of Dynamically-Determined Object Attributes', + status: 'Incomplete', + }, + { + id: 'CWE-916', + name: 'Use of Password Hash With Insufficient Computational Effort', + status: 'Incomplete', + }, + { + id: 'CWE-917', + name: "Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-918', + name: 'Server-Side Request Forgery (SSRF)', + status: 'Incomplete', + }, + { + id: 'CWE-92', + name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', + status: 'Deprecated', + }, + { + id: 'CWE-920', + name: 'Improper Restriction of Power Consumption', + status: 'Incomplete', + }, + { + id: 'CWE-921', + name: 'Storage of Sensitive Data in a Mechanism without Access Control', + status: 'Incomplete', + }, + { + id: 'CWE-922', + name: 'Insecure Storage of Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-923', + name: 'Improper Restriction of Communication Channel to Intended Endpoints', + status: 'Incomplete', + }, + { + id: 'CWE-924', + name: 'Improper Enforcement of Message Integrity During Transmission in a Communication Channel', + status: 'Incomplete', + }, + { + id: 'CWE-925', + name: 'Improper Verification of Intent by Broadcast Receiver', + status: 'Incomplete', + }, + { + id: 'CWE-926', + name: 'Improper Export of Android Application Components', + status: 'Incomplete', + }, + { + id: 'CWE-927', + name: 'Use of Implicit Intent for Sensitive Communication', + status: 'Incomplete', + }, + { + id: 'CWE-93', + name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", + status: 'Draft', + }, + { + id: 'CWE-939', + name: 'Improper Authorization in Handler for Custom URL Scheme', + status: 'Incomplete', + }, + { + id: 'CWE-94', + name: "Improper Control of Generation of Code ('Code Injection')", + status: 'Draft', + }, + { + id: 'CWE-940', + name: 'Improper Verification of Source of a Communication Channel', + status: 'Incomplete', + }, + { + id: 'CWE-941', + name: 'Incorrectly Specified Destination in a Communication Channel', + status: 'Incomplete', + }, + { + id: 'CWE-942', + name: 'Permissive Cross-domain Policy with Untrusted Domains', + status: 'Incomplete', + }, + { + id: 'CWE-943', + name: 'Improper Neutralization of Special Elements in Data Query Logic', + status: 'Incomplete', + }, + { + id: 'CWE-95', + name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-96', + name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", + status: 'Draft', + }, + { + id: 'CWE-97', + name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', + status: 'Draft', + }, + { + id: 'CWE-98', + name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", + status: 'Draft', + }, + { + id: 'CWE-99', + name: "Improper Control of Resource Identifiers ('Resource Injection')", + status: 'Draft', + }, + ], +} diff --git a/lib/cwec/4.11.js b/lib/cwec/4.11.js new file mode 100644 index 00000000..0f22e870 --- /dev/null +++ b/lib/cwec/4.11.js @@ -0,0 +1,4167 @@ +export default { + date: '2023-04-27', + weaknesses: [ + { + id: 'CWE-1004', + name: "Sensitive Cookie Without 'HttpOnly' Flag", + status: 'Incomplete', + }, + { + id: 'CWE-1007', + name: 'Insufficient Visual Distinction of Homoglyphs Presented to User', + status: 'Incomplete', + }, + { + id: 'CWE-102', + name: 'Struts: Duplicate Validation Forms', + status: 'Incomplete', + }, + { + id: 'CWE-1021', + name: 'Improper Restriction of Rendered UI Layers or Frames', + status: 'Incomplete', + }, + { + id: 'CWE-1022', + name: 'Use of Web Link to Untrusted Target with window.opener Access', + status: 'Incomplete', + }, + { + id: 'CWE-1023', + name: 'Incomplete Comparison with Missing Factors', + status: 'Incomplete', + }, + { + id: 'CWE-1024', + name: 'Comparison of Incompatible Types', + status: 'Incomplete', + }, + { + id: 'CWE-1025', + name: 'Comparison Using Wrong Factors', + status: 'Incomplete', + }, + { + id: 'CWE-103', + name: 'Struts: Incomplete validate() Method Definition', + status: 'Draft', + }, + { + id: 'CWE-1037', + name: 'Processor Optimization Removal or Modification of Security-critical Code', + status: 'Incomplete', + }, + { + id: 'CWE-1038', + name: 'Insecure Automated Optimizations', + status: 'Draft', + }, + { + id: 'CWE-1039', + name: 'Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations', + status: 'Incomplete', + }, + { + id: 'CWE-104', + name: 'Struts: Form Bean Does Not Extend Validation Class', + status: 'Draft', + }, + { id: 'CWE-1041', name: 'Use of Redundant Code', status: 'Incomplete' }, + { + id: 'CWE-1042', + name: 'Static Member Data Element outside of a Singleton Class Element', + status: 'Incomplete', + }, + { + id: 'CWE-1043', + name: 'Data Element Aggregating an Excessively Large Number of Non-Primitive Elements', + status: 'Incomplete', + }, + { + id: 'CWE-1044', + name: 'Architecture with Number of Horizontal Layers Outside of Expected Range', + status: 'Incomplete', + }, + { + id: 'CWE-1045', + name: 'Parent Class with a Virtual Destructor and a Child Class without a Virtual Destructor', + status: 'Incomplete', + }, + { + id: 'CWE-1046', + name: 'Creation of Immutable Text Using String Concatenation', + status: 'Incomplete', + }, + { + id: 'CWE-1047', + name: 'Modules with Circular Dependencies', + status: 'Incomplete', + }, + { + id: 'CWE-1048', + name: 'Invokable Control Element with Large Number of Outward Calls', + status: 'Incomplete', + }, + { + id: 'CWE-1049', + name: 'Excessive Data Query Operations in a Large Data Table', + status: 'Incomplete', + }, + { + id: 'CWE-105', + name: 'Struts: Form Field Without Validator', + status: 'Draft', + }, + { + id: 'CWE-1050', + name: 'Excessive Platform Resource Consumption within a Loop', + status: 'Incomplete', + }, + { + id: 'CWE-1051', + name: 'Initialization with Hard-Coded Network Resource Configuration Data', + status: 'Incomplete', + }, + { + id: 'CWE-1052', + name: 'Excessive Use of Hard-Coded Literals in Initialization', + status: 'Incomplete', + }, + { + id: 'CWE-1053', + name: 'Missing Documentation for Design', + status: 'Incomplete', + }, + { + id: 'CWE-1054', + name: 'Invocation of a Control Element at an Unnecessarily Deep Horizontal Layer', + status: 'Incomplete', + }, + { + id: 'CWE-1055', + name: 'Multiple Inheritance from Concrete Classes', + status: 'Incomplete', + }, + { + id: 'CWE-1056', + name: 'Invokable Control Element with Variadic Parameters', + status: 'Incomplete', + }, + { + id: 'CWE-1057', + name: 'Data Access Operations Outside of Expected Data Manager Component', + status: 'Incomplete', + }, + { + id: 'CWE-1058', + name: 'Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element', + status: 'Incomplete', + }, + { + id: 'CWE-1059', + name: 'Insufficient Technical Documentation', + status: 'Incomplete', + }, + { + id: 'CWE-106', + name: 'Struts: Plug-in Framework not in Use', + status: 'Draft', + }, + { + id: 'CWE-1060', + name: 'Excessive Number of Inefficient Server-Side Data Accesses', + status: 'Incomplete', + }, + { + id: 'CWE-1061', + name: 'Insufficient Encapsulation', + status: 'Incomplete', + }, + { + id: 'CWE-1062', + name: 'Parent Class with References to Child Class', + status: 'Incomplete', + }, + { + id: 'CWE-1063', + name: 'Creation of Class Instance within a Static Code Block', + status: 'Incomplete', + }, + { + id: 'CWE-1064', + name: 'Invokable Control Element with Signature Containing an Excessive Number of Parameters', + status: 'Incomplete', + }, + { + id: 'CWE-1065', + name: 'Runtime Resource Management Control Element in a Component Built to Run on Application Servers', + status: 'Incomplete', + }, + { + id: 'CWE-1066', + name: 'Missing Serialization Control Element', + status: 'Incomplete', + }, + { + id: 'CWE-1067', + name: 'Excessive Execution of Sequential Searches of Data Resource', + status: 'Incomplete', + }, + { + id: 'CWE-1068', + name: 'Inconsistency Between Implementation and Documented Design', + status: 'Incomplete', + }, + { id: 'CWE-1069', name: 'Empty Exception Block', status: 'Incomplete' }, + { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, + { + id: 'CWE-1070', + name: 'Serializable Data Element Containing non-Serializable Item Elements', + status: 'Incomplete', + }, + { id: 'CWE-1071', name: 'Empty Code Block', status: 'Incomplete' }, + { + id: 'CWE-1072', + name: 'Data Resource Access without Use of Connection Pooling', + status: 'Incomplete', + }, + { + id: 'CWE-1073', + name: 'Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses', + status: 'Incomplete', + }, + { + id: 'CWE-1074', + name: 'Class with Excessively Deep Inheritance', + status: 'Incomplete', + }, + { + id: 'CWE-1075', + name: 'Unconditional Control Flow Transfer outside of Switch Block', + status: 'Incomplete', + }, + { + id: 'CWE-1076', + name: 'Insufficient Adherence to Expected Conventions', + status: 'Incomplete', + }, + { + id: 'CWE-1077', + name: 'Floating Point Comparison with Incorrect Operator', + status: 'Incomplete', + }, + { + id: 'CWE-1078', + name: 'Inappropriate Source Code Style or Formatting', + status: 'Incomplete', + }, + { + id: 'CWE-1079', + name: 'Parent Class without Virtual Destructor Method', + status: 'Incomplete', + }, + { + id: 'CWE-108', + name: 'Struts: Unvalidated Action Form', + status: 'Incomplete', + }, + { + id: 'CWE-1080', + name: 'Source Code File with Excessive Number of Lines of Code', + status: 'Incomplete', + }, + { + id: 'CWE-1082', + name: 'Class Instance Self Destruction Control Element', + status: 'Incomplete', + }, + { + id: 'CWE-1083', + name: 'Data Access from Outside Expected Data Manager Component', + status: 'Incomplete', + }, + { + id: 'CWE-1084', + name: 'Invokable Control Element with Excessive File or Data Access Operations', + status: 'Incomplete', + }, + { + id: 'CWE-1085', + name: 'Invokable Control Element with Excessive Volume of Commented-out Code', + status: 'Incomplete', + }, + { + id: 'CWE-1086', + name: 'Class with Excessive Number of Child Classes', + status: 'Incomplete', + }, + { + id: 'CWE-1087', + name: 'Class with Virtual Method without a Virtual Destructor', + status: 'Incomplete', + }, + { + id: 'CWE-1088', + name: 'Synchronous Access of Remote Resource without Timeout', + status: 'Incomplete', + }, + { + id: 'CWE-1089', + name: 'Large Data Table with Excessive Number of Indices', + status: 'Incomplete', + }, + { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, + { + id: 'CWE-1090', + name: 'Method Containing Access of a Member Element from Another Class', + status: 'Incomplete', + }, + { + id: 'CWE-1091', + name: 'Use of Object without Invoking Destructor Method', + status: 'Incomplete', + }, + { + id: 'CWE-1092', + name: 'Use of Same Invokable Control Element in Multiple Architectural Layers', + status: 'Incomplete', + }, + { + id: 'CWE-1093', + name: 'Excessively Complex Data Representation', + status: 'Incomplete', + }, + { + id: 'CWE-1094', + name: 'Excessive Index Range Scan for a Data Resource', + status: 'Incomplete', + }, + { + id: 'CWE-1095', + name: 'Loop Condition Value Update within the Loop', + status: 'Incomplete', + }, + { + id: 'CWE-1096', + name: 'Singleton Class Instance Creation without Proper Locking or Synchronization', + status: 'Incomplete', + }, + { + id: 'CWE-1097', + name: 'Persistent Storable Data Element without Associated Comparison Control Element', + status: 'Incomplete', + }, + { + id: 'CWE-1098', + name: 'Data Element containing Pointer Item without Proper Copy Control Element', + status: 'Incomplete', + }, + { + id: 'CWE-1099', + name: 'Inconsistent Naming Conventions for Identifiers', + status: 'Incomplete', + }, + { + id: 'CWE-11', + name: 'ASP.NET Misconfiguration: Creating Debug Binary', + status: 'Draft', + }, + { + id: 'CWE-110', + name: 'Struts: Validator Without Form Field', + status: 'Draft', + }, + { + id: 'CWE-1100', + name: 'Insufficient Isolation of System-Dependent Functions', + status: 'Incomplete', + }, + { + id: 'CWE-1101', + name: 'Reliance on Runtime Component in Generated Code', + status: 'Incomplete', + }, + { + id: 'CWE-1102', + name: 'Reliance on Machine-Dependent Data Representation', + status: 'Incomplete', + }, + { + id: 'CWE-1103', + name: 'Use of Platform-Dependent Third Party Components', + status: 'Incomplete', + }, + { + id: 'CWE-1104', + name: 'Use of Unmaintained Third Party Components', + status: 'Incomplete', + }, + { + id: 'CWE-1105', + name: 'Insufficient Encapsulation of Machine-Dependent Functionality', + status: 'Incomplete', + }, + { + id: 'CWE-1106', + name: 'Insufficient Use of Symbolic Constants', + status: 'Incomplete', + }, + { + id: 'CWE-1107', + name: 'Insufficient Isolation of Symbolic Constant Definitions', + status: 'Incomplete', + }, + { + id: 'CWE-1108', + name: 'Excessive Reliance on Global Variables', + status: 'Incomplete', + }, + { + id: 'CWE-1109', + name: 'Use of Same Variable for Multiple Purposes', + status: 'Incomplete', + }, + { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, + { + id: 'CWE-1110', + name: 'Incomplete Design Documentation', + status: 'Incomplete', + }, + { + id: 'CWE-1111', + name: 'Incomplete I/O Documentation', + status: 'Incomplete', + }, + { + id: 'CWE-1112', + name: 'Incomplete Documentation of Program Execution', + status: 'Incomplete', + }, + { + id: 'CWE-1113', + name: 'Inappropriate Comment Style', + status: 'Incomplete', + }, + { + id: 'CWE-1114', + name: 'Inappropriate Whitespace Style', + status: 'Incomplete', + }, + { + id: 'CWE-1115', + name: 'Source Code Element without Standard Prologue', + status: 'Incomplete', + }, + { id: 'CWE-1116', name: 'Inaccurate Comments', status: 'Incomplete' }, + { + id: 'CWE-1117', + name: 'Callable with Insufficient Behavioral Summary', + status: 'Incomplete', + }, + { + id: 'CWE-1118', + name: 'Insufficient Documentation of Error Handling Techniques', + status: 'Incomplete', + }, + { + id: 'CWE-1119', + name: 'Excessive Use of Unconditional Branching', + status: 'Incomplete', + }, + { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, + { id: 'CWE-1120', name: 'Excessive Code Complexity', status: 'Incomplete' }, + { + id: 'CWE-1121', + name: 'Excessive McCabe Cyclomatic Complexity', + status: 'Incomplete', + }, + { + id: 'CWE-1122', + name: 'Excessive Halstead Complexity', + status: 'Incomplete', + }, + { + id: 'CWE-1123', + name: 'Excessive Use of Self-Modifying Code', + status: 'Incomplete', + }, + { id: 'CWE-1124', name: 'Excessively Deep Nesting', status: 'Incomplete' }, + { id: 'CWE-1125', name: 'Excessive Attack Surface', status: 'Incomplete' }, + { + id: 'CWE-1126', + name: 'Declaration of Variable with Unnecessarily Wide Scope', + status: 'Incomplete', + }, + { + id: 'CWE-1127', + name: 'Compilation with Insufficient Warnings or Errors', + status: 'Incomplete', + }, + { + id: 'CWE-113', + name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')", + status: 'Incomplete', + }, + { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, + { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, + { + id: 'CWE-116', + name: 'Improper Encoding or Escaping of Output', + status: 'Draft', + }, + { id: 'CWE-1164', name: 'Irrelevant Code', status: 'Incomplete' }, + { + id: 'CWE-117', + name: 'Improper Output Neutralization for Logs', + status: 'Draft', + }, + { + id: 'CWE-1173', + name: 'Improper Use of Validation Framework', + status: 'Draft', + }, + { + id: 'CWE-1174', + name: 'ASP.NET Misconfiguration: Improper Model Validation', + status: 'Draft', + }, + { + id: 'CWE-1176', + name: 'Inefficient CPU Computation', + status: 'Incomplete', + }, + { id: 'CWE-1177', name: 'Use of Prohibited Code', status: 'Incomplete' }, + { + id: 'CWE-118', + name: "Incorrect Access of Indexable Resource ('Range Error')", + status: 'Incomplete', + }, + { + id: 'CWE-1187', + name: 'DEPRECATED: Use of Uninitialized Resource', + status: 'Deprecated', + }, + { + id: 'CWE-1188', + name: 'Insecure Default Initialization of Resource', + status: 'Incomplete', + }, + { + id: 'CWE-1189', + name: 'Improper Isolation of Shared Resources on System-on-a-Chip (SoC)', + status: 'Stable', + }, + { + id: 'CWE-119', + name: 'Improper Restriction of Operations within the Bounds of a Memory Buffer', + status: 'Stable', + }, + { + id: 'CWE-1190', + name: 'DMA Device Enabled Too Early in Boot Phase', + status: 'Draft', + }, + { + id: 'CWE-1191', + name: 'On-Chip Debug and Test Interface With Improper Access Control', + status: 'Stable', + }, + { + id: 'CWE-1192', + name: 'System-on-Chip (SoC) Using Components without Unique, Immutable Identifiers', + status: 'Draft', + }, + { + id: 'CWE-1193', + name: 'Power-On of Untrusted Execution Core Before Enabling Fabric Access Control', + status: 'Draft', + }, + { + id: 'CWE-12', + name: 'ASP.NET Misconfiguration: Missing Custom Error Page', + status: 'Draft', + }, + { + id: 'CWE-120', + name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", + status: 'Incomplete', + }, + { + id: 'CWE-1204', + name: 'Generation of Weak Initialization Vector (IV)', + status: 'Incomplete', + }, + { + id: 'CWE-1209', + name: 'Failure to Disable Reserved Bits', + status: 'Incomplete', + }, + { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, + { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, + { + id: 'CWE-1220', + name: 'Insufficient Granularity of Access Control', + status: 'Incomplete', + }, + { + id: 'CWE-1221', + name: 'Incorrect Register Defaults or Module Parameters', + status: 'Incomplete', + }, + { + id: 'CWE-1222', + name: 'Insufficient Granularity of Address Regions Protected by Register Locks', + status: 'Incomplete', + }, + { + id: 'CWE-1223', + name: 'Race Condition for Write-Once Attributes', + status: 'Incomplete', + }, + { + id: 'CWE-1224', + name: 'Improper Restriction of Write-Once Bit Fields', + status: 'Incomplete', + }, + { + id: 'CWE-1229', + name: 'Creation of Emergent Resource', + status: 'Incomplete', + }, + { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, + { + id: 'CWE-1230', + name: 'Exposure of Sensitive Information Through Metadata', + status: 'Incomplete', + }, + { + id: 'CWE-1231', + name: 'Improper Prevention of Lock Bit Modification', + status: 'Stable', + }, + { + id: 'CWE-1232', + name: 'Improper Lock Behavior After Power State Transition', + status: 'Incomplete', + }, + { + id: 'CWE-1233', + name: 'Security-Sensitive Hardware Controls with Missing Lock Bit Protection', + status: 'Stable', + }, + { + id: 'CWE-1234', + name: 'Hardware Internal or Debug Modes Allow Override of Locks', + status: 'Incomplete', + }, + { + id: 'CWE-1235', + name: 'Incorrect Use of Autoboxing and Unboxing for Performance Critical Operations', + status: 'Incomplete', + }, + { + id: 'CWE-1236', + name: 'Improper Neutralization of Formula Elements in a CSV File', + status: 'Incomplete', + }, + { + id: 'CWE-1239', + name: 'Improper Zeroization of Hardware Register', + status: 'Draft', + }, + { + id: 'CWE-124', + name: "Buffer Underwrite ('Buffer Underflow')", + status: 'Incomplete', + }, + { + id: 'CWE-1240', + name: 'Use of a Cryptographic Primitive with a Risky Implementation', + status: 'Draft', + }, + { + id: 'CWE-1241', + name: 'Use of Predictable Algorithm in Random Number Generator', + status: 'Draft', + }, + { + id: 'CWE-1242', + name: 'Inclusion of Undocumented Features or Chicken Bits', + status: 'Incomplete', + }, + { + id: 'CWE-1243', + name: 'Sensitive Non-Volatile Information Not Protected During Debug', + status: 'Incomplete', + }, + { + id: 'CWE-1244', + name: 'Internal Asset Exposed to Unsafe Debug Access Level or State', + status: 'Stable', + }, + { + id: 'CWE-1245', + name: 'Improper Finite State Machines (FSMs) in Hardware Logic', + status: 'Incomplete', + }, + { + id: 'CWE-1246', + name: 'Improper Write Handling in Limited-write Non-Volatile Memories', + status: 'Incomplete', + }, + { + id: 'CWE-1247', + name: 'Improper Protection Against Voltage and Clock Glitches', + status: 'Stable', + }, + { + id: 'CWE-1248', + name: 'Semiconductor Defects in Hardware Logic with Security-Sensitive Implications', + status: 'Incomplete', + }, + { + id: 'CWE-1249', + name: 'Application-Level Admin Tool with Inconsistent View of Underlying Operating System', + status: 'Incomplete', + }, + { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, + { + id: 'CWE-1250', + name: 'Improper Preservation of Consistency Between Independent Representations of Shared State', + status: 'Incomplete', + }, + { + id: 'CWE-1251', + name: 'Mirrored Regions with Different Values', + status: 'Incomplete', + }, + { + id: 'CWE-1252', + name: 'CPU Hardware Not Configured to Support Exclusivity of Write and Execute Operations', + status: 'Incomplete', + }, + { + id: 'CWE-1253', + name: 'Incorrect Selection of Fuse Values', + status: 'Draft', + }, + { + id: 'CWE-1254', + name: 'Incorrect Comparison Logic Granularity', + status: 'Draft', + }, + { + id: 'CWE-1255', + name: 'Comparison Logic is Vulnerable to Power Side-Channel Attacks', + status: 'Draft', + }, + { + id: 'CWE-1256', + name: 'Improper Restriction of Software Interfaces to Hardware Features', + status: 'Stable', + }, + { + id: 'CWE-1257', + name: 'Improper Access Control Applied to Mirrored or Aliased Memory Regions', + status: 'Incomplete', + }, + { + id: 'CWE-1258', + name: 'Exposure of Sensitive System Information Due to Uncleared Debug Information', + status: 'Draft', + }, + { + id: 'CWE-1259', + name: 'Improper Restriction of Security Token Assignment', + status: 'Incomplete', + }, + { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, + { + id: 'CWE-1260', + name: 'Improper Handling of Overlap Between Protected Memory Ranges', + status: 'Stable', + }, + { + id: 'CWE-1261', + name: 'Improper Handling of Single Event Upsets', + status: 'Draft', + }, + { + id: 'CWE-1262', + name: 'Improper Access Control for Register Interface', + status: 'Stable', + }, + { + id: 'CWE-1263', + name: 'Improper Physical Access Control', + status: 'Incomplete', + }, + { + id: 'CWE-1264', + name: 'Hardware Logic with Insecure De-Synchronization between Control and Data Channels', + status: 'Incomplete', + }, + { + id: 'CWE-1265', + name: 'Unintended Reentrant Invocation of Non-reentrant Code Via Nested Calls', + status: 'Draft', + }, + { + id: 'CWE-1266', + name: 'Improper Scrubbing of Sensitive Data from Decommissioned Device', + status: 'Incomplete', + }, + { id: 'CWE-1267', name: 'Policy Uses Obsolete Encoding', status: 'Draft' }, + { + id: 'CWE-1268', + name: 'Policy Privileges are not Assigned Consistently Between Control and Data Agents', + status: 'Draft', + }, + { + id: 'CWE-1269', + name: 'Product Released in Non-Release Configuration', + status: 'Incomplete', + }, + { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, + { + id: 'CWE-1270', + name: 'Generation of Incorrect Security Tokens', + status: 'Incomplete', + }, + { + id: 'CWE-1271', + name: 'Uninitialized Value on Reset for Registers Holding Security Settings', + status: 'Incomplete', + }, + { + id: 'CWE-1272', + name: 'Sensitive Information Uncleared Before Debug/Power State Transition', + status: 'Stable', + }, + { + id: 'CWE-1273', + name: 'Device Unlock Credential Sharing', + status: 'Incomplete', + }, + { + id: 'CWE-1274', + name: 'Improper Access Control for Volatile Memory Containing Boot Code', + status: 'Stable', + }, + { + id: 'CWE-1275', + name: 'Sensitive Cookie with Improper SameSite Attribute', + status: 'Incomplete', + }, + { + id: 'CWE-1276', + name: 'Hardware Child Block Incorrectly Connected to Parent System', + status: 'Incomplete', + }, + { id: 'CWE-1277', name: 'Firmware Not Updateable', status: 'Draft' }, + { + id: 'CWE-1278', + name: 'Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques', + status: 'Incomplete', + }, + { + id: 'CWE-1279', + name: 'Cryptographic Operations are run Before Supporting Units are Ready', + status: 'Incomplete', + }, + { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, + { + id: 'CWE-1280', + name: 'Access Control Check Implemented After Asset is Accessed', + status: 'Incomplete', + }, + { + id: 'CWE-1281', + name: 'Sequence of Processor Instructions Leads to Unexpected Behavior', + status: 'Incomplete', + }, + { + id: 'CWE-1282', + name: 'Assumed-Immutable Data is Stored in Writable Memory', + status: 'Incomplete', + }, + { + id: 'CWE-1283', + name: 'Mutable Attestation or Measurement Reporting Data', + status: 'Incomplete', + }, + { + id: 'CWE-1284', + name: 'Improper Validation of Specified Quantity in Input', + status: 'Incomplete', + }, + { + id: 'CWE-1285', + name: 'Improper Validation of Specified Index, Position, or Offset in Input', + status: 'Incomplete', + }, + { + id: 'CWE-1286', + name: 'Improper Validation of Syntactic Correctness of Input', + status: 'Incomplete', + }, + { + id: 'CWE-1287', + name: 'Improper Validation of Specified Type of Input', + status: 'Incomplete', + }, + { + id: 'CWE-1288', + name: 'Improper Validation of Consistency within Input', + status: 'Incomplete', + }, + { + id: 'CWE-1289', + name: 'Improper Validation of Unsafe Equivalence in Input', + status: 'Incomplete', + }, + { + id: 'CWE-129', + name: 'Improper Validation of Array Index', + status: 'Draft', + }, + { + id: 'CWE-1290', + name: 'Incorrect Decoding of Security Identifiers ', + status: 'Incomplete', + }, + { + id: 'CWE-1291', + name: 'Public Key Re-Use for Signing both Debug and Production Code', + status: 'Draft', + }, + { + id: 'CWE-1292', + name: 'Incorrect Conversion of Security Identifiers', + status: 'Draft', + }, + { + id: 'CWE-1293', + name: 'Missing Source Correlation of Multiple Independent Data', + status: 'Draft', + }, + { + id: 'CWE-1294', + name: 'Insecure Security Identifier Mechanism', + status: 'Incomplete', + }, + { + id: 'CWE-1295', + name: 'Debug Messages Revealing Unnecessary Information', + status: 'Incomplete', + }, + { + id: 'CWE-1296', + name: 'Incorrect Chaining or Granularity of Debug Components', + status: 'Incomplete', + }, + { + id: 'CWE-1297', + name: 'Unprotected Confidential Information on Device is Accessible by OSAT Vendors', + status: 'Incomplete', + }, + { + id: 'CWE-1298', + name: 'Hardware Logic Contains Race Conditions', + status: 'Draft', + }, + { + id: 'CWE-1299', + name: 'Missing Protection Mechanism for Alternate Hardware Interface', + status: 'Draft', + }, + { + id: 'CWE-13', + name: 'ASP.NET Misconfiguration: Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-130', + name: 'Improper Handling of Length Parameter Inconsistency', + status: 'Incomplete', + }, + { + id: 'CWE-1300', + name: 'Improper Protection of Physical Side Channels', + status: 'Stable', + }, + { + id: 'CWE-1301', + name: 'Insufficient or Incomplete Data Removal within Hardware Component', + status: 'Incomplete', + }, + { + id: 'CWE-1302', + name: 'Missing Security Identifier', + status: 'Incomplete', + }, + { + id: 'CWE-1303', + name: 'Non-Transparent Sharing of Microarchitectural Resources', + status: 'Draft', + }, + { + id: 'CWE-1304', + name: 'Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation', + status: 'Draft', + }, + { + id: 'CWE-131', + name: 'Incorrect Calculation of Buffer Size', + status: 'Draft', + }, + { + id: 'CWE-1310', + name: 'Missing Ability to Patch ROM Code', + status: 'Draft', + }, + { + id: 'CWE-1311', + name: 'Improper Translation of Security Attributes by Fabric Bridge', + status: 'Draft', + }, + { + id: 'CWE-1312', + name: 'Missing Protection for Mirrored Regions in On-Chip Fabric Firewall', + status: 'Draft', + }, + { + id: 'CWE-1313', + name: 'Hardware Allows Activation of Test or Debug Logic at Runtime', + status: 'Draft', + }, + { + id: 'CWE-1314', + name: 'Missing Write Protection for Parametric Data Values', + status: 'Draft', + }, + { + id: 'CWE-1315', + name: 'Improper Setting of Bus Controlling Capability in Fabric End-point', + status: 'Incomplete', + }, + { + id: 'CWE-1316', + name: 'Fabric-Address Map Allows Programming of Unwarranted Overlaps of Protected and Unprotected Ranges', + status: 'Draft', + }, + { + id: 'CWE-1317', + name: 'Improper Access Control in Fabric Bridge', + status: 'Draft', + }, + { + id: 'CWE-1318', + name: 'Missing Support for Security Features in On-chip Fabrics or Buses', + status: 'Incomplete', + }, + { + id: 'CWE-1319', + name: 'Improper Protection against Electromagnetic Fault Injection (EM-FI)', + status: 'Incomplete', + }, + { + id: 'CWE-132', + name: 'DEPRECATED: Miscalculated Null Termination', + status: 'Deprecated', + }, + { + id: 'CWE-1320', + name: 'Improper Protection for Outbound Error Messages and Alert Signals', + status: 'Draft', + }, + { + id: 'CWE-1321', + name: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", + status: 'Incomplete', + }, + { + id: 'CWE-1322', + name: 'Use of Blocking Code in Single-threaded, Non-blocking Context', + status: 'Incomplete', + }, + { + id: 'CWE-1323', + name: 'Improper Management of Sensitive Trace Data', + status: 'Draft', + }, + { + id: 'CWE-1324', + name: 'DEPRECATED: Sensitive Information Accessible by Physical Probing of JTAG Interface', + status: 'Deprecated', + }, + { + id: 'CWE-1325', + name: 'Improperly Controlled Sequential Memory Allocation', + status: 'Incomplete', + }, + { + id: 'CWE-1326', + name: 'Missing Immutable Root of Trust in Hardware', + status: 'Draft', + }, + { + id: 'CWE-1327', + name: 'Binding to an Unrestricted IP Address', + status: 'Incomplete', + }, + { + id: 'CWE-1328', + name: 'Security Version Number Mutable to Older Versions', + status: 'Draft', + }, + { + id: 'CWE-1329', + name: 'Reliance on Component That is Not Updateable', + status: 'Incomplete', + }, + { + id: 'CWE-1330', + name: 'Remanent Data Readable after Memory Erase', + status: 'Draft', + }, + { + id: 'CWE-1331', + name: 'Improper Isolation of Shared Resources in Network On Chip (NoC)', + status: 'Stable', + }, + { + id: 'CWE-1332', + name: 'Improper Handling of Faults that Lead to Instruction Skips', + status: 'Stable', + }, + { + id: 'CWE-1333', + name: 'Inefficient Regular Expression Complexity', + status: 'Draft', + }, + { + id: 'CWE-1334', + name: 'Unauthorized Error Injection Can Degrade Hardware Redundancy', + status: 'Draft', + }, + { + id: 'CWE-1335', + name: 'Incorrect Bitwise Shift of Integer', + status: 'Draft', + }, + { + id: 'CWE-1336', + name: 'Improper Neutralization of Special Elements Used in a Template Engine', + status: 'Incomplete', + }, + { + id: 'CWE-1338', + name: 'Improper Protections Against Hardware Overheating', + status: 'Draft', + }, + { + id: 'CWE-1339', + name: 'Insufficient Precision or Accuracy of a Real Number', + status: 'Draft', + }, + { + id: 'CWE-134', + name: 'Use of Externally-Controlled Format String', + status: 'Draft', + }, + { + id: 'CWE-1341', + name: 'Multiple Releases of Same Resource or Handle', + status: 'Incomplete', + }, + { + id: 'CWE-1342', + name: 'Information Exposure through Microarchitectural State after Transient Execution', + status: 'Incomplete', + }, + { + id: 'CWE-135', + name: 'Incorrect Calculation of Multi-Byte String Length', + status: 'Draft', + }, + { + id: 'CWE-1351', + name: 'Improper Handling of Hardware Behavior in Exceptionally Cold Environments', + status: 'Incomplete', + }, + { + id: 'CWE-1357', + name: 'Reliance on Insufficiently Trustworthy Component', + status: 'Incomplete', + }, + { + id: 'CWE-138', + name: 'Improper Neutralization of Special Elements', + status: 'Draft', + }, + { + id: 'CWE-1384', + name: 'Improper Handling of Physical or Environmental Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-1385', + name: 'Missing Origin Validation in WebSockets', + status: 'Incomplete', + }, + { + id: 'CWE-1386', + name: 'Insecure Operation on Windows Junction / Mount Point', + status: 'Incomplete', + }, + { + id: 'CWE-1389', + name: 'Incorrect Parsing of Numbers with Different Radices', + status: 'Incomplete', + }, + { id: 'CWE-1390', name: 'Weak Authentication', status: 'Incomplete' }, + { id: 'CWE-1391', name: 'Use of Weak Credentials', status: 'Incomplete' }, + { + id: 'CWE-1392', + name: 'Use of Default Credentials', + status: 'Incomplete', + }, + { id: 'CWE-1393', name: 'Use of Default Password', status: 'Incomplete' }, + { + id: 'CWE-1394', + name: 'Use of Default Cryptographic Key', + status: 'Incomplete', + }, + { + id: 'CWE-1395', + name: 'Dependency on Vulnerable Third-Party Component', + status: 'Incomplete', + }, + { + id: 'CWE-14', + name: 'Compiler Removal of Code to Clear Buffers', + status: 'Draft', + }, + { + id: 'CWE-140', + name: 'Improper Neutralization of Delimiters', + status: 'Draft', + }, + { + id: 'CWE-141', + name: 'Improper Neutralization of Parameter/Argument Delimiters', + status: 'Draft', + }, + { + id: 'CWE-142', + name: 'Improper Neutralization of Value Delimiters', + status: 'Draft', + }, + { + id: 'CWE-143', + name: 'Improper Neutralization of Record Delimiters', + status: 'Draft', + }, + { + id: 'CWE-144', + name: 'Improper Neutralization of Line Delimiters', + status: 'Draft', + }, + { + id: 'CWE-145', + name: 'Improper Neutralization of Section Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-146', + name: 'Improper Neutralization of Expression/Command Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-147', + name: 'Improper Neutralization of Input Terminators', + status: 'Draft', + }, + { + id: 'CWE-148', + name: 'Improper Neutralization of Input Leaders', + status: 'Draft', + }, + { + id: 'CWE-149', + name: 'Improper Neutralization of Quoting Syntax', + status: 'Draft', + }, + { + id: 'CWE-15', + name: 'External Control of System or Configuration Setting', + status: 'Incomplete', + }, + { + id: 'CWE-150', + name: 'Improper Neutralization of Escape, Meta, or Control Sequences', + status: 'Incomplete', + }, + { + id: 'CWE-151', + name: 'Improper Neutralization of Comment Delimiters', + status: 'Draft', + }, + { + id: 'CWE-152', + name: 'Improper Neutralization of Macro Symbols', + status: 'Draft', + }, + { + id: 'CWE-153', + name: 'Improper Neutralization of Substitution Characters', + status: 'Draft', + }, + { + id: 'CWE-154', + name: 'Improper Neutralization of Variable Name Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-155', + name: 'Improper Neutralization of Wildcards or Matching Symbols', + status: 'Draft', + }, + { + id: 'CWE-156', + name: 'Improper Neutralization of Whitespace', + status: 'Draft', + }, + { + id: 'CWE-157', + name: 'Failure to Sanitize Paired Delimiters', + status: 'Draft', + }, + { + id: 'CWE-158', + name: 'Improper Neutralization of Null Byte or NUL Character', + status: 'Incomplete', + }, + { + id: 'CWE-159', + name: 'Improper Handling of Invalid Use of Special Elements', + status: 'Draft', + }, + { + id: 'CWE-160', + name: 'Improper Neutralization of Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-161', + name: 'Improper Neutralization of Multiple Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-162', + name: 'Improper Neutralization of Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-163', + name: 'Improper Neutralization of Multiple Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-164', + name: 'Improper Neutralization of Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-165', + name: 'Improper Neutralization of Multiple Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-166', + name: 'Improper Handling of Missing Special Element', + status: 'Draft', + }, + { + id: 'CWE-167', + name: 'Improper Handling of Additional Special Element', + status: 'Draft', + }, + { + id: 'CWE-168', + name: 'Improper Handling of Inconsistent Special Elements', + status: 'Draft', + }, + { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, + { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, + { + id: 'CWE-173', + name: 'Improper Handling of Alternate Encoding', + status: 'Draft', + }, + { + id: 'CWE-174', + name: 'Double Decoding of the Same Data', + status: 'Draft', + }, + { + id: 'CWE-175', + name: 'Improper Handling of Mixed Encoding', + status: 'Draft', + }, + { + id: 'CWE-176', + name: 'Improper Handling of Unicode Encoding', + status: 'Draft', + }, + { + id: 'CWE-177', + name: 'Improper Handling of URL Encoding (Hex Encoding)', + status: 'Draft', + }, + { + id: 'CWE-178', + name: 'Improper Handling of Case Sensitivity', + status: 'Incomplete', + }, + { + id: 'CWE-179', + name: 'Incorrect Behavior Order: Early Validation', + status: 'Incomplete', + }, + { + id: 'CWE-180', + name: 'Incorrect Behavior Order: Validate Before Canonicalize', + status: 'Draft', + }, + { + id: 'CWE-181', + name: 'Incorrect Behavior Order: Validate Before Filter', + status: 'Draft', + }, + { + id: 'CWE-182', + name: 'Collapse of Data into Unsafe Value', + status: 'Draft', + }, + { + id: 'CWE-183', + name: 'Permissive List of Allowed Inputs', + status: 'Draft', + }, + { + id: 'CWE-184', + name: 'Incomplete List of Disallowed Inputs', + status: 'Draft', + }, + { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, + { + id: 'CWE-186', + name: 'Overly Restrictive Regular Expression', + status: 'Draft', + }, + { id: 'CWE-187', name: 'Partial String Comparison', status: 'Incomplete' }, + { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, + { id: 'CWE-190', name: 'Integer Overflow or Wraparound', status: 'Stable' }, + { + id: 'CWE-191', + name: 'Integer Underflow (Wrap or Wraparound)', + status: 'Draft', + }, + { id: 'CWE-192', name: 'Integer Coercion Error', status: 'Incomplete' }, + { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, + { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, + { + id: 'CWE-195', + name: 'Signed to Unsigned Conversion Error', + status: 'Draft', + }, + { + id: 'CWE-196', + name: 'Unsigned to Signed Conversion Error', + status: 'Draft', + }, + { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, + { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, + { id: 'CWE-20', name: 'Improper Input Validation', status: 'Stable' }, + { + id: 'CWE-200', + name: 'Exposure of Sensitive Information to an Unauthorized Actor', + status: 'Draft', + }, + { + id: 'CWE-201', + name: 'Insertion of Sensitive Information Into Sent Data', + status: 'Draft', + }, + { + id: 'CWE-202', + name: 'Exposure of Sensitive Information Through Data Queries', + status: 'Draft', + }, + { id: 'CWE-203', name: 'Observable Discrepancy', status: 'Incomplete' }, + { + id: 'CWE-204', + name: 'Observable Response Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-205', + name: 'Observable Behavioral Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-206', + name: 'Observable Internal Behavioral Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-207', + name: 'Observable Behavioral Discrepancy With Equivalent Products', + status: 'Draft', + }, + { + id: 'CWE-208', + name: 'Observable Timing Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-209', + name: 'Generation of Error Message Containing Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-210', + name: 'Self-generated Error Message Containing Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-211', + name: 'Externally-Generated Error Message Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-212', + name: 'Improper Removal of Sensitive Information Before Storage or Transfer', + status: 'Incomplete', + }, + { + id: 'CWE-213', + name: 'Exposure of Sensitive Information Due to Incompatible Policies', + status: 'Draft', + }, + { + id: 'CWE-214', + name: 'Invocation of Process Using Visible Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-215', + name: 'Insertion of Sensitive Information Into Debugging Code', + status: 'Draft', + }, + { + id: 'CWE-216', + name: 'DEPRECATED: Containment Errors (Container Errors)', + status: 'Deprecated', + }, + { + id: 'CWE-217', + name: 'DEPRECATED: Failure to Protect Stored Data from Modification', + status: 'Deprecated', + }, + { + id: 'CWE-218', + name: 'DEPRECATED: Failure to provide confidentiality for stored data', + status: 'Deprecated', + }, + { + id: 'CWE-219', + name: 'Storage of File with Sensitive Data Under Web Root', + status: 'Draft', + }, + { + id: 'CWE-22', + name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + status: 'Stable', + }, + { + id: 'CWE-220', + name: 'Storage of File With Sensitive Data Under FTP Root', + status: 'Draft', + }, + { + id: 'CWE-221', + name: 'Information Loss or Omission', + status: 'Incomplete', + }, + { + id: 'CWE-222', + name: 'Truncation of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-223', + name: 'Omission of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-224', + name: 'Obscured Security-relevant Information by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-225', + name: 'DEPRECATED: General Information Management Problems', + status: 'Deprecated', + }, + { + id: 'CWE-226', + name: 'Sensitive Information in Resource Not Removed Before Reuse', + status: 'Draft', + }, + { + id: 'CWE-228', + name: 'Improper Handling of Syntactically Invalid Structure', + status: 'Incomplete', + }, + { + id: 'CWE-229', + name: 'Improper Handling of Values', + status: 'Incomplete', + }, + { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, + { + id: 'CWE-230', + name: 'Improper Handling of Missing Values', + status: 'Draft', + }, + { + id: 'CWE-231', + name: 'Improper Handling of Extra Values', + status: 'Draft', + }, + { + id: 'CWE-232', + name: 'Improper Handling of Undefined Values', + status: 'Draft', + }, + { + id: 'CWE-233', + name: 'Improper Handling of Parameters', + status: 'Incomplete', + }, + { + id: 'CWE-234', + name: 'Failure to Handle Missing Parameter', + status: 'Incomplete', + }, + { + id: 'CWE-235', + name: 'Improper Handling of Extra Parameters', + status: 'Draft', + }, + { + id: 'CWE-236', + name: 'Improper Handling of Undefined Parameters', + status: 'Draft', + }, + { + id: 'CWE-237', + name: 'Improper Handling of Structural Elements', + status: 'Incomplete', + }, + { + id: 'CWE-238', + name: 'Improper Handling of Incomplete Structural Elements', + status: 'Draft', + }, + { + id: 'CWE-239', + name: 'Failure to Handle Incomplete Element', + status: 'Draft', + }, + { + id: 'CWE-24', + name: "Path Traversal: '../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-240', + name: 'Improper Handling of Inconsistent Structural Elements', + status: 'Draft', + }, + { + id: 'CWE-241', + name: 'Improper Handling of Unexpected Data Type', + status: 'Draft', + }, + { + id: 'CWE-242', + name: 'Use of Inherently Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-243', + name: 'Creation of chroot Jail Without Changing Working Directory', + status: 'Draft', + }, + { + id: 'CWE-244', + name: "Improper Clearing of Heap Memory Before Release ('Heap Inspection')", + status: 'Draft', + }, + { + id: 'CWE-245', + name: 'J2EE Bad Practices: Direct Management of Connections', + status: 'Draft', + }, + { + id: 'CWE-246', + name: 'J2EE Bad Practices: Direct Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-247', + name: 'DEPRECATED: Reliance on DNS Lookups in a Security Decision', + status: 'Deprecated', + }, + { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, + { + id: 'CWE-249', + name: 'DEPRECATED: Often Misused: Path Manipulation', + status: 'Deprecated', + }, + { + id: 'CWE-25', + name: "Path Traversal: '/../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-250', + name: 'Execution with Unnecessary Privileges', + status: 'Draft', + }, + { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, + { + id: 'CWE-253', + name: 'Incorrect Check of Function Return Value', + status: 'Incomplete', + }, + { + id: 'CWE-256', + name: 'Plaintext Storage of a Password', + status: 'Incomplete', + }, + { + id: 'CWE-257', + name: 'Storing Passwords in a Recoverable Format', + status: 'Incomplete', + }, + { + id: 'CWE-258', + name: 'Empty Password in Configuration File', + status: 'Incomplete', + }, + { id: 'CWE-259', name: 'Use of Hard-coded Password', status: 'Draft' }, + { + id: 'CWE-26', + name: "Path Traversal: '/dir/../filename'", + status: 'Draft', + }, + { + id: 'CWE-260', + name: 'Password in Configuration File', + status: 'Incomplete', + }, + { id: 'CWE-261', name: 'Weak Encoding for Password', status: 'Incomplete' }, + { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, + { + id: 'CWE-263', + name: 'Password Aging with Long Expiration', + status: 'Draft', + }, + { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, + { + id: 'CWE-267', + name: 'Privilege Defined With Unsafe Actions', + status: 'Incomplete', + }, + { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, + { id: 'CWE-269', name: 'Improper Privilege Management', status: 'Draft' }, + { + id: 'CWE-27', + name: "Path Traversal: 'dir/../../filename'", + status: 'Draft', + }, + { + id: 'CWE-270', + name: 'Privilege Context Switching Error', + status: 'Draft', + }, + { + id: 'CWE-271', + name: 'Privilege Dropping / Lowering Errors', + status: 'Incomplete', + }, + { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, + { + id: 'CWE-273', + name: 'Improper Check for Dropped Privileges', + status: 'Incomplete', + }, + { + id: 'CWE-274', + name: 'Improper Handling of Insufficient Privileges', + status: 'Draft', + }, + { id: 'CWE-276', name: 'Incorrect Default Permissions', status: 'Draft' }, + { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, + { + id: 'CWE-278', + name: 'Insecure Preserved Inherited Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-279', + name: 'Incorrect Execution-Assigned Permissions', + status: 'Draft', + }, + { + id: 'CWE-28', + name: "Path Traversal: '..\\filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-280', + name: 'Improper Handling of Insufficient Permissions or Privileges ', + status: 'Draft', + }, + { + id: 'CWE-281', + name: 'Improper Preservation of Permissions', + status: 'Draft', + }, + { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, + { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, + { id: 'CWE-284', name: 'Improper Access Control', status: 'Incomplete' }, + { id: 'CWE-285', name: 'Improper Authorization', status: 'Draft' }, + { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, + { id: 'CWE-287', name: 'Improper Authentication', status: 'Draft' }, + { + id: 'CWE-288', + name: 'Authentication Bypass Using an Alternate Path or Channel', + status: 'Incomplete', + }, + { + id: 'CWE-289', + name: 'Authentication Bypass by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-29', + name: "Path Traversal: '\\..\\filename'", + status: 'Incomplete', + }, + { + id: 'CWE-290', + name: 'Authentication Bypass by Spoofing', + status: 'Incomplete', + }, + { + id: 'CWE-291', + name: 'Reliance on IP Address for Authentication', + status: 'Incomplete', + }, + { + id: 'CWE-292', + name: 'DEPRECATED: Trusting Self-reported DNS Name', + status: 'Deprecated', + }, + { + id: 'CWE-293', + name: 'Using Referer Field for Authentication', + status: 'Draft', + }, + { + id: 'CWE-294', + name: 'Authentication Bypass by Capture-replay', + status: 'Incomplete', + }, + { id: 'CWE-295', name: 'Improper Certificate Validation', status: 'Draft' }, + { + id: 'CWE-296', + name: "Improper Following of a Certificate's Chain of Trust", + status: 'Draft', + }, + { + id: 'CWE-297', + name: 'Improper Validation of Certificate with Host Mismatch', + status: 'Incomplete', + }, + { + id: 'CWE-298', + name: 'Improper Validation of Certificate Expiration', + status: 'Draft', + }, + { + id: 'CWE-299', + name: 'Improper Check for Certificate Revocation', + status: 'Draft', + }, + { + id: 'CWE-30', + name: "Path Traversal: '\\dir\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-300', + name: 'Channel Accessible by Non-Endpoint', + status: 'Draft', + }, + { + id: 'CWE-301', + name: 'Reflection Attack in an Authentication Protocol', + status: 'Draft', + }, + { + id: 'CWE-302', + name: 'Authentication Bypass by Assumed-Immutable Data', + status: 'Incomplete', + }, + { + id: 'CWE-303', + name: 'Incorrect Implementation of Authentication Algorithm', + status: 'Draft', + }, + { + id: 'CWE-304', + name: 'Missing Critical Step in Authentication', + status: 'Draft', + }, + { + id: 'CWE-305', + name: 'Authentication Bypass by Primary Weakness', + status: 'Draft', + }, + { + id: 'CWE-306', + name: 'Missing Authentication for Critical Function', + status: 'Draft', + }, + { + id: 'CWE-307', + name: 'Improper Restriction of Excessive Authentication Attempts', + status: 'Draft', + }, + { + id: 'CWE-308', + name: 'Use of Single-factor Authentication', + status: 'Draft', + }, + { + id: 'CWE-309', + name: 'Use of Password System for Primary Authentication', + status: 'Draft', + }, + { + id: 'CWE-31', + name: "Path Traversal: 'dir\\..\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-311', + name: 'Missing Encryption of Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-312', + name: 'Cleartext Storage of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-313', + name: 'Cleartext Storage in a File or on Disk', + status: 'Draft', + }, + { + id: 'CWE-314', + name: 'Cleartext Storage in the Registry', + status: 'Draft', + }, + { + id: 'CWE-315', + name: 'Cleartext Storage of Sensitive Information in a Cookie', + status: 'Draft', + }, + { + id: 'CWE-316', + name: 'Cleartext Storage of Sensitive Information in Memory', + status: 'Draft', + }, + { + id: 'CWE-317', + name: 'Cleartext Storage of Sensitive Information in GUI', + status: 'Draft', + }, + { + id: 'CWE-318', + name: 'Cleartext Storage of Sensitive Information in Executable', + status: 'Draft', + }, + { + id: 'CWE-319', + name: 'Cleartext Transmission of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-32', + name: "Path Traversal: '...' (Triple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-321', + name: 'Use of Hard-coded Cryptographic Key', + status: 'Draft', + }, + { + id: 'CWE-322', + name: 'Key Exchange without Entity Authentication', + status: 'Draft', + }, + { + id: 'CWE-323', + name: 'Reusing a Nonce, Key Pair in Encryption', + status: 'Incomplete', + }, + { + id: 'CWE-324', + name: 'Use of a Key Past its Expiration Date', + status: 'Draft', + }, + { id: 'CWE-325', name: 'Missing Cryptographic Step', status: 'Draft' }, + { id: 'CWE-326', name: 'Inadequate Encryption Strength', status: 'Draft' }, + { + id: 'CWE-327', + name: 'Use of a Broken or Risky Cryptographic Algorithm', + status: 'Draft', + }, + { id: 'CWE-328', name: 'Use of Weak Hash', status: 'Draft' }, + { + id: 'CWE-329', + name: 'Generation of Predictable IV with CBC Mode', + status: 'Draft', + }, + { + id: 'CWE-33', + name: "Path Traversal: '....' (Multiple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-330', + name: 'Use of Insufficiently Random Values', + status: 'Stable', + }, + { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, + { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, + { + id: 'CWE-333', + name: 'Improper Handling of Insufficient Entropy in TRNG', + status: 'Draft', + }, + { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, + { + id: 'CWE-335', + name: 'Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + }, + { + id: 'CWE-336', + name: 'Same Seed in Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + }, + { + id: 'CWE-337', + name: 'Predictable Seed in Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + }, + { + id: 'CWE-338', + name: 'Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + }, + { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, + { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, + { + id: 'CWE-340', + name: 'Generation of Predictable Numbers or Identifiers', + status: 'Incomplete', + }, + { + id: 'CWE-341', + name: 'Predictable from Observable State', + status: 'Draft', + }, + { + id: 'CWE-342', + name: 'Predictable Exact Value from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-343', + name: 'Predictable Value Range from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-344', + name: 'Use of Invariant Value in Dynamically Changing Context', + status: 'Draft', + }, + { + id: 'CWE-345', + name: 'Insufficient Verification of Data Authenticity', + status: 'Draft', + }, + { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, + { + id: 'CWE-347', + name: 'Improper Verification of Cryptographic Signature', + status: 'Draft', + }, + { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, + { + id: 'CWE-349', + name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', + status: 'Draft', + }, + { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, + { + id: 'CWE-350', + name: 'Reliance on Reverse DNS Resolution for a Security-Critical Action', + status: 'Draft', + }, + { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, + { + id: 'CWE-352', + name: 'Cross-Site Request Forgery (CSRF)', + status: 'Stable', + }, + { + id: 'CWE-353', + name: 'Missing Support for Integrity Check', + status: 'Draft', + }, + { + id: 'CWE-354', + name: 'Improper Validation of Integrity Check Value', + status: 'Draft', + }, + { + id: 'CWE-356', + name: 'Product UI does not Warn User of Unsafe Actions', + status: 'Incomplete', + }, + { + id: 'CWE-357', + name: 'Insufficient UI Warning of Dangerous Operations', + status: 'Draft', + }, + { + id: 'CWE-358', + name: 'Improperly Implemented Security Check for Standard', + status: 'Draft', + }, + { + id: 'CWE-359', + name: 'Exposure of Private Personal Information to an Unauthorized Actor', + status: 'Incomplete', + }, + { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, + { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, + { + id: 'CWE-362', + name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", + status: 'Draft', + }, + { + id: 'CWE-363', + name: 'Race Condition Enabling Link Following', + status: 'Draft', + }, + { + id: 'CWE-364', + name: 'Signal Handler Race Condition', + status: 'Incomplete', + }, + { + id: 'CWE-365', + name: 'DEPRECATED: Race Condition in Switch', + status: 'Deprecated', + }, + { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, + { + id: 'CWE-367', + name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', + status: 'Incomplete', + }, + { + id: 'CWE-368', + name: 'Context Switching Race Condition', + status: 'Draft', + }, + { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, + { + id: 'CWE-37', + name: "Path Traversal: '/absolute/pathname/here'", + status: 'Draft', + }, + { + id: 'CWE-370', + name: 'Missing Check for Certificate Revocation after Initial Check', + status: 'Draft', + }, + { + id: 'CWE-372', + name: 'Incomplete Internal State Distinction', + status: 'Draft', + }, + { + id: 'CWE-373', + name: 'DEPRECATED: State Synchronization Error', + status: 'Deprecated', + }, + { + id: 'CWE-374', + name: 'Passing Mutable Objects to an Untrusted Method', + status: 'Draft', + }, + { + id: 'CWE-375', + name: 'Returning a Mutable Object to an Untrusted Caller', + status: 'Draft', + }, + { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, + { + id: 'CWE-378', + name: 'Creation of Temporary File With Insecure Permissions', + status: 'Draft', + }, + { + id: 'CWE-379', + name: 'Creation of Temporary File in Directory with Insecure Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-38', + name: "Path Traversal: '\\absolute\\pathname\\here'", + status: 'Draft', + }, + { + id: 'CWE-382', + name: 'J2EE Bad Practices: Use of System.exit()', + status: 'Draft', + }, + { + id: 'CWE-383', + name: 'J2EE Bad Practices: Direct Use of Threads', + status: 'Draft', + }, + { id: 'CWE-384', name: 'Session Fixation', status: 'Incomplete' }, + { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, + { + id: 'CWE-386', + name: 'Symbolic Name not Mapping to Correct Object', + status: 'Draft', + }, + { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, + { + id: 'CWE-390', + name: 'Detection of Error Condition Without Action', + status: 'Draft', + }, + { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, + { + id: 'CWE-392', + name: 'Missing Report of Error Condition', + status: 'Draft', + }, + { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, + { + id: 'CWE-394', + name: 'Unexpected Status Code or Return Value', + status: 'Draft', + }, + { + id: 'CWE-395', + name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', + status: 'Draft', + }, + { + id: 'CWE-396', + name: 'Declaration of Catch for Generic Exception', + status: 'Draft', + }, + { + id: 'CWE-397', + name: 'Declaration of Throws for Generic Exception', + status: 'Draft', + }, + { + id: 'CWE-40', + name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", + status: 'Draft', + }, + { + id: 'CWE-400', + name: 'Uncontrolled Resource Consumption', + status: 'Draft', + }, + { + id: 'CWE-401', + name: 'Missing Release of Memory after Effective Lifetime', + status: 'Draft', + }, + { + id: 'CWE-402', + name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", + status: 'Draft', + }, + { + id: 'CWE-403', + name: "Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')", + status: 'Draft', + }, + { + id: 'CWE-404', + name: 'Improper Resource Shutdown or Release', + status: 'Draft', + }, + { + id: 'CWE-405', + name: 'Asymmetric Resource Consumption (Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-406', + name: 'Insufficient Control of Network Message Volume (Network Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-407', + name: 'Inefficient Algorithmic Complexity', + status: 'Incomplete', + }, + { + id: 'CWE-408', + name: 'Incorrect Behavior Order: Early Amplification', + status: 'Draft', + }, + { + id: 'CWE-409', + name: 'Improper Handling of Highly Compressed Data (Data Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-41', + name: 'Improper Resolution of Path Equivalence', + status: 'Incomplete', + }, + { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, + { + id: 'CWE-412', + name: 'Unrestricted Externally Accessible Lock', + status: 'Incomplete', + }, + { id: 'CWE-413', name: 'Improper Resource Locking', status: 'Draft' }, + { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, + { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, + { id: 'CWE-416', name: 'Use After Free', status: 'Stable' }, + { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, + { + id: 'CWE-42', + name: "Path Equivalence: 'filename.' (Trailing Dot)", + status: 'Incomplete', + }, + { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, + { + id: 'CWE-421', + name: 'Race Condition During Access to Alternate Channel', + status: 'Draft', + }, + { + id: 'CWE-422', + name: "Unprotected Windows Messaging Channel ('Shatter')", + status: 'Draft', + }, + { + id: 'CWE-423', + name: 'DEPRECATED: Proxied Trusted Channel', + status: 'Deprecated', + }, + { + id: 'CWE-424', + name: 'Improper Protection of Alternate Path', + status: 'Draft', + }, + { + id: 'CWE-425', + name: "Direct Request ('Forced Browsing')", + status: 'Incomplete', + }, + { id: 'CWE-426', name: 'Untrusted Search Path', status: 'Stable' }, + { + id: 'CWE-427', + name: 'Uncontrolled Search Path Element', + status: 'Draft', + }, + { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, + { + id: 'CWE-43', + name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-430', + name: 'Deployment of Wrong Handler', + status: 'Incomplete', + }, + { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, + { + id: 'CWE-432', + name: 'Dangerous Signal Handler not Disabled During Sensitive Operations', + status: 'Draft', + }, + { + id: 'CWE-433', + name: 'Unparsed Raw Web Content Delivery', + status: 'Incomplete', + }, + { + id: 'CWE-434', + name: 'Unrestricted Upload of File with Dangerous Type', + status: 'Draft', + }, + { + id: 'CWE-435', + name: 'Improper Interaction Between Multiple Correctly-Behaving Entities', + status: 'Draft', + }, + { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, + { + id: 'CWE-437', + name: 'Incomplete Model of Endpoint Features', + status: 'Incomplete', + }, + { + id: 'CWE-439', + name: 'Behavioral Change in New Version or Environment', + status: 'Draft', + }, + { + id: 'CWE-44', + name: "Path Equivalence: 'file.name' (Internal Dot)", + status: 'Incomplete', + }, + { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, + { + id: 'CWE-441', + name: "Unintended Proxy or Intermediary ('Confused Deputy')", + status: 'Draft', + }, + { + id: 'CWE-443', + name: 'DEPRECATED: HTTP response splitting', + status: 'Deprecated', + }, + { + id: 'CWE-444', + name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", + status: 'Incomplete', + }, + { + id: 'CWE-446', + name: 'UI Discrepancy for Security Feature', + status: 'Incomplete', + }, + { + id: 'CWE-447', + name: 'Unimplemented or Unsupported Feature in UI', + status: 'Draft', + }, + { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, + { + id: 'CWE-449', + name: 'The UI Performs the Wrong Action', + status: 'Incomplete', + }, + { + id: 'CWE-45', + name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-450', + name: 'Multiple Interpretations of UI Input', + status: 'Draft', + }, + { + id: 'CWE-451', + name: 'User Interface (UI) Misrepresentation of Critical Information', + status: 'Draft', + }, + { + id: 'CWE-453', + name: 'Insecure Default Variable Initialization', + status: 'Draft', + }, + { + id: 'CWE-454', + name: 'External Initialization of Trusted Variables or Data Stores', + status: 'Draft', + }, + { + id: 'CWE-455', + name: 'Non-exit on Failed Initialization', + status: 'Draft', + }, + { + id: 'CWE-456', + name: 'Missing Initialization of a Variable', + status: 'Draft', + }, + { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, + { + id: 'CWE-458', + name: 'DEPRECATED: Incorrect Initialization', + status: 'Deprecated', + }, + { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, + { + id: 'CWE-46', + name: "Path Equivalence: 'filename ' (Trailing Space)", + status: 'Incomplete', + }, + { + id: 'CWE-460', + name: 'Improper Cleanup on Thrown Exception', + status: 'Draft', + }, + { + id: 'CWE-462', + name: 'Duplicate Key in Associative List (Alist)', + status: 'Incomplete', + }, + { + id: 'CWE-463', + name: 'Deletion of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-464', + name: 'Addition of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-466', + name: 'Return of Pointer Value Outside of Expected Range', + status: 'Draft', + }, + { + id: 'CWE-467', + name: 'Use of sizeof() on a Pointer Type', + status: 'Draft', + }, + { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, + { + id: 'CWE-469', + name: 'Use of Pointer Subtraction to Determine Size', + status: 'Draft', + }, + { + id: 'CWE-47', + name: "Path Equivalence: ' filename' (Leading Space)", + status: 'Incomplete', + }, + { + id: 'CWE-470', + name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", + status: 'Draft', + }, + { + id: 'CWE-471', + name: 'Modification of Assumed-Immutable Data (MAID)', + status: 'Draft', + }, + { + id: 'CWE-472', + name: 'External Control of Assumed-Immutable Web Parameter', + status: 'Draft', + }, + { + id: 'CWE-473', + name: 'PHP External Variable Modification', + status: 'Draft', + }, + { + id: 'CWE-474', + name: 'Use of Function with Inconsistent Implementations', + status: 'Draft', + }, + { + id: 'CWE-475', + name: 'Undefined Behavior for Input to API', + status: 'Incomplete', + }, + { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Stable' }, + { id: 'CWE-477', name: 'Use of Obsolete Function', status: 'Draft' }, + { + id: 'CWE-478', + name: 'Missing Default Case in Multiple Condition Expression', + status: 'Draft', + }, + { + id: 'CWE-479', + name: 'Signal Handler Use of a Non-reentrant Function', + status: 'Draft', + }, + { + id: 'CWE-48', + name: "Path Equivalence: 'file name' (Internal Whitespace)", + status: 'Incomplete', + }, + { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, + { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, + { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, + { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, + { + id: 'CWE-484', + name: 'Omitted Break Statement in Switch', + status: 'Draft', + }, + { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, + { + id: 'CWE-487', + name: 'Reliance on Package-level Scope', + status: 'Incomplete', + }, + { + id: 'CWE-488', + name: 'Exposure of Data Element to Wrong Session', + status: 'Draft', + }, + { id: 'CWE-489', name: 'Active Debug Code', status: 'Draft' }, + { + id: 'CWE-49', + name: "Path Equivalence: 'filename/' (Trailing Slash)", + status: 'Incomplete', + }, + { + id: 'CWE-491', + name: "Public cloneable() Method Without Final ('Object Hijack')", + status: 'Draft', + }, + { + id: 'CWE-492', + name: 'Use of Inner Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-493', + name: 'Critical Public Variable Without Final Modifier', + status: 'Draft', + }, + { + id: 'CWE-494', + name: 'Download of Code Without Integrity Check', + status: 'Draft', + }, + { + id: 'CWE-495', + name: 'Private Data Structure Returned From A Public Method', + status: 'Draft', + }, + { + id: 'CWE-496', + name: 'Public Data Assigned to Private Array-Typed Field', + status: 'Incomplete', + }, + { + id: 'CWE-497', + name: 'Exposure of Sensitive System Information to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-498', + name: 'Cloneable Class Containing Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-499', + name: 'Serializable Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-5', + name: 'J2EE Misconfiguration: Data Transmission Without Encryption', + status: 'Draft', + }, + { + id: 'CWE-50', + name: "Path Equivalence: '//multiple/leading/slash'", + status: 'Incomplete', + }, + { + id: 'CWE-500', + name: 'Public Static Field Not Marked Final', + status: 'Draft', + }, + { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, + { + id: 'CWE-502', + name: 'Deserialization of Untrusted Data', + status: 'Draft', + }, + { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, + { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, + { + id: 'CWE-508', + name: 'Non-Replicating Malicious Code', + status: 'Incomplete', + }, + { + id: 'CWE-509', + name: 'Replicating Malicious Code (Virus or Worm)', + status: 'Incomplete', + }, + { + id: 'CWE-51', + name: "Path Equivalence: '/multiple//internal/slash'", + status: 'Incomplete', + }, + { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, + { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, + { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, + { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, + { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, + { + id: 'CWE-516', + name: 'DEPRECATED: Covert Timing Channel', + status: 'Deprecated', + }, + { + id: 'CWE-52', + name: "Path Equivalence: '/multiple/trailing/slash//'", + status: 'Incomplete', + }, + { + id: 'CWE-520', + name: '.NET Misconfiguration: Use of Impersonation', + status: 'Incomplete', + }, + { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, + { + id: 'CWE-522', + name: 'Insufficiently Protected Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-523', + name: 'Unprotected Transport of Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-524', + name: 'Use of Cache Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-525', + name: 'Use of Web Browser Cache Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-526', + name: 'Cleartext Storage of Sensitive Information in an Environment Variable', + status: 'Incomplete', + }, + { + id: 'CWE-527', + name: 'Exposure of Version-Control Repository to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-528', + name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', + status: 'Draft', + }, + { + id: 'CWE-529', + name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-53', + name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", + status: 'Incomplete', + }, + { + id: 'CWE-530', + name: 'Exposure of Backup File to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-531', + name: 'Inclusion of Sensitive Information in Test Code', + status: 'Incomplete', + }, + { + id: 'CWE-532', + name: 'Insertion of Sensitive Information into Log File', + status: 'Incomplete', + }, + { + id: 'CWE-533', + name: 'DEPRECATED: Information Exposure Through Server Log Files', + status: 'Deprecated', + }, + { + id: 'CWE-534', + name: 'DEPRECATED: Information Exposure Through Debug Log Files', + status: 'Deprecated', + }, + { + id: 'CWE-535', + name: 'Exposure of Information Through Shell Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-536', + name: 'Servlet Runtime Error Message Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-537', + name: 'Java Runtime Error Message Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-538', + name: 'Insertion of Sensitive Information into Externally-Accessible File or Directory', + status: 'Draft', + }, + { + id: 'CWE-539', + name: 'Use of Persistent Cookies Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-54', + name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", + status: 'Incomplete', + }, + { + id: 'CWE-540', + name: 'Inclusion of Sensitive Information in Source Code', + status: 'Incomplete', + }, + { + id: 'CWE-541', + name: 'Inclusion of Sensitive Information in an Include File', + status: 'Incomplete', + }, + { + id: 'CWE-542', + name: 'DEPRECATED: Information Exposure Through Cleanup Log Files', + status: 'Deprecated', + }, + { + id: 'CWE-543', + name: 'Use of Singleton Pattern Without Synchronization in a Multithreaded Context', + status: 'Incomplete', + }, + { + id: 'CWE-544', + name: 'Missing Standardized Error Handling Mechanism', + status: 'Draft', + }, + { + id: 'CWE-545', + name: 'DEPRECATED: Use of Dynamic Class Loading', + status: 'Deprecated', + }, + { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, + { + id: 'CWE-547', + name: 'Use of Hard-coded, Security-relevant Constants', + status: 'Draft', + }, + { + id: 'CWE-548', + name: 'Exposure of Information Through Directory Listing', + status: 'Draft', + }, + { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, + { + id: 'CWE-55', + name: "Path Equivalence: '/./' (Single Dot Directory)", + status: 'Incomplete', + }, + { + id: 'CWE-550', + name: 'Server-generated Error Message Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-551', + name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', + status: 'Incomplete', + }, + { + id: 'CWE-552', + name: 'Files or Directories Accessible to External Parties', + status: 'Draft', + }, + { + id: 'CWE-553', + name: 'Command Shell in Externally Accessible Directory', + status: 'Incomplete', + }, + { + id: 'CWE-554', + name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', + status: 'Draft', + }, + { + id: 'CWE-555', + name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-556', + name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', + status: 'Incomplete', + }, + { + id: 'CWE-558', + name: 'Use of getlogin() in Multithreaded Application', + status: 'Draft', + }, + { + id: 'CWE-56', + name: "Path Equivalence: 'filedir*' (Wildcard)", + status: 'Incomplete', + }, + { + id: 'CWE-560', + name: 'Use of umask() with chmod-style Argument', + status: 'Draft', + }, + { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, + { + id: 'CWE-562', + name: 'Return of Stack Variable Address', + status: 'Draft', + }, + { + id: 'CWE-563', + name: 'Assignment to Variable without Use', + status: 'Draft', + }, + { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, + { + id: 'CWE-565', + name: 'Reliance on Cookies without Validation and Integrity Checking', + status: 'Incomplete', + }, + { + id: 'CWE-566', + name: 'Authorization Bypass Through User-Controlled SQL Primary Key', + status: 'Incomplete', + }, + { + id: 'CWE-567', + name: 'Unsynchronized Access to Shared Data in a Multithreaded Context', + status: 'Draft', + }, + { + id: 'CWE-568', + name: 'finalize() Method Without super.finalize()', + status: 'Draft', + }, + { + id: 'CWE-57', + name: "Path Equivalence: 'fakedir/../realdir/filename'", + status: 'Incomplete', + }, + { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, + { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, + { + id: 'CWE-572', + name: 'Call to Thread run() instead of start()', + status: 'Draft', + }, + { + id: 'CWE-573', + name: 'Improper Following of Specification by Caller', + status: 'Draft', + }, + { + id: 'CWE-574', + name: 'EJB Bad Practices: Use of Synchronization Primitives', + status: 'Draft', + }, + { + id: 'CWE-575', + name: 'EJB Bad Practices: Use of AWT Swing', + status: 'Draft', + }, + { + id: 'CWE-576', + name: 'EJB Bad Practices: Use of Java I/O', + status: 'Draft', + }, + { + id: 'CWE-577', + name: 'EJB Bad Practices: Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-578', + name: 'EJB Bad Practices: Use of Class Loader', + status: 'Draft', + }, + { + id: 'CWE-579', + name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', + status: 'Draft', + }, + { + id: 'CWE-58', + name: 'Path Equivalence: Windows 8.3 Filename', + status: 'Incomplete', + }, + { + id: 'CWE-580', + name: 'clone() Method Without super.clone()', + status: 'Draft', + }, + { + id: 'CWE-581', + name: 'Object Model Violation: Just One of Equals and Hashcode Defined', + status: 'Draft', + }, + { + id: 'CWE-582', + name: 'Array Declared Public, Final, and Static', + status: 'Draft', + }, + { + id: 'CWE-583', + name: 'finalize() Method Declared Public', + status: 'Incomplete', + }, + { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, + { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, + { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, + { + id: 'CWE-587', + name: 'Assignment of a Fixed Address to a Pointer', + status: 'Draft', + }, + { + id: 'CWE-588', + name: 'Attempt to Access Child of a Non-structure Pointer', + status: 'Incomplete', + }, + { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, + { + id: 'CWE-59', + name: "Improper Link Resolution Before File Access ('Link Following')", + status: 'Draft', + }, + { + id: 'CWE-590', + name: 'Free of Memory not on the Heap', + status: 'Incomplete', + }, + { + id: 'CWE-591', + name: 'Sensitive Data Storage in Improperly Locked Memory', + status: 'Draft', + }, + { + id: 'CWE-592', + name: 'DEPRECATED: Authentication Bypass Issues', + status: 'Deprecated', + }, + { + id: 'CWE-593', + name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', + status: 'Draft', + }, + { + id: 'CWE-594', + name: 'J2EE Framework: Saving Unserializable Objects to Disk', + status: 'Incomplete', + }, + { + id: 'CWE-595', + name: 'Comparison of Object References Instead of Object Contents', + status: 'Incomplete', + }, + { + id: 'CWE-596', + name: 'DEPRECATED: Incorrect Semantic Object Comparison', + status: 'Deprecated', + }, + { + id: 'CWE-597', + name: 'Use of Wrong Operator in String Comparison', + status: 'Draft', + }, + { + id: 'CWE-598', + name: 'Use of GET Request Method With Sensitive Query Strings', + status: 'Draft', + }, + { + id: 'CWE-599', + name: 'Missing Validation of OpenSSL Certificate', + status: 'Incomplete', + }, + { + id: 'CWE-6', + name: 'J2EE Misconfiguration: Insufficient Session-ID Length', + status: 'Incomplete', + }, + { id: 'CWE-600', name: 'Uncaught Exception in Servlet ', status: 'Draft' }, + { + id: 'CWE-601', + name: "URL Redirection to Untrusted Site ('Open Redirect')", + status: 'Draft', + }, + { + id: 'CWE-602', + name: 'Client-Side Enforcement of Server-Side Security', + status: 'Draft', + }, + { + id: 'CWE-603', + name: 'Use of Client-Side Authentication', + status: 'Draft', + }, + { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, + { + id: 'CWE-606', + name: 'Unchecked Input for Loop Condition', + status: 'Draft', + }, + { + id: 'CWE-607', + name: 'Public Static Final Field References Mutable Object', + status: 'Draft', + }, + { + id: 'CWE-608', + name: 'Struts: Non-private Field in ActionForm Class', + status: 'Draft', + }, + { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, + { + id: 'CWE-61', + name: 'UNIX Symbolic Link (Symlink) Following', + status: 'Incomplete', + }, + { + id: 'CWE-610', + name: 'Externally Controlled Reference to a Resource in Another Sphere', + status: 'Draft', + }, + { + id: 'CWE-611', + name: 'Improper Restriction of XML External Entity Reference', + status: 'Draft', + }, + { + id: 'CWE-612', + name: 'Improper Authorization of Index Containing Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-613', + name: 'Insufficient Session Expiration', + status: 'Incomplete', + }, + { + id: 'CWE-614', + name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", + status: 'Draft', + }, + { + id: 'CWE-615', + name: 'Inclusion of Sensitive Information in Source Code Comments', + status: 'Incomplete', + }, + { + id: 'CWE-616', + name: 'Incomplete Identification of Uploaded File Variables (PHP)', + status: 'Incomplete', + }, + { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, + { + id: 'CWE-618', + name: 'Exposed Unsafe ActiveX Method', + status: 'Incomplete', + }, + { + id: 'CWE-619', + name: "Dangling Database Cursor ('Cursor Injection')", + status: 'Incomplete', + }, + { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, + { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, + { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, + { + id: 'CWE-622', + name: 'Improper Validation of Function Hook Arguments', + status: 'Draft', + }, + { + id: 'CWE-623', + name: 'Unsafe ActiveX Control Marked Safe For Scripting', + status: 'Draft', + }, + { + id: 'CWE-624', + name: 'Executable Regular Expression Error', + status: 'Incomplete', + }, + { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, + { + id: 'CWE-626', + name: 'Null Byte Interaction Error (Poison Null Byte)', + status: 'Draft', + }, + { + id: 'CWE-627', + name: 'Dynamic Variable Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-628', + name: 'Function Call with Incorrectly Specified Arguments', + status: 'Draft', + }, + { + id: 'CWE-636', + name: "Not Failing Securely ('Failing Open')", + status: 'Draft', + }, + { + id: 'CWE-637', + name: "Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')", + status: 'Draft', + }, + { id: 'CWE-638', name: 'Not Using Complete Mediation', status: 'Draft' }, + { + id: 'CWE-639', + name: 'Authorization Bypass Through User-Controlled Key', + status: 'Incomplete', + }, + { + id: 'CWE-64', + name: 'Windows Shortcut Following (.LNK)', + status: 'Incomplete', + }, + { + id: 'CWE-640', + name: 'Weak Password Recovery Mechanism for Forgotten Password', + status: 'Incomplete', + }, + { + id: 'CWE-641', + name: 'Improper Restriction of Names for Files and Other Resources', + status: 'Incomplete', + }, + { + id: 'CWE-642', + name: 'External Control of Critical State Data', + status: 'Draft', + }, + { + id: 'CWE-643', + name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-644', + name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', + status: 'Incomplete', + }, + { + id: 'CWE-645', + name: 'Overly Restrictive Account Lockout Mechanism', + status: 'Incomplete', + }, + { + id: 'CWE-646', + name: 'Reliance on File Name or Extension of Externally-Supplied File', + status: 'Incomplete', + }, + { + id: 'CWE-647', + name: 'Use of Non-Canonical URL Paths for Authorization Decisions', + status: 'Incomplete', + }, + { + id: 'CWE-648', + name: 'Incorrect Use of Privileged APIs', + status: 'Incomplete', + }, + { + id: 'CWE-649', + name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', + status: 'Incomplete', + }, + { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, + { + id: 'CWE-650', + name: 'Trusting HTTP Permission Methods on the Server Side', + status: 'Incomplete', + }, + { + id: 'CWE-651', + name: 'Exposure of WSDL File Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-652', + name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-653', + name: 'Improper Isolation or Compartmentalization', + status: 'Draft', + }, + { + id: 'CWE-654', + name: 'Reliance on a Single Factor in a Security Decision', + status: 'Draft', + }, + { + id: 'CWE-655', + name: 'Insufficient Psychological Acceptability', + status: 'Draft', + }, + { + id: 'CWE-656', + name: 'Reliance on Security Through Obscurity', + status: 'Draft', + }, + { + id: 'CWE-657', + name: 'Violation of Secure Design Principles', + status: 'Draft', + }, + { + id: 'CWE-66', + name: 'Improper Handling of File Names that Identify Virtual Resources', + status: 'Draft', + }, + { id: 'CWE-662', name: 'Improper Synchronization', status: 'Draft' }, + { + id: 'CWE-663', + name: 'Use of a Non-reentrant Function in a Concurrent Context', + status: 'Draft', + }, + { + id: 'CWE-664', + name: 'Improper Control of a Resource Through its Lifetime', + status: 'Draft', + }, + { id: 'CWE-665', name: 'Improper Initialization', status: 'Draft' }, + { + id: 'CWE-666', + name: 'Operation on Resource in Wrong Phase of Lifetime', + status: 'Draft', + }, + { id: 'CWE-667', name: 'Improper Locking', status: 'Draft' }, + { + id: 'CWE-668', + name: 'Exposure of Resource to Wrong Sphere', + status: 'Draft', + }, + { + id: 'CWE-669', + name: 'Incorrect Resource Transfer Between Spheres', + status: 'Draft', + }, + { + id: 'CWE-67', + name: 'Improper Handling of Windows Device Names', + status: 'Incomplete', + }, + { + id: 'CWE-670', + name: 'Always-Incorrect Control Flow Implementation', + status: 'Draft', + }, + { + id: 'CWE-671', + name: 'Lack of Administrator Control over Security', + status: 'Draft', + }, + { + id: 'CWE-672', + name: 'Operation on a Resource after Expiration or Release', + status: 'Draft', + }, + { + id: 'CWE-673', + name: 'External Influence of Sphere Definition', + status: 'Draft', + }, + { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, + { + id: 'CWE-675', + name: 'Multiple Operations on Resource in Single-Operation Context', + status: 'Draft', + }, + { + id: 'CWE-676', + name: 'Use of Potentially Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-680', + name: 'Integer Overflow to Buffer Overflow', + status: 'Draft', + }, + { + id: 'CWE-681', + name: 'Incorrect Conversion between Numeric Types', + status: 'Draft', + }, + { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, + { + id: 'CWE-683', + name: 'Function Call With Incorrect Order of Arguments', + status: 'Draft', + }, + { + id: 'CWE-684', + name: 'Incorrect Provision of Specified Functionality', + status: 'Draft', + }, + { + id: 'CWE-685', + name: 'Function Call With Incorrect Number of Arguments', + status: 'Draft', + }, + { + id: 'CWE-686', + name: 'Function Call With Incorrect Argument Type', + status: 'Draft', + }, + { + id: 'CWE-687', + name: 'Function Call With Incorrectly Specified Argument Value', + status: 'Draft', + }, + { + id: 'CWE-688', + name: 'Function Call With Incorrect Variable or Reference as Argument', + status: 'Draft', + }, + { + id: 'CWE-689', + name: 'Permission Race Condition During Resource Copy', + status: 'Draft', + }, + { + id: 'CWE-69', + name: 'Improper Handling of Windows ::DATA Alternate Data Stream', + status: 'Incomplete', + }, + { + id: 'CWE-690', + name: 'Unchecked Return Value to NULL Pointer Dereference', + status: 'Draft', + }, + { + id: 'CWE-691', + name: 'Insufficient Control Flow Management', + status: 'Draft', + }, + { + id: 'CWE-692', + name: 'Incomplete Denylist to Cross-Site Scripting', + status: 'Draft', + }, + { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, + { + id: 'CWE-694', + name: 'Use of Multiple Resources with Duplicate Identifier', + status: 'Incomplete', + }, + { + id: 'CWE-695', + name: 'Use of Low-Level Functionality', + status: 'Incomplete', + }, + { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, + { id: 'CWE-697', name: 'Incorrect Comparison', status: 'Incomplete' }, + { + id: 'CWE-698', + name: 'Execution After Redirect (EAR)', + status: 'Incomplete', + }, + { + id: 'CWE-7', + name: 'J2EE Misconfiguration: Missing Custom Error Page', + status: 'Incomplete', + }, + { + id: 'CWE-703', + name: 'Improper Check or Handling of Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-704', + name: 'Incorrect Type Conversion or Cast', + status: 'Incomplete', + }, + { + id: 'CWE-705', + name: 'Incorrect Control Flow Scoping', + status: 'Incomplete', + }, + { + id: 'CWE-706', + name: 'Use of Incorrectly-Resolved Name or Reference', + status: 'Incomplete', + }, + { id: 'CWE-707', name: 'Improper Neutralization', status: 'Incomplete' }, + { + id: 'CWE-708', + name: 'Incorrect Ownership Assignment', + status: 'Incomplete', + }, + { + id: 'CWE-71', + name: "DEPRECATED: Apple '.DS_Store'", + status: 'Deprecated', + }, + { + id: 'CWE-710', + name: 'Improper Adherence to Coding Standards', + status: 'Incomplete', + }, + { + id: 'CWE-72', + name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', + status: 'Incomplete', + }, + { + id: 'CWE-73', + name: 'External Control of File Name or Path', + status: 'Draft', + }, + { + id: 'CWE-732', + name: 'Incorrect Permission Assignment for Critical Resource', + status: 'Draft', + }, + { + id: 'CWE-733', + name: 'Compiler Optimization Removal or Modification of Security-critical Code', + status: 'Incomplete', + }, + { + id: 'CWE-74', + name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-749', + name: 'Exposed Dangerous Method or Function', + status: 'Incomplete', + }, + { + id: 'CWE-75', + name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', + status: 'Draft', + }, + { + id: 'CWE-754', + name: 'Improper Check for Unusual or Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-755', + name: 'Improper Handling of Exceptional Conditions', + status: 'Incomplete', + }, + { id: 'CWE-756', name: 'Missing Custom Error Page', status: 'Incomplete' }, + { + id: 'CWE-757', + name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", + status: 'Incomplete', + }, + { + id: 'CWE-758', + name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', + status: 'Incomplete', + }, + { + id: 'CWE-759', + name: 'Use of a One-Way Hash without a Salt', + status: 'Incomplete', + }, + { + id: 'CWE-76', + name: 'Improper Neutralization of Equivalent Special Elements', + status: 'Draft', + }, + { + id: 'CWE-760', + name: 'Use of a One-Way Hash with a Predictable Salt', + status: 'Incomplete', + }, + { + id: 'CWE-761', + name: 'Free of Pointer not at Start of Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-762', + name: 'Mismatched Memory Management Routines', + status: 'Incomplete', + }, + { + id: 'CWE-763', + name: 'Release of Invalid Pointer or Reference', + status: 'Incomplete', + }, + { + id: 'CWE-764', + name: 'Multiple Locks of a Critical Resource', + status: 'Incomplete', + }, + { + id: 'CWE-765', + name: 'Multiple Unlocks of a Critical Resource', + status: 'Incomplete', + }, + { + id: 'CWE-766', + name: 'Critical Data Element Declared Public', + status: 'Incomplete', + }, + { + id: 'CWE-767', + name: 'Access to Critical Private Variable via Public Method', + status: 'Incomplete', + }, + { + id: 'CWE-768', + name: 'Incorrect Short Circuit Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-769', + name: 'DEPRECATED: Uncontrolled File Descriptor Consumption', + status: 'Deprecated', + }, + { + id: 'CWE-77', + name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", + status: 'Draft', + }, + { + id: 'CWE-770', + name: 'Allocation of Resources Without Limits or Throttling', + status: 'Incomplete', + }, + { + id: 'CWE-771', + name: 'Missing Reference to Active Allocated Resource', + status: 'Incomplete', + }, + { + id: 'CWE-772', + name: 'Missing Release of Resource after Effective Lifetime', + status: 'Draft', + }, + { + id: 'CWE-773', + name: 'Missing Reference to Active File Descriptor or Handle', + status: 'Incomplete', + }, + { + id: 'CWE-774', + name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', + status: 'Incomplete', + }, + { + id: 'CWE-775', + name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-776', + name: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", + status: 'Draft', + }, + { + id: 'CWE-777', + name: 'Regular Expression without Anchors', + status: 'Incomplete', + }, + { id: 'CWE-778', name: 'Insufficient Logging', status: 'Draft' }, + { id: 'CWE-779', name: 'Logging of Excessive Data', status: 'Draft' }, + { + id: 'CWE-78', + name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", + status: 'Stable', + }, + { + id: 'CWE-780', + name: 'Use of RSA Algorithm without OAEP', + status: 'Incomplete', + }, + { + id: 'CWE-781', + name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', + status: 'Draft', + }, + { + id: 'CWE-782', + name: 'Exposed IOCTL with Insufficient Access Control', + status: 'Draft', + }, + { id: 'CWE-783', name: 'Operator Precedence Logic Error', status: 'Draft' }, + { + id: 'CWE-784', + name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', + status: 'Draft', + }, + { + id: 'CWE-785', + name: 'Use of Path Manipulation Function without Maximum-sized Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-786', + name: 'Access of Memory Location Before Start of Buffer', + status: 'Incomplete', + }, + { id: 'CWE-787', name: 'Out-of-bounds Write', status: 'Draft' }, + { + id: 'CWE-788', + name: 'Access of Memory Location After End of Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-789', + name: 'Memory Allocation with Excessive Size Value', + status: 'Draft', + }, + { + id: 'CWE-79', + name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + status: 'Stable', + }, + { + id: 'CWE-790', + name: 'Improper Filtering of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-791', + name: 'Incomplete Filtering of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-792', + name: 'Incomplete Filtering of One or More Instances of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-793', + name: 'Only Filtering One Instance of a Special Element', + status: 'Incomplete', + }, + { + id: 'CWE-794', + name: 'Incomplete Filtering of Multiple Instances of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-795', + name: 'Only Filtering Special Elements at a Specified Location', + status: 'Incomplete', + }, + { + id: 'CWE-796', + name: 'Only Filtering Special Elements Relative to a Marker', + status: 'Incomplete', + }, + { + id: 'CWE-797', + name: 'Only Filtering Special Elements at an Absolute Position', + status: 'Incomplete', + }, + { id: 'CWE-798', name: 'Use of Hard-coded Credentials', status: 'Draft' }, + { + id: 'CWE-799', + name: 'Improper Control of Interaction Frequency', + status: 'Incomplete', + }, + { + id: 'CWE-8', + name: 'J2EE Misconfiguration: Entity Bean Declared Remote', + status: 'Incomplete', + }, + { + id: 'CWE-80', + name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', + status: 'Incomplete', + }, + { id: 'CWE-804', name: 'Guessable CAPTCHA', status: 'Incomplete' }, + { + id: 'CWE-805', + name: 'Buffer Access with Incorrect Length Value', + status: 'Incomplete', + }, + { + id: 'CWE-806', + name: 'Buffer Access Using Size of Source Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-807', + name: 'Reliance on Untrusted Inputs in a Security Decision', + status: 'Incomplete', + }, + { + id: 'CWE-81', + name: 'Improper Neutralization of Script in an Error Message Web Page', + status: 'Incomplete', + }, + { + id: 'CWE-82', + name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', + status: 'Incomplete', + }, + { id: 'CWE-820', name: 'Missing Synchronization', status: 'Incomplete' }, + { id: 'CWE-821', name: 'Incorrect Synchronization', status: 'Incomplete' }, + { + id: 'CWE-822', + name: 'Untrusted Pointer Dereference', + status: 'Incomplete', + }, + { + id: 'CWE-823', + name: 'Use of Out-of-range Pointer Offset', + status: 'Incomplete', + }, + { + id: 'CWE-824', + name: 'Access of Uninitialized Pointer', + status: 'Incomplete', + }, + { + id: 'CWE-825', + name: 'Expired Pointer Dereference', + status: 'Incomplete', + }, + { + id: 'CWE-826', + name: 'Premature Release of Resource During Expected Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-827', + name: 'Improper Control of Document Type Definition', + status: 'Incomplete', + }, + { + id: 'CWE-828', + name: 'Signal Handler with Functionality that is not Asynchronous-Safe', + status: 'Incomplete', + }, + { + id: 'CWE-829', + name: 'Inclusion of Functionality from Untrusted Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-83', + name: 'Improper Neutralization of Script in Attributes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-830', + name: 'Inclusion of Web Functionality from an Untrusted Source', + status: 'Incomplete', + }, + { + id: 'CWE-831', + name: 'Signal Handler Function Associated with Multiple Signals', + status: 'Incomplete', + }, + { + id: 'CWE-832', + name: 'Unlock of a Resource that is not Locked', + status: 'Incomplete', + }, + { id: 'CWE-833', name: 'Deadlock', status: 'Incomplete' }, + { id: 'CWE-834', name: 'Excessive Iteration', status: 'Incomplete' }, + { + id: 'CWE-835', + name: "Loop with Unreachable Exit Condition ('Infinite Loop')", + status: 'Incomplete', + }, + { + id: 'CWE-836', + name: 'Use of Password Hash Instead of Password for Authentication', + status: 'Incomplete', + }, + { + id: 'CWE-837', + name: 'Improper Enforcement of a Single, Unique Action', + status: 'Incomplete', + }, + { + id: 'CWE-838', + name: 'Inappropriate Encoding for Output Context', + status: 'Incomplete', + }, + { + id: 'CWE-839', + name: 'Numeric Range Comparison Without Minimum Check', + status: 'Incomplete', + }, + { + id: 'CWE-84', + name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-841', + name: 'Improper Enforcement of Behavioral Workflow', + status: 'Incomplete', + }, + { + id: 'CWE-842', + name: 'Placement of User into Incorrect Group', + status: 'Incomplete', + }, + { + id: 'CWE-843', + name: "Access of Resource Using Incompatible Type ('Type Confusion')", + status: 'Incomplete', + }, + { + id: 'CWE-85', + name: 'Doubled Character XSS Manipulations', + status: 'Draft', + }, + { + id: 'CWE-86', + name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', + status: 'Draft', + }, + { id: 'CWE-862', name: 'Missing Authorization', status: 'Incomplete' }, + { id: 'CWE-863', name: 'Incorrect Authorization', status: 'Incomplete' }, + { + id: 'CWE-87', + name: 'Improper Neutralization of Alternate XSS Syntax', + status: 'Draft', + }, + { + id: 'CWE-88', + name: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", + status: 'Draft', + }, + { + id: 'CWE-89', + name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + status: 'Stable', + }, + { + id: 'CWE-9', + name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', + status: 'Draft', + }, + { + id: 'CWE-90', + name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", + status: 'Draft', + }, + { + id: 'CWE-908', + name: 'Use of Uninitialized Resource', + status: 'Incomplete', + }, + { + id: 'CWE-909', + name: 'Missing Initialization of Resource', + status: 'Incomplete', + }, + { + id: 'CWE-91', + name: 'XML Injection (aka Blind XPath Injection)', + status: 'Draft', + }, + { + id: 'CWE-910', + name: 'Use of Expired File Descriptor', + status: 'Incomplete', + }, + { + id: 'CWE-911', + name: 'Improper Update of Reference Count', + status: 'Incomplete', + }, + { id: 'CWE-912', name: 'Hidden Functionality', status: 'Incomplete' }, + { + id: 'CWE-913', + name: 'Improper Control of Dynamically-Managed Code Resources', + status: 'Incomplete', + }, + { + id: 'CWE-914', + name: 'Improper Control of Dynamically-Identified Variables', + status: 'Incomplete', + }, + { + id: 'CWE-915', + name: 'Improperly Controlled Modification of Dynamically-Determined Object Attributes', + status: 'Incomplete', + }, + { + id: 'CWE-916', + name: 'Use of Password Hash With Insufficient Computational Effort', + status: 'Incomplete', + }, + { + id: 'CWE-917', + name: "Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-918', + name: 'Server-Side Request Forgery (SSRF)', + status: 'Incomplete', + }, + { + id: 'CWE-92', + name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', + status: 'Deprecated', + }, + { + id: 'CWE-920', + name: 'Improper Restriction of Power Consumption', + status: 'Incomplete', + }, + { + id: 'CWE-921', + name: 'Storage of Sensitive Data in a Mechanism without Access Control', + status: 'Incomplete', + }, + { + id: 'CWE-922', + name: 'Insecure Storage of Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-923', + name: 'Improper Restriction of Communication Channel to Intended Endpoints', + status: 'Incomplete', + }, + { + id: 'CWE-924', + name: 'Improper Enforcement of Message Integrity During Transmission in a Communication Channel', + status: 'Incomplete', + }, + { + id: 'CWE-925', + name: 'Improper Verification of Intent by Broadcast Receiver', + status: 'Incomplete', + }, + { + id: 'CWE-926', + name: 'Improper Export of Android Application Components', + status: 'Incomplete', + }, + { + id: 'CWE-927', + name: 'Use of Implicit Intent for Sensitive Communication', + status: 'Incomplete', + }, + { + id: 'CWE-93', + name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", + status: 'Draft', + }, + { + id: 'CWE-939', + name: 'Improper Authorization in Handler for Custom URL Scheme', + status: 'Incomplete', + }, + { + id: 'CWE-94', + name: "Improper Control of Generation of Code ('Code Injection')", + status: 'Draft', + }, + { + id: 'CWE-940', + name: 'Improper Verification of Source of a Communication Channel', + status: 'Incomplete', + }, + { + id: 'CWE-941', + name: 'Incorrectly Specified Destination in a Communication Channel', + status: 'Incomplete', + }, + { + id: 'CWE-942', + name: 'Permissive Cross-domain Policy with Untrusted Domains', + status: 'Incomplete', + }, + { + id: 'CWE-943', + name: 'Improper Neutralization of Special Elements in Data Query Logic', + status: 'Incomplete', + }, + { + id: 'CWE-95', + name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-96', + name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", + status: 'Draft', + }, + { + id: 'CWE-97', + name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', + status: 'Draft', + }, + { + id: 'CWE-98', + name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", + status: 'Draft', + }, + { + id: 'CWE-99', + name: "Improper Control of Resource Identifiers ('Resource Injection')", + status: 'Draft', + }, + ], +} diff --git a/lib/cwec/4.12.js b/lib/cwec/4.12.js new file mode 100644 index 00000000..a3235bb5 --- /dev/null +++ b/lib/cwec/4.12.js @@ -0,0 +1,5728 @@ +export default { + date: '2023-06-29', + weaknesses: [ + { + id: 'CWE-1004', + name: "Sensitive Cookie Without 'HttpOnly' Flag", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1007', + name: 'Insufficient Visual Distinction of Homoglyphs Presented to User', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-102', + name: 'Struts: Duplicate Validation Forms', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1021', + name: 'Improper Restriction of Rendered UI Layers or Frames', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1022', + name: 'Use of Web Link to Untrusted Target with window.opener Access', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1023', + name: 'Incomplete Comparison with Missing Factors', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1024', + name: 'Comparison of Incompatible Types', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1025', + name: 'Comparison Using Wrong Factors', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-103', + name: 'Struts: Incomplete validate() Method Definition', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1037', + name: 'Processor Optimization Removal or Modification of Security-critical Code', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1038', + name: 'Insecure Automated Optimizations', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1039', + name: 'Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-104', + name: 'Struts: Form Bean Does Not Extend Validation Class', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1041', + name: 'Use of Redundant Code', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1042', + name: 'Static Member Data Element outside of a Singleton Class Element', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1043', + name: 'Data Element Aggregating an Excessively Large Number of Non-Primitive Elements', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1044', + name: 'Architecture with Number of Horizontal Layers Outside of Expected Range', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1045', + name: 'Parent Class with a Virtual Destructor and a Child Class without a Virtual Destructor', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1046', + name: 'Creation of Immutable Text Using String Concatenation', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1047', + name: 'Modules with Circular Dependencies', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1048', + name: 'Invokable Control Element with Large Number of Outward Calls', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1049', + name: 'Excessive Data Query Operations in a Large Data Table', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-105', + name: 'Struts: Form Field Without Validator', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1050', + name: 'Excessive Platform Resource Consumption within a Loop', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1051', + name: 'Initialization with Hard-Coded Network Resource Configuration Data', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1052', + name: 'Excessive Use of Hard-Coded Literals in Initialization', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1053', + name: 'Missing Documentation for Design', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1054', + name: 'Invocation of a Control Element at an Unnecessarily Deep Horizontal Layer', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1055', + name: 'Multiple Inheritance from Concrete Classes', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1056', + name: 'Invokable Control Element with Variadic Parameters', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1057', + name: 'Data Access Operations Outside of Expected Data Manager Component', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1058', + name: 'Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1059', + name: 'Insufficient Technical Documentation', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-106', + name: 'Struts: Plug-in Framework not in Use', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1060', + name: 'Excessive Number of Inefficient Server-Side Data Accesses', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1061', + name: 'Insufficient Encapsulation', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1062', + name: 'Parent Class with References to Child Class', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1063', + name: 'Creation of Class Instance within a Static Code Block', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1064', + name: 'Invokable Control Element with Signature Containing an Excessive Number of Parameters', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1065', + name: 'Runtime Resource Management Control Element in a Component Built to Run on Application Servers', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1066', + name: 'Missing Serialization Control Element', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1067', + name: 'Excessive Execution of Sequential Searches of Data Resource', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1068', + name: 'Inconsistency Between Implementation and Documented Design', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1069', + name: 'Empty Exception Block', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-107', + name: 'Struts: Unused Validation Form', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1070', + name: 'Serializable Data Element Containing non-Serializable Item Elements', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1071', + name: 'Empty Code Block', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1072', + name: 'Data Resource Access without Use of Connection Pooling', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1073', + name: 'Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1074', + name: 'Class with Excessively Deep Inheritance', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1075', + name: 'Unconditional Control Flow Transfer outside of Switch Block', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1076', + name: 'Insufficient Adherence to Expected Conventions', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1077', + name: 'Floating Point Comparison with Incorrect Operator', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1078', + name: 'Inappropriate Source Code Style or Formatting', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1079', + name: 'Parent Class without Virtual Destructor Method', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-108', + name: 'Struts: Unvalidated Action Form', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1080', + name: 'Source Code File with Excessive Number of Lines of Code', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1082', + name: 'Class Instance Self Destruction Control Element', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1083', + name: 'Data Access from Outside Expected Data Manager Component', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1084', + name: 'Invokable Control Element with Excessive File or Data Access Operations', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1085', + name: 'Invokable Control Element with Excessive Volume of Commented-out Code', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1086', + name: 'Class with Excessive Number of Child Classes', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1087', + name: 'Class with Virtual Method without a Virtual Destructor', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1088', + name: 'Synchronous Access of Remote Resource without Timeout', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1089', + name: 'Large Data Table with Excessive Number of Indices', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-109', + name: 'Struts: Validator Turned Off', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1090', + name: 'Method Containing Access of a Member Element from Another Class', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1091', + name: 'Use of Object without Invoking Destructor Method', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1092', + name: 'Use of Same Invokable Control Element in Multiple Architectural Layers', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1093', + name: 'Excessively Complex Data Representation', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1094', + name: 'Excessive Index Range Scan for a Data Resource', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1095', + name: 'Loop Condition Value Update within the Loop', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1096', + name: 'Singleton Class Instance Creation without Proper Locking or Synchronization', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1097', + name: 'Persistent Storable Data Element without Associated Comparison Control Element', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1098', + name: 'Data Element containing Pointer Item without Proper Copy Control Element', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1099', + name: 'Inconsistent Naming Conventions for Identifiers', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-11', + name: 'ASP.NET Misconfiguration: Creating Debug Binary', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-110', + name: 'Struts: Validator Without Form Field', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1100', + name: 'Insufficient Isolation of System-Dependent Functions', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1101', + name: 'Reliance on Runtime Component in Generated Code', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1102', + name: 'Reliance on Machine-Dependent Data Representation', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1103', + name: 'Use of Platform-Dependent Third Party Components', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1104', + name: 'Use of Unmaintained Third Party Components', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1105', + name: 'Insufficient Encapsulation of Machine-Dependent Functionality', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1106', + name: 'Insufficient Use of Symbolic Constants', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1107', + name: 'Insufficient Isolation of Symbolic Constant Definitions', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1108', + name: 'Excessive Reliance on Global Variables', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1109', + name: 'Use of Same Variable for Multiple Purposes', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-111', + name: 'Direct Use of Unsafe JNI', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1110', + name: 'Incomplete Design Documentation', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1111', + name: 'Incomplete I/O Documentation', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1112', + name: 'Incomplete Documentation of Program Execution', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1113', + name: 'Inappropriate Comment Style', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1114', + name: 'Inappropriate Whitespace Style', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1115', + name: 'Source Code Element without Standard Prologue', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1116', + name: 'Inaccurate Comments', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1117', + name: 'Callable with Insufficient Behavioral Summary', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1118', + name: 'Insufficient Documentation of Error Handling Techniques', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1119', + name: 'Excessive Use of Unconditional Branching', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-112', + name: 'Missing XML Validation', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1120', + name: 'Excessive Code Complexity', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1121', + name: 'Excessive McCabe Cyclomatic Complexity', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1122', + name: 'Excessive Halstead Complexity', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1123', + name: 'Excessive Use of Self-Modifying Code', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1124', + name: 'Excessively Deep Nesting', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1125', + name: 'Excessive Attack Surface', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1126', + name: 'Declaration of Variable with Unnecessarily Wide Scope', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1127', + name: 'Compilation with Insufficient Warnings or Errors', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-113', + name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-114', + name: 'Process Control', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-115', + name: 'Misinterpretation of Input', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-116', + name: 'Improper Encoding or Escaping of Output', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1164', + name: 'Irrelevant Code', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-117', + name: 'Improper Output Neutralization for Logs', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1173', + name: 'Improper Use of Validation Framework', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1174', + name: 'ASP.NET Misconfiguration: Improper Model Validation', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1176', + name: 'Inefficient CPU Computation', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1177', + name: 'Use of Prohibited Code', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-118', + name: "Incorrect Access of Indexable Resource ('Range Error')", + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1187', + name: 'DEPRECATED: Use of Uninitialized Resource', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-1188', + name: 'Insecure Default Initialization of Resource', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1189', + name: 'Improper Isolation of Shared Resources on System-on-a-Chip (SoC)', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-119', + name: 'Improper Restriction of Operations within the Bounds of a Memory Buffer', + status: 'Stable', + usage: 'Discouraged', + }, + { + id: 'CWE-1190', + name: 'DMA Device Enabled Too Early in Boot Phase', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1191', + name: 'On-Chip Debug and Test Interface With Improper Access Control', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-1192', + name: 'System-on-Chip (SoC) Using Components without Unique, Immutable Identifiers', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1193', + name: 'Power-On of Untrusted Execution Core Before Enabling Fabric Access Control', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-12', + name: 'ASP.NET Misconfiguration: Missing Custom Error Page', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-120', + name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1204', + name: 'Generation of Weak Initialization Vector (IV)', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1209', + name: 'Failure to Disable Reserved Bits', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-121', + name: 'Stack-based Buffer Overflow', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-122', + name: 'Heap-based Buffer Overflow', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1220', + name: 'Insufficient Granularity of Access Control', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1221', + name: 'Incorrect Register Defaults or Module Parameters', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1222', + name: 'Insufficient Granularity of Address Regions Protected by Register Locks', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1223', + name: 'Race Condition for Write-Once Attributes', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1224', + name: 'Improper Restriction of Write-Once Bit Fields', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1229', + name: 'Creation of Emergent Resource', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-123', + name: 'Write-what-where Condition', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1230', + name: 'Exposure of Sensitive Information Through Metadata', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1231', + name: 'Improper Prevention of Lock Bit Modification', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-1232', + name: 'Improper Lock Behavior After Power State Transition', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1233', + name: 'Security-Sensitive Hardware Controls with Missing Lock Bit Protection', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-1234', + name: 'Hardware Internal or Debug Modes Allow Override of Locks', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1235', + name: 'Incorrect Use of Autoboxing and Unboxing for Performance Critical Operations', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1236', + name: 'Improper Neutralization of Formula Elements in a CSV File', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1239', + name: 'Improper Zeroization of Hardware Register', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-124', + name: "Buffer Underwrite ('Buffer Underflow')", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1240', + name: 'Use of a Cryptographic Primitive with a Risky Implementation', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1241', + name: 'Use of Predictable Algorithm in Random Number Generator', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1242', + name: 'Inclusion of Undocumented Features or Chicken Bits', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1243', + name: 'Sensitive Non-Volatile Information Not Protected During Debug', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1244', + name: 'Internal Asset Exposed to Unsafe Debug Access Level or State', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-1245', + name: 'Improper Finite State Machines (FSMs) in Hardware Logic', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1246', + name: 'Improper Write Handling in Limited-write Non-Volatile Memories', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1247', + name: 'Improper Protection Against Voltage and Clock Glitches', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-1248', + name: 'Semiconductor Defects in Hardware Logic with Security-Sensitive Implications', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1249', + name: 'Application-Level Admin Tool with Inconsistent View of Underlying Operating System', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-125', + name: 'Out-of-bounds Read', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1250', + name: 'Improper Preservation of Consistency Between Independent Representations of Shared State', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1251', + name: 'Mirrored Regions with Different Values', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1252', + name: 'CPU Hardware Not Configured to Support Exclusivity of Write and Execute Operations', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1253', + name: 'Incorrect Selection of Fuse Values', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1254', + name: 'Incorrect Comparison Logic Granularity', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1255', + name: 'Comparison Logic is Vulnerable to Power Side-Channel Attacks', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1256', + name: 'Improper Restriction of Software Interfaces to Hardware Features', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-1257', + name: 'Improper Access Control Applied to Mirrored or Aliased Memory Regions', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1258', + name: 'Exposure of Sensitive System Information Due to Uncleared Debug Information', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1259', + name: 'Improper Restriction of Security Token Assignment', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-126', + name: 'Buffer Over-read', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1260', + name: 'Improper Handling of Overlap Between Protected Memory Ranges', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-1261', + name: 'Improper Handling of Single Event Upsets', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1262', + name: 'Improper Access Control for Register Interface', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-1263', + name: 'Improper Physical Access Control', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1264', + name: 'Hardware Logic with Insecure De-Synchronization between Control and Data Channels', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1265', + name: 'Unintended Reentrant Invocation of Non-reentrant Code Via Nested Calls', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1266', + name: 'Improper Scrubbing of Sensitive Data from Decommissioned Device', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1267', + name: 'Policy Uses Obsolete Encoding', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1268', + name: 'Policy Privileges are not Assigned Consistently Between Control and Data Agents', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1269', + name: 'Product Released in Non-Release Configuration', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-127', + name: 'Buffer Under-read', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1270', + name: 'Generation of Incorrect Security Tokens', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1271', + name: 'Uninitialized Value on Reset for Registers Holding Security Settings', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1272', + name: 'Sensitive Information Uncleared Before Debug/Power State Transition', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-1273', + name: 'Device Unlock Credential Sharing', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1274', + name: 'Improper Access Control for Volatile Memory Containing Boot Code', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-1275', + name: 'Sensitive Cookie with Improper SameSite Attribute', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1276', + name: 'Hardware Child Block Incorrectly Connected to Parent System', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1277', + name: 'Firmware Not Updateable', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1278', + name: 'Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1279', + name: 'Cryptographic Operations are run Before Supporting Units are Ready', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-128', + name: 'Wrap-around Error', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1280', + name: 'Access Control Check Implemented After Asset is Accessed', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1281', + name: 'Sequence of Processor Instructions Leads to Unexpected Behavior', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1282', + name: 'Assumed-Immutable Data is Stored in Writable Memory', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1283', + name: 'Mutable Attestation or Measurement Reporting Data', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1284', + name: 'Improper Validation of Specified Quantity in Input', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1285', + name: 'Improper Validation of Specified Index, Position, or Offset in Input', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1286', + name: 'Improper Validation of Syntactic Correctness of Input', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1287', + name: 'Improper Validation of Specified Type of Input', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1288', + name: 'Improper Validation of Consistency within Input', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1289', + name: 'Improper Validation of Unsafe Equivalence in Input', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-129', + name: 'Improper Validation of Array Index', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1290', + name: 'Incorrect Decoding of Security Identifiers ', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1291', + name: 'Public Key Re-Use for Signing both Debug and Production Code', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1292', + name: 'Incorrect Conversion of Security Identifiers', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1293', + name: 'Missing Source Correlation of Multiple Independent Data', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1294', + name: 'Insecure Security Identifier Mechanism', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1295', + name: 'Debug Messages Revealing Unnecessary Information', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1296', + name: 'Incorrect Chaining or Granularity of Debug Components', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1297', + name: 'Unprotected Confidential Information on Device is Accessible by OSAT Vendors', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1298', + name: 'Hardware Logic Contains Race Conditions', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1299', + name: 'Missing Protection Mechanism for Alternate Hardware Interface', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-13', + name: 'ASP.NET Misconfiguration: Password in Configuration File', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-130', + name: 'Improper Handling of Length Parameter Inconsistency', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1300', + name: 'Improper Protection of Physical Side Channels', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-1301', + name: 'Insufficient or Incomplete Data Removal within Hardware Component', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1302', + name: 'Missing Security Identifier', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1303', + name: 'Non-Transparent Sharing of Microarchitectural Resources', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1304', + name: 'Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-131', + name: 'Incorrect Calculation of Buffer Size', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1310', + name: 'Missing Ability to Patch ROM Code', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1311', + name: 'Improper Translation of Security Attributes by Fabric Bridge', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1312', + name: 'Missing Protection for Mirrored Regions in On-Chip Fabric Firewall', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1313', + name: 'Hardware Allows Activation of Test or Debug Logic at Runtime', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1314', + name: 'Missing Write Protection for Parametric Data Values', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1315', + name: 'Improper Setting of Bus Controlling Capability in Fabric End-point', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1316', + name: 'Fabric-Address Map Allows Programming of Unwarranted Overlaps of Protected and Unprotected Ranges', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1317', + name: 'Improper Access Control in Fabric Bridge', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1318', + name: 'Missing Support for Security Features in On-chip Fabrics or Buses', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1319', + name: 'Improper Protection against Electromagnetic Fault Injection (EM-FI)', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-132', + name: 'DEPRECATED: Miscalculated Null Termination', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-1320', + name: 'Improper Protection for Outbound Error Messages and Alert Signals', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1321', + name: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1322', + name: 'Use of Blocking Code in Single-threaded, Non-blocking Context', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1323', + name: 'Improper Management of Sensitive Trace Data', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1324', + name: 'DEPRECATED: Sensitive Information Accessible by Physical Probing of JTAG Interface', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-1325', + name: 'Improperly Controlled Sequential Memory Allocation', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1326', + name: 'Missing Immutable Root of Trust in Hardware', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1327', + name: 'Binding to an Unrestricted IP Address', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1328', + name: 'Security Version Number Mutable to Older Versions', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1329', + name: 'Reliance on Component That is Not Updateable', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1330', + name: 'Remanent Data Readable after Memory Erase', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1331', + name: 'Improper Isolation of Shared Resources in Network On Chip (NoC)', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-1332', + name: 'Improper Handling of Faults that Lead to Instruction Skips', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-1333', + name: 'Inefficient Regular Expression Complexity', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1334', + name: 'Unauthorized Error Injection Can Degrade Hardware Redundancy', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1335', + name: 'Incorrect Bitwise Shift of Integer', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1336', + name: 'Improper Neutralization of Special Elements Used in a Template Engine', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1338', + name: 'Improper Protections Against Hardware Overheating', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1339', + name: 'Insufficient Precision or Accuracy of a Real Number', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-134', + name: 'Use of Externally-Controlled Format String', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1341', + name: 'Multiple Releases of Same Resource or Handle', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1342', + name: 'Information Exposure through Microarchitectural State after Transient Execution', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-135', + name: 'Incorrect Calculation of Multi-Byte String Length', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1351', + name: 'Improper Handling of Hardware Behavior in Exceptionally Cold Environments', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1357', + name: 'Reliance on Insufficiently Trustworthy Component', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-138', + name: 'Improper Neutralization of Special Elements', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1384', + name: 'Improper Handling of Physical or Environmental Conditions', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1385', + name: 'Missing Origin Validation in WebSockets', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1386', + name: 'Insecure Operation on Windows Junction / Mount Point', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1389', + name: 'Incorrect Parsing of Numbers with Different Radices', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1390', + name: 'Weak Authentication', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1391', + name: 'Use of Weak Credentials', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1392', + name: 'Use of Default Credentials', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1393', + name: 'Use of Default Password', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1394', + name: 'Use of Default Cryptographic Key', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1395', + name: 'Dependency on Vulnerable Third-Party Component', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-14', + name: 'Compiler Removal of Code to Clear Buffers', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-140', + name: 'Improper Neutralization of Delimiters', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-141', + name: 'Improper Neutralization of Parameter/Argument Delimiters', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-142', + name: 'Improper Neutralization of Value Delimiters', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-143', + name: 'Improper Neutralization of Record Delimiters', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-144', + name: 'Improper Neutralization of Line Delimiters', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-145', + name: 'Improper Neutralization of Section Delimiters', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-146', + name: 'Improper Neutralization of Expression/Command Delimiters', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-147', + name: 'Improper Neutralization of Input Terminators', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-148', + name: 'Improper Neutralization of Input Leaders', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-149', + name: 'Improper Neutralization of Quoting Syntax', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-15', + name: 'External Control of System or Configuration Setting', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-150', + name: 'Improper Neutralization of Escape, Meta, or Control Sequences', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-151', + name: 'Improper Neutralization of Comment Delimiters', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-152', + name: 'Improper Neutralization of Macro Symbols', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-153', + name: 'Improper Neutralization of Substitution Characters', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-154', + name: 'Improper Neutralization of Variable Name Delimiters', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-155', + name: 'Improper Neutralization of Wildcards or Matching Symbols', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-156', + name: 'Improper Neutralization of Whitespace', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-157', + name: 'Failure to Sanitize Paired Delimiters', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-158', + name: 'Improper Neutralization of Null Byte or NUL Character', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-159', + name: 'Improper Handling of Invalid Use of Special Elements', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-160', + name: 'Improper Neutralization of Leading Special Elements', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-161', + name: 'Improper Neutralization of Multiple Leading Special Elements', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-162', + name: 'Improper Neutralization of Trailing Special Elements', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-163', + name: 'Improper Neutralization of Multiple Trailing Special Elements', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-164', + name: 'Improper Neutralization of Internal Special Elements', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-165', + name: 'Improper Neutralization of Multiple Internal Special Elements', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-166', + name: 'Improper Handling of Missing Special Element', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-167', + name: 'Improper Handling of Additional Special Element', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-168', + name: 'Improper Handling of Inconsistent Special Elements', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-170', + name: 'Improper Null Termination', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-172', + name: 'Encoding Error', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-173', + name: 'Improper Handling of Alternate Encoding', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-174', + name: 'Double Decoding of the Same Data', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-175', + name: 'Improper Handling of Mixed Encoding', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-176', + name: 'Improper Handling of Unicode Encoding', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-177', + name: 'Improper Handling of URL Encoding (Hex Encoding)', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-178', + name: 'Improper Handling of Case Sensitivity', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-179', + name: 'Incorrect Behavior Order: Early Validation', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-180', + name: 'Incorrect Behavior Order: Validate Before Canonicalize', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-181', + name: 'Incorrect Behavior Order: Validate Before Filter', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-182', + name: 'Collapse of Data into Unsafe Value', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-183', + name: 'Permissive List of Allowed Inputs', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-184', + name: 'Incomplete List of Disallowed Inputs', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-185', + name: 'Incorrect Regular Expression', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-186', + name: 'Overly Restrictive Regular Expression', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-187', + name: 'Partial String Comparison', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-188', + name: 'Reliance on Data/Memory Layout', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-190', + name: 'Integer Overflow or Wraparound', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-191', + name: 'Integer Underflow (Wrap or Wraparound)', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-192', + name: 'Integer Coercion Error', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-193', + name: 'Off-by-one Error', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-194', + name: 'Unexpected Sign Extension', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-195', + name: 'Signed to Unsigned Conversion Error', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-196', + name: 'Unsigned to Signed Conversion Error', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-197', + name: 'Numeric Truncation Error', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-198', + name: 'Use of Incorrect Byte Ordering', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-20', + name: 'Improper Input Validation', + status: 'Stable', + usage: 'Discouraged', + }, + { + id: 'CWE-200', + name: 'Exposure of Sensitive Information to an Unauthorized Actor', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-201', + name: 'Insertion of Sensitive Information Into Sent Data', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-202', + name: 'Exposure of Sensitive Information Through Data Queries', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-203', + name: 'Observable Discrepancy', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-204', + name: 'Observable Response Discrepancy', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-205', + name: 'Observable Behavioral Discrepancy', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-206', + name: 'Observable Internal Behavioral Discrepancy', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-207', + name: 'Observable Behavioral Discrepancy With Equivalent Products', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-208', + name: 'Observable Timing Discrepancy', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-209', + name: 'Generation of Error Message Containing Sensitive Information', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-210', + name: 'Self-generated Error Message Containing Sensitive Information', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-211', + name: 'Externally-Generated Error Message Containing Sensitive Information', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-212', + name: 'Improper Removal of Sensitive Information Before Storage or Transfer', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-213', + name: 'Exposure of Sensitive Information Due to Incompatible Policies', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-214', + name: 'Invocation of Process Using Visible Sensitive Information', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-215', + name: 'Insertion of Sensitive Information Into Debugging Code', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-216', + name: 'DEPRECATED: Containment Errors (Container Errors)', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-217', + name: 'DEPRECATED: Failure to Protect Stored Data from Modification', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-218', + name: 'DEPRECATED: Failure to provide confidentiality for stored data', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-219', + name: 'Storage of File with Sensitive Data Under Web Root', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-22', + name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-220', + name: 'Storage of File With Sensitive Data Under FTP Root', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-221', + name: 'Information Loss or Omission', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-222', + name: 'Truncation of Security-relevant Information', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-223', + name: 'Omission of Security-relevant Information', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-224', + name: 'Obscured Security-relevant Information by Alternate Name', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-225', + name: 'DEPRECATED: General Information Management Problems', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-226', + name: 'Sensitive Information in Resource Not Removed Before Reuse', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-228', + name: 'Improper Handling of Syntactically Invalid Structure', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-229', + name: 'Improper Handling of Values', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-23', + name: 'Relative Path Traversal', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-230', + name: 'Improper Handling of Missing Values', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-231', + name: 'Improper Handling of Extra Values', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-232', + name: 'Improper Handling of Undefined Values', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-233', + name: 'Improper Handling of Parameters', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-234', + name: 'Failure to Handle Missing Parameter', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-235', + name: 'Improper Handling of Extra Parameters', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-236', + name: 'Improper Handling of Undefined Parameters', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-237', + name: 'Improper Handling of Structural Elements', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-238', + name: 'Improper Handling of Incomplete Structural Elements', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-239', + name: 'Failure to Handle Incomplete Element', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-24', + name: "Path Traversal: '../filedir'", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-240', + name: 'Improper Handling of Inconsistent Structural Elements', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-241', + name: 'Improper Handling of Unexpected Data Type', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-242', + name: 'Use of Inherently Dangerous Function', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-243', + name: 'Creation of chroot Jail Without Changing Working Directory', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-244', + name: "Improper Clearing of Heap Memory Before Release ('Heap Inspection')", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-245', + name: 'J2EE Bad Practices: Direct Management of Connections', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-246', + name: 'J2EE Bad Practices: Direct Use of Sockets', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-247', + name: 'DEPRECATED: Reliance on DNS Lookups in a Security Decision', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-248', + name: 'Uncaught Exception', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-249', + name: 'DEPRECATED: Often Misused: Path Manipulation', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-25', + name: "Path Traversal: '/../filedir'", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-250', + name: 'Execution with Unnecessary Privileges', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-252', + name: 'Unchecked Return Value', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-253', + name: 'Incorrect Check of Function Return Value', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-256', + name: 'Plaintext Storage of a Password', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-257', + name: 'Storing Passwords in a Recoverable Format', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-258', + name: 'Empty Password in Configuration File', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-259', + name: 'Use of Hard-coded Password', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-26', + name: "Path Traversal: '/dir/../filename'", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-260', + name: 'Password in Configuration File', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-261', + name: 'Weak Encoding for Password', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-262', + name: 'Not Using Password Aging', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-263', + name: 'Password Aging with Long Expiration', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-266', + name: 'Incorrect Privilege Assignment', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-267', + name: 'Privilege Defined With Unsafe Actions', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-268', + name: 'Privilege Chaining', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-269', + name: 'Improper Privilege Management', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-27', + name: "Path Traversal: 'dir/../../filename'", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-270', + name: 'Privilege Context Switching Error', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-271', + name: 'Privilege Dropping / Lowering Errors', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-272', + name: 'Least Privilege Violation', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-273', + name: 'Improper Check for Dropped Privileges', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-274', + name: 'Improper Handling of Insufficient Privileges', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-276', + name: 'Incorrect Default Permissions', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-277', + name: 'Insecure Inherited Permissions', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-278', + name: 'Insecure Preserved Inherited Permissions', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-279', + name: 'Incorrect Execution-Assigned Permissions', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-28', + name: "Path Traversal: '..\\filedir'", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-280', + name: 'Improper Handling of Insufficient Permissions or Privileges ', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-281', + name: 'Improper Preservation of Permissions', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-282', + name: 'Improper Ownership Management', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-283', + name: 'Unverified Ownership', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-284', + name: 'Improper Access Control', + status: 'Incomplete', + usage: 'Discouraged', + }, + { + id: 'CWE-285', + name: 'Improper Authorization', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-286', + name: 'Incorrect User Management', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-287', + name: 'Improper Authentication', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-288', + name: 'Authentication Bypass Using an Alternate Path or Channel', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-289', + name: 'Authentication Bypass by Alternate Name', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-29', + name: "Path Traversal: '\\..\\filename'", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-290', + name: 'Authentication Bypass by Spoofing', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-291', + name: 'Reliance on IP Address for Authentication', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-292', + name: 'DEPRECATED: Trusting Self-reported DNS Name', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-293', + name: 'Using Referer Field for Authentication', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-294', + name: 'Authentication Bypass by Capture-replay', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-295', + name: 'Improper Certificate Validation', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-296', + name: "Improper Following of a Certificate's Chain of Trust", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-297', + name: 'Improper Validation of Certificate with Host Mismatch', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-298', + name: 'Improper Validation of Certificate Expiration', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-299', + name: 'Improper Check for Certificate Revocation', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-30', + name: "Path Traversal: '\\dir\\..\\filename'", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-300', + name: 'Channel Accessible by Non-Endpoint', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-301', + name: 'Reflection Attack in an Authentication Protocol', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-302', + name: 'Authentication Bypass by Assumed-Immutable Data', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-303', + name: 'Incorrect Implementation of Authentication Algorithm', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-304', + name: 'Missing Critical Step in Authentication', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-305', + name: 'Authentication Bypass by Primary Weakness', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-306', + name: 'Missing Authentication for Critical Function', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-307', + name: 'Improper Restriction of Excessive Authentication Attempts', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-308', + name: 'Use of Single-factor Authentication', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-309', + name: 'Use of Password System for Primary Authentication', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-31', + name: "Path Traversal: 'dir\\..\\..\\filename'", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-311', + name: 'Missing Encryption of Sensitive Data', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-312', + name: 'Cleartext Storage of Sensitive Information', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-313', + name: 'Cleartext Storage in a File or on Disk', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-314', + name: 'Cleartext Storage in the Registry', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-315', + name: 'Cleartext Storage of Sensitive Information in a Cookie', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-316', + name: 'Cleartext Storage of Sensitive Information in Memory', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-317', + name: 'Cleartext Storage of Sensitive Information in GUI', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-318', + name: 'Cleartext Storage of Sensitive Information in Executable', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-319', + name: 'Cleartext Transmission of Sensitive Information', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-32', + name: "Path Traversal: '...' (Triple Dot)", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-321', + name: 'Use of Hard-coded Cryptographic Key', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-322', + name: 'Key Exchange without Entity Authentication', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-323', + name: 'Reusing a Nonce, Key Pair in Encryption', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-324', + name: 'Use of a Key Past its Expiration Date', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-325', + name: 'Missing Cryptographic Step', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-326', + name: 'Inadequate Encryption Strength', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-327', + name: 'Use of a Broken or Risky Cryptographic Algorithm', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-328', + name: 'Use of Weak Hash', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-329', + name: 'Generation of Predictable IV with CBC Mode', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-33', + name: "Path Traversal: '....' (Multiple Dot)", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-330', + name: 'Use of Insufficiently Random Values', + status: 'Stable', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-331', + name: 'Insufficient Entropy', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-332', + name: 'Insufficient Entropy in PRNG', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-333', + name: 'Improper Handling of Insufficient Entropy in TRNG', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-334', + name: 'Small Space of Random Values', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-335', + name: 'Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-336', + name: 'Same Seed in Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-337', + name: 'Predictable Seed in Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-338', + name: 'Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-339', + name: 'Small Seed Space in PRNG', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-34', + name: "Path Traversal: '....//'", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-340', + name: 'Generation of Predictable Numbers or Identifiers', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-341', + name: 'Predictable from Observable State', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-342', + name: 'Predictable Exact Value from Previous Values', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-343', + name: 'Predictable Value Range from Previous Values', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-344', + name: 'Use of Invariant Value in Dynamically Changing Context', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-345', + name: 'Insufficient Verification of Data Authenticity', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-346', + name: 'Origin Validation Error', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-347', + name: 'Improper Verification of Cryptographic Signature', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-348', + name: 'Use of Less Trusted Source', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-349', + name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-35', + name: "Path Traversal: '.../...//'", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-350', + name: 'Reliance on Reverse DNS Resolution for a Security-Critical Action', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-351', + name: 'Insufficient Type Distinction', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-352', + name: 'Cross-Site Request Forgery (CSRF)', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-353', + name: 'Missing Support for Integrity Check', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-354', + name: 'Improper Validation of Integrity Check Value', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-356', + name: 'Product UI does not Warn User of Unsafe Actions', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-357', + name: 'Insufficient UI Warning of Dangerous Operations', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-358', + name: 'Improperly Implemented Security Check for Standard', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-359', + name: 'Exposure of Private Personal Information to an Unauthorized Actor', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-36', + name: 'Absolute Path Traversal', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-360', + name: 'Trust of System Event Data', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-362', + name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-363', + name: 'Race Condition Enabling Link Following', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-364', + name: 'Signal Handler Race Condition', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-365', + name: 'DEPRECATED: Race Condition in Switch', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-366', + name: 'Race Condition within a Thread', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-367', + name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-368', + name: 'Context Switching Race Condition', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-369', + name: 'Divide By Zero', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-37', + name: "Path Traversal: '/absolute/pathname/here'", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-370', + name: 'Missing Check for Certificate Revocation after Initial Check', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-372', + name: 'Incomplete Internal State Distinction', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-373', + name: 'DEPRECATED: State Synchronization Error', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-374', + name: 'Passing Mutable Objects to an Untrusted Method', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-375', + name: 'Returning a Mutable Object to an Untrusted Caller', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-377', + name: 'Insecure Temporary File', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-378', + name: 'Creation of Temporary File With Insecure Permissions', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-379', + name: 'Creation of Temporary File in Directory with Insecure Permissions', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-38', + name: "Path Traversal: '\\absolute\\pathname\\here'", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-382', + name: 'J2EE Bad Practices: Use of System.exit()', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-383', + name: 'J2EE Bad Practices: Direct Use of Threads', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-384', + name: 'Session Fixation', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-385', + name: 'Covert Timing Channel', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-386', + name: 'Symbolic Name not Mapping to Correct Object', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-39', + name: "Path Traversal: 'C:dirname'", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-390', + name: 'Detection of Error Condition Without Action', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-391', + name: 'Unchecked Error Condition', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-392', + name: 'Missing Report of Error Condition', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-393', + name: 'Return of Wrong Status Code', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-394', + name: 'Unexpected Status Code or Return Value', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-395', + name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-396', + name: 'Declaration of Catch for Generic Exception', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-397', + name: 'Declaration of Throws for Generic Exception', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-40', + name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-400', + name: 'Uncontrolled Resource Consumption', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-401', + name: 'Missing Release of Memory after Effective Lifetime', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-402', + name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-403', + name: "Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-404', + name: 'Improper Resource Shutdown or Release', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-405', + name: 'Asymmetric Resource Consumption (Amplification)', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-406', + name: 'Insufficient Control of Network Message Volume (Network Amplification)', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-407', + name: 'Inefficient Algorithmic Complexity', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-408', + name: 'Incorrect Behavior Order: Early Amplification', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-409', + name: 'Improper Handling of Highly Compressed Data (Data Amplification)', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-41', + name: 'Improper Resolution of Path Equivalence', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-410', + name: 'Insufficient Resource Pool', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-412', + name: 'Unrestricted Externally Accessible Lock', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-413', + name: 'Improper Resource Locking', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-414', + name: 'Missing Lock Check', + status: 'Draft', + usage: 'Allowed', + }, + { id: 'CWE-415', name: 'Double Free', status: 'Draft', usage: 'Allowed' }, + { + id: 'CWE-416', + name: 'Use After Free', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-419', + name: 'Unprotected Primary Channel', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-42', + name: "Path Equivalence: 'filename.' (Trailing Dot)", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-420', + name: 'Unprotected Alternate Channel', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-421', + name: 'Race Condition During Access to Alternate Channel', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-422', + name: "Unprotected Windows Messaging Channel ('Shatter')", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-423', + name: 'DEPRECATED: Proxied Trusted Channel', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-424', + name: 'Improper Protection of Alternate Path', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-425', + name: "Direct Request ('Forced Browsing')", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-426', + name: 'Untrusted Search Path', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-427', + name: 'Uncontrolled Search Path Element', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-428', + name: 'Unquoted Search Path or Element', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-43', + name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-430', + name: 'Deployment of Wrong Handler', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-431', + name: 'Missing Handler', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-432', + name: 'Dangerous Signal Handler not Disabled During Sensitive Operations', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-433', + name: 'Unparsed Raw Web Content Delivery', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-434', + name: 'Unrestricted Upload of File with Dangerous Type', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-435', + name: 'Improper Interaction Between Multiple Correctly-Behaving Entities', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-436', + name: 'Interpretation Conflict', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-437', + name: 'Incomplete Model of Endpoint Features', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-439', + name: 'Behavioral Change in New Version or Environment', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-44', + name: "Path Equivalence: 'file.name' (Internal Dot)", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-440', + name: 'Expected Behavior Violation', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-441', + name: "Unintended Proxy or Intermediary ('Confused Deputy')", + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-443', + name: 'DEPRECATED: HTTP response splitting', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-444', + name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-446', + name: 'UI Discrepancy for Security Feature', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-447', + name: 'Unimplemented or Unsupported Feature in UI', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-448', + name: 'Obsolete Feature in UI', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-449', + name: 'The UI Performs the Wrong Action', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-45', + name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-450', + name: 'Multiple Interpretations of UI Input', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-451', + name: 'User Interface (UI) Misrepresentation of Critical Information', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-453', + name: 'Insecure Default Variable Initialization', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-454', + name: 'External Initialization of Trusted Variables or Data Stores', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-455', + name: 'Non-exit on Failed Initialization', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-456', + name: 'Missing Initialization of a Variable', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-457', + name: 'Use of Uninitialized Variable', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-458', + name: 'DEPRECATED: Incorrect Initialization', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-459', + name: 'Incomplete Cleanup', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-46', + name: "Path Equivalence: 'filename ' (Trailing Space)", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-460', + name: 'Improper Cleanup on Thrown Exception', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-462', + name: 'Duplicate Key in Associative List (Alist)', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-463', + name: 'Deletion of Data Structure Sentinel', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-464', + name: 'Addition of Data Structure Sentinel', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-466', + name: 'Return of Pointer Value Outside of Expected Range', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-467', + name: 'Use of sizeof() on a Pointer Type', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-468', + name: 'Incorrect Pointer Scaling', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-469', + name: 'Use of Pointer Subtraction to Determine Size', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-47', + name: "Path Equivalence: ' filename' (Leading Space)", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-470', + name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-471', + name: 'Modification of Assumed-Immutable Data (MAID)', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-472', + name: 'External Control of Assumed-Immutable Web Parameter', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-473', + name: 'PHP External Variable Modification', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-474', + name: 'Use of Function with Inconsistent Implementations', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-475', + name: 'Undefined Behavior for Input to API', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-476', + name: 'NULL Pointer Dereference', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-477', + name: 'Use of Obsolete Function', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-478', + name: 'Missing Default Case in Multiple Condition Expression', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-479', + name: 'Signal Handler Use of a Non-reentrant Function', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-48', + name: "Path Equivalence: 'file name' (Internal Whitespace)", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-480', + name: 'Use of Incorrect Operator', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-481', + name: 'Assigning instead of Comparing', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-482', + name: 'Comparing instead of Assigning', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-483', + name: 'Incorrect Block Delimitation', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-484', + name: 'Omitted Break Statement in Switch', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-486', + name: 'Comparison of Classes by Name', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-487', + name: 'Reliance on Package-level Scope', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-488', + name: 'Exposure of Data Element to Wrong Session', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-489', + name: 'Active Debug Code', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-49', + name: "Path Equivalence: 'filename/' (Trailing Slash)", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-491', + name: "Public cloneable() Method Without Final ('Object Hijack')", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-492', + name: 'Use of Inner Class Containing Sensitive Data', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-493', + name: 'Critical Public Variable Without Final Modifier', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-494', + name: 'Download of Code Without Integrity Check', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-495', + name: 'Private Data Structure Returned From A Public Method', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-496', + name: 'Public Data Assigned to Private Array-Typed Field', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-497', + name: 'Exposure of Sensitive System Information to an Unauthorized Control Sphere', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-498', + name: 'Cloneable Class Containing Sensitive Information', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-499', + name: 'Serializable Class Containing Sensitive Data', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-5', + name: 'J2EE Misconfiguration: Data Transmission Without Encryption', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-50', + name: "Path Equivalence: '//multiple/leading/slash'", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-500', + name: 'Public Static Field Not Marked Final', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-501', + name: 'Trust Boundary Violation', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-502', + name: 'Deserialization of Untrusted Data', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-506', + name: 'Embedded Malicious Code', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-507', + name: 'Trojan Horse', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-508', + name: 'Non-Replicating Malicious Code', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-509', + name: 'Replicating Malicious Code (Virus or Worm)', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-51', + name: "Path Equivalence: '/multiple//internal/slash'", + status: 'Incomplete', + usage: 'Allowed', + }, + { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete', usage: 'Allowed' }, + { + id: 'CWE-511', + name: 'Logic/Time Bomb', + status: 'Incomplete', + usage: 'Allowed', + }, + { id: 'CWE-512', name: 'Spyware', status: 'Incomplete', usage: 'Allowed' }, + { + id: 'CWE-514', + name: 'Covert Channel', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-515', + name: 'Covert Storage Channel', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-516', + name: 'DEPRECATED: Covert Timing Channel', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-52', + name: "Path Equivalence: '/multiple/trailing/slash//'", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-520', + name: '.NET Misconfiguration: Use of Impersonation', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-521', + name: 'Weak Password Requirements', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-522', + name: 'Insufficiently Protected Credentials', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-523', + name: 'Unprotected Transport of Credentials', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-524', + name: 'Use of Cache Containing Sensitive Information', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-525', + name: 'Use of Web Browser Cache Containing Sensitive Information', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-526', + name: 'Cleartext Storage of Sensitive Information in an Environment Variable', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-527', + name: 'Exposure of Version-Control Repository to an Unauthorized Control Sphere', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-528', + name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-529', + name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-53', + name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-530', + name: 'Exposure of Backup File to an Unauthorized Control Sphere', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-531', + name: 'Inclusion of Sensitive Information in Test Code', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-532', + name: 'Insertion of Sensitive Information into Log File', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-533', + name: 'DEPRECATED: Information Exposure Through Server Log Files', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-534', + name: 'DEPRECATED: Information Exposure Through Debug Log Files', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-535', + name: 'Exposure of Information Through Shell Error Message', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-536', + name: 'Servlet Runtime Error Message Containing Sensitive Information', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-537', + name: 'Java Runtime Error Message Containing Sensitive Information', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-538', + name: 'Insertion of Sensitive Information into Externally-Accessible File or Directory', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-539', + name: 'Use of Persistent Cookies Containing Sensitive Information', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-54', + name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-540', + name: 'Inclusion of Sensitive Information in Source Code', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-541', + name: 'Inclusion of Sensitive Information in an Include File', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-542', + name: 'DEPRECATED: Information Exposure Through Cleanup Log Files', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-543', + name: 'Use of Singleton Pattern Without Synchronization in a Multithreaded Context', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-544', + name: 'Missing Standardized Error Handling Mechanism', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-545', + name: 'DEPRECATED: Use of Dynamic Class Loading', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-546', + name: 'Suspicious Comment', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-547', + name: 'Use of Hard-coded, Security-relevant Constants', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-548', + name: 'Exposure of Information Through Directory Listing', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-549', + name: 'Missing Password Field Masking', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-55', + name: "Path Equivalence: '/./' (Single Dot Directory)", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-550', + name: 'Server-generated Error Message Containing Sensitive Information', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-551', + name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-552', + name: 'Files or Directories Accessible to External Parties', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-553', + name: 'Command Shell in Externally Accessible Directory', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-554', + name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-555', + name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-556', + name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-558', + name: 'Use of getlogin() in Multithreaded Application', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-56', + name: "Path Equivalence: 'filedir*' (Wildcard)", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-560', + name: 'Use of umask() with chmod-style Argument', + status: 'Draft', + usage: 'Allowed', + }, + { id: 'CWE-561', name: 'Dead Code', status: 'Draft', usage: 'Allowed' }, + { + id: 'CWE-562', + name: 'Return of Stack Variable Address', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-563', + name: 'Assignment to Variable without Use', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-564', + name: 'SQL Injection: Hibernate', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-565', + name: 'Reliance on Cookies without Validation and Integrity Checking', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-566', + name: 'Authorization Bypass Through User-Controlled SQL Primary Key', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-567', + name: 'Unsynchronized Access to Shared Data in a Multithreaded Context', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-568', + name: 'finalize() Method Without super.finalize()', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-57', + name: "Path Equivalence: 'fakedir/../realdir/filename'", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-570', + name: 'Expression is Always False', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-571', + name: 'Expression is Always True', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-572', + name: 'Call to Thread run() instead of start()', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-573', + name: 'Improper Following of Specification by Caller', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-574', + name: 'EJB Bad Practices: Use of Synchronization Primitives', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-575', + name: 'EJB Bad Practices: Use of AWT Swing', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-576', + name: 'EJB Bad Practices: Use of Java I/O', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-577', + name: 'EJB Bad Practices: Use of Sockets', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-578', + name: 'EJB Bad Practices: Use of Class Loader', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-579', + name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-58', + name: 'Path Equivalence: Windows 8.3 Filename', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-580', + name: 'clone() Method Without super.clone()', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-581', + name: 'Object Model Violation: Just One of Equals and Hashcode Defined', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-582', + name: 'Array Declared Public, Final, and Static', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-583', + name: 'finalize() Method Declared Public', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-584', + name: 'Return Inside Finally Block', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-585', + name: 'Empty Synchronized Block', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-586', + name: 'Explicit Call to Finalize()', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-587', + name: 'Assignment of a Fixed Address to a Pointer', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-588', + name: 'Attempt to Access Child of a Non-structure Pointer', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-589', + name: 'Call to Non-ubiquitous API', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-59', + name: "Improper Link Resolution Before File Access ('Link Following')", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-590', + name: 'Free of Memory not on the Heap', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-591', + name: 'Sensitive Data Storage in Improperly Locked Memory', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-592', + name: 'DEPRECATED: Authentication Bypass Issues', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-593', + name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-594', + name: 'J2EE Framework: Saving Unserializable Objects to Disk', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-595', + name: 'Comparison of Object References Instead of Object Contents', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-596', + name: 'DEPRECATED: Incorrect Semantic Object Comparison', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-597', + name: 'Use of Wrong Operator in String Comparison', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-598', + name: 'Use of GET Request Method With Sensitive Query Strings', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-599', + name: 'Missing Validation of OpenSSL Certificate', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-6', + name: 'J2EE Misconfiguration: Insufficient Session-ID Length', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-600', + name: 'Uncaught Exception in Servlet ', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-601', + name: "URL Redirection to Untrusted Site ('Open Redirect')", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-602', + name: 'Client-Side Enforcement of Server-Side Security', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-603', + name: 'Use of Client-Side Authentication', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-605', + name: 'Multiple Binds to the Same Port', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-606', + name: 'Unchecked Input for Loop Condition', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-607', + name: 'Public Static Final Field References Mutable Object', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-608', + name: 'Struts: Non-private Field in ActionForm Class', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-609', + name: 'Double-Checked Locking', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-61', + name: 'UNIX Symbolic Link (Symlink) Following', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-610', + name: 'Externally Controlled Reference to a Resource in Another Sphere', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-611', + name: 'Improper Restriction of XML External Entity Reference', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-612', + name: 'Improper Authorization of Index Containing Sensitive Information', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-613', + name: 'Insufficient Session Expiration', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-614', + name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-615', + name: 'Inclusion of Sensitive Information in Source Code Comments', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-616', + name: 'Incomplete Identification of Uploaded File Variables (PHP)', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-617', + name: 'Reachable Assertion', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-618', + name: 'Exposed Unsafe ActiveX Method', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-619', + name: "Dangling Database Cursor ('Cursor Injection')", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-62', + name: 'UNIX Hard Link', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-620', + name: 'Unverified Password Change', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-621', + name: 'Variable Extraction Error', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-622', + name: 'Improper Validation of Function Hook Arguments', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-623', + name: 'Unsafe ActiveX Control Marked Safe For Scripting', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-624', + name: 'Executable Regular Expression Error', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-625', + name: 'Permissive Regular Expression', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-626', + name: 'Null Byte Interaction Error (Poison Null Byte)', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-627', + name: 'Dynamic Variable Evaluation', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-628', + name: 'Function Call with Incorrectly Specified Arguments', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-636', + name: "Not Failing Securely ('Failing Open')", + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-637', + name: "Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')", + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-638', + name: 'Not Using Complete Mediation', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-639', + name: 'Authorization Bypass Through User-Controlled Key', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-64', + name: 'Windows Shortcut Following (.LNK)', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-640', + name: 'Weak Password Recovery Mechanism for Forgotten Password', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-641', + name: 'Improper Restriction of Names for Files and Other Resources', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-642', + name: 'External Control of Critical State Data', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-643', + name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-644', + name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-645', + name: 'Overly Restrictive Account Lockout Mechanism', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-646', + name: 'Reliance on File Name or Extension of Externally-Supplied File', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-647', + name: 'Use of Non-Canonical URL Paths for Authorization Decisions', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-648', + name: 'Incorrect Use of Privileged APIs', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-649', + name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-65', + name: 'Windows Hard Link', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-650', + name: 'Trusting HTTP Permission Methods on the Server Side', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-651', + name: 'Exposure of WSDL File Containing Sensitive Information', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-652', + name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-653', + name: 'Improper Isolation or Compartmentalization', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-654', + name: 'Reliance on a Single Factor in a Security Decision', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-655', + name: 'Insufficient Psychological Acceptability', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-656', + name: 'Reliance on Security Through Obscurity', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-657', + name: 'Violation of Secure Design Principles', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-66', + name: 'Improper Handling of File Names that Identify Virtual Resources', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-662', + name: 'Improper Synchronization', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-663', + name: 'Use of a Non-reentrant Function in a Concurrent Context', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-664', + name: 'Improper Control of a Resource Through its Lifetime', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-665', + name: 'Improper Initialization', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-666', + name: 'Operation on Resource in Wrong Phase of Lifetime', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-667', + name: 'Improper Locking', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-668', + name: 'Exposure of Resource to Wrong Sphere', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-669', + name: 'Incorrect Resource Transfer Between Spheres', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-67', + name: 'Improper Handling of Windows Device Names', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-670', + name: 'Always-Incorrect Control Flow Implementation', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-671', + name: 'Lack of Administrator Control over Security', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-672', + name: 'Operation on a Resource after Expiration or Release', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-673', + name: 'External Influence of Sphere Definition', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-674', + name: 'Uncontrolled Recursion', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-675', + name: 'Multiple Operations on Resource in Single-Operation Context', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-676', + name: 'Use of Potentially Dangerous Function', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-680', + name: 'Integer Overflow to Buffer Overflow', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-681', + name: 'Incorrect Conversion between Numeric Types', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-682', + name: 'Incorrect Calculation', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-683', + name: 'Function Call With Incorrect Order of Arguments', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-684', + name: 'Incorrect Provision of Specified Functionality', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-685', + name: 'Function Call With Incorrect Number of Arguments', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-686', + name: 'Function Call With Incorrect Argument Type', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-687', + name: 'Function Call With Incorrectly Specified Argument Value', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-688', + name: 'Function Call With Incorrect Variable or Reference as Argument', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-689', + name: 'Permission Race Condition During Resource Copy', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-69', + name: 'Improper Handling of Windows ::DATA Alternate Data Stream', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-690', + name: 'Unchecked Return Value to NULL Pointer Dereference', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-691', + name: 'Insufficient Control Flow Management', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-692', + name: 'Incomplete Denylist to Cross-Site Scripting', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-693', + name: 'Protection Mechanism Failure', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-694', + name: 'Use of Multiple Resources with Duplicate Identifier', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-695', + name: 'Use of Low-Level Functionality', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-696', + name: 'Incorrect Behavior Order', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-697', + name: 'Incorrect Comparison', + status: 'Incomplete', + usage: 'Discouraged', + }, + { + id: 'CWE-698', + name: 'Execution After Redirect (EAR)', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-7', + name: 'J2EE Misconfiguration: Missing Custom Error Page', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-703', + name: 'Improper Check or Handling of Exceptional Conditions', + status: 'Incomplete', + usage: 'Discouraged', + }, + { + id: 'CWE-704', + name: 'Incorrect Type Conversion or Cast', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-705', + name: 'Incorrect Control Flow Scoping', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-706', + name: 'Use of Incorrectly-Resolved Name or Reference', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-707', + name: 'Improper Neutralization', + status: 'Incomplete', + usage: 'Discouraged', + }, + { + id: 'CWE-708', + name: 'Incorrect Ownership Assignment', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-71', + name: "DEPRECATED: Apple '.DS_Store'", + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-710', + name: 'Improper Adherence to Coding Standards', + status: 'Incomplete', + usage: 'Discouraged', + }, + { + id: 'CWE-72', + name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-73', + name: 'External Control of File Name or Path', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-732', + name: 'Incorrect Permission Assignment for Critical Resource', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-733', + name: 'Compiler Optimization Removal or Modification of Security-critical Code', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-74', + name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", + status: 'Incomplete', + usage: 'Discouraged', + }, + { + id: 'CWE-749', + name: 'Exposed Dangerous Method or Function', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-75', + name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-754', + name: 'Improper Check for Unusual or Exceptional Conditions', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-755', + name: 'Improper Handling of Exceptional Conditions', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-756', + name: 'Missing Custom Error Page', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-757', + name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-758', + name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-759', + name: 'Use of a One-Way Hash without a Salt', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-76', + name: 'Improper Neutralization of Equivalent Special Elements', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-760', + name: 'Use of a One-Way Hash with a Predictable Salt', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-761', + name: 'Free of Pointer not at Start of Buffer', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-762', + name: 'Mismatched Memory Management Routines', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-763', + name: 'Release of Invalid Pointer or Reference', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-764', + name: 'Multiple Locks of a Critical Resource', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-765', + name: 'Multiple Unlocks of a Critical Resource', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-766', + name: 'Critical Data Element Declared Public', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-767', + name: 'Access to Critical Private Variable via Public Method', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-768', + name: 'Incorrect Short Circuit Evaluation', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-769', + name: 'DEPRECATED: Uncontrolled File Descriptor Consumption', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-77', + name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-770', + name: 'Allocation of Resources Without Limits or Throttling', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-771', + name: 'Missing Reference to Active Allocated Resource', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-772', + name: 'Missing Release of Resource after Effective Lifetime', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-773', + name: 'Missing Reference to Active File Descriptor or Handle', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-774', + name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-775', + name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-776', + name: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-777', + name: 'Regular Expression without Anchors', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-778', + name: 'Insufficient Logging', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-779', + name: 'Logging of Excessive Data', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-78', + name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-780', + name: 'Use of RSA Algorithm without OAEP', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-781', + name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-782', + name: 'Exposed IOCTL with Insufficient Access Control', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-783', + name: 'Operator Precedence Logic Error', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-784', + name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-785', + name: 'Use of Path Manipulation Function without Maximum-sized Buffer', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-786', + name: 'Access of Memory Location Before Start of Buffer', + status: 'Incomplete', + usage: 'Discouraged', + }, + { + id: 'CWE-787', + name: 'Out-of-bounds Write', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-788', + name: 'Access of Memory Location After End of Buffer', + status: 'Incomplete', + usage: 'Discouraged', + }, + { + id: 'CWE-789', + name: 'Memory Allocation with Excessive Size Value', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-79', + name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-790', + name: 'Improper Filtering of Special Elements', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-791', + name: 'Incomplete Filtering of Special Elements', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-792', + name: 'Incomplete Filtering of One or More Instances of Special Elements', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-793', + name: 'Only Filtering One Instance of a Special Element', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-794', + name: 'Incomplete Filtering of Multiple Instances of Special Elements', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-795', + name: 'Only Filtering Special Elements at a Specified Location', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-796', + name: 'Only Filtering Special Elements Relative to a Marker', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-797', + name: 'Only Filtering Special Elements at an Absolute Position', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-798', + name: 'Use of Hard-coded Credentials', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-799', + name: 'Improper Control of Interaction Frequency', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-8', + name: 'J2EE Misconfiguration: Entity Bean Declared Remote', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-80', + name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-804', + name: 'Guessable CAPTCHA', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-805', + name: 'Buffer Access with Incorrect Length Value', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-806', + name: 'Buffer Access Using Size of Source Buffer', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-807', + name: 'Reliance on Untrusted Inputs in a Security Decision', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-81', + name: 'Improper Neutralization of Script in an Error Message Web Page', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-82', + name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-820', + name: 'Missing Synchronization', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-821', + name: 'Incorrect Synchronization', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-822', + name: 'Untrusted Pointer Dereference', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-823', + name: 'Use of Out-of-range Pointer Offset', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-824', + name: 'Access of Uninitialized Pointer', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-825', + name: 'Expired Pointer Dereference', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-826', + name: 'Premature Release of Resource During Expected Lifetime', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-827', + name: 'Improper Control of Document Type Definition', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-828', + name: 'Signal Handler with Functionality that is not Asynchronous-Safe', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-829', + name: 'Inclusion of Functionality from Untrusted Control Sphere', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-83', + name: 'Improper Neutralization of Script in Attributes in a Web Page', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-830', + name: 'Inclusion of Web Functionality from an Untrusted Source', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-831', + name: 'Signal Handler Function Associated with Multiple Signals', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-832', + name: 'Unlock of a Resource that is not Locked', + status: 'Incomplete', + usage: 'Allowed', + }, + { id: 'CWE-833', name: 'Deadlock', status: 'Incomplete', usage: 'Allowed' }, + { + id: 'CWE-834', + name: 'Excessive Iteration', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-835', + name: "Loop with Unreachable Exit Condition ('Infinite Loop')", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-836', + name: 'Use of Password Hash Instead of Password for Authentication', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-837', + name: 'Improper Enforcement of a Single, Unique Action', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-838', + name: 'Inappropriate Encoding for Output Context', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-839', + name: 'Numeric Range Comparison Without Minimum Check', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-84', + name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-841', + name: 'Improper Enforcement of Behavioral Workflow', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-842', + name: 'Placement of User into Incorrect Group', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-843', + name: "Access of Resource Using Incompatible Type ('Type Confusion')", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-85', + name: 'Doubled Character XSS Manipulations', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-86', + name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-862', + name: 'Missing Authorization', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-863', + name: 'Incorrect Authorization', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-87', + name: 'Improper Neutralization of Alternate XSS Syntax', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-88', + name: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-89', + name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-9', + name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-90', + name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-908', + name: 'Use of Uninitialized Resource', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-909', + name: 'Missing Initialization of Resource', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-91', + name: 'XML Injection (aka Blind XPath Injection)', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-910', + name: 'Use of Expired File Descriptor', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-911', + name: 'Improper Update of Reference Count', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-912', + name: 'Hidden Functionality', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-913', + name: 'Improper Control of Dynamically-Managed Code Resources', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-914', + name: 'Improper Control of Dynamically-Identified Variables', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-915', + name: 'Improperly Controlled Modification of Dynamically-Determined Object Attributes', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-916', + name: 'Use of Password Hash With Insufficient Computational Effort', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-917', + name: "Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-918', + name: 'Server-Side Request Forgery (SSRF)', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-92', + name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-920', + name: 'Improper Restriction of Power Consumption', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-921', + name: 'Storage of Sensitive Data in a Mechanism without Access Control', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-922', + name: 'Insecure Storage of Sensitive Information', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-923', + name: 'Improper Restriction of Communication Channel to Intended Endpoints', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-924', + name: 'Improper Enforcement of Message Integrity During Transmission in a Communication Channel', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-925', + name: 'Improper Verification of Intent by Broadcast Receiver', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-926', + name: 'Improper Export of Android Application Components', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-927', + name: 'Use of Implicit Intent for Sensitive Communication', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-93', + name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-939', + name: 'Improper Authorization in Handler for Custom URL Scheme', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-94', + name: "Improper Control of Generation of Code ('Code Injection')", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-940', + name: 'Improper Verification of Source of a Communication Channel', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-941', + name: 'Incorrectly Specified Destination in a Communication Channel', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-942', + name: 'Permissive Cross-domain Policy with Untrusted Domains', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-943', + name: 'Improper Neutralization of Special Elements in Data Query Logic', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-95', + name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-96', + name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-97', + name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-98', + name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-99', + name: "Improper Control of Resource Identifiers ('Resource Injection')", + status: 'Draft', + usage: 'Allowed-with-Review', + }, + ], +} diff --git a/lib/cwec/4.13.js b/lib/cwec/4.13.js new file mode 100644 index 00000000..89e93a4c --- /dev/null +++ b/lib/cwec/4.13.js @@ -0,0 +1,5734 @@ +export default { + date: '2023-10-26', + weaknesses: [ + { + id: 'CWE-1004', + name: "Sensitive Cookie Without 'HttpOnly' Flag", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1007', + name: 'Insufficient Visual Distinction of Homoglyphs Presented to User', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-102', + name: 'Struts: Duplicate Validation Forms', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1021', + name: 'Improper Restriction of Rendered UI Layers or Frames', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1022', + name: 'Use of Web Link to Untrusted Target with window.opener Access', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1023', + name: 'Incomplete Comparison with Missing Factors', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1024', + name: 'Comparison of Incompatible Types', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1025', + name: 'Comparison Using Wrong Factors', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-103', + name: 'Struts: Incomplete validate() Method Definition', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1037', + name: 'Processor Optimization Removal or Modification of Security-critical Code', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1038', + name: 'Insecure Automated Optimizations', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1039', + name: 'Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-104', + name: 'Struts: Form Bean Does Not Extend Validation Class', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1041', + name: 'Use of Redundant Code', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1042', + name: 'Static Member Data Element outside of a Singleton Class Element', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1043', + name: 'Data Element Aggregating an Excessively Large Number of Non-Primitive Elements', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1044', + name: 'Architecture with Number of Horizontal Layers Outside of Expected Range', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1045', + name: 'Parent Class with a Virtual Destructor and a Child Class without a Virtual Destructor', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1046', + name: 'Creation of Immutable Text Using String Concatenation', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1047', + name: 'Modules with Circular Dependencies', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1048', + name: 'Invokable Control Element with Large Number of Outward Calls', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1049', + name: 'Excessive Data Query Operations in a Large Data Table', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-105', + name: 'Struts: Form Field Without Validator', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1050', + name: 'Excessive Platform Resource Consumption within a Loop', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1051', + name: 'Initialization with Hard-Coded Network Resource Configuration Data', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1052', + name: 'Excessive Use of Hard-Coded Literals in Initialization', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1053', + name: 'Missing Documentation for Design', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1054', + name: 'Invocation of a Control Element at an Unnecessarily Deep Horizontal Layer', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1055', + name: 'Multiple Inheritance from Concrete Classes', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1056', + name: 'Invokable Control Element with Variadic Parameters', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1057', + name: 'Data Access Operations Outside of Expected Data Manager Component', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1058', + name: 'Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1059', + name: 'Insufficient Technical Documentation', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-106', + name: 'Struts: Plug-in Framework not in Use', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1060', + name: 'Excessive Number of Inefficient Server-Side Data Accesses', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1061', + name: 'Insufficient Encapsulation', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1062', + name: 'Parent Class with References to Child Class', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1063', + name: 'Creation of Class Instance within a Static Code Block', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1064', + name: 'Invokable Control Element with Signature Containing an Excessive Number of Parameters', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1065', + name: 'Runtime Resource Management Control Element in a Component Built to Run on Application Servers', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1066', + name: 'Missing Serialization Control Element', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1067', + name: 'Excessive Execution of Sequential Searches of Data Resource', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1068', + name: 'Inconsistency Between Implementation and Documented Design', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1069', + name: 'Empty Exception Block', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-107', + name: 'Struts: Unused Validation Form', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1070', + name: 'Serializable Data Element Containing non-Serializable Item Elements', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1071', + name: 'Empty Code Block', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1072', + name: 'Data Resource Access without Use of Connection Pooling', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1073', + name: 'Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1074', + name: 'Class with Excessively Deep Inheritance', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1075', + name: 'Unconditional Control Flow Transfer outside of Switch Block', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1076', + name: 'Insufficient Adherence to Expected Conventions', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1077', + name: 'Floating Point Comparison with Incorrect Operator', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1078', + name: 'Inappropriate Source Code Style or Formatting', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1079', + name: 'Parent Class without Virtual Destructor Method', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-108', + name: 'Struts: Unvalidated Action Form', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1080', + name: 'Source Code File with Excessive Number of Lines of Code', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1082', + name: 'Class Instance Self Destruction Control Element', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1083', + name: 'Data Access from Outside Expected Data Manager Component', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1084', + name: 'Invokable Control Element with Excessive File or Data Access Operations', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1085', + name: 'Invokable Control Element with Excessive Volume of Commented-out Code', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1086', + name: 'Class with Excessive Number of Child Classes', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1087', + name: 'Class with Virtual Method without a Virtual Destructor', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1088', + name: 'Synchronous Access of Remote Resource without Timeout', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1089', + name: 'Large Data Table with Excessive Number of Indices', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-109', + name: 'Struts: Validator Turned Off', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1090', + name: 'Method Containing Access of a Member Element from Another Class', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1091', + name: 'Use of Object without Invoking Destructor Method', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1092', + name: 'Use of Same Invokable Control Element in Multiple Architectural Layers', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1093', + name: 'Excessively Complex Data Representation', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1094', + name: 'Excessive Index Range Scan for a Data Resource', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1095', + name: 'Loop Condition Value Update within the Loop', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1096', + name: 'Singleton Class Instance Creation without Proper Locking or Synchronization', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1097', + name: 'Persistent Storable Data Element without Associated Comparison Control Element', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1098', + name: 'Data Element containing Pointer Item without Proper Copy Control Element', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1099', + name: 'Inconsistent Naming Conventions for Identifiers', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-11', + name: 'ASP.NET Misconfiguration: Creating Debug Binary', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-110', + name: 'Struts: Validator Without Form Field', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1100', + name: 'Insufficient Isolation of System-Dependent Functions', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1101', + name: 'Reliance on Runtime Component in Generated Code', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1102', + name: 'Reliance on Machine-Dependent Data Representation', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1103', + name: 'Use of Platform-Dependent Third Party Components', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1104', + name: 'Use of Unmaintained Third Party Components', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1105', + name: 'Insufficient Encapsulation of Machine-Dependent Functionality', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1106', + name: 'Insufficient Use of Symbolic Constants', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1107', + name: 'Insufficient Isolation of Symbolic Constant Definitions', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1108', + name: 'Excessive Reliance on Global Variables', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1109', + name: 'Use of Same Variable for Multiple Purposes', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-111', + name: 'Direct Use of Unsafe JNI', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1110', + name: 'Incomplete Design Documentation', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1111', + name: 'Incomplete I/O Documentation', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1112', + name: 'Incomplete Documentation of Program Execution', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1113', + name: 'Inappropriate Comment Style', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1114', + name: 'Inappropriate Whitespace Style', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1115', + name: 'Source Code Element without Standard Prologue', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1116', + name: 'Inaccurate Comments', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1117', + name: 'Callable with Insufficient Behavioral Summary', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1118', + name: 'Insufficient Documentation of Error Handling Techniques', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1119', + name: 'Excessive Use of Unconditional Branching', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-112', + name: 'Missing XML Validation', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1120', + name: 'Excessive Code Complexity', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1121', + name: 'Excessive McCabe Cyclomatic Complexity', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1122', + name: 'Excessive Halstead Complexity', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1123', + name: 'Excessive Use of Self-Modifying Code', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1124', + name: 'Excessively Deep Nesting', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1125', + name: 'Excessive Attack Surface', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1126', + name: 'Declaration of Variable with Unnecessarily Wide Scope', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1127', + name: 'Compilation with Insufficient Warnings or Errors', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-113', + name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-114', + name: 'Process Control', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-115', + name: 'Misinterpretation of Input', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-116', + name: 'Improper Encoding or Escaping of Output', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1164', + name: 'Irrelevant Code', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-117', + name: 'Improper Output Neutralization for Logs', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1173', + name: 'Improper Use of Validation Framework', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1174', + name: 'ASP.NET Misconfiguration: Improper Model Validation', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1176', + name: 'Inefficient CPU Computation', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1177', + name: 'Use of Prohibited Code', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-118', + name: "Incorrect Access of Indexable Resource ('Range Error')", + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1187', + name: 'DEPRECATED: Use of Uninitialized Resource', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-1188', + name: 'Initialization of a Resource with an Insecure Default', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1189', + name: 'Improper Isolation of Shared Resources on System-on-a-Chip (SoC)', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-119', + name: 'Improper Restriction of Operations within the Bounds of a Memory Buffer', + status: 'Stable', + usage: 'Discouraged', + }, + { + id: 'CWE-1190', + name: 'DMA Device Enabled Too Early in Boot Phase', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1191', + name: 'On-Chip Debug and Test Interface With Improper Access Control', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-1192', + name: 'System-on-Chip (SoC) Using Components without Unique, Immutable Identifiers', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1193', + name: 'Power-On of Untrusted Execution Core Before Enabling Fabric Access Control', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-12', + name: 'ASP.NET Misconfiguration: Missing Custom Error Page', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-120', + name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1204', + name: 'Generation of Weak Initialization Vector (IV)', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1209', + name: 'Failure to Disable Reserved Bits', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-121', + name: 'Stack-based Buffer Overflow', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-122', + name: 'Heap-based Buffer Overflow', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1220', + name: 'Insufficient Granularity of Access Control', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1221', + name: 'Incorrect Register Defaults or Module Parameters', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1222', + name: 'Insufficient Granularity of Address Regions Protected by Register Locks', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1223', + name: 'Race Condition for Write-Once Attributes', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1224', + name: 'Improper Restriction of Write-Once Bit Fields', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1229', + name: 'Creation of Emergent Resource', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-123', + name: 'Write-what-where Condition', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1230', + name: 'Exposure of Sensitive Information Through Metadata', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1231', + name: 'Improper Prevention of Lock Bit Modification', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-1232', + name: 'Improper Lock Behavior After Power State Transition', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1233', + name: 'Security-Sensitive Hardware Controls with Missing Lock Bit Protection', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-1234', + name: 'Hardware Internal or Debug Modes Allow Override of Locks', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1235', + name: 'Incorrect Use of Autoboxing and Unboxing for Performance Critical Operations', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1236', + name: 'Improper Neutralization of Formula Elements in a CSV File', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1239', + name: 'Improper Zeroization of Hardware Register', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-124', + name: "Buffer Underwrite ('Buffer Underflow')", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1240', + name: 'Use of a Cryptographic Primitive with a Risky Implementation', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1241', + name: 'Use of Predictable Algorithm in Random Number Generator', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1242', + name: 'Inclusion of Undocumented Features or Chicken Bits', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1243', + name: 'Sensitive Non-Volatile Information Not Protected During Debug', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1244', + name: 'Internal Asset Exposed to Unsafe Debug Access Level or State', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-1245', + name: 'Improper Finite State Machines (FSMs) in Hardware Logic', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1246', + name: 'Improper Write Handling in Limited-write Non-Volatile Memories', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1247', + name: 'Improper Protection Against Voltage and Clock Glitches', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-1248', + name: 'Semiconductor Defects in Hardware Logic with Security-Sensitive Implications', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1249', + name: 'Application-Level Admin Tool with Inconsistent View of Underlying Operating System', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-125', + name: 'Out-of-bounds Read', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1250', + name: 'Improper Preservation of Consistency Between Independent Representations of Shared State', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1251', + name: 'Mirrored Regions with Different Values', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1252', + name: 'CPU Hardware Not Configured to Support Exclusivity of Write and Execute Operations', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1253', + name: 'Incorrect Selection of Fuse Values', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1254', + name: 'Incorrect Comparison Logic Granularity', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1255', + name: 'Comparison Logic is Vulnerable to Power Side-Channel Attacks', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1256', + name: 'Improper Restriction of Software Interfaces to Hardware Features', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-1257', + name: 'Improper Access Control Applied to Mirrored or Aliased Memory Regions', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1258', + name: 'Exposure of Sensitive System Information Due to Uncleared Debug Information', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1259', + name: 'Improper Restriction of Security Token Assignment', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-126', + name: 'Buffer Over-read', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1260', + name: 'Improper Handling of Overlap Between Protected Memory Ranges', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-1261', + name: 'Improper Handling of Single Event Upsets', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1262', + name: 'Improper Access Control for Register Interface', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-1263', + name: 'Improper Physical Access Control', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1264', + name: 'Hardware Logic with Insecure De-Synchronization between Control and Data Channels', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1265', + name: 'Unintended Reentrant Invocation of Non-reentrant Code Via Nested Calls', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1266', + name: 'Improper Scrubbing of Sensitive Data from Decommissioned Device', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1267', + name: 'Policy Uses Obsolete Encoding', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1268', + name: 'Policy Privileges are not Assigned Consistently Between Control and Data Agents', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1269', + name: 'Product Released in Non-Release Configuration', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-127', + name: 'Buffer Under-read', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1270', + name: 'Generation of Incorrect Security Tokens', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1271', + name: 'Uninitialized Value on Reset for Registers Holding Security Settings', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1272', + name: 'Sensitive Information Uncleared Before Debug/Power State Transition', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-1273', + name: 'Device Unlock Credential Sharing', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1274', + name: 'Improper Access Control for Volatile Memory Containing Boot Code', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-1275', + name: 'Sensitive Cookie with Improper SameSite Attribute', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1276', + name: 'Hardware Child Block Incorrectly Connected to Parent System', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1277', + name: 'Firmware Not Updateable', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1278', + name: 'Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1279', + name: 'Cryptographic Operations are run Before Supporting Units are Ready', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-128', + name: 'Wrap-around Error', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1280', + name: 'Access Control Check Implemented After Asset is Accessed', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1281', + name: 'Sequence of Processor Instructions Leads to Unexpected Behavior', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1282', + name: 'Assumed-Immutable Data is Stored in Writable Memory', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1283', + name: 'Mutable Attestation or Measurement Reporting Data', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1284', + name: 'Improper Validation of Specified Quantity in Input', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1285', + name: 'Improper Validation of Specified Index, Position, or Offset in Input', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1286', + name: 'Improper Validation of Syntactic Correctness of Input', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1287', + name: 'Improper Validation of Specified Type of Input', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1288', + name: 'Improper Validation of Consistency within Input', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1289', + name: 'Improper Validation of Unsafe Equivalence in Input', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-129', + name: 'Improper Validation of Array Index', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1290', + name: 'Incorrect Decoding of Security Identifiers ', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1291', + name: 'Public Key Re-Use for Signing both Debug and Production Code', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1292', + name: 'Incorrect Conversion of Security Identifiers', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1293', + name: 'Missing Source Correlation of Multiple Independent Data', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1294', + name: 'Insecure Security Identifier Mechanism', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1295', + name: 'Debug Messages Revealing Unnecessary Information', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1296', + name: 'Incorrect Chaining or Granularity of Debug Components', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1297', + name: 'Unprotected Confidential Information on Device is Accessible by OSAT Vendors', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1298', + name: 'Hardware Logic Contains Race Conditions', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1299', + name: 'Missing Protection Mechanism for Alternate Hardware Interface', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-13', + name: 'ASP.NET Misconfiguration: Password in Configuration File', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-130', + name: 'Improper Handling of Length Parameter Inconsistency', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1300', + name: 'Improper Protection of Physical Side Channels', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-1301', + name: 'Insufficient or Incomplete Data Removal within Hardware Component', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1302', + name: 'Missing Security Identifier', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1303', + name: 'Non-Transparent Sharing of Microarchitectural Resources', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1304', + name: 'Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-131', + name: 'Incorrect Calculation of Buffer Size', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1310', + name: 'Missing Ability to Patch ROM Code', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1311', + name: 'Improper Translation of Security Attributes by Fabric Bridge', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1312', + name: 'Missing Protection for Mirrored Regions in On-Chip Fabric Firewall', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1313', + name: 'Hardware Allows Activation of Test or Debug Logic at Runtime', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1314', + name: 'Missing Write Protection for Parametric Data Values', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1315', + name: 'Improper Setting of Bus Controlling Capability in Fabric End-point', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1316', + name: 'Fabric-Address Map Allows Programming of Unwarranted Overlaps of Protected and Unprotected Ranges', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1317', + name: 'Improper Access Control in Fabric Bridge', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1318', + name: 'Missing Support for Security Features in On-chip Fabrics or Buses', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1319', + name: 'Improper Protection against Electromagnetic Fault Injection (EM-FI)', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-132', + name: 'DEPRECATED: Miscalculated Null Termination', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-1320', + name: 'Improper Protection for Outbound Error Messages and Alert Signals', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1321', + name: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1322', + name: 'Use of Blocking Code in Single-threaded, Non-blocking Context', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1323', + name: 'Improper Management of Sensitive Trace Data', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1324', + name: 'DEPRECATED: Sensitive Information Accessible by Physical Probing of JTAG Interface', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-1325', + name: 'Improperly Controlled Sequential Memory Allocation', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1326', + name: 'Missing Immutable Root of Trust in Hardware', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1327', + name: 'Binding to an Unrestricted IP Address', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1328', + name: 'Security Version Number Mutable to Older Versions', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1329', + name: 'Reliance on Component That is Not Updateable', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1330', + name: 'Remanent Data Readable after Memory Erase', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1331', + name: 'Improper Isolation of Shared Resources in Network On Chip (NoC)', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-1332', + name: 'Improper Handling of Faults that Lead to Instruction Skips', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-1333', + name: 'Inefficient Regular Expression Complexity', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1334', + name: 'Unauthorized Error Injection Can Degrade Hardware Redundancy', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1335', + name: 'Incorrect Bitwise Shift of Integer', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1336', + name: 'Improper Neutralization of Special Elements Used in a Template Engine', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1338', + name: 'Improper Protections Against Hardware Overheating', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1339', + name: 'Insufficient Precision or Accuracy of a Real Number', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-134', + name: 'Use of Externally-Controlled Format String', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1341', + name: 'Multiple Releases of Same Resource or Handle', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1342', + name: 'Information Exposure through Microarchitectural State after Transient Execution', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-135', + name: 'Incorrect Calculation of Multi-Byte String Length', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1351', + name: 'Improper Handling of Hardware Behavior in Exceptionally Cold Environments', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1357', + name: 'Reliance on Insufficiently Trustworthy Component', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-138', + name: 'Improper Neutralization of Special Elements', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1384', + name: 'Improper Handling of Physical or Environmental Conditions', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1385', + name: 'Missing Origin Validation in WebSockets', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1386', + name: 'Insecure Operation on Windows Junction / Mount Point', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1389', + name: 'Incorrect Parsing of Numbers with Different Radices', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1390', + name: 'Weak Authentication', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1391', + name: 'Use of Weak Credentials', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1392', + name: 'Use of Default Credentials', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1393', + name: 'Use of Default Password', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1394', + name: 'Use of Default Cryptographic Key', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1395', + name: 'Dependency on Vulnerable Third-Party Component', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-14', + name: 'Compiler Removal of Code to Clear Buffers', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-140', + name: 'Improper Neutralization of Delimiters', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-141', + name: 'Improper Neutralization of Parameter/Argument Delimiters', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1419', + name: 'Incorrect Initialization of Resource', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-142', + name: 'Improper Neutralization of Value Delimiters', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-143', + name: 'Improper Neutralization of Record Delimiters', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-144', + name: 'Improper Neutralization of Line Delimiters', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-145', + name: 'Improper Neutralization of Section Delimiters', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-146', + name: 'Improper Neutralization of Expression/Command Delimiters', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-147', + name: 'Improper Neutralization of Input Terminators', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-148', + name: 'Improper Neutralization of Input Leaders', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-149', + name: 'Improper Neutralization of Quoting Syntax', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-15', + name: 'External Control of System or Configuration Setting', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-150', + name: 'Improper Neutralization of Escape, Meta, or Control Sequences', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-151', + name: 'Improper Neutralization of Comment Delimiters', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-152', + name: 'Improper Neutralization of Macro Symbols', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-153', + name: 'Improper Neutralization of Substitution Characters', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-154', + name: 'Improper Neutralization of Variable Name Delimiters', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-155', + name: 'Improper Neutralization of Wildcards or Matching Symbols', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-156', + name: 'Improper Neutralization of Whitespace', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-157', + name: 'Failure to Sanitize Paired Delimiters', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-158', + name: 'Improper Neutralization of Null Byte or NUL Character', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-159', + name: 'Improper Handling of Invalid Use of Special Elements', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-160', + name: 'Improper Neutralization of Leading Special Elements', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-161', + name: 'Improper Neutralization of Multiple Leading Special Elements', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-162', + name: 'Improper Neutralization of Trailing Special Elements', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-163', + name: 'Improper Neutralization of Multiple Trailing Special Elements', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-164', + name: 'Improper Neutralization of Internal Special Elements', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-165', + name: 'Improper Neutralization of Multiple Internal Special Elements', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-166', + name: 'Improper Handling of Missing Special Element', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-167', + name: 'Improper Handling of Additional Special Element', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-168', + name: 'Improper Handling of Inconsistent Special Elements', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-170', + name: 'Improper Null Termination', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-172', + name: 'Encoding Error', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-173', + name: 'Improper Handling of Alternate Encoding', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-174', + name: 'Double Decoding of the Same Data', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-175', + name: 'Improper Handling of Mixed Encoding', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-176', + name: 'Improper Handling of Unicode Encoding', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-177', + name: 'Improper Handling of URL Encoding (Hex Encoding)', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-178', + name: 'Improper Handling of Case Sensitivity', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-179', + name: 'Incorrect Behavior Order: Early Validation', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-180', + name: 'Incorrect Behavior Order: Validate Before Canonicalize', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-181', + name: 'Incorrect Behavior Order: Validate Before Filter', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-182', + name: 'Collapse of Data into Unsafe Value', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-183', + name: 'Permissive List of Allowed Inputs', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-184', + name: 'Incomplete List of Disallowed Inputs', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-185', + name: 'Incorrect Regular Expression', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-186', + name: 'Overly Restrictive Regular Expression', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-187', + name: 'Partial String Comparison', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-188', + name: 'Reliance on Data/Memory Layout', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-190', + name: 'Integer Overflow or Wraparound', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-191', + name: 'Integer Underflow (Wrap or Wraparound)', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-192', + name: 'Integer Coercion Error', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-193', + name: 'Off-by-one Error', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-194', + name: 'Unexpected Sign Extension', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-195', + name: 'Signed to Unsigned Conversion Error', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-196', + name: 'Unsigned to Signed Conversion Error', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-197', + name: 'Numeric Truncation Error', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-198', + name: 'Use of Incorrect Byte Ordering', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-20', + name: 'Improper Input Validation', + status: 'Stable', + usage: 'Discouraged', + }, + { + id: 'CWE-200', + name: 'Exposure of Sensitive Information to an Unauthorized Actor', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-201', + name: 'Insertion of Sensitive Information Into Sent Data', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-202', + name: 'Exposure of Sensitive Information Through Data Queries', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-203', + name: 'Observable Discrepancy', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-204', + name: 'Observable Response Discrepancy', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-205', + name: 'Observable Behavioral Discrepancy', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-206', + name: 'Observable Internal Behavioral Discrepancy', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-207', + name: 'Observable Behavioral Discrepancy With Equivalent Products', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-208', + name: 'Observable Timing Discrepancy', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-209', + name: 'Generation of Error Message Containing Sensitive Information', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-210', + name: 'Self-generated Error Message Containing Sensitive Information', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-211', + name: 'Externally-Generated Error Message Containing Sensitive Information', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-212', + name: 'Improper Removal of Sensitive Information Before Storage or Transfer', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-213', + name: 'Exposure of Sensitive Information Due to Incompatible Policies', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-214', + name: 'Invocation of Process Using Visible Sensitive Information', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-215', + name: 'Insertion of Sensitive Information Into Debugging Code', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-216', + name: 'DEPRECATED: Containment Errors (Container Errors)', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-217', + name: 'DEPRECATED: Failure to Protect Stored Data from Modification', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-218', + name: 'DEPRECATED: Failure to provide confidentiality for stored data', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-219', + name: 'Storage of File with Sensitive Data Under Web Root', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-22', + name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-220', + name: 'Storage of File With Sensitive Data Under FTP Root', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-221', + name: 'Information Loss or Omission', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-222', + name: 'Truncation of Security-relevant Information', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-223', + name: 'Omission of Security-relevant Information', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-224', + name: 'Obscured Security-relevant Information by Alternate Name', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-225', + name: 'DEPRECATED: General Information Management Problems', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-226', + name: 'Sensitive Information in Resource Not Removed Before Reuse', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-228', + name: 'Improper Handling of Syntactically Invalid Structure', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-229', + name: 'Improper Handling of Values', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-23', + name: 'Relative Path Traversal', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-230', + name: 'Improper Handling of Missing Values', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-231', + name: 'Improper Handling of Extra Values', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-232', + name: 'Improper Handling of Undefined Values', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-233', + name: 'Improper Handling of Parameters', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-234', + name: 'Failure to Handle Missing Parameter', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-235', + name: 'Improper Handling of Extra Parameters', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-236', + name: 'Improper Handling of Undefined Parameters', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-237', + name: 'Improper Handling of Structural Elements', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-238', + name: 'Improper Handling of Incomplete Structural Elements', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-239', + name: 'Failure to Handle Incomplete Element', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-24', + name: "Path Traversal: '../filedir'", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-240', + name: 'Improper Handling of Inconsistent Structural Elements', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-241', + name: 'Improper Handling of Unexpected Data Type', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-242', + name: 'Use of Inherently Dangerous Function', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-243', + name: 'Creation of chroot Jail Without Changing Working Directory', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-244', + name: "Improper Clearing of Heap Memory Before Release ('Heap Inspection')", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-245', + name: 'J2EE Bad Practices: Direct Management of Connections', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-246', + name: 'J2EE Bad Practices: Direct Use of Sockets', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-247', + name: 'DEPRECATED: Reliance on DNS Lookups in a Security Decision', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-248', + name: 'Uncaught Exception', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-249', + name: 'DEPRECATED: Often Misused: Path Manipulation', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-25', + name: "Path Traversal: '/../filedir'", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-250', + name: 'Execution with Unnecessary Privileges', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-252', + name: 'Unchecked Return Value', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-253', + name: 'Incorrect Check of Function Return Value', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-256', + name: 'Plaintext Storage of a Password', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-257', + name: 'Storing Passwords in a Recoverable Format', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-258', + name: 'Empty Password in Configuration File', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-259', + name: 'Use of Hard-coded Password', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-26', + name: "Path Traversal: '/dir/../filename'", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-260', + name: 'Password in Configuration File', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-261', + name: 'Weak Encoding for Password', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-262', + name: 'Not Using Password Aging', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-263', + name: 'Password Aging with Long Expiration', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-266', + name: 'Incorrect Privilege Assignment', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-267', + name: 'Privilege Defined With Unsafe Actions', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-268', + name: 'Privilege Chaining', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-269', + name: 'Improper Privilege Management', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-27', + name: "Path Traversal: 'dir/../../filename'", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-270', + name: 'Privilege Context Switching Error', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-271', + name: 'Privilege Dropping / Lowering Errors', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-272', + name: 'Least Privilege Violation', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-273', + name: 'Improper Check for Dropped Privileges', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-274', + name: 'Improper Handling of Insufficient Privileges', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-276', + name: 'Incorrect Default Permissions', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-277', + name: 'Insecure Inherited Permissions', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-278', + name: 'Insecure Preserved Inherited Permissions', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-279', + name: 'Incorrect Execution-Assigned Permissions', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-28', + name: "Path Traversal: '..\\filedir'", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-280', + name: 'Improper Handling of Insufficient Permissions or Privileges ', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-281', + name: 'Improper Preservation of Permissions', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-282', + name: 'Improper Ownership Management', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-283', + name: 'Unverified Ownership', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-284', + name: 'Improper Access Control', + status: 'Incomplete', + usage: 'Discouraged', + }, + { + id: 'CWE-285', + name: 'Improper Authorization', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-286', + name: 'Incorrect User Management', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-287', + name: 'Improper Authentication', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-288', + name: 'Authentication Bypass Using an Alternate Path or Channel', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-289', + name: 'Authentication Bypass by Alternate Name', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-29', + name: "Path Traversal: '\\..\\filename'", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-290', + name: 'Authentication Bypass by Spoofing', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-291', + name: 'Reliance on IP Address for Authentication', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-292', + name: 'DEPRECATED: Trusting Self-reported DNS Name', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-293', + name: 'Using Referer Field for Authentication', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-294', + name: 'Authentication Bypass by Capture-replay', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-295', + name: 'Improper Certificate Validation', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-296', + name: "Improper Following of a Certificate's Chain of Trust", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-297', + name: 'Improper Validation of Certificate with Host Mismatch', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-298', + name: 'Improper Validation of Certificate Expiration', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-299', + name: 'Improper Check for Certificate Revocation', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-30', + name: "Path Traversal: '\\dir\\..\\filename'", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-300', + name: 'Channel Accessible by Non-Endpoint', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-301', + name: 'Reflection Attack in an Authentication Protocol', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-302', + name: 'Authentication Bypass by Assumed-Immutable Data', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-303', + name: 'Incorrect Implementation of Authentication Algorithm', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-304', + name: 'Missing Critical Step in Authentication', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-305', + name: 'Authentication Bypass by Primary Weakness', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-306', + name: 'Missing Authentication for Critical Function', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-307', + name: 'Improper Restriction of Excessive Authentication Attempts', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-308', + name: 'Use of Single-factor Authentication', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-309', + name: 'Use of Password System for Primary Authentication', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-31', + name: "Path Traversal: 'dir\\..\\..\\filename'", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-311', + name: 'Missing Encryption of Sensitive Data', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-312', + name: 'Cleartext Storage of Sensitive Information', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-313', + name: 'Cleartext Storage in a File or on Disk', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-314', + name: 'Cleartext Storage in the Registry', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-315', + name: 'Cleartext Storage of Sensitive Information in a Cookie', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-316', + name: 'Cleartext Storage of Sensitive Information in Memory', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-317', + name: 'Cleartext Storage of Sensitive Information in GUI', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-318', + name: 'Cleartext Storage of Sensitive Information in Executable', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-319', + name: 'Cleartext Transmission of Sensitive Information', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-32', + name: "Path Traversal: '...' (Triple Dot)", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-321', + name: 'Use of Hard-coded Cryptographic Key', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-322', + name: 'Key Exchange without Entity Authentication', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-323', + name: 'Reusing a Nonce, Key Pair in Encryption', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-324', + name: 'Use of a Key Past its Expiration Date', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-325', + name: 'Missing Cryptographic Step', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-326', + name: 'Inadequate Encryption Strength', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-327', + name: 'Use of a Broken or Risky Cryptographic Algorithm', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-328', + name: 'Use of Weak Hash', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-329', + name: 'Generation of Predictable IV with CBC Mode', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-33', + name: "Path Traversal: '....' (Multiple Dot)", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-330', + name: 'Use of Insufficiently Random Values', + status: 'Stable', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-331', + name: 'Insufficient Entropy', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-332', + name: 'Insufficient Entropy in PRNG', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-333', + name: 'Improper Handling of Insufficient Entropy in TRNG', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-334', + name: 'Small Space of Random Values', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-335', + name: 'Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-336', + name: 'Same Seed in Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-337', + name: 'Predictable Seed in Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-338', + name: 'Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-339', + name: 'Small Seed Space in PRNG', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-34', + name: "Path Traversal: '....//'", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-340', + name: 'Generation of Predictable Numbers or Identifiers', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-341', + name: 'Predictable from Observable State', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-342', + name: 'Predictable Exact Value from Previous Values', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-343', + name: 'Predictable Value Range from Previous Values', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-344', + name: 'Use of Invariant Value in Dynamically Changing Context', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-345', + name: 'Insufficient Verification of Data Authenticity', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-346', + name: 'Origin Validation Error', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-347', + name: 'Improper Verification of Cryptographic Signature', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-348', + name: 'Use of Less Trusted Source', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-349', + name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-35', + name: "Path Traversal: '.../...//'", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-350', + name: 'Reliance on Reverse DNS Resolution for a Security-Critical Action', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-351', + name: 'Insufficient Type Distinction', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-352', + name: 'Cross-Site Request Forgery (CSRF)', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-353', + name: 'Missing Support for Integrity Check', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-354', + name: 'Improper Validation of Integrity Check Value', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-356', + name: 'Product UI does not Warn User of Unsafe Actions', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-357', + name: 'Insufficient UI Warning of Dangerous Operations', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-358', + name: 'Improperly Implemented Security Check for Standard', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-359', + name: 'Exposure of Private Personal Information to an Unauthorized Actor', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-36', + name: 'Absolute Path Traversal', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-360', + name: 'Trust of System Event Data', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-362', + name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-363', + name: 'Race Condition Enabling Link Following', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-364', + name: 'Signal Handler Race Condition', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-365', + name: 'DEPRECATED: Race Condition in Switch', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-366', + name: 'Race Condition within a Thread', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-367', + name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-368', + name: 'Context Switching Race Condition', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-369', + name: 'Divide By Zero', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-37', + name: "Path Traversal: '/absolute/pathname/here'", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-370', + name: 'Missing Check for Certificate Revocation after Initial Check', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-372', + name: 'Incomplete Internal State Distinction', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-373', + name: 'DEPRECATED: State Synchronization Error', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-374', + name: 'Passing Mutable Objects to an Untrusted Method', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-375', + name: 'Returning a Mutable Object to an Untrusted Caller', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-377', + name: 'Insecure Temporary File', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-378', + name: 'Creation of Temporary File With Insecure Permissions', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-379', + name: 'Creation of Temporary File in Directory with Insecure Permissions', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-38', + name: "Path Traversal: '\\absolute\\pathname\\here'", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-382', + name: 'J2EE Bad Practices: Use of System.exit()', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-383', + name: 'J2EE Bad Practices: Direct Use of Threads', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-384', + name: 'Session Fixation', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-385', + name: 'Covert Timing Channel', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-386', + name: 'Symbolic Name not Mapping to Correct Object', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-39', + name: "Path Traversal: 'C:dirname'", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-390', + name: 'Detection of Error Condition Without Action', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-391', + name: 'Unchecked Error Condition', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-392', + name: 'Missing Report of Error Condition', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-393', + name: 'Return of Wrong Status Code', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-394', + name: 'Unexpected Status Code or Return Value', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-395', + name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-396', + name: 'Declaration of Catch for Generic Exception', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-397', + name: 'Declaration of Throws for Generic Exception', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-40', + name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-400', + name: 'Uncontrolled Resource Consumption', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-401', + name: 'Missing Release of Memory after Effective Lifetime', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-402', + name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-403', + name: "Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-404', + name: 'Improper Resource Shutdown or Release', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-405', + name: 'Asymmetric Resource Consumption (Amplification)', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-406', + name: 'Insufficient Control of Network Message Volume (Network Amplification)', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-407', + name: 'Inefficient Algorithmic Complexity', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-408', + name: 'Incorrect Behavior Order: Early Amplification', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-409', + name: 'Improper Handling of Highly Compressed Data (Data Amplification)', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-41', + name: 'Improper Resolution of Path Equivalence', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-410', + name: 'Insufficient Resource Pool', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-412', + name: 'Unrestricted Externally Accessible Lock', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-413', + name: 'Improper Resource Locking', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-414', + name: 'Missing Lock Check', + status: 'Draft', + usage: 'Allowed', + }, + { id: 'CWE-415', name: 'Double Free', status: 'Draft', usage: 'Allowed' }, + { + id: 'CWE-416', + name: 'Use After Free', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-419', + name: 'Unprotected Primary Channel', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-42', + name: "Path Equivalence: 'filename.' (Trailing Dot)", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-420', + name: 'Unprotected Alternate Channel', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-421', + name: 'Race Condition During Access to Alternate Channel', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-422', + name: "Unprotected Windows Messaging Channel ('Shatter')", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-423', + name: 'DEPRECATED: Proxied Trusted Channel', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-424', + name: 'Improper Protection of Alternate Path', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-425', + name: "Direct Request ('Forced Browsing')", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-426', + name: 'Untrusted Search Path', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-427', + name: 'Uncontrolled Search Path Element', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-428', + name: 'Unquoted Search Path or Element', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-43', + name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-430', + name: 'Deployment of Wrong Handler', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-431', + name: 'Missing Handler', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-432', + name: 'Dangerous Signal Handler not Disabled During Sensitive Operations', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-433', + name: 'Unparsed Raw Web Content Delivery', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-434', + name: 'Unrestricted Upload of File with Dangerous Type', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-435', + name: 'Improper Interaction Between Multiple Correctly-Behaving Entities', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-436', + name: 'Interpretation Conflict', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-437', + name: 'Incomplete Model of Endpoint Features', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-439', + name: 'Behavioral Change in New Version or Environment', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-44', + name: "Path Equivalence: 'file.name' (Internal Dot)", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-440', + name: 'Expected Behavior Violation', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-441', + name: "Unintended Proxy or Intermediary ('Confused Deputy')", + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-443', + name: 'DEPRECATED: HTTP response splitting', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-444', + name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-446', + name: 'UI Discrepancy for Security Feature', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-447', + name: 'Unimplemented or Unsupported Feature in UI', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-448', + name: 'Obsolete Feature in UI', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-449', + name: 'The UI Performs the Wrong Action', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-45', + name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-450', + name: 'Multiple Interpretations of UI Input', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-451', + name: 'User Interface (UI) Misrepresentation of Critical Information', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-453', + name: 'Insecure Default Variable Initialization', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-454', + name: 'External Initialization of Trusted Variables or Data Stores', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-455', + name: 'Non-exit on Failed Initialization', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-456', + name: 'Missing Initialization of a Variable', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-457', + name: 'Use of Uninitialized Variable', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-458', + name: 'DEPRECATED: Incorrect Initialization', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-459', + name: 'Incomplete Cleanup', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-46', + name: "Path Equivalence: 'filename ' (Trailing Space)", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-460', + name: 'Improper Cleanup on Thrown Exception', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-462', + name: 'Duplicate Key in Associative List (Alist)', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-463', + name: 'Deletion of Data Structure Sentinel', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-464', + name: 'Addition of Data Structure Sentinel', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-466', + name: 'Return of Pointer Value Outside of Expected Range', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-467', + name: 'Use of sizeof() on a Pointer Type', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-468', + name: 'Incorrect Pointer Scaling', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-469', + name: 'Use of Pointer Subtraction to Determine Size', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-47', + name: "Path Equivalence: ' filename' (Leading Space)", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-470', + name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-471', + name: 'Modification of Assumed-Immutable Data (MAID)', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-472', + name: 'External Control of Assumed-Immutable Web Parameter', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-473', + name: 'PHP External Variable Modification', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-474', + name: 'Use of Function with Inconsistent Implementations', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-475', + name: 'Undefined Behavior for Input to API', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-476', + name: 'NULL Pointer Dereference', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-477', + name: 'Use of Obsolete Function', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-478', + name: 'Missing Default Case in Multiple Condition Expression', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-479', + name: 'Signal Handler Use of a Non-reentrant Function', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-48', + name: "Path Equivalence: 'file name' (Internal Whitespace)", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-480', + name: 'Use of Incorrect Operator', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-481', + name: 'Assigning instead of Comparing', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-482', + name: 'Comparing instead of Assigning', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-483', + name: 'Incorrect Block Delimitation', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-484', + name: 'Omitted Break Statement in Switch', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-486', + name: 'Comparison of Classes by Name', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-487', + name: 'Reliance on Package-level Scope', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-488', + name: 'Exposure of Data Element to Wrong Session', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-489', + name: 'Active Debug Code', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-49', + name: "Path Equivalence: 'filename/' (Trailing Slash)", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-491', + name: "Public cloneable() Method Without Final ('Object Hijack')", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-492', + name: 'Use of Inner Class Containing Sensitive Data', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-493', + name: 'Critical Public Variable Without Final Modifier', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-494', + name: 'Download of Code Without Integrity Check', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-495', + name: 'Private Data Structure Returned From A Public Method', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-496', + name: 'Public Data Assigned to Private Array-Typed Field', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-497', + name: 'Exposure of Sensitive System Information to an Unauthorized Control Sphere', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-498', + name: 'Cloneable Class Containing Sensitive Information', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-499', + name: 'Serializable Class Containing Sensitive Data', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-5', + name: 'J2EE Misconfiguration: Data Transmission Without Encryption', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-50', + name: "Path Equivalence: '//multiple/leading/slash'", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-500', + name: 'Public Static Field Not Marked Final', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-501', + name: 'Trust Boundary Violation', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-502', + name: 'Deserialization of Untrusted Data', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-506', + name: 'Embedded Malicious Code', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-507', + name: 'Trojan Horse', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-508', + name: 'Non-Replicating Malicious Code', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-509', + name: 'Replicating Malicious Code (Virus or Worm)', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-51', + name: "Path Equivalence: '/multiple//internal/slash'", + status: 'Incomplete', + usage: 'Allowed', + }, + { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete', usage: 'Allowed' }, + { + id: 'CWE-511', + name: 'Logic/Time Bomb', + status: 'Incomplete', + usage: 'Allowed', + }, + { id: 'CWE-512', name: 'Spyware', status: 'Incomplete', usage: 'Allowed' }, + { + id: 'CWE-514', + name: 'Covert Channel', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-515', + name: 'Covert Storage Channel', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-516', + name: 'DEPRECATED: Covert Timing Channel', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-52', + name: "Path Equivalence: '/multiple/trailing/slash//'", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-520', + name: '.NET Misconfiguration: Use of Impersonation', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-521', + name: 'Weak Password Requirements', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-522', + name: 'Insufficiently Protected Credentials', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-523', + name: 'Unprotected Transport of Credentials', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-524', + name: 'Use of Cache Containing Sensitive Information', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-525', + name: 'Use of Web Browser Cache Containing Sensitive Information', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-526', + name: 'Cleartext Storage of Sensitive Information in an Environment Variable', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-527', + name: 'Exposure of Version-Control Repository to an Unauthorized Control Sphere', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-528', + name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-529', + name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-53', + name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-530', + name: 'Exposure of Backup File to an Unauthorized Control Sphere', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-531', + name: 'Inclusion of Sensitive Information in Test Code', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-532', + name: 'Insertion of Sensitive Information into Log File', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-533', + name: 'DEPRECATED: Information Exposure Through Server Log Files', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-534', + name: 'DEPRECATED: Information Exposure Through Debug Log Files', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-535', + name: 'Exposure of Information Through Shell Error Message', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-536', + name: 'Servlet Runtime Error Message Containing Sensitive Information', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-537', + name: 'Java Runtime Error Message Containing Sensitive Information', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-538', + name: 'Insertion of Sensitive Information into Externally-Accessible File or Directory', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-539', + name: 'Use of Persistent Cookies Containing Sensitive Information', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-54', + name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-540', + name: 'Inclusion of Sensitive Information in Source Code', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-541', + name: 'Inclusion of Sensitive Information in an Include File', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-542', + name: 'DEPRECATED: Information Exposure Through Cleanup Log Files', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-543', + name: 'Use of Singleton Pattern Without Synchronization in a Multithreaded Context', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-544', + name: 'Missing Standardized Error Handling Mechanism', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-545', + name: 'DEPRECATED: Use of Dynamic Class Loading', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-546', + name: 'Suspicious Comment', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-547', + name: 'Use of Hard-coded, Security-relevant Constants', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-548', + name: 'Exposure of Information Through Directory Listing', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-549', + name: 'Missing Password Field Masking', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-55', + name: "Path Equivalence: '/./' (Single Dot Directory)", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-550', + name: 'Server-generated Error Message Containing Sensitive Information', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-551', + name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-552', + name: 'Files or Directories Accessible to External Parties', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-553', + name: 'Command Shell in Externally Accessible Directory', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-554', + name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-555', + name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-556', + name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-558', + name: 'Use of getlogin() in Multithreaded Application', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-56', + name: "Path Equivalence: 'filedir*' (Wildcard)", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-560', + name: 'Use of umask() with chmod-style Argument', + status: 'Draft', + usage: 'Allowed', + }, + { id: 'CWE-561', name: 'Dead Code', status: 'Draft', usage: 'Allowed' }, + { + id: 'CWE-562', + name: 'Return of Stack Variable Address', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-563', + name: 'Assignment to Variable without Use', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-564', + name: 'SQL Injection: Hibernate', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-565', + name: 'Reliance on Cookies without Validation and Integrity Checking', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-566', + name: 'Authorization Bypass Through User-Controlled SQL Primary Key', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-567', + name: 'Unsynchronized Access to Shared Data in a Multithreaded Context', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-568', + name: 'finalize() Method Without super.finalize()', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-57', + name: "Path Equivalence: 'fakedir/../realdir/filename'", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-570', + name: 'Expression is Always False', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-571', + name: 'Expression is Always True', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-572', + name: 'Call to Thread run() instead of start()', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-573', + name: 'Improper Following of Specification by Caller', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-574', + name: 'EJB Bad Practices: Use of Synchronization Primitives', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-575', + name: 'EJB Bad Practices: Use of AWT Swing', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-576', + name: 'EJB Bad Practices: Use of Java I/O', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-577', + name: 'EJB Bad Practices: Use of Sockets', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-578', + name: 'EJB Bad Practices: Use of Class Loader', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-579', + name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-58', + name: 'Path Equivalence: Windows 8.3 Filename', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-580', + name: 'clone() Method Without super.clone()', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-581', + name: 'Object Model Violation: Just One of Equals and Hashcode Defined', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-582', + name: 'Array Declared Public, Final, and Static', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-583', + name: 'finalize() Method Declared Public', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-584', + name: 'Return Inside Finally Block', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-585', + name: 'Empty Synchronized Block', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-586', + name: 'Explicit Call to Finalize()', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-587', + name: 'Assignment of a Fixed Address to a Pointer', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-588', + name: 'Attempt to Access Child of a Non-structure Pointer', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-589', + name: 'Call to Non-ubiquitous API', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-59', + name: "Improper Link Resolution Before File Access ('Link Following')", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-590', + name: 'Free of Memory not on the Heap', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-591', + name: 'Sensitive Data Storage in Improperly Locked Memory', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-592', + name: 'DEPRECATED: Authentication Bypass Issues', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-593', + name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-594', + name: 'J2EE Framework: Saving Unserializable Objects to Disk', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-595', + name: 'Comparison of Object References Instead of Object Contents', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-596', + name: 'DEPRECATED: Incorrect Semantic Object Comparison', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-597', + name: 'Use of Wrong Operator in String Comparison', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-598', + name: 'Use of GET Request Method With Sensitive Query Strings', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-599', + name: 'Missing Validation of OpenSSL Certificate', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-6', + name: 'J2EE Misconfiguration: Insufficient Session-ID Length', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-600', + name: 'Uncaught Exception in Servlet ', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-601', + name: "URL Redirection to Untrusted Site ('Open Redirect')", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-602', + name: 'Client-Side Enforcement of Server-Side Security', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-603', + name: 'Use of Client-Side Authentication', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-605', + name: 'Multiple Binds to the Same Port', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-606', + name: 'Unchecked Input for Loop Condition', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-607', + name: 'Public Static Final Field References Mutable Object', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-608', + name: 'Struts: Non-private Field in ActionForm Class', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-609', + name: 'Double-Checked Locking', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-61', + name: 'UNIX Symbolic Link (Symlink) Following', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-610', + name: 'Externally Controlled Reference to a Resource in Another Sphere', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-611', + name: 'Improper Restriction of XML External Entity Reference', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-612', + name: 'Improper Authorization of Index Containing Sensitive Information', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-613', + name: 'Insufficient Session Expiration', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-614', + name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-615', + name: 'Inclusion of Sensitive Information in Source Code Comments', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-616', + name: 'Incomplete Identification of Uploaded File Variables (PHP)', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-617', + name: 'Reachable Assertion', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-618', + name: 'Exposed Unsafe ActiveX Method', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-619', + name: "Dangling Database Cursor ('Cursor Injection')", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-62', + name: 'UNIX Hard Link', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-620', + name: 'Unverified Password Change', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-621', + name: 'Variable Extraction Error', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-622', + name: 'Improper Validation of Function Hook Arguments', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-623', + name: 'Unsafe ActiveX Control Marked Safe For Scripting', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-624', + name: 'Executable Regular Expression Error', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-625', + name: 'Permissive Regular Expression', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-626', + name: 'Null Byte Interaction Error (Poison Null Byte)', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-627', + name: 'Dynamic Variable Evaluation', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-628', + name: 'Function Call with Incorrectly Specified Arguments', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-636', + name: "Not Failing Securely ('Failing Open')", + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-637', + name: "Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')", + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-638', + name: 'Not Using Complete Mediation', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-639', + name: 'Authorization Bypass Through User-Controlled Key', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-64', + name: 'Windows Shortcut Following (.LNK)', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-640', + name: 'Weak Password Recovery Mechanism for Forgotten Password', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-641', + name: 'Improper Restriction of Names for Files and Other Resources', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-642', + name: 'External Control of Critical State Data', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-643', + name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-644', + name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-645', + name: 'Overly Restrictive Account Lockout Mechanism', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-646', + name: 'Reliance on File Name or Extension of Externally-Supplied File', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-647', + name: 'Use of Non-Canonical URL Paths for Authorization Decisions', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-648', + name: 'Incorrect Use of Privileged APIs', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-649', + name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-65', + name: 'Windows Hard Link', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-650', + name: 'Trusting HTTP Permission Methods on the Server Side', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-651', + name: 'Exposure of WSDL File Containing Sensitive Information', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-652', + name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-653', + name: 'Improper Isolation or Compartmentalization', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-654', + name: 'Reliance on a Single Factor in a Security Decision', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-655', + name: 'Insufficient Psychological Acceptability', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-656', + name: 'Reliance on Security Through Obscurity', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-657', + name: 'Violation of Secure Design Principles', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-66', + name: 'Improper Handling of File Names that Identify Virtual Resources', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-662', + name: 'Improper Synchronization', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-663', + name: 'Use of a Non-reentrant Function in a Concurrent Context', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-664', + name: 'Improper Control of a Resource Through its Lifetime', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-665', + name: 'Improper Initialization', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-666', + name: 'Operation on Resource in Wrong Phase of Lifetime', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-667', + name: 'Improper Locking', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-668', + name: 'Exposure of Resource to Wrong Sphere', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-669', + name: 'Incorrect Resource Transfer Between Spheres', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-67', + name: 'Improper Handling of Windows Device Names', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-670', + name: 'Always-Incorrect Control Flow Implementation', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-671', + name: 'Lack of Administrator Control over Security', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-672', + name: 'Operation on a Resource after Expiration or Release', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-673', + name: 'External Influence of Sphere Definition', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-674', + name: 'Uncontrolled Recursion', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-675', + name: 'Multiple Operations on Resource in Single-Operation Context', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-676', + name: 'Use of Potentially Dangerous Function', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-680', + name: 'Integer Overflow to Buffer Overflow', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-681', + name: 'Incorrect Conversion between Numeric Types', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-682', + name: 'Incorrect Calculation', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-683', + name: 'Function Call With Incorrect Order of Arguments', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-684', + name: 'Incorrect Provision of Specified Functionality', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-685', + name: 'Function Call With Incorrect Number of Arguments', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-686', + name: 'Function Call With Incorrect Argument Type', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-687', + name: 'Function Call With Incorrectly Specified Argument Value', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-688', + name: 'Function Call With Incorrect Variable or Reference as Argument', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-689', + name: 'Permission Race Condition During Resource Copy', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-69', + name: 'Improper Handling of Windows ::DATA Alternate Data Stream', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-690', + name: 'Unchecked Return Value to NULL Pointer Dereference', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-691', + name: 'Insufficient Control Flow Management', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-692', + name: 'Incomplete Denylist to Cross-Site Scripting', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-693', + name: 'Protection Mechanism Failure', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-694', + name: 'Use of Multiple Resources with Duplicate Identifier', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-695', + name: 'Use of Low-Level Functionality', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-696', + name: 'Incorrect Behavior Order', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-697', + name: 'Incorrect Comparison', + status: 'Incomplete', + usage: 'Discouraged', + }, + { + id: 'CWE-698', + name: 'Execution After Redirect (EAR)', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-7', + name: 'J2EE Misconfiguration: Missing Custom Error Page', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-703', + name: 'Improper Check or Handling of Exceptional Conditions', + status: 'Incomplete', + usage: 'Discouraged', + }, + { + id: 'CWE-704', + name: 'Incorrect Type Conversion or Cast', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-705', + name: 'Incorrect Control Flow Scoping', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-706', + name: 'Use of Incorrectly-Resolved Name or Reference', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-707', + name: 'Improper Neutralization', + status: 'Incomplete', + usage: 'Discouraged', + }, + { + id: 'CWE-708', + name: 'Incorrect Ownership Assignment', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-71', + name: "DEPRECATED: Apple '.DS_Store'", + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-710', + name: 'Improper Adherence to Coding Standards', + status: 'Incomplete', + usage: 'Discouraged', + }, + { + id: 'CWE-72', + name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-73', + name: 'External Control of File Name or Path', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-732', + name: 'Incorrect Permission Assignment for Critical Resource', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-733', + name: 'Compiler Optimization Removal or Modification of Security-critical Code', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-74', + name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", + status: 'Incomplete', + usage: 'Discouraged', + }, + { + id: 'CWE-749', + name: 'Exposed Dangerous Method or Function', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-75', + name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-754', + name: 'Improper Check for Unusual or Exceptional Conditions', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-755', + name: 'Improper Handling of Exceptional Conditions', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-756', + name: 'Missing Custom Error Page', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-757', + name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-758', + name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-759', + name: 'Use of a One-Way Hash without a Salt', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-76', + name: 'Improper Neutralization of Equivalent Special Elements', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-760', + name: 'Use of a One-Way Hash with a Predictable Salt', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-761', + name: 'Free of Pointer not at Start of Buffer', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-762', + name: 'Mismatched Memory Management Routines', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-763', + name: 'Release of Invalid Pointer or Reference', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-764', + name: 'Multiple Locks of a Critical Resource', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-765', + name: 'Multiple Unlocks of a Critical Resource', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-766', + name: 'Critical Data Element Declared Public', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-767', + name: 'Access to Critical Private Variable via Public Method', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-768', + name: 'Incorrect Short Circuit Evaluation', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-769', + name: 'DEPRECATED: Uncontrolled File Descriptor Consumption', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-77', + name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-770', + name: 'Allocation of Resources Without Limits or Throttling', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-771', + name: 'Missing Reference to Active Allocated Resource', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-772', + name: 'Missing Release of Resource after Effective Lifetime', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-773', + name: 'Missing Reference to Active File Descriptor or Handle', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-774', + name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-775', + name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-776', + name: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-777', + name: 'Regular Expression without Anchors', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-778', + name: 'Insufficient Logging', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-779', + name: 'Logging of Excessive Data', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-78', + name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-780', + name: 'Use of RSA Algorithm without OAEP', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-781', + name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-782', + name: 'Exposed IOCTL with Insufficient Access Control', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-783', + name: 'Operator Precedence Logic Error', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-784', + name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-785', + name: 'Use of Path Manipulation Function without Maximum-sized Buffer', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-786', + name: 'Access of Memory Location Before Start of Buffer', + status: 'Incomplete', + usage: 'Discouraged', + }, + { + id: 'CWE-787', + name: 'Out-of-bounds Write', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-788', + name: 'Access of Memory Location After End of Buffer', + status: 'Incomplete', + usage: 'Discouraged', + }, + { + id: 'CWE-789', + name: 'Memory Allocation with Excessive Size Value', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-79', + name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-790', + name: 'Improper Filtering of Special Elements', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-791', + name: 'Incomplete Filtering of Special Elements', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-792', + name: 'Incomplete Filtering of One or More Instances of Special Elements', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-793', + name: 'Only Filtering One Instance of a Special Element', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-794', + name: 'Incomplete Filtering of Multiple Instances of Special Elements', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-795', + name: 'Only Filtering Special Elements at a Specified Location', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-796', + name: 'Only Filtering Special Elements Relative to a Marker', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-797', + name: 'Only Filtering Special Elements at an Absolute Position', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-798', + name: 'Use of Hard-coded Credentials', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-799', + name: 'Improper Control of Interaction Frequency', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-8', + name: 'J2EE Misconfiguration: Entity Bean Declared Remote', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-80', + name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-804', + name: 'Guessable CAPTCHA', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-805', + name: 'Buffer Access with Incorrect Length Value', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-806', + name: 'Buffer Access Using Size of Source Buffer', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-807', + name: 'Reliance on Untrusted Inputs in a Security Decision', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-81', + name: 'Improper Neutralization of Script in an Error Message Web Page', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-82', + name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-820', + name: 'Missing Synchronization', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-821', + name: 'Incorrect Synchronization', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-822', + name: 'Untrusted Pointer Dereference', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-823', + name: 'Use of Out-of-range Pointer Offset', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-824', + name: 'Access of Uninitialized Pointer', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-825', + name: 'Expired Pointer Dereference', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-826', + name: 'Premature Release of Resource During Expected Lifetime', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-827', + name: 'Improper Control of Document Type Definition', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-828', + name: 'Signal Handler with Functionality that is not Asynchronous-Safe', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-829', + name: 'Inclusion of Functionality from Untrusted Control Sphere', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-83', + name: 'Improper Neutralization of Script in Attributes in a Web Page', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-830', + name: 'Inclusion of Web Functionality from an Untrusted Source', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-831', + name: 'Signal Handler Function Associated with Multiple Signals', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-832', + name: 'Unlock of a Resource that is not Locked', + status: 'Incomplete', + usage: 'Allowed', + }, + { id: 'CWE-833', name: 'Deadlock', status: 'Incomplete', usage: 'Allowed' }, + { + id: 'CWE-834', + name: 'Excessive Iteration', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-835', + name: "Loop with Unreachable Exit Condition ('Infinite Loop')", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-836', + name: 'Use of Password Hash Instead of Password for Authentication', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-837', + name: 'Improper Enforcement of a Single, Unique Action', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-838', + name: 'Inappropriate Encoding for Output Context', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-839', + name: 'Numeric Range Comparison Without Minimum Check', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-84', + name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-841', + name: 'Improper Enforcement of Behavioral Workflow', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-842', + name: 'Placement of User into Incorrect Group', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-843', + name: "Access of Resource Using Incompatible Type ('Type Confusion')", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-85', + name: 'Doubled Character XSS Manipulations', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-86', + name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-862', + name: 'Missing Authorization', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-863', + name: 'Incorrect Authorization', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-87', + name: 'Improper Neutralization of Alternate XSS Syntax', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-88', + name: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-89', + name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-9', + name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-90', + name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-908', + name: 'Use of Uninitialized Resource', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-909', + name: 'Missing Initialization of Resource', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-91', + name: 'XML Injection (aka Blind XPath Injection)', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-910', + name: 'Use of Expired File Descriptor', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-911', + name: 'Improper Update of Reference Count', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-912', + name: 'Hidden Functionality', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-913', + name: 'Improper Control of Dynamically-Managed Code Resources', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-914', + name: 'Improper Control of Dynamically-Identified Variables', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-915', + name: 'Improperly Controlled Modification of Dynamically-Determined Object Attributes', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-916', + name: 'Use of Password Hash With Insufficient Computational Effort', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-917', + name: "Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-918', + name: 'Server-Side Request Forgery (SSRF)', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-92', + name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-920', + name: 'Improper Restriction of Power Consumption', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-921', + name: 'Storage of Sensitive Data in a Mechanism without Access Control', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-922', + name: 'Insecure Storage of Sensitive Information', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-923', + name: 'Improper Restriction of Communication Channel to Intended Endpoints', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-924', + name: 'Improper Enforcement of Message Integrity During Transmission in a Communication Channel', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-925', + name: 'Improper Verification of Intent by Broadcast Receiver', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-926', + name: 'Improper Export of Android Application Components', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-927', + name: 'Use of Implicit Intent for Sensitive Communication', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-93', + name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-939', + name: 'Improper Authorization in Handler for Custom URL Scheme', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-94', + name: "Improper Control of Generation of Code ('Code Injection')", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-940', + name: 'Improper Verification of Source of a Communication Channel', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-941', + name: 'Incorrectly Specified Destination in a Communication Channel', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-942', + name: 'Permissive Cross-domain Policy with Untrusted Domains', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-943', + name: 'Improper Neutralization of Special Elements in Data Query Logic', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-95', + name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-96', + name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-97', + name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-98', + name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-99', + name: "Improper Control of Resource Identifiers ('Resource Injection')", + status: 'Draft', + usage: 'Allowed-with-Review', + }, + ], +} diff --git a/lib/cwec/4.14.js b/lib/cwec/4.14.js new file mode 100644 index 00000000..e5d77429 --- /dev/null +++ b/lib/cwec/4.14.js @@ -0,0 +1,5758 @@ +export default { + date: '2024-02-29', + weaknesses: [ + { + id: 'CWE-1004', + name: "Sensitive Cookie Without 'HttpOnly' Flag", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1007', + name: 'Insufficient Visual Distinction of Homoglyphs Presented to User', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-102', + name: 'Struts: Duplicate Validation Forms', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1021', + name: 'Improper Restriction of Rendered UI Layers or Frames', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1022', + name: 'Use of Web Link to Untrusted Target with window.opener Access', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1023', + name: 'Incomplete Comparison with Missing Factors', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1024', + name: 'Comparison of Incompatible Types', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1025', + name: 'Comparison Using Wrong Factors', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-103', + name: 'Struts: Incomplete validate() Method Definition', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1037', + name: 'Processor Optimization Removal or Modification of Security-critical Code', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1038', + name: 'Insecure Automated Optimizations', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1039', + name: 'Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-104', + name: 'Struts: Form Bean Does Not Extend Validation Class', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1041', + name: 'Use of Redundant Code', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1042', + name: 'Static Member Data Element outside of a Singleton Class Element', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1043', + name: 'Data Element Aggregating an Excessively Large Number of Non-Primitive Elements', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1044', + name: 'Architecture with Number of Horizontal Layers Outside of Expected Range', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1045', + name: 'Parent Class with a Virtual Destructor and a Child Class without a Virtual Destructor', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1046', + name: 'Creation of Immutable Text Using String Concatenation', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1047', + name: 'Modules with Circular Dependencies', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1048', + name: 'Invokable Control Element with Large Number of Outward Calls', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1049', + name: 'Excessive Data Query Operations in a Large Data Table', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-105', + name: 'Struts: Form Field Without Validator', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1050', + name: 'Excessive Platform Resource Consumption within a Loop', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1051', + name: 'Initialization with Hard-Coded Network Resource Configuration Data', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1052', + name: 'Excessive Use of Hard-Coded Literals in Initialization', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1053', + name: 'Missing Documentation for Design', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1054', + name: 'Invocation of a Control Element at an Unnecessarily Deep Horizontal Layer', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1055', + name: 'Multiple Inheritance from Concrete Classes', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1056', + name: 'Invokable Control Element with Variadic Parameters', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1057', + name: 'Data Access Operations Outside of Expected Data Manager Component', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1058', + name: 'Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1059', + name: 'Insufficient Technical Documentation', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-106', + name: 'Struts: Plug-in Framework not in Use', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1060', + name: 'Excessive Number of Inefficient Server-Side Data Accesses', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1061', + name: 'Insufficient Encapsulation', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1062', + name: 'Parent Class with References to Child Class', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1063', + name: 'Creation of Class Instance within a Static Code Block', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1064', + name: 'Invokable Control Element with Signature Containing an Excessive Number of Parameters', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1065', + name: 'Runtime Resource Management Control Element in a Component Built to Run on Application Servers', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1066', + name: 'Missing Serialization Control Element', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1067', + name: 'Excessive Execution of Sequential Searches of Data Resource', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1068', + name: 'Inconsistency Between Implementation and Documented Design', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1069', + name: 'Empty Exception Block', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-107', + name: 'Struts: Unused Validation Form', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1070', + name: 'Serializable Data Element Containing non-Serializable Item Elements', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1071', + name: 'Empty Code Block', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1072', + name: 'Data Resource Access without Use of Connection Pooling', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1073', + name: 'Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1074', + name: 'Class with Excessively Deep Inheritance', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1075', + name: 'Unconditional Control Flow Transfer outside of Switch Block', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1076', + name: 'Insufficient Adherence to Expected Conventions', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1077', + name: 'Floating Point Comparison with Incorrect Operator', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1078', + name: 'Inappropriate Source Code Style or Formatting', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1079', + name: 'Parent Class without Virtual Destructor Method', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-108', + name: 'Struts: Unvalidated Action Form', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1080', + name: 'Source Code File with Excessive Number of Lines of Code', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1082', + name: 'Class Instance Self Destruction Control Element', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1083', + name: 'Data Access from Outside Expected Data Manager Component', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1084', + name: 'Invokable Control Element with Excessive File or Data Access Operations', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1085', + name: 'Invokable Control Element with Excessive Volume of Commented-out Code', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1086', + name: 'Class with Excessive Number of Child Classes', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1087', + name: 'Class with Virtual Method without a Virtual Destructor', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1088', + name: 'Synchronous Access of Remote Resource without Timeout', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1089', + name: 'Large Data Table with Excessive Number of Indices', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-109', + name: 'Struts: Validator Turned Off', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1090', + name: 'Method Containing Access of a Member Element from Another Class', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1091', + name: 'Use of Object without Invoking Destructor Method', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1092', + name: 'Use of Same Invokable Control Element in Multiple Architectural Layers', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1093', + name: 'Excessively Complex Data Representation', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1094', + name: 'Excessive Index Range Scan for a Data Resource', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1095', + name: 'Loop Condition Value Update within the Loop', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1096', + name: 'Singleton Class Instance Creation without Proper Locking or Synchronization', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1097', + name: 'Persistent Storable Data Element without Associated Comparison Control Element', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1098', + name: 'Data Element containing Pointer Item without Proper Copy Control Element', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1099', + name: 'Inconsistent Naming Conventions for Identifiers', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-11', + name: 'ASP.NET Misconfiguration: Creating Debug Binary', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-110', + name: 'Struts: Validator Without Form Field', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1100', + name: 'Insufficient Isolation of System-Dependent Functions', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1101', + name: 'Reliance on Runtime Component in Generated Code', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1102', + name: 'Reliance on Machine-Dependent Data Representation', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1103', + name: 'Use of Platform-Dependent Third Party Components', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1104', + name: 'Use of Unmaintained Third Party Components', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1105', + name: 'Insufficient Encapsulation of Machine-Dependent Functionality', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1106', + name: 'Insufficient Use of Symbolic Constants', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1107', + name: 'Insufficient Isolation of Symbolic Constant Definitions', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1108', + name: 'Excessive Reliance on Global Variables', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1109', + name: 'Use of Same Variable for Multiple Purposes', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-111', + name: 'Direct Use of Unsafe JNI', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1110', + name: 'Incomplete Design Documentation', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1111', + name: 'Incomplete I/O Documentation', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1112', + name: 'Incomplete Documentation of Program Execution', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1113', + name: 'Inappropriate Comment Style', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1114', + name: 'Inappropriate Whitespace Style', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1115', + name: 'Source Code Element without Standard Prologue', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1116', + name: 'Inaccurate Comments', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1117', + name: 'Callable with Insufficient Behavioral Summary', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1118', + name: 'Insufficient Documentation of Error Handling Techniques', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1119', + name: 'Excessive Use of Unconditional Branching', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-112', + name: 'Missing XML Validation', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1120', + name: 'Excessive Code Complexity', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1121', + name: 'Excessive McCabe Cyclomatic Complexity', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1122', + name: 'Excessive Halstead Complexity', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1123', + name: 'Excessive Use of Self-Modifying Code', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1124', + name: 'Excessively Deep Nesting', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1125', + name: 'Excessive Attack Surface', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1126', + name: 'Declaration of Variable with Unnecessarily Wide Scope', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1127', + name: 'Compilation with Insufficient Warnings or Errors', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-113', + name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-114', + name: 'Process Control', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-115', + name: 'Misinterpretation of Input', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-116', + name: 'Improper Encoding or Escaping of Output', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1164', + name: 'Irrelevant Code', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-117', + name: 'Improper Output Neutralization for Logs', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1173', + name: 'Improper Use of Validation Framework', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1174', + name: 'ASP.NET Misconfiguration: Improper Model Validation', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1176', + name: 'Inefficient CPU Computation', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1177', + name: 'Use of Prohibited Code', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-118', + name: "Incorrect Access of Indexable Resource ('Range Error')", + status: 'Incomplete', + usage: 'Discouraged', + }, + { + id: 'CWE-1187', + name: 'DEPRECATED: Use of Uninitialized Resource', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-1188', + name: 'Initialization of a Resource with an Insecure Default', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1189', + name: 'Improper Isolation of Shared Resources on System-on-a-Chip (SoC)', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-119', + name: 'Improper Restriction of Operations within the Bounds of a Memory Buffer', + status: 'Stable', + usage: 'Discouraged', + }, + { + id: 'CWE-1190', + name: 'DMA Device Enabled Too Early in Boot Phase', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1191', + name: 'On-Chip Debug and Test Interface With Improper Access Control', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-1192', + name: 'Improper Identifier for IP Block used in System-On-Chip (SOC)', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1193', + name: 'Power-On of Untrusted Execution Core Before Enabling Fabric Access Control', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-12', + name: 'ASP.NET Misconfiguration: Missing Custom Error Page', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-120', + name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1204', + name: 'Generation of Weak Initialization Vector (IV)', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1209', + name: 'Failure to Disable Reserved Bits', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-121', + name: 'Stack-based Buffer Overflow', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-122', + name: 'Heap-based Buffer Overflow', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1220', + name: 'Insufficient Granularity of Access Control', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1221', + name: 'Incorrect Register Defaults or Module Parameters', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1222', + name: 'Insufficient Granularity of Address Regions Protected by Register Locks', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1223', + name: 'Race Condition for Write-Once Attributes', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1224', + name: 'Improper Restriction of Write-Once Bit Fields', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1229', + name: 'Creation of Emergent Resource', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-123', + name: 'Write-what-where Condition', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1230', + name: 'Exposure of Sensitive Information Through Metadata', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1231', + name: 'Improper Prevention of Lock Bit Modification', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-1232', + name: 'Improper Lock Behavior After Power State Transition', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1233', + name: 'Security-Sensitive Hardware Controls with Missing Lock Bit Protection', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-1234', + name: 'Hardware Internal or Debug Modes Allow Override of Locks', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1235', + name: 'Incorrect Use of Autoboxing and Unboxing for Performance Critical Operations', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1236', + name: 'Improper Neutralization of Formula Elements in a CSV File', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1239', + name: 'Improper Zeroization of Hardware Register', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-124', + name: "Buffer Underwrite ('Buffer Underflow')", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1240', + name: 'Use of a Cryptographic Primitive with a Risky Implementation', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1241', + name: 'Use of Predictable Algorithm in Random Number Generator', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1242', + name: 'Inclusion of Undocumented Features or Chicken Bits', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1243', + name: 'Sensitive Non-Volatile Information Not Protected During Debug', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1244', + name: 'Internal Asset Exposed to Unsafe Debug Access Level or State', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-1245', + name: 'Improper Finite State Machines (FSMs) in Hardware Logic', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1246', + name: 'Improper Write Handling in Limited-write Non-Volatile Memories', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1247', + name: 'Improper Protection Against Voltage and Clock Glitches', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-1248', + name: 'Semiconductor Defects in Hardware Logic with Security-Sensitive Implications', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1249', + name: 'Application-Level Admin Tool with Inconsistent View of Underlying Operating System', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-125', + name: 'Out-of-bounds Read', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1250', + name: 'Improper Preservation of Consistency Between Independent Representations of Shared State', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1251', + name: 'Mirrored Regions with Different Values', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1252', + name: 'CPU Hardware Not Configured to Support Exclusivity of Write and Execute Operations', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1253', + name: 'Incorrect Selection of Fuse Values', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1254', + name: 'Incorrect Comparison Logic Granularity', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1255', + name: 'Comparison Logic is Vulnerable to Power Side-Channel Attacks', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1256', + name: 'Improper Restriction of Software Interfaces to Hardware Features', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-1257', + name: 'Improper Access Control Applied to Mirrored or Aliased Memory Regions', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1258', + name: 'Exposure of Sensitive System Information Due to Uncleared Debug Information', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1259', + name: 'Improper Restriction of Security Token Assignment', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-126', + name: 'Buffer Over-read', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1260', + name: 'Improper Handling of Overlap Between Protected Memory Ranges', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-1261', + name: 'Improper Handling of Single Event Upsets', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1262', + name: 'Improper Access Control for Register Interface', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-1263', + name: 'Improper Physical Access Control', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1264', + name: 'Hardware Logic with Insecure De-Synchronization between Control and Data Channels', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1265', + name: 'Unintended Reentrant Invocation of Non-reentrant Code Via Nested Calls', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1266', + name: 'Improper Scrubbing of Sensitive Data from Decommissioned Device', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1267', + name: 'Policy Uses Obsolete Encoding', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1268', + name: 'Policy Privileges are not Assigned Consistently Between Control and Data Agents', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1269', + name: 'Product Released in Non-Release Configuration', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-127', + name: 'Buffer Under-read', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1270', + name: 'Generation of Incorrect Security Tokens', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1271', + name: 'Uninitialized Value on Reset for Registers Holding Security Settings', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1272', + name: 'Sensitive Information Uncleared Before Debug/Power State Transition', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-1273', + name: 'Device Unlock Credential Sharing', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1274', + name: 'Improper Access Control for Volatile Memory Containing Boot Code', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-1275', + name: 'Sensitive Cookie with Improper SameSite Attribute', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1276', + name: 'Hardware Child Block Incorrectly Connected to Parent System', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1277', + name: 'Firmware Not Updateable', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1278', + name: 'Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1279', + name: 'Cryptographic Operations are run Before Supporting Units are Ready', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-128', + name: 'Wrap-around Error', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1280', + name: 'Access Control Check Implemented After Asset is Accessed', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1281', + name: 'Sequence of Processor Instructions Leads to Unexpected Behavior', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1282', + name: 'Assumed-Immutable Data is Stored in Writable Memory', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1283', + name: 'Mutable Attestation or Measurement Reporting Data', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1284', + name: 'Improper Validation of Specified Quantity in Input', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1285', + name: 'Improper Validation of Specified Index, Position, or Offset in Input', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1286', + name: 'Improper Validation of Syntactic Correctness of Input', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1287', + name: 'Improper Validation of Specified Type of Input', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1288', + name: 'Improper Validation of Consistency within Input', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1289', + name: 'Improper Validation of Unsafe Equivalence in Input', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-129', + name: 'Improper Validation of Array Index', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1290', + name: 'Incorrect Decoding of Security Identifiers ', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1291', + name: 'Public Key Re-Use for Signing both Debug and Production Code', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1292', + name: 'Incorrect Conversion of Security Identifiers', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1293', + name: 'Missing Source Correlation of Multiple Independent Data', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1294', + name: 'Insecure Security Identifier Mechanism', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1295', + name: 'Debug Messages Revealing Unnecessary Information', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1296', + name: 'Incorrect Chaining or Granularity of Debug Components', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1297', + name: 'Unprotected Confidential Information on Device is Accessible by OSAT Vendors', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1298', + name: 'Hardware Logic Contains Race Conditions', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1299', + name: 'Missing Protection Mechanism for Alternate Hardware Interface', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-13', + name: 'ASP.NET Misconfiguration: Password in Configuration File', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-130', + name: 'Improper Handling of Length Parameter Inconsistency', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1300', + name: 'Improper Protection of Physical Side Channels', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-1301', + name: 'Insufficient or Incomplete Data Removal within Hardware Component', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1302', + name: 'Missing Source Identifier in Entity Transactions on a System-On-Chip (SOC)', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1303', + name: 'Non-Transparent Sharing of Microarchitectural Resources', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1304', + name: 'Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-131', + name: 'Incorrect Calculation of Buffer Size', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1310', + name: 'Missing Ability to Patch ROM Code', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1311', + name: 'Improper Translation of Security Attributes by Fabric Bridge', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1312', + name: 'Missing Protection for Mirrored Regions in On-Chip Fabric Firewall', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1313', + name: 'Hardware Allows Activation of Test or Debug Logic at Runtime', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1314', + name: 'Missing Write Protection for Parametric Data Values', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1315', + name: 'Improper Setting of Bus Controlling Capability in Fabric End-point', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1316', + name: 'Fabric-Address Map Allows Programming of Unwarranted Overlaps of Protected and Unprotected Ranges', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1317', + name: 'Improper Access Control in Fabric Bridge', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1318', + name: 'Missing Support for Security Features in On-chip Fabrics or Buses', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1319', + name: 'Improper Protection against Electromagnetic Fault Injection (EM-FI)', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-132', + name: 'DEPRECATED: Miscalculated Null Termination', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-1320', + name: 'Improper Protection for Outbound Error Messages and Alert Signals', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1321', + name: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1322', + name: 'Use of Blocking Code in Single-threaded, Non-blocking Context', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1323', + name: 'Improper Management of Sensitive Trace Data', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1324', + name: 'DEPRECATED: Sensitive Information Accessible by Physical Probing of JTAG Interface', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-1325', + name: 'Improperly Controlled Sequential Memory Allocation', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1326', + name: 'Missing Immutable Root of Trust in Hardware', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1327', + name: 'Binding to an Unrestricted IP Address', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1328', + name: 'Security Version Number Mutable to Older Versions', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1329', + name: 'Reliance on Component That is Not Updateable', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1330', + name: 'Remanent Data Readable after Memory Erase', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1331', + name: 'Improper Isolation of Shared Resources in Network On Chip (NoC)', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-1332', + name: 'Improper Handling of Faults that Lead to Instruction Skips', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-1333', + name: 'Inefficient Regular Expression Complexity', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1334', + name: 'Unauthorized Error Injection Can Degrade Hardware Redundancy', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1335', + name: 'Incorrect Bitwise Shift of Integer', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1336', + name: 'Improper Neutralization of Special Elements Used in a Template Engine', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1338', + name: 'Improper Protections Against Hardware Overheating', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1339', + name: 'Insufficient Precision or Accuracy of a Real Number', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-134', + name: 'Use of Externally-Controlled Format String', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1341', + name: 'Multiple Releases of Same Resource or Handle', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1342', + name: 'Information Exposure through Microarchitectural State after Transient Execution', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-135', + name: 'Incorrect Calculation of Multi-Byte String Length', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1351', + name: 'Improper Handling of Hardware Behavior in Exceptionally Cold Environments', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1357', + name: 'Reliance on Insufficiently Trustworthy Component', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-138', + name: 'Improper Neutralization of Special Elements', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-1384', + name: 'Improper Handling of Physical or Environmental Conditions', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1385', + name: 'Missing Origin Validation in WebSockets', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1386', + name: 'Insecure Operation on Windows Junction / Mount Point', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1389', + name: 'Incorrect Parsing of Numbers with Different Radices', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1390', + name: 'Weak Authentication', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1391', + name: 'Use of Weak Credentials', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1392', + name: 'Use of Default Credentials', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1393', + name: 'Use of Default Password', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1394', + name: 'Use of Default Cryptographic Key', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1395', + name: 'Dependency on Vulnerable Third-Party Component', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-14', + name: 'Compiler Removal of Code to Clear Buffers', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-140', + name: 'Improper Neutralization of Delimiters', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-141', + name: 'Improper Neutralization of Parameter/Argument Delimiters', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1419', + name: 'Incorrect Initialization of Resource', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-142', + name: 'Improper Neutralization of Value Delimiters', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1420', + name: 'Exposure of Sensitive Information during Transient Execution', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1421', + name: 'Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1422', + name: 'Exposure of Sensitive Information caused by Incorrect Data Forwarding during Transient Execution', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1423', + name: 'Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Transient Execution', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-143', + name: 'Improper Neutralization of Record Delimiters', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-144', + name: 'Improper Neutralization of Line Delimiters', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-145', + name: 'Improper Neutralization of Section Delimiters', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-146', + name: 'Improper Neutralization of Expression/Command Delimiters', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-147', + name: 'Improper Neutralization of Input Terminators', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-148', + name: 'Improper Neutralization of Input Leaders', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-149', + name: 'Improper Neutralization of Quoting Syntax', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-15', + name: 'External Control of System or Configuration Setting', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-150', + name: 'Improper Neutralization of Escape, Meta, or Control Sequences', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-151', + name: 'Improper Neutralization of Comment Delimiters', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-152', + name: 'Improper Neutralization of Macro Symbols', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-153', + name: 'Improper Neutralization of Substitution Characters', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-154', + name: 'Improper Neutralization of Variable Name Delimiters', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-155', + name: 'Improper Neutralization of Wildcards or Matching Symbols', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-156', + name: 'Improper Neutralization of Whitespace', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-157', + name: 'Failure to Sanitize Paired Delimiters', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-158', + name: 'Improper Neutralization of Null Byte or NUL Character', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-159', + name: 'Improper Handling of Invalid Use of Special Elements', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-160', + name: 'Improper Neutralization of Leading Special Elements', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-161', + name: 'Improper Neutralization of Multiple Leading Special Elements', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-162', + name: 'Improper Neutralization of Trailing Special Elements', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-163', + name: 'Improper Neutralization of Multiple Trailing Special Elements', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-164', + name: 'Improper Neutralization of Internal Special Elements', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-165', + name: 'Improper Neutralization of Multiple Internal Special Elements', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-166', + name: 'Improper Handling of Missing Special Element', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-167', + name: 'Improper Handling of Additional Special Element', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-168', + name: 'Improper Handling of Inconsistent Special Elements', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-170', + name: 'Improper Null Termination', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-172', + name: 'Encoding Error', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-173', + name: 'Improper Handling of Alternate Encoding', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-174', + name: 'Double Decoding of the Same Data', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-175', + name: 'Improper Handling of Mixed Encoding', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-176', + name: 'Improper Handling of Unicode Encoding', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-177', + name: 'Improper Handling of URL Encoding (Hex Encoding)', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-178', + name: 'Improper Handling of Case Sensitivity', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-179', + name: 'Incorrect Behavior Order: Early Validation', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-180', + name: 'Incorrect Behavior Order: Validate Before Canonicalize', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-181', + name: 'Incorrect Behavior Order: Validate Before Filter', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-182', + name: 'Collapse of Data into Unsafe Value', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-183', + name: 'Permissive List of Allowed Inputs', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-184', + name: 'Incomplete List of Disallowed Inputs', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-185', + name: 'Incorrect Regular Expression', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-186', + name: 'Overly Restrictive Regular Expression', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-187', + name: 'Partial String Comparison', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-188', + name: 'Reliance on Data/Memory Layout', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-190', + name: 'Integer Overflow or Wraparound', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-191', + name: 'Integer Underflow (Wrap or Wraparound)', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-192', + name: 'Integer Coercion Error', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-193', + name: 'Off-by-one Error', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-194', + name: 'Unexpected Sign Extension', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-195', + name: 'Signed to Unsigned Conversion Error', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-196', + name: 'Unsigned to Signed Conversion Error', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-197', + name: 'Numeric Truncation Error', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-198', + name: 'Use of Incorrect Byte Ordering', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-20', + name: 'Improper Input Validation', + status: 'Stable', + usage: 'Discouraged', + }, + { + id: 'CWE-200', + name: 'Exposure of Sensitive Information to an Unauthorized Actor', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-201', + name: 'Insertion of Sensitive Information Into Sent Data', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-202', + name: 'Exposure of Sensitive Information Through Data Queries', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-203', + name: 'Observable Discrepancy', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-204', + name: 'Observable Response Discrepancy', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-205', + name: 'Observable Behavioral Discrepancy', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-206', + name: 'Observable Internal Behavioral Discrepancy', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-207', + name: 'Observable Behavioral Discrepancy With Equivalent Products', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-208', + name: 'Observable Timing Discrepancy', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-209', + name: 'Generation of Error Message Containing Sensitive Information', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-210', + name: 'Self-generated Error Message Containing Sensitive Information', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-211', + name: 'Externally-Generated Error Message Containing Sensitive Information', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-212', + name: 'Improper Removal of Sensitive Information Before Storage or Transfer', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-213', + name: 'Exposure of Sensitive Information Due to Incompatible Policies', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-214', + name: 'Invocation of Process Using Visible Sensitive Information', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-215', + name: 'Insertion of Sensitive Information Into Debugging Code', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-216', + name: 'DEPRECATED: Containment Errors (Container Errors)', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-217', + name: 'DEPRECATED: Failure to Protect Stored Data from Modification', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-218', + name: 'DEPRECATED: Failure to provide confidentiality for stored data', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-219', + name: 'Storage of File with Sensitive Data Under Web Root', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-22', + name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-220', + name: 'Storage of File With Sensitive Data Under FTP Root', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-221', + name: 'Information Loss or Omission', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-222', + name: 'Truncation of Security-relevant Information', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-223', + name: 'Omission of Security-relevant Information', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-224', + name: 'Obscured Security-relevant Information by Alternate Name', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-225', + name: 'DEPRECATED: General Information Management Problems', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-226', + name: 'Sensitive Information in Resource Not Removed Before Reuse', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-228', + name: 'Improper Handling of Syntactically Invalid Structure', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-229', + name: 'Improper Handling of Values', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-23', + name: 'Relative Path Traversal', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-230', + name: 'Improper Handling of Missing Values', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-231', + name: 'Improper Handling of Extra Values', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-232', + name: 'Improper Handling of Undefined Values', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-233', + name: 'Improper Handling of Parameters', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-234', + name: 'Failure to Handle Missing Parameter', + status: 'Incomplete', + usage: 'Discouraged', + }, + { + id: 'CWE-235', + name: 'Improper Handling of Extra Parameters', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-236', + name: 'Improper Handling of Undefined Parameters', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-237', + name: 'Improper Handling of Structural Elements', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-238', + name: 'Improper Handling of Incomplete Structural Elements', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-239', + name: 'Failure to Handle Incomplete Element', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-24', + name: "Path Traversal: '../filedir'", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-240', + name: 'Improper Handling of Inconsistent Structural Elements', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-241', + name: 'Improper Handling of Unexpected Data Type', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-242', + name: 'Use of Inherently Dangerous Function', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-243', + name: 'Creation of chroot Jail Without Changing Working Directory', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-244', + name: "Improper Clearing of Heap Memory Before Release ('Heap Inspection')", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-245', + name: 'J2EE Bad Practices: Direct Management of Connections', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-246', + name: 'J2EE Bad Practices: Direct Use of Sockets', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-247', + name: 'DEPRECATED: Reliance on DNS Lookups in a Security Decision', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-248', + name: 'Uncaught Exception', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-249', + name: 'DEPRECATED: Often Misused: Path Manipulation', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-25', + name: "Path Traversal: '/../filedir'", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-250', + name: 'Execution with Unnecessary Privileges', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-252', + name: 'Unchecked Return Value', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-253', + name: 'Incorrect Check of Function Return Value', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-256', + name: 'Plaintext Storage of a Password', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-257', + name: 'Storing Passwords in a Recoverable Format', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-258', + name: 'Empty Password in Configuration File', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-259', + name: 'Use of Hard-coded Password', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-26', + name: "Path Traversal: '/dir/../filename'", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-260', + name: 'Password in Configuration File', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-261', + name: 'Weak Encoding for Password', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-262', + name: 'Not Using Password Aging', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-263', + name: 'Password Aging with Long Expiration', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-266', + name: 'Incorrect Privilege Assignment', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-267', + name: 'Privilege Defined With Unsafe Actions', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-268', + name: 'Privilege Chaining', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-269', + name: 'Improper Privilege Management', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-27', + name: "Path Traversal: 'dir/../../filename'", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-270', + name: 'Privilege Context Switching Error', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-271', + name: 'Privilege Dropping / Lowering Errors', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-272', + name: 'Least Privilege Violation', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-273', + name: 'Improper Check for Dropped Privileges', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-274', + name: 'Improper Handling of Insufficient Privileges', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-276', + name: 'Incorrect Default Permissions', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-277', + name: 'Insecure Inherited Permissions', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-278', + name: 'Insecure Preserved Inherited Permissions', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-279', + name: 'Incorrect Execution-Assigned Permissions', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-28', + name: "Path Traversal: '..\\filedir'", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-280', + name: 'Improper Handling of Insufficient Permissions or Privileges ', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-281', + name: 'Improper Preservation of Permissions', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-282', + name: 'Improper Ownership Management', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-283', + name: 'Unverified Ownership', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-284', + name: 'Improper Access Control', + status: 'Incomplete', + usage: 'Discouraged', + }, + { + id: 'CWE-285', + name: 'Improper Authorization', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-286', + name: 'Incorrect User Management', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-287', + name: 'Improper Authentication', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-288', + name: 'Authentication Bypass Using an Alternate Path or Channel', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-289', + name: 'Authentication Bypass by Alternate Name', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-29', + name: "Path Traversal: '\\..\\filename'", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-290', + name: 'Authentication Bypass by Spoofing', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-291', + name: 'Reliance on IP Address for Authentication', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-292', + name: 'DEPRECATED: Trusting Self-reported DNS Name', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-293', + name: 'Using Referer Field for Authentication', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-294', + name: 'Authentication Bypass by Capture-replay', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-295', + name: 'Improper Certificate Validation', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-296', + name: "Improper Following of a Certificate's Chain of Trust", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-297', + name: 'Improper Validation of Certificate with Host Mismatch', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-298', + name: 'Improper Validation of Certificate Expiration', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-299', + name: 'Improper Check for Certificate Revocation', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-30', + name: "Path Traversal: '\\dir\\..\\filename'", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-300', + name: 'Channel Accessible by Non-Endpoint', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-301', + name: 'Reflection Attack in an Authentication Protocol', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-302', + name: 'Authentication Bypass by Assumed-Immutable Data', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-303', + name: 'Incorrect Implementation of Authentication Algorithm', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-304', + name: 'Missing Critical Step in Authentication', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-305', + name: 'Authentication Bypass by Primary Weakness', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-306', + name: 'Missing Authentication for Critical Function', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-307', + name: 'Improper Restriction of Excessive Authentication Attempts', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-308', + name: 'Use of Single-factor Authentication', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-309', + name: 'Use of Password System for Primary Authentication', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-31', + name: "Path Traversal: 'dir\\..\\..\\filename'", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-311', + name: 'Missing Encryption of Sensitive Data', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-312', + name: 'Cleartext Storage of Sensitive Information', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-313', + name: 'Cleartext Storage in a File or on Disk', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-314', + name: 'Cleartext Storage in the Registry', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-315', + name: 'Cleartext Storage of Sensitive Information in a Cookie', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-316', + name: 'Cleartext Storage of Sensitive Information in Memory', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-317', + name: 'Cleartext Storage of Sensitive Information in GUI', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-318', + name: 'Cleartext Storage of Sensitive Information in Executable', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-319', + name: 'Cleartext Transmission of Sensitive Information', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-32', + name: "Path Traversal: '...' (Triple Dot)", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-321', + name: 'Use of Hard-coded Cryptographic Key', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-322', + name: 'Key Exchange without Entity Authentication', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-323', + name: 'Reusing a Nonce, Key Pair in Encryption', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-324', + name: 'Use of a Key Past its Expiration Date', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-325', + name: 'Missing Cryptographic Step', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-326', + name: 'Inadequate Encryption Strength', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-327', + name: 'Use of a Broken or Risky Cryptographic Algorithm', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-328', + name: 'Use of Weak Hash', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-329', + name: 'Generation of Predictable IV with CBC Mode', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-33', + name: "Path Traversal: '....' (Multiple Dot)", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-330', + name: 'Use of Insufficiently Random Values', + status: 'Stable', + usage: 'Discouraged', + }, + { + id: 'CWE-331', + name: 'Insufficient Entropy', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-332', + name: 'Insufficient Entropy in PRNG', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-333', + name: 'Improper Handling of Insufficient Entropy in TRNG', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-334', + name: 'Small Space of Random Values', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-335', + name: 'Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-336', + name: 'Same Seed in Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-337', + name: 'Predictable Seed in Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-338', + name: 'Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-339', + name: 'Small Seed Space in PRNG', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-34', + name: "Path Traversal: '....//'", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-340', + name: 'Generation of Predictable Numbers or Identifiers', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-341', + name: 'Predictable from Observable State', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-342', + name: 'Predictable Exact Value from Previous Values', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-343', + name: 'Predictable Value Range from Previous Values', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-344', + name: 'Use of Invariant Value in Dynamically Changing Context', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-345', + name: 'Insufficient Verification of Data Authenticity', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-346', + name: 'Origin Validation Error', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-347', + name: 'Improper Verification of Cryptographic Signature', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-348', + name: 'Use of Less Trusted Source', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-349', + name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-35', + name: "Path Traversal: '.../...//'", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-350', + name: 'Reliance on Reverse DNS Resolution for a Security-Critical Action', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-351', + name: 'Insufficient Type Distinction', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-352', + name: 'Cross-Site Request Forgery (CSRF)', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-353', + name: 'Missing Support for Integrity Check', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-354', + name: 'Improper Validation of Integrity Check Value', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-356', + name: 'Product UI does not Warn User of Unsafe Actions', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-357', + name: 'Insufficient UI Warning of Dangerous Operations', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-358', + name: 'Improperly Implemented Security Check for Standard', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-359', + name: 'Exposure of Private Personal Information to an Unauthorized Actor', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-36', + name: 'Absolute Path Traversal', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-360', + name: 'Trust of System Event Data', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-362', + name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-363', + name: 'Race Condition Enabling Link Following', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-364', + name: 'Signal Handler Race Condition', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-365', + name: 'DEPRECATED: Race Condition in Switch', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-366', + name: 'Race Condition within a Thread', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-367', + name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-368', + name: 'Context Switching Race Condition', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-369', + name: 'Divide By Zero', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-37', + name: "Path Traversal: '/absolute/pathname/here'", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-370', + name: 'Missing Check for Certificate Revocation after Initial Check', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-372', + name: 'Incomplete Internal State Distinction', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-373', + name: 'DEPRECATED: State Synchronization Error', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-374', + name: 'Passing Mutable Objects to an Untrusted Method', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-375', + name: 'Returning a Mutable Object to an Untrusted Caller', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-377', + name: 'Insecure Temporary File', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-378', + name: 'Creation of Temporary File With Insecure Permissions', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-379', + name: 'Creation of Temporary File in Directory with Insecure Permissions', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-38', + name: "Path Traversal: '\\absolute\\pathname\\here'", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-382', + name: 'J2EE Bad Practices: Use of System.exit()', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-383', + name: 'J2EE Bad Practices: Direct Use of Threads', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-384', + name: 'Session Fixation', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-385', + name: 'Covert Timing Channel', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-386', + name: 'Symbolic Name not Mapping to Correct Object', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-39', + name: "Path Traversal: 'C:dirname'", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-390', + name: 'Detection of Error Condition Without Action', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-391', + name: 'Unchecked Error Condition', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-392', + name: 'Missing Report of Error Condition', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-393', + name: 'Return of Wrong Status Code', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-394', + name: 'Unexpected Status Code or Return Value', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-395', + name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-396', + name: 'Declaration of Catch for Generic Exception', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-397', + name: 'Declaration of Throws for Generic Exception', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-40', + name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-400', + name: 'Uncontrolled Resource Consumption', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-401', + name: 'Missing Release of Memory after Effective Lifetime', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-402', + name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-403', + name: "Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-404', + name: 'Improper Resource Shutdown or Release', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-405', + name: 'Asymmetric Resource Consumption (Amplification)', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-406', + name: 'Insufficient Control of Network Message Volume (Network Amplification)', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-407', + name: 'Inefficient Algorithmic Complexity', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-408', + name: 'Incorrect Behavior Order: Early Amplification', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-409', + name: 'Improper Handling of Highly Compressed Data (Data Amplification)', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-41', + name: 'Improper Resolution of Path Equivalence', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-410', + name: 'Insufficient Resource Pool', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-412', + name: 'Unrestricted Externally Accessible Lock', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-413', + name: 'Improper Resource Locking', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-414', + name: 'Missing Lock Check', + status: 'Draft', + usage: 'Allowed', + }, + { id: 'CWE-415', name: 'Double Free', status: 'Draft', usage: 'Allowed' }, + { + id: 'CWE-416', + name: 'Use After Free', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-419', + name: 'Unprotected Primary Channel', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-42', + name: "Path Equivalence: 'filename.' (Trailing Dot)", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-420', + name: 'Unprotected Alternate Channel', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-421', + name: 'Race Condition During Access to Alternate Channel', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-422', + name: "Unprotected Windows Messaging Channel ('Shatter')", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-423', + name: 'DEPRECATED: Proxied Trusted Channel', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-424', + name: 'Improper Protection of Alternate Path', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-425', + name: "Direct Request ('Forced Browsing')", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-426', + name: 'Untrusted Search Path', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-427', + name: 'Uncontrolled Search Path Element', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-428', + name: 'Unquoted Search Path or Element', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-43', + name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-430', + name: 'Deployment of Wrong Handler', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-431', + name: 'Missing Handler', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-432', + name: 'Dangerous Signal Handler not Disabled During Sensitive Operations', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-433', + name: 'Unparsed Raw Web Content Delivery', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-434', + name: 'Unrestricted Upload of File with Dangerous Type', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-435', + name: 'Improper Interaction Between Multiple Correctly-Behaving Entities', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-436', + name: 'Interpretation Conflict', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-437', + name: 'Incomplete Model of Endpoint Features', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-439', + name: 'Behavioral Change in New Version or Environment', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-44', + name: "Path Equivalence: 'file.name' (Internal Dot)", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-440', + name: 'Expected Behavior Violation', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-441', + name: "Unintended Proxy or Intermediary ('Confused Deputy')", + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-443', + name: 'DEPRECATED: HTTP response splitting', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-444', + name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-446', + name: 'UI Discrepancy for Security Feature', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-447', + name: 'Unimplemented or Unsupported Feature in UI', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-448', + name: 'Obsolete Feature in UI', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-449', + name: 'The UI Performs the Wrong Action', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-45', + name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-450', + name: 'Multiple Interpretations of UI Input', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-451', + name: 'User Interface (UI) Misrepresentation of Critical Information', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-453', + name: 'Insecure Default Variable Initialization', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-454', + name: 'External Initialization of Trusted Variables or Data Stores', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-455', + name: 'Non-exit on Failed Initialization', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-456', + name: 'Missing Initialization of a Variable', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-457', + name: 'Use of Uninitialized Variable', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-458', + name: 'DEPRECATED: Incorrect Initialization', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-459', + name: 'Incomplete Cleanup', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-46', + name: "Path Equivalence: 'filename ' (Trailing Space)", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-460', + name: 'Improper Cleanup on Thrown Exception', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-462', + name: 'Duplicate Key in Associative List (Alist)', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-463', + name: 'Deletion of Data Structure Sentinel', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-464', + name: 'Addition of Data Structure Sentinel', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-466', + name: 'Return of Pointer Value Outside of Expected Range', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-467', + name: 'Use of sizeof() on a Pointer Type', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-468', + name: 'Incorrect Pointer Scaling', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-469', + name: 'Use of Pointer Subtraction to Determine Size', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-47', + name: "Path Equivalence: ' filename' (Leading Space)", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-470', + name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-471', + name: 'Modification of Assumed-Immutable Data (MAID)', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-472', + name: 'External Control of Assumed-Immutable Web Parameter', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-473', + name: 'PHP External Variable Modification', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-474', + name: 'Use of Function with Inconsistent Implementations', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-475', + name: 'Undefined Behavior for Input to API', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-476', + name: 'NULL Pointer Dereference', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-477', + name: 'Use of Obsolete Function', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-478', + name: 'Missing Default Case in Multiple Condition Expression', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-479', + name: 'Signal Handler Use of a Non-reentrant Function', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-48', + name: "Path Equivalence: 'file name' (Internal Whitespace)", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-480', + name: 'Use of Incorrect Operator', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-481', + name: 'Assigning instead of Comparing', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-482', + name: 'Comparing instead of Assigning', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-483', + name: 'Incorrect Block Delimitation', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-484', + name: 'Omitted Break Statement in Switch', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-486', + name: 'Comparison of Classes by Name', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-487', + name: 'Reliance on Package-level Scope', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-488', + name: 'Exposure of Data Element to Wrong Session', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-489', + name: 'Active Debug Code', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-49', + name: "Path Equivalence: 'filename/' (Trailing Slash)", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-491', + name: "Public cloneable() Method Without Final ('Object Hijack')", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-492', + name: 'Use of Inner Class Containing Sensitive Data', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-493', + name: 'Critical Public Variable Without Final Modifier', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-494', + name: 'Download of Code Without Integrity Check', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-495', + name: 'Private Data Structure Returned From A Public Method', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-496', + name: 'Public Data Assigned to Private Array-Typed Field', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-497', + name: 'Exposure of Sensitive System Information to an Unauthorized Control Sphere', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-498', + name: 'Cloneable Class Containing Sensitive Information', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-499', + name: 'Serializable Class Containing Sensitive Data', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-5', + name: 'J2EE Misconfiguration: Data Transmission Without Encryption', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-50', + name: "Path Equivalence: '//multiple/leading/slash'", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-500', + name: 'Public Static Field Not Marked Final', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-501', + name: 'Trust Boundary Violation', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-502', + name: 'Deserialization of Untrusted Data', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-506', + name: 'Embedded Malicious Code', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-507', + name: 'Trojan Horse', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-508', + name: 'Non-Replicating Malicious Code', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-509', + name: 'Replicating Malicious Code (Virus or Worm)', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-51', + name: "Path Equivalence: '/multiple//internal/slash'", + status: 'Incomplete', + usage: 'Allowed', + }, + { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete', usage: 'Allowed' }, + { + id: 'CWE-511', + name: 'Logic/Time Bomb', + status: 'Incomplete', + usage: 'Allowed', + }, + { id: 'CWE-512', name: 'Spyware', status: 'Incomplete', usage: 'Allowed' }, + { + id: 'CWE-514', + name: 'Covert Channel', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-515', + name: 'Covert Storage Channel', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-516', + name: 'DEPRECATED: Covert Timing Channel', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-52', + name: "Path Equivalence: '/multiple/trailing/slash//'", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-520', + name: '.NET Misconfiguration: Use of Impersonation', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-521', + name: 'Weak Password Requirements', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-522', + name: 'Insufficiently Protected Credentials', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-523', + name: 'Unprotected Transport of Credentials', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-524', + name: 'Use of Cache Containing Sensitive Information', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-525', + name: 'Use of Web Browser Cache Containing Sensitive Information', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-526', + name: 'Cleartext Storage of Sensitive Information in an Environment Variable', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-527', + name: 'Exposure of Version-Control Repository to an Unauthorized Control Sphere', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-528', + name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-529', + name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-53', + name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-530', + name: 'Exposure of Backup File to an Unauthorized Control Sphere', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-531', + name: 'Inclusion of Sensitive Information in Test Code', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-532', + name: 'Insertion of Sensitive Information into Log File', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-533', + name: 'DEPRECATED: Information Exposure Through Server Log Files', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-534', + name: 'DEPRECATED: Information Exposure Through Debug Log Files', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-535', + name: 'Exposure of Information Through Shell Error Message', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-536', + name: 'Servlet Runtime Error Message Containing Sensitive Information', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-537', + name: 'Java Runtime Error Message Containing Sensitive Information', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-538', + name: 'Insertion of Sensitive Information into Externally-Accessible File or Directory', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-539', + name: 'Use of Persistent Cookies Containing Sensitive Information', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-54', + name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-540', + name: 'Inclusion of Sensitive Information in Source Code', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-541', + name: 'Inclusion of Sensitive Information in an Include File', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-542', + name: 'DEPRECATED: Information Exposure Through Cleanup Log Files', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-543', + name: 'Use of Singleton Pattern Without Synchronization in a Multithreaded Context', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-544', + name: 'Missing Standardized Error Handling Mechanism', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-545', + name: 'DEPRECATED: Use of Dynamic Class Loading', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-546', + name: 'Suspicious Comment', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-547', + name: 'Use of Hard-coded, Security-relevant Constants', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-548', + name: 'Exposure of Information Through Directory Listing', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-549', + name: 'Missing Password Field Masking', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-55', + name: "Path Equivalence: '/./' (Single Dot Directory)", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-550', + name: 'Server-generated Error Message Containing Sensitive Information', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-551', + name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-552', + name: 'Files or Directories Accessible to External Parties', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-553', + name: 'Command Shell in Externally Accessible Directory', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-554', + name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-555', + name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-556', + name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-558', + name: 'Use of getlogin() in Multithreaded Application', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-56', + name: "Path Equivalence: 'filedir*' (Wildcard)", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-560', + name: 'Use of umask() with chmod-style Argument', + status: 'Draft', + usage: 'Allowed', + }, + { id: 'CWE-561', name: 'Dead Code', status: 'Draft', usage: 'Allowed' }, + { + id: 'CWE-562', + name: 'Return of Stack Variable Address', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-563', + name: 'Assignment to Variable without Use', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-564', + name: 'SQL Injection: Hibernate', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-565', + name: 'Reliance on Cookies without Validation and Integrity Checking', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-566', + name: 'Authorization Bypass Through User-Controlled SQL Primary Key', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-567', + name: 'Unsynchronized Access to Shared Data in a Multithreaded Context', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-568', + name: 'finalize() Method Without super.finalize()', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-57', + name: "Path Equivalence: 'fakedir/../realdir/filename'", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-570', + name: 'Expression is Always False', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-571', + name: 'Expression is Always True', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-572', + name: 'Call to Thread run() instead of start()', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-573', + name: 'Improper Following of Specification by Caller', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-574', + name: 'EJB Bad Practices: Use of Synchronization Primitives', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-575', + name: 'EJB Bad Practices: Use of AWT Swing', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-576', + name: 'EJB Bad Practices: Use of Java I/O', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-577', + name: 'EJB Bad Practices: Use of Sockets', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-578', + name: 'EJB Bad Practices: Use of Class Loader', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-579', + name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-58', + name: 'Path Equivalence: Windows 8.3 Filename', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-580', + name: 'clone() Method Without super.clone()', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-581', + name: 'Object Model Violation: Just One of Equals and Hashcode Defined', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-582', + name: 'Array Declared Public, Final, and Static', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-583', + name: 'finalize() Method Declared Public', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-584', + name: 'Return Inside Finally Block', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-585', + name: 'Empty Synchronized Block', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-586', + name: 'Explicit Call to Finalize()', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-587', + name: 'Assignment of a Fixed Address to a Pointer', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-588', + name: 'Attempt to Access Child of a Non-structure Pointer', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-589', + name: 'Call to Non-ubiquitous API', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-59', + name: "Improper Link Resolution Before File Access ('Link Following')", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-590', + name: 'Free of Memory not on the Heap', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-591', + name: 'Sensitive Data Storage in Improperly Locked Memory', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-592', + name: 'DEPRECATED: Authentication Bypass Issues', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-593', + name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-594', + name: 'J2EE Framework: Saving Unserializable Objects to Disk', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-595', + name: 'Comparison of Object References Instead of Object Contents', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-596', + name: 'DEPRECATED: Incorrect Semantic Object Comparison', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-597', + name: 'Use of Wrong Operator in String Comparison', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-598', + name: 'Use of GET Request Method With Sensitive Query Strings', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-599', + name: 'Missing Validation of OpenSSL Certificate', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-6', + name: 'J2EE Misconfiguration: Insufficient Session-ID Length', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-600', + name: 'Uncaught Exception in Servlet ', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-601', + name: "URL Redirection to Untrusted Site ('Open Redirect')", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-602', + name: 'Client-Side Enforcement of Server-Side Security', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-603', + name: 'Use of Client-Side Authentication', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-605', + name: 'Multiple Binds to the Same Port', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-606', + name: 'Unchecked Input for Loop Condition', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-607', + name: 'Public Static Final Field References Mutable Object', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-608', + name: 'Struts: Non-private Field in ActionForm Class', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-609', + name: 'Double-Checked Locking', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-61', + name: 'UNIX Symbolic Link (Symlink) Following', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-610', + name: 'Externally Controlled Reference to a Resource in Another Sphere', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-611', + name: 'Improper Restriction of XML External Entity Reference', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-612', + name: 'Improper Authorization of Index Containing Sensitive Information', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-613', + name: 'Insufficient Session Expiration', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-614', + name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-615', + name: 'Inclusion of Sensitive Information in Source Code Comments', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-616', + name: 'Incomplete Identification of Uploaded File Variables (PHP)', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-617', + name: 'Reachable Assertion', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-618', + name: 'Exposed Unsafe ActiveX Method', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-619', + name: "Dangling Database Cursor ('Cursor Injection')", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-62', + name: 'UNIX Hard Link', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-620', + name: 'Unverified Password Change', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-621', + name: 'Variable Extraction Error', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-622', + name: 'Improper Validation of Function Hook Arguments', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-623', + name: 'Unsafe ActiveX Control Marked Safe For Scripting', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-624', + name: 'Executable Regular Expression Error', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-625', + name: 'Permissive Regular Expression', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-626', + name: 'Null Byte Interaction Error (Poison Null Byte)', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-627', + name: 'Dynamic Variable Evaluation', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-628', + name: 'Function Call with Incorrectly Specified Arguments', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-636', + name: "Not Failing Securely ('Failing Open')", + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-637', + name: "Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')", + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-638', + name: 'Not Using Complete Mediation', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-639', + name: 'Authorization Bypass Through User-Controlled Key', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-64', + name: 'Windows Shortcut Following (.LNK)', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-640', + name: 'Weak Password Recovery Mechanism for Forgotten Password', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-641', + name: 'Improper Restriction of Names for Files and Other Resources', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-642', + name: 'External Control of Critical State Data', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-643', + name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-644', + name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-645', + name: 'Overly Restrictive Account Lockout Mechanism', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-646', + name: 'Reliance on File Name or Extension of Externally-Supplied File', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-647', + name: 'Use of Non-Canonical URL Paths for Authorization Decisions', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-648', + name: 'Incorrect Use of Privileged APIs', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-649', + name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-65', + name: 'Windows Hard Link', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-650', + name: 'Trusting HTTP Permission Methods on the Server Side', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-651', + name: 'Exposure of WSDL File Containing Sensitive Information', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-652', + name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-653', + name: 'Improper Isolation or Compartmentalization', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-654', + name: 'Reliance on a Single Factor in a Security Decision', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-655', + name: 'Insufficient Psychological Acceptability', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-656', + name: 'Reliance on Security Through Obscurity', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-657', + name: 'Violation of Secure Design Principles', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-66', + name: 'Improper Handling of File Names that Identify Virtual Resources', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-662', + name: 'Improper Synchronization', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-663', + name: 'Use of a Non-reentrant Function in a Concurrent Context', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-664', + name: 'Improper Control of a Resource Through its Lifetime', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-665', + name: 'Improper Initialization', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-666', + name: 'Operation on Resource in Wrong Phase of Lifetime', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-667', + name: 'Improper Locking', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-668', + name: 'Exposure of Resource to Wrong Sphere', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-669', + name: 'Incorrect Resource Transfer Between Spheres', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-67', + name: 'Improper Handling of Windows Device Names', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-670', + name: 'Always-Incorrect Control Flow Implementation', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-671', + name: 'Lack of Administrator Control over Security', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-672', + name: 'Operation on a Resource after Expiration or Release', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-673', + name: 'External Influence of Sphere Definition', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-674', + name: 'Uncontrolled Recursion', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-675', + name: 'Multiple Operations on Resource in Single-Operation Context', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-676', + name: 'Use of Potentially Dangerous Function', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-680', + name: 'Integer Overflow to Buffer Overflow', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-681', + name: 'Incorrect Conversion between Numeric Types', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-682', + name: 'Incorrect Calculation', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-683', + name: 'Function Call With Incorrect Order of Arguments', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-684', + name: 'Incorrect Provision of Specified Functionality', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-685', + name: 'Function Call With Incorrect Number of Arguments', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-686', + name: 'Function Call With Incorrect Argument Type', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-687', + name: 'Function Call With Incorrectly Specified Argument Value', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-688', + name: 'Function Call With Incorrect Variable or Reference as Argument', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-689', + name: 'Permission Race Condition During Resource Copy', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-69', + name: 'Improper Handling of Windows ::DATA Alternate Data Stream', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-690', + name: 'Unchecked Return Value to NULL Pointer Dereference', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-691', + name: 'Insufficient Control Flow Management', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-692', + name: 'Incomplete Denylist to Cross-Site Scripting', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-693', + name: 'Protection Mechanism Failure', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-694', + name: 'Use of Multiple Resources with Duplicate Identifier', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-695', + name: 'Use of Low-Level Functionality', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-696', + name: 'Incorrect Behavior Order', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-697', + name: 'Incorrect Comparison', + status: 'Incomplete', + usage: 'Discouraged', + }, + { + id: 'CWE-698', + name: 'Execution After Redirect (EAR)', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-7', + name: 'J2EE Misconfiguration: Missing Custom Error Page', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-703', + name: 'Improper Check or Handling of Exceptional Conditions', + status: 'Incomplete', + usage: 'Discouraged', + }, + { + id: 'CWE-704', + name: 'Incorrect Type Conversion or Cast', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-705', + name: 'Incorrect Control Flow Scoping', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-706', + name: 'Use of Incorrectly-Resolved Name or Reference', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-707', + name: 'Improper Neutralization', + status: 'Incomplete', + usage: 'Discouraged', + }, + { + id: 'CWE-708', + name: 'Incorrect Ownership Assignment', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-71', + name: "DEPRECATED: Apple '.DS_Store'", + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-710', + name: 'Improper Adherence to Coding Standards', + status: 'Incomplete', + usage: 'Discouraged', + }, + { + id: 'CWE-72', + name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-73', + name: 'External Control of File Name or Path', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-732', + name: 'Incorrect Permission Assignment for Critical Resource', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-733', + name: 'Compiler Optimization Removal or Modification of Security-critical Code', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-74', + name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", + status: 'Incomplete', + usage: 'Discouraged', + }, + { + id: 'CWE-749', + name: 'Exposed Dangerous Method or Function', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-75', + name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-754', + name: 'Improper Check for Unusual or Exceptional Conditions', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-755', + name: 'Improper Handling of Exceptional Conditions', + status: 'Incomplete', + usage: 'Discouraged', + }, + { + id: 'CWE-756', + name: 'Missing Custom Error Page', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-757', + name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-758', + name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-759', + name: 'Use of a One-Way Hash without a Salt', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-76', + name: 'Improper Neutralization of Equivalent Special Elements', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-760', + name: 'Use of a One-Way Hash with a Predictable Salt', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-761', + name: 'Free of Pointer not at Start of Buffer', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-762', + name: 'Mismatched Memory Management Routines', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-763', + name: 'Release of Invalid Pointer or Reference', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-764', + name: 'Multiple Locks of a Critical Resource', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-765', + name: 'Multiple Unlocks of a Critical Resource', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-766', + name: 'Critical Data Element Declared Public', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-767', + name: 'Access to Critical Private Variable via Public Method', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-768', + name: 'Incorrect Short Circuit Evaluation', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-769', + name: 'DEPRECATED: Uncontrolled File Descriptor Consumption', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-77', + name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-770', + name: 'Allocation of Resources Without Limits or Throttling', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-771', + name: 'Missing Reference to Active Allocated Resource', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-772', + name: 'Missing Release of Resource after Effective Lifetime', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-773', + name: 'Missing Reference to Active File Descriptor or Handle', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-774', + name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-775', + name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-776', + name: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-777', + name: 'Regular Expression without Anchors', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-778', + name: 'Insufficient Logging', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-779', + name: 'Logging of Excessive Data', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-78', + name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-780', + name: 'Use of RSA Algorithm without OAEP', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-781', + name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-782', + name: 'Exposed IOCTL with Insufficient Access Control', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-783', + name: 'Operator Precedence Logic Error', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-784', + name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-785', + name: 'Use of Path Manipulation Function without Maximum-sized Buffer', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-786', + name: 'Access of Memory Location Before Start of Buffer', + status: 'Incomplete', + usage: 'Discouraged', + }, + { + id: 'CWE-787', + name: 'Out-of-bounds Write', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-788', + name: 'Access of Memory Location After End of Buffer', + status: 'Incomplete', + usage: 'Discouraged', + }, + { + id: 'CWE-789', + name: 'Memory Allocation with Excessive Size Value', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-79', + name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-790', + name: 'Improper Filtering of Special Elements', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-791', + name: 'Incomplete Filtering of Special Elements', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-792', + name: 'Incomplete Filtering of One or More Instances of Special Elements', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-793', + name: 'Only Filtering One Instance of a Special Element', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-794', + name: 'Incomplete Filtering of Multiple Instances of Special Elements', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-795', + name: 'Only Filtering Special Elements at a Specified Location', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-796', + name: 'Only Filtering Special Elements Relative to a Marker', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-797', + name: 'Only Filtering Special Elements at an Absolute Position', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-798', + name: 'Use of Hard-coded Credentials', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-799', + name: 'Improper Control of Interaction Frequency', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-8', + name: 'J2EE Misconfiguration: Entity Bean Declared Remote', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-80', + name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-804', + name: 'Guessable CAPTCHA', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-805', + name: 'Buffer Access with Incorrect Length Value', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-806', + name: 'Buffer Access Using Size of Source Buffer', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-807', + name: 'Reliance on Untrusted Inputs in a Security Decision', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-81', + name: 'Improper Neutralization of Script in an Error Message Web Page', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-82', + name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-820', + name: 'Missing Synchronization', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-821', + name: 'Incorrect Synchronization', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-822', + name: 'Untrusted Pointer Dereference', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-823', + name: 'Use of Out-of-range Pointer Offset', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-824', + name: 'Access of Uninitialized Pointer', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-825', + name: 'Expired Pointer Dereference', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-826', + name: 'Premature Release of Resource During Expected Lifetime', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-827', + name: 'Improper Control of Document Type Definition', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-828', + name: 'Signal Handler with Functionality that is not Asynchronous-Safe', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-829', + name: 'Inclusion of Functionality from Untrusted Control Sphere', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-83', + name: 'Improper Neutralization of Script in Attributes in a Web Page', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-830', + name: 'Inclusion of Web Functionality from an Untrusted Source', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-831', + name: 'Signal Handler Function Associated with Multiple Signals', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-832', + name: 'Unlock of a Resource that is not Locked', + status: 'Incomplete', + usage: 'Allowed', + }, + { id: 'CWE-833', name: 'Deadlock', status: 'Incomplete', usage: 'Allowed' }, + { + id: 'CWE-834', + name: 'Excessive Iteration', + status: 'Incomplete', + usage: 'Discouraged', + }, + { + id: 'CWE-835', + name: "Loop with Unreachable Exit Condition ('Infinite Loop')", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-836', + name: 'Use of Password Hash Instead of Password for Authentication', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-837', + name: 'Improper Enforcement of a Single, Unique Action', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-838', + name: 'Inappropriate Encoding for Output Context', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-839', + name: 'Numeric Range Comparison Without Minimum Check', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-84', + name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-841', + name: 'Improper Enforcement of Behavioral Workflow', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-842', + name: 'Placement of User into Incorrect Group', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-843', + name: "Access of Resource Using Incompatible Type ('Type Confusion')", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-85', + name: 'Doubled Character XSS Manipulations', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-86', + name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-862', + name: 'Missing Authorization', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-863', + name: 'Incorrect Authorization', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-87', + name: 'Improper Neutralization of Alternate XSS Syntax', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-88', + name: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-89', + name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-9', + name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-90', + name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-908', + name: 'Use of Uninitialized Resource', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-909', + name: 'Missing Initialization of Resource', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-91', + name: 'XML Injection (aka Blind XPath Injection)', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-910', + name: 'Use of Expired File Descriptor', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-911', + name: 'Improper Update of Reference Count', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-912', + name: 'Hidden Functionality', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-913', + name: 'Improper Control of Dynamically-Managed Code Resources', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-914', + name: 'Improper Control of Dynamically-Identified Variables', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-915', + name: 'Improperly Controlled Modification of Dynamically-Determined Object Attributes', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-916', + name: 'Use of Password Hash With Insufficient Computational Effort', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-917', + name: "Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-918', + name: 'Server-Side Request Forgery (SSRF)', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-92', + name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-920', + name: 'Improper Restriction of Power Consumption', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-921', + name: 'Storage of Sensitive Data in a Mechanism without Access Control', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-922', + name: 'Insecure Storage of Sensitive Information', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-923', + name: 'Improper Restriction of Communication Channel to Intended Endpoints', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-924', + name: 'Improper Enforcement of Message Integrity During Transmission in a Communication Channel', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-925', + name: 'Improper Verification of Intent by Broadcast Receiver', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-926', + name: 'Improper Export of Android Application Components', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-927', + name: 'Use of Implicit Intent for Sensitive Communication', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-93', + name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-939', + name: 'Improper Authorization in Handler for Custom URL Scheme', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-94', + name: "Improper Control of Generation of Code ('Code Injection')", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-940', + name: 'Improper Verification of Source of a Communication Channel', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-941', + name: 'Incorrectly Specified Destination in a Communication Channel', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-942', + name: 'Permissive Cross-domain Policy with Untrusted Domains', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-943', + name: 'Improper Neutralization of Special Elements in Data Query Logic', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-95', + name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-96', + name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-97', + name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-98', + name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-99', + name: "Improper Control of Resource Identifiers ('Resource Injection')", + status: 'Draft', + usage: 'Allowed-with-Review', + }, + ], +} diff --git a/lib/cwec/4.15.js b/lib/cwec/4.15.js new file mode 100644 index 00000000..fc4ec56b --- /dev/null +++ b/lib/cwec/4.15.js @@ -0,0 +1,5764 @@ +export default { + date: '2024-07-16', + weaknesses: [ + { + id: 'CWE-1004', + name: "Sensitive Cookie Without 'HttpOnly' Flag", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1007', + name: 'Insufficient Visual Distinction of Homoglyphs Presented to User', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-102', + name: 'Struts: Duplicate Validation Forms', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1021', + name: 'Improper Restriction of Rendered UI Layers or Frames', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1022', + name: 'Use of Web Link to Untrusted Target with window.opener Access', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1023', + name: 'Incomplete Comparison with Missing Factors', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1024', + name: 'Comparison of Incompatible Types', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1025', + name: 'Comparison Using Wrong Factors', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-103', + name: 'Struts: Incomplete validate() Method Definition', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1037', + name: 'Processor Optimization Removal or Modification of Security-critical Code', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1038', + name: 'Insecure Automated Optimizations', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1039', + name: 'Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-104', + name: 'Struts: Form Bean Does Not Extend Validation Class', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1041', + name: 'Use of Redundant Code', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1042', + name: 'Static Member Data Element outside of a Singleton Class Element', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1043', + name: 'Data Element Aggregating an Excessively Large Number of Non-Primitive Elements', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1044', + name: 'Architecture with Number of Horizontal Layers Outside of Expected Range', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1045', + name: 'Parent Class with a Virtual Destructor and a Child Class without a Virtual Destructor', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1046', + name: 'Creation of Immutable Text Using String Concatenation', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1047', + name: 'Modules with Circular Dependencies', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1048', + name: 'Invokable Control Element with Large Number of Outward Calls', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1049', + name: 'Excessive Data Query Operations in a Large Data Table', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-105', + name: 'Struts: Form Field Without Validator', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1050', + name: 'Excessive Platform Resource Consumption within a Loop', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1051', + name: 'Initialization with Hard-Coded Network Resource Configuration Data', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1052', + name: 'Excessive Use of Hard-Coded Literals in Initialization', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1053', + name: 'Missing Documentation for Design', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1054', + name: 'Invocation of a Control Element at an Unnecessarily Deep Horizontal Layer', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1055', + name: 'Multiple Inheritance from Concrete Classes', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1056', + name: 'Invokable Control Element with Variadic Parameters', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1057', + name: 'Data Access Operations Outside of Expected Data Manager Component', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1058', + name: 'Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1059', + name: 'Insufficient Technical Documentation', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-106', + name: 'Struts: Plug-in Framework not in Use', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1060', + name: 'Excessive Number of Inefficient Server-Side Data Accesses', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1061', + name: 'Insufficient Encapsulation', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1062', + name: 'Parent Class with References to Child Class', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1063', + name: 'Creation of Class Instance within a Static Code Block', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1064', + name: 'Invokable Control Element with Signature Containing an Excessive Number of Parameters', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1065', + name: 'Runtime Resource Management Control Element in a Component Built to Run on Application Servers', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1066', + name: 'Missing Serialization Control Element', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1067', + name: 'Excessive Execution of Sequential Searches of Data Resource', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1068', + name: 'Inconsistency Between Implementation and Documented Design', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1069', + name: 'Empty Exception Block', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-107', + name: 'Struts: Unused Validation Form', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1070', + name: 'Serializable Data Element Containing non-Serializable Item Elements', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1071', + name: 'Empty Code Block', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1072', + name: 'Data Resource Access without Use of Connection Pooling', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1073', + name: 'Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1074', + name: 'Class with Excessively Deep Inheritance', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1075', + name: 'Unconditional Control Flow Transfer outside of Switch Block', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1076', + name: 'Insufficient Adherence to Expected Conventions', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1077', + name: 'Floating Point Comparison with Incorrect Operator', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1078', + name: 'Inappropriate Source Code Style or Formatting', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1079', + name: 'Parent Class without Virtual Destructor Method', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-108', + name: 'Struts: Unvalidated Action Form', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1080', + name: 'Source Code File with Excessive Number of Lines of Code', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1082', + name: 'Class Instance Self Destruction Control Element', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1083', + name: 'Data Access from Outside Expected Data Manager Component', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1084', + name: 'Invokable Control Element with Excessive File or Data Access Operations', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1085', + name: 'Invokable Control Element with Excessive Volume of Commented-out Code', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1086', + name: 'Class with Excessive Number of Child Classes', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1087', + name: 'Class with Virtual Method without a Virtual Destructor', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1088', + name: 'Synchronous Access of Remote Resource without Timeout', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1089', + name: 'Large Data Table with Excessive Number of Indices', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-109', + name: 'Struts: Validator Turned Off', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1090', + name: 'Method Containing Access of a Member Element from Another Class', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1091', + name: 'Use of Object without Invoking Destructor Method', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1092', + name: 'Use of Same Invokable Control Element in Multiple Architectural Layers', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1093', + name: 'Excessively Complex Data Representation', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1094', + name: 'Excessive Index Range Scan for a Data Resource', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1095', + name: 'Loop Condition Value Update within the Loop', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1096', + name: 'Singleton Class Instance Creation without Proper Locking or Synchronization', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1097', + name: 'Persistent Storable Data Element without Associated Comparison Control Element', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1098', + name: 'Data Element containing Pointer Item without Proper Copy Control Element', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1099', + name: 'Inconsistent Naming Conventions for Identifiers', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-11', + name: 'ASP.NET Misconfiguration: Creating Debug Binary', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-110', + name: 'Struts: Validator Without Form Field', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1100', + name: 'Insufficient Isolation of System-Dependent Functions', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1101', + name: 'Reliance on Runtime Component in Generated Code', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1102', + name: 'Reliance on Machine-Dependent Data Representation', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1103', + name: 'Use of Platform-Dependent Third Party Components', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1104', + name: 'Use of Unmaintained Third Party Components', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1105', + name: 'Insufficient Encapsulation of Machine-Dependent Functionality', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1106', + name: 'Insufficient Use of Symbolic Constants', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1107', + name: 'Insufficient Isolation of Symbolic Constant Definitions', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1108', + name: 'Excessive Reliance on Global Variables', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1109', + name: 'Use of Same Variable for Multiple Purposes', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-111', + name: 'Direct Use of Unsafe JNI', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1110', + name: 'Incomplete Design Documentation', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1111', + name: 'Incomplete I/O Documentation', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1112', + name: 'Incomplete Documentation of Program Execution', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1113', + name: 'Inappropriate Comment Style', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1114', + name: 'Inappropriate Whitespace Style', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1115', + name: 'Source Code Element without Standard Prologue', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1116', + name: 'Inaccurate Comments', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1117', + name: 'Callable with Insufficient Behavioral Summary', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1118', + name: 'Insufficient Documentation of Error Handling Techniques', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1119', + name: 'Excessive Use of Unconditional Branching', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-112', + name: 'Missing XML Validation', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1120', + name: 'Excessive Code Complexity', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1121', + name: 'Excessive McCabe Cyclomatic Complexity', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1122', + name: 'Excessive Halstead Complexity', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1123', + name: 'Excessive Use of Self-Modifying Code', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1124', + name: 'Excessively Deep Nesting', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1125', + name: 'Excessive Attack Surface', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1126', + name: 'Declaration of Variable with Unnecessarily Wide Scope', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1127', + name: 'Compilation with Insufficient Warnings or Errors', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-113', + name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-114', + name: 'Process Control', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-115', + name: 'Misinterpretation of Input', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-116', + name: 'Improper Encoding or Escaping of Output', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1164', + name: 'Irrelevant Code', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-117', + name: 'Improper Output Neutralization for Logs', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1173', + name: 'Improper Use of Validation Framework', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1174', + name: 'ASP.NET Misconfiguration: Improper Model Validation', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1176', + name: 'Inefficient CPU Computation', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1177', + name: 'Use of Prohibited Code', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-118', + name: "Incorrect Access of Indexable Resource ('Range Error')", + status: 'Incomplete', + usage: 'Discouraged', + }, + { + id: 'CWE-1187', + name: 'DEPRECATED: Use of Uninitialized Resource', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-1188', + name: 'Initialization of a Resource with an Insecure Default', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1189', + name: 'Improper Isolation of Shared Resources on System-on-a-Chip (SoC)', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-119', + name: 'Improper Restriction of Operations within the Bounds of a Memory Buffer', + status: 'Stable', + usage: 'Discouraged', + }, + { + id: 'CWE-1190', + name: 'DMA Device Enabled Too Early in Boot Phase', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1191', + name: 'On-Chip Debug and Test Interface With Improper Access Control', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-1192', + name: 'Improper Identifier for IP Block used in System-On-Chip (SOC)', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1193', + name: 'Power-On of Untrusted Execution Core Before Enabling Fabric Access Control', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-12', + name: 'ASP.NET Misconfiguration: Missing Custom Error Page', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-120', + name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1204', + name: 'Generation of Weak Initialization Vector (IV)', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1209', + name: 'Failure to Disable Reserved Bits', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-121', + name: 'Stack-based Buffer Overflow', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-122', + name: 'Heap-based Buffer Overflow', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1220', + name: 'Insufficient Granularity of Access Control', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1221', + name: 'Incorrect Register Defaults or Module Parameters', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1222', + name: 'Insufficient Granularity of Address Regions Protected by Register Locks', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1223', + name: 'Race Condition for Write-Once Attributes', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1224', + name: 'Improper Restriction of Write-Once Bit Fields', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1229', + name: 'Creation of Emergent Resource', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-123', + name: 'Write-what-where Condition', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1230', + name: 'Exposure of Sensitive Information Through Metadata', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1231', + name: 'Improper Prevention of Lock Bit Modification', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-1232', + name: 'Improper Lock Behavior After Power State Transition', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1233', + name: 'Security-Sensitive Hardware Controls with Missing Lock Bit Protection', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-1234', + name: 'Hardware Internal or Debug Modes Allow Override of Locks', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1235', + name: 'Incorrect Use of Autoboxing and Unboxing for Performance Critical Operations', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1236', + name: 'Improper Neutralization of Formula Elements in a CSV File', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1239', + name: 'Improper Zeroization of Hardware Register', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-124', + name: "Buffer Underwrite ('Buffer Underflow')", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1240', + name: 'Use of a Cryptographic Primitive with a Risky Implementation', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1241', + name: 'Use of Predictable Algorithm in Random Number Generator', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1242', + name: 'Inclusion of Undocumented Features or Chicken Bits', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1243', + name: 'Sensitive Non-Volatile Information Not Protected During Debug', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1244', + name: 'Internal Asset Exposed to Unsafe Debug Access Level or State', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-1245', + name: 'Improper Finite State Machines (FSMs) in Hardware Logic', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1246', + name: 'Improper Write Handling in Limited-write Non-Volatile Memories', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1247', + name: 'Improper Protection Against Voltage and Clock Glitches', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-1248', + name: 'Semiconductor Defects in Hardware Logic with Security-Sensitive Implications', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1249', + name: 'Application-Level Admin Tool with Inconsistent View of Underlying Operating System', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-125', + name: 'Out-of-bounds Read', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1250', + name: 'Improper Preservation of Consistency Between Independent Representations of Shared State', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1251', + name: 'Mirrored Regions with Different Values', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1252', + name: 'CPU Hardware Not Configured to Support Exclusivity of Write and Execute Operations', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1253', + name: 'Incorrect Selection of Fuse Values', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1254', + name: 'Incorrect Comparison Logic Granularity', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1255', + name: 'Comparison Logic is Vulnerable to Power Side-Channel Attacks', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1256', + name: 'Improper Restriction of Software Interfaces to Hardware Features', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-1257', + name: 'Improper Access Control Applied to Mirrored or Aliased Memory Regions', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1258', + name: 'Exposure of Sensitive System Information Due to Uncleared Debug Information', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1259', + name: 'Improper Restriction of Security Token Assignment', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-126', + name: 'Buffer Over-read', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1260', + name: 'Improper Handling of Overlap Between Protected Memory Ranges', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-1261', + name: 'Improper Handling of Single Event Upsets', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1262', + name: 'Improper Access Control for Register Interface', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-1263', + name: 'Improper Physical Access Control', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1264', + name: 'Hardware Logic with Insecure De-Synchronization between Control and Data Channels', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1265', + name: 'Unintended Reentrant Invocation of Non-reentrant Code Via Nested Calls', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1266', + name: 'Improper Scrubbing of Sensitive Data from Decommissioned Device', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1267', + name: 'Policy Uses Obsolete Encoding', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1268', + name: 'Policy Privileges are not Assigned Consistently Between Control and Data Agents', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1269', + name: 'Product Released in Non-Release Configuration', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-127', + name: 'Buffer Under-read', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1270', + name: 'Generation of Incorrect Security Tokens', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1271', + name: 'Uninitialized Value on Reset for Registers Holding Security Settings', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1272', + name: 'Sensitive Information Uncleared Before Debug/Power State Transition', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-1273', + name: 'Device Unlock Credential Sharing', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1274', + name: 'Improper Access Control for Volatile Memory Containing Boot Code', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-1275', + name: 'Sensitive Cookie with Improper SameSite Attribute', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1276', + name: 'Hardware Child Block Incorrectly Connected to Parent System', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1277', + name: 'Firmware Not Updateable', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1278', + name: 'Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1279', + name: 'Cryptographic Operations are run Before Supporting Units are Ready', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-128', + name: 'Wrap-around Error', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1280', + name: 'Access Control Check Implemented After Asset is Accessed', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1281', + name: 'Sequence of Processor Instructions Leads to Unexpected Behavior', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1282', + name: 'Assumed-Immutable Data is Stored in Writable Memory', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1283', + name: 'Mutable Attestation or Measurement Reporting Data', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1284', + name: 'Improper Validation of Specified Quantity in Input', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1285', + name: 'Improper Validation of Specified Index, Position, or Offset in Input', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1286', + name: 'Improper Validation of Syntactic Correctness of Input', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1287', + name: 'Improper Validation of Specified Type of Input', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1288', + name: 'Improper Validation of Consistency within Input', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1289', + name: 'Improper Validation of Unsafe Equivalence in Input', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-129', + name: 'Improper Validation of Array Index', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1290', + name: 'Incorrect Decoding of Security Identifiers ', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1291', + name: 'Public Key Re-Use for Signing both Debug and Production Code', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1292', + name: 'Incorrect Conversion of Security Identifiers', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1293', + name: 'Missing Source Correlation of Multiple Independent Data', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1294', + name: 'Insecure Security Identifier Mechanism', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1295', + name: 'Debug Messages Revealing Unnecessary Information', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1296', + name: 'Incorrect Chaining or Granularity of Debug Components', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1297', + name: 'Unprotected Confidential Information on Device is Accessible by OSAT Vendors', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1298', + name: 'Hardware Logic Contains Race Conditions', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1299', + name: 'Missing Protection Mechanism for Alternate Hardware Interface', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-13', + name: 'ASP.NET Misconfiguration: Password in Configuration File', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-130', + name: 'Improper Handling of Length Parameter Inconsistency', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1300', + name: 'Improper Protection of Physical Side Channels', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-1301', + name: 'Insufficient or Incomplete Data Removal within Hardware Component', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1302', + name: 'Missing Source Identifier in Entity Transactions on a System-On-Chip (SOC)', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1303', + name: 'Non-Transparent Sharing of Microarchitectural Resources', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1304', + name: 'Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-131', + name: 'Incorrect Calculation of Buffer Size', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1310', + name: 'Missing Ability to Patch ROM Code', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1311', + name: 'Improper Translation of Security Attributes by Fabric Bridge', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1312', + name: 'Missing Protection for Mirrored Regions in On-Chip Fabric Firewall', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1313', + name: 'Hardware Allows Activation of Test or Debug Logic at Runtime', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1314', + name: 'Missing Write Protection for Parametric Data Values', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1315', + name: 'Improper Setting of Bus Controlling Capability in Fabric End-point', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1316', + name: 'Fabric-Address Map Allows Programming of Unwarranted Overlaps of Protected and Unprotected Ranges', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1317', + name: 'Improper Access Control in Fabric Bridge', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1318', + name: 'Missing Support for Security Features in On-chip Fabrics or Buses', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1319', + name: 'Improper Protection against Electromagnetic Fault Injection (EM-FI)', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-132', + name: 'DEPRECATED: Miscalculated Null Termination', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-1320', + name: 'Improper Protection for Outbound Error Messages and Alert Signals', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1321', + name: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1322', + name: 'Use of Blocking Code in Single-threaded, Non-blocking Context', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1323', + name: 'Improper Management of Sensitive Trace Data', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1324', + name: 'DEPRECATED: Sensitive Information Accessible by Physical Probing of JTAG Interface', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-1325', + name: 'Improperly Controlled Sequential Memory Allocation', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1326', + name: 'Missing Immutable Root of Trust in Hardware', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1327', + name: 'Binding to an Unrestricted IP Address', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1328', + name: 'Security Version Number Mutable to Older Versions', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1329', + name: 'Reliance on Component That is Not Updateable', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1330', + name: 'Remanent Data Readable after Memory Erase', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1331', + name: 'Improper Isolation of Shared Resources in Network On Chip (NoC)', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-1332', + name: 'Improper Handling of Faults that Lead to Instruction Skips', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-1333', + name: 'Inefficient Regular Expression Complexity', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1334', + name: 'Unauthorized Error Injection Can Degrade Hardware Redundancy', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1335', + name: 'Incorrect Bitwise Shift of Integer', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1336', + name: 'Improper Neutralization of Special Elements Used in a Template Engine', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1338', + name: 'Improper Protections Against Hardware Overheating', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1339', + name: 'Insufficient Precision or Accuracy of a Real Number', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-134', + name: 'Use of Externally-Controlled Format String', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1341', + name: 'Multiple Releases of Same Resource or Handle', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1342', + name: 'Information Exposure through Microarchitectural State after Transient Execution', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-135', + name: 'Incorrect Calculation of Multi-Byte String Length', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1351', + name: 'Improper Handling of Hardware Behavior in Exceptionally Cold Environments', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1357', + name: 'Reliance on Insufficiently Trustworthy Component', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-138', + name: 'Improper Neutralization of Special Elements', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-1384', + name: 'Improper Handling of Physical or Environmental Conditions', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1385', + name: 'Missing Origin Validation in WebSockets', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1386', + name: 'Insecure Operation on Windows Junction / Mount Point', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1389', + name: 'Incorrect Parsing of Numbers with Different Radices', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1390', + name: 'Weak Authentication', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1391', + name: 'Use of Weak Credentials', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1392', + name: 'Use of Default Credentials', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1393', + name: 'Use of Default Password', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1394', + name: 'Use of Default Cryptographic Key', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1395', + name: 'Dependency on Vulnerable Third-Party Component', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-14', + name: 'Compiler Removal of Code to Clear Buffers', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-140', + name: 'Improper Neutralization of Delimiters', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-141', + name: 'Improper Neutralization of Parameter/Argument Delimiters', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1419', + name: 'Incorrect Initialization of Resource', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-142', + name: 'Improper Neutralization of Value Delimiters', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1420', + name: 'Exposure of Sensitive Information during Transient Execution', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1421', + name: 'Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1422', + name: 'Exposure of Sensitive Information caused by Incorrect Data Forwarding during Transient Execution', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1423', + name: 'Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Transient Execution', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1426', + name: 'Improper Validation of Generative AI Output', + status: 'Incomplete', + usage: 'Discouraged', + }, + { + id: 'CWE-143', + name: 'Improper Neutralization of Record Delimiters', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-144', + name: 'Improper Neutralization of Line Delimiters', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-145', + name: 'Improper Neutralization of Section Delimiters', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-146', + name: 'Improper Neutralization of Expression/Command Delimiters', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-147', + name: 'Improper Neutralization of Input Terminators', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-148', + name: 'Improper Neutralization of Input Leaders', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-149', + name: 'Improper Neutralization of Quoting Syntax', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-15', + name: 'External Control of System or Configuration Setting', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-150', + name: 'Improper Neutralization of Escape, Meta, or Control Sequences', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-151', + name: 'Improper Neutralization of Comment Delimiters', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-152', + name: 'Improper Neutralization of Macro Symbols', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-153', + name: 'Improper Neutralization of Substitution Characters', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-154', + name: 'Improper Neutralization of Variable Name Delimiters', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-155', + name: 'Improper Neutralization of Wildcards or Matching Symbols', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-156', + name: 'Improper Neutralization of Whitespace', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-157', + name: 'Failure to Sanitize Paired Delimiters', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-158', + name: 'Improper Neutralization of Null Byte or NUL Character', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-159', + name: 'Improper Handling of Invalid Use of Special Elements', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-160', + name: 'Improper Neutralization of Leading Special Elements', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-161', + name: 'Improper Neutralization of Multiple Leading Special Elements', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-162', + name: 'Improper Neutralization of Trailing Special Elements', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-163', + name: 'Improper Neutralization of Multiple Trailing Special Elements', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-164', + name: 'Improper Neutralization of Internal Special Elements', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-165', + name: 'Improper Neutralization of Multiple Internal Special Elements', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-166', + name: 'Improper Handling of Missing Special Element', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-167', + name: 'Improper Handling of Additional Special Element', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-168', + name: 'Improper Handling of Inconsistent Special Elements', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-170', + name: 'Improper Null Termination', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-172', + name: 'Encoding Error', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-173', + name: 'Improper Handling of Alternate Encoding', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-174', + name: 'Double Decoding of the Same Data', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-175', + name: 'Improper Handling of Mixed Encoding', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-176', + name: 'Improper Handling of Unicode Encoding', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-177', + name: 'Improper Handling of URL Encoding (Hex Encoding)', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-178', + name: 'Improper Handling of Case Sensitivity', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-179', + name: 'Incorrect Behavior Order: Early Validation', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-180', + name: 'Incorrect Behavior Order: Validate Before Canonicalize', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-181', + name: 'Incorrect Behavior Order: Validate Before Filter', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-182', + name: 'Collapse of Data into Unsafe Value', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-183', + name: 'Permissive List of Allowed Inputs', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-184', + name: 'Incomplete List of Disallowed Inputs', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-185', + name: 'Incorrect Regular Expression', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-186', + name: 'Overly Restrictive Regular Expression', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-187', + name: 'Partial String Comparison', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-188', + name: 'Reliance on Data/Memory Layout', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-190', + name: 'Integer Overflow or Wraparound', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-191', + name: 'Integer Underflow (Wrap or Wraparound)', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-192', + name: 'Integer Coercion Error', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-193', + name: 'Off-by-one Error', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-194', + name: 'Unexpected Sign Extension', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-195', + name: 'Signed to Unsigned Conversion Error', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-196', + name: 'Unsigned to Signed Conversion Error', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-197', + name: 'Numeric Truncation Error', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-198', + name: 'Use of Incorrect Byte Ordering', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-20', + name: 'Improper Input Validation', + status: 'Stable', + usage: 'Discouraged', + }, + { + id: 'CWE-200', + name: 'Exposure of Sensitive Information to an Unauthorized Actor', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-201', + name: 'Insertion of Sensitive Information Into Sent Data', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-202', + name: 'Exposure of Sensitive Information Through Data Queries', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-203', + name: 'Observable Discrepancy', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-204', + name: 'Observable Response Discrepancy', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-205', + name: 'Observable Behavioral Discrepancy', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-206', + name: 'Observable Internal Behavioral Discrepancy', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-207', + name: 'Observable Behavioral Discrepancy With Equivalent Products', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-208', + name: 'Observable Timing Discrepancy', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-209', + name: 'Generation of Error Message Containing Sensitive Information', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-210', + name: 'Self-generated Error Message Containing Sensitive Information', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-211', + name: 'Externally-Generated Error Message Containing Sensitive Information', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-212', + name: 'Improper Removal of Sensitive Information Before Storage or Transfer', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-213', + name: 'Exposure of Sensitive Information Due to Incompatible Policies', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-214', + name: 'Invocation of Process Using Visible Sensitive Information', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-215', + name: 'Insertion of Sensitive Information Into Debugging Code', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-216', + name: 'DEPRECATED: Containment Errors (Container Errors)', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-217', + name: 'DEPRECATED: Failure to Protect Stored Data from Modification', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-218', + name: 'DEPRECATED: Failure to provide confidentiality for stored data', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-219', + name: 'Storage of File with Sensitive Data Under Web Root', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-22', + name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-220', + name: 'Storage of File With Sensitive Data Under FTP Root', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-221', + name: 'Information Loss or Omission', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-222', + name: 'Truncation of Security-relevant Information', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-223', + name: 'Omission of Security-relevant Information', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-224', + name: 'Obscured Security-relevant Information by Alternate Name', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-225', + name: 'DEPRECATED: General Information Management Problems', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-226', + name: 'Sensitive Information in Resource Not Removed Before Reuse', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-228', + name: 'Improper Handling of Syntactically Invalid Structure', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-229', + name: 'Improper Handling of Values', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-23', + name: 'Relative Path Traversal', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-230', + name: 'Improper Handling of Missing Values', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-231', + name: 'Improper Handling of Extra Values', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-232', + name: 'Improper Handling of Undefined Values', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-233', + name: 'Improper Handling of Parameters', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-234', + name: 'Failure to Handle Missing Parameter', + status: 'Incomplete', + usage: 'Discouraged', + }, + { + id: 'CWE-235', + name: 'Improper Handling of Extra Parameters', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-236', + name: 'Improper Handling of Undefined Parameters', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-237', + name: 'Improper Handling of Structural Elements', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-238', + name: 'Improper Handling of Incomplete Structural Elements', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-239', + name: 'Failure to Handle Incomplete Element', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-24', + name: "Path Traversal: '../filedir'", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-240', + name: 'Improper Handling of Inconsistent Structural Elements', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-241', + name: 'Improper Handling of Unexpected Data Type', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-242', + name: 'Use of Inherently Dangerous Function', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-243', + name: 'Creation of chroot Jail Without Changing Working Directory', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-244', + name: "Improper Clearing of Heap Memory Before Release ('Heap Inspection')", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-245', + name: 'J2EE Bad Practices: Direct Management of Connections', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-246', + name: 'J2EE Bad Practices: Direct Use of Sockets', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-247', + name: 'DEPRECATED: Reliance on DNS Lookups in a Security Decision', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-248', + name: 'Uncaught Exception', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-249', + name: 'DEPRECATED: Often Misused: Path Manipulation', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-25', + name: "Path Traversal: '/../filedir'", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-250', + name: 'Execution with Unnecessary Privileges', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-252', + name: 'Unchecked Return Value', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-253', + name: 'Incorrect Check of Function Return Value', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-256', + name: 'Plaintext Storage of a Password', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-257', + name: 'Storing Passwords in a Recoverable Format', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-258', + name: 'Empty Password in Configuration File', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-259', + name: 'Use of Hard-coded Password', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-26', + name: "Path Traversal: '/dir/../filename'", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-260', + name: 'Password in Configuration File', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-261', + name: 'Weak Encoding for Password', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-262', + name: 'Not Using Password Aging', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-263', + name: 'Password Aging with Long Expiration', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-266', + name: 'Incorrect Privilege Assignment', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-267', + name: 'Privilege Defined With Unsafe Actions', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-268', + name: 'Privilege Chaining', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-269', + name: 'Improper Privilege Management', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-27', + name: "Path Traversal: 'dir/../../filename'", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-270', + name: 'Privilege Context Switching Error', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-271', + name: 'Privilege Dropping / Lowering Errors', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-272', + name: 'Least Privilege Violation', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-273', + name: 'Improper Check for Dropped Privileges', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-274', + name: 'Improper Handling of Insufficient Privileges', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-276', + name: 'Incorrect Default Permissions', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-277', + name: 'Insecure Inherited Permissions', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-278', + name: 'Insecure Preserved Inherited Permissions', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-279', + name: 'Incorrect Execution-Assigned Permissions', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-28', + name: "Path Traversal: '..\\filedir'", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-280', + name: 'Improper Handling of Insufficient Permissions or Privileges ', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-281', + name: 'Improper Preservation of Permissions', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-282', + name: 'Improper Ownership Management', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-283', + name: 'Unverified Ownership', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-284', + name: 'Improper Access Control', + status: 'Incomplete', + usage: 'Discouraged', + }, + { + id: 'CWE-285', + name: 'Improper Authorization', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-286', + name: 'Incorrect User Management', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-287', + name: 'Improper Authentication', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-288', + name: 'Authentication Bypass Using an Alternate Path or Channel', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-289', + name: 'Authentication Bypass by Alternate Name', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-29', + name: "Path Traversal: '\\..\\filename'", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-290', + name: 'Authentication Bypass by Spoofing', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-291', + name: 'Reliance on IP Address for Authentication', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-292', + name: 'DEPRECATED: Trusting Self-reported DNS Name', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-293', + name: 'Using Referer Field for Authentication', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-294', + name: 'Authentication Bypass by Capture-replay', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-295', + name: 'Improper Certificate Validation', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-296', + name: "Improper Following of a Certificate's Chain of Trust", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-297', + name: 'Improper Validation of Certificate with Host Mismatch', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-298', + name: 'Improper Validation of Certificate Expiration', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-299', + name: 'Improper Check for Certificate Revocation', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-30', + name: "Path Traversal: '\\dir\\..\\filename'", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-300', + name: 'Channel Accessible by Non-Endpoint', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-301', + name: 'Reflection Attack in an Authentication Protocol', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-302', + name: 'Authentication Bypass by Assumed-Immutable Data', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-303', + name: 'Incorrect Implementation of Authentication Algorithm', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-304', + name: 'Missing Critical Step in Authentication', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-305', + name: 'Authentication Bypass by Primary Weakness', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-306', + name: 'Missing Authentication for Critical Function', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-307', + name: 'Improper Restriction of Excessive Authentication Attempts', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-308', + name: 'Use of Single-factor Authentication', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-309', + name: 'Use of Password System for Primary Authentication', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-31', + name: "Path Traversal: 'dir\\..\\..\\filename'", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-311', + name: 'Missing Encryption of Sensitive Data', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-312', + name: 'Cleartext Storage of Sensitive Information', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-313', + name: 'Cleartext Storage in a File or on Disk', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-314', + name: 'Cleartext Storage in the Registry', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-315', + name: 'Cleartext Storage of Sensitive Information in a Cookie', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-316', + name: 'Cleartext Storage of Sensitive Information in Memory', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-317', + name: 'Cleartext Storage of Sensitive Information in GUI', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-318', + name: 'Cleartext Storage of Sensitive Information in Executable', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-319', + name: 'Cleartext Transmission of Sensitive Information', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-32', + name: "Path Traversal: '...' (Triple Dot)", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-321', + name: 'Use of Hard-coded Cryptographic Key', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-322', + name: 'Key Exchange without Entity Authentication', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-323', + name: 'Reusing a Nonce, Key Pair in Encryption', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-324', + name: 'Use of a Key Past its Expiration Date', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-325', + name: 'Missing Cryptographic Step', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-326', + name: 'Inadequate Encryption Strength', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-327', + name: 'Use of a Broken or Risky Cryptographic Algorithm', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-328', + name: 'Use of Weak Hash', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-329', + name: 'Generation of Predictable IV with CBC Mode', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-33', + name: "Path Traversal: '....' (Multiple Dot)", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-330', + name: 'Use of Insufficiently Random Values', + status: 'Stable', + usage: 'Discouraged', + }, + { + id: 'CWE-331', + name: 'Insufficient Entropy', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-332', + name: 'Insufficient Entropy in PRNG', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-333', + name: 'Improper Handling of Insufficient Entropy in TRNG', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-334', + name: 'Small Space of Random Values', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-335', + name: 'Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-336', + name: 'Same Seed in Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-337', + name: 'Predictable Seed in Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-338', + name: 'Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-339', + name: 'Small Seed Space in PRNG', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-34', + name: "Path Traversal: '....//'", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-340', + name: 'Generation of Predictable Numbers or Identifiers', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-341', + name: 'Predictable from Observable State', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-342', + name: 'Predictable Exact Value from Previous Values', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-343', + name: 'Predictable Value Range from Previous Values', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-344', + name: 'Use of Invariant Value in Dynamically Changing Context', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-345', + name: 'Insufficient Verification of Data Authenticity', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-346', + name: 'Origin Validation Error', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-347', + name: 'Improper Verification of Cryptographic Signature', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-348', + name: 'Use of Less Trusted Source', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-349', + name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-35', + name: "Path Traversal: '.../...//'", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-350', + name: 'Reliance on Reverse DNS Resolution for a Security-Critical Action', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-351', + name: 'Insufficient Type Distinction', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-352', + name: 'Cross-Site Request Forgery (CSRF)', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-353', + name: 'Missing Support for Integrity Check', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-354', + name: 'Improper Validation of Integrity Check Value', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-356', + name: 'Product UI does not Warn User of Unsafe Actions', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-357', + name: 'Insufficient UI Warning of Dangerous Operations', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-358', + name: 'Improperly Implemented Security Check for Standard', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-359', + name: 'Exposure of Private Personal Information to an Unauthorized Actor', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-36', + name: 'Absolute Path Traversal', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-360', + name: 'Trust of System Event Data', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-362', + name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-363', + name: 'Race Condition Enabling Link Following', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-364', + name: 'Signal Handler Race Condition', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-365', + name: 'DEPRECATED: Race Condition in Switch', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-366', + name: 'Race Condition within a Thread', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-367', + name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-368', + name: 'Context Switching Race Condition', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-369', + name: 'Divide By Zero', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-37', + name: "Path Traversal: '/absolute/pathname/here'", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-370', + name: 'Missing Check for Certificate Revocation after Initial Check', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-372', + name: 'Incomplete Internal State Distinction', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-373', + name: 'DEPRECATED: State Synchronization Error', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-374', + name: 'Passing Mutable Objects to an Untrusted Method', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-375', + name: 'Returning a Mutable Object to an Untrusted Caller', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-377', + name: 'Insecure Temporary File', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-378', + name: 'Creation of Temporary File With Insecure Permissions', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-379', + name: 'Creation of Temporary File in Directory with Insecure Permissions', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-38', + name: "Path Traversal: '\\absolute\\pathname\\here'", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-382', + name: 'J2EE Bad Practices: Use of System.exit()', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-383', + name: 'J2EE Bad Practices: Direct Use of Threads', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-384', + name: 'Session Fixation', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-385', + name: 'Covert Timing Channel', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-386', + name: 'Symbolic Name not Mapping to Correct Object', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-39', + name: "Path Traversal: 'C:dirname'", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-390', + name: 'Detection of Error Condition Without Action', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-391', + name: 'Unchecked Error Condition', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-392', + name: 'Missing Report of Error Condition', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-393', + name: 'Return of Wrong Status Code', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-394', + name: 'Unexpected Status Code or Return Value', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-395', + name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-396', + name: 'Declaration of Catch for Generic Exception', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-397', + name: 'Declaration of Throws for Generic Exception', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-40', + name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-400', + name: 'Uncontrolled Resource Consumption', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-401', + name: 'Missing Release of Memory after Effective Lifetime', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-402', + name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-403', + name: "Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-404', + name: 'Improper Resource Shutdown or Release', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-405', + name: 'Asymmetric Resource Consumption (Amplification)', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-406', + name: 'Insufficient Control of Network Message Volume (Network Amplification)', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-407', + name: 'Inefficient Algorithmic Complexity', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-408', + name: 'Incorrect Behavior Order: Early Amplification', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-409', + name: 'Improper Handling of Highly Compressed Data (Data Amplification)', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-41', + name: 'Improper Resolution of Path Equivalence', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-410', + name: 'Insufficient Resource Pool', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-412', + name: 'Unrestricted Externally Accessible Lock', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-413', + name: 'Improper Resource Locking', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-414', + name: 'Missing Lock Check', + status: 'Draft', + usage: 'Allowed', + }, + { id: 'CWE-415', name: 'Double Free', status: 'Draft', usage: 'Allowed' }, + { + id: 'CWE-416', + name: 'Use After Free', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-419', + name: 'Unprotected Primary Channel', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-42', + name: "Path Equivalence: 'filename.' (Trailing Dot)", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-420', + name: 'Unprotected Alternate Channel', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-421', + name: 'Race Condition During Access to Alternate Channel', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-422', + name: "Unprotected Windows Messaging Channel ('Shatter')", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-423', + name: 'DEPRECATED: Proxied Trusted Channel', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-424', + name: 'Improper Protection of Alternate Path', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-425', + name: "Direct Request ('Forced Browsing')", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-426', + name: 'Untrusted Search Path', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-427', + name: 'Uncontrolled Search Path Element', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-428', + name: 'Unquoted Search Path or Element', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-43', + name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-430', + name: 'Deployment of Wrong Handler', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-431', + name: 'Missing Handler', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-432', + name: 'Dangerous Signal Handler not Disabled During Sensitive Operations', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-433', + name: 'Unparsed Raw Web Content Delivery', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-434', + name: 'Unrestricted Upload of File with Dangerous Type', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-435', + name: 'Improper Interaction Between Multiple Correctly-Behaving Entities', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-436', + name: 'Interpretation Conflict', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-437', + name: 'Incomplete Model of Endpoint Features', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-439', + name: 'Behavioral Change in New Version or Environment', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-44', + name: "Path Equivalence: 'file.name' (Internal Dot)", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-440', + name: 'Expected Behavior Violation', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-441', + name: "Unintended Proxy or Intermediary ('Confused Deputy')", + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-443', + name: 'DEPRECATED: HTTP response splitting', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-444', + name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-446', + name: 'UI Discrepancy for Security Feature', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-447', + name: 'Unimplemented or Unsupported Feature in UI', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-448', + name: 'Obsolete Feature in UI', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-449', + name: 'The UI Performs the Wrong Action', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-45', + name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-450', + name: 'Multiple Interpretations of UI Input', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-451', + name: 'User Interface (UI) Misrepresentation of Critical Information', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-453', + name: 'Insecure Default Variable Initialization', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-454', + name: 'External Initialization of Trusted Variables or Data Stores', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-455', + name: 'Non-exit on Failed Initialization', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-456', + name: 'Missing Initialization of a Variable', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-457', + name: 'Use of Uninitialized Variable', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-458', + name: 'DEPRECATED: Incorrect Initialization', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-459', + name: 'Incomplete Cleanup', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-46', + name: "Path Equivalence: 'filename ' (Trailing Space)", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-460', + name: 'Improper Cleanup on Thrown Exception', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-462', + name: 'Duplicate Key in Associative List (Alist)', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-463', + name: 'Deletion of Data Structure Sentinel', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-464', + name: 'Addition of Data Structure Sentinel', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-466', + name: 'Return of Pointer Value Outside of Expected Range', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-467', + name: 'Use of sizeof() on a Pointer Type', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-468', + name: 'Incorrect Pointer Scaling', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-469', + name: 'Use of Pointer Subtraction to Determine Size', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-47', + name: "Path Equivalence: ' filename' (Leading Space)", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-470', + name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-471', + name: 'Modification of Assumed-Immutable Data (MAID)', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-472', + name: 'External Control of Assumed-Immutable Web Parameter', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-473', + name: 'PHP External Variable Modification', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-474', + name: 'Use of Function with Inconsistent Implementations', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-475', + name: 'Undefined Behavior for Input to API', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-476', + name: 'NULL Pointer Dereference', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-477', + name: 'Use of Obsolete Function', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-478', + name: 'Missing Default Case in Multiple Condition Expression', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-479', + name: 'Signal Handler Use of a Non-reentrant Function', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-48', + name: "Path Equivalence: 'file name' (Internal Whitespace)", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-480', + name: 'Use of Incorrect Operator', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-481', + name: 'Assigning instead of Comparing', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-482', + name: 'Comparing instead of Assigning', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-483', + name: 'Incorrect Block Delimitation', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-484', + name: 'Omitted Break Statement in Switch', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-486', + name: 'Comparison of Classes by Name', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-487', + name: 'Reliance on Package-level Scope', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-488', + name: 'Exposure of Data Element to Wrong Session', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-489', + name: 'Active Debug Code', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-49', + name: "Path Equivalence: 'filename/' (Trailing Slash)", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-491', + name: "Public cloneable() Method Without Final ('Object Hijack')", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-492', + name: 'Use of Inner Class Containing Sensitive Data', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-493', + name: 'Critical Public Variable Without Final Modifier', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-494', + name: 'Download of Code Without Integrity Check', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-495', + name: 'Private Data Structure Returned From A Public Method', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-496', + name: 'Public Data Assigned to Private Array-Typed Field', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-497', + name: 'Exposure of Sensitive System Information to an Unauthorized Control Sphere', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-498', + name: 'Cloneable Class Containing Sensitive Information', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-499', + name: 'Serializable Class Containing Sensitive Data', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-5', + name: 'J2EE Misconfiguration: Data Transmission Without Encryption', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-50', + name: "Path Equivalence: '//multiple/leading/slash'", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-500', + name: 'Public Static Field Not Marked Final', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-501', + name: 'Trust Boundary Violation', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-502', + name: 'Deserialization of Untrusted Data', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-506', + name: 'Embedded Malicious Code', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-507', + name: 'Trojan Horse', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-508', + name: 'Non-Replicating Malicious Code', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-509', + name: 'Replicating Malicious Code (Virus or Worm)', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-51', + name: "Path Equivalence: '/multiple//internal/slash'", + status: 'Incomplete', + usage: 'Allowed', + }, + { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete', usage: 'Allowed' }, + { + id: 'CWE-511', + name: 'Logic/Time Bomb', + status: 'Incomplete', + usage: 'Allowed', + }, + { id: 'CWE-512', name: 'Spyware', status: 'Incomplete', usage: 'Allowed' }, + { + id: 'CWE-514', + name: 'Covert Channel', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-515', + name: 'Covert Storage Channel', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-516', + name: 'DEPRECATED: Covert Timing Channel', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-52', + name: "Path Equivalence: '/multiple/trailing/slash//'", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-520', + name: '.NET Misconfiguration: Use of Impersonation', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-521', + name: 'Weak Password Requirements', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-522', + name: 'Insufficiently Protected Credentials', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-523', + name: 'Unprotected Transport of Credentials', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-524', + name: 'Use of Cache Containing Sensitive Information', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-525', + name: 'Use of Web Browser Cache Containing Sensitive Information', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-526', + name: 'Cleartext Storage of Sensitive Information in an Environment Variable', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-527', + name: 'Exposure of Version-Control Repository to an Unauthorized Control Sphere', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-528', + name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-529', + name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-53', + name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-530', + name: 'Exposure of Backup File to an Unauthorized Control Sphere', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-531', + name: 'Inclusion of Sensitive Information in Test Code', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-532', + name: 'Insertion of Sensitive Information into Log File', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-533', + name: 'DEPRECATED: Information Exposure Through Server Log Files', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-534', + name: 'DEPRECATED: Information Exposure Through Debug Log Files', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-535', + name: 'Exposure of Information Through Shell Error Message', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-536', + name: 'Servlet Runtime Error Message Containing Sensitive Information', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-537', + name: 'Java Runtime Error Message Containing Sensitive Information', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-538', + name: 'Insertion of Sensitive Information into Externally-Accessible File or Directory', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-539', + name: 'Use of Persistent Cookies Containing Sensitive Information', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-54', + name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-540', + name: 'Inclusion of Sensitive Information in Source Code', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-541', + name: 'Inclusion of Sensitive Information in an Include File', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-542', + name: 'DEPRECATED: Information Exposure Through Cleanup Log Files', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-543', + name: 'Use of Singleton Pattern Without Synchronization in a Multithreaded Context', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-544', + name: 'Missing Standardized Error Handling Mechanism', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-545', + name: 'DEPRECATED: Use of Dynamic Class Loading', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-546', + name: 'Suspicious Comment', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-547', + name: 'Use of Hard-coded, Security-relevant Constants', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-548', + name: 'Exposure of Information Through Directory Listing', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-549', + name: 'Missing Password Field Masking', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-55', + name: "Path Equivalence: '/./' (Single Dot Directory)", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-550', + name: 'Server-generated Error Message Containing Sensitive Information', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-551', + name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-552', + name: 'Files or Directories Accessible to External Parties', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-553', + name: 'Command Shell in Externally Accessible Directory', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-554', + name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-555', + name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-556', + name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-558', + name: 'Use of getlogin() in Multithreaded Application', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-56', + name: "Path Equivalence: 'filedir*' (Wildcard)", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-560', + name: 'Use of umask() with chmod-style Argument', + status: 'Draft', + usage: 'Allowed', + }, + { id: 'CWE-561', name: 'Dead Code', status: 'Draft', usage: 'Allowed' }, + { + id: 'CWE-562', + name: 'Return of Stack Variable Address', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-563', + name: 'Assignment to Variable without Use', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-564', + name: 'SQL Injection: Hibernate', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-565', + name: 'Reliance on Cookies without Validation and Integrity Checking', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-566', + name: 'Authorization Bypass Through User-Controlled SQL Primary Key', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-567', + name: 'Unsynchronized Access to Shared Data in a Multithreaded Context', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-568', + name: 'finalize() Method Without super.finalize()', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-57', + name: "Path Equivalence: 'fakedir/../realdir/filename'", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-570', + name: 'Expression is Always False', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-571', + name: 'Expression is Always True', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-572', + name: 'Call to Thread run() instead of start()', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-573', + name: 'Improper Following of Specification by Caller', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-574', + name: 'EJB Bad Practices: Use of Synchronization Primitives', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-575', + name: 'EJB Bad Practices: Use of AWT Swing', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-576', + name: 'EJB Bad Practices: Use of Java I/O', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-577', + name: 'EJB Bad Practices: Use of Sockets', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-578', + name: 'EJB Bad Practices: Use of Class Loader', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-579', + name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-58', + name: 'Path Equivalence: Windows 8.3 Filename', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-580', + name: 'clone() Method Without super.clone()', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-581', + name: 'Object Model Violation: Just One of Equals and Hashcode Defined', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-582', + name: 'Array Declared Public, Final, and Static', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-583', + name: 'finalize() Method Declared Public', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-584', + name: 'Return Inside Finally Block', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-585', + name: 'Empty Synchronized Block', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-586', + name: 'Explicit Call to Finalize()', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-587', + name: 'Assignment of a Fixed Address to a Pointer', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-588', + name: 'Attempt to Access Child of a Non-structure Pointer', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-589', + name: 'Call to Non-ubiquitous API', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-59', + name: "Improper Link Resolution Before File Access ('Link Following')", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-590', + name: 'Free of Memory not on the Heap', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-591', + name: 'Sensitive Data Storage in Improperly Locked Memory', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-592', + name: 'DEPRECATED: Authentication Bypass Issues', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-593', + name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-594', + name: 'J2EE Framework: Saving Unserializable Objects to Disk', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-595', + name: 'Comparison of Object References Instead of Object Contents', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-596', + name: 'DEPRECATED: Incorrect Semantic Object Comparison', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-597', + name: 'Use of Wrong Operator in String Comparison', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-598', + name: 'Use of GET Request Method With Sensitive Query Strings', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-599', + name: 'Missing Validation of OpenSSL Certificate', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-6', + name: 'J2EE Misconfiguration: Insufficient Session-ID Length', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-600', + name: 'Uncaught Exception in Servlet ', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-601', + name: "URL Redirection to Untrusted Site ('Open Redirect')", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-602', + name: 'Client-Side Enforcement of Server-Side Security', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-603', + name: 'Use of Client-Side Authentication', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-605', + name: 'Multiple Binds to the Same Port', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-606', + name: 'Unchecked Input for Loop Condition', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-607', + name: 'Public Static Final Field References Mutable Object', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-608', + name: 'Struts: Non-private Field in ActionForm Class', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-609', + name: 'Double-Checked Locking', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-61', + name: 'UNIX Symbolic Link (Symlink) Following', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-610', + name: 'Externally Controlled Reference to a Resource in Another Sphere', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-611', + name: 'Improper Restriction of XML External Entity Reference', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-612', + name: 'Improper Authorization of Index Containing Sensitive Information', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-613', + name: 'Insufficient Session Expiration', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-614', + name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-615', + name: 'Inclusion of Sensitive Information in Source Code Comments', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-616', + name: 'Incomplete Identification of Uploaded File Variables (PHP)', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-617', + name: 'Reachable Assertion', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-618', + name: 'Exposed Unsafe ActiveX Method', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-619', + name: "Dangling Database Cursor ('Cursor Injection')", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-62', + name: 'UNIX Hard Link', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-620', + name: 'Unverified Password Change', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-621', + name: 'Variable Extraction Error', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-622', + name: 'Improper Validation of Function Hook Arguments', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-623', + name: 'Unsafe ActiveX Control Marked Safe For Scripting', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-624', + name: 'Executable Regular Expression Error', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-625', + name: 'Permissive Regular Expression', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-626', + name: 'Null Byte Interaction Error (Poison Null Byte)', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-627', + name: 'Dynamic Variable Evaluation', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-628', + name: 'Function Call with Incorrectly Specified Arguments', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-636', + name: "Not Failing Securely ('Failing Open')", + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-637', + name: "Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')", + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-638', + name: 'Not Using Complete Mediation', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-639', + name: 'Authorization Bypass Through User-Controlled Key', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-64', + name: 'Windows Shortcut Following (.LNK)', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-640', + name: 'Weak Password Recovery Mechanism for Forgotten Password', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-641', + name: 'Improper Restriction of Names for Files and Other Resources', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-642', + name: 'External Control of Critical State Data', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-643', + name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-644', + name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-645', + name: 'Overly Restrictive Account Lockout Mechanism', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-646', + name: 'Reliance on File Name or Extension of Externally-Supplied File', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-647', + name: 'Use of Non-Canonical URL Paths for Authorization Decisions', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-648', + name: 'Incorrect Use of Privileged APIs', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-649', + name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-65', + name: 'Windows Hard Link', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-650', + name: 'Trusting HTTP Permission Methods on the Server Side', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-651', + name: 'Exposure of WSDL File Containing Sensitive Information', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-652', + name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-653', + name: 'Improper Isolation or Compartmentalization', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-654', + name: 'Reliance on a Single Factor in a Security Decision', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-655', + name: 'Insufficient Psychological Acceptability', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-656', + name: 'Reliance on Security Through Obscurity', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-657', + name: 'Violation of Secure Design Principles', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-66', + name: 'Improper Handling of File Names that Identify Virtual Resources', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-662', + name: 'Improper Synchronization', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-663', + name: 'Use of a Non-reentrant Function in a Concurrent Context', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-664', + name: 'Improper Control of a Resource Through its Lifetime', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-665', + name: 'Improper Initialization', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-666', + name: 'Operation on Resource in Wrong Phase of Lifetime', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-667', + name: 'Improper Locking', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-668', + name: 'Exposure of Resource to Wrong Sphere', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-669', + name: 'Incorrect Resource Transfer Between Spheres', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-67', + name: 'Improper Handling of Windows Device Names', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-670', + name: 'Always-Incorrect Control Flow Implementation', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-671', + name: 'Lack of Administrator Control over Security', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-672', + name: 'Operation on a Resource after Expiration or Release', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-673', + name: 'External Influence of Sphere Definition', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-674', + name: 'Uncontrolled Recursion', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-675', + name: 'Multiple Operations on Resource in Single-Operation Context', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-676', + name: 'Use of Potentially Dangerous Function', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-680', + name: 'Integer Overflow to Buffer Overflow', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-681', + name: 'Incorrect Conversion between Numeric Types', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-682', + name: 'Incorrect Calculation', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-683', + name: 'Function Call With Incorrect Order of Arguments', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-684', + name: 'Incorrect Provision of Specified Functionality', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-685', + name: 'Function Call With Incorrect Number of Arguments', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-686', + name: 'Function Call With Incorrect Argument Type', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-687', + name: 'Function Call With Incorrectly Specified Argument Value', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-688', + name: 'Function Call With Incorrect Variable or Reference as Argument', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-689', + name: 'Permission Race Condition During Resource Copy', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-69', + name: 'Improper Handling of Windows ::DATA Alternate Data Stream', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-690', + name: 'Unchecked Return Value to NULL Pointer Dereference', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-691', + name: 'Insufficient Control Flow Management', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-692', + name: 'Incomplete Denylist to Cross-Site Scripting', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-693', + name: 'Protection Mechanism Failure', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-694', + name: 'Use of Multiple Resources with Duplicate Identifier', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-695', + name: 'Use of Low-Level Functionality', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-696', + name: 'Incorrect Behavior Order', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-697', + name: 'Incorrect Comparison', + status: 'Incomplete', + usage: 'Discouraged', + }, + { + id: 'CWE-698', + name: 'Execution After Redirect (EAR)', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-7', + name: 'J2EE Misconfiguration: Missing Custom Error Page', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-703', + name: 'Improper Check or Handling of Exceptional Conditions', + status: 'Incomplete', + usage: 'Discouraged', + }, + { + id: 'CWE-704', + name: 'Incorrect Type Conversion or Cast', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-705', + name: 'Incorrect Control Flow Scoping', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-706', + name: 'Use of Incorrectly-Resolved Name or Reference', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-707', + name: 'Improper Neutralization', + status: 'Incomplete', + usage: 'Discouraged', + }, + { + id: 'CWE-708', + name: 'Incorrect Ownership Assignment', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-71', + name: "DEPRECATED: Apple '.DS_Store'", + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-710', + name: 'Improper Adherence to Coding Standards', + status: 'Incomplete', + usage: 'Discouraged', + }, + { + id: 'CWE-72', + name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-73', + name: 'External Control of File Name or Path', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-732', + name: 'Incorrect Permission Assignment for Critical Resource', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-733', + name: 'Compiler Optimization Removal or Modification of Security-critical Code', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-74', + name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", + status: 'Incomplete', + usage: 'Discouraged', + }, + { + id: 'CWE-749', + name: 'Exposed Dangerous Method or Function', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-75', + name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-754', + name: 'Improper Check for Unusual or Exceptional Conditions', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-755', + name: 'Improper Handling of Exceptional Conditions', + status: 'Incomplete', + usage: 'Discouraged', + }, + { + id: 'CWE-756', + name: 'Missing Custom Error Page', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-757', + name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-758', + name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-759', + name: 'Use of a One-Way Hash without a Salt', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-76', + name: 'Improper Neutralization of Equivalent Special Elements', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-760', + name: 'Use of a One-Way Hash with a Predictable Salt', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-761', + name: 'Free of Pointer not at Start of Buffer', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-762', + name: 'Mismatched Memory Management Routines', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-763', + name: 'Release of Invalid Pointer or Reference', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-764', + name: 'Multiple Locks of a Critical Resource', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-765', + name: 'Multiple Unlocks of a Critical Resource', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-766', + name: 'Critical Data Element Declared Public', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-767', + name: 'Access to Critical Private Variable via Public Method', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-768', + name: 'Incorrect Short Circuit Evaluation', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-769', + name: 'DEPRECATED: Uncontrolled File Descriptor Consumption', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-77', + name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-770', + name: 'Allocation of Resources Without Limits or Throttling', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-771', + name: 'Missing Reference to Active Allocated Resource', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-772', + name: 'Missing Release of Resource after Effective Lifetime', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-773', + name: 'Missing Reference to Active File Descriptor or Handle', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-774', + name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-775', + name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-776', + name: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-777', + name: 'Regular Expression without Anchors', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-778', + name: 'Insufficient Logging', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-779', + name: 'Logging of Excessive Data', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-78', + name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-780', + name: 'Use of RSA Algorithm without OAEP', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-781', + name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-782', + name: 'Exposed IOCTL with Insufficient Access Control', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-783', + name: 'Operator Precedence Logic Error', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-784', + name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-785', + name: 'Use of Path Manipulation Function without Maximum-sized Buffer', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-786', + name: 'Access of Memory Location Before Start of Buffer', + status: 'Incomplete', + usage: 'Discouraged', + }, + { + id: 'CWE-787', + name: 'Out-of-bounds Write', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-788', + name: 'Access of Memory Location After End of Buffer', + status: 'Incomplete', + usage: 'Discouraged', + }, + { + id: 'CWE-789', + name: 'Memory Allocation with Excessive Size Value', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-79', + name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-790', + name: 'Improper Filtering of Special Elements', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-791', + name: 'Incomplete Filtering of Special Elements', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-792', + name: 'Incomplete Filtering of One or More Instances of Special Elements', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-793', + name: 'Only Filtering One Instance of a Special Element', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-794', + name: 'Incomplete Filtering of Multiple Instances of Special Elements', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-795', + name: 'Only Filtering Special Elements at a Specified Location', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-796', + name: 'Only Filtering Special Elements Relative to a Marker', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-797', + name: 'Only Filtering Special Elements at an Absolute Position', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-798', + name: 'Use of Hard-coded Credentials', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-799', + name: 'Improper Control of Interaction Frequency', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-8', + name: 'J2EE Misconfiguration: Entity Bean Declared Remote', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-80', + name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-804', + name: 'Guessable CAPTCHA', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-805', + name: 'Buffer Access with Incorrect Length Value', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-806', + name: 'Buffer Access Using Size of Source Buffer', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-807', + name: 'Reliance on Untrusted Inputs in a Security Decision', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-81', + name: 'Improper Neutralization of Script in an Error Message Web Page', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-82', + name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-820', + name: 'Missing Synchronization', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-821', + name: 'Incorrect Synchronization', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-822', + name: 'Untrusted Pointer Dereference', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-823', + name: 'Use of Out-of-range Pointer Offset', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-824', + name: 'Access of Uninitialized Pointer', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-825', + name: 'Expired Pointer Dereference', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-826', + name: 'Premature Release of Resource During Expected Lifetime', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-827', + name: 'Improper Control of Document Type Definition', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-828', + name: 'Signal Handler with Functionality that is not Asynchronous-Safe', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-829', + name: 'Inclusion of Functionality from Untrusted Control Sphere', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-83', + name: 'Improper Neutralization of Script in Attributes in a Web Page', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-830', + name: 'Inclusion of Web Functionality from an Untrusted Source', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-831', + name: 'Signal Handler Function Associated with Multiple Signals', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-832', + name: 'Unlock of a Resource that is not Locked', + status: 'Incomplete', + usage: 'Allowed', + }, + { id: 'CWE-833', name: 'Deadlock', status: 'Incomplete', usage: 'Allowed' }, + { + id: 'CWE-834', + name: 'Excessive Iteration', + status: 'Incomplete', + usage: 'Discouraged', + }, + { + id: 'CWE-835', + name: "Loop with Unreachable Exit Condition ('Infinite Loop')", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-836', + name: 'Use of Password Hash Instead of Password for Authentication', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-837', + name: 'Improper Enforcement of a Single, Unique Action', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-838', + name: 'Inappropriate Encoding for Output Context', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-839', + name: 'Numeric Range Comparison Without Minimum Check', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-84', + name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-841', + name: 'Improper Enforcement of Behavioral Workflow', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-842', + name: 'Placement of User into Incorrect Group', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-843', + name: "Access of Resource Using Incompatible Type ('Type Confusion')", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-85', + name: 'Doubled Character XSS Manipulations', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-86', + name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-862', + name: 'Missing Authorization', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-863', + name: 'Incorrect Authorization', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-87', + name: 'Improper Neutralization of Alternate XSS Syntax', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-88', + name: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-89', + name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-9', + name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-90', + name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-908', + name: 'Use of Uninitialized Resource', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-909', + name: 'Missing Initialization of Resource', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-91', + name: 'XML Injection (aka Blind XPath Injection)', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-910', + name: 'Use of Expired File Descriptor', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-911', + name: 'Improper Update of Reference Count', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-912', + name: 'Hidden Functionality', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-913', + name: 'Improper Control of Dynamically-Managed Code Resources', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-914', + name: 'Improper Control of Dynamically-Identified Variables', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-915', + name: 'Improperly Controlled Modification of Dynamically-Determined Object Attributes', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-916', + name: 'Use of Password Hash With Insufficient Computational Effort', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-917', + name: "Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-918', + name: 'Server-Side Request Forgery (SSRF)', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-92', + name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-920', + name: 'Improper Restriction of Power Consumption', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-921', + name: 'Storage of Sensitive Data in a Mechanism without Access Control', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-922', + name: 'Insecure Storage of Sensitive Information', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-923', + name: 'Improper Restriction of Communication Channel to Intended Endpoints', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-924', + name: 'Improper Enforcement of Message Integrity During Transmission in a Communication Channel', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-925', + name: 'Improper Verification of Intent by Broadcast Receiver', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-926', + name: 'Improper Export of Android Application Components', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-927', + name: 'Use of Implicit Intent for Sensitive Communication', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-93', + name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-939', + name: 'Improper Authorization in Handler for Custom URL Scheme', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-94', + name: "Improper Control of Generation of Code ('Code Injection')", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-940', + name: 'Improper Verification of Source of a Communication Channel', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-941', + name: 'Incorrectly Specified Destination in a Communication Channel', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-942', + name: 'Permissive Cross-domain Policy with Untrusted Domains', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-943', + name: 'Improper Neutralization of Special Elements in Data Query Logic', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-95', + name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-96', + name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-97', + name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-98', + name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-99', + name: "Improper Control of Resource Identifiers ('Resource Injection')", + status: 'Draft', + usage: 'Allowed-with-Review', + }, + ], +} diff --git a/lib/cwec/4.16.js b/lib/cwec/4.16.js new file mode 100644 index 00000000..c153d3a3 --- /dev/null +++ b/lib/cwec/4.16.js @@ -0,0 +1,5770 @@ +export default { + date: '2024-11-19', + weaknesses: [ + { + id: 'CWE-1004', + name: "Sensitive Cookie Without 'HttpOnly' Flag", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1007', + name: 'Insufficient Visual Distinction of Homoglyphs Presented to User', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-102', + name: 'Struts: Duplicate Validation Forms', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1021', + name: 'Improper Restriction of Rendered UI Layers or Frames', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1022', + name: 'Use of Web Link to Untrusted Target with window.opener Access', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1023', + name: 'Incomplete Comparison with Missing Factors', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1024', + name: 'Comparison of Incompatible Types', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1025', + name: 'Comparison Using Wrong Factors', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-103', + name: 'Struts: Incomplete validate() Method Definition', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1037', + name: 'Processor Optimization Removal or Modification of Security-critical Code', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1038', + name: 'Insecure Automated Optimizations', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1039', + name: 'Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-104', + name: 'Struts: Form Bean Does Not Extend Validation Class', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1041', + name: 'Use of Redundant Code', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1042', + name: 'Static Member Data Element outside of a Singleton Class Element', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1043', + name: 'Data Element Aggregating an Excessively Large Number of Non-Primitive Elements', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1044', + name: 'Architecture with Number of Horizontal Layers Outside of Expected Range', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1045', + name: 'Parent Class with a Virtual Destructor and a Child Class without a Virtual Destructor', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1046', + name: 'Creation of Immutable Text Using String Concatenation', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1047', + name: 'Modules with Circular Dependencies', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1048', + name: 'Invokable Control Element with Large Number of Outward Calls', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1049', + name: 'Excessive Data Query Operations in a Large Data Table', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-105', + name: 'Struts: Form Field Without Validator', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1050', + name: 'Excessive Platform Resource Consumption within a Loop', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1051', + name: 'Initialization with Hard-Coded Network Resource Configuration Data', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1052', + name: 'Excessive Use of Hard-Coded Literals in Initialization', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1053', + name: 'Missing Documentation for Design', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1054', + name: 'Invocation of a Control Element at an Unnecessarily Deep Horizontal Layer', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1055', + name: 'Multiple Inheritance from Concrete Classes', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1056', + name: 'Invokable Control Element with Variadic Parameters', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1057', + name: 'Data Access Operations Outside of Expected Data Manager Component', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1058', + name: 'Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1059', + name: 'Insufficient Technical Documentation', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-106', + name: 'Struts: Plug-in Framework not in Use', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1060', + name: 'Excessive Number of Inefficient Server-Side Data Accesses', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1061', + name: 'Insufficient Encapsulation', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1062', + name: 'Parent Class with References to Child Class', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1063', + name: 'Creation of Class Instance within a Static Code Block', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1064', + name: 'Invokable Control Element with Signature Containing an Excessive Number of Parameters', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1065', + name: 'Runtime Resource Management Control Element in a Component Built to Run on Application Servers', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1066', + name: 'Missing Serialization Control Element', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1067', + name: 'Excessive Execution of Sequential Searches of Data Resource', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1068', + name: 'Inconsistency Between Implementation and Documented Design', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1069', + name: 'Empty Exception Block', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-107', + name: 'Struts: Unused Validation Form', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1070', + name: 'Serializable Data Element Containing non-Serializable Item Elements', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1071', + name: 'Empty Code Block', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1072', + name: 'Data Resource Access without Use of Connection Pooling', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1073', + name: 'Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1074', + name: 'Class with Excessively Deep Inheritance', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1075', + name: 'Unconditional Control Flow Transfer outside of Switch Block', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1076', + name: 'Insufficient Adherence to Expected Conventions', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1077', + name: 'Floating Point Comparison with Incorrect Operator', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1078', + name: 'Inappropriate Source Code Style or Formatting', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1079', + name: 'Parent Class without Virtual Destructor Method', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-108', + name: 'Struts: Unvalidated Action Form', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1080', + name: 'Source Code File with Excessive Number of Lines of Code', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1082', + name: 'Class Instance Self Destruction Control Element', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1083', + name: 'Data Access from Outside Expected Data Manager Component', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1084', + name: 'Invokable Control Element with Excessive File or Data Access Operations', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1085', + name: 'Invokable Control Element with Excessive Volume of Commented-out Code', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1086', + name: 'Class with Excessive Number of Child Classes', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1087', + name: 'Class with Virtual Method without a Virtual Destructor', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1088', + name: 'Synchronous Access of Remote Resource without Timeout', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1089', + name: 'Large Data Table with Excessive Number of Indices', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-109', + name: 'Struts: Validator Turned Off', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1090', + name: 'Method Containing Access of a Member Element from Another Class', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1091', + name: 'Use of Object without Invoking Destructor Method', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1092', + name: 'Use of Same Invokable Control Element in Multiple Architectural Layers', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1093', + name: 'Excessively Complex Data Representation', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1094', + name: 'Excessive Index Range Scan for a Data Resource', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1095', + name: 'Loop Condition Value Update within the Loop', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1096', + name: 'Singleton Class Instance Creation without Proper Locking or Synchronization', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1097', + name: 'Persistent Storable Data Element without Associated Comparison Control Element', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1098', + name: 'Data Element containing Pointer Item without Proper Copy Control Element', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1099', + name: 'Inconsistent Naming Conventions for Identifiers', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-11', + name: 'ASP.NET Misconfiguration: Creating Debug Binary', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-110', + name: 'Struts: Validator Without Form Field', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1100', + name: 'Insufficient Isolation of System-Dependent Functions', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1101', + name: 'Reliance on Runtime Component in Generated Code', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1102', + name: 'Reliance on Machine-Dependent Data Representation', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1103', + name: 'Use of Platform-Dependent Third Party Components', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1104', + name: 'Use of Unmaintained Third Party Components', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1105', + name: 'Insufficient Encapsulation of Machine-Dependent Functionality', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1106', + name: 'Insufficient Use of Symbolic Constants', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1107', + name: 'Insufficient Isolation of Symbolic Constant Definitions', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1108', + name: 'Excessive Reliance on Global Variables', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1109', + name: 'Use of Same Variable for Multiple Purposes', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-111', + name: 'Direct Use of Unsafe JNI', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1110', + name: 'Incomplete Design Documentation', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1111', + name: 'Incomplete I/O Documentation', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1112', + name: 'Incomplete Documentation of Program Execution', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1113', + name: 'Inappropriate Comment Style', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1114', + name: 'Inappropriate Whitespace Style', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1115', + name: 'Source Code Element without Standard Prologue', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1116', + name: 'Inaccurate Comments', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1117', + name: 'Callable with Insufficient Behavioral Summary', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1118', + name: 'Insufficient Documentation of Error Handling Techniques', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1119', + name: 'Excessive Use of Unconditional Branching', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-112', + name: 'Missing XML Validation', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1120', + name: 'Excessive Code Complexity', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1121', + name: 'Excessive McCabe Cyclomatic Complexity', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1122', + name: 'Excessive Halstead Complexity', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1123', + name: 'Excessive Use of Self-Modifying Code', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1124', + name: 'Excessively Deep Nesting', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1125', + name: 'Excessive Attack Surface', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1126', + name: 'Declaration of Variable with Unnecessarily Wide Scope', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1127', + name: 'Compilation with Insufficient Warnings or Errors', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-113', + name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-114', + name: 'Process Control', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-115', + name: 'Misinterpretation of Input', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-116', + name: 'Improper Encoding or Escaping of Output', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1164', + name: 'Irrelevant Code', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-117', + name: 'Improper Output Neutralization for Logs', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1173', + name: 'Improper Use of Validation Framework', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1174', + name: 'ASP.NET Misconfiguration: Improper Model Validation', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1176', + name: 'Inefficient CPU Computation', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1177', + name: 'Use of Prohibited Code', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-118', + name: "Incorrect Access of Indexable Resource ('Range Error')", + status: 'Incomplete', + usage: 'Discouraged', + }, + { + id: 'CWE-1187', + name: 'DEPRECATED: Use of Uninitialized Resource', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-1188', + name: 'Initialization of a Resource with an Insecure Default', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1189', + name: 'Improper Isolation of Shared Resources on System-on-a-Chip (SoC)', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-119', + name: 'Improper Restriction of Operations within the Bounds of a Memory Buffer', + status: 'Stable', + usage: 'Discouraged', + }, + { + id: 'CWE-1190', + name: 'DMA Device Enabled Too Early in Boot Phase', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1191', + name: 'On-Chip Debug and Test Interface With Improper Access Control', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-1192', + name: 'Improper Identifier for IP Block used in System-On-Chip (SOC)', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1193', + name: 'Power-On of Untrusted Execution Core Before Enabling Fabric Access Control', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-12', + name: 'ASP.NET Misconfiguration: Missing Custom Error Page', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-120', + name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1204', + name: 'Generation of Weak Initialization Vector (IV)', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1209', + name: 'Failure to Disable Reserved Bits', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-121', + name: 'Stack-based Buffer Overflow', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-122', + name: 'Heap-based Buffer Overflow', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1220', + name: 'Insufficient Granularity of Access Control', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1221', + name: 'Incorrect Register Defaults or Module Parameters', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1222', + name: 'Insufficient Granularity of Address Regions Protected by Register Locks', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1223', + name: 'Race Condition for Write-Once Attributes', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1224', + name: 'Improper Restriction of Write-Once Bit Fields', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1229', + name: 'Creation of Emergent Resource', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-123', + name: 'Write-what-where Condition', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1230', + name: 'Exposure of Sensitive Information Through Metadata', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1231', + name: 'Improper Prevention of Lock Bit Modification', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-1232', + name: 'Improper Lock Behavior After Power State Transition', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1233', + name: 'Security-Sensitive Hardware Controls with Missing Lock Bit Protection', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-1234', + name: 'Hardware Internal or Debug Modes Allow Override of Locks', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1235', + name: 'Incorrect Use of Autoboxing and Unboxing for Performance Critical Operations', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1236', + name: 'Improper Neutralization of Formula Elements in a CSV File', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1239', + name: 'Improper Zeroization of Hardware Register', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-124', + name: "Buffer Underwrite ('Buffer Underflow')", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1240', + name: 'Use of a Cryptographic Primitive with a Risky Implementation', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1241', + name: 'Use of Predictable Algorithm in Random Number Generator', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1242', + name: 'Inclusion of Undocumented Features or Chicken Bits', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1243', + name: 'Sensitive Non-Volatile Information Not Protected During Debug', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1244', + name: 'Internal Asset Exposed to Unsafe Debug Access Level or State', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-1245', + name: 'Improper Finite State Machines (FSMs) in Hardware Logic', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1246', + name: 'Improper Write Handling in Limited-write Non-Volatile Memories', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1247', + name: 'Improper Protection Against Voltage and Clock Glitches', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-1248', + name: 'Semiconductor Defects in Hardware Logic with Security-Sensitive Implications', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1249', + name: 'Application-Level Admin Tool with Inconsistent View of Underlying Operating System', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-125', + name: 'Out-of-bounds Read', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1250', + name: 'Improper Preservation of Consistency Between Independent Representations of Shared State', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1251', + name: 'Mirrored Regions with Different Values', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1252', + name: 'CPU Hardware Not Configured to Support Exclusivity of Write and Execute Operations', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1253', + name: 'Incorrect Selection of Fuse Values', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1254', + name: 'Incorrect Comparison Logic Granularity', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1255', + name: 'Comparison Logic is Vulnerable to Power Side-Channel Attacks', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1256', + name: 'Improper Restriction of Software Interfaces to Hardware Features', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-1257', + name: 'Improper Access Control Applied to Mirrored or Aliased Memory Regions', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1258', + name: 'Exposure of Sensitive System Information Due to Uncleared Debug Information', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1259', + name: 'Improper Restriction of Security Token Assignment', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-126', + name: 'Buffer Over-read', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1260', + name: 'Improper Handling of Overlap Between Protected Memory Ranges', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-1261', + name: 'Improper Handling of Single Event Upsets', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1262', + name: 'Improper Access Control for Register Interface', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-1263', + name: 'Improper Physical Access Control', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1264', + name: 'Hardware Logic with Insecure De-Synchronization between Control and Data Channels', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1265', + name: 'Unintended Reentrant Invocation of Non-reentrant Code Via Nested Calls', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1266', + name: 'Improper Scrubbing of Sensitive Data from Decommissioned Device', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1267', + name: 'Policy Uses Obsolete Encoding', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1268', + name: 'Policy Privileges are not Assigned Consistently Between Control and Data Agents', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1269', + name: 'Product Released in Non-Release Configuration', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-127', + name: 'Buffer Under-read', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1270', + name: 'Generation of Incorrect Security Tokens', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1271', + name: 'Uninitialized Value on Reset for Registers Holding Security Settings', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1272', + name: 'Sensitive Information Uncleared Before Debug/Power State Transition', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-1273', + name: 'Device Unlock Credential Sharing', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1274', + name: 'Improper Access Control for Volatile Memory Containing Boot Code', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-1275', + name: 'Sensitive Cookie with Improper SameSite Attribute', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1276', + name: 'Hardware Child Block Incorrectly Connected to Parent System', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1277', + name: 'Firmware Not Updateable', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1278', + name: 'Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1279', + name: 'Cryptographic Operations are run Before Supporting Units are Ready', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-128', + name: 'Wrap-around Error', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1280', + name: 'Access Control Check Implemented After Asset is Accessed', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1281', + name: 'Sequence of Processor Instructions Leads to Unexpected Behavior', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1282', + name: 'Assumed-Immutable Data is Stored in Writable Memory', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1283', + name: 'Mutable Attestation or Measurement Reporting Data', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1284', + name: 'Improper Validation of Specified Quantity in Input', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1285', + name: 'Improper Validation of Specified Index, Position, or Offset in Input', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1286', + name: 'Improper Validation of Syntactic Correctness of Input', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1287', + name: 'Improper Validation of Specified Type of Input', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1288', + name: 'Improper Validation of Consistency within Input', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1289', + name: 'Improper Validation of Unsafe Equivalence in Input', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-129', + name: 'Improper Validation of Array Index', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1290', + name: 'Incorrect Decoding of Security Identifiers ', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1291', + name: 'Public Key Re-Use for Signing both Debug and Production Code', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1292', + name: 'Incorrect Conversion of Security Identifiers', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1293', + name: 'Missing Source Correlation of Multiple Independent Data', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1294', + name: 'Insecure Security Identifier Mechanism', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1295', + name: 'Debug Messages Revealing Unnecessary Information', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1296', + name: 'Incorrect Chaining or Granularity of Debug Components', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1297', + name: 'Unprotected Confidential Information on Device is Accessible by OSAT Vendors', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1298', + name: 'Hardware Logic Contains Race Conditions', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1299', + name: 'Missing Protection Mechanism for Alternate Hardware Interface', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-13', + name: 'ASP.NET Misconfiguration: Password in Configuration File', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-130', + name: 'Improper Handling of Length Parameter Inconsistency', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1300', + name: 'Improper Protection of Physical Side Channels', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-1301', + name: 'Insufficient or Incomplete Data Removal within Hardware Component', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1302', + name: 'Missing Source Identifier in Entity Transactions on a System-On-Chip (SOC)', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1303', + name: 'Non-Transparent Sharing of Microarchitectural Resources', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1304', + name: 'Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-131', + name: 'Incorrect Calculation of Buffer Size', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1310', + name: 'Missing Ability to Patch ROM Code', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1311', + name: 'Improper Translation of Security Attributes by Fabric Bridge', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1312', + name: 'Missing Protection for Mirrored Regions in On-Chip Fabric Firewall', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1313', + name: 'Hardware Allows Activation of Test or Debug Logic at Runtime', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1314', + name: 'Missing Write Protection for Parametric Data Values', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1315', + name: 'Improper Setting of Bus Controlling Capability in Fabric End-point', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1316', + name: 'Fabric-Address Map Allows Programming of Unwarranted Overlaps of Protected and Unprotected Ranges', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1317', + name: 'Improper Access Control in Fabric Bridge', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1318', + name: 'Missing Support for Security Features in On-chip Fabrics or Buses', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1319', + name: 'Improper Protection against Electromagnetic Fault Injection (EM-FI)', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-132', + name: 'DEPRECATED: Miscalculated Null Termination', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-1320', + name: 'Improper Protection for Outbound Error Messages and Alert Signals', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1321', + name: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1322', + name: 'Use of Blocking Code in Single-threaded, Non-blocking Context', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1323', + name: 'Improper Management of Sensitive Trace Data', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1324', + name: 'DEPRECATED: Sensitive Information Accessible by Physical Probing of JTAG Interface', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-1325', + name: 'Improperly Controlled Sequential Memory Allocation', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1326', + name: 'Missing Immutable Root of Trust in Hardware', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1327', + name: 'Binding to an Unrestricted IP Address', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1328', + name: 'Security Version Number Mutable to Older Versions', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1329', + name: 'Reliance on Component That is Not Updateable', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1330', + name: 'Remanent Data Readable after Memory Erase', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1331', + name: 'Improper Isolation of Shared Resources in Network On Chip (NoC)', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-1332', + name: 'Improper Handling of Faults that Lead to Instruction Skips', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-1333', + name: 'Inefficient Regular Expression Complexity', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1334', + name: 'Unauthorized Error Injection Can Degrade Hardware Redundancy', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1335', + name: 'Incorrect Bitwise Shift of Integer', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1336', + name: 'Improper Neutralization of Special Elements Used in a Template Engine', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1338', + name: 'Improper Protections Against Hardware Overheating', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1339', + name: 'Insufficient Precision or Accuracy of a Real Number', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-134', + name: 'Use of Externally-Controlled Format String', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1341', + name: 'Multiple Releases of Same Resource or Handle', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1342', + name: 'Information Exposure through Microarchitectural State after Transient Execution', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-135', + name: 'Incorrect Calculation of Multi-Byte String Length', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1351', + name: 'Improper Handling of Hardware Behavior in Exceptionally Cold Environments', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1357', + name: 'Reliance on Insufficiently Trustworthy Component', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-138', + name: 'Improper Neutralization of Special Elements', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-1384', + name: 'Improper Handling of Physical or Environmental Conditions', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1385', + name: 'Missing Origin Validation in WebSockets', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1386', + name: 'Insecure Operation on Windows Junction / Mount Point', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1389', + name: 'Incorrect Parsing of Numbers with Different Radices', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1390', + name: 'Weak Authentication', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1391', + name: 'Use of Weak Credentials', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1392', + name: 'Use of Default Credentials', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1393', + name: 'Use of Default Password', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1394', + name: 'Use of Default Cryptographic Key', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1395', + name: 'Dependency on Vulnerable Third-Party Component', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-14', + name: 'Compiler Removal of Code to Clear Buffers', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-140', + name: 'Improper Neutralization of Delimiters', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-141', + name: 'Improper Neutralization of Parameter/Argument Delimiters', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1419', + name: 'Incorrect Initialization of Resource', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-142', + name: 'Improper Neutralization of Value Delimiters', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1420', + name: 'Exposure of Sensitive Information during Transient Execution', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1421', + name: 'Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1422', + name: 'Exposure of Sensitive Information caused by Incorrect Data Forwarding during Transient Execution', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1423', + name: 'Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Transient Execution', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1426', + name: 'Improper Validation of Generative AI Output', + status: 'Incomplete', + usage: 'Discouraged', + }, + { + id: 'CWE-1427', + name: 'Improper Neutralization of Input Used for LLM Prompting', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-143', + name: 'Improper Neutralization of Record Delimiters', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-144', + name: 'Improper Neutralization of Line Delimiters', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-145', + name: 'Improper Neutralization of Section Delimiters', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-146', + name: 'Improper Neutralization of Expression/Command Delimiters', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-147', + name: 'Improper Neutralization of Input Terminators', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-148', + name: 'Improper Neutralization of Input Leaders', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-149', + name: 'Improper Neutralization of Quoting Syntax', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-15', + name: 'External Control of System or Configuration Setting', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-150', + name: 'Improper Neutralization of Escape, Meta, or Control Sequences', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-151', + name: 'Improper Neutralization of Comment Delimiters', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-152', + name: 'Improper Neutralization of Macro Symbols', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-153', + name: 'Improper Neutralization of Substitution Characters', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-154', + name: 'Improper Neutralization of Variable Name Delimiters', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-155', + name: 'Improper Neutralization of Wildcards or Matching Symbols', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-156', + name: 'Improper Neutralization of Whitespace', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-157', + name: 'Failure to Sanitize Paired Delimiters', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-158', + name: 'Improper Neutralization of Null Byte or NUL Character', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-159', + name: 'Improper Handling of Invalid Use of Special Elements', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-160', + name: 'Improper Neutralization of Leading Special Elements', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-161', + name: 'Improper Neutralization of Multiple Leading Special Elements', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-162', + name: 'Improper Neutralization of Trailing Special Elements', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-163', + name: 'Improper Neutralization of Multiple Trailing Special Elements', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-164', + name: 'Improper Neutralization of Internal Special Elements', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-165', + name: 'Improper Neutralization of Multiple Internal Special Elements', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-166', + name: 'Improper Handling of Missing Special Element', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-167', + name: 'Improper Handling of Additional Special Element', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-168', + name: 'Improper Handling of Inconsistent Special Elements', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-170', + name: 'Improper Null Termination', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-172', + name: 'Encoding Error', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-173', + name: 'Improper Handling of Alternate Encoding', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-174', + name: 'Double Decoding of the Same Data', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-175', + name: 'Improper Handling of Mixed Encoding', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-176', + name: 'Improper Handling of Unicode Encoding', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-177', + name: 'Improper Handling of URL Encoding (Hex Encoding)', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-178', + name: 'Improper Handling of Case Sensitivity', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-179', + name: 'Incorrect Behavior Order: Early Validation', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-180', + name: 'Incorrect Behavior Order: Validate Before Canonicalize', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-181', + name: 'Incorrect Behavior Order: Validate Before Filter', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-182', + name: 'Collapse of Data into Unsafe Value', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-183', + name: 'Permissive List of Allowed Inputs', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-184', + name: 'Incomplete List of Disallowed Inputs', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-185', + name: 'Incorrect Regular Expression', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-186', + name: 'Overly Restrictive Regular Expression', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-187', + name: 'Partial String Comparison', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-188', + name: 'Reliance on Data/Memory Layout', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-190', + name: 'Integer Overflow or Wraparound', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-191', + name: 'Integer Underflow (Wrap or Wraparound)', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-192', + name: 'Integer Coercion Error', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-193', + name: 'Off-by-one Error', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-194', + name: 'Unexpected Sign Extension', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-195', + name: 'Signed to Unsigned Conversion Error', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-196', + name: 'Unsigned to Signed Conversion Error', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-197', + name: 'Numeric Truncation Error', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-198', + name: 'Use of Incorrect Byte Ordering', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-20', + name: 'Improper Input Validation', + status: 'Stable', + usage: 'Discouraged', + }, + { + id: 'CWE-200', + name: 'Exposure of Sensitive Information to an Unauthorized Actor', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-201', + name: 'Insertion of Sensitive Information Into Sent Data', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-202', + name: 'Exposure of Sensitive Information Through Data Queries', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-203', + name: 'Observable Discrepancy', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-204', + name: 'Observable Response Discrepancy', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-205', + name: 'Observable Behavioral Discrepancy', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-206', + name: 'Observable Internal Behavioral Discrepancy', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-207', + name: 'Observable Behavioral Discrepancy With Equivalent Products', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-208', + name: 'Observable Timing Discrepancy', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-209', + name: 'Generation of Error Message Containing Sensitive Information', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-210', + name: 'Self-generated Error Message Containing Sensitive Information', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-211', + name: 'Externally-Generated Error Message Containing Sensitive Information', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-212', + name: 'Improper Removal of Sensitive Information Before Storage or Transfer', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-213', + name: 'Exposure of Sensitive Information Due to Incompatible Policies', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-214', + name: 'Invocation of Process Using Visible Sensitive Information', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-215', + name: 'Insertion of Sensitive Information Into Debugging Code', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-216', + name: 'DEPRECATED: Containment Errors (Container Errors)', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-217', + name: 'DEPRECATED: Failure to Protect Stored Data from Modification', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-218', + name: 'DEPRECATED: Failure to provide confidentiality for stored data', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-219', + name: 'Storage of File with Sensitive Data Under Web Root', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-22', + name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-220', + name: 'Storage of File With Sensitive Data Under FTP Root', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-221', + name: 'Information Loss or Omission', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-222', + name: 'Truncation of Security-relevant Information', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-223', + name: 'Omission of Security-relevant Information', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-224', + name: 'Obscured Security-relevant Information by Alternate Name', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-225', + name: 'DEPRECATED: General Information Management Problems', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-226', + name: 'Sensitive Information in Resource Not Removed Before Reuse', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-228', + name: 'Improper Handling of Syntactically Invalid Structure', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-229', + name: 'Improper Handling of Values', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-23', + name: 'Relative Path Traversal', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-230', + name: 'Improper Handling of Missing Values', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-231', + name: 'Improper Handling of Extra Values', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-232', + name: 'Improper Handling of Undefined Values', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-233', + name: 'Improper Handling of Parameters', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-234', + name: 'Failure to Handle Missing Parameter', + status: 'Incomplete', + usage: 'Discouraged', + }, + { + id: 'CWE-235', + name: 'Improper Handling of Extra Parameters', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-236', + name: 'Improper Handling of Undefined Parameters', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-237', + name: 'Improper Handling of Structural Elements', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-238', + name: 'Improper Handling of Incomplete Structural Elements', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-239', + name: 'Failure to Handle Incomplete Element', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-24', + name: "Path Traversal: '../filedir'", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-240', + name: 'Improper Handling of Inconsistent Structural Elements', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-241', + name: 'Improper Handling of Unexpected Data Type', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-242', + name: 'Use of Inherently Dangerous Function', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-243', + name: 'Creation of chroot Jail Without Changing Working Directory', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-244', + name: "Improper Clearing of Heap Memory Before Release ('Heap Inspection')", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-245', + name: 'J2EE Bad Practices: Direct Management of Connections', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-246', + name: 'J2EE Bad Practices: Direct Use of Sockets', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-247', + name: 'DEPRECATED: Reliance on DNS Lookups in a Security Decision', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-248', + name: 'Uncaught Exception', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-249', + name: 'DEPRECATED: Often Misused: Path Manipulation', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-25', + name: "Path Traversal: '/../filedir'", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-250', + name: 'Execution with Unnecessary Privileges', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-252', + name: 'Unchecked Return Value', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-253', + name: 'Incorrect Check of Function Return Value', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-256', + name: 'Plaintext Storage of a Password', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-257', + name: 'Storing Passwords in a Recoverable Format', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-258', + name: 'Empty Password in Configuration File', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-259', + name: 'Use of Hard-coded Password', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-26', + name: "Path Traversal: '/dir/../filename'", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-260', + name: 'Password in Configuration File', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-261', + name: 'Weak Encoding for Password', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-262', + name: 'Not Using Password Aging', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-263', + name: 'Password Aging with Long Expiration', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-266', + name: 'Incorrect Privilege Assignment', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-267', + name: 'Privilege Defined With Unsafe Actions', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-268', + name: 'Privilege Chaining', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-269', + name: 'Improper Privilege Management', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-27', + name: "Path Traversal: 'dir/../../filename'", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-270', + name: 'Privilege Context Switching Error', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-271', + name: 'Privilege Dropping / Lowering Errors', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-272', + name: 'Least Privilege Violation', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-273', + name: 'Improper Check for Dropped Privileges', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-274', + name: 'Improper Handling of Insufficient Privileges', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-276', + name: 'Incorrect Default Permissions', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-277', + name: 'Insecure Inherited Permissions', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-278', + name: 'Insecure Preserved Inherited Permissions', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-279', + name: 'Incorrect Execution-Assigned Permissions', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-28', + name: "Path Traversal: '..\\filedir'", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-280', + name: 'Improper Handling of Insufficient Permissions or Privileges ', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-281', + name: 'Improper Preservation of Permissions', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-282', + name: 'Improper Ownership Management', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-283', + name: 'Unverified Ownership', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-284', + name: 'Improper Access Control', + status: 'Incomplete', + usage: 'Discouraged', + }, + { + id: 'CWE-285', + name: 'Improper Authorization', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-286', + name: 'Incorrect User Management', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-287', + name: 'Improper Authentication', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-288', + name: 'Authentication Bypass Using an Alternate Path or Channel', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-289', + name: 'Authentication Bypass by Alternate Name', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-29', + name: "Path Traversal: '\\..\\filename'", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-290', + name: 'Authentication Bypass by Spoofing', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-291', + name: 'Reliance on IP Address for Authentication', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-292', + name: 'DEPRECATED: Trusting Self-reported DNS Name', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-293', + name: 'Using Referer Field for Authentication', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-294', + name: 'Authentication Bypass by Capture-replay', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-295', + name: 'Improper Certificate Validation', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-296', + name: "Improper Following of a Certificate's Chain of Trust", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-297', + name: 'Improper Validation of Certificate with Host Mismatch', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-298', + name: 'Improper Validation of Certificate Expiration', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-299', + name: 'Improper Check for Certificate Revocation', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-30', + name: "Path Traversal: '\\dir\\..\\filename'", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-300', + name: 'Channel Accessible by Non-Endpoint', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-301', + name: 'Reflection Attack in an Authentication Protocol', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-302', + name: 'Authentication Bypass by Assumed-Immutable Data', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-303', + name: 'Incorrect Implementation of Authentication Algorithm', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-304', + name: 'Missing Critical Step in Authentication', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-305', + name: 'Authentication Bypass by Primary Weakness', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-306', + name: 'Missing Authentication for Critical Function', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-307', + name: 'Improper Restriction of Excessive Authentication Attempts', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-308', + name: 'Use of Single-factor Authentication', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-309', + name: 'Use of Password System for Primary Authentication', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-31', + name: "Path Traversal: 'dir\\..\\..\\filename'", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-311', + name: 'Missing Encryption of Sensitive Data', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-312', + name: 'Cleartext Storage of Sensitive Information', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-313', + name: 'Cleartext Storage in a File or on Disk', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-314', + name: 'Cleartext Storage in the Registry', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-315', + name: 'Cleartext Storage of Sensitive Information in a Cookie', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-316', + name: 'Cleartext Storage of Sensitive Information in Memory', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-317', + name: 'Cleartext Storage of Sensitive Information in GUI', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-318', + name: 'Cleartext Storage of Sensitive Information in Executable', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-319', + name: 'Cleartext Transmission of Sensitive Information', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-32', + name: "Path Traversal: '...' (Triple Dot)", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-321', + name: 'Use of Hard-coded Cryptographic Key', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-322', + name: 'Key Exchange without Entity Authentication', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-323', + name: 'Reusing a Nonce, Key Pair in Encryption', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-324', + name: 'Use of a Key Past its Expiration Date', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-325', + name: 'Missing Cryptographic Step', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-326', + name: 'Inadequate Encryption Strength', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-327', + name: 'Use of a Broken or Risky Cryptographic Algorithm', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-328', + name: 'Use of Weak Hash', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-329', + name: 'Generation of Predictable IV with CBC Mode', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-33', + name: "Path Traversal: '....' (Multiple Dot)", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-330', + name: 'Use of Insufficiently Random Values', + status: 'Stable', + usage: 'Discouraged', + }, + { + id: 'CWE-331', + name: 'Insufficient Entropy', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-332', + name: 'Insufficient Entropy in PRNG', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-333', + name: 'Improper Handling of Insufficient Entropy in TRNG', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-334', + name: 'Small Space of Random Values', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-335', + name: 'Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-336', + name: 'Same Seed in Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-337', + name: 'Predictable Seed in Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-338', + name: 'Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-339', + name: 'Small Seed Space in PRNG', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-34', + name: "Path Traversal: '....//'", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-340', + name: 'Generation of Predictable Numbers or Identifiers', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-341', + name: 'Predictable from Observable State', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-342', + name: 'Predictable Exact Value from Previous Values', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-343', + name: 'Predictable Value Range from Previous Values', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-344', + name: 'Use of Invariant Value in Dynamically Changing Context', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-345', + name: 'Insufficient Verification of Data Authenticity', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-346', + name: 'Origin Validation Error', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-347', + name: 'Improper Verification of Cryptographic Signature', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-348', + name: 'Use of Less Trusted Source', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-349', + name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-35', + name: "Path Traversal: '.../...//'", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-350', + name: 'Reliance on Reverse DNS Resolution for a Security-Critical Action', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-351', + name: 'Insufficient Type Distinction', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-352', + name: 'Cross-Site Request Forgery (CSRF)', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-353', + name: 'Missing Support for Integrity Check', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-354', + name: 'Improper Validation of Integrity Check Value', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-356', + name: 'Product UI does not Warn User of Unsafe Actions', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-357', + name: 'Insufficient UI Warning of Dangerous Operations', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-358', + name: 'Improperly Implemented Security Check for Standard', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-359', + name: 'Exposure of Private Personal Information to an Unauthorized Actor', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-36', + name: 'Absolute Path Traversal', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-360', + name: 'Trust of System Event Data', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-362', + name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-363', + name: 'Race Condition Enabling Link Following', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-364', + name: 'Signal Handler Race Condition', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-365', + name: 'DEPRECATED: Race Condition in Switch', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-366', + name: 'Race Condition within a Thread', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-367', + name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-368', + name: 'Context Switching Race Condition', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-369', + name: 'Divide By Zero', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-37', + name: "Path Traversal: '/absolute/pathname/here'", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-370', + name: 'Missing Check for Certificate Revocation after Initial Check', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-372', + name: 'Incomplete Internal State Distinction', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-373', + name: 'DEPRECATED: State Synchronization Error', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-374', + name: 'Passing Mutable Objects to an Untrusted Method', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-375', + name: 'Returning a Mutable Object to an Untrusted Caller', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-377', + name: 'Insecure Temporary File', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-378', + name: 'Creation of Temporary File With Insecure Permissions', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-379', + name: 'Creation of Temporary File in Directory with Insecure Permissions', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-38', + name: "Path Traversal: '\\absolute\\pathname\\here'", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-382', + name: 'J2EE Bad Practices: Use of System.exit()', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-383', + name: 'J2EE Bad Practices: Direct Use of Threads', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-384', + name: 'Session Fixation', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-385', + name: 'Covert Timing Channel', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-386', + name: 'Symbolic Name not Mapping to Correct Object', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-39', + name: "Path Traversal: 'C:dirname'", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-390', + name: 'Detection of Error Condition Without Action', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-391', + name: 'Unchecked Error Condition', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-392', + name: 'Missing Report of Error Condition', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-393', + name: 'Return of Wrong Status Code', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-394', + name: 'Unexpected Status Code or Return Value', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-395', + name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-396', + name: 'Declaration of Catch for Generic Exception', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-397', + name: 'Declaration of Throws for Generic Exception', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-40', + name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-400', + name: 'Uncontrolled Resource Consumption', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-401', + name: 'Missing Release of Memory after Effective Lifetime', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-402', + name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-403', + name: "Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-404', + name: 'Improper Resource Shutdown or Release', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-405', + name: 'Asymmetric Resource Consumption (Amplification)', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-406', + name: 'Insufficient Control of Network Message Volume (Network Amplification)', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-407', + name: 'Inefficient Algorithmic Complexity', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-408', + name: 'Incorrect Behavior Order: Early Amplification', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-409', + name: 'Improper Handling of Highly Compressed Data (Data Amplification)', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-41', + name: 'Improper Resolution of Path Equivalence', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-410', + name: 'Insufficient Resource Pool', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-412', + name: 'Unrestricted Externally Accessible Lock', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-413', + name: 'Improper Resource Locking', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-414', + name: 'Missing Lock Check', + status: 'Draft', + usage: 'Allowed', + }, + { id: 'CWE-415', name: 'Double Free', status: 'Draft', usage: 'Allowed' }, + { + id: 'CWE-416', + name: 'Use After Free', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-419', + name: 'Unprotected Primary Channel', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-42', + name: "Path Equivalence: 'filename.' (Trailing Dot)", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-420', + name: 'Unprotected Alternate Channel', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-421', + name: 'Race Condition During Access to Alternate Channel', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-422', + name: "Unprotected Windows Messaging Channel ('Shatter')", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-423', + name: 'DEPRECATED: Proxied Trusted Channel', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-424', + name: 'Improper Protection of Alternate Path', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-425', + name: "Direct Request ('Forced Browsing')", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-426', + name: 'Untrusted Search Path', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-427', + name: 'Uncontrolled Search Path Element', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-428', + name: 'Unquoted Search Path or Element', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-43', + name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-430', + name: 'Deployment of Wrong Handler', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-431', + name: 'Missing Handler', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-432', + name: 'Dangerous Signal Handler not Disabled During Sensitive Operations', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-433', + name: 'Unparsed Raw Web Content Delivery', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-434', + name: 'Unrestricted Upload of File with Dangerous Type', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-435', + name: 'Improper Interaction Between Multiple Correctly-Behaving Entities', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-436', + name: 'Interpretation Conflict', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-437', + name: 'Incomplete Model of Endpoint Features', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-439', + name: 'Behavioral Change in New Version or Environment', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-44', + name: "Path Equivalence: 'file.name' (Internal Dot)", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-440', + name: 'Expected Behavior Violation', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-441', + name: "Unintended Proxy or Intermediary ('Confused Deputy')", + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-443', + name: 'DEPRECATED: HTTP response splitting', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-444', + name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-446', + name: 'UI Discrepancy for Security Feature', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-447', + name: 'Unimplemented or Unsupported Feature in UI', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-448', + name: 'Obsolete Feature in UI', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-449', + name: 'The UI Performs the Wrong Action', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-45', + name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-450', + name: 'Multiple Interpretations of UI Input', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-451', + name: 'User Interface (UI) Misrepresentation of Critical Information', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-453', + name: 'Insecure Default Variable Initialization', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-454', + name: 'External Initialization of Trusted Variables or Data Stores', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-455', + name: 'Non-exit on Failed Initialization', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-456', + name: 'Missing Initialization of a Variable', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-457', + name: 'Use of Uninitialized Variable', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-458', + name: 'DEPRECATED: Incorrect Initialization', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-459', + name: 'Incomplete Cleanup', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-46', + name: "Path Equivalence: 'filename ' (Trailing Space)", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-460', + name: 'Improper Cleanup on Thrown Exception', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-462', + name: 'Duplicate Key in Associative List (Alist)', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-463', + name: 'Deletion of Data Structure Sentinel', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-464', + name: 'Addition of Data Structure Sentinel', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-466', + name: 'Return of Pointer Value Outside of Expected Range', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-467', + name: 'Use of sizeof() on a Pointer Type', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-468', + name: 'Incorrect Pointer Scaling', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-469', + name: 'Use of Pointer Subtraction to Determine Size', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-47', + name: "Path Equivalence: ' filename' (Leading Space)", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-470', + name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-471', + name: 'Modification of Assumed-Immutable Data (MAID)', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-472', + name: 'External Control of Assumed-Immutable Web Parameter', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-473', + name: 'PHP External Variable Modification', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-474', + name: 'Use of Function with Inconsistent Implementations', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-475', + name: 'Undefined Behavior for Input to API', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-476', + name: 'NULL Pointer Dereference', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-477', + name: 'Use of Obsolete Function', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-478', + name: 'Missing Default Case in Multiple Condition Expression', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-479', + name: 'Signal Handler Use of a Non-reentrant Function', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-48', + name: "Path Equivalence: 'file name' (Internal Whitespace)", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-480', + name: 'Use of Incorrect Operator', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-481', + name: 'Assigning instead of Comparing', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-482', + name: 'Comparing instead of Assigning', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-483', + name: 'Incorrect Block Delimitation', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-484', + name: 'Omitted Break Statement in Switch', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-486', + name: 'Comparison of Classes by Name', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-487', + name: 'Reliance on Package-level Scope', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-488', + name: 'Exposure of Data Element to Wrong Session', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-489', + name: 'Active Debug Code', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-49', + name: "Path Equivalence: 'filename/' (Trailing Slash)", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-491', + name: "Public cloneable() Method Without Final ('Object Hijack')", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-492', + name: 'Use of Inner Class Containing Sensitive Data', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-493', + name: 'Critical Public Variable Without Final Modifier', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-494', + name: 'Download of Code Without Integrity Check', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-495', + name: 'Private Data Structure Returned From A Public Method', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-496', + name: 'Public Data Assigned to Private Array-Typed Field', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-497', + name: 'Exposure of Sensitive System Information to an Unauthorized Control Sphere', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-498', + name: 'Cloneable Class Containing Sensitive Information', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-499', + name: 'Serializable Class Containing Sensitive Data', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-5', + name: 'J2EE Misconfiguration: Data Transmission Without Encryption', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-50', + name: "Path Equivalence: '//multiple/leading/slash'", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-500', + name: 'Public Static Field Not Marked Final', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-501', + name: 'Trust Boundary Violation', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-502', + name: 'Deserialization of Untrusted Data', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-506', + name: 'Embedded Malicious Code', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-507', + name: 'Trojan Horse', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-508', + name: 'Non-Replicating Malicious Code', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-509', + name: 'Replicating Malicious Code (Virus or Worm)', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-51', + name: "Path Equivalence: '/multiple//internal/slash'", + status: 'Incomplete', + usage: 'Allowed', + }, + { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete', usage: 'Allowed' }, + { + id: 'CWE-511', + name: 'Logic/Time Bomb', + status: 'Incomplete', + usage: 'Allowed', + }, + { id: 'CWE-512', name: 'Spyware', status: 'Incomplete', usage: 'Allowed' }, + { + id: 'CWE-514', + name: 'Covert Channel', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-515', + name: 'Covert Storage Channel', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-516', + name: 'DEPRECATED: Covert Timing Channel', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-52', + name: "Path Equivalence: '/multiple/trailing/slash//'", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-520', + name: '.NET Misconfiguration: Use of Impersonation', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-521', + name: 'Weak Password Requirements', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-522', + name: 'Insufficiently Protected Credentials', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-523', + name: 'Unprotected Transport of Credentials', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-524', + name: 'Use of Cache Containing Sensitive Information', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-525', + name: 'Use of Web Browser Cache Containing Sensitive Information', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-526', + name: 'Cleartext Storage of Sensitive Information in an Environment Variable', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-527', + name: 'Exposure of Version-Control Repository to an Unauthorized Control Sphere', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-528', + name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-529', + name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-53', + name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-530', + name: 'Exposure of Backup File to an Unauthorized Control Sphere', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-531', + name: 'Inclusion of Sensitive Information in Test Code', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-532', + name: 'Insertion of Sensitive Information into Log File', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-533', + name: 'DEPRECATED: Information Exposure Through Server Log Files', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-534', + name: 'DEPRECATED: Information Exposure Through Debug Log Files', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-535', + name: 'Exposure of Information Through Shell Error Message', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-536', + name: 'Servlet Runtime Error Message Containing Sensitive Information', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-537', + name: 'Java Runtime Error Message Containing Sensitive Information', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-538', + name: 'Insertion of Sensitive Information into Externally-Accessible File or Directory', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-539', + name: 'Use of Persistent Cookies Containing Sensitive Information', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-54', + name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-540', + name: 'Inclusion of Sensitive Information in Source Code', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-541', + name: 'Inclusion of Sensitive Information in an Include File', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-542', + name: 'DEPRECATED: Information Exposure Through Cleanup Log Files', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-543', + name: 'Use of Singleton Pattern Without Synchronization in a Multithreaded Context', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-544', + name: 'Missing Standardized Error Handling Mechanism', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-545', + name: 'DEPRECATED: Use of Dynamic Class Loading', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-546', + name: 'Suspicious Comment', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-547', + name: 'Use of Hard-coded, Security-relevant Constants', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-548', + name: 'Exposure of Information Through Directory Listing', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-549', + name: 'Missing Password Field Masking', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-55', + name: "Path Equivalence: '/./' (Single Dot Directory)", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-550', + name: 'Server-generated Error Message Containing Sensitive Information', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-551', + name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-552', + name: 'Files or Directories Accessible to External Parties', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-553', + name: 'Command Shell in Externally Accessible Directory', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-554', + name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-555', + name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-556', + name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-558', + name: 'Use of getlogin() in Multithreaded Application', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-56', + name: "Path Equivalence: 'filedir*' (Wildcard)", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-560', + name: 'Use of umask() with chmod-style Argument', + status: 'Draft', + usage: 'Allowed', + }, + { id: 'CWE-561', name: 'Dead Code', status: 'Draft', usage: 'Allowed' }, + { + id: 'CWE-562', + name: 'Return of Stack Variable Address', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-563', + name: 'Assignment to Variable without Use', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-564', + name: 'SQL Injection: Hibernate', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-565', + name: 'Reliance on Cookies without Validation and Integrity Checking', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-566', + name: 'Authorization Bypass Through User-Controlled SQL Primary Key', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-567', + name: 'Unsynchronized Access to Shared Data in a Multithreaded Context', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-568', + name: 'finalize() Method Without super.finalize()', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-57', + name: "Path Equivalence: 'fakedir/../realdir/filename'", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-570', + name: 'Expression is Always False', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-571', + name: 'Expression is Always True', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-572', + name: 'Call to Thread run() instead of start()', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-573', + name: 'Improper Following of Specification by Caller', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-574', + name: 'EJB Bad Practices: Use of Synchronization Primitives', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-575', + name: 'EJB Bad Practices: Use of AWT Swing', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-576', + name: 'EJB Bad Practices: Use of Java I/O', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-577', + name: 'EJB Bad Practices: Use of Sockets', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-578', + name: 'EJB Bad Practices: Use of Class Loader', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-579', + name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-58', + name: 'Path Equivalence: Windows 8.3 Filename', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-580', + name: 'clone() Method Without super.clone()', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-581', + name: 'Object Model Violation: Just One of Equals and Hashcode Defined', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-582', + name: 'Array Declared Public, Final, and Static', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-583', + name: 'finalize() Method Declared Public', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-584', + name: 'Return Inside Finally Block', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-585', + name: 'Empty Synchronized Block', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-586', + name: 'Explicit Call to Finalize()', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-587', + name: 'Assignment of a Fixed Address to a Pointer', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-588', + name: 'Attempt to Access Child of a Non-structure Pointer', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-589', + name: 'Call to Non-ubiquitous API', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-59', + name: "Improper Link Resolution Before File Access ('Link Following')", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-590', + name: 'Free of Memory not on the Heap', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-591', + name: 'Sensitive Data Storage in Improperly Locked Memory', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-592', + name: 'DEPRECATED: Authentication Bypass Issues', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-593', + name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-594', + name: 'J2EE Framework: Saving Unserializable Objects to Disk', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-595', + name: 'Comparison of Object References Instead of Object Contents', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-596', + name: 'DEPRECATED: Incorrect Semantic Object Comparison', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-597', + name: 'Use of Wrong Operator in String Comparison', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-598', + name: 'Use of GET Request Method With Sensitive Query Strings', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-599', + name: 'Missing Validation of OpenSSL Certificate', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-6', + name: 'J2EE Misconfiguration: Insufficient Session-ID Length', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-600', + name: 'Uncaught Exception in Servlet ', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-601', + name: "URL Redirection to Untrusted Site ('Open Redirect')", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-602', + name: 'Client-Side Enforcement of Server-Side Security', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-603', + name: 'Use of Client-Side Authentication', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-605', + name: 'Multiple Binds to the Same Port', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-606', + name: 'Unchecked Input for Loop Condition', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-607', + name: 'Public Static Final Field References Mutable Object', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-608', + name: 'Struts: Non-private Field in ActionForm Class', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-609', + name: 'Double-Checked Locking', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-61', + name: 'UNIX Symbolic Link (Symlink) Following', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-610', + name: 'Externally Controlled Reference to a Resource in Another Sphere', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-611', + name: 'Improper Restriction of XML External Entity Reference', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-612', + name: 'Improper Authorization of Index Containing Sensitive Information', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-613', + name: 'Insufficient Session Expiration', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-614', + name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-615', + name: 'Inclusion of Sensitive Information in Source Code Comments', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-616', + name: 'Incomplete Identification of Uploaded File Variables (PHP)', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-617', + name: 'Reachable Assertion', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-618', + name: 'Exposed Unsafe ActiveX Method', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-619', + name: "Dangling Database Cursor ('Cursor Injection')", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-62', + name: 'UNIX Hard Link', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-620', + name: 'Unverified Password Change', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-621', + name: 'Variable Extraction Error', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-622', + name: 'Improper Validation of Function Hook Arguments', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-623', + name: 'Unsafe ActiveX Control Marked Safe For Scripting', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-624', + name: 'Executable Regular Expression Error', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-625', + name: 'Permissive Regular Expression', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-626', + name: 'Null Byte Interaction Error (Poison Null Byte)', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-627', + name: 'Dynamic Variable Evaluation', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-628', + name: 'Function Call with Incorrectly Specified Arguments', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-636', + name: "Not Failing Securely ('Failing Open')", + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-637', + name: "Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')", + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-638', + name: 'Not Using Complete Mediation', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-639', + name: 'Authorization Bypass Through User-Controlled Key', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-64', + name: 'Windows Shortcut Following (.LNK)', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-640', + name: 'Weak Password Recovery Mechanism for Forgotten Password', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-641', + name: 'Improper Restriction of Names for Files and Other Resources', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-642', + name: 'External Control of Critical State Data', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-643', + name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-644', + name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-645', + name: 'Overly Restrictive Account Lockout Mechanism', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-646', + name: 'Reliance on File Name or Extension of Externally-Supplied File', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-647', + name: 'Use of Non-Canonical URL Paths for Authorization Decisions', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-648', + name: 'Incorrect Use of Privileged APIs', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-649', + name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-65', + name: 'Windows Hard Link', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-650', + name: 'Trusting HTTP Permission Methods on the Server Side', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-651', + name: 'Exposure of WSDL File Containing Sensitive Information', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-652', + name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-653', + name: 'Improper Isolation or Compartmentalization', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-654', + name: 'Reliance on a Single Factor in a Security Decision', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-655', + name: 'Insufficient Psychological Acceptability', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-656', + name: 'Reliance on Security Through Obscurity', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-657', + name: 'Violation of Secure Design Principles', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-66', + name: 'Improper Handling of File Names that Identify Virtual Resources', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-662', + name: 'Improper Synchronization', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-663', + name: 'Use of a Non-reentrant Function in a Concurrent Context', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-664', + name: 'Improper Control of a Resource Through its Lifetime', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-665', + name: 'Improper Initialization', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-666', + name: 'Operation on Resource in Wrong Phase of Lifetime', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-667', + name: 'Improper Locking', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-668', + name: 'Exposure of Resource to Wrong Sphere', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-669', + name: 'Incorrect Resource Transfer Between Spheres', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-67', + name: 'Improper Handling of Windows Device Names', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-670', + name: 'Always-Incorrect Control Flow Implementation', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-671', + name: 'Lack of Administrator Control over Security', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-672', + name: 'Operation on a Resource after Expiration or Release', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-673', + name: 'External Influence of Sphere Definition', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-674', + name: 'Uncontrolled Recursion', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-675', + name: 'Multiple Operations on Resource in Single-Operation Context', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-676', + name: 'Use of Potentially Dangerous Function', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-680', + name: 'Integer Overflow to Buffer Overflow', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-681', + name: 'Incorrect Conversion between Numeric Types', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-682', + name: 'Incorrect Calculation', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-683', + name: 'Function Call With Incorrect Order of Arguments', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-684', + name: 'Incorrect Provision of Specified Functionality', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-685', + name: 'Function Call With Incorrect Number of Arguments', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-686', + name: 'Function Call With Incorrect Argument Type', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-687', + name: 'Function Call With Incorrectly Specified Argument Value', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-688', + name: 'Function Call With Incorrect Variable or Reference as Argument', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-689', + name: 'Permission Race Condition During Resource Copy', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-69', + name: 'Improper Handling of Windows ::DATA Alternate Data Stream', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-690', + name: 'Unchecked Return Value to NULL Pointer Dereference', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-691', + name: 'Insufficient Control Flow Management', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-692', + name: 'Incomplete Denylist to Cross-Site Scripting', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-693', + name: 'Protection Mechanism Failure', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-694', + name: 'Use of Multiple Resources with Duplicate Identifier', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-695', + name: 'Use of Low-Level Functionality', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-696', + name: 'Incorrect Behavior Order', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-697', + name: 'Incorrect Comparison', + status: 'Incomplete', + usage: 'Discouraged', + }, + { + id: 'CWE-698', + name: 'Execution After Redirect (EAR)', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-7', + name: 'J2EE Misconfiguration: Missing Custom Error Page', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-703', + name: 'Improper Check or Handling of Exceptional Conditions', + status: 'Incomplete', + usage: 'Discouraged', + }, + { + id: 'CWE-704', + name: 'Incorrect Type Conversion or Cast', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-705', + name: 'Incorrect Control Flow Scoping', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-706', + name: 'Use of Incorrectly-Resolved Name or Reference', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-707', + name: 'Improper Neutralization', + status: 'Incomplete', + usage: 'Discouraged', + }, + { + id: 'CWE-708', + name: 'Incorrect Ownership Assignment', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-71', + name: "DEPRECATED: Apple '.DS_Store'", + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-710', + name: 'Improper Adherence to Coding Standards', + status: 'Incomplete', + usage: 'Discouraged', + }, + { + id: 'CWE-72', + name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-73', + name: 'External Control of File Name or Path', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-732', + name: 'Incorrect Permission Assignment for Critical Resource', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-733', + name: 'Compiler Optimization Removal or Modification of Security-critical Code', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-74', + name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", + status: 'Incomplete', + usage: 'Discouraged', + }, + { + id: 'CWE-749', + name: 'Exposed Dangerous Method or Function', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-75', + name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-754', + name: 'Improper Check for Unusual or Exceptional Conditions', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-755', + name: 'Improper Handling of Exceptional Conditions', + status: 'Incomplete', + usage: 'Discouraged', + }, + { + id: 'CWE-756', + name: 'Missing Custom Error Page', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-757', + name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-758', + name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-759', + name: 'Use of a One-Way Hash without a Salt', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-76', + name: 'Improper Neutralization of Equivalent Special Elements', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-760', + name: 'Use of a One-Way Hash with a Predictable Salt', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-761', + name: 'Free of Pointer not at Start of Buffer', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-762', + name: 'Mismatched Memory Management Routines', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-763', + name: 'Release of Invalid Pointer or Reference', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-764', + name: 'Multiple Locks of a Critical Resource', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-765', + name: 'Multiple Unlocks of a Critical Resource', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-766', + name: 'Critical Data Element Declared Public', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-767', + name: 'Access to Critical Private Variable via Public Method', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-768', + name: 'Incorrect Short Circuit Evaluation', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-769', + name: 'DEPRECATED: Uncontrolled File Descriptor Consumption', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-77', + name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-770', + name: 'Allocation of Resources Without Limits or Throttling', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-771', + name: 'Missing Reference to Active Allocated Resource', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-772', + name: 'Missing Release of Resource after Effective Lifetime', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-773', + name: 'Missing Reference to Active File Descriptor or Handle', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-774', + name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-775', + name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-776', + name: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-777', + name: 'Regular Expression without Anchors', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-778', + name: 'Insufficient Logging', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-779', + name: 'Logging of Excessive Data', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-78', + name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-780', + name: 'Use of RSA Algorithm without OAEP', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-781', + name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-782', + name: 'Exposed IOCTL with Insufficient Access Control', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-783', + name: 'Operator Precedence Logic Error', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-784', + name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-785', + name: 'Use of Path Manipulation Function without Maximum-sized Buffer', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-786', + name: 'Access of Memory Location Before Start of Buffer', + status: 'Incomplete', + usage: 'Discouraged', + }, + { + id: 'CWE-787', + name: 'Out-of-bounds Write', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-788', + name: 'Access of Memory Location After End of Buffer', + status: 'Incomplete', + usage: 'Discouraged', + }, + { + id: 'CWE-789', + name: 'Memory Allocation with Excessive Size Value', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-79', + name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-790', + name: 'Improper Filtering of Special Elements', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-791', + name: 'Incomplete Filtering of Special Elements', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-792', + name: 'Incomplete Filtering of One or More Instances of Special Elements', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-793', + name: 'Only Filtering One Instance of a Special Element', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-794', + name: 'Incomplete Filtering of Multiple Instances of Special Elements', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-795', + name: 'Only Filtering Special Elements at a Specified Location', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-796', + name: 'Only Filtering Special Elements Relative to a Marker', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-797', + name: 'Only Filtering Special Elements at an Absolute Position', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-798', + name: 'Use of Hard-coded Credentials', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-799', + name: 'Improper Control of Interaction Frequency', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-8', + name: 'J2EE Misconfiguration: Entity Bean Declared Remote', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-80', + name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-804', + name: 'Guessable CAPTCHA', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-805', + name: 'Buffer Access with Incorrect Length Value', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-806', + name: 'Buffer Access Using Size of Source Buffer', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-807', + name: 'Reliance on Untrusted Inputs in a Security Decision', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-81', + name: 'Improper Neutralization of Script in an Error Message Web Page', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-82', + name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-820', + name: 'Missing Synchronization', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-821', + name: 'Incorrect Synchronization', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-822', + name: 'Untrusted Pointer Dereference', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-823', + name: 'Use of Out-of-range Pointer Offset', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-824', + name: 'Access of Uninitialized Pointer', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-825', + name: 'Expired Pointer Dereference', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-826', + name: 'Premature Release of Resource During Expected Lifetime', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-827', + name: 'Improper Control of Document Type Definition', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-828', + name: 'Signal Handler with Functionality that is not Asynchronous-Safe', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-829', + name: 'Inclusion of Functionality from Untrusted Control Sphere', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-83', + name: 'Improper Neutralization of Script in Attributes in a Web Page', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-830', + name: 'Inclusion of Web Functionality from an Untrusted Source', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-831', + name: 'Signal Handler Function Associated with Multiple Signals', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-832', + name: 'Unlock of a Resource that is not Locked', + status: 'Incomplete', + usage: 'Allowed', + }, + { id: 'CWE-833', name: 'Deadlock', status: 'Incomplete', usage: 'Allowed' }, + { + id: 'CWE-834', + name: 'Excessive Iteration', + status: 'Incomplete', + usage: 'Discouraged', + }, + { + id: 'CWE-835', + name: "Loop with Unreachable Exit Condition ('Infinite Loop')", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-836', + name: 'Use of Password Hash Instead of Password for Authentication', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-837', + name: 'Improper Enforcement of a Single, Unique Action', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-838', + name: 'Inappropriate Encoding for Output Context', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-839', + name: 'Numeric Range Comparison Without Minimum Check', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-84', + name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-841', + name: 'Improper Enforcement of Behavioral Workflow', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-842', + name: 'Placement of User into Incorrect Group', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-843', + name: "Access of Resource Using Incompatible Type ('Type Confusion')", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-85', + name: 'Doubled Character XSS Manipulations', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-86', + name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-862', + name: 'Missing Authorization', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-863', + name: 'Incorrect Authorization', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-87', + name: 'Improper Neutralization of Alternate XSS Syntax', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-88', + name: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-89', + name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-9', + name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-90', + name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-908', + name: 'Use of Uninitialized Resource', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-909', + name: 'Missing Initialization of Resource', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-91', + name: 'XML Injection (aka Blind XPath Injection)', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-910', + name: 'Use of Expired File Descriptor', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-911', + name: 'Improper Update of Reference Count', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-912', + name: 'Hidden Functionality', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-913', + name: 'Improper Control of Dynamically-Managed Code Resources', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-914', + name: 'Improper Control of Dynamically-Identified Variables', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-915', + name: 'Improperly Controlled Modification of Dynamically-Determined Object Attributes', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-916', + name: 'Use of Password Hash With Insufficient Computational Effort', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-917', + name: "Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-918', + name: 'Server-Side Request Forgery (SSRF)', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-92', + name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-920', + name: 'Improper Restriction of Power Consumption', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-921', + name: 'Storage of Sensitive Data in a Mechanism without Access Control', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-922', + name: 'Insecure Storage of Sensitive Information', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-923', + name: 'Improper Restriction of Communication Channel to Intended Endpoints', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-924', + name: 'Improper Enforcement of Message Integrity During Transmission in a Communication Channel', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-925', + name: 'Improper Verification of Intent by Broadcast Receiver', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-926', + name: 'Improper Export of Android Application Components', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-927', + name: 'Use of Implicit Intent for Sensitive Communication', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-93', + name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-939', + name: 'Improper Authorization in Handler for Custom URL Scheme', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-94', + name: "Improper Control of Generation of Code ('Code Injection')", + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-940', + name: 'Improper Verification of Source of a Communication Channel', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-941', + name: 'Incorrectly Specified Destination in a Communication Channel', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-942', + name: 'Permissive Cross-domain Policy with Untrusted Domains', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-943', + name: 'Improper Neutralization of Special Elements in Data Query Logic', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-95', + name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-96', + name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-97', + name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-98', + name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-99', + name: "Improper Control of Resource Identifiers ('Resource Injection')", + status: 'Draft', + usage: 'Allowed-with-Review', + }, + ], +} diff --git a/lib/cwec/4.17.js b/lib/cwec/4.17.js new file mode 100644 index 00000000..f17c13d4 --- /dev/null +++ b/lib/cwec/4.17.js @@ -0,0 +1,5788 @@ +export default { + date: '2025-04-03', + weaknesses: [ + { + id: 'CWE-1004', + name: "Sensitive Cookie Without 'HttpOnly' Flag", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1007', + name: 'Insufficient Visual Distinction of Homoglyphs Presented to User', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-102', + name: 'Struts: Duplicate Validation Forms', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1021', + name: 'Improper Restriction of Rendered UI Layers or Frames', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1022', + name: 'Use of Web Link to Untrusted Target with window.opener Access', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1023', + name: 'Incomplete Comparison with Missing Factors', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1024', + name: 'Comparison of Incompatible Types', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1025', + name: 'Comparison Using Wrong Factors', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-103', + name: 'Struts: Incomplete validate() Method Definition', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1037', + name: 'Processor Optimization Removal or Modification of Security-critical Code', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1038', + name: 'Insecure Automated Optimizations', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1039', + name: 'Inadequate Detection or Handling of Adversarial Input Perturbations in Automated Recognition Mechanism', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-104', + name: 'Struts: Form Bean Does Not Extend Validation Class', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1041', + name: 'Use of Redundant Code', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1042', + name: 'Static Member Data Element outside of a Singleton Class Element', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1043', + name: 'Data Element Aggregating an Excessively Large Number of Non-Primitive Elements', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1044', + name: 'Architecture with Number of Horizontal Layers Outside of Expected Range', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1045', + name: 'Parent Class with a Virtual Destructor and a Child Class without a Virtual Destructor', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1046', + name: 'Creation of Immutable Text Using String Concatenation', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1047', + name: 'Modules with Circular Dependencies', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1048', + name: 'Invokable Control Element with Large Number of Outward Calls', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1049', + name: 'Excessive Data Query Operations in a Large Data Table', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-105', + name: 'Struts: Form Field Without Validator', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1050', + name: 'Excessive Platform Resource Consumption within a Loop', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1051', + name: 'Initialization with Hard-Coded Network Resource Configuration Data', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1052', + name: 'Excessive Use of Hard-Coded Literals in Initialization', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1053', + name: 'Missing Documentation for Design', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1054', + name: 'Invocation of a Control Element at an Unnecessarily Deep Horizontal Layer', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1055', + name: 'Multiple Inheritance from Concrete Classes', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1056', + name: 'Invokable Control Element with Variadic Parameters', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1057', + name: 'Data Access Operations Outside of Expected Data Manager Component', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1058', + name: 'Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1059', + name: 'Insufficient Technical Documentation', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-106', + name: 'Struts: Plug-in Framework not in Use', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1060', + name: 'Excessive Number of Inefficient Server-Side Data Accesses', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1061', + name: 'Insufficient Encapsulation', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1062', + name: 'Parent Class with References to Child Class', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1063', + name: 'Creation of Class Instance within a Static Code Block', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1064', + name: 'Invokable Control Element with Signature Containing an Excessive Number of Parameters', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1065', + name: 'Runtime Resource Management Control Element in a Component Built to Run on Application Servers', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1066', + name: 'Missing Serialization Control Element', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1067', + name: 'Excessive Execution of Sequential Searches of Data Resource', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1068', + name: 'Inconsistency Between Implementation and Documented Design', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1069', + name: 'Empty Exception Block', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-107', + name: 'Struts: Unused Validation Form', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1070', + name: 'Serializable Data Element Containing non-Serializable Item Elements', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1071', + name: 'Empty Code Block', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1072', + name: 'Data Resource Access without Use of Connection Pooling', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1073', + name: 'Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1074', + name: 'Class with Excessively Deep Inheritance', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1075', + name: 'Unconditional Control Flow Transfer outside of Switch Block', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1076', + name: 'Insufficient Adherence to Expected Conventions', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1077', + name: 'Floating Point Comparison with Incorrect Operator', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1078', + name: 'Inappropriate Source Code Style or Formatting', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1079', + name: 'Parent Class without Virtual Destructor Method', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-108', + name: 'Struts: Unvalidated Action Form', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1080', + name: 'Source Code File with Excessive Number of Lines of Code', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1082', + name: 'Class Instance Self Destruction Control Element', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1083', + name: 'Data Access from Outside Expected Data Manager Component', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1084', + name: 'Invokable Control Element with Excessive File or Data Access Operations', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1085', + name: 'Invokable Control Element with Excessive Volume of Commented-out Code', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1086', + name: 'Class with Excessive Number of Child Classes', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1087', + name: 'Class with Virtual Method without a Virtual Destructor', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1088', + name: 'Synchronous Access of Remote Resource without Timeout', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1089', + name: 'Large Data Table with Excessive Number of Indices', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-109', + name: 'Struts: Validator Turned Off', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1090', + name: 'Method Containing Access of a Member Element from Another Class', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1091', + name: 'Use of Object without Invoking Destructor Method', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1092', + name: 'Use of Same Invokable Control Element in Multiple Architectural Layers', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1093', + name: 'Excessively Complex Data Representation', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1094', + name: 'Excessive Index Range Scan for a Data Resource', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1095', + name: 'Loop Condition Value Update within the Loop', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1096', + name: 'Singleton Class Instance Creation without Proper Locking or Synchronization', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1097', + name: 'Persistent Storable Data Element without Associated Comparison Control Element', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1098', + name: 'Data Element containing Pointer Item without Proper Copy Control Element', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1099', + name: 'Inconsistent Naming Conventions for Identifiers', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-11', + name: 'ASP.NET Misconfiguration: Creating Debug Binary', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-110', + name: 'Struts: Validator Without Form Field', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1100', + name: 'Insufficient Isolation of System-Dependent Functions', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1101', + name: 'Reliance on Runtime Component in Generated Code', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1102', + name: 'Reliance on Machine-Dependent Data Representation', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1103', + name: 'Use of Platform-Dependent Third Party Components', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1104', + name: 'Use of Unmaintained Third Party Components', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1105', + name: 'Insufficient Encapsulation of Machine-Dependent Functionality', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1106', + name: 'Insufficient Use of Symbolic Constants', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1107', + name: 'Insufficient Isolation of Symbolic Constant Definitions', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1108', + name: 'Excessive Reliance on Global Variables', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1109', + name: 'Use of Same Variable for Multiple Purposes', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-111', + name: 'Direct Use of Unsafe JNI', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1110', + name: 'Incomplete Design Documentation', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1111', + name: 'Incomplete I/O Documentation', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1112', + name: 'Incomplete Documentation of Program Execution', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1113', + name: 'Inappropriate Comment Style', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1114', + name: 'Inappropriate Whitespace Style', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1115', + name: 'Source Code Element without Standard Prologue', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1116', + name: 'Inaccurate Comments', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1117', + name: 'Callable with Insufficient Behavioral Summary', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1118', + name: 'Insufficient Documentation of Error Handling Techniques', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1119', + name: 'Excessive Use of Unconditional Branching', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-112', + name: 'Missing XML Validation', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1120', + name: 'Excessive Code Complexity', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1121', + name: 'Excessive McCabe Cyclomatic Complexity', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1122', + name: 'Excessive Halstead Complexity', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1123', + name: 'Excessive Use of Self-Modifying Code', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1124', + name: 'Excessively Deep Nesting', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1125', + name: 'Excessive Attack Surface', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-1126', + name: 'Declaration of Variable with Unnecessarily Wide Scope', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1127', + name: 'Compilation with Insufficient Warnings or Errors', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-113', + name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-114', + name: 'Process Control', + status: 'Incomplete', + usage: 'Discouraged', + }, + { + id: 'CWE-115', + name: 'Misinterpretation of Input', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-116', + name: 'Improper Encoding or Escaping of Output', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1164', + name: 'Irrelevant Code', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-117', + name: 'Improper Output Neutralization for Logs', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1173', + name: 'Improper Use of Validation Framework', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1174', + name: 'ASP.NET Misconfiguration: Improper Model Validation', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1176', + name: 'Inefficient CPU Computation', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1177', + name: 'Use of Prohibited Code', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-118', + name: "Incorrect Access of Indexable Resource ('Range Error')", + status: 'Incomplete', + usage: 'Discouraged', + }, + { + id: 'CWE-1187', + name: 'DEPRECATED: Use of Uninitialized Resource', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-1188', + name: 'Initialization of a Resource with an Insecure Default', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1189', + name: 'Improper Isolation of Shared Resources on System-on-a-Chip (SoC)', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-119', + name: 'Improper Restriction of Operations within the Bounds of a Memory Buffer', + status: 'Stable', + usage: 'Discouraged', + }, + { + id: 'CWE-1190', + name: 'DMA Device Enabled Too Early in Boot Phase', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1191', + name: 'On-Chip Debug and Test Interface With Improper Access Control', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-1192', + name: 'Improper Identifier for IP Block used in System-On-Chip (SOC)', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1193', + name: 'Power-On of Untrusted Execution Core Before Enabling Fabric Access Control', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-12', + name: 'ASP.NET Misconfiguration: Missing Custom Error Page', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-120', + name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1204', + name: 'Generation of Weak Initialization Vector (IV)', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1209', + name: 'Failure to Disable Reserved Bits', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-121', + name: 'Stack-based Buffer Overflow', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-122', + name: 'Heap-based Buffer Overflow', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1220', + name: 'Insufficient Granularity of Access Control', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1221', + name: 'Incorrect Register Defaults or Module Parameters', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1222', + name: 'Insufficient Granularity of Address Regions Protected by Register Locks', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1223', + name: 'Race Condition for Write-Once Attributes', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1224', + name: 'Improper Restriction of Write-Once Bit Fields', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1229', + name: 'Creation of Emergent Resource', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-123', + name: 'Write-what-where Condition', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1230', + name: 'Exposure of Sensitive Information Through Metadata', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1231', + name: 'Improper Prevention of Lock Bit Modification', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-1232', + name: 'Improper Lock Behavior After Power State Transition', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1233', + name: 'Security-Sensitive Hardware Controls with Missing Lock Bit Protection', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-1234', + name: 'Hardware Internal or Debug Modes Allow Override of Locks', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1235', + name: 'Incorrect Use of Autoboxing and Unboxing for Performance Critical Operations', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1236', + name: 'Improper Neutralization of Formula Elements in a CSV File', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1239', + name: 'Improper Zeroization of Hardware Register', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-124', + name: "Buffer Underwrite ('Buffer Underflow')", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1240', + name: 'Use of a Cryptographic Primitive with a Risky Implementation', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1241', + name: 'Use of Predictable Algorithm in Random Number Generator', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1242', + name: 'Inclusion of Undocumented Features or Chicken Bits', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1243', + name: 'Sensitive Non-Volatile Information Not Protected During Debug', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1244', + name: 'Internal Asset Exposed to Unsafe Debug Access Level or State', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-1245', + name: 'Improper Finite State Machines (FSMs) in Hardware Logic', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1246', + name: 'Improper Write Handling in Limited-write Non-Volatile Memories', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1247', + name: 'Improper Protection Against Voltage and Clock Glitches', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-1248', + name: 'Semiconductor Defects in Hardware Logic with Security-Sensitive Implications', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1249', + name: 'Application-Level Admin Tool with Inconsistent View of Underlying Operating System', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-125', + name: 'Out-of-bounds Read', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1250', + name: 'Improper Preservation of Consistency Between Independent Representations of Shared State', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1251', + name: 'Mirrored Regions with Different Values', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1252', + name: 'CPU Hardware Not Configured to Support Exclusivity of Write and Execute Operations', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1253', + name: 'Incorrect Selection of Fuse Values', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1254', + name: 'Incorrect Comparison Logic Granularity', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1255', + name: 'Comparison Logic is Vulnerable to Power Side-Channel Attacks', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1256', + name: 'Improper Restriction of Software Interfaces to Hardware Features', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-1257', + name: 'Improper Access Control Applied to Mirrored or Aliased Memory Regions', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1258', + name: 'Exposure of Sensitive System Information Due to Uncleared Debug Information', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1259', + name: 'Improper Restriction of Security Token Assignment', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-126', + name: 'Buffer Over-read', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1260', + name: 'Improper Handling of Overlap Between Protected Memory Ranges', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-1261', + name: 'Improper Handling of Single Event Upsets', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1262', + name: 'Improper Access Control for Register Interface', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-1263', + name: 'Improper Physical Access Control', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1264', + name: 'Hardware Logic with Insecure De-Synchronization between Control and Data Channels', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1265', + name: 'Unintended Reentrant Invocation of Non-reentrant Code Via Nested Calls', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1266', + name: 'Improper Scrubbing of Sensitive Data from Decommissioned Device', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1267', + name: 'Policy Uses Obsolete Encoding', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1268', + name: 'Policy Privileges are not Assigned Consistently Between Control and Data Agents', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1269', + name: 'Product Released in Non-Release Configuration', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-127', + name: 'Buffer Under-read', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1270', + name: 'Generation of Incorrect Security Tokens', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1271', + name: 'Uninitialized Value on Reset for Registers Holding Security Settings', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1272', + name: 'Sensitive Information Uncleared Before Debug/Power State Transition', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-1273', + name: 'Device Unlock Credential Sharing', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1274', + name: 'Improper Access Control for Volatile Memory Containing Boot Code', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-1275', + name: 'Sensitive Cookie with Improper SameSite Attribute', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1276', + name: 'Hardware Child Block Incorrectly Connected to Parent System', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1277', + name: 'Firmware Not Updateable', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1278', + name: 'Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1279', + name: 'Cryptographic Operations are run Before Supporting Units are Ready', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-128', + name: 'Wrap-around Error', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1280', + name: 'Access Control Check Implemented After Asset is Accessed', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1281', + name: 'Sequence of Processor Instructions Leads to Unexpected Behavior', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1282', + name: 'Assumed-Immutable Data is Stored in Writable Memory', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1283', + name: 'Mutable Attestation or Measurement Reporting Data', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1284', + name: 'Improper Validation of Specified Quantity in Input', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1285', + name: 'Improper Validation of Specified Index, Position, or Offset in Input', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1286', + name: 'Improper Validation of Syntactic Correctness of Input', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1287', + name: 'Improper Validation of Specified Type of Input', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1288', + name: 'Improper Validation of Consistency within Input', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1289', + name: 'Improper Validation of Unsafe Equivalence in Input', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-129', + name: 'Improper Validation of Array Index', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1290', + name: 'Incorrect Decoding of Security Identifiers ', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1291', + name: 'Public Key Re-Use for Signing both Debug and Production Code', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1292', + name: 'Incorrect Conversion of Security Identifiers', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1293', + name: 'Missing Source Correlation of Multiple Independent Data', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1294', + name: 'Insecure Security Identifier Mechanism', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1295', + name: 'Debug Messages Revealing Unnecessary Information', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1296', + name: 'Incorrect Chaining or Granularity of Debug Components', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1297', + name: 'Unprotected Confidential Information on Device is Accessible by OSAT Vendors', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1298', + name: 'Hardware Logic Contains Race Conditions', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1299', + name: 'Missing Protection Mechanism for Alternate Hardware Interface', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-13', + name: 'ASP.NET Misconfiguration: Password in Configuration File', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-130', + name: 'Improper Handling of Length Parameter Inconsistency', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1300', + name: 'Improper Protection of Physical Side Channels', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-1301', + name: 'Insufficient or Incomplete Data Removal within Hardware Component', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1302', + name: 'Missing Source Identifier in Entity Transactions on a System-On-Chip (SOC)', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1303', + name: 'Non-Transparent Sharing of Microarchitectural Resources', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1304', + name: 'Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-131', + name: 'Incorrect Calculation of Buffer Size', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1310', + name: 'Missing Ability to Patch ROM Code', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1311', + name: 'Improper Translation of Security Attributes by Fabric Bridge', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1312', + name: 'Missing Protection for Mirrored Regions in On-Chip Fabric Firewall', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1313', + name: 'Hardware Allows Activation of Test or Debug Logic at Runtime', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1314', + name: 'Missing Write Protection for Parametric Data Values', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1315', + name: 'Improper Setting of Bus Controlling Capability in Fabric End-point', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1316', + name: 'Fabric-Address Map Allows Programming of Unwarranted Overlaps of Protected and Unprotected Ranges', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1317', + name: 'Improper Access Control in Fabric Bridge', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1318', + name: 'Missing Support for Security Features in On-chip Fabrics or Buses', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1319', + name: 'Improper Protection against Electromagnetic Fault Injection (EM-FI)', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-132', + name: 'DEPRECATED: Miscalculated Null Termination', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-1320', + name: 'Improper Protection for Outbound Error Messages and Alert Signals', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1321', + name: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1322', + name: 'Use of Blocking Code in Single-threaded, Non-blocking Context', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1323', + name: 'Improper Management of Sensitive Trace Data', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1324', + name: 'DEPRECATED: Sensitive Information Accessible by Physical Probing of JTAG Interface', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-1325', + name: 'Improperly Controlled Sequential Memory Allocation', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1326', + name: 'Missing Immutable Root of Trust in Hardware', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1327', + name: 'Binding to an Unrestricted IP Address', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1328', + name: 'Security Version Number Mutable to Older Versions', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1329', + name: 'Reliance on Component That is Not Updateable', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1330', + name: 'Remanent Data Readable after Memory Erase', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1331', + name: 'Improper Isolation of Shared Resources in Network On Chip (NoC)', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-1332', + name: 'Improper Handling of Faults that Lead to Instruction Skips', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-1333', + name: 'Inefficient Regular Expression Complexity', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1334', + name: 'Unauthorized Error Injection Can Degrade Hardware Redundancy', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1335', + name: 'Incorrect Bitwise Shift of Integer', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1336', + name: 'Improper Neutralization of Special Elements Used in a Template Engine', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1338', + name: 'Improper Protections Against Hardware Overheating', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1339', + name: 'Insufficient Precision or Accuracy of a Real Number', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-134', + name: 'Use of Externally-Controlled Format String', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1341', + name: 'Multiple Releases of Same Resource or Handle', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1342', + name: 'Information Exposure through Microarchitectural State after Transient Execution', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-135', + name: 'Incorrect Calculation of Multi-Byte String Length', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1351', + name: 'Improper Handling of Hardware Behavior in Exceptionally Cold Environments', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1357', + name: 'Reliance on Insufficiently Trustworthy Component', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-138', + name: 'Improper Neutralization of Special Elements', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-1384', + name: 'Improper Handling of Physical or Environmental Conditions', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1385', + name: 'Missing Origin Validation in WebSockets', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1386', + name: 'Insecure Operation on Windows Junction / Mount Point', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1389', + name: 'Incorrect Parsing of Numbers with Different Radices', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1390', + name: 'Weak Authentication', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1391', + name: 'Use of Weak Credentials', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1392', + name: 'Use of Default Credentials', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1393', + name: 'Use of Default Password', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1394', + name: 'Use of Default Cryptographic Key', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1395', + name: 'Dependency on Vulnerable Third-Party Component', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-14', + name: 'Compiler Removal of Code to Clear Buffers', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-140', + name: 'Improper Neutralization of Delimiters', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-141', + name: 'Improper Neutralization of Parameter/Argument Delimiters', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1419', + name: 'Incorrect Initialization of Resource', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-142', + name: 'Improper Neutralization of Value Delimiters', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1420', + name: 'Exposure of Sensitive Information during Transient Execution', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-1421', + name: 'Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1422', + name: 'Exposure of Sensitive Information caused by Incorrect Data Forwarding during Transient Execution', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1423', + name: 'Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Transient Execution', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1426', + name: 'Improper Validation of Generative AI Output', + status: 'Incomplete', + usage: 'Discouraged', + }, + { + id: 'CWE-1427', + name: 'Improper Neutralization of Input Used for LLM Prompting', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1428', + name: 'Reliance on HTTP instead of HTTPS', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-1429', + name: 'Missing Security-Relevant Feedback for Unexecuted Operations in Hardware Interface', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-143', + name: 'Improper Neutralization of Record Delimiters', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-1431', + name: 'Driving Intermediate Cryptographic State/Results to Hardware Module Outputs', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-144', + name: 'Improper Neutralization of Line Delimiters', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-145', + name: 'Improper Neutralization of Section Delimiters', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-146', + name: 'Improper Neutralization of Expression/Command Delimiters', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-147', + name: 'Improper Neutralization of Input Terminators', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-148', + name: 'Improper Neutralization of Input Leaders', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-149', + name: 'Improper Neutralization of Quoting Syntax', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-15', + name: 'External Control of System or Configuration Setting', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-150', + name: 'Improper Neutralization of Escape, Meta, or Control Sequences', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-151', + name: 'Improper Neutralization of Comment Delimiters', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-152', + name: 'Improper Neutralization of Macro Symbols', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-153', + name: 'Improper Neutralization of Substitution Characters', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-154', + name: 'Improper Neutralization of Variable Name Delimiters', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-155', + name: 'Improper Neutralization of Wildcards or Matching Symbols', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-156', + name: 'Improper Neutralization of Whitespace', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-157', + name: 'Failure to Sanitize Paired Delimiters', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-158', + name: 'Improper Neutralization of Null Byte or NUL Character', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-159', + name: 'Improper Handling of Invalid Use of Special Elements', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-160', + name: 'Improper Neutralization of Leading Special Elements', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-161', + name: 'Improper Neutralization of Multiple Leading Special Elements', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-162', + name: 'Improper Neutralization of Trailing Special Elements', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-163', + name: 'Improper Neutralization of Multiple Trailing Special Elements', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-164', + name: 'Improper Neutralization of Internal Special Elements', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-165', + name: 'Improper Neutralization of Multiple Internal Special Elements', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-166', + name: 'Improper Handling of Missing Special Element', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-167', + name: 'Improper Handling of Additional Special Element', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-168', + name: 'Improper Handling of Inconsistent Special Elements', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-170', + name: 'Improper Null Termination', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-172', + name: 'Encoding Error', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-173', + name: 'Improper Handling of Alternate Encoding', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-174', + name: 'Double Decoding of the Same Data', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-175', + name: 'Improper Handling of Mixed Encoding', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-176', + name: 'Improper Handling of Unicode Encoding', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-177', + name: 'Improper Handling of URL Encoding (Hex Encoding)', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-178', + name: 'Improper Handling of Case Sensitivity', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-179', + name: 'Incorrect Behavior Order: Early Validation', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-180', + name: 'Incorrect Behavior Order: Validate Before Canonicalize', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-181', + name: 'Incorrect Behavior Order: Validate Before Filter', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-182', + name: 'Collapse of Data into Unsafe Value', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-183', + name: 'Permissive List of Allowed Inputs', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-184', + name: 'Incomplete List of Disallowed Inputs', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-185', + name: 'Incorrect Regular Expression', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-186', + name: 'Overly Restrictive Regular Expression', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-187', + name: 'Partial String Comparison', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-188', + name: 'Reliance on Data/Memory Layout', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-190', + name: 'Integer Overflow or Wraparound', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-191', + name: 'Integer Underflow (Wrap or Wraparound)', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-192', + name: 'Integer Coercion Error', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-193', + name: 'Off-by-one Error', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-194', + name: 'Unexpected Sign Extension', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-195', + name: 'Signed to Unsigned Conversion Error', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-196', + name: 'Unsigned to Signed Conversion Error', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-197', + name: 'Numeric Truncation Error', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-198', + name: 'Use of Incorrect Byte Ordering', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-20', + name: 'Improper Input Validation', + status: 'Stable', + usage: 'Discouraged', + }, + { + id: 'CWE-200', + name: 'Exposure of Sensitive Information to an Unauthorized Actor', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-201', + name: 'Insertion of Sensitive Information Into Sent Data', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-202', + name: 'Exposure of Sensitive Information Through Data Queries', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-203', + name: 'Observable Discrepancy', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-204', + name: 'Observable Response Discrepancy', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-205', + name: 'Observable Behavioral Discrepancy', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-206', + name: 'Observable Internal Behavioral Discrepancy', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-207', + name: 'Observable Behavioral Discrepancy With Equivalent Products', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-208', + name: 'Observable Timing Discrepancy', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-209', + name: 'Generation of Error Message Containing Sensitive Information', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-210', + name: 'Self-generated Error Message Containing Sensitive Information', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-211', + name: 'Externally-Generated Error Message Containing Sensitive Information', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-212', + name: 'Improper Removal of Sensitive Information Before Storage or Transfer', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-213', + name: 'Exposure of Sensitive Information Due to Incompatible Policies', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-214', + name: 'Invocation of Process Using Visible Sensitive Information', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-215', + name: 'Insertion of Sensitive Information Into Debugging Code', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-216', + name: 'DEPRECATED: Containment Errors (Container Errors)', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-217', + name: 'DEPRECATED: Failure to Protect Stored Data from Modification', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-218', + name: 'DEPRECATED: Failure to provide confidentiality for stored data', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-219', + name: 'Storage of File with Sensitive Data Under Web Root', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-22', + name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-220', + name: 'Storage of File With Sensitive Data Under FTP Root', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-221', + name: 'Information Loss or Omission', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-222', + name: 'Truncation of Security-relevant Information', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-223', + name: 'Omission of Security-relevant Information', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-224', + name: 'Obscured Security-relevant Information by Alternate Name', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-225', + name: 'DEPRECATED: General Information Management Problems', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-226', + name: 'Sensitive Information in Resource Not Removed Before Reuse', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-228', + name: 'Improper Handling of Syntactically Invalid Structure', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-229', + name: 'Improper Handling of Values', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-23', + name: 'Relative Path Traversal', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-230', + name: 'Improper Handling of Missing Values', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-231', + name: 'Improper Handling of Extra Values', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-232', + name: 'Improper Handling of Undefined Values', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-233', + name: 'Improper Handling of Parameters', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-234', + name: 'Failure to Handle Missing Parameter', + status: 'Incomplete', + usage: 'Discouraged', + }, + { + id: 'CWE-235', + name: 'Improper Handling of Extra Parameters', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-236', + name: 'Improper Handling of Undefined Parameters', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-237', + name: 'Improper Handling of Structural Elements', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-238', + name: 'Improper Handling of Incomplete Structural Elements', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-239', + name: 'Failure to Handle Incomplete Element', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-24', + name: "Path Traversal: '../filedir'", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-240', + name: 'Improper Handling of Inconsistent Structural Elements', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-241', + name: 'Improper Handling of Unexpected Data Type', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-242', + name: 'Use of Inherently Dangerous Function', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-243', + name: 'Creation of chroot Jail Without Changing Working Directory', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-244', + name: "Improper Clearing of Heap Memory Before Release ('Heap Inspection')", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-245', + name: 'J2EE Bad Practices: Direct Management of Connections', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-246', + name: 'J2EE Bad Practices: Direct Use of Sockets', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-247', + name: 'DEPRECATED: Reliance on DNS Lookups in a Security Decision', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-248', + name: 'Uncaught Exception', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-249', + name: 'DEPRECATED: Often Misused: Path Manipulation', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-25', + name: "Path Traversal: '/../filedir'", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-250', + name: 'Execution with Unnecessary Privileges', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-252', + name: 'Unchecked Return Value', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-253', + name: 'Incorrect Check of Function Return Value', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-256', + name: 'Plaintext Storage of a Password', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-257', + name: 'Storing Passwords in a Recoverable Format', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-258', + name: 'Empty Password in Configuration File', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-259', + name: 'Use of Hard-coded Password', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-26', + name: "Path Traversal: '/dir/../filename'", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-260', + name: 'Password in Configuration File', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-261', + name: 'Weak Encoding for Password', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-262', + name: 'Not Using Password Aging', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-263', + name: 'Password Aging with Long Expiration', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-266', + name: 'Incorrect Privilege Assignment', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-267', + name: 'Privilege Defined With Unsafe Actions', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-268', + name: 'Privilege Chaining', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-269', + name: 'Improper Privilege Management', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-27', + name: "Path Traversal: 'dir/../../filename'", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-270', + name: 'Privilege Context Switching Error', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-271', + name: 'Privilege Dropping / Lowering Errors', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-272', + name: 'Least Privilege Violation', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-273', + name: 'Improper Check for Dropped Privileges', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-274', + name: 'Improper Handling of Insufficient Privileges', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-276', + name: 'Incorrect Default Permissions', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-277', + name: 'Insecure Inherited Permissions', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-278', + name: 'Insecure Preserved Inherited Permissions', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-279', + name: 'Incorrect Execution-Assigned Permissions', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-28', + name: "Path Traversal: '..\\filedir'", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-280', + name: 'Improper Handling of Insufficient Permissions or Privileges ', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-281', + name: 'Improper Preservation of Permissions', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-282', + name: 'Improper Ownership Management', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-283', + name: 'Unverified Ownership', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-284', + name: 'Improper Access Control', + status: 'Incomplete', + usage: 'Discouraged', + }, + { + id: 'CWE-285', + name: 'Improper Authorization', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-286', + name: 'Incorrect User Management', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-287', + name: 'Improper Authentication', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-288', + name: 'Authentication Bypass Using an Alternate Path or Channel', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-289', + name: 'Authentication Bypass by Alternate Name', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-29', + name: "Path Traversal: '\\..\\filename'", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-290', + name: 'Authentication Bypass by Spoofing', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-291', + name: 'Reliance on IP Address for Authentication', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-292', + name: 'DEPRECATED: Trusting Self-reported DNS Name', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-293', + name: 'Using Referer Field for Authentication', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-294', + name: 'Authentication Bypass by Capture-replay', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-295', + name: 'Improper Certificate Validation', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-296', + name: "Improper Following of a Certificate's Chain of Trust", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-297', + name: 'Improper Validation of Certificate with Host Mismatch', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-298', + name: 'Improper Validation of Certificate Expiration', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-299', + name: 'Improper Check for Certificate Revocation', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-30', + name: "Path Traversal: '\\dir\\..\\filename'", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-300', + name: 'Channel Accessible by Non-Endpoint', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-301', + name: 'Reflection Attack in an Authentication Protocol', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-302', + name: 'Authentication Bypass by Assumed-Immutable Data', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-303', + name: 'Incorrect Implementation of Authentication Algorithm', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-304', + name: 'Missing Critical Step in Authentication', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-305', + name: 'Authentication Bypass by Primary Weakness', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-306', + name: 'Missing Authentication for Critical Function', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-307', + name: 'Improper Restriction of Excessive Authentication Attempts', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-308', + name: 'Use of Single-factor Authentication', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-309', + name: 'Use of Password System for Primary Authentication', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-31', + name: "Path Traversal: 'dir\\..\\..\\filename'", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-311', + name: 'Missing Encryption of Sensitive Data', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-312', + name: 'Cleartext Storage of Sensitive Information', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-313', + name: 'Cleartext Storage in a File or on Disk', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-314', + name: 'Cleartext Storage in the Registry', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-315', + name: 'Cleartext Storage of Sensitive Information in a Cookie', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-316', + name: 'Cleartext Storage of Sensitive Information in Memory', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-317', + name: 'Cleartext Storage of Sensitive Information in GUI', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-318', + name: 'Cleartext Storage of Sensitive Information in Executable', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-319', + name: 'Cleartext Transmission of Sensitive Information', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-32', + name: "Path Traversal: '...' (Triple Dot)", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-321', + name: 'Use of Hard-coded Cryptographic Key', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-322', + name: 'Key Exchange without Entity Authentication', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-323', + name: 'Reusing a Nonce, Key Pair in Encryption', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-324', + name: 'Use of a Key Past its Expiration Date', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-325', + name: 'Missing Cryptographic Step', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-326', + name: 'Inadequate Encryption Strength', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-327', + name: 'Use of a Broken or Risky Cryptographic Algorithm', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-328', + name: 'Use of Weak Hash', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-329', + name: 'Generation of Predictable IV with CBC Mode', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-33', + name: "Path Traversal: '....' (Multiple Dot)", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-330', + name: 'Use of Insufficiently Random Values', + status: 'Stable', + usage: 'Discouraged', + }, + { + id: 'CWE-331', + name: 'Insufficient Entropy', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-332', + name: 'Insufficient Entropy in PRNG', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-333', + name: 'Improper Handling of Insufficient Entropy in TRNG', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-334', + name: 'Small Space of Random Values', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-335', + name: 'Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-336', + name: 'Same Seed in Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-337', + name: 'Predictable Seed in Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-338', + name: 'Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-339', + name: 'Small Seed Space in PRNG', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-34', + name: "Path Traversal: '....//'", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-340', + name: 'Generation of Predictable Numbers or Identifiers', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-341', + name: 'Predictable from Observable State', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-342', + name: 'Predictable Exact Value from Previous Values', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-343', + name: 'Predictable Value Range from Previous Values', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-344', + name: 'Use of Invariant Value in Dynamically Changing Context', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-345', + name: 'Insufficient Verification of Data Authenticity', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-346', + name: 'Origin Validation Error', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-347', + name: 'Improper Verification of Cryptographic Signature', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-348', + name: 'Use of Less Trusted Source', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-349', + name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-35', + name: "Path Traversal: '.../...//'", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-350', + name: 'Reliance on Reverse DNS Resolution for a Security-Critical Action', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-351', + name: 'Insufficient Type Distinction', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-352', + name: 'Cross-Site Request Forgery (CSRF)', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-353', + name: 'Missing Support for Integrity Check', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-354', + name: 'Improper Validation of Integrity Check Value', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-356', + name: 'Product UI does not Warn User of Unsafe Actions', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-357', + name: 'Insufficient UI Warning of Dangerous Operations', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-358', + name: 'Improperly Implemented Security Check for Standard', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-359', + name: 'Exposure of Private Personal Information to an Unauthorized Actor', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-36', + name: 'Absolute Path Traversal', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-360', + name: 'Trust of System Event Data', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-362', + name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-363', + name: 'Race Condition Enabling Link Following', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-364', + name: 'Signal Handler Race Condition', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-365', + name: 'DEPRECATED: Race Condition in Switch', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-366', + name: 'Race Condition within a Thread', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-367', + name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-368', + name: 'Context Switching Race Condition', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-369', + name: 'Divide By Zero', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-37', + name: "Path Traversal: '/absolute/pathname/here'", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-370', + name: 'Missing Check for Certificate Revocation after Initial Check', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-372', + name: 'Incomplete Internal State Distinction', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-373', + name: 'DEPRECATED: State Synchronization Error', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-374', + name: 'Passing Mutable Objects to an Untrusted Method', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-375', + name: 'Returning a Mutable Object to an Untrusted Caller', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-377', + name: 'Insecure Temporary File', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-378', + name: 'Creation of Temporary File With Insecure Permissions', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-379', + name: 'Creation of Temporary File in Directory with Insecure Permissions', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-38', + name: "Path Traversal: '\\absolute\\pathname\\here'", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-382', + name: 'J2EE Bad Practices: Use of System.exit()', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-383', + name: 'J2EE Bad Practices: Direct Use of Threads', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-384', + name: 'Session Fixation', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-385', + name: 'Covert Timing Channel', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-386', + name: 'Symbolic Name not Mapping to Correct Object', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-39', + name: "Path Traversal: 'C:dirname'", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-390', + name: 'Detection of Error Condition Without Action', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-391', + name: 'Unchecked Error Condition', + status: 'Incomplete', + usage: 'Prohibited', + }, + { + id: 'CWE-392', + name: 'Missing Report of Error Condition', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-393', + name: 'Return of Wrong Status Code', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-394', + name: 'Unexpected Status Code or Return Value', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-395', + name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-396', + name: 'Declaration of Catch for Generic Exception', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-397', + name: 'Declaration of Throws for Generic Exception', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-40', + name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-400', + name: 'Uncontrolled Resource Consumption', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-401', + name: 'Missing Release of Memory after Effective Lifetime', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-402', + name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-403', + name: "Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-404', + name: 'Improper Resource Shutdown or Release', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-405', + name: 'Asymmetric Resource Consumption (Amplification)', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-406', + name: 'Insufficient Control of Network Message Volume (Network Amplification)', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-407', + name: 'Inefficient Algorithmic Complexity', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-408', + name: 'Incorrect Behavior Order: Early Amplification', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-409', + name: 'Improper Handling of Highly Compressed Data (Data Amplification)', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-41', + name: 'Improper Resolution of Path Equivalence', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-410', + name: 'Insufficient Resource Pool', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-412', + name: 'Unrestricted Externally Accessible Lock', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-413', + name: 'Improper Resource Locking', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-414', + name: 'Missing Lock Check', + status: 'Draft', + usage: 'Allowed', + }, + { id: 'CWE-415', name: 'Double Free', status: 'Draft', usage: 'Allowed' }, + { + id: 'CWE-416', + name: 'Use After Free', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-419', + name: 'Unprotected Primary Channel', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-42', + name: "Path Equivalence: 'filename.' (Trailing Dot)", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-420', + name: 'Unprotected Alternate Channel', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-421', + name: 'Race Condition During Access to Alternate Channel', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-422', + name: "Unprotected Windows Messaging Channel ('Shatter')", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-423', + name: 'DEPRECATED: Proxied Trusted Channel', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-424', + name: 'Improper Protection of Alternate Path', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-425', + name: "Direct Request ('Forced Browsing')", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-426', + name: 'Untrusted Search Path', + status: 'Stable', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-427', + name: 'Uncontrolled Search Path Element', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-428', + name: 'Unquoted Search Path or Element', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-43', + name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-430', + name: 'Deployment of Wrong Handler', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-431', + name: 'Missing Handler', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-432', + name: 'Dangerous Signal Handler not Disabled During Sensitive Operations', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-433', + name: 'Unparsed Raw Web Content Delivery', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-434', + name: 'Unrestricted Upload of File with Dangerous Type', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-435', + name: 'Improper Interaction Between Multiple Correctly-Behaving Entities', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-436', + name: 'Interpretation Conflict', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-437', + name: 'Incomplete Model of Endpoint Features', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-439', + name: 'Behavioral Change in New Version or Environment', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-44', + name: "Path Equivalence: 'file.name' (Internal Dot)", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-440', + name: 'Expected Behavior Violation', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-441', + name: "Unintended Proxy or Intermediary ('Confused Deputy')", + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-443', + name: 'DEPRECATED: HTTP response splitting', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-444', + name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-446', + name: 'UI Discrepancy for Security Feature', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-447', + name: 'Unimplemented or Unsupported Feature in UI', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-448', + name: 'Obsolete Feature in UI', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-449', + name: 'The UI Performs the Wrong Action', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-45', + name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-450', + name: 'Multiple Interpretations of UI Input', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-451', + name: 'User Interface (UI) Misrepresentation of Critical Information', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-453', + name: 'Insecure Default Variable Initialization', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-454', + name: 'External Initialization of Trusted Variables or Data Stores', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-455', + name: 'Non-exit on Failed Initialization', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-456', + name: 'Missing Initialization of a Variable', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-457', + name: 'Use of Uninitialized Variable', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-458', + name: 'DEPRECATED: Incorrect Initialization', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-459', + name: 'Incomplete Cleanup', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-46', + name: "Path Equivalence: 'filename ' (Trailing Space)", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-460', + name: 'Improper Cleanup on Thrown Exception', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-462', + name: 'Duplicate Key in Associative List (Alist)', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-463', + name: 'Deletion of Data Structure Sentinel', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-464', + name: 'Addition of Data Structure Sentinel', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-466', + name: 'Return of Pointer Value Outside of Expected Range', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-467', + name: 'Use of sizeof() on a Pointer Type', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-468', + name: 'Incorrect Pointer Scaling', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-469', + name: 'Use of Pointer Subtraction to Determine Size', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-47', + name: "Path Equivalence: ' filename' (Leading Space)", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-470', + name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-471', + name: 'Modification of Assumed-Immutable Data (MAID)', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-472', + name: 'External Control of Assumed-Immutable Web Parameter', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-473', + name: 'PHP External Variable Modification', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-474', + name: 'Use of Function with Inconsistent Implementations', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-475', + name: 'Undefined Behavior for Input to API', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-476', + name: 'NULL Pointer Dereference', + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-477', + name: 'Use of Obsolete Function', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-478', + name: 'Missing Default Case in Multiple Condition Expression', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-479', + name: 'Signal Handler Use of a Non-reentrant Function', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-48', + name: "Path Equivalence: 'file name' (Internal Whitespace)", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-480', + name: 'Use of Incorrect Operator', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-481', + name: 'Assigning instead of Comparing', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-482', + name: 'Comparing instead of Assigning', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-483', + name: 'Incorrect Block Delimitation', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-484', + name: 'Omitted Break Statement in Switch', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-486', + name: 'Comparison of Classes by Name', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-487', + name: 'Reliance on Package-level Scope', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-488', + name: 'Exposure of Data Element to Wrong Session', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-489', + name: 'Active Debug Code', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-49', + name: "Path Equivalence: 'filename/' (Trailing Slash)", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-491', + name: "Public cloneable() Method Without Final ('Object Hijack')", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-492', + name: 'Use of Inner Class Containing Sensitive Data', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-493', + name: 'Critical Public Variable Without Final Modifier', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-494', + name: 'Download of Code Without Integrity Check', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-495', + name: 'Private Data Structure Returned From A Public Method', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-496', + name: 'Public Data Assigned to Private Array-Typed Field', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-497', + name: 'Exposure of Sensitive System Information to an Unauthorized Control Sphere', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-498', + name: 'Cloneable Class Containing Sensitive Information', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-499', + name: 'Serializable Class Containing Sensitive Data', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-5', + name: 'J2EE Misconfiguration: Data Transmission Without Encryption', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-50', + name: "Path Equivalence: '//multiple/leading/slash'", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-500', + name: 'Public Static Field Not Marked Final', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-501', + name: 'Trust Boundary Violation', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-502', + name: 'Deserialization of Untrusted Data', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-506', + name: 'Embedded Malicious Code', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-507', + name: 'Trojan Horse', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-508', + name: 'Non-Replicating Malicious Code', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-509', + name: 'Replicating Malicious Code (Virus or Worm)', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-51', + name: "Path Equivalence: '/multiple//internal/slash'", + status: 'Incomplete', + usage: 'Allowed', + }, + { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete', usage: 'Allowed' }, + { + id: 'CWE-511', + name: 'Logic/Time Bomb', + status: 'Incomplete', + usage: 'Allowed', + }, + { id: 'CWE-512', name: 'Spyware', status: 'Incomplete', usage: 'Allowed' }, + { + id: 'CWE-514', + name: 'Covert Channel', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-515', + name: 'Covert Storage Channel', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-516', + name: 'DEPRECATED: Covert Timing Channel', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-52', + name: "Path Equivalence: '/multiple/trailing/slash//'", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-520', + name: '.NET Misconfiguration: Use of Impersonation', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-521', + name: 'Weak Password Requirements', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-522', + name: 'Insufficiently Protected Credentials', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-523', + name: 'Unprotected Transport of Credentials', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-524', + name: 'Use of Cache Containing Sensitive Information', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-525', + name: 'Use of Web Browser Cache Containing Sensitive Information', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-526', + name: 'Cleartext Storage of Sensitive Information in an Environment Variable', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-527', + name: 'Exposure of Version-Control Repository to an Unauthorized Control Sphere', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-528', + name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-529', + name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-53', + name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-530', + name: 'Exposure of Backup File to an Unauthorized Control Sphere', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-531', + name: 'Inclusion of Sensitive Information in Test Code', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-532', + name: 'Insertion of Sensitive Information into Log File', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-533', + name: 'DEPRECATED: Information Exposure Through Server Log Files', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-534', + name: 'DEPRECATED: Information Exposure Through Debug Log Files', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-535', + name: 'Exposure of Information Through Shell Error Message', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-536', + name: 'Servlet Runtime Error Message Containing Sensitive Information', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-537', + name: 'Java Runtime Error Message Containing Sensitive Information', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-538', + name: 'Insertion of Sensitive Information into Externally-Accessible File or Directory', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-539', + name: 'Use of Persistent Cookies Containing Sensitive Information', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-54', + name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-540', + name: 'Inclusion of Sensitive Information in Source Code', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-541', + name: 'Inclusion of Sensitive Information in an Include File', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-542', + name: 'DEPRECATED: Information Exposure Through Cleanup Log Files', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-543', + name: 'Use of Singleton Pattern Without Synchronization in a Multithreaded Context', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-544', + name: 'Missing Standardized Error Handling Mechanism', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-545', + name: 'DEPRECATED: Use of Dynamic Class Loading', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-546', + name: 'Suspicious Comment', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-547', + name: 'Use of Hard-coded, Security-relevant Constants', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-548', + name: 'Exposure of Information Through Directory Listing', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-549', + name: 'Missing Password Field Masking', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-55', + name: "Path Equivalence: '/./' (Single Dot Directory)", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-550', + name: 'Server-generated Error Message Containing Sensitive Information', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-551', + name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-552', + name: 'Files or Directories Accessible to External Parties', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-553', + name: 'Command Shell in Externally Accessible Directory', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-554', + name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-555', + name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-556', + name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-558', + name: 'Use of getlogin() in Multithreaded Application', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-56', + name: "Path Equivalence: 'filedir*' (Wildcard)", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-560', + name: 'Use of umask() with chmod-style Argument', + status: 'Draft', + usage: 'Allowed', + }, + { id: 'CWE-561', name: 'Dead Code', status: 'Draft', usage: 'Allowed' }, + { + id: 'CWE-562', + name: 'Return of Stack Variable Address', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-563', + name: 'Assignment to Variable without Use', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-564', + name: 'SQL Injection: Hibernate', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-565', + name: 'Reliance on Cookies without Validation and Integrity Checking', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-566', + name: 'Authorization Bypass Through User-Controlled SQL Primary Key', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-567', + name: 'Unsynchronized Access to Shared Data in a Multithreaded Context', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-568', + name: 'finalize() Method Without super.finalize()', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-57', + name: "Path Equivalence: 'fakedir/../realdir/filename'", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-570', + name: 'Expression is Always False', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-571', + name: 'Expression is Always True', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-572', + name: 'Call to Thread run() instead of start()', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-573', + name: 'Improper Following of Specification by Caller', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-574', + name: 'EJB Bad Practices: Use of Synchronization Primitives', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-575', + name: 'EJB Bad Practices: Use of AWT Swing', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-576', + name: 'EJB Bad Practices: Use of Java I/O', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-577', + name: 'EJB Bad Practices: Use of Sockets', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-578', + name: 'EJB Bad Practices: Use of Class Loader', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-579', + name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-58', + name: 'Path Equivalence: Windows 8.3 Filename', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-580', + name: 'clone() Method Without super.clone()', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-581', + name: 'Object Model Violation: Just One of Equals and Hashcode Defined', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-582', + name: 'Array Declared Public, Final, and Static', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-583', + name: 'finalize() Method Declared Public', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-584', + name: 'Return Inside Finally Block', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-585', + name: 'Empty Synchronized Block', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-586', + name: 'Explicit Call to Finalize()', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-587', + name: 'Assignment of a Fixed Address to a Pointer', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-588', + name: 'Attempt to Access Child of a Non-structure Pointer', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-589', + name: 'Call to Non-ubiquitous API', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-59', + name: "Improper Link Resolution Before File Access ('Link Following')", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-590', + name: 'Free of Memory not on the Heap', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-591', + name: 'Sensitive Data Storage in Improperly Locked Memory', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-592', + name: 'DEPRECATED: Authentication Bypass Issues', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-593', + name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-594', + name: 'J2EE Framework: Saving Unserializable Objects to Disk', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-595', + name: 'Comparison of Object References Instead of Object Contents', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-596', + name: 'DEPRECATED: Incorrect Semantic Object Comparison', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-597', + name: 'Use of Wrong Operator in String Comparison', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-598', + name: 'Use of GET Request Method With Sensitive Query Strings', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-599', + name: 'Missing Validation of OpenSSL Certificate', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-6', + name: 'J2EE Misconfiguration: Insufficient Session-ID Length', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-600', + name: 'Uncaught Exception in Servlet ', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-601', + name: "URL Redirection to Untrusted Site ('Open Redirect')", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-602', + name: 'Client-Side Enforcement of Server-Side Security', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-603', + name: 'Use of Client-Side Authentication', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-605', + name: 'Multiple Binds to the Same Port', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-606', + name: 'Unchecked Input for Loop Condition', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-607', + name: 'Public Static Final Field References Mutable Object', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-608', + name: 'Struts: Non-private Field in ActionForm Class', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-609', + name: 'Double-Checked Locking', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-61', + name: 'UNIX Symbolic Link (Symlink) Following', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-610', + name: 'Externally Controlled Reference to a Resource in Another Sphere', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-611', + name: 'Improper Restriction of XML External Entity Reference', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-612', + name: 'Improper Authorization of Index Containing Sensitive Information', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-613', + name: 'Insufficient Session Expiration', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-614', + name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-615', + name: 'Inclusion of Sensitive Information in Source Code Comments', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-616', + name: 'Incomplete Identification of Uploaded File Variables (PHP)', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-617', + name: 'Reachable Assertion', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-618', + name: 'Exposed Unsafe ActiveX Method', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-619', + name: "Dangling Database Cursor ('Cursor Injection')", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-62', + name: 'UNIX Hard Link', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-620', + name: 'Unverified Password Change', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-621', + name: 'Variable Extraction Error', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-622', + name: 'Improper Validation of Function Hook Arguments', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-623', + name: 'Unsafe ActiveX Control Marked Safe For Scripting', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-624', + name: 'Executable Regular Expression Error', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-625', + name: 'Permissive Regular Expression', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-626', + name: 'Null Byte Interaction Error (Poison Null Byte)', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-627', + name: 'Dynamic Variable Evaluation', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-628', + name: 'Function Call with Incorrectly Specified Arguments', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-636', + name: "Not Failing Securely ('Failing Open')", + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-637', + name: "Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')", + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-638', + name: 'Not Using Complete Mediation', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-639', + name: 'Authorization Bypass Through User-Controlled Key', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-64', + name: 'Windows Shortcut Following (.LNK)', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-640', + name: 'Weak Password Recovery Mechanism for Forgotten Password', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-641', + name: 'Improper Restriction of Names for Files and Other Resources', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-642', + name: 'External Control of Critical State Data', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-643', + name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-644', + name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-645', + name: 'Overly Restrictive Account Lockout Mechanism', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-646', + name: 'Reliance on File Name or Extension of Externally-Supplied File', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-647', + name: 'Use of Non-Canonical URL Paths for Authorization Decisions', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-648', + name: 'Incorrect Use of Privileged APIs', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-649', + name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-65', + name: 'Windows Hard Link', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-650', + name: 'Trusting HTTP Permission Methods on the Server Side', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-651', + name: 'Exposure of WSDL File Containing Sensitive Information', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-652', + name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-653', + name: 'Improper Isolation or Compartmentalization', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-654', + name: 'Reliance on a Single Factor in a Security Decision', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-655', + name: 'Insufficient Psychological Acceptability', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-656', + name: 'Reliance on Security Through Obscurity', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-657', + name: 'Violation of Secure Design Principles', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-66', + name: 'Improper Handling of File Names that Identify Virtual Resources', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-662', + name: 'Improper Synchronization', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-663', + name: 'Use of a Non-reentrant Function in a Concurrent Context', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-664', + name: 'Improper Control of a Resource Through its Lifetime', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-665', + name: 'Improper Initialization', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-666', + name: 'Operation on Resource in Wrong Phase of Lifetime', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-667', + name: 'Improper Locking', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-668', + name: 'Exposure of Resource to Wrong Sphere', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-669', + name: 'Incorrect Resource Transfer Between Spheres', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-67', + name: 'Improper Handling of Windows Device Names', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-670', + name: 'Always-Incorrect Control Flow Implementation', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-671', + name: 'Lack of Administrator Control over Security', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-672', + name: 'Operation on a Resource after Expiration or Release', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-673', + name: 'External Influence of Sphere Definition', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-674', + name: 'Uncontrolled Recursion', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-675', + name: 'Multiple Operations on Resource in Single-Operation Context', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-676', + name: 'Use of Potentially Dangerous Function', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-680', + name: 'Integer Overflow to Buffer Overflow', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-681', + name: 'Incorrect Conversion between Numeric Types', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-682', + name: 'Incorrect Calculation', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-683', + name: 'Function Call With Incorrect Order of Arguments', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-684', + name: 'Incorrect Provision of Specified Functionality', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-685', + name: 'Function Call With Incorrect Number of Arguments', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-686', + name: 'Function Call With Incorrect Argument Type', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-687', + name: 'Function Call With Incorrectly Specified Argument Value', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-688', + name: 'Function Call With Incorrect Variable or Reference as Argument', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-689', + name: 'Permission Race Condition During Resource Copy', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-69', + name: 'Improper Handling of Windows ::DATA Alternate Data Stream', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-690', + name: 'Unchecked Return Value to NULL Pointer Dereference', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-691', + name: 'Insufficient Control Flow Management', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-692', + name: 'Incomplete Denylist to Cross-Site Scripting', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-693', + name: 'Protection Mechanism Failure', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-694', + name: 'Use of Multiple Resources with Duplicate Identifier', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-695', + name: 'Use of Low-Level Functionality', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-696', + name: 'Incorrect Behavior Order', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-697', + name: 'Incorrect Comparison', + status: 'Incomplete', + usage: 'Discouraged', + }, + { + id: 'CWE-698', + name: 'Execution After Redirect (EAR)', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-7', + name: 'J2EE Misconfiguration: Missing Custom Error Page', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-703', + name: 'Improper Check or Handling of Exceptional Conditions', + status: 'Incomplete', + usage: 'Discouraged', + }, + { + id: 'CWE-704', + name: 'Incorrect Type Conversion or Cast', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-705', + name: 'Incorrect Control Flow Scoping', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-706', + name: 'Use of Incorrectly-Resolved Name or Reference', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-707', + name: 'Improper Neutralization', + status: 'Incomplete', + usage: 'Discouraged', + }, + { + id: 'CWE-708', + name: 'Incorrect Ownership Assignment', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-71', + name: "DEPRECATED: Apple '.DS_Store'", + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-710', + name: 'Improper Adherence to Coding Standards', + status: 'Incomplete', + usage: 'Discouraged', + }, + { + id: 'CWE-72', + name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-73', + name: 'External Control of File Name or Path', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-732', + name: 'Incorrect Permission Assignment for Critical Resource', + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-733', + name: 'Compiler Optimization Removal or Modification of Security-critical Code', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-74', + name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", + status: 'Incomplete', + usage: 'Discouraged', + }, + { + id: 'CWE-749', + name: 'Exposed Dangerous Method or Function', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-75', + name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', + status: 'Draft', + usage: 'Discouraged', + }, + { + id: 'CWE-754', + name: 'Improper Check for Unusual or Exceptional Conditions', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-755', + name: 'Improper Handling of Exceptional Conditions', + status: 'Incomplete', + usage: 'Discouraged', + }, + { + id: 'CWE-756', + name: 'Missing Custom Error Page', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-757', + name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-758', + name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-759', + name: 'Use of a One-Way Hash without a Salt', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-76', + name: 'Improper Neutralization of Equivalent Special Elements', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-760', + name: 'Use of a One-Way Hash with a Predictable Salt', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-761', + name: 'Free of Pointer not at Start of Buffer', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-762', + name: 'Mismatched Memory Management Routines', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-763', + name: 'Release of Invalid Pointer or Reference', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-764', + name: 'Multiple Locks of a Critical Resource', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-765', + name: 'Multiple Unlocks of a Critical Resource', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-766', + name: 'Critical Data Element Declared Public', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-767', + name: 'Access to Critical Private Variable via Public Method', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-768', + name: 'Incorrect Short Circuit Evaluation', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-769', + name: 'DEPRECATED: Uncontrolled File Descriptor Consumption', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-77', + name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-770', + name: 'Allocation of Resources Without Limits or Throttling', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-771', + name: 'Missing Reference to Active Allocated Resource', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-772', + name: 'Missing Release of Resource after Effective Lifetime', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-773', + name: 'Missing Reference to Active File Descriptor or Handle', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-774', + name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-775', + name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-776', + name: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-777', + name: 'Regular Expression without Anchors', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-778', + name: 'Insufficient Logging', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-779', + name: 'Logging of Excessive Data', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-78', + name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-780', + name: 'Use of RSA Algorithm without OAEP', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-781', + name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-782', + name: 'Exposed IOCTL with Insufficient Access Control', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-783', + name: 'Operator Precedence Logic Error', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-784', + name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-785', + name: 'Use of Path Manipulation Function without Maximum-sized Buffer', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-786', + name: 'Access of Memory Location Before Start of Buffer', + status: 'Incomplete', + usage: 'Discouraged', + }, + { + id: 'CWE-787', + name: 'Out-of-bounds Write', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-788', + name: 'Access of Memory Location After End of Buffer', + status: 'Incomplete', + usage: 'Discouraged', + }, + { + id: 'CWE-789', + name: 'Memory Allocation with Excessive Size Value', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-79', + name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-790', + name: 'Improper Filtering of Special Elements', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-791', + name: 'Incomplete Filtering of Special Elements', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-792', + name: 'Incomplete Filtering of One or More Instances of Special Elements', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-793', + name: 'Only Filtering One Instance of a Special Element', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-794', + name: 'Incomplete Filtering of Multiple Instances of Special Elements', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-795', + name: 'Only Filtering Special Elements at a Specified Location', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-796', + name: 'Only Filtering Special Elements Relative to a Marker', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-797', + name: 'Only Filtering Special Elements at an Absolute Position', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-798', + name: 'Use of Hard-coded Credentials', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-799', + name: 'Improper Control of Interaction Frequency', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-8', + name: 'J2EE Misconfiguration: Entity Bean Declared Remote', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-80', + name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-804', + name: 'Guessable CAPTCHA', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-805', + name: 'Buffer Access with Incorrect Length Value', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-806', + name: 'Buffer Access Using Size of Source Buffer', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-807', + name: 'Reliance on Untrusted Inputs in a Security Decision', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-81', + name: 'Improper Neutralization of Script in an Error Message Web Page', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-82', + name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-820', + name: 'Missing Synchronization', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-821', + name: 'Incorrect Synchronization', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-822', + name: 'Untrusted Pointer Dereference', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-823', + name: 'Use of Out-of-range Pointer Offset', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-824', + name: 'Access of Uninitialized Pointer', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-825', + name: 'Expired Pointer Dereference', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-826', + name: 'Premature Release of Resource During Expected Lifetime', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-827', + name: 'Improper Control of Document Type Definition', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-828', + name: 'Signal Handler with Functionality that is not Asynchronous-Safe', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-829', + name: 'Inclusion of Functionality from Untrusted Control Sphere', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-83', + name: 'Improper Neutralization of Script in Attributes in a Web Page', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-830', + name: 'Inclusion of Web Functionality from an Untrusted Source', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-831', + name: 'Signal Handler Function Associated with Multiple Signals', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-832', + name: 'Unlock of a Resource that is not Locked', + status: 'Incomplete', + usage: 'Allowed', + }, + { id: 'CWE-833', name: 'Deadlock', status: 'Incomplete', usage: 'Allowed' }, + { + id: 'CWE-834', + name: 'Excessive Iteration', + status: 'Incomplete', + usage: 'Discouraged', + }, + { + id: 'CWE-835', + name: "Loop with Unreachable Exit Condition ('Infinite Loop')", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-836', + name: 'Use of Password Hash Instead of Password for Authentication', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-837', + name: 'Improper Enforcement of a Single, Unique Action', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-838', + name: 'Inappropriate Encoding for Output Context', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-839', + name: 'Numeric Range Comparison Without Minimum Check', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-84', + name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-841', + name: 'Improper Enforcement of Behavioral Workflow', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-842', + name: 'Placement of User into Incorrect Group', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-843', + name: "Access of Resource Using Incompatible Type ('Type Confusion')", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-85', + name: 'Doubled Character XSS Manipulations', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-86', + name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-862', + name: 'Missing Authorization', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-863', + name: 'Incorrect Authorization', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-87', + name: 'Improper Neutralization of Alternate XSS Syntax', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-88', + name: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-89', + name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + status: 'Stable', + usage: 'Allowed', + }, + { + id: 'CWE-9', + name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-90', + name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-908', + name: 'Use of Uninitialized Resource', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-909', + name: 'Missing Initialization of Resource', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-91', + name: 'XML Injection (aka Blind XPath Injection)', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-910', + name: 'Use of Expired File Descriptor', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-911', + name: 'Improper Update of Reference Count', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-912', + name: 'Hidden Functionality', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-913', + name: 'Improper Control of Dynamically-Managed Code Resources', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-914', + name: 'Improper Control of Dynamically-Identified Variables', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-915', + name: 'Improperly Controlled Modification of Dynamically-Determined Object Attributes', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-916', + name: 'Use of Password Hash With Insufficient Computational Effort', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-917', + name: "Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-918', + name: 'Server-Side Request Forgery (SSRF)', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-92', + name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', + status: 'Deprecated', + usage: 'Prohibited', + }, + { + id: 'CWE-920', + name: 'Improper Restriction of Power Consumption', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-921', + name: 'Storage of Sensitive Data in a Mechanism without Access Control', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-922', + name: 'Insecure Storage of Sensitive Information', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-923', + name: 'Improper Restriction of Communication Channel to Intended Endpoints', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-924', + name: 'Improper Enforcement of Message Integrity During Transmission in a Communication Channel', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-925', + name: 'Improper Verification of Intent by Broadcast Receiver', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-926', + name: 'Improper Export of Android Application Components', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-927', + name: 'Use of Implicit Intent for Sensitive Communication', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-93', + name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-939', + name: 'Improper Authorization in Handler for Custom URL Scheme', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-94', + name: "Improper Control of Generation of Code ('Code Injection')", + status: 'Draft', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-940', + name: 'Improper Verification of Source of a Communication Channel', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-941', + name: 'Incorrectly Specified Destination in a Communication Channel', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-942', + name: 'Permissive Cross-domain Policy with Untrusted Domains', + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-943', + name: 'Improper Neutralization of Special Elements in Data Query Logic', + status: 'Incomplete', + usage: 'Allowed-with-Review', + }, + { + id: 'CWE-95', + name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", + status: 'Incomplete', + usage: 'Allowed', + }, + { + id: 'CWE-96', + name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-97', + name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-98', + name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", + status: 'Draft', + usage: 'Allowed', + }, + { + id: 'CWE-99', + name: "Improper Control of Resource Identifiers ('Resource Injection')", + status: 'Draft', + usage: 'Allowed-with-Review', + }, + ], +} diff --git a/lib/cwec/4.2.js b/lib/cwec/4.2.js new file mode 100644 index 00000000..a493619b --- /dev/null +++ b/lib/cwec/4.2.js @@ -0,0 +1,3951 @@ +export default { + date: '2020-08-20', + weaknesses: [ + { + id: 'CWE-1004', + name: "Sensitive Cookie Without 'HttpOnly' Flag", + status: 'Incomplete', + }, + { + id: 'CWE-1007', + name: 'Insufficient Visual Distinction of Homoglyphs Presented to User', + status: 'Incomplete', + }, + { + id: 'CWE-102', + name: 'Struts: Duplicate Validation Forms', + status: 'Incomplete', + }, + { + id: 'CWE-1021', + name: 'Improper Restriction of Rendered UI Layers or Frames', + status: 'Incomplete', + }, + { + id: 'CWE-1022', + name: 'Use of Web Link to Untrusted Target with window.opener Access', + status: 'Incomplete', + }, + { + id: 'CWE-1023', + name: 'Incomplete Comparison with Missing Factors', + status: 'Incomplete', + }, + { + id: 'CWE-1024', + name: 'Comparison of Incompatible Types', + status: 'Incomplete', + }, + { + id: 'CWE-1025', + name: 'Comparison Using Wrong Factors', + status: 'Incomplete', + }, + { + id: 'CWE-103', + name: 'Struts: Incomplete validate() Method Definition', + status: 'Draft', + }, + { + id: 'CWE-1037', + name: 'Processor Optimization Removal or Modification of Security-critical Code', + status: 'Incomplete', + }, + { + id: 'CWE-1038', + name: 'Insecure Automated Optimizations', + status: 'Draft', + }, + { + id: 'CWE-1039', + name: 'Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations', + status: 'Incomplete', + }, + { + id: 'CWE-104', + name: 'Struts: Form Bean Does Not Extend Validation Class', + status: 'Draft', + }, + { id: 'CWE-1041', name: 'Use of Redundant Code', status: 'Incomplete' }, + { + id: 'CWE-1042', + name: 'Static Member Data Element outside of a Singleton Class Element', + status: 'Incomplete', + }, + { + id: 'CWE-1043', + name: 'Data Element Aggregating an Excessively Large Number of Non-Primitive Elements', + status: 'Incomplete', + }, + { + id: 'CWE-1044', + name: 'Architecture with Number of Horizontal Layers Outside of Expected Range', + status: 'Incomplete', + }, + { + id: 'CWE-1045', + name: 'Parent Class with a Virtual Destructor and a Child Class without a Virtual Destructor', + status: 'Incomplete', + }, + { + id: 'CWE-1046', + name: 'Creation of Immutable Text Using String Concatenation', + status: 'Incomplete', + }, + { + id: 'CWE-1047', + name: 'Modules with Circular Dependencies', + status: 'Incomplete', + }, + { + id: 'CWE-1048', + name: 'Invokable Control Element with Large Number of Outward Calls', + status: 'Incomplete', + }, + { + id: 'CWE-1049', + name: 'Excessive Data Query Operations in a Large Data Table', + status: 'Incomplete', + }, + { + id: 'CWE-105', + name: 'Struts: Form Field Without Validator', + status: 'Draft', + }, + { + id: 'CWE-1050', + name: 'Excessive Platform Resource Consumption within a Loop', + status: 'Incomplete', + }, + { + id: 'CWE-1051', + name: 'Initialization with Hard-Coded Network Resource Configuration Data', + status: 'Incomplete', + }, + { + id: 'CWE-1052', + name: 'Excessive Use of Hard-Coded Literals in Initialization', + status: 'Incomplete', + }, + { + id: 'CWE-1053', + name: 'Missing Documentation for Design', + status: 'Incomplete', + }, + { + id: 'CWE-1054', + name: 'Invocation of a Control Element at an Unnecessarily Deep Horizontal Layer', + status: 'Incomplete', + }, + { + id: 'CWE-1055', + name: 'Multiple Inheritance from Concrete Classes', + status: 'Incomplete', + }, + { + id: 'CWE-1056', + name: 'Invokable Control Element with Variadic Parameters', + status: 'Incomplete', + }, + { + id: 'CWE-1057', + name: 'Data Access Operations Outside of Expected Data Manager Component', + status: 'Incomplete', + }, + { + id: 'CWE-1058', + name: 'Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element', + status: 'Incomplete', + }, + { id: 'CWE-1059', name: 'Incomplete Documentation', status: 'Incomplete' }, + { + id: 'CWE-106', + name: 'Struts: Plug-in Framework not in Use', + status: 'Draft', + }, + { + id: 'CWE-1060', + name: 'Excessive Number of Inefficient Server-Side Data Accesses', + status: 'Incomplete', + }, + { + id: 'CWE-1061', + name: 'Insufficient Encapsulation', + status: 'Incomplete', + }, + { + id: 'CWE-1062', + name: 'Parent Class with References to Child Class', + status: 'Incomplete', + }, + { + id: 'CWE-1063', + name: 'Creation of Class Instance within a Static Code Block', + status: 'Incomplete', + }, + { + id: 'CWE-1064', + name: 'Invokable Control Element with Signature Containing an Excessive Number of Parameters', + status: 'Incomplete', + }, + { + id: 'CWE-1065', + name: 'Runtime Resource Management Control Element in a Component Built to Run on Application Servers', + status: 'Incomplete', + }, + { + id: 'CWE-1066', + name: 'Missing Serialization Control Element', + status: 'Incomplete', + }, + { + id: 'CWE-1067', + name: 'Excessive Execution of Sequential Searches of Data Resource', + status: 'Incomplete', + }, + { + id: 'CWE-1068', + name: 'Inconsistency Between Implementation and Documented Design', + status: 'Incomplete', + }, + { id: 'CWE-1069', name: 'Empty Exception Block', status: 'Incomplete' }, + { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, + { + id: 'CWE-1070', + name: 'Serializable Data Element Containing non-Serializable Item Elements', + status: 'Incomplete', + }, + { id: 'CWE-1071', name: 'Empty Code Block', status: 'Incomplete' }, + { + id: 'CWE-1072', + name: 'Data Resource Access without Use of Connection Pooling', + status: 'Incomplete', + }, + { + id: 'CWE-1073', + name: 'Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses', + status: 'Incomplete', + }, + { + id: 'CWE-1074', + name: 'Class with Excessively Deep Inheritance', + status: 'Incomplete', + }, + { + id: 'CWE-1075', + name: 'Unconditional Control Flow Transfer outside of Switch Block', + status: 'Incomplete', + }, + { + id: 'CWE-1076', + name: 'Insufficient Adherence to Expected Conventions', + status: 'Incomplete', + }, + { + id: 'CWE-1077', + name: 'Floating Point Comparison with Incorrect Operator', + status: 'Incomplete', + }, + { + id: 'CWE-1078', + name: 'Inappropriate Source Code Style or Formatting', + status: 'Incomplete', + }, + { + id: 'CWE-1079', + name: 'Parent Class without Virtual Destructor Method', + status: 'Incomplete', + }, + { + id: 'CWE-108', + name: 'Struts: Unvalidated Action Form', + status: 'Incomplete', + }, + { + id: 'CWE-1080', + name: 'Source Code File with Excessive Number of Lines of Code', + status: 'Incomplete', + }, + { + id: 'CWE-1082', + name: 'Class Instance Self Destruction Control Element', + status: 'Incomplete', + }, + { + id: 'CWE-1083', + name: 'Data Access from Outside Expected Data Manager Component', + status: 'Incomplete', + }, + { + id: 'CWE-1084', + name: 'Invokable Control Element with Excessive File or Data Access Operations', + status: 'Incomplete', + }, + { + id: 'CWE-1085', + name: 'Invokable Control Element with Excessive Volume of Commented-out Code', + status: 'Incomplete', + }, + { + id: 'CWE-1086', + name: 'Class with Excessive Number of Child Classes', + status: 'Incomplete', + }, + { + id: 'CWE-1087', + name: 'Class with Virtual Method without a Virtual Destructor', + status: 'Incomplete', + }, + { + id: 'CWE-1088', + name: 'Synchronous Access of Remote Resource without Timeout', + status: 'Incomplete', + }, + { + id: 'CWE-1089', + name: 'Large Data Table with Excessive Number of Indices', + status: 'Incomplete', + }, + { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, + { + id: 'CWE-1090', + name: 'Method Containing Access of a Member Element from Another Class', + status: 'Incomplete', + }, + { + id: 'CWE-1091', + name: 'Use of Object without Invoking Destructor Method', + status: 'Incomplete', + }, + { + id: 'CWE-1092', + name: 'Use of Same Invokable Control Element in Multiple Architectural Layers', + status: 'Incomplete', + }, + { + id: 'CWE-1093', + name: 'Excessively Complex Data Representation', + status: 'Incomplete', + }, + { + id: 'CWE-1094', + name: 'Excessive Index Range Scan for a Data Resource', + status: 'Incomplete', + }, + { + id: 'CWE-1095', + name: 'Loop Condition Value Update within the Loop', + status: 'Incomplete', + }, + { + id: 'CWE-1096', + name: 'Singleton Class Instance Creation without Proper Locking or Synchronization', + status: 'Incomplete', + }, + { + id: 'CWE-1097', + name: 'Persistent Storable Data Element without Associated Comparison Control Element', + status: 'Incomplete', + }, + { + id: 'CWE-1098', + name: 'Data Element containing Pointer Item without Proper Copy Control Element', + status: 'Incomplete', + }, + { + id: 'CWE-1099', + name: 'Inconsistent Naming Conventions for Identifiers', + status: 'Incomplete', + }, + { + id: 'CWE-11', + name: 'ASP.NET Misconfiguration: Creating Debug Binary', + status: 'Draft', + }, + { + id: 'CWE-110', + name: 'Struts: Validator Without Form Field', + status: 'Draft', + }, + { + id: 'CWE-1100', + name: 'Insufficient Isolation of System-Dependent Functions', + status: 'Incomplete', + }, + { + id: 'CWE-1101', + name: 'Reliance on Runtime Component in Generated Code', + status: 'Incomplete', + }, + { + id: 'CWE-1102', + name: 'Reliance on Machine-Dependent Data Representation', + status: 'Incomplete', + }, + { + id: 'CWE-1103', + name: 'Use of Platform-Dependent Third Party Components', + status: 'Incomplete', + }, + { + id: 'CWE-1104', + name: 'Use of Unmaintained Third Party Components', + status: 'Incomplete', + }, + { + id: 'CWE-1105', + name: 'Insufficient Encapsulation of Machine-Dependent Functionality', + status: 'Incomplete', + }, + { + id: 'CWE-1106', + name: 'Insufficient Use of Symbolic Constants', + status: 'Incomplete', + }, + { + id: 'CWE-1107', + name: 'Insufficient Isolation of Symbolic Constant Definitions', + status: 'Incomplete', + }, + { + id: 'CWE-1108', + name: 'Excessive Reliance on Global Variables', + status: 'Incomplete', + }, + { + id: 'CWE-1109', + name: 'Use of Same Variable for Multiple Purposes', + status: 'Incomplete', + }, + { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, + { + id: 'CWE-1110', + name: 'Incomplete Design Documentation', + status: 'Incomplete', + }, + { + id: 'CWE-1111', + name: 'Incomplete I/O Documentation', + status: 'Incomplete', + }, + { + id: 'CWE-1112', + name: 'Incomplete Documentation of Program Execution', + status: 'Incomplete', + }, + { + id: 'CWE-1113', + name: 'Inappropriate Comment Style', + status: 'Incomplete', + }, + { + id: 'CWE-1114', + name: 'Inappropriate Whitespace Style', + status: 'Incomplete', + }, + { + id: 'CWE-1115', + name: 'Source Code Element without Standard Prologue', + status: 'Incomplete', + }, + { id: 'CWE-1116', name: 'Inaccurate Comments', status: 'Incomplete' }, + { + id: 'CWE-1117', + name: 'Callable with Insufficient Behavioral Summary', + status: 'Incomplete', + }, + { + id: 'CWE-1118', + name: 'Insufficient Documentation of Error Handling Techniques', + status: 'Incomplete', + }, + { + id: 'CWE-1119', + name: 'Excessive Use of Unconditional Branching', + status: 'Incomplete', + }, + { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, + { id: 'CWE-1120', name: 'Excessive Code Complexity', status: 'Incomplete' }, + { + id: 'CWE-1121', + name: 'Excessive McCabe Cyclomatic Complexity', + status: 'Incomplete', + }, + { + id: 'CWE-1122', + name: 'Excessive Halstead Complexity', + status: 'Incomplete', + }, + { + id: 'CWE-1123', + name: 'Excessive Use of Self-Modifying Code', + status: 'Incomplete', + }, + { id: 'CWE-1124', name: 'Excessively Deep Nesting', status: 'Incomplete' }, + { id: 'CWE-1125', name: 'Excessive Attack Surface', status: 'Incomplete' }, + { + id: 'CWE-1126', + name: 'Declaration of Variable with Unnecessarily Wide Scope', + status: 'Incomplete', + }, + { + id: 'CWE-1127', + name: 'Compilation with Insufficient Warnings or Errors', + status: 'Incomplete', + }, + { + id: 'CWE-113', + name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')", + status: 'Incomplete', + }, + { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, + { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, + { + id: 'CWE-116', + name: 'Improper Encoding or Escaping of Output', + status: 'Draft', + }, + { id: 'CWE-1164', name: 'Irrelevant Code', status: 'Incomplete' }, + { + id: 'CWE-117', + name: 'Improper Output Neutralization for Logs', + status: 'Draft', + }, + { + id: 'CWE-1173', + name: 'Improper Use of Validation Framework', + status: 'Draft', + }, + { + id: 'CWE-1174', + name: 'ASP.NET Misconfiguration: Improper Model Validation', + status: 'Draft', + }, + { + id: 'CWE-1176', + name: 'Inefficient CPU Computation', + status: 'Incomplete', + }, + { id: 'CWE-1177', name: 'Use of Prohibited Code', status: 'Incomplete' }, + { + id: 'CWE-118', + name: "Incorrect Access of Indexable Resource ('Range Error')", + status: 'Incomplete', + }, + { + id: 'CWE-1187', + name: 'DEPRECATED: Use of Uninitialized Resource', + status: 'Deprecated', + }, + { + id: 'CWE-1188', + name: 'Insecure Default Initialization of Resource', + status: 'Incomplete', + }, + { + id: 'CWE-1189', + name: 'Improper Isolation of Shared Resources on System-on-a-Chip (SoC)', + status: 'Draft', + }, + { + id: 'CWE-119', + name: 'Improper Restriction of Operations within the Bounds of a Memory Buffer', + status: 'Stable', + }, + { + id: 'CWE-1190', + name: 'DMA Device Enabled Too Early in Boot Phase', + status: 'Draft', + }, + { + id: 'CWE-1191', + name: 'Exposed Chip Debug and Test Interface With Insufficient or Missing Authorization', + status: 'Draft', + }, + { + id: 'CWE-1192', + name: 'System-on-Chip (SoC) Using Components without Unique, Immutable Identifiers', + status: 'Draft', + }, + { + id: 'CWE-1193', + name: 'Power-On of Untrusted Execution Core Before Enabling Fabric Access Control', + status: 'Draft', + }, + { + id: 'CWE-12', + name: 'ASP.NET Misconfiguration: Missing Custom Error Page', + status: 'Draft', + }, + { + id: 'CWE-120', + name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", + status: 'Incomplete', + }, + { + id: 'CWE-1209', + name: 'Failure to Disable Reserved Bits', + status: 'Incomplete', + }, + { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, + { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, + { + id: 'CWE-1220', + name: 'Insufficient Granularity of Access Control', + status: 'Incomplete', + }, + { + id: 'CWE-1221', + name: 'Incorrect Register Defaults or Module Parameters', + status: 'Incomplete', + }, + { + id: 'CWE-1222', + name: 'Insufficient Granularity of Address Regions Protected by Register Locks', + status: 'Incomplete', + }, + { + id: 'CWE-1223', + name: 'Race Condition for Write-Once Attributes', + status: 'Incomplete', + }, + { + id: 'CWE-1224', + name: 'Improper Restriction of Write-Once Bit Fields', + status: 'Incomplete', + }, + { + id: 'CWE-1229', + name: 'Creation of Emergent Resource', + status: 'Incomplete', + }, + { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, + { + id: 'CWE-1230', + name: 'Exposure of Sensitive Information Through Metadata', + status: 'Incomplete', + }, + { + id: 'CWE-1231', + name: 'Improper Implementation of Lock Protection Registers', + status: 'Incomplete', + }, + { + id: 'CWE-1232', + name: 'Improper Lock Behavior After Power State Transition', + status: 'Incomplete', + }, + { + id: 'CWE-1233', + name: 'Improper Hardware Lock Protection for Security Sensitive Controls', + status: 'Incomplete', + }, + { + id: 'CWE-1234', + name: 'Hardware Internal or Debug Modes Allow Override of Locks', + status: 'Incomplete', + }, + { + id: 'CWE-1235', + name: 'Incorrect Use of Autoboxing and Unboxing for Performance Critical Operations', + status: 'Incomplete', + }, + { + id: 'CWE-1236', + name: 'Improper Neutralization of Formula Elements in a CSV File', + status: 'Incomplete', + }, + { + id: 'CWE-1239', + name: 'Improper Zeroization of Hardware Register', + status: 'Draft', + }, + { + id: 'CWE-124', + name: "Buffer Underwrite ('Buffer Underflow')", + status: 'Incomplete', + }, + { + id: 'CWE-1240', + name: 'Use of a Risky Cryptographic Primitive', + status: 'Draft', + }, + { + id: 'CWE-1241', + name: 'Use of Predictable Algorithm in Random Number Generator', + status: 'Draft', + }, + { + id: 'CWE-1242', + name: 'Inclusion of Undocumented Features or Chicken Bits', + status: 'Incomplete', + }, + { + id: 'CWE-1243', + name: 'Sensitive Non-Volatile Information Not Protected During Debug', + status: 'Incomplete', + }, + { + id: 'CWE-1244', + name: 'Improper Access to Sensitive Information Using Debug and Test Interfaces', + status: 'Incomplete', + }, + { + id: 'CWE-1245', + name: 'Improper Finite State Machines (FSMs) in Hardware Logic', + status: 'Incomplete', + }, + { + id: 'CWE-1246', + name: 'Improper Write Handling in Limited-write Non-Volatile Memories', + status: 'Incomplete', + }, + { + id: 'CWE-1247', + name: 'Missing or Improperly Implemented Protection Against Voltage and Clock Glitches', + status: 'Incomplete', + }, + { + id: 'CWE-1248', + name: 'Semiconductor Defects in Hardware Logic with Security-Sensitive Implications', + status: 'Incomplete', + }, + { + id: 'CWE-1249', + name: 'Application-Level Admin Tool with Inconsistent View of Underlying Operating System', + status: 'Incomplete', + }, + { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, + { + id: 'CWE-1250', + name: 'Improper Preservation of Consistency Between Independent Representations of Shared State', + status: 'Incomplete', + }, + { + id: 'CWE-1251', + name: 'Mirrored Regions with Different Values', + status: 'Incomplete', + }, + { + id: 'CWE-1252', + name: 'CPU Hardware Not Configured to Support Exclusivity of Write and Execute Operations', + status: 'Incomplete', + }, + { + id: 'CWE-1253', + name: 'Incorrect Selection of Fuse Values', + status: 'Draft', + }, + { + id: 'CWE-1254', + name: 'Incorrect Comparison Logic Granularity', + status: 'Draft', + }, + { + id: 'CWE-1255', + name: 'Comparison Logic is Vulnerable to Power Side-Channel Attacks', + status: 'Draft', + }, + { + id: 'CWE-1256', + name: 'Hardware Features Enable Physical Attacks from Software', + status: 'Incomplete', + }, + { + id: 'CWE-1257', + name: 'Improper Access Control Applied to Mirrored or Aliased Memory Regions', + status: 'Incomplete', + }, + { + id: 'CWE-1258', + name: 'Exposure of Sensitive System Information Due to Uncleared Debug Information', + status: 'Draft', + }, + { + id: 'CWE-1259', + name: 'Improper Restriction of Security Token Assignment', + status: 'Incomplete', + }, + { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, + { + id: 'CWE-1260', + name: 'Improper Handling of Overlap Between Protected Memory Ranges', + status: 'Draft', + }, + { + id: 'CWE-1261', + name: 'Improper Handling of Single Event Upsets', + status: 'Draft', + }, + { + id: 'CWE-1262', + name: 'Register Interface Allows Software Access to Sensitive Data or Security Settings', + status: 'Incomplete', + }, + { + id: 'CWE-1263', + name: 'Improper Physical Access Control', + status: 'Incomplete', + }, + { + id: 'CWE-1264', + name: 'Hardware Logic with Insecure De-Synchronization between Control and Data Channels', + status: 'Incomplete', + }, + { + id: 'CWE-1265', + name: 'Unintended Reentrant Invocation of Non-reentrant Code Via Nested Calls', + status: 'Draft', + }, + { + id: 'CWE-1266', + name: 'Improper Scrubbing of Sensitive Data from Decommissioned Device', + status: 'Incomplete', + }, + { id: 'CWE-1267', name: 'Policy Uses Obsolete Encoding', status: 'Draft' }, + { + id: 'CWE-1268', + name: 'Policy Privileges are not Assigned Consistently Between Control and Data Agents', + status: 'Draft', + }, + { + id: 'CWE-1269', + name: 'Product Released in Non-Release Configuration', + status: 'Incomplete', + }, + { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, + { + id: 'CWE-1270', + name: 'Generation of Incorrect Security Tokens', + status: 'Incomplete', + }, + { + id: 'CWE-1271', + name: 'Unitialized Value on Reset for Registers Holding Security Settings', + status: 'Incomplete', + }, + { + id: 'CWE-1272', + name: 'Sensitive Information Uncleared Before Debug/Power State Transition', + status: 'Incomplete', + }, + { + id: 'CWE-1273', + name: 'Device Unlock Credential Sharing', + status: 'Incomplete', + }, + { + id: 'CWE-1274', + name: 'Insufficient Protections on the Volatile Memory Containing Boot Code', + status: 'Incomplete', + }, + { + id: 'CWE-1275', + name: 'Sensitive Cookie with Improper SameSite Attribute', + status: 'Incomplete', + }, + { + id: 'CWE-1276', + name: 'Hardware Child Block Incorrectly Connected to Parent System', + status: 'Incomplete', + }, + { id: 'CWE-1277', name: 'Firmware Not Updateable', status: 'Incomplete' }, + { + id: 'CWE-1278', + name: 'Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques', + status: 'Incomplete', + }, + { + id: 'CWE-1279', + name: 'Cryptographic Operations are run Before Supporting Units are Ready', + status: 'Incomplete', + }, + { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, + { + id: 'CWE-1280', + name: 'Access Control Check Implemented After Asset is Accessed', + status: 'Incomplete', + }, + { + id: 'CWE-1281', + name: 'Sequence of Processor Instructions Leads to Unexpected Behavior (Halt and Catch Fire)', + status: 'Incomplete', + }, + { + id: 'CWE-1282', + name: 'Assumed-Immutable Data is Stored in Writable Memory', + status: 'Incomplete', + }, + { + id: 'CWE-1283', + name: 'Mutable Attestation or Measurement Reporting Data', + status: 'Incomplete', + }, + { + id: 'CWE-1284', + name: 'Improper Validation of Specified Quantity in Input', + status: 'Incomplete', + }, + { + id: 'CWE-1285', + name: 'Improper Validation of Specified Index, Position, or Offset in Input', + status: 'Incomplete', + }, + { + id: 'CWE-1286', + name: 'Improper Validation of Syntactic Correctness of Input', + status: 'Incomplete', + }, + { + id: 'CWE-1287', + name: 'Improper Validation of Specified Type of Input', + status: 'Incomplete', + }, + { + id: 'CWE-1288', + name: 'Improper Validation of Consistency within Input', + status: 'Incomplete', + }, + { + id: 'CWE-1289', + name: 'Improper Validation of Unsafe Equivalence in Input', + status: 'Incomplete', + }, + { + id: 'CWE-129', + name: 'Improper Validation of Array Index', + status: 'Draft', + }, + { + id: 'CWE-1290', + name: 'Incorrect Decoding of Security Identifiers ', + status: 'Incomplete', + }, + { + id: 'CWE-1291', + name: 'Public Key Re-Use for Signing both Debug and Production Code', + status: 'Draft', + }, + { + id: 'CWE-1292', + name: 'Incorrect Conversion of Security Identifiers', + status: 'Draft', + }, + { + id: 'CWE-1293', + name: 'Missing Source Correlation of Multiple Independent Data', + status: 'Draft', + }, + { + id: 'CWE-1294', + name: 'Insecure Security Identifier Mechanism', + status: 'Incomplete', + }, + { + id: 'CWE-1295', + name: 'Debug Messages Revealing Unnecessary Information', + status: 'Incomplete', + }, + { + id: 'CWE-1296', + name: 'Incorrect Chaining or Granularity of Debug Components', + status: 'Incomplete', + }, + { + id: 'CWE-1297', + name: 'Unprotected Confidential Information on Device is Accessible by OSAT Vendors', + status: 'Incomplete', + }, + { + id: 'CWE-1298', + name: 'Hardware Logic Contains Race Conditions', + status: 'Draft', + }, + { + id: 'CWE-1299', + name: 'Missing Protection Mechanism for Alternate Hardware Interface', + status: 'Draft', + }, + { + id: 'CWE-13', + name: 'ASP.NET Misconfiguration: Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-130', + name: 'Improper Handling of Length Parameter Inconsistency', + status: 'Incomplete', + }, + { + id: 'CWE-1300', + name: 'Improper Protection Against Physical Side Channels', + status: 'Incomplete', + }, + { + id: 'CWE-1301', + name: 'Insufficient or Incomplete Data Removal within Hardware Component', + status: 'Incomplete', + }, + { + id: 'CWE-1302', + name: 'Missing Security Identifier', + status: 'Incomplete', + }, + { + id: 'CWE-1303', + name: 'Non-Transparent Sharing of Microarchitectural Resources', + status: 'Draft', + }, + { + id: 'CWE-1304', + name: 'Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation', + status: 'Draft', + }, + { + id: 'CWE-131', + name: 'Incorrect Calculation of Buffer Size', + status: 'Draft', + }, + { + id: 'CWE-132', + name: 'DEPRECATED (Duplicate): Miscalculated Null Termination', + status: 'Deprecated', + }, + { + id: 'CWE-134', + name: 'Use of Externally-Controlled Format String', + status: 'Draft', + }, + { + id: 'CWE-135', + name: 'Incorrect Calculation of Multi-Byte String Length', + status: 'Draft', + }, + { + id: 'CWE-138', + name: 'Improper Neutralization of Special Elements', + status: 'Draft', + }, + { + id: 'CWE-14', + name: 'Compiler Removal of Code to Clear Buffers', + status: 'Draft', + }, + { + id: 'CWE-140', + name: 'Improper Neutralization of Delimiters', + status: 'Draft', + }, + { + id: 'CWE-141', + name: 'Improper Neutralization of Parameter/Argument Delimiters', + status: 'Draft', + }, + { + id: 'CWE-142', + name: 'Improper Neutralization of Value Delimiters', + status: 'Draft', + }, + { + id: 'CWE-143', + name: 'Improper Neutralization of Record Delimiters', + status: 'Draft', + }, + { + id: 'CWE-144', + name: 'Improper Neutralization of Line Delimiters', + status: 'Draft', + }, + { + id: 'CWE-145', + name: 'Improper Neutralization of Section Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-146', + name: 'Improper Neutralization of Expression/Command Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-147', + name: 'Improper Neutralization of Input Terminators', + status: 'Draft', + }, + { + id: 'CWE-148', + name: 'Improper Neutralization of Input Leaders', + status: 'Draft', + }, + { + id: 'CWE-149', + name: 'Improper Neutralization of Quoting Syntax', + status: 'Draft', + }, + { + id: 'CWE-15', + name: 'External Control of System or Configuration Setting', + status: 'Incomplete', + }, + { + id: 'CWE-150', + name: 'Improper Neutralization of Escape, Meta, or Control Sequences', + status: 'Incomplete', + }, + { + id: 'CWE-151', + name: 'Improper Neutralization of Comment Delimiters', + status: 'Draft', + }, + { + id: 'CWE-152', + name: 'Improper Neutralization of Macro Symbols', + status: 'Draft', + }, + { + id: 'CWE-153', + name: 'Improper Neutralization of Substitution Characters', + status: 'Draft', + }, + { + id: 'CWE-154', + name: 'Improper Neutralization of Variable Name Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-155', + name: 'Improper Neutralization of Wildcards or Matching Symbols', + status: 'Draft', + }, + { + id: 'CWE-156', + name: 'Improper Neutralization of Whitespace', + status: 'Draft', + }, + { + id: 'CWE-157', + name: 'Failure to Sanitize Paired Delimiters', + status: 'Draft', + }, + { + id: 'CWE-158', + name: 'Improper Neutralization of Null Byte or NUL Character', + status: 'Incomplete', + }, + { + id: 'CWE-159', + name: 'Improper Handling of Invalid Use of Special Elements', + status: 'Draft', + }, + { + id: 'CWE-160', + name: 'Improper Neutralization of Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-161', + name: 'Improper Neutralization of Multiple Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-162', + name: 'Improper Neutralization of Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-163', + name: 'Improper Neutralization of Multiple Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-164', + name: 'Improper Neutralization of Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-165', + name: 'Improper Neutralization of Multiple Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-166', + name: 'Improper Handling of Missing Special Element', + status: 'Draft', + }, + { + id: 'CWE-167', + name: 'Improper Handling of Additional Special Element', + status: 'Draft', + }, + { + id: 'CWE-168', + name: 'Improper Handling of Inconsistent Special Elements', + status: 'Draft', + }, + { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, + { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, + { + id: 'CWE-173', + name: 'Improper Handling of Alternate Encoding', + status: 'Draft', + }, + { + id: 'CWE-174', + name: 'Double Decoding of the Same Data', + status: 'Draft', + }, + { + id: 'CWE-175', + name: 'Improper Handling of Mixed Encoding', + status: 'Draft', + }, + { + id: 'CWE-176', + name: 'Improper Handling of Unicode Encoding', + status: 'Draft', + }, + { + id: 'CWE-177', + name: 'Improper Handling of URL Encoding (Hex Encoding)', + status: 'Draft', + }, + { + id: 'CWE-178', + name: 'Improper Handling of Case Sensitivity', + status: 'Incomplete', + }, + { + id: 'CWE-179', + name: 'Incorrect Behavior Order: Early Validation', + status: 'Incomplete', + }, + { + id: 'CWE-180', + name: 'Incorrect Behavior Order: Validate Before Canonicalize', + status: 'Draft', + }, + { + id: 'CWE-181', + name: 'Incorrect Behavior Order: Validate Before Filter', + status: 'Draft', + }, + { + id: 'CWE-182', + name: 'Collapse of Data into Unsafe Value', + status: 'Draft', + }, + { + id: 'CWE-183', + name: 'Permissive List of Allowed Inputs', + status: 'Draft', + }, + { + id: 'CWE-184', + name: 'Incomplete List of Disallowed Inputs', + status: 'Draft', + }, + { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, + { + id: 'CWE-186', + name: 'Overly Restrictive Regular Expression', + status: 'Draft', + }, + { id: 'CWE-187', name: 'Partial String Comparison', status: 'Incomplete' }, + { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, + { id: 'CWE-190', name: 'Integer Overflow or Wraparound', status: 'Stable' }, + { + id: 'CWE-191', + name: 'Integer Underflow (Wrap or Wraparound)', + status: 'Draft', + }, + { id: 'CWE-192', name: 'Integer Coercion Error', status: 'Incomplete' }, + { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, + { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, + { + id: 'CWE-195', + name: 'Signed to Unsigned Conversion Error', + status: 'Draft', + }, + { + id: 'CWE-196', + name: 'Unsigned to Signed Conversion Error', + status: 'Draft', + }, + { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, + { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, + { id: 'CWE-20', name: 'Improper Input Validation', status: 'Stable' }, + { + id: 'CWE-200', + name: 'Exposure of Sensitive Information to an Unauthorized Actor', + status: 'Draft', + }, + { + id: 'CWE-201', + name: 'Insertion of Sensitive Information Into Sent Data', + status: 'Draft', + }, + { + id: 'CWE-202', + name: 'Exposure of Sensitive Information Through Data Queries', + status: 'Draft', + }, + { + id: 'CWE-203', + name: 'Observable Differences in Behavior to Error Inputs', + status: 'Incomplete', + }, + { + id: 'CWE-204', + name: 'Observable Response Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-205', + name: 'Observable Behavioral Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-206', + name: 'Observable Internal Behavioral Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-207', + name: 'Observable Behavioral Discrepancy With Equivalent Products', + status: 'Draft', + }, + { + id: 'CWE-208', + name: 'Observable Timing Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-209', + name: 'Generation of Error Message Containing Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-210', + name: 'Self-generated Error Message Containing Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-211', + name: 'Externally-Generated Error Message Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-212', + name: 'Improper Removal of Sensitive Information Before Storage or Transfer', + status: 'Incomplete', + }, + { + id: 'CWE-213', + name: 'Exposure of Sensitive Information Due to Incompatible Policies', + status: 'Draft', + }, + { + id: 'CWE-214', + name: 'Invocation of Process Using Visible Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-215', + name: 'Insertion of Sensitive Information Into Debugging Code', + status: 'Draft', + }, + { + id: 'CWE-216', + name: 'DEPRECATED: Containment Errors (Container Errors)', + status: 'Deprecated', + }, + { + id: 'CWE-217', + name: 'DEPRECATED: Failure to Protect Stored Data from Modification', + status: 'Deprecated', + }, + { + id: 'CWE-218', + name: 'DEPRECATED (Duplicate): Failure to provide confidentiality for stored data', + status: 'Deprecated', + }, + { + id: 'CWE-219', + name: 'Storage of File with Sensitive Data Under Web Root', + status: 'Draft', + }, + { + id: 'CWE-22', + name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + status: 'Stable', + }, + { + id: 'CWE-220', + name: 'Storage of File With Sensitive Data Under FTP Root', + status: 'Draft', + }, + { + id: 'CWE-221', + name: 'Information Loss or Omission', + status: 'Incomplete', + }, + { + id: 'CWE-222', + name: 'Truncation of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-223', + name: 'Omission of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-224', + name: 'Obscured Security-relevant Information by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-225', + name: 'DEPRECATED (Duplicate): General Information Management Problems', + status: 'Deprecated', + }, + { + id: 'CWE-226', + name: 'Sensitive Information in Resource Not Removed Before Reuse', + status: 'Draft', + }, + { + id: 'CWE-228', + name: 'Improper Handling of Syntactically Invalid Structure', + status: 'Incomplete', + }, + { + id: 'CWE-229', + name: 'Improper Handling of Values', + status: 'Incomplete', + }, + { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, + { + id: 'CWE-230', + name: 'Improper Handling of Missing Values', + status: 'Draft', + }, + { + id: 'CWE-231', + name: 'Improper Handling of Extra Values', + status: 'Draft', + }, + { + id: 'CWE-232', + name: 'Improper Handling of Undefined Values', + status: 'Draft', + }, + { + id: 'CWE-233', + name: 'Improper Handling of Parameters', + status: 'Incomplete', + }, + { + id: 'CWE-234', + name: 'Failure to Handle Missing Parameter', + status: 'Incomplete', + }, + { + id: 'CWE-235', + name: 'Improper Handling of Extra Parameters', + status: 'Draft', + }, + { + id: 'CWE-236', + name: 'Improper Handling of Undefined Parameters', + status: 'Draft', + }, + { + id: 'CWE-237', + name: 'Improper Handling of Structural Elements', + status: 'Incomplete', + }, + { + id: 'CWE-238', + name: 'Improper Handling of Incomplete Structural Elements', + status: 'Draft', + }, + { + id: 'CWE-239', + name: 'Failure to Handle Incomplete Element', + status: 'Draft', + }, + { + id: 'CWE-24', + name: "Path Traversal: '../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-240', + name: 'Improper Handling of Inconsistent Structural Elements', + status: 'Draft', + }, + { + id: 'CWE-241', + name: 'Improper Handling of Unexpected Data Type', + status: 'Draft', + }, + { + id: 'CWE-242', + name: 'Use of Inherently Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-243', + name: 'Creation of chroot Jail Without Changing Working Directory', + status: 'Draft', + }, + { + id: 'CWE-244', + name: "Improper Clearing of Heap Memory Before Release ('Heap Inspection')", + status: 'Draft', + }, + { + id: 'CWE-245', + name: 'J2EE Bad Practices: Direct Management of Connections', + status: 'Draft', + }, + { + id: 'CWE-246', + name: 'J2EE Bad Practices: Direct Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-247', + name: 'DEPRECATED (Duplicate): Reliance on DNS Lookups in a Security Decision', + status: 'Deprecated', + }, + { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, + { + id: 'CWE-249', + name: 'DEPRECATED: Often Misused: Path Manipulation', + status: 'Deprecated', + }, + { + id: 'CWE-25', + name: "Path Traversal: '/../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-250', + name: 'Execution with Unnecessary Privileges', + status: 'Draft', + }, + { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, + { + id: 'CWE-253', + name: 'Incorrect Check of Function Return Value', + status: 'Incomplete', + }, + { + id: 'CWE-256', + name: 'Unprotected Storage of Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-257', + name: 'Storing Passwords in a Recoverable Format', + status: 'Incomplete', + }, + { + id: 'CWE-258', + name: 'Empty Password in Configuration File', + status: 'Incomplete', + }, + { id: 'CWE-259', name: 'Use of Hard-coded Password', status: 'Draft' }, + { + id: 'CWE-26', + name: "Path Traversal: '/dir/../filename'", + status: 'Draft', + }, + { + id: 'CWE-260', + name: 'Password in Configuration File', + status: 'Incomplete', + }, + { id: 'CWE-261', name: 'Weak Encoding for Password', status: 'Incomplete' }, + { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, + { + id: 'CWE-263', + name: 'Password Aging with Long Expiration', + status: 'Draft', + }, + { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, + { + id: 'CWE-267', + name: 'Privilege Defined With Unsafe Actions', + status: 'Incomplete', + }, + { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, + { id: 'CWE-269', name: 'Improper Privilege Management', status: 'Draft' }, + { + id: 'CWE-27', + name: "Path Traversal: 'dir/../../filename'", + status: 'Draft', + }, + { + id: 'CWE-270', + name: 'Privilege Context Switching Error', + status: 'Draft', + }, + { + id: 'CWE-271', + name: 'Privilege Dropping / Lowering Errors', + status: 'Incomplete', + }, + { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, + { + id: 'CWE-273', + name: 'Improper Check for Dropped Privileges', + status: 'Incomplete', + }, + { + id: 'CWE-274', + name: 'Improper Handling of Insufficient Privileges', + status: 'Draft', + }, + { id: 'CWE-276', name: 'Incorrect Default Permissions', status: 'Draft' }, + { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, + { + id: 'CWE-278', + name: 'Insecure Preserved Inherited Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-279', + name: 'Incorrect Execution-Assigned Permissions', + status: 'Draft', + }, + { + id: 'CWE-28', + name: "Path Traversal: '..\\filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-280', + name: 'Improper Handling of Insufficient Permissions or Privileges ', + status: 'Draft', + }, + { + id: 'CWE-281', + name: 'Improper Preservation of Permissions', + status: 'Draft', + }, + { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, + { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, + { id: 'CWE-284', name: 'Improper Access Control', status: 'Incomplete' }, + { id: 'CWE-285', name: 'Improper Authorization', status: 'Draft' }, + { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, + { id: 'CWE-287', name: 'Improper Authentication', status: 'Draft' }, + { + id: 'CWE-288', + name: 'Authentication Bypass Using an Alternate Path or Channel', + status: 'Incomplete', + }, + { + id: 'CWE-289', + name: 'Authentication Bypass by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-29', + name: "Path Traversal: '\\..\\filename'", + status: 'Incomplete', + }, + { + id: 'CWE-290', + name: 'Authentication Bypass by Spoofing', + status: 'Incomplete', + }, + { + id: 'CWE-291', + name: 'Reliance on IP Address for Authentication', + status: 'Incomplete', + }, + { + id: 'CWE-292', + name: 'DEPRECATED (Duplicate): Trusting Self-reported DNS Name', + status: 'Deprecated', + }, + { + id: 'CWE-293', + name: 'Using Referer Field for Authentication', + status: 'Draft', + }, + { + id: 'CWE-294', + name: 'Authentication Bypass by Capture-replay', + status: 'Incomplete', + }, + { id: 'CWE-295', name: 'Improper Certificate Validation', status: 'Draft' }, + { + id: 'CWE-296', + name: "Improper Following of a Certificate's Chain of Trust", + status: 'Draft', + }, + { + id: 'CWE-297', + name: 'Improper Validation of Certificate with Host Mismatch', + status: 'Incomplete', + }, + { + id: 'CWE-298', + name: 'Improper Validation of Certificate Expiration', + status: 'Draft', + }, + { + id: 'CWE-299', + name: 'Improper Check for Certificate Revocation', + status: 'Draft', + }, + { + id: 'CWE-30', + name: "Path Traversal: '\\dir\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-300', + name: 'Channel Accessible by Non-Endpoint', + status: 'Draft', + }, + { + id: 'CWE-301', + name: 'Reflection Attack in an Authentication Protocol', + status: 'Draft', + }, + { + id: 'CWE-302', + name: 'Authentication Bypass by Assumed-Immutable Data', + status: 'Incomplete', + }, + { + id: 'CWE-303', + name: 'Incorrect Implementation of Authentication Algorithm', + status: 'Draft', + }, + { + id: 'CWE-304', + name: 'Missing Critical Step in Authentication', + status: 'Draft', + }, + { + id: 'CWE-305', + name: 'Authentication Bypass by Primary Weakness', + status: 'Draft', + }, + { + id: 'CWE-306', + name: 'Missing Authentication for Critical Function', + status: 'Draft', + }, + { + id: 'CWE-307', + name: 'Improper Restriction of Excessive Authentication Attempts', + status: 'Draft', + }, + { + id: 'CWE-308', + name: 'Use of Single-factor Authentication', + status: 'Draft', + }, + { + id: 'CWE-309', + name: 'Use of Password System for Primary Authentication', + status: 'Draft', + }, + { + id: 'CWE-31', + name: "Path Traversal: 'dir\\..\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-311', + name: 'Missing Encryption of Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-312', + name: 'Cleartext Storage of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-313', + name: 'Cleartext Storage in a File or on Disk', + status: 'Draft', + }, + { + id: 'CWE-314', + name: 'Cleartext Storage in the Registry', + status: 'Draft', + }, + { + id: 'CWE-315', + name: 'Cleartext Storage of Sensitive Information in a Cookie', + status: 'Draft', + }, + { + id: 'CWE-316', + name: 'Cleartext Storage of Sensitive Information in Memory', + status: 'Draft', + }, + { + id: 'CWE-317', + name: 'Cleartext Storage of Sensitive Information in GUI', + status: 'Draft', + }, + { + id: 'CWE-318', + name: 'Cleartext Storage of Sensitive Information in Executable', + status: 'Draft', + }, + { + id: 'CWE-319', + name: 'Cleartext Transmission of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-32', + name: "Path Traversal: '...' (Triple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-321', + name: 'Use of Hard-coded Cryptographic Key', + status: 'Draft', + }, + { + id: 'CWE-322', + name: 'Key Exchange without Entity Authentication', + status: 'Draft', + }, + { + id: 'CWE-323', + name: 'Reusing a Nonce, Key Pair in Encryption', + status: 'Incomplete', + }, + { + id: 'CWE-324', + name: 'Use of a Key Past its Expiration Date', + status: 'Draft', + }, + { id: 'CWE-325', name: 'Missing Cryptographic Step', status: 'Draft' }, + { id: 'CWE-326', name: 'Inadequate Encryption Strength', status: 'Draft' }, + { + id: 'CWE-327', + name: 'Use of a Broken or Risky Cryptographic Algorithm', + status: 'Draft', + }, + { id: 'CWE-328', name: 'Reversible One-Way Hash', status: 'Draft' }, + { + id: 'CWE-329', + name: 'Not Using a Random IV with CBC Mode', + status: 'Draft', + }, + { + id: 'CWE-33', + name: "Path Traversal: '....' (Multiple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-330', + name: 'Use of Insufficiently Random Values', + status: 'Stable', + }, + { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, + { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, + { + id: 'CWE-333', + name: 'Improper Handling of Insufficient Entropy in TRNG', + status: 'Draft', + }, + { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, + { + id: 'CWE-335', + name: 'Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + }, + { + id: 'CWE-336', + name: 'Same Seed in Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + }, + { + id: 'CWE-337', + name: 'Predictable Seed in Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + }, + { + id: 'CWE-338', + name: 'Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + }, + { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, + { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, + { + id: 'CWE-340', + name: 'Generation of Predictable Numbers or Identifiers', + status: 'Incomplete', + }, + { + id: 'CWE-341', + name: 'Predictable from Observable State', + status: 'Draft', + }, + { + id: 'CWE-342', + name: 'Predictable Exact Value from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-343', + name: 'Predictable Value Range from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-344', + name: 'Use of Invariant Value in Dynamically Changing Context', + status: 'Draft', + }, + { + id: 'CWE-345', + name: 'Insufficient Verification of Data Authenticity', + status: 'Draft', + }, + { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, + { + id: 'CWE-347', + name: 'Improper Verification of Cryptographic Signature', + status: 'Draft', + }, + { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, + { + id: 'CWE-349', + name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', + status: 'Draft', + }, + { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, + { + id: 'CWE-350', + name: 'Reliance on Reverse DNS Resolution for a Security-Critical Action', + status: 'Draft', + }, + { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, + { + id: 'CWE-352', + name: 'Cross-Site Request Forgery (CSRF)', + status: 'Stable', + }, + { + id: 'CWE-353', + name: 'Missing Support for Integrity Check', + status: 'Draft', + }, + { + id: 'CWE-354', + name: 'Improper Validation of Integrity Check Value', + status: 'Draft', + }, + { + id: 'CWE-356', + name: 'Product UI does not Warn User of Unsafe Actions', + status: 'Incomplete', + }, + { + id: 'CWE-357', + name: 'Insufficient UI Warning of Dangerous Operations', + status: 'Draft', + }, + { + id: 'CWE-358', + name: 'Improperly Implemented Security Check for Standard', + status: 'Draft', + }, + { + id: 'CWE-359', + name: 'Exposure of Private Personal Information to an Unauthorized Actor', + status: 'Incomplete', + }, + { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, + { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, + { + id: 'CWE-362', + name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", + status: 'Draft', + }, + { + id: 'CWE-363', + name: 'Race Condition Enabling Link Following', + status: 'Draft', + }, + { + id: 'CWE-364', + name: 'Signal Handler Race Condition', + status: 'Incomplete', + }, + { id: 'CWE-365', name: 'Race Condition in Switch', status: 'Draft' }, + { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, + { + id: 'CWE-367', + name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', + status: 'Incomplete', + }, + { + id: 'CWE-368', + name: 'Context Switching Race Condition', + status: 'Draft', + }, + { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, + { + id: 'CWE-37', + name: "Path Traversal: '/absolute/pathname/here'", + status: 'Draft', + }, + { + id: 'CWE-370', + name: 'Missing Check for Certificate Revocation after Initial Check', + status: 'Draft', + }, + { + id: 'CWE-372', + name: 'Incomplete Internal State Distinction', + status: 'Draft', + }, + { + id: 'CWE-373', + name: 'DEPRECATED: State Synchronization Error', + status: 'Deprecated', + }, + { + id: 'CWE-374', + name: 'Passing Mutable Objects to an Untrusted Method', + status: 'Draft', + }, + { + id: 'CWE-375', + name: 'Returning a Mutable Object to an Untrusted Caller', + status: 'Draft', + }, + { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, + { + id: 'CWE-378', + name: 'Creation of Temporary File With Insecure Permissions', + status: 'Draft', + }, + { + id: 'CWE-379', + name: 'Creation of Temporary File in Directory with Insecure Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-38', + name: "Path Traversal: '\\absolute\\pathname\\here'", + status: 'Draft', + }, + { + id: 'CWE-382', + name: 'J2EE Bad Practices: Use of System.exit()', + status: 'Draft', + }, + { + id: 'CWE-383', + name: 'J2EE Bad Practices: Direct Use of Threads', + status: 'Draft', + }, + { id: 'CWE-384', name: 'Session Fixation', status: 'Incomplete' }, + { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, + { + id: 'CWE-386', + name: 'Symbolic Name not Mapping to Correct Object', + status: 'Draft', + }, + { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, + { + id: 'CWE-390', + name: 'Detection of Error Condition Without Action', + status: 'Draft', + }, + { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, + { + id: 'CWE-392', + name: 'Missing Report of Error Condition', + status: 'Draft', + }, + { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, + { + id: 'CWE-394', + name: 'Unexpected Status Code or Return Value', + status: 'Draft', + }, + { + id: 'CWE-395', + name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', + status: 'Draft', + }, + { + id: 'CWE-396', + name: 'Declaration of Catch for Generic Exception', + status: 'Draft', + }, + { + id: 'CWE-397', + name: 'Declaration of Throws for Generic Exception', + status: 'Draft', + }, + { + id: 'CWE-40', + name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", + status: 'Draft', + }, + { + id: 'CWE-400', + name: 'Uncontrolled Resource Consumption', + status: 'Draft', + }, + { + id: 'CWE-401', + name: 'Missing Release of Memory after Effective Lifetime', + status: 'Draft', + }, + { + id: 'CWE-402', + name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", + status: 'Draft', + }, + { + id: 'CWE-403', + name: "Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')", + status: 'Draft', + }, + { + id: 'CWE-404', + name: 'Improper Resource Shutdown or Release', + status: 'Draft', + }, + { + id: 'CWE-405', + name: 'Asymmetric Resource Consumption (Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-406', + name: 'Insufficient Control of Network Message Volume (Network Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-407', + name: 'Inefficient Algorithmic Complexity', + status: 'Incomplete', + }, + { + id: 'CWE-408', + name: 'Incorrect Behavior Order: Early Amplification', + status: 'Draft', + }, + { + id: 'CWE-409', + name: 'Improper Handling of Highly Compressed Data (Data Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-41', + name: 'Improper Resolution of Path Equivalence', + status: 'Incomplete', + }, + { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, + { + id: 'CWE-412', + name: 'Unrestricted Externally Accessible Lock', + status: 'Incomplete', + }, + { id: 'CWE-413', name: 'Improper Resource Locking', status: 'Draft' }, + { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, + { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, + { id: 'CWE-416', name: 'Use After Free', status: 'Stable' }, + { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, + { + id: 'CWE-42', + name: "Path Equivalence: 'filename.' (Trailing Dot)", + status: 'Incomplete', + }, + { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, + { + id: 'CWE-421', + name: 'Race Condition During Access to Alternate Channel', + status: 'Draft', + }, + { + id: 'CWE-422', + name: "Unprotected Windows Messaging Channel ('Shatter')", + status: 'Draft', + }, + { + id: 'CWE-423', + name: 'DEPRECATED (Duplicate): Proxied Trusted Channel', + status: 'Deprecated', + }, + { + id: 'CWE-424', + name: 'Improper Protection of Alternate Path', + status: 'Draft', + }, + { + id: 'CWE-425', + name: "Direct Request ('Forced Browsing')", + status: 'Incomplete', + }, + { id: 'CWE-426', name: 'Untrusted Search Path', status: 'Stable' }, + { + id: 'CWE-427', + name: 'Uncontrolled Search Path Element', + status: 'Draft', + }, + { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, + { + id: 'CWE-43', + name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-430', + name: 'Deployment of Wrong Handler', + status: 'Incomplete', + }, + { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, + { + id: 'CWE-432', + name: 'Dangerous Signal Handler not Disabled During Sensitive Operations', + status: 'Draft', + }, + { + id: 'CWE-433', + name: 'Unparsed Raw Web Content Delivery', + status: 'Incomplete', + }, + { + id: 'CWE-434', + name: 'Unrestricted Upload of File with Dangerous Type', + status: 'Draft', + }, + { + id: 'CWE-435', + name: 'Improper Interaction Between Multiple Correctly-Behaving Entities', + status: 'Draft', + }, + { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, + { + id: 'CWE-437', + name: 'Incomplete Model of Endpoint Features', + status: 'Incomplete', + }, + { + id: 'CWE-439', + name: 'Behavioral Change in New Version or Environment', + status: 'Draft', + }, + { + id: 'CWE-44', + name: "Path Equivalence: 'file.name' (Internal Dot)", + status: 'Incomplete', + }, + { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, + { + id: 'CWE-441', + name: "Unintended Proxy or Intermediary ('Confused Deputy')", + status: 'Draft', + }, + { + id: 'CWE-443', + name: 'DEPRECATED (Duplicate): HTTP response splitting', + status: 'Deprecated', + }, + { + id: 'CWE-444', + name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')", + status: 'Incomplete', + }, + { + id: 'CWE-446', + name: 'UI Discrepancy for Security Feature', + status: 'Incomplete', + }, + { + id: 'CWE-447', + name: 'Unimplemented or Unsupported Feature in UI', + status: 'Draft', + }, + { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, + { + id: 'CWE-449', + name: 'The UI Performs the Wrong Action', + status: 'Incomplete', + }, + { + id: 'CWE-45', + name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-450', + name: 'Multiple Interpretations of UI Input', + status: 'Draft', + }, + { + id: 'CWE-451', + name: 'User Interface (UI) Misrepresentation of Critical Information', + status: 'Draft', + }, + { + id: 'CWE-453', + name: 'Insecure Default Variable Initialization', + status: 'Draft', + }, + { + id: 'CWE-454', + name: 'External Initialization of Trusted Variables or Data Stores', + status: 'Draft', + }, + { + id: 'CWE-455', + name: 'Non-exit on Failed Initialization', + status: 'Draft', + }, + { + id: 'CWE-456', + name: 'Missing Initialization of a Variable', + status: 'Draft', + }, + { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, + { + id: 'CWE-458', + name: 'DEPRECATED: Incorrect Initialization', + status: 'Deprecated', + }, + { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, + { + id: 'CWE-46', + name: "Path Equivalence: 'filename ' (Trailing Space)", + status: 'Incomplete', + }, + { + id: 'CWE-460', + name: 'Improper Cleanup on Thrown Exception', + status: 'Draft', + }, + { + id: 'CWE-462', + name: 'Duplicate Key in Associative List (Alist)', + status: 'Incomplete', + }, + { + id: 'CWE-463', + name: 'Deletion of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-464', + name: 'Addition of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-466', + name: 'Return of Pointer Value Outside of Expected Range', + status: 'Draft', + }, + { + id: 'CWE-467', + name: 'Use of sizeof() on a Pointer Type', + status: 'Draft', + }, + { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, + { + id: 'CWE-469', + name: 'Use of Pointer Subtraction to Determine Size', + status: 'Draft', + }, + { + id: 'CWE-47', + name: "Path Equivalence: ' filename' (Leading Space)", + status: 'Incomplete', + }, + { + id: 'CWE-470', + name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", + status: 'Draft', + }, + { + id: 'CWE-471', + name: 'Modification of Assumed-Immutable Data (MAID)', + status: 'Draft', + }, + { + id: 'CWE-472', + name: 'External Control of Assumed-Immutable Web Parameter', + status: 'Draft', + }, + { + id: 'CWE-473', + name: 'PHP External Variable Modification', + status: 'Draft', + }, + { + id: 'CWE-474', + name: 'Use of Function with Inconsistent Implementations', + status: 'Draft', + }, + { + id: 'CWE-475', + name: 'Undefined Behavior for Input to API', + status: 'Incomplete', + }, + { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Stable' }, + { id: 'CWE-477', name: 'Use of Obsolete Function', status: 'Draft' }, + { + id: 'CWE-478', + name: 'Missing Default Case in Switch Statement', + status: 'Draft', + }, + { + id: 'CWE-479', + name: 'Signal Handler Use of a Non-reentrant Function', + status: 'Draft', + }, + { + id: 'CWE-48', + name: "Path Equivalence: 'file name' (Internal Whitespace)", + status: 'Incomplete', + }, + { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, + { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, + { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, + { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, + { + id: 'CWE-484', + name: 'Omitted Break Statement in Switch', + status: 'Draft', + }, + { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, + { + id: 'CWE-487', + name: 'Reliance on Package-level Scope', + status: 'Incomplete', + }, + { + id: 'CWE-488', + name: 'Exposure of Data Element to Wrong Session', + status: 'Draft', + }, + { id: 'CWE-489', name: 'Active Debug Code', status: 'Draft' }, + { + id: 'CWE-49', + name: "Path Equivalence: 'filename/' (Trailing Slash)", + status: 'Incomplete', + }, + { + id: 'CWE-491', + name: "Public cloneable() Method Without Final ('Object Hijack')", + status: 'Draft', + }, + { + id: 'CWE-492', + name: 'Use of Inner Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-493', + name: 'Critical Public Variable Without Final Modifier', + status: 'Draft', + }, + { + id: 'CWE-494', + name: 'Download of Code Without Integrity Check', + status: 'Draft', + }, + { + id: 'CWE-495', + name: 'Private Data Structure Returned From A Public Method', + status: 'Draft', + }, + { + id: 'CWE-496', + name: 'Public Data Assigned to Private Array-Typed Field', + status: 'Incomplete', + }, + { + id: 'CWE-497', + name: 'Exposure of Sensitive System Information to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-498', + name: 'Cloneable Class Containing Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-499', + name: 'Serializable Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-5', + name: 'J2EE Misconfiguration: Data Transmission Without Encryption', + status: 'Draft', + }, + { + id: 'CWE-50', + name: "Path Equivalence: '//multiple/leading/slash'", + status: 'Incomplete', + }, + { + id: 'CWE-500', + name: 'Public Static Field Not Marked Final', + status: 'Draft', + }, + { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, + { + id: 'CWE-502', + name: 'Deserialization of Untrusted Data', + status: 'Draft', + }, + { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, + { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, + { + id: 'CWE-508', + name: 'Non-Replicating Malicious Code', + status: 'Incomplete', + }, + { + id: 'CWE-509', + name: 'Replicating Malicious Code (Virus or Worm)', + status: 'Incomplete', + }, + { + id: 'CWE-51', + name: "Path Equivalence: '/multiple//internal/slash'", + status: 'Incomplete', + }, + { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, + { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, + { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, + { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, + { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, + { + id: 'CWE-516', + name: 'DEPRECATED (Duplicate): Covert Timing Channel', + status: 'Deprecated', + }, + { + id: 'CWE-52', + name: "Path Equivalence: '/multiple/trailing/slash//'", + status: 'Incomplete', + }, + { + id: 'CWE-520', + name: '.NET Misconfiguration: Use of Impersonation', + status: 'Incomplete', + }, + { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, + { + id: 'CWE-522', + name: 'Insufficiently Protected Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-523', + name: 'Unprotected Transport of Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-524', + name: 'Use of Cache Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-525', + name: 'Use of Web Browser Cache Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-526', + name: 'Exposure of Sensitive Information Through Environmental Variables', + status: 'Incomplete', + }, + { + id: 'CWE-527', + name: 'Exposure of Version-Control Repository to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-528', + name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', + status: 'Draft', + }, + { + id: 'CWE-529', + name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-53', + name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", + status: 'Incomplete', + }, + { + id: 'CWE-530', + name: 'Exposure of Backup File to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-531', + name: 'Inclusion of Sensitive Information in Test Code', + status: 'Incomplete', + }, + { + id: 'CWE-532', + name: 'Insertion of Sensitive Information into Log File', + status: 'Incomplete', + }, + { + id: 'CWE-533', + name: 'DEPRECATED: Information Exposure Through Server Log Files', + status: 'Deprecated', + }, + { + id: 'CWE-534', + name: 'DEPRECATED: Information Exposure Through Debug Log Files', + status: 'Deprecated', + }, + { + id: 'CWE-535', + name: 'Exposure of Information Through Shell Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-536', + name: 'Servlet Runtime Error Message Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-537', + name: 'Java Runtime Error Message Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-538', + name: 'Insertion of Sensitive Information into Externally-Accessible File or Directory', + status: 'Draft', + }, + { + id: 'CWE-539', + name: 'Use of Persistent Cookies Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-54', + name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", + status: 'Incomplete', + }, + { + id: 'CWE-540', + name: 'Inclusion of Sensitive Information in Source Code', + status: 'Incomplete', + }, + { + id: 'CWE-541', + name: 'Inclusion of Sensitive Information in an Include File', + status: 'Incomplete', + }, + { + id: 'CWE-542', + name: 'DEPRECATED: Information Exposure Through Cleanup Log Files', + status: 'Deprecated', + }, + { + id: 'CWE-543', + name: 'Use of Singleton Pattern Without Synchronization in a Multithreaded Context', + status: 'Incomplete', + }, + { + id: 'CWE-544', + name: 'Missing Standardized Error Handling Mechanism', + status: 'Draft', + }, + { + id: 'CWE-545', + name: 'DEPRECATED: Use of Dynamic Class Loading', + status: 'Deprecated', + }, + { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, + { + id: 'CWE-547', + name: 'Use of Hard-coded, Security-relevant Constants', + status: 'Draft', + }, + { + id: 'CWE-548', + name: 'Exposure of Information Through Directory Listing', + status: 'Draft', + }, + { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, + { + id: 'CWE-55', + name: "Path Equivalence: '/./' (Single Dot Directory)", + status: 'Incomplete', + }, + { + id: 'CWE-550', + name: 'Server-generated Error Message Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-551', + name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', + status: 'Incomplete', + }, + { + id: 'CWE-552', + name: 'Files or Directories Accessible to External Parties', + status: 'Draft', + }, + { + id: 'CWE-553', + name: 'Command Shell in Externally Accessible Directory', + status: 'Incomplete', + }, + { + id: 'CWE-554', + name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', + status: 'Draft', + }, + { + id: 'CWE-555', + name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-556', + name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', + status: 'Incomplete', + }, + { + id: 'CWE-558', + name: 'Use of getlogin() in Multithreaded Application', + status: 'Draft', + }, + { + id: 'CWE-56', + name: "Path Equivalence: 'filedir*' (Wildcard)", + status: 'Incomplete', + }, + { + id: 'CWE-560', + name: 'Use of umask() with chmod-style Argument', + status: 'Draft', + }, + { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, + { + id: 'CWE-562', + name: 'Return of Stack Variable Address', + status: 'Draft', + }, + { + id: 'CWE-563', + name: 'Assignment to Variable without Use', + status: 'Draft', + }, + { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, + { + id: 'CWE-565', + name: 'Reliance on Cookies without Validation and Integrity Checking', + status: 'Incomplete', + }, + { + id: 'CWE-566', + name: 'Authorization Bypass Through User-Controlled SQL Primary Key', + status: 'Incomplete', + }, + { + id: 'CWE-567', + name: 'Unsynchronized Access to Shared Data in a Multithreaded Context', + status: 'Draft', + }, + { + id: 'CWE-568', + name: 'finalize() Method Without super.finalize()', + status: 'Draft', + }, + { + id: 'CWE-57', + name: "Path Equivalence: 'fakedir/../realdir/filename'", + status: 'Incomplete', + }, + { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, + { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, + { + id: 'CWE-572', + name: 'Call to Thread run() instead of start()', + status: 'Draft', + }, + { + id: 'CWE-573', + name: 'Improper Following of Specification by Caller', + status: 'Draft', + }, + { + id: 'CWE-574', + name: 'EJB Bad Practices: Use of Synchronization Primitives', + status: 'Draft', + }, + { + id: 'CWE-575', + name: 'EJB Bad Practices: Use of AWT Swing', + status: 'Draft', + }, + { + id: 'CWE-576', + name: 'EJB Bad Practices: Use of Java I/O', + status: 'Draft', + }, + { + id: 'CWE-577', + name: 'EJB Bad Practices: Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-578', + name: 'EJB Bad Practices: Use of Class Loader', + status: 'Draft', + }, + { + id: 'CWE-579', + name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', + status: 'Draft', + }, + { + id: 'CWE-58', + name: 'Path Equivalence: Windows 8.3 Filename', + status: 'Incomplete', + }, + { + id: 'CWE-580', + name: 'clone() Method Without super.clone()', + status: 'Draft', + }, + { + id: 'CWE-581', + name: 'Object Model Violation: Just One of Equals and Hashcode Defined', + status: 'Draft', + }, + { + id: 'CWE-582', + name: 'Array Declared Public, Final, and Static', + status: 'Draft', + }, + { + id: 'CWE-583', + name: 'finalize() Method Declared Public', + status: 'Incomplete', + }, + { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, + { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, + { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, + { + id: 'CWE-587', + name: 'Assignment of a Fixed Address to a Pointer', + status: 'Draft', + }, + { + id: 'CWE-588', + name: 'Attempt to Access Child of a Non-structure Pointer', + status: 'Incomplete', + }, + { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, + { + id: 'CWE-59', + name: "Improper Link Resolution Before File Access ('Link Following')", + status: 'Draft', + }, + { + id: 'CWE-590', + name: 'Free of Memory not on the Heap', + status: 'Incomplete', + }, + { + id: 'CWE-591', + name: 'Sensitive Data Storage in Improperly Locked Memory', + status: 'Draft', + }, + { + id: 'CWE-592', + name: 'DEPRECATED: Authentication Bypass Issues', + status: 'Deprecated', + }, + { + id: 'CWE-593', + name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', + status: 'Draft', + }, + { + id: 'CWE-594', + name: 'J2EE Framework: Saving Unserializable Objects to Disk', + status: 'Incomplete', + }, + { + id: 'CWE-595', + name: 'Comparison of Object References Instead of Object Contents', + status: 'Incomplete', + }, + { + id: 'CWE-596', + name: 'DEPRECATED: Incorrect Semantic Object Comparison', + status: 'Deprecated', + }, + { + id: 'CWE-597', + name: 'Use of Wrong Operator in String Comparison', + status: 'Draft', + }, + { + id: 'CWE-598', + name: 'Use of GET Request Method With Sensitive Query Strings', + status: 'Draft', + }, + { + id: 'CWE-599', + name: 'Missing Validation of OpenSSL Certificate', + status: 'Incomplete', + }, + { + id: 'CWE-6', + name: 'J2EE Misconfiguration: Insufficient Session-ID Length', + status: 'Incomplete', + }, + { id: 'CWE-600', name: 'Uncaught Exception in Servlet ', status: 'Draft' }, + { + id: 'CWE-601', + name: "URL Redirection to Untrusted Site ('Open Redirect')", + status: 'Draft', + }, + { + id: 'CWE-602', + name: 'Client-Side Enforcement of Server-Side Security', + status: 'Draft', + }, + { + id: 'CWE-603', + name: 'Use of Client-Side Authentication', + status: 'Draft', + }, + { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, + { + id: 'CWE-606', + name: 'Unchecked Input for Loop Condition', + status: 'Draft', + }, + { + id: 'CWE-607', + name: 'Public Static Final Field References Mutable Object', + status: 'Draft', + }, + { + id: 'CWE-608', + name: 'Struts: Non-private Field in ActionForm Class', + status: 'Draft', + }, + { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, + { + id: 'CWE-61', + name: 'UNIX Symbolic Link (Symlink) Following', + status: 'Incomplete', + }, + { + id: 'CWE-610', + name: 'Externally Controlled Reference to a Resource in Another Sphere', + status: 'Draft', + }, + { + id: 'CWE-611', + name: 'Improper Restriction of XML External Entity Reference', + status: 'Draft', + }, + { + id: 'CWE-612', + name: 'Improper Authorization of Index Containing Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-613', + name: 'Insufficient Session Expiration', + status: 'Incomplete', + }, + { + id: 'CWE-614', + name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", + status: 'Draft', + }, + { + id: 'CWE-615', + name: 'Inclusion of Sensitive Information in Source Code Comments', + status: 'Incomplete', + }, + { + id: 'CWE-616', + name: 'Incomplete Identification of Uploaded File Variables (PHP)', + status: 'Incomplete', + }, + { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, + { + id: 'CWE-618', + name: 'Exposed Unsafe ActiveX Method', + status: 'Incomplete', + }, + { + id: 'CWE-619', + name: "Dangling Database Cursor ('Cursor Injection')", + status: 'Incomplete', + }, + { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, + { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, + { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, + { + id: 'CWE-622', + name: 'Improper Validation of Function Hook Arguments', + status: 'Draft', + }, + { + id: 'CWE-623', + name: 'Unsafe ActiveX Control Marked Safe For Scripting', + status: 'Draft', + }, + { + id: 'CWE-624', + name: 'Executable Regular Expression Error', + status: 'Incomplete', + }, + { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, + { + id: 'CWE-626', + name: 'Null Byte Interaction Error (Poison Null Byte)', + status: 'Draft', + }, + { + id: 'CWE-627', + name: 'Dynamic Variable Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-628', + name: 'Function Call with Incorrectly Specified Arguments', + status: 'Draft', + }, + { + id: 'CWE-636', + name: "Not Failing Securely ('Failing Open')", + status: 'Draft', + }, + { + id: 'CWE-637', + name: "Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')", + status: 'Draft', + }, + { id: 'CWE-638', name: 'Not Using Complete Mediation', status: 'Draft' }, + { + id: 'CWE-639', + name: 'Authorization Bypass Through User-Controlled Key', + status: 'Incomplete', + }, + { + id: 'CWE-64', + name: 'Windows Shortcut Following (.LNK)', + status: 'Incomplete', + }, + { + id: 'CWE-640', + name: 'Weak Password Recovery Mechanism for Forgotten Password', + status: 'Incomplete', + }, + { + id: 'CWE-641', + name: 'Improper Restriction of Names for Files and Other Resources', + status: 'Incomplete', + }, + { + id: 'CWE-642', + name: 'External Control of Critical State Data', + status: 'Draft', + }, + { + id: 'CWE-643', + name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-644', + name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', + status: 'Incomplete', + }, + { + id: 'CWE-645', + name: 'Overly Restrictive Account Lockout Mechanism', + status: 'Incomplete', + }, + { + id: 'CWE-646', + name: 'Reliance on File Name or Extension of Externally-Supplied File', + status: 'Incomplete', + }, + { + id: 'CWE-647', + name: 'Use of Non-Canonical URL Paths for Authorization Decisions', + status: 'Incomplete', + }, + { + id: 'CWE-648', + name: 'Incorrect Use of Privileged APIs', + status: 'Incomplete', + }, + { + id: 'CWE-649', + name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', + status: 'Incomplete', + }, + { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, + { + id: 'CWE-650', + name: 'Trusting HTTP Permission Methods on the Server Side', + status: 'Incomplete', + }, + { + id: 'CWE-651', + name: 'Exposure of WSDL File Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-652', + name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-653', + name: 'Insufficient Compartmentalization', + status: 'Draft', + }, + { + id: 'CWE-654', + name: 'Reliance on a Single Factor in a Security Decision', + status: 'Draft', + }, + { + id: 'CWE-655', + name: 'Insufficient Psychological Acceptability', + status: 'Draft', + }, + { + id: 'CWE-656', + name: 'Reliance on Security Through Obscurity', + status: 'Draft', + }, + { + id: 'CWE-657', + name: 'Violation of Secure Design Principles', + status: 'Draft', + }, + { + id: 'CWE-66', + name: 'Improper Handling of File Names that Identify Virtual Resources', + status: 'Draft', + }, + { id: 'CWE-662', name: 'Improper Synchronization', status: 'Draft' }, + { + id: 'CWE-663', + name: 'Use of a Non-reentrant Function in a Concurrent Context', + status: 'Draft', + }, + { + id: 'CWE-664', + name: 'Improper Control of a Resource Through its Lifetime', + status: 'Draft', + }, + { id: 'CWE-665', name: 'Improper Initialization', status: 'Draft' }, + { + id: 'CWE-666', + name: 'Operation on Resource in Wrong Phase of Lifetime', + status: 'Draft', + }, + { id: 'CWE-667', name: 'Improper Locking', status: 'Draft' }, + { + id: 'CWE-668', + name: 'Exposure of Resource to Wrong Sphere', + status: 'Draft', + }, + { + id: 'CWE-669', + name: 'Incorrect Resource Transfer Between Spheres', + status: 'Draft', + }, + { + id: 'CWE-67', + name: 'Improper Handling of Windows Device Names', + status: 'Incomplete', + }, + { + id: 'CWE-670', + name: 'Always-Incorrect Control Flow Implementation', + status: 'Draft', + }, + { + id: 'CWE-671', + name: 'Lack of Administrator Control over Security', + status: 'Draft', + }, + { + id: 'CWE-672', + name: 'Operation on a Resource after Expiration or Release', + status: 'Draft', + }, + { + id: 'CWE-673', + name: 'External Influence of Sphere Definition', + status: 'Draft', + }, + { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, + { + id: 'CWE-675', + name: 'Duplicate Operations on Resource', + status: 'Draft', + }, + { + id: 'CWE-676', + name: 'Use of Potentially Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-680', + name: 'Integer Overflow to Buffer Overflow', + status: 'Draft', + }, + { + id: 'CWE-681', + name: 'Incorrect Conversion between Numeric Types', + status: 'Draft', + }, + { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, + { + id: 'CWE-683', + name: 'Function Call With Incorrect Order of Arguments', + status: 'Draft', + }, + { + id: 'CWE-684', + name: 'Incorrect Provision of Specified Functionality', + status: 'Draft', + }, + { + id: 'CWE-685', + name: 'Function Call With Incorrect Number of Arguments', + status: 'Draft', + }, + { + id: 'CWE-686', + name: 'Function Call With Incorrect Argument Type', + status: 'Draft', + }, + { + id: 'CWE-687', + name: 'Function Call With Incorrectly Specified Argument Value', + status: 'Draft', + }, + { + id: 'CWE-688', + name: 'Function Call With Incorrect Variable or Reference as Argument', + status: 'Draft', + }, + { + id: 'CWE-689', + name: 'Permission Race Condition During Resource Copy', + status: 'Draft', + }, + { + id: 'CWE-69', + name: 'Improper Handling of Windows ::DATA Alternate Data Stream', + status: 'Incomplete', + }, + { + id: 'CWE-690', + name: 'Unchecked Return Value to NULL Pointer Dereference', + status: 'Draft', + }, + { + id: 'CWE-691', + name: 'Insufficient Control Flow Management', + status: 'Draft', + }, + { + id: 'CWE-692', + name: 'Incomplete Denylist to Cross-Site Scripting', + status: 'Draft', + }, + { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, + { + id: 'CWE-694', + name: 'Use of Multiple Resources with Duplicate Identifier', + status: 'Incomplete', + }, + { + id: 'CWE-695', + name: 'Use of Low-Level Functionality', + status: 'Incomplete', + }, + { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, + { id: 'CWE-697', name: 'Incorrect Comparison', status: 'Incomplete' }, + { + id: 'CWE-698', + name: 'Execution After Redirect (EAR)', + status: 'Incomplete', + }, + { + id: 'CWE-7', + name: 'J2EE Misconfiguration: Missing Custom Error Page', + status: 'Incomplete', + }, + { + id: 'CWE-703', + name: 'Improper Check or Handling of Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-704', + name: 'Incorrect Type Conversion or Cast', + status: 'Incomplete', + }, + { + id: 'CWE-705', + name: 'Incorrect Control Flow Scoping', + status: 'Incomplete', + }, + { + id: 'CWE-706', + name: 'Use of Incorrectly-Resolved Name or Reference', + status: 'Incomplete', + }, + { id: 'CWE-707', name: 'Improper Neutralization', status: 'Incomplete' }, + { + id: 'CWE-708', + name: 'Incorrect Ownership Assignment', + status: 'Incomplete', + }, + { + id: 'CWE-71', + name: "DEPRECATED: Apple '.DS_Store'", + status: 'Deprecated', + }, + { + id: 'CWE-710', + name: 'Improper Adherence to Coding Standards', + status: 'Incomplete', + }, + { + id: 'CWE-72', + name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', + status: 'Incomplete', + }, + { + id: 'CWE-73', + name: 'External Control of File Name or Path', + status: 'Draft', + }, + { + id: 'CWE-732', + name: 'Incorrect Permission Assignment for Critical Resource', + status: 'Draft', + }, + { + id: 'CWE-733', + name: 'Compiler Optimization Removal or Modification of Security-critical Code', + status: 'Incomplete', + }, + { + id: 'CWE-74', + name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-749', + name: 'Exposed Dangerous Method or Function', + status: 'Incomplete', + }, + { + id: 'CWE-75', + name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', + status: 'Draft', + }, + { + id: 'CWE-754', + name: 'Improper Check for Unusual or Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-755', + name: 'Improper Handling of Exceptional Conditions', + status: 'Incomplete', + }, + { id: 'CWE-756', name: 'Missing Custom Error Page', status: 'Incomplete' }, + { + id: 'CWE-757', + name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", + status: 'Incomplete', + }, + { + id: 'CWE-758', + name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', + status: 'Incomplete', + }, + { + id: 'CWE-759', + name: 'Use of a One-Way Hash without a Salt', + status: 'Incomplete', + }, + { + id: 'CWE-76', + name: 'Improper Neutralization of Equivalent Special Elements', + status: 'Draft', + }, + { + id: 'CWE-760', + name: 'Use of a One-Way Hash with a Predictable Salt', + status: 'Incomplete', + }, + { + id: 'CWE-761', + name: 'Free of Pointer not at Start of Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-762', + name: 'Mismatched Memory Management Routines', + status: 'Incomplete', + }, + { + id: 'CWE-763', + name: 'Release of Invalid Pointer or Reference', + status: 'Incomplete', + }, + { + id: 'CWE-764', + name: 'Multiple Locks of a Critical Resource', + status: 'Incomplete', + }, + { + id: 'CWE-765', + name: 'Multiple Unlocks of a Critical Resource', + status: 'Incomplete', + }, + { + id: 'CWE-766', + name: 'Critical Data Element Declared Public', + status: 'Incomplete', + }, + { + id: 'CWE-767', + name: 'Access to Critical Private Variable via Public Method', + status: 'Incomplete', + }, + { + id: 'CWE-768', + name: 'Incorrect Short Circuit Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-769', + name: 'DEPRECATED: Uncontrolled File Descriptor Consumption', + status: 'Deprecated', + }, + { + id: 'CWE-77', + name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", + status: 'Draft', + }, + { + id: 'CWE-770', + name: 'Allocation of Resources Without Limits or Throttling', + status: 'Incomplete', + }, + { + id: 'CWE-771', + name: 'Missing Reference to Active Allocated Resource', + status: 'Incomplete', + }, + { + id: 'CWE-772', + name: 'Missing Release of Resource after Effective Lifetime', + status: 'Draft', + }, + { + id: 'CWE-773', + name: 'Missing Reference to Active File Descriptor or Handle', + status: 'Incomplete', + }, + { + id: 'CWE-774', + name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', + status: 'Incomplete', + }, + { + id: 'CWE-775', + name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-776', + name: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", + status: 'Draft', + }, + { + id: 'CWE-777', + name: 'Regular Expression without Anchors', + status: 'Incomplete', + }, + { id: 'CWE-778', name: 'Insufficient Logging', status: 'Draft' }, + { id: 'CWE-779', name: 'Logging of Excessive Data', status: 'Draft' }, + { + id: 'CWE-78', + name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", + status: 'Stable', + }, + { + id: 'CWE-780', + name: 'Use of RSA Algorithm without OAEP', + status: 'Incomplete', + }, + { + id: 'CWE-781', + name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', + status: 'Draft', + }, + { + id: 'CWE-782', + name: 'Exposed IOCTL with Insufficient Access Control', + status: 'Draft', + }, + { id: 'CWE-783', name: 'Operator Precedence Logic Error', status: 'Draft' }, + { + id: 'CWE-784', + name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', + status: 'Draft', + }, + { + id: 'CWE-785', + name: 'Use of Path Manipulation Function without Maximum-sized Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-786', + name: 'Access of Memory Location Before Start of Buffer', + status: 'Incomplete', + }, + { id: 'CWE-787', name: 'Out-of-bounds Write', status: 'Draft' }, + { + id: 'CWE-788', + name: 'Access of Memory Location After End of Buffer', + status: 'Incomplete', + }, + { id: 'CWE-789', name: 'Uncontrolled Memory Allocation', status: 'Draft' }, + { + id: 'CWE-79', + name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + status: 'Stable', + }, + { + id: 'CWE-790', + name: 'Improper Filtering of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-791', + name: 'Incomplete Filtering of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-792', + name: 'Incomplete Filtering of One or More Instances of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-793', + name: 'Only Filtering One Instance of a Special Element', + status: 'Incomplete', + }, + { + id: 'CWE-794', + name: 'Incomplete Filtering of Multiple Instances of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-795', + name: 'Only Filtering Special Elements at a Specified Location', + status: 'Incomplete', + }, + { + id: 'CWE-796', + name: 'Only Filtering Special Elements Relative to a Marker', + status: 'Incomplete', + }, + { + id: 'CWE-797', + name: 'Only Filtering Special Elements at an Absolute Position', + status: 'Incomplete', + }, + { id: 'CWE-798', name: 'Use of Hard-coded Credentials', status: 'Draft' }, + { + id: 'CWE-799', + name: 'Improper Control of Interaction Frequency', + status: 'Incomplete', + }, + { + id: 'CWE-8', + name: 'J2EE Misconfiguration: Entity Bean Declared Remote', + status: 'Incomplete', + }, + { + id: 'CWE-80', + name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', + status: 'Incomplete', + }, + { id: 'CWE-804', name: 'Guessable CAPTCHA', status: 'Incomplete' }, + { + id: 'CWE-805', + name: 'Buffer Access with Incorrect Length Value', + status: 'Incomplete', + }, + { + id: 'CWE-806', + name: 'Buffer Access Using Size of Source Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-807', + name: 'Reliance on Untrusted Inputs in a Security Decision', + status: 'Incomplete', + }, + { + id: 'CWE-81', + name: 'Improper Neutralization of Script in an Error Message Web Page', + status: 'Incomplete', + }, + { + id: 'CWE-82', + name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', + status: 'Incomplete', + }, + { id: 'CWE-820', name: 'Missing Synchronization', status: 'Incomplete' }, + { id: 'CWE-821', name: 'Incorrect Synchronization', status: 'Incomplete' }, + { + id: 'CWE-822', + name: 'Untrusted Pointer Dereference', + status: 'Incomplete', + }, + { + id: 'CWE-823', + name: 'Use of Out-of-range Pointer Offset', + status: 'Incomplete', + }, + { + id: 'CWE-824', + name: 'Access of Uninitialized Pointer', + status: 'Incomplete', + }, + { + id: 'CWE-825', + name: 'Expired Pointer Dereference', + status: 'Incomplete', + }, + { + id: 'CWE-826', + name: 'Premature Release of Resource During Expected Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-827', + name: 'Improper Control of Document Type Definition', + status: 'Incomplete', + }, + { + id: 'CWE-828', + name: 'Signal Handler with Functionality that is not Asynchronous-Safe', + status: 'Incomplete', + }, + { + id: 'CWE-829', + name: 'Inclusion of Functionality from Untrusted Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-83', + name: 'Improper Neutralization of Script in Attributes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-830', + name: 'Inclusion of Web Functionality from an Untrusted Source', + status: 'Incomplete', + }, + { + id: 'CWE-831', + name: 'Signal Handler Function Associated with Multiple Signals', + status: 'Incomplete', + }, + { + id: 'CWE-832', + name: 'Unlock of a Resource that is not Locked', + status: 'Incomplete', + }, + { id: 'CWE-833', name: 'Deadlock', status: 'Incomplete' }, + { id: 'CWE-834', name: 'Excessive Iteration', status: 'Incomplete' }, + { + id: 'CWE-835', + name: "Loop with Unreachable Exit Condition ('Infinite Loop')", + status: 'Incomplete', + }, + { + id: 'CWE-836', + name: 'Use of Password Hash Instead of Password for Authentication', + status: 'Incomplete', + }, + { + id: 'CWE-837', + name: 'Improper Enforcement of a Single, Unique Action', + status: 'Incomplete', + }, + { + id: 'CWE-838', + name: 'Inappropriate Encoding for Output Context', + status: 'Incomplete', + }, + { + id: 'CWE-839', + name: 'Numeric Range Comparison Without Minimum Check', + status: 'Incomplete', + }, + { + id: 'CWE-84', + name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-841', + name: 'Improper Enforcement of Behavioral Workflow', + status: 'Incomplete', + }, + { + id: 'CWE-842', + name: 'Placement of User into Incorrect Group', + status: 'Incomplete', + }, + { + id: 'CWE-843', + name: "Access of Resource Using Incompatible Type ('Type Confusion')", + status: 'Incomplete', + }, + { + id: 'CWE-85', + name: 'Doubled Character XSS Manipulations', + status: 'Draft', + }, + { + id: 'CWE-86', + name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', + status: 'Draft', + }, + { id: 'CWE-862', name: 'Missing Authorization', status: 'Incomplete' }, + { id: 'CWE-863', name: 'Incorrect Authorization', status: 'Incomplete' }, + { + id: 'CWE-87', + name: 'Improper Neutralization of Alternate XSS Syntax', + status: 'Draft', + }, + { + id: 'CWE-88', + name: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", + status: 'Draft', + }, + { + id: 'CWE-89', + name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + status: 'Stable', + }, + { + id: 'CWE-9', + name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', + status: 'Draft', + }, + { + id: 'CWE-90', + name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", + status: 'Draft', + }, + { + id: 'CWE-908', + name: 'Use of Uninitialized Resource', + status: 'Incomplete', + }, + { + id: 'CWE-909', + name: 'Missing Initialization of Resource', + status: 'Incomplete', + }, + { + id: 'CWE-91', + name: 'XML Injection (aka Blind XPath Injection)', + status: 'Draft', + }, + { + id: 'CWE-910', + name: 'Use of Expired File Descriptor', + status: 'Incomplete', + }, + { + id: 'CWE-911', + name: 'Improper Update of Reference Count', + status: 'Incomplete', + }, + { id: 'CWE-912', name: 'Hidden Functionality', status: 'Incomplete' }, + { + id: 'CWE-913', + name: 'Improper Control of Dynamically-Managed Code Resources', + status: 'Incomplete', + }, + { + id: 'CWE-914', + name: 'Improper Control of Dynamically-Identified Variables', + status: 'Incomplete', + }, + { + id: 'CWE-915', + name: 'Improperly Controlled Modification of Dynamically-Determined Object Attributes', + status: 'Incomplete', + }, + { + id: 'CWE-916', + name: 'Use of Password Hash With Insufficient Computational Effort', + status: 'Incomplete', + }, + { + id: 'CWE-917', + name: "Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-918', + name: 'Server-Side Request Forgery (SSRF)', + status: 'Incomplete', + }, + { + id: 'CWE-92', + name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', + status: 'Deprecated', + }, + { + id: 'CWE-920', + name: 'Improper Restriction of Power Consumption', + status: 'Incomplete', + }, + { + id: 'CWE-921', + name: 'Storage of Sensitive Data in a Mechanism without Access Control', + status: 'Incomplete', + }, + { + id: 'CWE-922', + name: 'Insecure Storage of Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-923', + name: 'Improper Restriction of Communication Channel to Intended Endpoints', + status: 'Incomplete', + }, + { + id: 'CWE-924', + name: 'Improper Enforcement of Message Integrity During Transmission in a Communication Channel', + status: 'Incomplete', + }, + { + id: 'CWE-925', + name: 'Improper Verification of Intent by Broadcast Receiver', + status: 'Incomplete', + }, + { + id: 'CWE-926', + name: 'Improper Export of Android Application Components', + status: 'Incomplete', + }, + { + id: 'CWE-927', + name: 'Use of Implicit Intent for Sensitive Communication', + status: 'Incomplete', + }, + { + id: 'CWE-93', + name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", + status: 'Draft', + }, + { + id: 'CWE-939', + name: 'Improper Authorization in Handler for Custom URL Scheme', + status: 'Incomplete', + }, + { + id: 'CWE-94', + name: "Improper Control of Generation of Code ('Code Injection')", + status: 'Draft', + }, + { + id: 'CWE-940', + name: 'Improper Verification of Source of a Communication Channel', + status: 'Incomplete', + }, + { + id: 'CWE-941', + name: 'Incorrectly Specified Destination in a Communication Channel', + status: 'Incomplete', + }, + { + id: 'CWE-942', + name: 'Permissive Cross-domain Policy with Untrusted Domains', + status: 'Incomplete', + }, + { + id: 'CWE-943', + name: 'Improper Neutralization of Special Elements in Data Query Logic', + status: 'Incomplete', + }, + { + id: 'CWE-95', + name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-96', + name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", + status: 'Draft', + }, + { + id: 'CWE-97', + name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', + status: 'Draft', + }, + { + id: 'CWE-98', + name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", + status: 'Draft', + }, + { + id: 'CWE-99', + name: "Improper Control of Resource Identifiers ('Resource Injection')", + status: 'Draft', + }, + ], +} diff --git a/lib/cwec/4.3.js b/lib/cwec/4.3.js new file mode 100644 index 00000000..fce340ee --- /dev/null +++ b/lib/cwec/4.3.js @@ -0,0 +1,4076 @@ +export default { + date: '2020-12-10', + weaknesses: [ + { + id: 'CWE-1004', + name: "Sensitive Cookie Without 'HttpOnly' Flag", + status: 'Incomplete', + }, + { + id: 'CWE-1007', + name: 'Insufficient Visual Distinction of Homoglyphs Presented to User', + status: 'Incomplete', + }, + { + id: 'CWE-102', + name: 'Struts: Duplicate Validation Forms', + status: 'Incomplete', + }, + { + id: 'CWE-1021', + name: 'Improper Restriction of Rendered UI Layers or Frames', + status: 'Incomplete', + }, + { + id: 'CWE-1022', + name: 'Use of Web Link to Untrusted Target with window.opener Access', + status: 'Incomplete', + }, + { + id: 'CWE-1023', + name: 'Incomplete Comparison with Missing Factors', + status: 'Incomplete', + }, + { + id: 'CWE-1024', + name: 'Comparison of Incompatible Types', + status: 'Incomplete', + }, + { + id: 'CWE-1025', + name: 'Comparison Using Wrong Factors', + status: 'Incomplete', + }, + { + id: 'CWE-103', + name: 'Struts: Incomplete validate() Method Definition', + status: 'Draft', + }, + { + id: 'CWE-1037', + name: 'Processor Optimization Removal or Modification of Security-critical Code', + status: 'Incomplete', + }, + { + id: 'CWE-1038', + name: 'Insecure Automated Optimizations', + status: 'Draft', + }, + { + id: 'CWE-1039', + name: 'Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations', + status: 'Incomplete', + }, + { + id: 'CWE-104', + name: 'Struts: Form Bean Does Not Extend Validation Class', + status: 'Draft', + }, + { id: 'CWE-1041', name: 'Use of Redundant Code', status: 'Incomplete' }, + { + id: 'CWE-1042', + name: 'Static Member Data Element outside of a Singleton Class Element', + status: 'Incomplete', + }, + { + id: 'CWE-1043', + name: 'Data Element Aggregating an Excessively Large Number of Non-Primitive Elements', + status: 'Incomplete', + }, + { + id: 'CWE-1044', + name: 'Architecture with Number of Horizontal Layers Outside of Expected Range', + status: 'Incomplete', + }, + { + id: 'CWE-1045', + name: 'Parent Class with a Virtual Destructor and a Child Class without a Virtual Destructor', + status: 'Incomplete', + }, + { + id: 'CWE-1046', + name: 'Creation of Immutable Text Using String Concatenation', + status: 'Incomplete', + }, + { + id: 'CWE-1047', + name: 'Modules with Circular Dependencies', + status: 'Incomplete', + }, + { + id: 'CWE-1048', + name: 'Invokable Control Element with Large Number of Outward Calls', + status: 'Incomplete', + }, + { + id: 'CWE-1049', + name: 'Excessive Data Query Operations in a Large Data Table', + status: 'Incomplete', + }, + { + id: 'CWE-105', + name: 'Struts: Form Field Without Validator', + status: 'Draft', + }, + { + id: 'CWE-1050', + name: 'Excessive Platform Resource Consumption within a Loop', + status: 'Incomplete', + }, + { + id: 'CWE-1051', + name: 'Initialization with Hard-Coded Network Resource Configuration Data', + status: 'Incomplete', + }, + { + id: 'CWE-1052', + name: 'Excessive Use of Hard-Coded Literals in Initialization', + status: 'Incomplete', + }, + { + id: 'CWE-1053', + name: 'Missing Documentation for Design', + status: 'Incomplete', + }, + { + id: 'CWE-1054', + name: 'Invocation of a Control Element at an Unnecessarily Deep Horizontal Layer', + status: 'Incomplete', + }, + { + id: 'CWE-1055', + name: 'Multiple Inheritance from Concrete Classes', + status: 'Incomplete', + }, + { + id: 'CWE-1056', + name: 'Invokable Control Element with Variadic Parameters', + status: 'Incomplete', + }, + { + id: 'CWE-1057', + name: 'Data Access Operations Outside of Expected Data Manager Component', + status: 'Incomplete', + }, + { + id: 'CWE-1058', + name: 'Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element', + status: 'Incomplete', + }, + { id: 'CWE-1059', name: 'Incomplete Documentation', status: 'Incomplete' }, + { + id: 'CWE-106', + name: 'Struts: Plug-in Framework not in Use', + status: 'Draft', + }, + { + id: 'CWE-1060', + name: 'Excessive Number of Inefficient Server-Side Data Accesses', + status: 'Incomplete', + }, + { + id: 'CWE-1061', + name: 'Insufficient Encapsulation', + status: 'Incomplete', + }, + { + id: 'CWE-1062', + name: 'Parent Class with References to Child Class', + status: 'Incomplete', + }, + { + id: 'CWE-1063', + name: 'Creation of Class Instance within a Static Code Block', + status: 'Incomplete', + }, + { + id: 'CWE-1064', + name: 'Invokable Control Element with Signature Containing an Excessive Number of Parameters', + status: 'Incomplete', + }, + { + id: 'CWE-1065', + name: 'Runtime Resource Management Control Element in a Component Built to Run on Application Servers', + status: 'Incomplete', + }, + { + id: 'CWE-1066', + name: 'Missing Serialization Control Element', + status: 'Incomplete', + }, + { + id: 'CWE-1067', + name: 'Excessive Execution of Sequential Searches of Data Resource', + status: 'Incomplete', + }, + { + id: 'CWE-1068', + name: 'Inconsistency Between Implementation and Documented Design', + status: 'Incomplete', + }, + { id: 'CWE-1069', name: 'Empty Exception Block', status: 'Incomplete' }, + { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, + { + id: 'CWE-1070', + name: 'Serializable Data Element Containing non-Serializable Item Elements', + status: 'Incomplete', + }, + { id: 'CWE-1071', name: 'Empty Code Block', status: 'Incomplete' }, + { + id: 'CWE-1072', + name: 'Data Resource Access without Use of Connection Pooling', + status: 'Incomplete', + }, + { + id: 'CWE-1073', + name: 'Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses', + status: 'Incomplete', + }, + { + id: 'CWE-1074', + name: 'Class with Excessively Deep Inheritance', + status: 'Incomplete', + }, + { + id: 'CWE-1075', + name: 'Unconditional Control Flow Transfer outside of Switch Block', + status: 'Incomplete', + }, + { + id: 'CWE-1076', + name: 'Insufficient Adherence to Expected Conventions', + status: 'Incomplete', + }, + { + id: 'CWE-1077', + name: 'Floating Point Comparison with Incorrect Operator', + status: 'Incomplete', + }, + { + id: 'CWE-1078', + name: 'Inappropriate Source Code Style or Formatting', + status: 'Incomplete', + }, + { + id: 'CWE-1079', + name: 'Parent Class without Virtual Destructor Method', + status: 'Incomplete', + }, + { + id: 'CWE-108', + name: 'Struts: Unvalidated Action Form', + status: 'Incomplete', + }, + { + id: 'CWE-1080', + name: 'Source Code File with Excessive Number of Lines of Code', + status: 'Incomplete', + }, + { + id: 'CWE-1082', + name: 'Class Instance Self Destruction Control Element', + status: 'Incomplete', + }, + { + id: 'CWE-1083', + name: 'Data Access from Outside Expected Data Manager Component', + status: 'Incomplete', + }, + { + id: 'CWE-1084', + name: 'Invokable Control Element with Excessive File or Data Access Operations', + status: 'Incomplete', + }, + { + id: 'CWE-1085', + name: 'Invokable Control Element with Excessive Volume of Commented-out Code', + status: 'Incomplete', + }, + { + id: 'CWE-1086', + name: 'Class with Excessive Number of Child Classes', + status: 'Incomplete', + }, + { + id: 'CWE-1087', + name: 'Class with Virtual Method without a Virtual Destructor', + status: 'Incomplete', + }, + { + id: 'CWE-1088', + name: 'Synchronous Access of Remote Resource without Timeout', + status: 'Incomplete', + }, + { + id: 'CWE-1089', + name: 'Large Data Table with Excessive Number of Indices', + status: 'Incomplete', + }, + { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, + { + id: 'CWE-1090', + name: 'Method Containing Access of a Member Element from Another Class', + status: 'Incomplete', + }, + { + id: 'CWE-1091', + name: 'Use of Object without Invoking Destructor Method', + status: 'Incomplete', + }, + { + id: 'CWE-1092', + name: 'Use of Same Invokable Control Element in Multiple Architectural Layers', + status: 'Incomplete', + }, + { + id: 'CWE-1093', + name: 'Excessively Complex Data Representation', + status: 'Incomplete', + }, + { + id: 'CWE-1094', + name: 'Excessive Index Range Scan for a Data Resource', + status: 'Incomplete', + }, + { + id: 'CWE-1095', + name: 'Loop Condition Value Update within the Loop', + status: 'Incomplete', + }, + { + id: 'CWE-1096', + name: 'Singleton Class Instance Creation without Proper Locking or Synchronization', + status: 'Incomplete', + }, + { + id: 'CWE-1097', + name: 'Persistent Storable Data Element without Associated Comparison Control Element', + status: 'Incomplete', + }, + { + id: 'CWE-1098', + name: 'Data Element containing Pointer Item without Proper Copy Control Element', + status: 'Incomplete', + }, + { + id: 'CWE-1099', + name: 'Inconsistent Naming Conventions for Identifiers', + status: 'Incomplete', + }, + { + id: 'CWE-11', + name: 'ASP.NET Misconfiguration: Creating Debug Binary', + status: 'Draft', + }, + { + id: 'CWE-110', + name: 'Struts: Validator Without Form Field', + status: 'Draft', + }, + { + id: 'CWE-1100', + name: 'Insufficient Isolation of System-Dependent Functions', + status: 'Incomplete', + }, + { + id: 'CWE-1101', + name: 'Reliance on Runtime Component in Generated Code', + status: 'Incomplete', + }, + { + id: 'CWE-1102', + name: 'Reliance on Machine-Dependent Data Representation', + status: 'Incomplete', + }, + { + id: 'CWE-1103', + name: 'Use of Platform-Dependent Third Party Components', + status: 'Incomplete', + }, + { + id: 'CWE-1104', + name: 'Use of Unmaintained Third Party Components', + status: 'Incomplete', + }, + { + id: 'CWE-1105', + name: 'Insufficient Encapsulation of Machine-Dependent Functionality', + status: 'Incomplete', + }, + { + id: 'CWE-1106', + name: 'Insufficient Use of Symbolic Constants', + status: 'Incomplete', + }, + { + id: 'CWE-1107', + name: 'Insufficient Isolation of Symbolic Constant Definitions', + status: 'Incomplete', + }, + { + id: 'CWE-1108', + name: 'Excessive Reliance on Global Variables', + status: 'Incomplete', + }, + { + id: 'CWE-1109', + name: 'Use of Same Variable for Multiple Purposes', + status: 'Incomplete', + }, + { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, + { + id: 'CWE-1110', + name: 'Incomplete Design Documentation', + status: 'Incomplete', + }, + { + id: 'CWE-1111', + name: 'Incomplete I/O Documentation', + status: 'Incomplete', + }, + { + id: 'CWE-1112', + name: 'Incomplete Documentation of Program Execution', + status: 'Incomplete', + }, + { + id: 'CWE-1113', + name: 'Inappropriate Comment Style', + status: 'Incomplete', + }, + { + id: 'CWE-1114', + name: 'Inappropriate Whitespace Style', + status: 'Incomplete', + }, + { + id: 'CWE-1115', + name: 'Source Code Element without Standard Prologue', + status: 'Incomplete', + }, + { id: 'CWE-1116', name: 'Inaccurate Comments', status: 'Incomplete' }, + { + id: 'CWE-1117', + name: 'Callable with Insufficient Behavioral Summary', + status: 'Incomplete', + }, + { + id: 'CWE-1118', + name: 'Insufficient Documentation of Error Handling Techniques', + status: 'Incomplete', + }, + { + id: 'CWE-1119', + name: 'Excessive Use of Unconditional Branching', + status: 'Incomplete', + }, + { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, + { id: 'CWE-1120', name: 'Excessive Code Complexity', status: 'Incomplete' }, + { + id: 'CWE-1121', + name: 'Excessive McCabe Cyclomatic Complexity', + status: 'Incomplete', + }, + { + id: 'CWE-1122', + name: 'Excessive Halstead Complexity', + status: 'Incomplete', + }, + { + id: 'CWE-1123', + name: 'Excessive Use of Self-Modifying Code', + status: 'Incomplete', + }, + { id: 'CWE-1124', name: 'Excessively Deep Nesting', status: 'Incomplete' }, + { id: 'CWE-1125', name: 'Excessive Attack Surface', status: 'Incomplete' }, + { + id: 'CWE-1126', + name: 'Declaration of Variable with Unnecessarily Wide Scope', + status: 'Incomplete', + }, + { + id: 'CWE-1127', + name: 'Compilation with Insufficient Warnings or Errors', + status: 'Incomplete', + }, + { + id: 'CWE-113', + name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')", + status: 'Incomplete', + }, + { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, + { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, + { + id: 'CWE-116', + name: 'Improper Encoding or Escaping of Output', + status: 'Draft', + }, + { id: 'CWE-1164', name: 'Irrelevant Code', status: 'Incomplete' }, + { + id: 'CWE-117', + name: 'Improper Output Neutralization for Logs', + status: 'Draft', + }, + { + id: 'CWE-1173', + name: 'Improper Use of Validation Framework', + status: 'Draft', + }, + { + id: 'CWE-1174', + name: 'ASP.NET Misconfiguration: Improper Model Validation', + status: 'Draft', + }, + { + id: 'CWE-1176', + name: 'Inefficient CPU Computation', + status: 'Incomplete', + }, + { id: 'CWE-1177', name: 'Use of Prohibited Code', status: 'Incomplete' }, + { + id: 'CWE-118', + name: "Incorrect Access of Indexable Resource ('Range Error')", + status: 'Incomplete', + }, + { + id: 'CWE-1187', + name: 'DEPRECATED: Use of Uninitialized Resource', + status: 'Deprecated', + }, + { + id: 'CWE-1188', + name: 'Insecure Default Initialization of Resource', + status: 'Incomplete', + }, + { + id: 'CWE-1189', + name: 'Improper Isolation of Shared Resources on System-on-a-Chip (SoC)', + status: 'Draft', + }, + { + id: 'CWE-119', + name: 'Improper Restriction of Operations within the Bounds of a Memory Buffer', + status: 'Stable', + }, + { + id: 'CWE-1190', + name: 'DMA Device Enabled Too Early in Boot Phase', + status: 'Draft', + }, + { + id: 'CWE-1191', + name: 'Exposed Chip Debug and Test Interface With Insufficient or Missing Authorization', + status: 'Draft', + }, + { + id: 'CWE-1192', + name: 'System-on-Chip (SoC) Using Components without Unique, Immutable Identifiers', + status: 'Draft', + }, + { + id: 'CWE-1193', + name: 'Power-On of Untrusted Execution Core Before Enabling Fabric Access Control', + status: 'Draft', + }, + { + id: 'CWE-12', + name: 'ASP.NET Misconfiguration: Missing Custom Error Page', + status: 'Draft', + }, + { + id: 'CWE-120', + name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", + status: 'Incomplete', + }, + { + id: 'CWE-1209', + name: 'Failure to Disable Reserved Bits', + status: 'Incomplete', + }, + { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, + { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, + { + id: 'CWE-1220', + name: 'Insufficient Granularity of Access Control', + status: 'Incomplete', + }, + { + id: 'CWE-1221', + name: 'Incorrect Register Defaults or Module Parameters', + status: 'Incomplete', + }, + { + id: 'CWE-1222', + name: 'Insufficient Granularity of Address Regions Protected by Register Locks', + status: 'Incomplete', + }, + { + id: 'CWE-1223', + name: 'Race Condition for Write-Once Attributes', + status: 'Incomplete', + }, + { + id: 'CWE-1224', + name: 'Improper Restriction of Write-Once Bit Fields', + status: 'Incomplete', + }, + { + id: 'CWE-1229', + name: 'Creation of Emergent Resource', + status: 'Incomplete', + }, + { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, + { + id: 'CWE-1230', + name: 'Exposure of Sensitive Information Through Metadata', + status: 'Incomplete', + }, + { + id: 'CWE-1231', + name: 'Improper Implementation of Lock Protection Registers', + status: 'Incomplete', + }, + { + id: 'CWE-1232', + name: 'Improper Lock Behavior After Power State Transition', + status: 'Incomplete', + }, + { + id: 'CWE-1233', + name: 'Improper Hardware Lock Protection for Security Sensitive Controls', + status: 'Incomplete', + }, + { + id: 'CWE-1234', + name: 'Hardware Internal or Debug Modes Allow Override of Locks', + status: 'Incomplete', + }, + { + id: 'CWE-1235', + name: 'Incorrect Use of Autoboxing and Unboxing for Performance Critical Operations', + status: 'Incomplete', + }, + { + id: 'CWE-1236', + name: 'Improper Neutralization of Formula Elements in a CSV File', + status: 'Incomplete', + }, + { + id: 'CWE-1239', + name: 'Improper Zeroization of Hardware Register', + status: 'Draft', + }, + { + id: 'CWE-124', + name: "Buffer Underwrite ('Buffer Underflow')", + status: 'Incomplete', + }, + { + id: 'CWE-1240', + name: 'Use of a Risky Cryptographic Primitive', + status: 'Draft', + }, + { + id: 'CWE-1241', + name: 'Use of Predictable Algorithm in Random Number Generator', + status: 'Draft', + }, + { + id: 'CWE-1242', + name: 'Inclusion of Undocumented Features or Chicken Bits', + status: 'Incomplete', + }, + { + id: 'CWE-1243', + name: 'Sensitive Non-Volatile Information Not Protected During Debug', + status: 'Incomplete', + }, + { + id: 'CWE-1244', + name: 'Improper Access to Sensitive Information Using Debug and Test Interfaces', + status: 'Incomplete', + }, + { + id: 'CWE-1245', + name: 'Improper Finite State Machines (FSMs) in Hardware Logic', + status: 'Incomplete', + }, + { + id: 'CWE-1246', + name: 'Improper Write Handling in Limited-write Non-Volatile Memories', + status: 'Incomplete', + }, + { + id: 'CWE-1247', + name: 'Missing or Improperly Implemented Protection Against Voltage and Clock Glitches', + status: 'Incomplete', + }, + { + id: 'CWE-1248', + name: 'Semiconductor Defects in Hardware Logic with Security-Sensitive Implications', + status: 'Incomplete', + }, + { + id: 'CWE-1249', + name: 'Application-Level Admin Tool with Inconsistent View of Underlying Operating System', + status: 'Incomplete', + }, + { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, + { + id: 'CWE-1250', + name: 'Improper Preservation of Consistency Between Independent Representations of Shared State', + status: 'Incomplete', + }, + { + id: 'CWE-1251', + name: 'Mirrored Regions with Different Values', + status: 'Incomplete', + }, + { + id: 'CWE-1252', + name: 'CPU Hardware Not Configured to Support Exclusivity of Write and Execute Operations', + status: 'Incomplete', + }, + { + id: 'CWE-1253', + name: 'Incorrect Selection of Fuse Values', + status: 'Draft', + }, + { + id: 'CWE-1254', + name: 'Incorrect Comparison Logic Granularity', + status: 'Draft', + }, + { + id: 'CWE-1255', + name: 'Comparison Logic is Vulnerable to Power Side-Channel Attacks', + status: 'Draft', + }, + { + id: 'CWE-1256', + name: 'Hardware Features Enable Physical Attacks from Software', + status: 'Incomplete', + }, + { + id: 'CWE-1257', + name: 'Improper Access Control Applied to Mirrored or Aliased Memory Regions', + status: 'Incomplete', + }, + { + id: 'CWE-1258', + name: 'Exposure of Sensitive System Information Due to Uncleared Debug Information', + status: 'Draft', + }, + { + id: 'CWE-1259', + name: 'Improper Restriction of Security Token Assignment', + status: 'Incomplete', + }, + { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, + { + id: 'CWE-1260', + name: 'Improper Handling of Overlap Between Protected Memory Ranges', + status: 'Draft', + }, + { + id: 'CWE-1261', + name: 'Improper Handling of Single Event Upsets', + status: 'Draft', + }, + { + id: 'CWE-1262', + name: 'Register Interface Allows Software Access to Sensitive Data or Security Settings', + status: 'Incomplete', + }, + { + id: 'CWE-1263', + name: 'Improper Physical Access Control', + status: 'Incomplete', + }, + { + id: 'CWE-1264', + name: 'Hardware Logic with Insecure De-Synchronization between Control and Data Channels', + status: 'Incomplete', + }, + { + id: 'CWE-1265', + name: 'Unintended Reentrant Invocation of Non-reentrant Code Via Nested Calls', + status: 'Draft', + }, + { + id: 'CWE-1266', + name: 'Improper Scrubbing of Sensitive Data from Decommissioned Device', + status: 'Incomplete', + }, + { id: 'CWE-1267', name: 'Policy Uses Obsolete Encoding', status: 'Draft' }, + { + id: 'CWE-1268', + name: 'Policy Privileges are not Assigned Consistently Between Control and Data Agents', + status: 'Draft', + }, + { + id: 'CWE-1269', + name: 'Product Released in Non-Release Configuration', + status: 'Incomplete', + }, + { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, + { + id: 'CWE-1270', + name: 'Generation of Incorrect Security Tokens', + status: 'Incomplete', + }, + { + id: 'CWE-1271', + name: 'Unitialized Value on Reset for Registers Holding Security Settings', + status: 'Incomplete', + }, + { + id: 'CWE-1272', + name: 'Sensitive Information Uncleared Before Debug/Power State Transition', + status: 'Incomplete', + }, + { + id: 'CWE-1273', + name: 'Device Unlock Credential Sharing', + status: 'Incomplete', + }, + { + id: 'CWE-1274', + name: 'Insufficient Protections on the Volatile Memory Containing Boot Code', + status: 'Incomplete', + }, + { + id: 'CWE-1275', + name: 'Sensitive Cookie with Improper SameSite Attribute', + status: 'Incomplete', + }, + { + id: 'CWE-1276', + name: 'Hardware Child Block Incorrectly Connected to Parent System', + status: 'Incomplete', + }, + { id: 'CWE-1277', name: 'Firmware Not Updateable', status: 'Incomplete' }, + { + id: 'CWE-1278', + name: 'Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques', + status: 'Incomplete', + }, + { + id: 'CWE-1279', + name: 'Cryptographic Operations are run Before Supporting Units are Ready', + status: 'Incomplete', + }, + { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, + { + id: 'CWE-1280', + name: 'Access Control Check Implemented After Asset is Accessed', + status: 'Incomplete', + }, + { + id: 'CWE-1281', + name: 'Sequence of Processor Instructions Leads to Unexpected Behavior (Halt and Catch Fire)', + status: 'Incomplete', + }, + { + id: 'CWE-1282', + name: 'Assumed-Immutable Data is Stored in Writable Memory', + status: 'Incomplete', + }, + { + id: 'CWE-1283', + name: 'Mutable Attestation or Measurement Reporting Data', + status: 'Incomplete', + }, + { + id: 'CWE-1284', + name: 'Improper Validation of Specified Quantity in Input', + status: 'Incomplete', + }, + { + id: 'CWE-1285', + name: 'Improper Validation of Specified Index, Position, or Offset in Input', + status: 'Incomplete', + }, + { + id: 'CWE-1286', + name: 'Improper Validation of Syntactic Correctness of Input', + status: 'Incomplete', + }, + { + id: 'CWE-1287', + name: 'Improper Validation of Specified Type of Input', + status: 'Incomplete', + }, + { + id: 'CWE-1288', + name: 'Improper Validation of Consistency within Input', + status: 'Incomplete', + }, + { + id: 'CWE-1289', + name: 'Improper Validation of Unsafe Equivalence in Input', + status: 'Incomplete', + }, + { + id: 'CWE-129', + name: 'Improper Validation of Array Index', + status: 'Draft', + }, + { + id: 'CWE-1290', + name: 'Incorrect Decoding of Security Identifiers ', + status: 'Incomplete', + }, + { + id: 'CWE-1291', + name: 'Public Key Re-Use for Signing both Debug and Production Code', + status: 'Draft', + }, + { + id: 'CWE-1292', + name: 'Incorrect Conversion of Security Identifiers', + status: 'Draft', + }, + { + id: 'CWE-1293', + name: 'Missing Source Correlation of Multiple Independent Data', + status: 'Draft', + }, + { + id: 'CWE-1294', + name: 'Insecure Security Identifier Mechanism', + status: 'Incomplete', + }, + { + id: 'CWE-1295', + name: 'Debug Messages Revealing Unnecessary Information', + status: 'Incomplete', + }, + { + id: 'CWE-1296', + name: 'Incorrect Chaining or Granularity of Debug Components', + status: 'Incomplete', + }, + { + id: 'CWE-1297', + name: 'Unprotected Confidential Information on Device is Accessible by OSAT Vendors', + status: 'Incomplete', + }, + { + id: 'CWE-1298', + name: 'Hardware Logic Contains Race Conditions', + status: 'Draft', + }, + { + id: 'CWE-1299', + name: 'Missing Protection Mechanism for Alternate Hardware Interface', + status: 'Draft', + }, + { + id: 'CWE-13', + name: 'ASP.NET Misconfiguration: Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-130', + name: 'Improper Handling of Length Parameter Inconsistency', + status: 'Incomplete', + }, + { + id: 'CWE-1300', + name: 'Improper Protection Against Physical Side Channels', + status: 'Incomplete', + }, + { + id: 'CWE-1301', + name: 'Insufficient or Incomplete Data Removal within Hardware Component', + status: 'Incomplete', + }, + { + id: 'CWE-1302', + name: 'Missing Security Identifier', + status: 'Incomplete', + }, + { + id: 'CWE-1303', + name: 'Non-Transparent Sharing of Microarchitectural Resources', + status: 'Draft', + }, + { + id: 'CWE-1304', + name: 'Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation', + status: 'Draft', + }, + { + id: 'CWE-131', + name: 'Incorrect Calculation of Buffer Size', + status: 'Draft', + }, + { + id: 'CWE-1310', + name: 'Missing Ability to Patch ROM Code', + status: 'Draft', + }, + { + id: 'CWE-1311', + name: 'Improper Translation of Security Attributes by Fabric Bridge', + status: 'Draft', + }, + { + id: 'CWE-1312', + name: 'Missing Protection for Mirrored Regions in On-Chip Fabric Firewall', + status: 'Draft', + }, + { + id: 'CWE-1313', + name: 'Hardware Allows Activation of Test or Debug Logic at Runtime', + status: 'Draft', + }, + { + id: 'CWE-1314', + name: 'Missing Write Protection for Parametric Data Values', + status: 'Draft', + }, + { + id: 'CWE-1315', + name: 'Improper Setting of Bus Controlling Capability in Fabric End-point', + status: 'Incomplete', + }, + { + id: 'CWE-1316', + name: 'Fabric-Address Map Allows Programming of Unwarranted Overlaps of Protected and Unprotected Ranges', + status: 'Draft', + }, + { + id: 'CWE-1317', + name: 'Missing Security Checks in Fabric Bridge', + status: 'Draft', + }, + { + id: 'CWE-1318', + name: 'Missing Support for Security Features in On-chip Fabrics or Buses', + status: 'Incomplete', + }, + { + id: 'CWE-1319', + name: 'Improper Protection against Electromagnetic Fault Injection (EM-FI)', + status: 'Incomplete', + }, + { + id: 'CWE-132', + name: 'DEPRECATED (Duplicate): Miscalculated Null Termination', + status: 'Deprecated', + }, + { + id: 'CWE-1320', + name: 'Improper Protection for Out of Bounds Signal Level Alerts', + status: 'Draft', + }, + { + id: 'CWE-1321', + name: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", + status: 'Incomplete', + }, + { + id: 'CWE-1322', + name: 'Use of Blocking Code in Single-threaded, Non-blocking Context', + status: 'Incomplete', + }, + { + id: 'CWE-1323', + name: 'Improper Management of Sensitive Trace Data', + status: 'Draft', + }, + { + id: 'CWE-1324', + name: 'Sensitive Information Accessible by Physical Probing of JTAG Interface', + status: 'Draft', + }, + { + id: 'CWE-1325', + name: 'Improperly Controlled Sequential Memory Allocation', + status: 'Incomplete', + }, + { + id: 'CWE-1326', + name: 'Missing Immutable Root of Trust in Hardware', + status: 'Draft', + }, + { + id: 'CWE-1327', + name: 'Binding to an Unrestricted IP Address', + status: 'Incomplete', + }, + { + id: 'CWE-1328', + name: 'Security Version Number Mutable to Older Versions', + status: 'Draft', + }, + { + id: 'CWE-1329', + name: 'Reliance on Component That is Not Updateable', + status: 'Incomplete', + }, + { + id: 'CWE-1330', + name: 'Remanent Data Readable after Memory Erase', + status: 'Draft', + }, + { + id: 'CWE-1331', + name: 'Improper Isolation of Shared Resources in Network On Chip', + status: 'Draft', + }, + { + id: 'CWE-1332', + name: 'Insufficient Protection Against Instruction Skipping Via Fault Injection', + status: 'Incomplete', + }, + { + id: 'CWE-1334', + name: 'Unauthorized Error Injection Can Degrade Hardware Redundancy', + status: 'Draft', + }, + { + id: 'CWE-1338', + name: 'Improper Protections Against Hardware Overheating', + status: 'Draft', + }, + { + id: 'CWE-134', + name: 'Use of Externally-Controlled Format String', + status: 'Draft', + }, + { + id: 'CWE-135', + name: 'Incorrect Calculation of Multi-Byte String Length', + status: 'Draft', + }, + { + id: 'CWE-138', + name: 'Improper Neutralization of Special Elements', + status: 'Draft', + }, + { + id: 'CWE-14', + name: 'Compiler Removal of Code to Clear Buffers', + status: 'Draft', + }, + { + id: 'CWE-140', + name: 'Improper Neutralization of Delimiters', + status: 'Draft', + }, + { + id: 'CWE-141', + name: 'Improper Neutralization of Parameter/Argument Delimiters', + status: 'Draft', + }, + { + id: 'CWE-142', + name: 'Improper Neutralization of Value Delimiters', + status: 'Draft', + }, + { + id: 'CWE-143', + name: 'Improper Neutralization of Record Delimiters', + status: 'Draft', + }, + { + id: 'CWE-144', + name: 'Improper Neutralization of Line Delimiters', + status: 'Draft', + }, + { + id: 'CWE-145', + name: 'Improper Neutralization of Section Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-146', + name: 'Improper Neutralization of Expression/Command Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-147', + name: 'Improper Neutralization of Input Terminators', + status: 'Draft', + }, + { + id: 'CWE-148', + name: 'Improper Neutralization of Input Leaders', + status: 'Draft', + }, + { + id: 'CWE-149', + name: 'Improper Neutralization of Quoting Syntax', + status: 'Draft', + }, + { + id: 'CWE-15', + name: 'External Control of System or Configuration Setting', + status: 'Incomplete', + }, + { + id: 'CWE-150', + name: 'Improper Neutralization of Escape, Meta, or Control Sequences', + status: 'Incomplete', + }, + { + id: 'CWE-151', + name: 'Improper Neutralization of Comment Delimiters', + status: 'Draft', + }, + { + id: 'CWE-152', + name: 'Improper Neutralization of Macro Symbols', + status: 'Draft', + }, + { + id: 'CWE-153', + name: 'Improper Neutralization of Substitution Characters', + status: 'Draft', + }, + { + id: 'CWE-154', + name: 'Improper Neutralization of Variable Name Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-155', + name: 'Improper Neutralization of Wildcards or Matching Symbols', + status: 'Draft', + }, + { + id: 'CWE-156', + name: 'Improper Neutralization of Whitespace', + status: 'Draft', + }, + { + id: 'CWE-157', + name: 'Failure to Sanitize Paired Delimiters', + status: 'Draft', + }, + { + id: 'CWE-158', + name: 'Improper Neutralization of Null Byte or NUL Character', + status: 'Incomplete', + }, + { + id: 'CWE-159', + name: 'Improper Handling of Invalid Use of Special Elements', + status: 'Draft', + }, + { + id: 'CWE-160', + name: 'Improper Neutralization of Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-161', + name: 'Improper Neutralization of Multiple Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-162', + name: 'Improper Neutralization of Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-163', + name: 'Improper Neutralization of Multiple Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-164', + name: 'Improper Neutralization of Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-165', + name: 'Improper Neutralization of Multiple Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-166', + name: 'Improper Handling of Missing Special Element', + status: 'Draft', + }, + { + id: 'CWE-167', + name: 'Improper Handling of Additional Special Element', + status: 'Draft', + }, + { + id: 'CWE-168', + name: 'Improper Handling of Inconsistent Special Elements', + status: 'Draft', + }, + { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, + { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, + { + id: 'CWE-173', + name: 'Improper Handling of Alternate Encoding', + status: 'Draft', + }, + { + id: 'CWE-174', + name: 'Double Decoding of the Same Data', + status: 'Draft', + }, + { + id: 'CWE-175', + name: 'Improper Handling of Mixed Encoding', + status: 'Draft', + }, + { + id: 'CWE-176', + name: 'Improper Handling of Unicode Encoding', + status: 'Draft', + }, + { + id: 'CWE-177', + name: 'Improper Handling of URL Encoding (Hex Encoding)', + status: 'Draft', + }, + { + id: 'CWE-178', + name: 'Improper Handling of Case Sensitivity', + status: 'Incomplete', + }, + { + id: 'CWE-179', + name: 'Incorrect Behavior Order: Early Validation', + status: 'Incomplete', + }, + { + id: 'CWE-180', + name: 'Incorrect Behavior Order: Validate Before Canonicalize', + status: 'Draft', + }, + { + id: 'CWE-181', + name: 'Incorrect Behavior Order: Validate Before Filter', + status: 'Draft', + }, + { + id: 'CWE-182', + name: 'Collapse of Data into Unsafe Value', + status: 'Draft', + }, + { + id: 'CWE-183', + name: 'Permissive List of Allowed Inputs', + status: 'Draft', + }, + { + id: 'CWE-184', + name: 'Incomplete List of Disallowed Inputs', + status: 'Draft', + }, + { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, + { + id: 'CWE-186', + name: 'Overly Restrictive Regular Expression', + status: 'Draft', + }, + { id: 'CWE-187', name: 'Partial String Comparison', status: 'Incomplete' }, + { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, + { id: 'CWE-190', name: 'Integer Overflow or Wraparound', status: 'Stable' }, + { + id: 'CWE-191', + name: 'Integer Underflow (Wrap or Wraparound)', + status: 'Draft', + }, + { id: 'CWE-192', name: 'Integer Coercion Error', status: 'Incomplete' }, + { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, + { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, + { + id: 'CWE-195', + name: 'Signed to Unsigned Conversion Error', + status: 'Draft', + }, + { + id: 'CWE-196', + name: 'Unsigned to Signed Conversion Error', + status: 'Draft', + }, + { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, + { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, + { id: 'CWE-20', name: 'Improper Input Validation', status: 'Stable' }, + { + id: 'CWE-200', + name: 'Exposure of Sensitive Information to an Unauthorized Actor', + status: 'Draft', + }, + { + id: 'CWE-201', + name: 'Insertion of Sensitive Information Into Sent Data', + status: 'Draft', + }, + { + id: 'CWE-202', + name: 'Exposure of Sensitive Information Through Data Queries', + status: 'Draft', + }, + { id: 'CWE-203', name: 'Observable Discrepancy', status: 'Incomplete' }, + { + id: 'CWE-204', + name: 'Observable Response Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-205', + name: 'Observable Behavioral Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-206', + name: 'Observable Internal Behavioral Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-207', + name: 'Observable Behavioral Discrepancy With Equivalent Products', + status: 'Draft', + }, + { + id: 'CWE-208', + name: 'Observable Timing Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-209', + name: 'Generation of Error Message Containing Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-210', + name: 'Self-generated Error Message Containing Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-211', + name: 'Externally-Generated Error Message Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-212', + name: 'Improper Removal of Sensitive Information Before Storage or Transfer', + status: 'Incomplete', + }, + { + id: 'CWE-213', + name: 'Exposure of Sensitive Information Due to Incompatible Policies', + status: 'Draft', + }, + { + id: 'CWE-214', + name: 'Invocation of Process Using Visible Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-215', + name: 'Insertion of Sensitive Information Into Debugging Code', + status: 'Draft', + }, + { + id: 'CWE-216', + name: 'DEPRECATED: Containment Errors (Container Errors)', + status: 'Deprecated', + }, + { + id: 'CWE-217', + name: 'DEPRECATED: Failure to Protect Stored Data from Modification', + status: 'Deprecated', + }, + { + id: 'CWE-218', + name: 'DEPRECATED (Duplicate): Failure to provide confidentiality for stored data', + status: 'Deprecated', + }, + { + id: 'CWE-219', + name: 'Storage of File with Sensitive Data Under Web Root', + status: 'Draft', + }, + { + id: 'CWE-22', + name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + status: 'Stable', + }, + { + id: 'CWE-220', + name: 'Storage of File With Sensitive Data Under FTP Root', + status: 'Draft', + }, + { + id: 'CWE-221', + name: 'Information Loss or Omission', + status: 'Incomplete', + }, + { + id: 'CWE-222', + name: 'Truncation of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-223', + name: 'Omission of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-224', + name: 'Obscured Security-relevant Information by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-225', + name: 'DEPRECATED (Duplicate): General Information Management Problems', + status: 'Deprecated', + }, + { + id: 'CWE-226', + name: 'Sensitive Information in Resource Not Removed Before Reuse', + status: 'Draft', + }, + { + id: 'CWE-228', + name: 'Improper Handling of Syntactically Invalid Structure', + status: 'Incomplete', + }, + { + id: 'CWE-229', + name: 'Improper Handling of Values', + status: 'Incomplete', + }, + { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, + { + id: 'CWE-230', + name: 'Improper Handling of Missing Values', + status: 'Draft', + }, + { + id: 'CWE-231', + name: 'Improper Handling of Extra Values', + status: 'Draft', + }, + { + id: 'CWE-232', + name: 'Improper Handling of Undefined Values', + status: 'Draft', + }, + { + id: 'CWE-233', + name: 'Improper Handling of Parameters', + status: 'Incomplete', + }, + { + id: 'CWE-234', + name: 'Failure to Handle Missing Parameter', + status: 'Incomplete', + }, + { + id: 'CWE-235', + name: 'Improper Handling of Extra Parameters', + status: 'Draft', + }, + { + id: 'CWE-236', + name: 'Improper Handling of Undefined Parameters', + status: 'Draft', + }, + { + id: 'CWE-237', + name: 'Improper Handling of Structural Elements', + status: 'Incomplete', + }, + { + id: 'CWE-238', + name: 'Improper Handling of Incomplete Structural Elements', + status: 'Draft', + }, + { + id: 'CWE-239', + name: 'Failure to Handle Incomplete Element', + status: 'Draft', + }, + { + id: 'CWE-24', + name: "Path Traversal: '../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-240', + name: 'Improper Handling of Inconsistent Structural Elements', + status: 'Draft', + }, + { + id: 'CWE-241', + name: 'Improper Handling of Unexpected Data Type', + status: 'Draft', + }, + { + id: 'CWE-242', + name: 'Use of Inherently Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-243', + name: 'Creation of chroot Jail Without Changing Working Directory', + status: 'Draft', + }, + { + id: 'CWE-244', + name: "Improper Clearing of Heap Memory Before Release ('Heap Inspection')", + status: 'Draft', + }, + { + id: 'CWE-245', + name: 'J2EE Bad Practices: Direct Management of Connections', + status: 'Draft', + }, + { + id: 'CWE-246', + name: 'J2EE Bad Practices: Direct Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-247', + name: 'DEPRECATED (Duplicate): Reliance on DNS Lookups in a Security Decision', + status: 'Deprecated', + }, + { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, + { + id: 'CWE-249', + name: 'DEPRECATED: Often Misused: Path Manipulation', + status: 'Deprecated', + }, + { + id: 'CWE-25', + name: "Path Traversal: '/../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-250', + name: 'Execution with Unnecessary Privileges', + status: 'Draft', + }, + { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, + { + id: 'CWE-253', + name: 'Incorrect Check of Function Return Value', + status: 'Incomplete', + }, + { + id: 'CWE-256', + name: 'Unprotected Storage of Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-257', + name: 'Storing Passwords in a Recoverable Format', + status: 'Incomplete', + }, + { + id: 'CWE-258', + name: 'Empty Password in Configuration File', + status: 'Incomplete', + }, + { id: 'CWE-259', name: 'Use of Hard-coded Password', status: 'Draft' }, + { + id: 'CWE-26', + name: "Path Traversal: '/dir/../filename'", + status: 'Draft', + }, + { + id: 'CWE-260', + name: 'Password in Configuration File', + status: 'Incomplete', + }, + { id: 'CWE-261', name: 'Weak Encoding for Password', status: 'Incomplete' }, + { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, + { + id: 'CWE-263', + name: 'Password Aging with Long Expiration', + status: 'Draft', + }, + { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, + { + id: 'CWE-267', + name: 'Privilege Defined With Unsafe Actions', + status: 'Incomplete', + }, + { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, + { id: 'CWE-269', name: 'Improper Privilege Management', status: 'Draft' }, + { + id: 'CWE-27', + name: "Path Traversal: 'dir/../../filename'", + status: 'Draft', + }, + { + id: 'CWE-270', + name: 'Privilege Context Switching Error', + status: 'Draft', + }, + { + id: 'CWE-271', + name: 'Privilege Dropping / Lowering Errors', + status: 'Incomplete', + }, + { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, + { + id: 'CWE-273', + name: 'Improper Check for Dropped Privileges', + status: 'Incomplete', + }, + { + id: 'CWE-274', + name: 'Improper Handling of Insufficient Privileges', + status: 'Draft', + }, + { id: 'CWE-276', name: 'Incorrect Default Permissions', status: 'Draft' }, + { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, + { + id: 'CWE-278', + name: 'Insecure Preserved Inherited Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-279', + name: 'Incorrect Execution-Assigned Permissions', + status: 'Draft', + }, + { + id: 'CWE-28', + name: "Path Traversal: '..\\filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-280', + name: 'Improper Handling of Insufficient Permissions or Privileges ', + status: 'Draft', + }, + { + id: 'CWE-281', + name: 'Improper Preservation of Permissions', + status: 'Draft', + }, + { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, + { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, + { id: 'CWE-284', name: 'Improper Access Control', status: 'Incomplete' }, + { id: 'CWE-285', name: 'Improper Authorization', status: 'Draft' }, + { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, + { id: 'CWE-287', name: 'Improper Authentication', status: 'Draft' }, + { + id: 'CWE-288', + name: 'Authentication Bypass Using an Alternate Path or Channel', + status: 'Incomplete', + }, + { + id: 'CWE-289', + name: 'Authentication Bypass by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-29', + name: "Path Traversal: '\\..\\filename'", + status: 'Incomplete', + }, + { + id: 'CWE-290', + name: 'Authentication Bypass by Spoofing', + status: 'Incomplete', + }, + { + id: 'CWE-291', + name: 'Reliance on IP Address for Authentication', + status: 'Incomplete', + }, + { + id: 'CWE-292', + name: 'DEPRECATED (Duplicate): Trusting Self-reported DNS Name', + status: 'Deprecated', + }, + { + id: 'CWE-293', + name: 'Using Referer Field for Authentication', + status: 'Draft', + }, + { + id: 'CWE-294', + name: 'Authentication Bypass by Capture-replay', + status: 'Incomplete', + }, + { id: 'CWE-295', name: 'Improper Certificate Validation', status: 'Draft' }, + { + id: 'CWE-296', + name: "Improper Following of a Certificate's Chain of Trust", + status: 'Draft', + }, + { + id: 'CWE-297', + name: 'Improper Validation of Certificate with Host Mismatch', + status: 'Incomplete', + }, + { + id: 'CWE-298', + name: 'Improper Validation of Certificate Expiration', + status: 'Draft', + }, + { + id: 'CWE-299', + name: 'Improper Check for Certificate Revocation', + status: 'Draft', + }, + { + id: 'CWE-30', + name: "Path Traversal: '\\dir\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-300', + name: 'Channel Accessible by Non-Endpoint', + status: 'Draft', + }, + { + id: 'CWE-301', + name: 'Reflection Attack in an Authentication Protocol', + status: 'Draft', + }, + { + id: 'CWE-302', + name: 'Authentication Bypass by Assumed-Immutable Data', + status: 'Incomplete', + }, + { + id: 'CWE-303', + name: 'Incorrect Implementation of Authentication Algorithm', + status: 'Draft', + }, + { + id: 'CWE-304', + name: 'Missing Critical Step in Authentication', + status: 'Draft', + }, + { + id: 'CWE-305', + name: 'Authentication Bypass by Primary Weakness', + status: 'Draft', + }, + { + id: 'CWE-306', + name: 'Missing Authentication for Critical Function', + status: 'Draft', + }, + { + id: 'CWE-307', + name: 'Improper Restriction of Excessive Authentication Attempts', + status: 'Draft', + }, + { + id: 'CWE-308', + name: 'Use of Single-factor Authentication', + status: 'Draft', + }, + { + id: 'CWE-309', + name: 'Use of Password System for Primary Authentication', + status: 'Draft', + }, + { + id: 'CWE-31', + name: "Path Traversal: 'dir\\..\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-311', + name: 'Missing Encryption of Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-312', + name: 'Cleartext Storage of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-313', + name: 'Cleartext Storage in a File or on Disk', + status: 'Draft', + }, + { + id: 'CWE-314', + name: 'Cleartext Storage in the Registry', + status: 'Draft', + }, + { + id: 'CWE-315', + name: 'Cleartext Storage of Sensitive Information in a Cookie', + status: 'Draft', + }, + { + id: 'CWE-316', + name: 'Cleartext Storage of Sensitive Information in Memory', + status: 'Draft', + }, + { + id: 'CWE-317', + name: 'Cleartext Storage of Sensitive Information in GUI', + status: 'Draft', + }, + { + id: 'CWE-318', + name: 'Cleartext Storage of Sensitive Information in Executable', + status: 'Draft', + }, + { + id: 'CWE-319', + name: 'Cleartext Transmission of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-32', + name: "Path Traversal: '...' (Triple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-321', + name: 'Use of Hard-coded Cryptographic Key', + status: 'Draft', + }, + { + id: 'CWE-322', + name: 'Key Exchange without Entity Authentication', + status: 'Draft', + }, + { + id: 'CWE-323', + name: 'Reusing a Nonce, Key Pair in Encryption', + status: 'Incomplete', + }, + { + id: 'CWE-324', + name: 'Use of a Key Past its Expiration Date', + status: 'Draft', + }, + { id: 'CWE-325', name: 'Missing Cryptographic Step', status: 'Draft' }, + { id: 'CWE-326', name: 'Inadequate Encryption Strength', status: 'Draft' }, + { + id: 'CWE-327', + name: 'Use of a Broken or Risky Cryptographic Algorithm', + status: 'Draft', + }, + { id: 'CWE-328', name: 'Reversible One-Way Hash', status: 'Draft' }, + { + id: 'CWE-329', + name: 'Not Using a Random IV with CBC Mode', + status: 'Draft', + }, + { + id: 'CWE-33', + name: "Path Traversal: '....' (Multiple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-330', + name: 'Use of Insufficiently Random Values', + status: 'Stable', + }, + { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, + { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, + { + id: 'CWE-333', + name: 'Improper Handling of Insufficient Entropy in TRNG', + status: 'Draft', + }, + { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, + { + id: 'CWE-335', + name: 'Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + }, + { + id: 'CWE-336', + name: 'Same Seed in Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + }, + { + id: 'CWE-337', + name: 'Predictable Seed in Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + }, + { + id: 'CWE-338', + name: 'Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + }, + { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, + { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, + { + id: 'CWE-340', + name: 'Generation of Predictable Numbers or Identifiers', + status: 'Incomplete', + }, + { + id: 'CWE-341', + name: 'Predictable from Observable State', + status: 'Draft', + }, + { + id: 'CWE-342', + name: 'Predictable Exact Value from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-343', + name: 'Predictable Value Range from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-344', + name: 'Use of Invariant Value in Dynamically Changing Context', + status: 'Draft', + }, + { + id: 'CWE-345', + name: 'Insufficient Verification of Data Authenticity', + status: 'Draft', + }, + { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, + { + id: 'CWE-347', + name: 'Improper Verification of Cryptographic Signature', + status: 'Draft', + }, + { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, + { + id: 'CWE-349', + name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', + status: 'Draft', + }, + { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, + { + id: 'CWE-350', + name: 'Reliance on Reverse DNS Resolution for a Security-Critical Action', + status: 'Draft', + }, + { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, + { + id: 'CWE-352', + name: 'Cross-Site Request Forgery (CSRF)', + status: 'Stable', + }, + { + id: 'CWE-353', + name: 'Missing Support for Integrity Check', + status: 'Draft', + }, + { + id: 'CWE-354', + name: 'Improper Validation of Integrity Check Value', + status: 'Draft', + }, + { + id: 'CWE-356', + name: 'Product UI does not Warn User of Unsafe Actions', + status: 'Incomplete', + }, + { + id: 'CWE-357', + name: 'Insufficient UI Warning of Dangerous Operations', + status: 'Draft', + }, + { + id: 'CWE-358', + name: 'Improperly Implemented Security Check for Standard', + status: 'Draft', + }, + { + id: 'CWE-359', + name: 'Exposure of Private Personal Information to an Unauthorized Actor', + status: 'Incomplete', + }, + { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, + { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, + { + id: 'CWE-362', + name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", + status: 'Draft', + }, + { + id: 'CWE-363', + name: 'Race Condition Enabling Link Following', + status: 'Draft', + }, + { + id: 'CWE-364', + name: 'Signal Handler Race Condition', + status: 'Incomplete', + }, + { id: 'CWE-365', name: 'Race Condition in Switch', status: 'Draft' }, + { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, + { + id: 'CWE-367', + name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', + status: 'Incomplete', + }, + { + id: 'CWE-368', + name: 'Context Switching Race Condition', + status: 'Draft', + }, + { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, + { + id: 'CWE-37', + name: "Path Traversal: '/absolute/pathname/here'", + status: 'Draft', + }, + { + id: 'CWE-370', + name: 'Missing Check for Certificate Revocation after Initial Check', + status: 'Draft', + }, + { + id: 'CWE-372', + name: 'Incomplete Internal State Distinction', + status: 'Draft', + }, + { + id: 'CWE-373', + name: 'DEPRECATED: State Synchronization Error', + status: 'Deprecated', + }, + { + id: 'CWE-374', + name: 'Passing Mutable Objects to an Untrusted Method', + status: 'Draft', + }, + { + id: 'CWE-375', + name: 'Returning a Mutable Object to an Untrusted Caller', + status: 'Draft', + }, + { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, + { + id: 'CWE-378', + name: 'Creation of Temporary File With Insecure Permissions', + status: 'Draft', + }, + { + id: 'CWE-379', + name: 'Creation of Temporary File in Directory with Insecure Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-38', + name: "Path Traversal: '\\absolute\\pathname\\here'", + status: 'Draft', + }, + { + id: 'CWE-382', + name: 'J2EE Bad Practices: Use of System.exit()', + status: 'Draft', + }, + { + id: 'CWE-383', + name: 'J2EE Bad Practices: Direct Use of Threads', + status: 'Draft', + }, + { id: 'CWE-384', name: 'Session Fixation', status: 'Incomplete' }, + { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, + { + id: 'CWE-386', + name: 'Symbolic Name not Mapping to Correct Object', + status: 'Draft', + }, + { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, + { + id: 'CWE-390', + name: 'Detection of Error Condition Without Action', + status: 'Draft', + }, + { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, + { + id: 'CWE-392', + name: 'Missing Report of Error Condition', + status: 'Draft', + }, + { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, + { + id: 'CWE-394', + name: 'Unexpected Status Code or Return Value', + status: 'Draft', + }, + { + id: 'CWE-395', + name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', + status: 'Draft', + }, + { + id: 'CWE-396', + name: 'Declaration of Catch for Generic Exception', + status: 'Draft', + }, + { + id: 'CWE-397', + name: 'Declaration of Throws for Generic Exception', + status: 'Draft', + }, + { + id: 'CWE-40', + name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", + status: 'Draft', + }, + { + id: 'CWE-400', + name: 'Uncontrolled Resource Consumption', + status: 'Draft', + }, + { + id: 'CWE-401', + name: 'Missing Release of Memory after Effective Lifetime', + status: 'Draft', + }, + { + id: 'CWE-402', + name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", + status: 'Draft', + }, + { + id: 'CWE-403', + name: "Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')", + status: 'Draft', + }, + { + id: 'CWE-404', + name: 'Improper Resource Shutdown or Release', + status: 'Draft', + }, + { + id: 'CWE-405', + name: 'Asymmetric Resource Consumption (Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-406', + name: 'Insufficient Control of Network Message Volume (Network Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-407', + name: 'Inefficient Algorithmic Complexity', + status: 'Incomplete', + }, + { + id: 'CWE-408', + name: 'Incorrect Behavior Order: Early Amplification', + status: 'Draft', + }, + { + id: 'CWE-409', + name: 'Improper Handling of Highly Compressed Data (Data Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-41', + name: 'Improper Resolution of Path Equivalence', + status: 'Incomplete', + }, + { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, + { + id: 'CWE-412', + name: 'Unrestricted Externally Accessible Lock', + status: 'Incomplete', + }, + { id: 'CWE-413', name: 'Improper Resource Locking', status: 'Draft' }, + { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, + { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, + { id: 'CWE-416', name: 'Use After Free', status: 'Stable' }, + { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, + { + id: 'CWE-42', + name: "Path Equivalence: 'filename.' (Trailing Dot)", + status: 'Incomplete', + }, + { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, + { + id: 'CWE-421', + name: 'Race Condition During Access to Alternate Channel', + status: 'Draft', + }, + { + id: 'CWE-422', + name: "Unprotected Windows Messaging Channel ('Shatter')", + status: 'Draft', + }, + { + id: 'CWE-423', + name: 'DEPRECATED (Duplicate): Proxied Trusted Channel', + status: 'Deprecated', + }, + { + id: 'CWE-424', + name: 'Improper Protection of Alternate Path', + status: 'Draft', + }, + { + id: 'CWE-425', + name: "Direct Request ('Forced Browsing')", + status: 'Incomplete', + }, + { id: 'CWE-426', name: 'Untrusted Search Path', status: 'Stable' }, + { + id: 'CWE-427', + name: 'Uncontrolled Search Path Element', + status: 'Draft', + }, + { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, + { + id: 'CWE-43', + name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-430', + name: 'Deployment of Wrong Handler', + status: 'Incomplete', + }, + { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, + { + id: 'CWE-432', + name: 'Dangerous Signal Handler not Disabled During Sensitive Operations', + status: 'Draft', + }, + { + id: 'CWE-433', + name: 'Unparsed Raw Web Content Delivery', + status: 'Incomplete', + }, + { + id: 'CWE-434', + name: 'Unrestricted Upload of File with Dangerous Type', + status: 'Draft', + }, + { + id: 'CWE-435', + name: 'Improper Interaction Between Multiple Correctly-Behaving Entities', + status: 'Draft', + }, + { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, + { + id: 'CWE-437', + name: 'Incomplete Model of Endpoint Features', + status: 'Incomplete', + }, + { + id: 'CWE-439', + name: 'Behavioral Change in New Version or Environment', + status: 'Draft', + }, + { + id: 'CWE-44', + name: "Path Equivalence: 'file.name' (Internal Dot)", + status: 'Incomplete', + }, + { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, + { + id: 'CWE-441', + name: "Unintended Proxy or Intermediary ('Confused Deputy')", + status: 'Draft', + }, + { + id: 'CWE-443', + name: 'DEPRECATED (Duplicate): HTTP response splitting', + status: 'Deprecated', + }, + { + id: 'CWE-444', + name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')", + status: 'Incomplete', + }, + { + id: 'CWE-446', + name: 'UI Discrepancy for Security Feature', + status: 'Incomplete', + }, + { + id: 'CWE-447', + name: 'Unimplemented or Unsupported Feature in UI', + status: 'Draft', + }, + { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, + { + id: 'CWE-449', + name: 'The UI Performs the Wrong Action', + status: 'Incomplete', + }, + { + id: 'CWE-45', + name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-450', + name: 'Multiple Interpretations of UI Input', + status: 'Draft', + }, + { + id: 'CWE-451', + name: 'User Interface (UI) Misrepresentation of Critical Information', + status: 'Draft', + }, + { + id: 'CWE-453', + name: 'Insecure Default Variable Initialization', + status: 'Draft', + }, + { + id: 'CWE-454', + name: 'External Initialization of Trusted Variables or Data Stores', + status: 'Draft', + }, + { + id: 'CWE-455', + name: 'Non-exit on Failed Initialization', + status: 'Draft', + }, + { + id: 'CWE-456', + name: 'Missing Initialization of a Variable', + status: 'Draft', + }, + { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, + { + id: 'CWE-458', + name: 'DEPRECATED: Incorrect Initialization', + status: 'Deprecated', + }, + { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, + { + id: 'CWE-46', + name: "Path Equivalence: 'filename ' (Trailing Space)", + status: 'Incomplete', + }, + { + id: 'CWE-460', + name: 'Improper Cleanup on Thrown Exception', + status: 'Draft', + }, + { + id: 'CWE-462', + name: 'Duplicate Key in Associative List (Alist)', + status: 'Incomplete', + }, + { + id: 'CWE-463', + name: 'Deletion of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-464', + name: 'Addition of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-466', + name: 'Return of Pointer Value Outside of Expected Range', + status: 'Draft', + }, + { + id: 'CWE-467', + name: 'Use of sizeof() on a Pointer Type', + status: 'Draft', + }, + { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, + { + id: 'CWE-469', + name: 'Use of Pointer Subtraction to Determine Size', + status: 'Draft', + }, + { + id: 'CWE-47', + name: "Path Equivalence: ' filename' (Leading Space)", + status: 'Incomplete', + }, + { + id: 'CWE-470', + name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", + status: 'Draft', + }, + { + id: 'CWE-471', + name: 'Modification of Assumed-Immutable Data (MAID)', + status: 'Draft', + }, + { + id: 'CWE-472', + name: 'External Control of Assumed-Immutable Web Parameter', + status: 'Draft', + }, + { + id: 'CWE-473', + name: 'PHP External Variable Modification', + status: 'Draft', + }, + { + id: 'CWE-474', + name: 'Use of Function with Inconsistent Implementations', + status: 'Draft', + }, + { + id: 'CWE-475', + name: 'Undefined Behavior for Input to API', + status: 'Incomplete', + }, + { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Stable' }, + { id: 'CWE-477', name: 'Use of Obsolete Function', status: 'Draft' }, + { + id: 'CWE-478', + name: 'Missing Default Case in Switch Statement', + status: 'Draft', + }, + { + id: 'CWE-479', + name: 'Signal Handler Use of a Non-reentrant Function', + status: 'Draft', + }, + { + id: 'CWE-48', + name: "Path Equivalence: 'file name' (Internal Whitespace)", + status: 'Incomplete', + }, + { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, + { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, + { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, + { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, + { + id: 'CWE-484', + name: 'Omitted Break Statement in Switch', + status: 'Draft', + }, + { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, + { + id: 'CWE-487', + name: 'Reliance on Package-level Scope', + status: 'Incomplete', + }, + { + id: 'CWE-488', + name: 'Exposure of Data Element to Wrong Session', + status: 'Draft', + }, + { id: 'CWE-489', name: 'Active Debug Code', status: 'Draft' }, + { + id: 'CWE-49', + name: "Path Equivalence: 'filename/' (Trailing Slash)", + status: 'Incomplete', + }, + { + id: 'CWE-491', + name: "Public cloneable() Method Without Final ('Object Hijack')", + status: 'Draft', + }, + { + id: 'CWE-492', + name: 'Use of Inner Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-493', + name: 'Critical Public Variable Without Final Modifier', + status: 'Draft', + }, + { + id: 'CWE-494', + name: 'Download of Code Without Integrity Check', + status: 'Draft', + }, + { + id: 'CWE-495', + name: 'Private Data Structure Returned From A Public Method', + status: 'Draft', + }, + { + id: 'CWE-496', + name: 'Public Data Assigned to Private Array-Typed Field', + status: 'Incomplete', + }, + { + id: 'CWE-497', + name: 'Exposure of Sensitive System Information to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-498', + name: 'Cloneable Class Containing Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-499', + name: 'Serializable Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-5', + name: 'J2EE Misconfiguration: Data Transmission Without Encryption', + status: 'Draft', + }, + { + id: 'CWE-50', + name: "Path Equivalence: '//multiple/leading/slash'", + status: 'Incomplete', + }, + { + id: 'CWE-500', + name: 'Public Static Field Not Marked Final', + status: 'Draft', + }, + { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, + { + id: 'CWE-502', + name: 'Deserialization of Untrusted Data', + status: 'Draft', + }, + { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, + { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, + { + id: 'CWE-508', + name: 'Non-Replicating Malicious Code', + status: 'Incomplete', + }, + { + id: 'CWE-509', + name: 'Replicating Malicious Code (Virus or Worm)', + status: 'Incomplete', + }, + { + id: 'CWE-51', + name: "Path Equivalence: '/multiple//internal/slash'", + status: 'Incomplete', + }, + { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, + { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, + { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, + { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, + { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, + { + id: 'CWE-516', + name: 'DEPRECATED (Duplicate): Covert Timing Channel', + status: 'Deprecated', + }, + { + id: 'CWE-52', + name: "Path Equivalence: '/multiple/trailing/slash//'", + status: 'Incomplete', + }, + { + id: 'CWE-520', + name: '.NET Misconfiguration: Use of Impersonation', + status: 'Incomplete', + }, + { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, + { + id: 'CWE-522', + name: 'Insufficiently Protected Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-523', + name: 'Unprotected Transport of Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-524', + name: 'Use of Cache Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-525', + name: 'Use of Web Browser Cache Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-526', + name: 'Exposure of Sensitive Information Through Environmental Variables', + status: 'Incomplete', + }, + { + id: 'CWE-527', + name: 'Exposure of Version-Control Repository to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-528', + name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', + status: 'Draft', + }, + { + id: 'CWE-529', + name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-53', + name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", + status: 'Incomplete', + }, + { + id: 'CWE-530', + name: 'Exposure of Backup File to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-531', + name: 'Inclusion of Sensitive Information in Test Code', + status: 'Incomplete', + }, + { + id: 'CWE-532', + name: 'Insertion of Sensitive Information into Log File', + status: 'Incomplete', + }, + { + id: 'CWE-533', + name: 'DEPRECATED: Information Exposure Through Server Log Files', + status: 'Deprecated', + }, + { + id: 'CWE-534', + name: 'DEPRECATED: Information Exposure Through Debug Log Files', + status: 'Deprecated', + }, + { + id: 'CWE-535', + name: 'Exposure of Information Through Shell Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-536', + name: 'Servlet Runtime Error Message Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-537', + name: 'Java Runtime Error Message Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-538', + name: 'Insertion of Sensitive Information into Externally-Accessible File or Directory', + status: 'Draft', + }, + { + id: 'CWE-539', + name: 'Use of Persistent Cookies Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-54', + name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", + status: 'Incomplete', + }, + { + id: 'CWE-540', + name: 'Inclusion of Sensitive Information in Source Code', + status: 'Incomplete', + }, + { + id: 'CWE-541', + name: 'Inclusion of Sensitive Information in an Include File', + status: 'Incomplete', + }, + { + id: 'CWE-542', + name: 'DEPRECATED: Information Exposure Through Cleanup Log Files', + status: 'Deprecated', + }, + { + id: 'CWE-543', + name: 'Use of Singleton Pattern Without Synchronization in a Multithreaded Context', + status: 'Incomplete', + }, + { + id: 'CWE-544', + name: 'Missing Standardized Error Handling Mechanism', + status: 'Draft', + }, + { + id: 'CWE-545', + name: 'DEPRECATED: Use of Dynamic Class Loading', + status: 'Deprecated', + }, + { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, + { + id: 'CWE-547', + name: 'Use of Hard-coded, Security-relevant Constants', + status: 'Draft', + }, + { + id: 'CWE-548', + name: 'Exposure of Information Through Directory Listing', + status: 'Draft', + }, + { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, + { + id: 'CWE-55', + name: "Path Equivalence: '/./' (Single Dot Directory)", + status: 'Incomplete', + }, + { + id: 'CWE-550', + name: 'Server-generated Error Message Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-551', + name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', + status: 'Incomplete', + }, + { + id: 'CWE-552', + name: 'Files or Directories Accessible to External Parties', + status: 'Draft', + }, + { + id: 'CWE-553', + name: 'Command Shell in Externally Accessible Directory', + status: 'Incomplete', + }, + { + id: 'CWE-554', + name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', + status: 'Draft', + }, + { + id: 'CWE-555', + name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-556', + name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', + status: 'Incomplete', + }, + { + id: 'CWE-558', + name: 'Use of getlogin() in Multithreaded Application', + status: 'Draft', + }, + { + id: 'CWE-56', + name: "Path Equivalence: 'filedir*' (Wildcard)", + status: 'Incomplete', + }, + { + id: 'CWE-560', + name: 'Use of umask() with chmod-style Argument', + status: 'Draft', + }, + { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, + { + id: 'CWE-562', + name: 'Return of Stack Variable Address', + status: 'Draft', + }, + { + id: 'CWE-563', + name: 'Assignment to Variable without Use', + status: 'Draft', + }, + { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, + { + id: 'CWE-565', + name: 'Reliance on Cookies without Validation and Integrity Checking', + status: 'Incomplete', + }, + { + id: 'CWE-566', + name: 'Authorization Bypass Through User-Controlled SQL Primary Key', + status: 'Incomplete', + }, + { + id: 'CWE-567', + name: 'Unsynchronized Access to Shared Data in a Multithreaded Context', + status: 'Draft', + }, + { + id: 'CWE-568', + name: 'finalize() Method Without super.finalize()', + status: 'Draft', + }, + { + id: 'CWE-57', + name: "Path Equivalence: 'fakedir/../realdir/filename'", + status: 'Incomplete', + }, + { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, + { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, + { + id: 'CWE-572', + name: 'Call to Thread run() instead of start()', + status: 'Draft', + }, + { + id: 'CWE-573', + name: 'Improper Following of Specification by Caller', + status: 'Draft', + }, + { + id: 'CWE-574', + name: 'EJB Bad Practices: Use of Synchronization Primitives', + status: 'Draft', + }, + { + id: 'CWE-575', + name: 'EJB Bad Practices: Use of AWT Swing', + status: 'Draft', + }, + { + id: 'CWE-576', + name: 'EJB Bad Practices: Use of Java I/O', + status: 'Draft', + }, + { + id: 'CWE-577', + name: 'EJB Bad Practices: Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-578', + name: 'EJB Bad Practices: Use of Class Loader', + status: 'Draft', + }, + { + id: 'CWE-579', + name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', + status: 'Draft', + }, + { + id: 'CWE-58', + name: 'Path Equivalence: Windows 8.3 Filename', + status: 'Incomplete', + }, + { + id: 'CWE-580', + name: 'clone() Method Without super.clone()', + status: 'Draft', + }, + { + id: 'CWE-581', + name: 'Object Model Violation: Just One of Equals and Hashcode Defined', + status: 'Draft', + }, + { + id: 'CWE-582', + name: 'Array Declared Public, Final, and Static', + status: 'Draft', + }, + { + id: 'CWE-583', + name: 'finalize() Method Declared Public', + status: 'Incomplete', + }, + { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, + { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, + { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, + { + id: 'CWE-587', + name: 'Assignment of a Fixed Address to a Pointer', + status: 'Draft', + }, + { + id: 'CWE-588', + name: 'Attempt to Access Child of a Non-structure Pointer', + status: 'Incomplete', + }, + { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, + { + id: 'CWE-59', + name: "Improper Link Resolution Before File Access ('Link Following')", + status: 'Draft', + }, + { + id: 'CWE-590', + name: 'Free of Memory not on the Heap', + status: 'Incomplete', + }, + { + id: 'CWE-591', + name: 'Sensitive Data Storage in Improperly Locked Memory', + status: 'Draft', + }, + { + id: 'CWE-592', + name: 'DEPRECATED: Authentication Bypass Issues', + status: 'Deprecated', + }, + { + id: 'CWE-593', + name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', + status: 'Draft', + }, + { + id: 'CWE-594', + name: 'J2EE Framework: Saving Unserializable Objects to Disk', + status: 'Incomplete', + }, + { + id: 'CWE-595', + name: 'Comparison of Object References Instead of Object Contents', + status: 'Incomplete', + }, + { + id: 'CWE-596', + name: 'DEPRECATED: Incorrect Semantic Object Comparison', + status: 'Deprecated', + }, + { + id: 'CWE-597', + name: 'Use of Wrong Operator in String Comparison', + status: 'Draft', + }, + { + id: 'CWE-598', + name: 'Use of GET Request Method With Sensitive Query Strings', + status: 'Draft', + }, + { + id: 'CWE-599', + name: 'Missing Validation of OpenSSL Certificate', + status: 'Incomplete', + }, + { + id: 'CWE-6', + name: 'J2EE Misconfiguration: Insufficient Session-ID Length', + status: 'Incomplete', + }, + { id: 'CWE-600', name: 'Uncaught Exception in Servlet ', status: 'Draft' }, + { + id: 'CWE-601', + name: "URL Redirection to Untrusted Site ('Open Redirect')", + status: 'Draft', + }, + { + id: 'CWE-602', + name: 'Client-Side Enforcement of Server-Side Security', + status: 'Draft', + }, + { + id: 'CWE-603', + name: 'Use of Client-Side Authentication', + status: 'Draft', + }, + { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, + { + id: 'CWE-606', + name: 'Unchecked Input for Loop Condition', + status: 'Draft', + }, + { + id: 'CWE-607', + name: 'Public Static Final Field References Mutable Object', + status: 'Draft', + }, + { + id: 'CWE-608', + name: 'Struts: Non-private Field in ActionForm Class', + status: 'Draft', + }, + { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, + { + id: 'CWE-61', + name: 'UNIX Symbolic Link (Symlink) Following', + status: 'Incomplete', + }, + { + id: 'CWE-610', + name: 'Externally Controlled Reference to a Resource in Another Sphere', + status: 'Draft', + }, + { + id: 'CWE-611', + name: 'Improper Restriction of XML External Entity Reference', + status: 'Draft', + }, + { + id: 'CWE-612', + name: 'Improper Authorization of Index Containing Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-613', + name: 'Insufficient Session Expiration', + status: 'Incomplete', + }, + { + id: 'CWE-614', + name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", + status: 'Draft', + }, + { + id: 'CWE-615', + name: 'Inclusion of Sensitive Information in Source Code Comments', + status: 'Incomplete', + }, + { + id: 'CWE-616', + name: 'Incomplete Identification of Uploaded File Variables (PHP)', + status: 'Incomplete', + }, + { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, + { + id: 'CWE-618', + name: 'Exposed Unsafe ActiveX Method', + status: 'Incomplete', + }, + { + id: 'CWE-619', + name: "Dangling Database Cursor ('Cursor Injection')", + status: 'Incomplete', + }, + { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, + { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, + { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, + { + id: 'CWE-622', + name: 'Improper Validation of Function Hook Arguments', + status: 'Draft', + }, + { + id: 'CWE-623', + name: 'Unsafe ActiveX Control Marked Safe For Scripting', + status: 'Draft', + }, + { + id: 'CWE-624', + name: 'Executable Regular Expression Error', + status: 'Incomplete', + }, + { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, + { + id: 'CWE-626', + name: 'Null Byte Interaction Error (Poison Null Byte)', + status: 'Draft', + }, + { + id: 'CWE-627', + name: 'Dynamic Variable Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-628', + name: 'Function Call with Incorrectly Specified Arguments', + status: 'Draft', + }, + { + id: 'CWE-636', + name: "Not Failing Securely ('Failing Open')", + status: 'Draft', + }, + { + id: 'CWE-637', + name: "Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')", + status: 'Draft', + }, + { id: 'CWE-638', name: 'Not Using Complete Mediation', status: 'Draft' }, + { + id: 'CWE-639', + name: 'Authorization Bypass Through User-Controlled Key', + status: 'Incomplete', + }, + { + id: 'CWE-64', + name: 'Windows Shortcut Following (.LNK)', + status: 'Incomplete', + }, + { + id: 'CWE-640', + name: 'Weak Password Recovery Mechanism for Forgotten Password', + status: 'Incomplete', + }, + { + id: 'CWE-641', + name: 'Improper Restriction of Names for Files and Other Resources', + status: 'Incomplete', + }, + { + id: 'CWE-642', + name: 'External Control of Critical State Data', + status: 'Draft', + }, + { + id: 'CWE-643', + name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-644', + name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', + status: 'Incomplete', + }, + { + id: 'CWE-645', + name: 'Overly Restrictive Account Lockout Mechanism', + status: 'Incomplete', + }, + { + id: 'CWE-646', + name: 'Reliance on File Name or Extension of Externally-Supplied File', + status: 'Incomplete', + }, + { + id: 'CWE-647', + name: 'Use of Non-Canonical URL Paths for Authorization Decisions', + status: 'Incomplete', + }, + { + id: 'CWE-648', + name: 'Incorrect Use of Privileged APIs', + status: 'Incomplete', + }, + { + id: 'CWE-649', + name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', + status: 'Incomplete', + }, + { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, + { + id: 'CWE-650', + name: 'Trusting HTTP Permission Methods on the Server Side', + status: 'Incomplete', + }, + { + id: 'CWE-651', + name: 'Exposure of WSDL File Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-652', + name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-653', + name: 'Insufficient Compartmentalization', + status: 'Draft', + }, + { + id: 'CWE-654', + name: 'Reliance on a Single Factor in a Security Decision', + status: 'Draft', + }, + { + id: 'CWE-655', + name: 'Insufficient Psychological Acceptability', + status: 'Draft', + }, + { + id: 'CWE-656', + name: 'Reliance on Security Through Obscurity', + status: 'Draft', + }, + { + id: 'CWE-657', + name: 'Violation of Secure Design Principles', + status: 'Draft', + }, + { + id: 'CWE-66', + name: 'Improper Handling of File Names that Identify Virtual Resources', + status: 'Draft', + }, + { id: 'CWE-662', name: 'Improper Synchronization', status: 'Draft' }, + { + id: 'CWE-663', + name: 'Use of a Non-reentrant Function in a Concurrent Context', + status: 'Draft', + }, + { + id: 'CWE-664', + name: 'Improper Control of a Resource Through its Lifetime', + status: 'Draft', + }, + { id: 'CWE-665', name: 'Improper Initialization', status: 'Draft' }, + { + id: 'CWE-666', + name: 'Operation on Resource in Wrong Phase of Lifetime', + status: 'Draft', + }, + { id: 'CWE-667', name: 'Improper Locking', status: 'Draft' }, + { + id: 'CWE-668', + name: 'Exposure of Resource to Wrong Sphere', + status: 'Draft', + }, + { + id: 'CWE-669', + name: 'Incorrect Resource Transfer Between Spheres', + status: 'Draft', + }, + { + id: 'CWE-67', + name: 'Improper Handling of Windows Device Names', + status: 'Incomplete', + }, + { + id: 'CWE-670', + name: 'Always-Incorrect Control Flow Implementation', + status: 'Draft', + }, + { + id: 'CWE-671', + name: 'Lack of Administrator Control over Security', + status: 'Draft', + }, + { + id: 'CWE-672', + name: 'Operation on a Resource after Expiration or Release', + status: 'Draft', + }, + { + id: 'CWE-673', + name: 'External Influence of Sphere Definition', + status: 'Draft', + }, + { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, + { + id: 'CWE-675', + name: 'Duplicate Operations on Resource', + status: 'Draft', + }, + { + id: 'CWE-676', + name: 'Use of Potentially Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-680', + name: 'Integer Overflow to Buffer Overflow', + status: 'Draft', + }, + { + id: 'CWE-681', + name: 'Incorrect Conversion between Numeric Types', + status: 'Draft', + }, + { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, + { + id: 'CWE-683', + name: 'Function Call With Incorrect Order of Arguments', + status: 'Draft', + }, + { + id: 'CWE-684', + name: 'Incorrect Provision of Specified Functionality', + status: 'Draft', + }, + { + id: 'CWE-685', + name: 'Function Call With Incorrect Number of Arguments', + status: 'Draft', + }, + { + id: 'CWE-686', + name: 'Function Call With Incorrect Argument Type', + status: 'Draft', + }, + { + id: 'CWE-687', + name: 'Function Call With Incorrectly Specified Argument Value', + status: 'Draft', + }, + { + id: 'CWE-688', + name: 'Function Call With Incorrect Variable or Reference as Argument', + status: 'Draft', + }, + { + id: 'CWE-689', + name: 'Permission Race Condition During Resource Copy', + status: 'Draft', + }, + { + id: 'CWE-69', + name: 'Improper Handling of Windows ::DATA Alternate Data Stream', + status: 'Incomplete', + }, + { + id: 'CWE-690', + name: 'Unchecked Return Value to NULL Pointer Dereference', + status: 'Draft', + }, + { + id: 'CWE-691', + name: 'Insufficient Control Flow Management', + status: 'Draft', + }, + { + id: 'CWE-692', + name: 'Incomplete Denylist to Cross-Site Scripting', + status: 'Draft', + }, + { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, + { + id: 'CWE-694', + name: 'Use of Multiple Resources with Duplicate Identifier', + status: 'Incomplete', + }, + { + id: 'CWE-695', + name: 'Use of Low-Level Functionality', + status: 'Incomplete', + }, + { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, + { id: 'CWE-697', name: 'Incorrect Comparison', status: 'Incomplete' }, + { + id: 'CWE-698', + name: 'Execution After Redirect (EAR)', + status: 'Incomplete', + }, + { + id: 'CWE-7', + name: 'J2EE Misconfiguration: Missing Custom Error Page', + status: 'Incomplete', + }, + { + id: 'CWE-703', + name: 'Improper Check or Handling of Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-704', + name: 'Incorrect Type Conversion or Cast', + status: 'Incomplete', + }, + { + id: 'CWE-705', + name: 'Incorrect Control Flow Scoping', + status: 'Incomplete', + }, + { + id: 'CWE-706', + name: 'Use of Incorrectly-Resolved Name or Reference', + status: 'Incomplete', + }, + { id: 'CWE-707', name: 'Improper Neutralization', status: 'Incomplete' }, + { + id: 'CWE-708', + name: 'Incorrect Ownership Assignment', + status: 'Incomplete', + }, + { + id: 'CWE-71', + name: "DEPRECATED: Apple '.DS_Store'", + status: 'Deprecated', + }, + { + id: 'CWE-710', + name: 'Improper Adherence to Coding Standards', + status: 'Incomplete', + }, + { + id: 'CWE-72', + name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', + status: 'Incomplete', + }, + { + id: 'CWE-73', + name: 'External Control of File Name or Path', + status: 'Draft', + }, + { + id: 'CWE-732', + name: 'Incorrect Permission Assignment for Critical Resource', + status: 'Draft', + }, + { + id: 'CWE-733', + name: 'Compiler Optimization Removal or Modification of Security-critical Code', + status: 'Incomplete', + }, + { + id: 'CWE-74', + name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-749', + name: 'Exposed Dangerous Method or Function', + status: 'Incomplete', + }, + { + id: 'CWE-75', + name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', + status: 'Draft', + }, + { + id: 'CWE-754', + name: 'Improper Check for Unusual or Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-755', + name: 'Improper Handling of Exceptional Conditions', + status: 'Incomplete', + }, + { id: 'CWE-756', name: 'Missing Custom Error Page', status: 'Incomplete' }, + { + id: 'CWE-757', + name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", + status: 'Incomplete', + }, + { + id: 'CWE-758', + name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', + status: 'Incomplete', + }, + { + id: 'CWE-759', + name: 'Use of a One-Way Hash without a Salt', + status: 'Incomplete', + }, + { + id: 'CWE-76', + name: 'Improper Neutralization of Equivalent Special Elements', + status: 'Draft', + }, + { + id: 'CWE-760', + name: 'Use of a One-Way Hash with a Predictable Salt', + status: 'Incomplete', + }, + { + id: 'CWE-761', + name: 'Free of Pointer not at Start of Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-762', + name: 'Mismatched Memory Management Routines', + status: 'Incomplete', + }, + { + id: 'CWE-763', + name: 'Release of Invalid Pointer or Reference', + status: 'Incomplete', + }, + { + id: 'CWE-764', + name: 'Multiple Locks of a Critical Resource', + status: 'Incomplete', + }, + { + id: 'CWE-765', + name: 'Multiple Unlocks of a Critical Resource', + status: 'Incomplete', + }, + { + id: 'CWE-766', + name: 'Critical Data Element Declared Public', + status: 'Incomplete', + }, + { + id: 'CWE-767', + name: 'Access to Critical Private Variable via Public Method', + status: 'Incomplete', + }, + { + id: 'CWE-768', + name: 'Incorrect Short Circuit Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-769', + name: 'DEPRECATED: Uncontrolled File Descriptor Consumption', + status: 'Deprecated', + }, + { + id: 'CWE-77', + name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", + status: 'Draft', + }, + { + id: 'CWE-770', + name: 'Allocation of Resources Without Limits or Throttling', + status: 'Incomplete', + }, + { + id: 'CWE-771', + name: 'Missing Reference to Active Allocated Resource', + status: 'Incomplete', + }, + { + id: 'CWE-772', + name: 'Missing Release of Resource after Effective Lifetime', + status: 'Draft', + }, + { + id: 'CWE-773', + name: 'Missing Reference to Active File Descriptor or Handle', + status: 'Incomplete', + }, + { + id: 'CWE-774', + name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', + status: 'Incomplete', + }, + { + id: 'CWE-775', + name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-776', + name: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", + status: 'Draft', + }, + { + id: 'CWE-777', + name: 'Regular Expression without Anchors', + status: 'Incomplete', + }, + { id: 'CWE-778', name: 'Insufficient Logging', status: 'Draft' }, + { id: 'CWE-779', name: 'Logging of Excessive Data', status: 'Draft' }, + { + id: 'CWE-78', + name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", + status: 'Stable', + }, + { + id: 'CWE-780', + name: 'Use of RSA Algorithm without OAEP', + status: 'Incomplete', + }, + { + id: 'CWE-781', + name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', + status: 'Draft', + }, + { + id: 'CWE-782', + name: 'Exposed IOCTL with Insufficient Access Control', + status: 'Draft', + }, + { id: 'CWE-783', name: 'Operator Precedence Logic Error', status: 'Draft' }, + { + id: 'CWE-784', + name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', + status: 'Draft', + }, + { + id: 'CWE-785', + name: 'Use of Path Manipulation Function without Maximum-sized Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-786', + name: 'Access of Memory Location Before Start of Buffer', + status: 'Incomplete', + }, + { id: 'CWE-787', name: 'Out-of-bounds Write', status: 'Draft' }, + { + id: 'CWE-788', + name: 'Access of Memory Location After End of Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-789', + name: 'Memory Allocation with Excessive Size Value', + status: 'Draft', + }, + { + id: 'CWE-79', + name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + status: 'Stable', + }, + { + id: 'CWE-790', + name: 'Improper Filtering of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-791', + name: 'Incomplete Filtering of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-792', + name: 'Incomplete Filtering of One or More Instances of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-793', + name: 'Only Filtering One Instance of a Special Element', + status: 'Incomplete', + }, + { + id: 'CWE-794', + name: 'Incomplete Filtering of Multiple Instances of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-795', + name: 'Only Filtering Special Elements at a Specified Location', + status: 'Incomplete', + }, + { + id: 'CWE-796', + name: 'Only Filtering Special Elements Relative to a Marker', + status: 'Incomplete', + }, + { + id: 'CWE-797', + name: 'Only Filtering Special Elements at an Absolute Position', + status: 'Incomplete', + }, + { id: 'CWE-798', name: 'Use of Hard-coded Credentials', status: 'Draft' }, + { + id: 'CWE-799', + name: 'Improper Control of Interaction Frequency', + status: 'Incomplete', + }, + { + id: 'CWE-8', + name: 'J2EE Misconfiguration: Entity Bean Declared Remote', + status: 'Incomplete', + }, + { + id: 'CWE-80', + name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', + status: 'Incomplete', + }, + { id: 'CWE-804', name: 'Guessable CAPTCHA', status: 'Incomplete' }, + { + id: 'CWE-805', + name: 'Buffer Access with Incorrect Length Value', + status: 'Incomplete', + }, + { + id: 'CWE-806', + name: 'Buffer Access Using Size of Source Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-807', + name: 'Reliance on Untrusted Inputs in a Security Decision', + status: 'Incomplete', + }, + { + id: 'CWE-81', + name: 'Improper Neutralization of Script in an Error Message Web Page', + status: 'Incomplete', + }, + { + id: 'CWE-82', + name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', + status: 'Incomplete', + }, + { id: 'CWE-820', name: 'Missing Synchronization', status: 'Incomplete' }, + { id: 'CWE-821', name: 'Incorrect Synchronization', status: 'Incomplete' }, + { + id: 'CWE-822', + name: 'Untrusted Pointer Dereference', + status: 'Incomplete', + }, + { + id: 'CWE-823', + name: 'Use of Out-of-range Pointer Offset', + status: 'Incomplete', + }, + { + id: 'CWE-824', + name: 'Access of Uninitialized Pointer', + status: 'Incomplete', + }, + { + id: 'CWE-825', + name: 'Expired Pointer Dereference', + status: 'Incomplete', + }, + { + id: 'CWE-826', + name: 'Premature Release of Resource During Expected Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-827', + name: 'Improper Control of Document Type Definition', + status: 'Incomplete', + }, + { + id: 'CWE-828', + name: 'Signal Handler with Functionality that is not Asynchronous-Safe', + status: 'Incomplete', + }, + { + id: 'CWE-829', + name: 'Inclusion of Functionality from Untrusted Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-83', + name: 'Improper Neutralization of Script in Attributes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-830', + name: 'Inclusion of Web Functionality from an Untrusted Source', + status: 'Incomplete', + }, + { + id: 'CWE-831', + name: 'Signal Handler Function Associated with Multiple Signals', + status: 'Incomplete', + }, + { + id: 'CWE-832', + name: 'Unlock of a Resource that is not Locked', + status: 'Incomplete', + }, + { id: 'CWE-833', name: 'Deadlock', status: 'Incomplete' }, + { id: 'CWE-834', name: 'Excessive Iteration', status: 'Incomplete' }, + { + id: 'CWE-835', + name: "Loop with Unreachable Exit Condition ('Infinite Loop')", + status: 'Incomplete', + }, + { + id: 'CWE-836', + name: 'Use of Password Hash Instead of Password for Authentication', + status: 'Incomplete', + }, + { + id: 'CWE-837', + name: 'Improper Enforcement of a Single, Unique Action', + status: 'Incomplete', + }, + { + id: 'CWE-838', + name: 'Inappropriate Encoding for Output Context', + status: 'Incomplete', + }, + { + id: 'CWE-839', + name: 'Numeric Range Comparison Without Minimum Check', + status: 'Incomplete', + }, + { + id: 'CWE-84', + name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-841', + name: 'Improper Enforcement of Behavioral Workflow', + status: 'Incomplete', + }, + { + id: 'CWE-842', + name: 'Placement of User into Incorrect Group', + status: 'Incomplete', + }, + { + id: 'CWE-843', + name: "Access of Resource Using Incompatible Type ('Type Confusion')", + status: 'Incomplete', + }, + { + id: 'CWE-85', + name: 'Doubled Character XSS Manipulations', + status: 'Draft', + }, + { + id: 'CWE-86', + name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', + status: 'Draft', + }, + { id: 'CWE-862', name: 'Missing Authorization', status: 'Incomplete' }, + { id: 'CWE-863', name: 'Incorrect Authorization', status: 'Incomplete' }, + { + id: 'CWE-87', + name: 'Improper Neutralization of Alternate XSS Syntax', + status: 'Draft', + }, + { + id: 'CWE-88', + name: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", + status: 'Draft', + }, + { + id: 'CWE-89', + name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + status: 'Stable', + }, + { + id: 'CWE-9', + name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', + status: 'Draft', + }, + { + id: 'CWE-90', + name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", + status: 'Draft', + }, + { + id: 'CWE-908', + name: 'Use of Uninitialized Resource', + status: 'Incomplete', + }, + { + id: 'CWE-909', + name: 'Missing Initialization of Resource', + status: 'Incomplete', + }, + { + id: 'CWE-91', + name: 'XML Injection (aka Blind XPath Injection)', + status: 'Draft', + }, + { + id: 'CWE-910', + name: 'Use of Expired File Descriptor', + status: 'Incomplete', + }, + { + id: 'CWE-911', + name: 'Improper Update of Reference Count', + status: 'Incomplete', + }, + { id: 'CWE-912', name: 'Hidden Functionality', status: 'Incomplete' }, + { + id: 'CWE-913', + name: 'Improper Control of Dynamically-Managed Code Resources', + status: 'Incomplete', + }, + { + id: 'CWE-914', + name: 'Improper Control of Dynamically-Identified Variables', + status: 'Incomplete', + }, + { + id: 'CWE-915', + name: 'Improperly Controlled Modification of Dynamically-Determined Object Attributes', + status: 'Incomplete', + }, + { + id: 'CWE-916', + name: 'Use of Password Hash With Insufficient Computational Effort', + status: 'Incomplete', + }, + { + id: 'CWE-917', + name: "Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-918', + name: 'Server-Side Request Forgery (SSRF)', + status: 'Incomplete', + }, + { + id: 'CWE-92', + name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', + status: 'Deprecated', + }, + { + id: 'CWE-920', + name: 'Improper Restriction of Power Consumption', + status: 'Incomplete', + }, + { + id: 'CWE-921', + name: 'Storage of Sensitive Data in a Mechanism without Access Control', + status: 'Incomplete', + }, + { + id: 'CWE-922', + name: 'Insecure Storage of Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-923', + name: 'Improper Restriction of Communication Channel to Intended Endpoints', + status: 'Incomplete', + }, + { + id: 'CWE-924', + name: 'Improper Enforcement of Message Integrity During Transmission in a Communication Channel', + status: 'Incomplete', + }, + { + id: 'CWE-925', + name: 'Improper Verification of Intent by Broadcast Receiver', + status: 'Incomplete', + }, + { + id: 'CWE-926', + name: 'Improper Export of Android Application Components', + status: 'Incomplete', + }, + { + id: 'CWE-927', + name: 'Use of Implicit Intent for Sensitive Communication', + status: 'Incomplete', + }, + { + id: 'CWE-93', + name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", + status: 'Draft', + }, + { + id: 'CWE-939', + name: 'Improper Authorization in Handler for Custom URL Scheme', + status: 'Incomplete', + }, + { + id: 'CWE-94', + name: "Improper Control of Generation of Code ('Code Injection')", + status: 'Draft', + }, + { + id: 'CWE-940', + name: 'Improper Verification of Source of a Communication Channel', + status: 'Incomplete', + }, + { + id: 'CWE-941', + name: 'Incorrectly Specified Destination in a Communication Channel', + status: 'Incomplete', + }, + { + id: 'CWE-942', + name: 'Permissive Cross-domain Policy with Untrusted Domains', + status: 'Incomplete', + }, + { + id: 'CWE-943', + name: 'Improper Neutralization of Special Elements in Data Query Logic', + status: 'Incomplete', + }, + { + id: 'CWE-95', + name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-96', + name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", + status: 'Draft', + }, + { + id: 'CWE-97', + name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', + status: 'Draft', + }, + { + id: 'CWE-98', + name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", + status: 'Draft', + }, + { + id: 'CWE-99', + name: "Improper Control of Resource Identifiers ('Resource Injection')", + status: 'Draft', + }, + ], +} diff --git a/lib/cwec/4.4.js b/lib/cwec/4.4.js new file mode 100644 index 00000000..2cb6d4df --- /dev/null +++ b/lib/cwec/4.4.js @@ -0,0 +1,4086 @@ +export default { + date: '2021-03-15', + weaknesses: [ + { + id: 'CWE-1004', + name: "Sensitive Cookie Without 'HttpOnly' Flag", + status: 'Incomplete', + }, + { + id: 'CWE-1007', + name: 'Insufficient Visual Distinction of Homoglyphs Presented to User', + status: 'Incomplete', + }, + { + id: 'CWE-102', + name: 'Struts: Duplicate Validation Forms', + status: 'Incomplete', + }, + { + id: 'CWE-1021', + name: 'Improper Restriction of Rendered UI Layers or Frames', + status: 'Incomplete', + }, + { + id: 'CWE-1022', + name: 'Use of Web Link to Untrusted Target with window.opener Access', + status: 'Incomplete', + }, + { + id: 'CWE-1023', + name: 'Incomplete Comparison with Missing Factors', + status: 'Incomplete', + }, + { + id: 'CWE-1024', + name: 'Comparison of Incompatible Types', + status: 'Incomplete', + }, + { + id: 'CWE-1025', + name: 'Comparison Using Wrong Factors', + status: 'Incomplete', + }, + { + id: 'CWE-103', + name: 'Struts: Incomplete validate() Method Definition', + status: 'Draft', + }, + { + id: 'CWE-1037', + name: 'Processor Optimization Removal or Modification of Security-critical Code', + status: 'Incomplete', + }, + { + id: 'CWE-1038', + name: 'Insecure Automated Optimizations', + status: 'Draft', + }, + { + id: 'CWE-1039', + name: 'Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations', + status: 'Incomplete', + }, + { + id: 'CWE-104', + name: 'Struts: Form Bean Does Not Extend Validation Class', + status: 'Draft', + }, + { id: 'CWE-1041', name: 'Use of Redundant Code', status: 'Incomplete' }, + { + id: 'CWE-1042', + name: 'Static Member Data Element outside of a Singleton Class Element', + status: 'Incomplete', + }, + { + id: 'CWE-1043', + name: 'Data Element Aggregating an Excessively Large Number of Non-Primitive Elements', + status: 'Incomplete', + }, + { + id: 'CWE-1044', + name: 'Architecture with Number of Horizontal Layers Outside of Expected Range', + status: 'Incomplete', + }, + { + id: 'CWE-1045', + name: 'Parent Class with a Virtual Destructor and a Child Class without a Virtual Destructor', + status: 'Incomplete', + }, + { + id: 'CWE-1046', + name: 'Creation of Immutable Text Using String Concatenation', + status: 'Incomplete', + }, + { + id: 'CWE-1047', + name: 'Modules with Circular Dependencies', + status: 'Incomplete', + }, + { + id: 'CWE-1048', + name: 'Invokable Control Element with Large Number of Outward Calls', + status: 'Incomplete', + }, + { + id: 'CWE-1049', + name: 'Excessive Data Query Operations in a Large Data Table', + status: 'Incomplete', + }, + { + id: 'CWE-105', + name: 'Struts: Form Field Without Validator', + status: 'Draft', + }, + { + id: 'CWE-1050', + name: 'Excessive Platform Resource Consumption within a Loop', + status: 'Incomplete', + }, + { + id: 'CWE-1051', + name: 'Initialization with Hard-Coded Network Resource Configuration Data', + status: 'Incomplete', + }, + { + id: 'CWE-1052', + name: 'Excessive Use of Hard-Coded Literals in Initialization', + status: 'Incomplete', + }, + { + id: 'CWE-1053', + name: 'Missing Documentation for Design', + status: 'Incomplete', + }, + { + id: 'CWE-1054', + name: 'Invocation of a Control Element at an Unnecessarily Deep Horizontal Layer', + status: 'Incomplete', + }, + { + id: 'CWE-1055', + name: 'Multiple Inheritance from Concrete Classes', + status: 'Incomplete', + }, + { + id: 'CWE-1056', + name: 'Invokable Control Element with Variadic Parameters', + status: 'Incomplete', + }, + { + id: 'CWE-1057', + name: 'Data Access Operations Outside of Expected Data Manager Component', + status: 'Incomplete', + }, + { + id: 'CWE-1058', + name: 'Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element', + status: 'Incomplete', + }, + { id: 'CWE-1059', name: 'Incomplete Documentation', status: 'Incomplete' }, + { + id: 'CWE-106', + name: 'Struts: Plug-in Framework not in Use', + status: 'Draft', + }, + { + id: 'CWE-1060', + name: 'Excessive Number of Inefficient Server-Side Data Accesses', + status: 'Incomplete', + }, + { + id: 'CWE-1061', + name: 'Insufficient Encapsulation', + status: 'Incomplete', + }, + { + id: 'CWE-1062', + name: 'Parent Class with References to Child Class', + status: 'Incomplete', + }, + { + id: 'CWE-1063', + name: 'Creation of Class Instance within a Static Code Block', + status: 'Incomplete', + }, + { + id: 'CWE-1064', + name: 'Invokable Control Element with Signature Containing an Excessive Number of Parameters', + status: 'Incomplete', + }, + { + id: 'CWE-1065', + name: 'Runtime Resource Management Control Element in a Component Built to Run on Application Servers', + status: 'Incomplete', + }, + { + id: 'CWE-1066', + name: 'Missing Serialization Control Element', + status: 'Incomplete', + }, + { + id: 'CWE-1067', + name: 'Excessive Execution of Sequential Searches of Data Resource', + status: 'Incomplete', + }, + { + id: 'CWE-1068', + name: 'Inconsistency Between Implementation and Documented Design', + status: 'Incomplete', + }, + { id: 'CWE-1069', name: 'Empty Exception Block', status: 'Incomplete' }, + { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, + { + id: 'CWE-1070', + name: 'Serializable Data Element Containing non-Serializable Item Elements', + status: 'Incomplete', + }, + { id: 'CWE-1071', name: 'Empty Code Block', status: 'Incomplete' }, + { + id: 'CWE-1072', + name: 'Data Resource Access without Use of Connection Pooling', + status: 'Incomplete', + }, + { + id: 'CWE-1073', + name: 'Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses', + status: 'Incomplete', + }, + { + id: 'CWE-1074', + name: 'Class with Excessively Deep Inheritance', + status: 'Incomplete', + }, + { + id: 'CWE-1075', + name: 'Unconditional Control Flow Transfer outside of Switch Block', + status: 'Incomplete', + }, + { + id: 'CWE-1076', + name: 'Insufficient Adherence to Expected Conventions', + status: 'Incomplete', + }, + { + id: 'CWE-1077', + name: 'Floating Point Comparison with Incorrect Operator', + status: 'Incomplete', + }, + { + id: 'CWE-1078', + name: 'Inappropriate Source Code Style or Formatting', + status: 'Incomplete', + }, + { + id: 'CWE-1079', + name: 'Parent Class without Virtual Destructor Method', + status: 'Incomplete', + }, + { + id: 'CWE-108', + name: 'Struts: Unvalidated Action Form', + status: 'Incomplete', + }, + { + id: 'CWE-1080', + name: 'Source Code File with Excessive Number of Lines of Code', + status: 'Incomplete', + }, + { + id: 'CWE-1082', + name: 'Class Instance Self Destruction Control Element', + status: 'Incomplete', + }, + { + id: 'CWE-1083', + name: 'Data Access from Outside Expected Data Manager Component', + status: 'Incomplete', + }, + { + id: 'CWE-1084', + name: 'Invokable Control Element with Excessive File or Data Access Operations', + status: 'Incomplete', + }, + { + id: 'CWE-1085', + name: 'Invokable Control Element with Excessive Volume of Commented-out Code', + status: 'Incomplete', + }, + { + id: 'CWE-1086', + name: 'Class with Excessive Number of Child Classes', + status: 'Incomplete', + }, + { + id: 'CWE-1087', + name: 'Class with Virtual Method without a Virtual Destructor', + status: 'Incomplete', + }, + { + id: 'CWE-1088', + name: 'Synchronous Access of Remote Resource without Timeout', + status: 'Incomplete', + }, + { + id: 'CWE-1089', + name: 'Large Data Table with Excessive Number of Indices', + status: 'Incomplete', + }, + { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, + { + id: 'CWE-1090', + name: 'Method Containing Access of a Member Element from Another Class', + status: 'Incomplete', + }, + { + id: 'CWE-1091', + name: 'Use of Object without Invoking Destructor Method', + status: 'Incomplete', + }, + { + id: 'CWE-1092', + name: 'Use of Same Invokable Control Element in Multiple Architectural Layers', + status: 'Incomplete', + }, + { + id: 'CWE-1093', + name: 'Excessively Complex Data Representation', + status: 'Incomplete', + }, + { + id: 'CWE-1094', + name: 'Excessive Index Range Scan for a Data Resource', + status: 'Incomplete', + }, + { + id: 'CWE-1095', + name: 'Loop Condition Value Update within the Loop', + status: 'Incomplete', + }, + { + id: 'CWE-1096', + name: 'Singleton Class Instance Creation without Proper Locking or Synchronization', + status: 'Incomplete', + }, + { + id: 'CWE-1097', + name: 'Persistent Storable Data Element without Associated Comparison Control Element', + status: 'Incomplete', + }, + { + id: 'CWE-1098', + name: 'Data Element containing Pointer Item without Proper Copy Control Element', + status: 'Incomplete', + }, + { + id: 'CWE-1099', + name: 'Inconsistent Naming Conventions for Identifiers', + status: 'Incomplete', + }, + { + id: 'CWE-11', + name: 'ASP.NET Misconfiguration: Creating Debug Binary', + status: 'Draft', + }, + { + id: 'CWE-110', + name: 'Struts: Validator Without Form Field', + status: 'Draft', + }, + { + id: 'CWE-1100', + name: 'Insufficient Isolation of System-Dependent Functions', + status: 'Incomplete', + }, + { + id: 'CWE-1101', + name: 'Reliance on Runtime Component in Generated Code', + status: 'Incomplete', + }, + { + id: 'CWE-1102', + name: 'Reliance on Machine-Dependent Data Representation', + status: 'Incomplete', + }, + { + id: 'CWE-1103', + name: 'Use of Platform-Dependent Third Party Components', + status: 'Incomplete', + }, + { + id: 'CWE-1104', + name: 'Use of Unmaintained Third Party Components', + status: 'Incomplete', + }, + { + id: 'CWE-1105', + name: 'Insufficient Encapsulation of Machine-Dependent Functionality', + status: 'Incomplete', + }, + { + id: 'CWE-1106', + name: 'Insufficient Use of Symbolic Constants', + status: 'Incomplete', + }, + { + id: 'CWE-1107', + name: 'Insufficient Isolation of Symbolic Constant Definitions', + status: 'Incomplete', + }, + { + id: 'CWE-1108', + name: 'Excessive Reliance on Global Variables', + status: 'Incomplete', + }, + { + id: 'CWE-1109', + name: 'Use of Same Variable for Multiple Purposes', + status: 'Incomplete', + }, + { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, + { + id: 'CWE-1110', + name: 'Incomplete Design Documentation', + status: 'Incomplete', + }, + { + id: 'CWE-1111', + name: 'Incomplete I/O Documentation', + status: 'Incomplete', + }, + { + id: 'CWE-1112', + name: 'Incomplete Documentation of Program Execution', + status: 'Incomplete', + }, + { + id: 'CWE-1113', + name: 'Inappropriate Comment Style', + status: 'Incomplete', + }, + { + id: 'CWE-1114', + name: 'Inappropriate Whitespace Style', + status: 'Incomplete', + }, + { + id: 'CWE-1115', + name: 'Source Code Element without Standard Prologue', + status: 'Incomplete', + }, + { id: 'CWE-1116', name: 'Inaccurate Comments', status: 'Incomplete' }, + { + id: 'CWE-1117', + name: 'Callable with Insufficient Behavioral Summary', + status: 'Incomplete', + }, + { + id: 'CWE-1118', + name: 'Insufficient Documentation of Error Handling Techniques', + status: 'Incomplete', + }, + { + id: 'CWE-1119', + name: 'Excessive Use of Unconditional Branching', + status: 'Incomplete', + }, + { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, + { id: 'CWE-1120', name: 'Excessive Code Complexity', status: 'Incomplete' }, + { + id: 'CWE-1121', + name: 'Excessive McCabe Cyclomatic Complexity', + status: 'Incomplete', + }, + { + id: 'CWE-1122', + name: 'Excessive Halstead Complexity', + status: 'Incomplete', + }, + { + id: 'CWE-1123', + name: 'Excessive Use of Self-Modifying Code', + status: 'Incomplete', + }, + { id: 'CWE-1124', name: 'Excessively Deep Nesting', status: 'Incomplete' }, + { id: 'CWE-1125', name: 'Excessive Attack Surface', status: 'Incomplete' }, + { + id: 'CWE-1126', + name: 'Declaration of Variable with Unnecessarily Wide Scope', + status: 'Incomplete', + }, + { + id: 'CWE-1127', + name: 'Compilation with Insufficient Warnings or Errors', + status: 'Incomplete', + }, + { + id: 'CWE-113', + name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')", + status: 'Incomplete', + }, + { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, + { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, + { + id: 'CWE-116', + name: 'Improper Encoding or Escaping of Output', + status: 'Draft', + }, + { id: 'CWE-1164', name: 'Irrelevant Code', status: 'Incomplete' }, + { + id: 'CWE-117', + name: 'Improper Output Neutralization for Logs', + status: 'Draft', + }, + { + id: 'CWE-1173', + name: 'Improper Use of Validation Framework', + status: 'Draft', + }, + { + id: 'CWE-1174', + name: 'ASP.NET Misconfiguration: Improper Model Validation', + status: 'Draft', + }, + { + id: 'CWE-1176', + name: 'Inefficient CPU Computation', + status: 'Incomplete', + }, + { id: 'CWE-1177', name: 'Use of Prohibited Code', status: 'Incomplete' }, + { + id: 'CWE-118', + name: "Incorrect Access of Indexable Resource ('Range Error')", + status: 'Incomplete', + }, + { + id: 'CWE-1187', + name: 'DEPRECATED: Use of Uninitialized Resource', + status: 'Deprecated', + }, + { + id: 'CWE-1188', + name: 'Insecure Default Initialization of Resource', + status: 'Incomplete', + }, + { + id: 'CWE-1189', + name: 'Improper Isolation of Shared Resources on System-on-a-Chip (SoC)', + status: 'Draft', + }, + { + id: 'CWE-119', + name: 'Improper Restriction of Operations within the Bounds of a Memory Buffer', + status: 'Stable', + }, + { + id: 'CWE-1190', + name: 'DMA Device Enabled Too Early in Boot Phase', + status: 'Draft', + }, + { + id: 'CWE-1191', + name: 'Exposed Chip Debug and Test Interface With Insufficient or Missing Authorization', + status: 'Draft', + }, + { + id: 'CWE-1192', + name: 'System-on-Chip (SoC) Using Components without Unique, Immutable Identifiers', + status: 'Draft', + }, + { + id: 'CWE-1193', + name: 'Power-On of Untrusted Execution Core Before Enabling Fabric Access Control', + status: 'Draft', + }, + { + id: 'CWE-12', + name: 'ASP.NET Misconfiguration: Missing Custom Error Page', + status: 'Draft', + }, + { + id: 'CWE-120', + name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", + status: 'Incomplete', + }, + { + id: 'CWE-1204', + name: 'Generation of Weak Initialization Vector (IV)', + status: 'Incomplete', + }, + { + id: 'CWE-1209', + name: 'Failure to Disable Reserved Bits', + status: 'Incomplete', + }, + { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, + { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, + { + id: 'CWE-1220', + name: 'Insufficient Granularity of Access Control', + status: 'Incomplete', + }, + { + id: 'CWE-1221', + name: 'Incorrect Register Defaults or Module Parameters', + status: 'Incomplete', + }, + { + id: 'CWE-1222', + name: 'Insufficient Granularity of Address Regions Protected by Register Locks', + status: 'Incomplete', + }, + { + id: 'CWE-1223', + name: 'Race Condition for Write-Once Attributes', + status: 'Incomplete', + }, + { + id: 'CWE-1224', + name: 'Improper Restriction of Write-Once Bit Fields', + status: 'Incomplete', + }, + { + id: 'CWE-1229', + name: 'Creation of Emergent Resource', + status: 'Incomplete', + }, + { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, + { + id: 'CWE-1230', + name: 'Exposure of Sensitive Information Through Metadata', + status: 'Incomplete', + }, + { + id: 'CWE-1231', + name: 'Improper Implementation of Lock Protection Registers', + status: 'Incomplete', + }, + { + id: 'CWE-1232', + name: 'Improper Lock Behavior After Power State Transition', + status: 'Incomplete', + }, + { + id: 'CWE-1233', + name: 'Improper Hardware Lock Protection for Security Sensitive Controls', + status: 'Incomplete', + }, + { + id: 'CWE-1234', + name: 'Hardware Internal or Debug Modes Allow Override of Locks', + status: 'Incomplete', + }, + { + id: 'CWE-1235', + name: 'Incorrect Use of Autoboxing and Unboxing for Performance Critical Operations', + status: 'Incomplete', + }, + { + id: 'CWE-1236', + name: 'Improper Neutralization of Formula Elements in a CSV File', + status: 'Incomplete', + }, + { + id: 'CWE-1239', + name: 'Improper Zeroization of Hardware Register', + status: 'Draft', + }, + { + id: 'CWE-124', + name: "Buffer Underwrite ('Buffer Underflow')", + status: 'Incomplete', + }, + { + id: 'CWE-1240', + name: 'Use of a Risky Cryptographic Primitive', + status: 'Draft', + }, + { + id: 'CWE-1241', + name: 'Use of Predictable Algorithm in Random Number Generator', + status: 'Draft', + }, + { + id: 'CWE-1242', + name: 'Inclusion of Undocumented Features or Chicken Bits', + status: 'Incomplete', + }, + { + id: 'CWE-1243', + name: 'Sensitive Non-Volatile Information Not Protected During Debug', + status: 'Incomplete', + }, + { + id: 'CWE-1244', + name: 'Improper Access to Sensitive Information Using Debug and Test Interfaces', + status: 'Incomplete', + }, + { + id: 'CWE-1245', + name: 'Improper Finite State Machines (FSMs) in Hardware Logic', + status: 'Incomplete', + }, + { + id: 'CWE-1246', + name: 'Improper Write Handling in Limited-write Non-Volatile Memories', + status: 'Incomplete', + }, + { + id: 'CWE-1247', + name: 'Missing or Improperly Implemented Protection Against Voltage and Clock Glitches', + status: 'Incomplete', + }, + { + id: 'CWE-1248', + name: 'Semiconductor Defects in Hardware Logic with Security-Sensitive Implications', + status: 'Incomplete', + }, + { + id: 'CWE-1249', + name: 'Application-Level Admin Tool with Inconsistent View of Underlying Operating System', + status: 'Incomplete', + }, + { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, + { + id: 'CWE-1250', + name: 'Improper Preservation of Consistency Between Independent Representations of Shared State', + status: 'Incomplete', + }, + { + id: 'CWE-1251', + name: 'Mirrored Regions with Different Values', + status: 'Incomplete', + }, + { + id: 'CWE-1252', + name: 'CPU Hardware Not Configured to Support Exclusivity of Write and Execute Operations', + status: 'Incomplete', + }, + { + id: 'CWE-1253', + name: 'Incorrect Selection of Fuse Values', + status: 'Draft', + }, + { + id: 'CWE-1254', + name: 'Incorrect Comparison Logic Granularity', + status: 'Draft', + }, + { + id: 'CWE-1255', + name: 'Comparison Logic is Vulnerable to Power Side-Channel Attacks', + status: 'Draft', + }, + { + id: 'CWE-1256', + name: 'Hardware Features Enable Physical Attacks from Software', + status: 'Incomplete', + }, + { + id: 'CWE-1257', + name: 'Improper Access Control Applied to Mirrored or Aliased Memory Regions', + status: 'Incomplete', + }, + { + id: 'CWE-1258', + name: 'Exposure of Sensitive System Information Due to Uncleared Debug Information', + status: 'Draft', + }, + { + id: 'CWE-1259', + name: 'Improper Restriction of Security Token Assignment', + status: 'Incomplete', + }, + { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, + { + id: 'CWE-1260', + name: 'Improper Handling of Overlap Between Protected Memory Ranges', + status: 'Draft', + }, + { + id: 'CWE-1261', + name: 'Improper Handling of Single Event Upsets', + status: 'Draft', + }, + { + id: 'CWE-1262', + name: 'Register Interface Allows Software Access to Sensitive Data or Security Settings', + status: 'Incomplete', + }, + { + id: 'CWE-1263', + name: 'Improper Physical Access Control', + status: 'Incomplete', + }, + { + id: 'CWE-1264', + name: 'Hardware Logic with Insecure De-Synchronization between Control and Data Channels', + status: 'Incomplete', + }, + { + id: 'CWE-1265', + name: 'Unintended Reentrant Invocation of Non-reentrant Code Via Nested Calls', + status: 'Draft', + }, + { + id: 'CWE-1266', + name: 'Improper Scrubbing of Sensitive Data from Decommissioned Device', + status: 'Incomplete', + }, + { id: 'CWE-1267', name: 'Policy Uses Obsolete Encoding', status: 'Draft' }, + { + id: 'CWE-1268', + name: 'Policy Privileges are not Assigned Consistently Between Control and Data Agents', + status: 'Draft', + }, + { + id: 'CWE-1269', + name: 'Product Released in Non-Release Configuration', + status: 'Incomplete', + }, + { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, + { + id: 'CWE-1270', + name: 'Generation of Incorrect Security Tokens', + status: 'Incomplete', + }, + { + id: 'CWE-1271', + name: 'Uninitialized Value on Reset for Registers Holding Security Settings', + status: 'Incomplete', + }, + { + id: 'CWE-1272', + name: 'Sensitive Information Uncleared Before Debug/Power State Transition', + status: 'Incomplete', + }, + { + id: 'CWE-1273', + name: 'Device Unlock Credential Sharing', + status: 'Incomplete', + }, + { + id: 'CWE-1274', + name: 'Insufficient Protections on the Volatile Memory Containing Boot Code', + status: 'Incomplete', + }, + { + id: 'CWE-1275', + name: 'Sensitive Cookie with Improper SameSite Attribute', + status: 'Incomplete', + }, + { + id: 'CWE-1276', + name: 'Hardware Child Block Incorrectly Connected to Parent System', + status: 'Incomplete', + }, + { id: 'CWE-1277', name: 'Firmware Not Updateable', status: 'Incomplete' }, + { + id: 'CWE-1278', + name: 'Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques', + status: 'Incomplete', + }, + { + id: 'CWE-1279', + name: 'Cryptographic Operations are run Before Supporting Units are Ready', + status: 'Incomplete', + }, + { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, + { + id: 'CWE-1280', + name: 'Access Control Check Implemented After Asset is Accessed', + status: 'Incomplete', + }, + { + id: 'CWE-1281', + name: 'Sequence of Processor Instructions Leads to Unexpected Behavior (Halt and Catch Fire)', + status: 'Incomplete', + }, + { + id: 'CWE-1282', + name: 'Assumed-Immutable Data is Stored in Writable Memory', + status: 'Incomplete', + }, + { + id: 'CWE-1283', + name: 'Mutable Attestation or Measurement Reporting Data', + status: 'Incomplete', + }, + { + id: 'CWE-1284', + name: 'Improper Validation of Specified Quantity in Input', + status: 'Incomplete', + }, + { + id: 'CWE-1285', + name: 'Improper Validation of Specified Index, Position, or Offset in Input', + status: 'Incomplete', + }, + { + id: 'CWE-1286', + name: 'Improper Validation of Syntactic Correctness of Input', + status: 'Incomplete', + }, + { + id: 'CWE-1287', + name: 'Improper Validation of Specified Type of Input', + status: 'Incomplete', + }, + { + id: 'CWE-1288', + name: 'Improper Validation of Consistency within Input', + status: 'Incomplete', + }, + { + id: 'CWE-1289', + name: 'Improper Validation of Unsafe Equivalence in Input', + status: 'Incomplete', + }, + { + id: 'CWE-129', + name: 'Improper Validation of Array Index', + status: 'Draft', + }, + { + id: 'CWE-1290', + name: 'Incorrect Decoding of Security Identifiers ', + status: 'Incomplete', + }, + { + id: 'CWE-1291', + name: 'Public Key Re-Use for Signing both Debug and Production Code', + status: 'Draft', + }, + { + id: 'CWE-1292', + name: 'Incorrect Conversion of Security Identifiers', + status: 'Draft', + }, + { + id: 'CWE-1293', + name: 'Missing Source Correlation of Multiple Independent Data', + status: 'Draft', + }, + { + id: 'CWE-1294', + name: 'Insecure Security Identifier Mechanism', + status: 'Incomplete', + }, + { + id: 'CWE-1295', + name: 'Debug Messages Revealing Unnecessary Information', + status: 'Incomplete', + }, + { + id: 'CWE-1296', + name: 'Incorrect Chaining or Granularity of Debug Components', + status: 'Incomplete', + }, + { + id: 'CWE-1297', + name: 'Unprotected Confidential Information on Device is Accessible by OSAT Vendors', + status: 'Incomplete', + }, + { + id: 'CWE-1298', + name: 'Hardware Logic Contains Race Conditions', + status: 'Draft', + }, + { + id: 'CWE-1299', + name: 'Missing Protection Mechanism for Alternate Hardware Interface', + status: 'Draft', + }, + { + id: 'CWE-13', + name: 'ASP.NET Misconfiguration: Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-130', + name: 'Improper Handling of Length Parameter Inconsistency', + status: 'Incomplete', + }, + { + id: 'CWE-1300', + name: 'Improper Protection Against Physical Side Channels', + status: 'Incomplete', + }, + { + id: 'CWE-1301', + name: 'Insufficient or Incomplete Data Removal within Hardware Component', + status: 'Incomplete', + }, + { + id: 'CWE-1302', + name: 'Missing Security Identifier', + status: 'Incomplete', + }, + { + id: 'CWE-1303', + name: 'Non-Transparent Sharing of Microarchitectural Resources', + status: 'Draft', + }, + { + id: 'CWE-1304', + name: 'Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation', + status: 'Draft', + }, + { + id: 'CWE-131', + name: 'Incorrect Calculation of Buffer Size', + status: 'Draft', + }, + { + id: 'CWE-1310', + name: 'Missing Ability to Patch ROM Code', + status: 'Draft', + }, + { + id: 'CWE-1311', + name: 'Improper Translation of Security Attributes by Fabric Bridge', + status: 'Draft', + }, + { + id: 'CWE-1312', + name: 'Missing Protection for Mirrored Regions in On-Chip Fabric Firewall', + status: 'Draft', + }, + { + id: 'CWE-1313', + name: 'Hardware Allows Activation of Test or Debug Logic at Runtime', + status: 'Draft', + }, + { + id: 'CWE-1314', + name: 'Missing Write Protection for Parametric Data Values', + status: 'Draft', + }, + { + id: 'CWE-1315', + name: 'Improper Setting of Bus Controlling Capability in Fabric End-point', + status: 'Incomplete', + }, + { + id: 'CWE-1316', + name: 'Fabric-Address Map Allows Programming of Unwarranted Overlaps of Protected and Unprotected Ranges', + status: 'Draft', + }, + { + id: 'CWE-1317', + name: 'Missing Security Checks in Fabric Bridge', + status: 'Draft', + }, + { + id: 'CWE-1318', + name: 'Missing Support for Security Features in On-chip Fabrics or Buses', + status: 'Incomplete', + }, + { + id: 'CWE-1319', + name: 'Improper Protection against Electromagnetic Fault Injection (EM-FI)', + status: 'Incomplete', + }, + { + id: 'CWE-132', + name: 'DEPRECATED (Duplicate): Miscalculated Null Termination', + status: 'Deprecated', + }, + { + id: 'CWE-1320', + name: 'Improper Protection for Out of Bounds Signal Level Alerts', + status: 'Draft', + }, + { + id: 'CWE-1321', + name: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", + status: 'Incomplete', + }, + { + id: 'CWE-1322', + name: 'Use of Blocking Code in Single-threaded, Non-blocking Context', + status: 'Incomplete', + }, + { + id: 'CWE-1323', + name: 'Improper Management of Sensitive Trace Data', + status: 'Draft', + }, + { + id: 'CWE-1324', + name: 'Sensitive Information Accessible by Physical Probing of JTAG Interface', + status: 'Draft', + }, + { + id: 'CWE-1325', + name: 'Improperly Controlled Sequential Memory Allocation', + status: 'Incomplete', + }, + { + id: 'CWE-1326', + name: 'Missing Immutable Root of Trust in Hardware', + status: 'Draft', + }, + { + id: 'CWE-1327', + name: 'Binding to an Unrestricted IP Address', + status: 'Incomplete', + }, + { + id: 'CWE-1328', + name: 'Security Version Number Mutable to Older Versions', + status: 'Draft', + }, + { + id: 'CWE-1329', + name: 'Reliance on Component That is Not Updateable', + status: 'Incomplete', + }, + { + id: 'CWE-1330', + name: 'Remanent Data Readable after Memory Erase', + status: 'Draft', + }, + { + id: 'CWE-1331', + name: 'Improper Isolation of Shared Resources in Network On Chip', + status: 'Draft', + }, + { + id: 'CWE-1332', + name: 'Insufficient Protection Against Instruction Skipping Via Fault Injection', + status: 'Incomplete', + }, + { + id: 'CWE-1333', + name: 'Inefficient Regular Expression Complexity', + status: 'Draft', + }, + { + id: 'CWE-1334', + name: 'Unauthorized Error Injection Can Degrade Hardware Redundancy', + status: 'Draft', + }, + { + id: 'CWE-1338', + name: 'Improper Protections Against Hardware Overheating', + status: 'Draft', + }, + { + id: 'CWE-134', + name: 'Use of Externally-Controlled Format String', + status: 'Draft', + }, + { + id: 'CWE-135', + name: 'Incorrect Calculation of Multi-Byte String Length', + status: 'Draft', + }, + { + id: 'CWE-138', + name: 'Improper Neutralization of Special Elements', + status: 'Draft', + }, + { + id: 'CWE-14', + name: 'Compiler Removal of Code to Clear Buffers', + status: 'Draft', + }, + { + id: 'CWE-140', + name: 'Improper Neutralization of Delimiters', + status: 'Draft', + }, + { + id: 'CWE-141', + name: 'Improper Neutralization of Parameter/Argument Delimiters', + status: 'Draft', + }, + { + id: 'CWE-142', + name: 'Improper Neutralization of Value Delimiters', + status: 'Draft', + }, + { + id: 'CWE-143', + name: 'Improper Neutralization of Record Delimiters', + status: 'Draft', + }, + { + id: 'CWE-144', + name: 'Improper Neutralization of Line Delimiters', + status: 'Draft', + }, + { + id: 'CWE-145', + name: 'Improper Neutralization of Section Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-146', + name: 'Improper Neutralization of Expression/Command Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-147', + name: 'Improper Neutralization of Input Terminators', + status: 'Draft', + }, + { + id: 'CWE-148', + name: 'Improper Neutralization of Input Leaders', + status: 'Draft', + }, + { + id: 'CWE-149', + name: 'Improper Neutralization of Quoting Syntax', + status: 'Draft', + }, + { + id: 'CWE-15', + name: 'External Control of System or Configuration Setting', + status: 'Incomplete', + }, + { + id: 'CWE-150', + name: 'Improper Neutralization of Escape, Meta, or Control Sequences', + status: 'Incomplete', + }, + { + id: 'CWE-151', + name: 'Improper Neutralization of Comment Delimiters', + status: 'Draft', + }, + { + id: 'CWE-152', + name: 'Improper Neutralization of Macro Symbols', + status: 'Draft', + }, + { + id: 'CWE-153', + name: 'Improper Neutralization of Substitution Characters', + status: 'Draft', + }, + { + id: 'CWE-154', + name: 'Improper Neutralization of Variable Name Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-155', + name: 'Improper Neutralization of Wildcards or Matching Symbols', + status: 'Draft', + }, + { + id: 'CWE-156', + name: 'Improper Neutralization of Whitespace', + status: 'Draft', + }, + { + id: 'CWE-157', + name: 'Failure to Sanitize Paired Delimiters', + status: 'Draft', + }, + { + id: 'CWE-158', + name: 'Improper Neutralization of Null Byte or NUL Character', + status: 'Incomplete', + }, + { + id: 'CWE-159', + name: 'Improper Handling of Invalid Use of Special Elements', + status: 'Draft', + }, + { + id: 'CWE-160', + name: 'Improper Neutralization of Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-161', + name: 'Improper Neutralization of Multiple Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-162', + name: 'Improper Neutralization of Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-163', + name: 'Improper Neutralization of Multiple Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-164', + name: 'Improper Neutralization of Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-165', + name: 'Improper Neutralization of Multiple Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-166', + name: 'Improper Handling of Missing Special Element', + status: 'Draft', + }, + { + id: 'CWE-167', + name: 'Improper Handling of Additional Special Element', + status: 'Draft', + }, + { + id: 'CWE-168', + name: 'Improper Handling of Inconsistent Special Elements', + status: 'Draft', + }, + { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, + { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, + { + id: 'CWE-173', + name: 'Improper Handling of Alternate Encoding', + status: 'Draft', + }, + { + id: 'CWE-174', + name: 'Double Decoding of the Same Data', + status: 'Draft', + }, + { + id: 'CWE-175', + name: 'Improper Handling of Mixed Encoding', + status: 'Draft', + }, + { + id: 'CWE-176', + name: 'Improper Handling of Unicode Encoding', + status: 'Draft', + }, + { + id: 'CWE-177', + name: 'Improper Handling of URL Encoding (Hex Encoding)', + status: 'Draft', + }, + { + id: 'CWE-178', + name: 'Improper Handling of Case Sensitivity', + status: 'Incomplete', + }, + { + id: 'CWE-179', + name: 'Incorrect Behavior Order: Early Validation', + status: 'Incomplete', + }, + { + id: 'CWE-180', + name: 'Incorrect Behavior Order: Validate Before Canonicalize', + status: 'Draft', + }, + { + id: 'CWE-181', + name: 'Incorrect Behavior Order: Validate Before Filter', + status: 'Draft', + }, + { + id: 'CWE-182', + name: 'Collapse of Data into Unsafe Value', + status: 'Draft', + }, + { + id: 'CWE-183', + name: 'Permissive List of Allowed Inputs', + status: 'Draft', + }, + { + id: 'CWE-184', + name: 'Incomplete List of Disallowed Inputs', + status: 'Draft', + }, + { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, + { + id: 'CWE-186', + name: 'Overly Restrictive Regular Expression', + status: 'Draft', + }, + { id: 'CWE-187', name: 'Partial String Comparison', status: 'Incomplete' }, + { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, + { id: 'CWE-190', name: 'Integer Overflow or Wraparound', status: 'Stable' }, + { + id: 'CWE-191', + name: 'Integer Underflow (Wrap or Wraparound)', + status: 'Draft', + }, + { id: 'CWE-192', name: 'Integer Coercion Error', status: 'Incomplete' }, + { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, + { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, + { + id: 'CWE-195', + name: 'Signed to Unsigned Conversion Error', + status: 'Draft', + }, + { + id: 'CWE-196', + name: 'Unsigned to Signed Conversion Error', + status: 'Draft', + }, + { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, + { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, + { id: 'CWE-20', name: 'Improper Input Validation', status: 'Stable' }, + { + id: 'CWE-200', + name: 'Exposure of Sensitive Information to an Unauthorized Actor', + status: 'Draft', + }, + { + id: 'CWE-201', + name: 'Insertion of Sensitive Information Into Sent Data', + status: 'Draft', + }, + { + id: 'CWE-202', + name: 'Exposure of Sensitive Information Through Data Queries', + status: 'Draft', + }, + { id: 'CWE-203', name: 'Observable Discrepancy', status: 'Incomplete' }, + { + id: 'CWE-204', + name: 'Observable Response Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-205', + name: 'Observable Behavioral Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-206', + name: 'Observable Internal Behavioral Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-207', + name: 'Observable Behavioral Discrepancy With Equivalent Products', + status: 'Draft', + }, + { + id: 'CWE-208', + name: 'Observable Timing Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-209', + name: 'Generation of Error Message Containing Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-210', + name: 'Self-generated Error Message Containing Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-211', + name: 'Externally-Generated Error Message Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-212', + name: 'Improper Removal of Sensitive Information Before Storage or Transfer', + status: 'Incomplete', + }, + { + id: 'CWE-213', + name: 'Exposure of Sensitive Information Due to Incompatible Policies', + status: 'Draft', + }, + { + id: 'CWE-214', + name: 'Invocation of Process Using Visible Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-215', + name: 'Insertion of Sensitive Information Into Debugging Code', + status: 'Draft', + }, + { + id: 'CWE-216', + name: 'DEPRECATED: Containment Errors (Container Errors)', + status: 'Deprecated', + }, + { + id: 'CWE-217', + name: 'DEPRECATED: Failure to Protect Stored Data from Modification', + status: 'Deprecated', + }, + { + id: 'CWE-218', + name: 'DEPRECATED (Duplicate): Failure to provide confidentiality for stored data', + status: 'Deprecated', + }, + { + id: 'CWE-219', + name: 'Storage of File with Sensitive Data Under Web Root', + status: 'Draft', + }, + { + id: 'CWE-22', + name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + status: 'Stable', + }, + { + id: 'CWE-220', + name: 'Storage of File With Sensitive Data Under FTP Root', + status: 'Draft', + }, + { + id: 'CWE-221', + name: 'Information Loss or Omission', + status: 'Incomplete', + }, + { + id: 'CWE-222', + name: 'Truncation of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-223', + name: 'Omission of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-224', + name: 'Obscured Security-relevant Information by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-225', + name: 'DEPRECATED (Duplicate): General Information Management Problems', + status: 'Deprecated', + }, + { + id: 'CWE-226', + name: 'Sensitive Information in Resource Not Removed Before Reuse', + status: 'Draft', + }, + { + id: 'CWE-228', + name: 'Improper Handling of Syntactically Invalid Structure', + status: 'Incomplete', + }, + { + id: 'CWE-229', + name: 'Improper Handling of Values', + status: 'Incomplete', + }, + { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, + { + id: 'CWE-230', + name: 'Improper Handling of Missing Values', + status: 'Draft', + }, + { + id: 'CWE-231', + name: 'Improper Handling of Extra Values', + status: 'Draft', + }, + { + id: 'CWE-232', + name: 'Improper Handling of Undefined Values', + status: 'Draft', + }, + { + id: 'CWE-233', + name: 'Improper Handling of Parameters', + status: 'Incomplete', + }, + { + id: 'CWE-234', + name: 'Failure to Handle Missing Parameter', + status: 'Incomplete', + }, + { + id: 'CWE-235', + name: 'Improper Handling of Extra Parameters', + status: 'Draft', + }, + { + id: 'CWE-236', + name: 'Improper Handling of Undefined Parameters', + status: 'Draft', + }, + { + id: 'CWE-237', + name: 'Improper Handling of Structural Elements', + status: 'Incomplete', + }, + { + id: 'CWE-238', + name: 'Improper Handling of Incomplete Structural Elements', + status: 'Draft', + }, + { + id: 'CWE-239', + name: 'Failure to Handle Incomplete Element', + status: 'Draft', + }, + { + id: 'CWE-24', + name: "Path Traversal: '../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-240', + name: 'Improper Handling of Inconsistent Structural Elements', + status: 'Draft', + }, + { + id: 'CWE-241', + name: 'Improper Handling of Unexpected Data Type', + status: 'Draft', + }, + { + id: 'CWE-242', + name: 'Use of Inherently Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-243', + name: 'Creation of chroot Jail Without Changing Working Directory', + status: 'Draft', + }, + { + id: 'CWE-244', + name: "Improper Clearing of Heap Memory Before Release ('Heap Inspection')", + status: 'Draft', + }, + { + id: 'CWE-245', + name: 'J2EE Bad Practices: Direct Management of Connections', + status: 'Draft', + }, + { + id: 'CWE-246', + name: 'J2EE Bad Practices: Direct Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-247', + name: 'DEPRECATED (Duplicate): Reliance on DNS Lookups in a Security Decision', + status: 'Deprecated', + }, + { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, + { + id: 'CWE-249', + name: 'DEPRECATED: Often Misused: Path Manipulation', + status: 'Deprecated', + }, + { + id: 'CWE-25', + name: "Path Traversal: '/../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-250', + name: 'Execution with Unnecessary Privileges', + status: 'Draft', + }, + { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, + { + id: 'CWE-253', + name: 'Incorrect Check of Function Return Value', + status: 'Incomplete', + }, + { + id: 'CWE-256', + name: 'Unprotected Storage of Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-257', + name: 'Storing Passwords in a Recoverable Format', + status: 'Incomplete', + }, + { + id: 'CWE-258', + name: 'Empty Password in Configuration File', + status: 'Incomplete', + }, + { id: 'CWE-259', name: 'Use of Hard-coded Password', status: 'Draft' }, + { + id: 'CWE-26', + name: "Path Traversal: '/dir/../filename'", + status: 'Draft', + }, + { + id: 'CWE-260', + name: 'Password in Configuration File', + status: 'Incomplete', + }, + { id: 'CWE-261', name: 'Weak Encoding for Password', status: 'Incomplete' }, + { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, + { + id: 'CWE-263', + name: 'Password Aging with Long Expiration', + status: 'Draft', + }, + { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, + { + id: 'CWE-267', + name: 'Privilege Defined With Unsafe Actions', + status: 'Incomplete', + }, + { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, + { id: 'CWE-269', name: 'Improper Privilege Management', status: 'Draft' }, + { + id: 'CWE-27', + name: "Path Traversal: 'dir/../../filename'", + status: 'Draft', + }, + { + id: 'CWE-270', + name: 'Privilege Context Switching Error', + status: 'Draft', + }, + { + id: 'CWE-271', + name: 'Privilege Dropping / Lowering Errors', + status: 'Incomplete', + }, + { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, + { + id: 'CWE-273', + name: 'Improper Check for Dropped Privileges', + status: 'Incomplete', + }, + { + id: 'CWE-274', + name: 'Improper Handling of Insufficient Privileges', + status: 'Draft', + }, + { id: 'CWE-276', name: 'Incorrect Default Permissions', status: 'Draft' }, + { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, + { + id: 'CWE-278', + name: 'Insecure Preserved Inherited Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-279', + name: 'Incorrect Execution-Assigned Permissions', + status: 'Draft', + }, + { + id: 'CWE-28', + name: "Path Traversal: '..\\filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-280', + name: 'Improper Handling of Insufficient Permissions or Privileges ', + status: 'Draft', + }, + { + id: 'CWE-281', + name: 'Improper Preservation of Permissions', + status: 'Draft', + }, + { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, + { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, + { id: 'CWE-284', name: 'Improper Access Control', status: 'Incomplete' }, + { id: 'CWE-285', name: 'Improper Authorization', status: 'Draft' }, + { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, + { id: 'CWE-287', name: 'Improper Authentication', status: 'Draft' }, + { + id: 'CWE-288', + name: 'Authentication Bypass Using an Alternate Path or Channel', + status: 'Incomplete', + }, + { + id: 'CWE-289', + name: 'Authentication Bypass by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-29', + name: "Path Traversal: '\\..\\filename'", + status: 'Incomplete', + }, + { + id: 'CWE-290', + name: 'Authentication Bypass by Spoofing', + status: 'Incomplete', + }, + { + id: 'CWE-291', + name: 'Reliance on IP Address for Authentication', + status: 'Incomplete', + }, + { + id: 'CWE-292', + name: 'DEPRECATED (Duplicate): Trusting Self-reported DNS Name', + status: 'Deprecated', + }, + { + id: 'CWE-293', + name: 'Using Referer Field for Authentication', + status: 'Draft', + }, + { + id: 'CWE-294', + name: 'Authentication Bypass by Capture-replay', + status: 'Incomplete', + }, + { id: 'CWE-295', name: 'Improper Certificate Validation', status: 'Draft' }, + { + id: 'CWE-296', + name: "Improper Following of a Certificate's Chain of Trust", + status: 'Draft', + }, + { + id: 'CWE-297', + name: 'Improper Validation of Certificate with Host Mismatch', + status: 'Incomplete', + }, + { + id: 'CWE-298', + name: 'Improper Validation of Certificate Expiration', + status: 'Draft', + }, + { + id: 'CWE-299', + name: 'Improper Check for Certificate Revocation', + status: 'Draft', + }, + { + id: 'CWE-30', + name: "Path Traversal: '\\dir\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-300', + name: 'Channel Accessible by Non-Endpoint', + status: 'Draft', + }, + { + id: 'CWE-301', + name: 'Reflection Attack in an Authentication Protocol', + status: 'Draft', + }, + { + id: 'CWE-302', + name: 'Authentication Bypass by Assumed-Immutable Data', + status: 'Incomplete', + }, + { + id: 'CWE-303', + name: 'Incorrect Implementation of Authentication Algorithm', + status: 'Draft', + }, + { + id: 'CWE-304', + name: 'Missing Critical Step in Authentication', + status: 'Draft', + }, + { + id: 'CWE-305', + name: 'Authentication Bypass by Primary Weakness', + status: 'Draft', + }, + { + id: 'CWE-306', + name: 'Missing Authentication for Critical Function', + status: 'Draft', + }, + { + id: 'CWE-307', + name: 'Improper Restriction of Excessive Authentication Attempts', + status: 'Draft', + }, + { + id: 'CWE-308', + name: 'Use of Single-factor Authentication', + status: 'Draft', + }, + { + id: 'CWE-309', + name: 'Use of Password System for Primary Authentication', + status: 'Draft', + }, + { + id: 'CWE-31', + name: "Path Traversal: 'dir\\..\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-311', + name: 'Missing Encryption of Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-312', + name: 'Cleartext Storage of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-313', + name: 'Cleartext Storage in a File or on Disk', + status: 'Draft', + }, + { + id: 'CWE-314', + name: 'Cleartext Storage in the Registry', + status: 'Draft', + }, + { + id: 'CWE-315', + name: 'Cleartext Storage of Sensitive Information in a Cookie', + status: 'Draft', + }, + { + id: 'CWE-316', + name: 'Cleartext Storage of Sensitive Information in Memory', + status: 'Draft', + }, + { + id: 'CWE-317', + name: 'Cleartext Storage of Sensitive Information in GUI', + status: 'Draft', + }, + { + id: 'CWE-318', + name: 'Cleartext Storage of Sensitive Information in Executable', + status: 'Draft', + }, + { + id: 'CWE-319', + name: 'Cleartext Transmission of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-32', + name: "Path Traversal: '...' (Triple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-321', + name: 'Use of Hard-coded Cryptographic Key', + status: 'Draft', + }, + { + id: 'CWE-322', + name: 'Key Exchange without Entity Authentication', + status: 'Draft', + }, + { + id: 'CWE-323', + name: 'Reusing a Nonce, Key Pair in Encryption', + status: 'Incomplete', + }, + { + id: 'CWE-324', + name: 'Use of a Key Past its Expiration Date', + status: 'Draft', + }, + { id: 'CWE-325', name: 'Missing Cryptographic Step', status: 'Draft' }, + { id: 'CWE-326', name: 'Inadequate Encryption Strength', status: 'Draft' }, + { + id: 'CWE-327', + name: 'Use of a Broken or Risky Cryptographic Algorithm', + status: 'Draft', + }, + { id: 'CWE-328', name: 'Reversible One-Way Hash', status: 'Draft' }, + { + id: 'CWE-329', + name: 'Not Using an Unpredictable IV with CBC Mode', + status: 'Draft', + }, + { + id: 'CWE-33', + name: "Path Traversal: '....' (Multiple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-330', + name: 'Use of Insufficiently Random Values', + status: 'Stable', + }, + { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, + { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, + { + id: 'CWE-333', + name: 'Improper Handling of Insufficient Entropy in TRNG', + status: 'Draft', + }, + { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, + { + id: 'CWE-335', + name: 'Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + }, + { + id: 'CWE-336', + name: 'Same Seed in Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + }, + { + id: 'CWE-337', + name: 'Predictable Seed in Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + }, + { + id: 'CWE-338', + name: 'Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + }, + { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, + { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, + { + id: 'CWE-340', + name: 'Generation of Predictable Numbers or Identifiers', + status: 'Incomplete', + }, + { + id: 'CWE-341', + name: 'Predictable from Observable State', + status: 'Draft', + }, + { + id: 'CWE-342', + name: 'Predictable Exact Value from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-343', + name: 'Predictable Value Range from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-344', + name: 'Use of Invariant Value in Dynamically Changing Context', + status: 'Draft', + }, + { + id: 'CWE-345', + name: 'Insufficient Verification of Data Authenticity', + status: 'Draft', + }, + { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, + { + id: 'CWE-347', + name: 'Improper Verification of Cryptographic Signature', + status: 'Draft', + }, + { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, + { + id: 'CWE-349', + name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', + status: 'Draft', + }, + { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, + { + id: 'CWE-350', + name: 'Reliance on Reverse DNS Resolution for a Security-Critical Action', + status: 'Draft', + }, + { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, + { + id: 'CWE-352', + name: 'Cross-Site Request Forgery (CSRF)', + status: 'Stable', + }, + { + id: 'CWE-353', + name: 'Missing Support for Integrity Check', + status: 'Draft', + }, + { + id: 'CWE-354', + name: 'Improper Validation of Integrity Check Value', + status: 'Draft', + }, + { + id: 'CWE-356', + name: 'Product UI does not Warn User of Unsafe Actions', + status: 'Incomplete', + }, + { + id: 'CWE-357', + name: 'Insufficient UI Warning of Dangerous Operations', + status: 'Draft', + }, + { + id: 'CWE-358', + name: 'Improperly Implemented Security Check for Standard', + status: 'Draft', + }, + { + id: 'CWE-359', + name: 'Exposure of Private Personal Information to an Unauthorized Actor', + status: 'Incomplete', + }, + { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, + { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, + { + id: 'CWE-362', + name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", + status: 'Draft', + }, + { + id: 'CWE-363', + name: 'Race Condition Enabling Link Following', + status: 'Draft', + }, + { + id: 'CWE-364', + name: 'Signal Handler Race Condition', + status: 'Incomplete', + }, + { id: 'CWE-365', name: 'Race Condition in Switch', status: 'Draft' }, + { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, + { + id: 'CWE-367', + name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', + status: 'Incomplete', + }, + { + id: 'CWE-368', + name: 'Context Switching Race Condition', + status: 'Draft', + }, + { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, + { + id: 'CWE-37', + name: "Path Traversal: '/absolute/pathname/here'", + status: 'Draft', + }, + { + id: 'CWE-370', + name: 'Missing Check for Certificate Revocation after Initial Check', + status: 'Draft', + }, + { + id: 'CWE-372', + name: 'Incomplete Internal State Distinction', + status: 'Draft', + }, + { + id: 'CWE-373', + name: 'DEPRECATED: State Synchronization Error', + status: 'Deprecated', + }, + { + id: 'CWE-374', + name: 'Passing Mutable Objects to an Untrusted Method', + status: 'Draft', + }, + { + id: 'CWE-375', + name: 'Returning a Mutable Object to an Untrusted Caller', + status: 'Draft', + }, + { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, + { + id: 'CWE-378', + name: 'Creation of Temporary File With Insecure Permissions', + status: 'Draft', + }, + { + id: 'CWE-379', + name: 'Creation of Temporary File in Directory with Insecure Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-38', + name: "Path Traversal: '\\absolute\\pathname\\here'", + status: 'Draft', + }, + { + id: 'CWE-382', + name: 'J2EE Bad Practices: Use of System.exit()', + status: 'Draft', + }, + { + id: 'CWE-383', + name: 'J2EE Bad Practices: Direct Use of Threads', + status: 'Draft', + }, + { id: 'CWE-384', name: 'Session Fixation', status: 'Incomplete' }, + { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, + { + id: 'CWE-386', + name: 'Symbolic Name not Mapping to Correct Object', + status: 'Draft', + }, + { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, + { + id: 'CWE-390', + name: 'Detection of Error Condition Without Action', + status: 'Draft', + }, + { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, + { + id: 'CWE-392', + name: 'Missing Report of Error Condition', + status: 'Draft', + }, + { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, + { + id: 'CWE-394', + name: 'Unexpected Status Code or Return Value', + status: 'Draft', + }, + { + id: 'CWE-395', + name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', + status: 'Draft', + }, + { + id: 'CWE-396', + name: 'Declaration of Catch for Generic Exception', + status: 'Draft', + }, + { + id: 'CWE-397', + name: 'Declaration of Throws for Generic Exception', + status: 'Draft', + }, + { + id: 'CWE-40', + name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", + status: 'Draft', + }, + { + id: 'CWE-400', + name: 'Uncontrolled Resource Consumption', + status: 'Draft', + }, + { + id: 'CWE-401', + name: 'Missing Release of Memory after Effective Lifetime', + status: 'Draft', + }, + { + id: 'CWE-402', + name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", + status: 'Draft', + }, + { + id: 'CWE-403', + name: "Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')", + status: 'Draft', + }, + { + id: 'CWE-404', + name: 'Improper Resource Shutdown or Release', + status: 'Draft', + }, + { + id: 'CWE-405', + name: 'Asymmetric Resource Consumption (Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-406', + name: 'Insufficient Control of Network Message Volume (Network Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-407', + name: 'Inefficient Algorithmic Complexity', + status: 'Incomplete', + }, + { + id: 'CWE-408', + name: 'Incorrect Behavior Order: Early Amplification', + status: 'Draft', + }, + { + id: 'CWE-409', + name: 'Improper Handling of Highly Compressed Data (Data Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-41', + name: 'Improper Resolution of Path Equivalence', + status: 'Incomplete', + }, + { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, + { + id: 'CWE-412', + name: 'Unrestricted Externally Accessible Lock', + status: 'Incomplete', + }, + { id: 'CWE-413', name: 'Improper Resource Locking', status: 'Draft' }, + { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, + { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, + { id: 'CWE-416', name: 'Use After Free', status: 'Stable' }, + { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, + { + id: 'CWE-42', + name: "Path Equivalence: 'filename.' (Trailing Dot)", + status: 'Incomplete', + }, + { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, + { + id: 'CWE-421', + name: 'Race Condition During Access to Alternate Channel', + status: 'Draft', + }, + { + id: 'CWE-422', + name: "Unprotected Windows Messaging Channel ('Shatter')", + status: 'Draft', + }, + { + id: 'CWE-423', + name: 'DEPRECATED (Duplicate): Proxied Trusted Channel', + status: 'Deprecated', + }, + { + id: 'CWE-424', + name: 'Improper Protection of Alternate Path', + status: 'Draft', + }, + { + id: 'CWE-425', + name: "Direct Request ('Forced Browsing')", + status: 'Incomplete', + }, + { id: 'CWE-426', name: 'Untrusted Search Path', status: 'Stable' }, + { + id: 'CWE-427', + name: 'Uncontrolled Search Path Element', + status: 'Draft', + }, + { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, + { + id: 'CWE-43', + name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-430', + name: 'Deployment of Wrong Handler', + status: 'Incomplete', + }, + { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, + { + id: 'CWE-432', + name: 'Dangerous Signal Handler not Disabled During Sensitive Operations', + status: 'Draft', + }, + { + id: 'CWE-433', + name: 'Unparsed Raw Web Content Delivery', + status: 'Incomplete', + }, + { + id: 'CWE-434', + name: 'Unrestricted Upload of File with Dangerous Type', + status: 'Draft', + }, + { + id: 'CWE-435', + name: 'Improper Interaction Between Multiple Correctly-Behaving Entities', + status: 'Draft', + }, + { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, + { + id: 'CWE-437', + name: 'Incomplete Model of Endpoint Features', + status: 'Incomplete', + }, + { + id: 'CWE-439', + name: 'Behavioral Change in New Version or Environment', + status: 'Draft', + }, + { + id: 'CWE-44', + name: "Path Equivalence: 'file.name' (Internal Dot)", + status: 'Incomplete', + }, + { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, + { + id: 'CWE-441', + name: "Unintended Proxy or Intermediary ('Confused Deputy')", + status: 'Draft', + }, + { + id: 'CWE-443', + name: 'DEPRECATED (Duplicate): HTTP response splitting', + status: 'Deprecated', + }, + { + id: 'CWE-444', + name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')", + status: 'Incomplete', + }, + { + id: 'CWE-446', + name: 'UI Discrepancy for Security Feature', + status: 'Incomplete', + }, + { + id: 'CWE-447', + name: 'Unimplemented or Unsupported Feature in UI', + status: 'Draft', + }, + { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, + { + id: 'CWE-449', + name: 'The UI Performs the Wrong Action', + status: 'Incomplete', + }, + { + id: 'CWE-45', + name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-450', + name: 'Multiple Interpretations of UI Input', + status: 'Draft', + }, + { + id: 'CWE-451', + name: 'User Interface (UI) Misrepresentation of Critical Information', + status: 'Draft', + }, + { + id: 'CWE-453', + name: 'Insecure Default Variable Initialization', + status: 'Draft', + }, + { + id: 'CWE-454', + name: 'External Initialization of Trusted Variables or Data Stores', + status: 'Draft', + }, + { + id: 'CWE-455', + name: 'Non-exit on Failed Initialization', + status: 'Draft', + }, + { + id: 'CWE-456', + name: 'Missing Initialization of a Variable', + status: 'Draft', + }, + { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, + { + id: 'CWE-458', + name: 'DEPRECATED: Incorrect Initialization', + status: 'Deprecated', + }, + { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, + { + id: 'CWE-46', + name: "Path Equivalence: 'filename ' (Trailing Space)", + status: 'Incomplete', + }, + { + id: 'CWE-460', + name: 'Improper Cleanup on Thrown Exception', + status: 'Draft', + }, + { + id: 'CWE-462', + name: 'Duplicate Key in Associative List (Alist)', + status: 'Incomplete', + }, + { + id: 'CWE-463', + name: 'Deletion of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-464', + name: 'Addition of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-466', + name: 'Return of Pointer Value Outside of Expected Range', + status: 'Draft', + }, + { + id: 'CWE-467', + name: 'Use of sizeof() on a Pointer Type', + status: 'Draft', + }, + { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, + { + id: 'CWE-469', + name: 'Use of Pointer Subtraction to Determine Size', + status: 'Draft', + }, + { + id: 'CWE-47', + name: "Path Equivalence: ' filename' (Leading Space)", + status: 'Incomplete', + }, + { + id: 'CWE-470', + name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", + status: 'Draft', + }, + { + id: 'CWE-471', + name: 'Modification of Assumed-Immutable Data (MAID)', + status: 'Draft', + }, + { + id: 'CWE-472', + name: 'External Control of Assumed-Immutable Web Parameter', + status: 'Draft', + }, + { + id: 'CWE-473', + name: 'PHP External Variable Modification', + status: 'Draft', + }, + { + id: 'CWE-474', + name: 'Use of Function with Inconsistent Implementations', + status: 'Draft', + }, + { + id: 'CWE-475', + name: 'Undefined Behavior for Input to API', + status: 'Incomplete', + }, + { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Stable' }, + { id: 'CWE-477', name: 'Use of Obsolete Function', status: 'Draft' }, + { + id: 'CWE-478', + name: 'Missing Default Case in Switch Statement', + status: 'Draft', + }, + { + id: 'CWE-479', + name: 'Signal Handler Use of a Non-reentrant Function', + status: 'Draft', + }, + { + id: 'CWE-48', + name: "Path Equivalence: 'file name' (Internal Whitespace)", + status: 'Incomplete', + }, + { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, + { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, + { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, + { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, + { + id: 'CWE-484', + name: 'Omitted Break Statement in Switch', + status: 'Draft', + }, + { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, + { + id: 'CWE-487', + name: 'Reliance on Package-level Scope', + status: 'Incomplete', + }, + { + id: 'CWE-488', + name: 'Exposure of Data Element to Wrong Session', + status: 'Draft', + }, + { id: 'CWE-489', name: 'Active Debug Code', status: 'Draft' }, + { + id: 'CWE-49', + name: "Path Equivalence: 'filename/' (Trailing Slash)", + status: 'Incomplete', + }, + { + id: 'CWE-491', + name: "Public cloneable() Method Without Final ('Object Hijack')", + status: 'Draft', + }, + { + id: 'CWE-492', + name: 'Use of Inner Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-493', + name: 'Critical Public Variable Without Final Modifier', + status: 'Draft', + }, + { + id: 'CWE-494', + name: 'Download of Code Without Integrity Check', + status: 'Draft', + }, + { + id: 'CWE-495', + name: 'Private Data Structure Returned From A Public Method', + status: 'Draft', + }, + { + id: 'CWE-496', + name: 'Public Data Assigned to Private Array-Typed Field', + status: 'Incomplete', + }, + { + id: 'CWE-497', + name: 'Exposure of Sensitive System Information to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-498', + name: 'Cloneable Class Containing Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-499', + name: 'Serializable Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-5', + name: 'J2EE Misconfiguration: Data Transmission Without Encryption', + status: 'Draft', + }, + { + id: 'CWE-50', + name: "Path Equivalence: '//multiple/leading/slash'", + status: 'Incomplete', + }, + { + id: 'CWE-500', + name: 'Public Static Field Not Marked Final', + status: 'Draft', + }, + { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, + { + id: 'CWE-502', + name: 'Deserialization of Untrusted Data', + status: 'Draft', + }, + { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, + { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, + { + id: 'CWE-508', + name: 'Non-Replicating Malicious Code', + status: 'Incomplete', + }, + { + id: 'CWE-509', + name: 'Replicating Malicious Code (Virus or Worm)', + status: 'Incomplete', + }, + { + id: 'CWE-51', + name: "Path Equivalence: '/multiple//internal/slash'", + status: 'Incomplete', + }, + { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, + { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, + { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, + { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, + { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, + { + id: 'CWE-516', + name: 'DEPRECATED (Duplicate): Covert Timing Channel', + status: 'Deprecated', + }, + { + id: 'CWE-52', + name: "Path Equivalence: '/multiple/trailing/slash//'", + status: 'Incomplete', + }, + { + id: 'CWE-520', + name: '.NET Misconfiguration: Use of Impersonation', + status: 'Incomplete', + }, + { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, + { + id: 'CWE-522', + name: 'Insufficiently Protected Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-523', + name: 'Unprotected Transport of Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-524', + name: 'Use of Cache Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-525', + name: 'Use of Web Browser Cache Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-526', + name: 'Exposure of Sensitive Information Through Environmental Variables', + status: 'Incomplete', + }, + { + id: 'CWE-527', + name: 'Exposure of Version-Control Repository to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-528', + name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', + status: 'Draft', + }, + { + id: 'CWE-529', + name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-53', + name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", + status: 'Incomplete', + }, + { + id: 'CWE-530', + name: 'Exposure of Backup File to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-531', + name: 'Inclusion of Sensitive Information in Test Code', + status: 'Incomplete', + }, + { + id: 'CWE-532', + name: 'Insertion of Sensitive Information into Log File', + status: 'Incomplete', + }, + { + id: 'CWE-533', + name: 'DEPRECATED: Information Exposure Through Server Log Files', + status: 'Deprecated', + }, + { + id: 'CWE-534', + name: 'DEPRECATED: Information Exposure Through Debug Log Files', + status: 'Deprecated', + }, + { + id: 'CWE-535', + name: 'Exposure of Information Through Shell Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-536', + name: 'Servlet Runtime Error Message Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-537', + name: 'Java Runtime Error Message Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-538', + name: 'Insertion of Sensitive Information into Externally-Accessible File or Directory', + status: 'Draft', + }, + { + id: 'CWE-539', + name: 'Use of Persistent Cookies Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-54', + name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", + status: 'Incomplete', + }, + { + id: 'CWE-540', + name: 'Inclusion of Sensitive Information in Source Code', + status: 'Incomplete', + }, + { + id: 'CWE-541', + name: 'Inclusion of Sensitive Information in an Include File', + status: 'Incomplete', + }, + { + id: 'CWE-542', + name: 'DEPRECATED: Information Exposure Through Cleanup Log Files', + status: 'Deprecated', + }, + { + id: 'CWE-543', + name: 'Use of Singleton Pattern Without Synchronization in a Multithreaded Context', + status: 'Incomplete', + }, + { + id: 'CWE-544', + name: 'Missing Standardized Error Handling Mechanism', + status: 'Draft', + }, + { + id: 'CWE-545', + name: 'DEPRECATED: Use of Dynamic Class Loading', + status: 'Deprecated', + }, + { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, + { + id: 'CWE-547', + name: 'Use of Hard-coded, Security-relevant Constants', + status: 'Draft', + }, + { + id: 'CWE-548', + name: 'Exposure of Information Through Directory Listing', + status: 'Draft', + }, + { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, + { + id: 'CWE-55', + name: "Path Equivalence: '/./' (Single Dot Directory)", + status: 'Incomplete', + }, + { + id: 'CWE-550', + name: 'Server-generated Error Message Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-551', + name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', + status: 'Incomplete', + }, + { + id: 'CWE-552', + name: 'Files or Directories Accessible to External Parties', + status: 'Draft', + }, + { + id: 'CWE-553', + name: 'Command Shell in Externally Accessible Directory', + status: 'Incomplete', + }, + { + id: 'CWE-554', + name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', + status: 'Draft', + }, + { + id: 'CWE-555', + name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-556', + name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', + status: 'Incomplete', + }, + { + id: 'CWE-558', + name: 'Use of getlogin() in Multithreaded Application', + status: 'Draft', + }, + { + id: 'CWE-56', + name: "Path Equivalence: 'filedir*' (Wildcard)", + status: 'Incomplete', + }, + { + id: 'CWE-560', + name: 'Use of umask() with chmod-style Argument', + status: 'Draft', + }, + { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, + { + id: 'CWE-562', + name: 'Return of Stack Variable Address', + status: 'Draft', + }, + { + id: 'CWE-563', + name: 'Assignment to Variable without Use', + status: 'Draft', + }, + { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, + { + id: 'CWE-565', + name: 'Reliance on Cookies without Validation and Integrity Checking', + status: 'Incomplete', + }, + { + id: 'CWE-566', + name: 'Authorization Bypass Through User-Controlled SQL Primary Key', + status: 'Incomplete', + }, + { + id: 'CWE-567', + name: 'Unsynchronized Access to Shared Data in a Multithreaded Context', + status: 'Draft', + }, + { + id: 'CWE-568', + name: 'finalize() Method Without super.finalize()', + status: 'Draft', + }, + { + id: 'CWE-57', + name: "Path Equivalence: 'fakedir/../realdir/filename'", + status: 'Incomplete', + }, + { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, + { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, + { + id: 'CWE-572', + name: 'Call to Thread run() instead of start()', + status: 'Draft', + }, + { + id: 'CWE-573', + name: 'Improper Following of Specification by Caller', + status: 'Draft', + }, + { + id: 'CWE-574', + name: 'EJB Bad Practices: Use of Synchronization Primitives', + status: 'Draft', + }, + { + id: 'CWE-575', + name: 'EJB Bad Practices: Use of AWT Swing', + status: 'Draft', + }, + { + id: 'CWE-576', + name: 'EJB Bad Practices: Use of Java I/O', + status: 'Draft', + }, + { + id: 'CWE-577', + name: 'EJB Bad Practices: Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-578', + name: 'EJB Bad Practices: Use of Class Loader', + status: 'Draft', + }, + { + id: 'CWE-579', + name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', + status: 'Draft', + }, + { + id: 'CWE-58', + name: 'Path Equivalence: Windows 8.3 Filename', + status: 'Incomplete', + }, + { + id: 'CWE-580', + name: 'clone() Method Without super.clone()', + status: 'Draft', + }, + { + id: 'CWE-581', + name: 'Object Model Violation: Just One of Equals and Hashcode Defined', + status: 'Draft', + }, + { + id: 'CWE-582', + name: 'Array Declared Public, Final, and Static', + status: 'Draft', + }, + { + id: 'CWE-583', + name: 'finalize() Method Declared Public', + status: 'Incomplete', + }, + { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, + { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, + { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, + { + id: 'CWE-587', + name: 'Assignment of a Fixed Address to a Pointer', + status: 'Draft', + }, + { + id: 'CWE-588', + name: 'Attempt to Access Child of a Non-structure Pointer', + status: 'Incomplete', + }, + { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, + { + id: 'CWE-59', + name: "Improper Link Resolution Before File Access ('Link Following')", + status: 'Draft', + }, + { + id: 'CWE-590', + name: 'Free of Memory not on the Heap', + status: 'Incomplete', + }, + { + id: 'CWE-591', + name: 'Sensitive Data Storage in Improperly Locked Memory', + status: 'Draft', + }, + { + id: 'CWE-592', + name: 'DEPRECATED: Authentication Bypass Issues', + status: 'Deprecated', + }, + { + id: 'CWE-593', + name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', + status: 'Draft', + }, + { + id: 'CWE-594', + name: 'J2EE Framework: Saving Unserializable Objects to Disk', + status: 'Incomplete', + }, + { + id: 'CWE-595', + name: 'Comparison of Object References Instead of Object Contents', + status: 'Incomplete', + }, + { + id: 'CWE-596', + name: 'DEPRECATED: Incorrect Semantic Object Comparison', + status: 'Deprecated', + }, + { + id: 'CWE-597', + name: 'Use of Wrong Operator in String Comparison', + status: 'Draft', + }, + { + id: 'CWE-598', + name: 'Use of GET Request Method With Sensitive Query Strings', + status: 'Draft', + }, + { + id: 'CWE-599', + name: 'Missing Validation of OpenSSL Certificate', + status: 'Incomplete', + }, + { + id: 'CWE-6', + name: 'J2EE Misconfiguration: Insufficient Session-ID Length', + status: 'Incomplete', + }, + { id: 'CWE-600', name: 'Uncaught Exception in Servlet ', status: 'Draft' }, + { + id: 'CWE-601', + name: "URL Redirection to Untrusted Site ('Open Redirect')", + status: 'Draft', + }, + { + id: 'CWE-602', + name: 'Client-Side Enforcement of Server-Side Security', + status: 'Draft', + }, + { + id: 'CWE-603', + name: 'Use of Client-Side Authentication', + status: 'Draft', + }, + { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, + { + id: 'CWE-606', + name: 'Unchecked Input for Loop Condition', + status: 'Draft', + }, + { + id: 'CWE-607', + name: 'Public Static Final Field References Mutable Object', + status: 'Draft', + }, + { + id: 'CWE-608', + name: 'Struts: Non-private Field in ActionForm Class', + status: 'Draft', + }, + { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, + { + id: 'CWE-61', + name: 'UNIX Symbolic Link (Symlink) Following', + status: 'Incomplete', + }, + { + id: 'CWE-610', + name: 'Externally Controlled Reference to a Resource in Another Sphere', + status: 'Draft', + }, + { + id: 'CWE-611', + name: 'Improper Restriction of XML External Entity Reference', + status: 'Draft', + }, + { + id: 'CWE-612', + name: 'Improper Authorization of Index Containing Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-613', + name: 'Insufficient Session Expiration', + status: 'Incomplete', + }, + { + id: 'CWE-614', + name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", + status: 'Draft', + }, + { + id: 'CWE-615', + name: 'Inclusion of Sensitive Information in Source Code Comments', + status: 'Incomplete', + }, + { + id: 'CWE-616', + name: 'Incomplete Identification of Uploaded File Variables (PHP)', + status: 'Incomplete', + }, + { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, + { + id: 'CWE-618', + name: 'Exposed Unsafe ActiveX Method', + status: 'Incomplete', + }, + { + id: 'CWE-619', + name: "Dangling Database Cursor ('Cursor Injection')", + status: 'Incomplete', + }, + { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, + { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, + { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, + { + id: 'CWE-622', + name: 'Improper Validation of Function Hook Arguments', + status: 'Draft', + }, + { + id: 'CWE-623', + name: 'Unsafe ActiveX Control Marked Safe For Scripting', + status: 'Draft', + }, + { + id: 'CWE-624', + name: 'Executable Regular Expression Error', + status: 'Incomplete', + }, + { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, + { + id: 'CWE-626', + name: 'Null Byte Interaction Error (Poison Null Byte)', + status: 'Draft', + }, + { + id: 'CWE-627', + name: 'Dynamic Variable Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-628', + name: 'Function Call with Incorrectly Specified Arguments', + status: 'Draft', + }, + { + id: 'CWE-636', + name: "Not Failing Securely ('Failing Open')", + status: 'Draft', + }, + { + id: 'CWE-637', + name: "Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')", + status: 'Draft', + }, + { id: 'CWE-638', name: 'Not Using Complete Mediation', status: 'Draft' }, + { + id: 'CWE-639', + name: 'Authorization Bypass Through User-Controlled Key', + status: 'Incomplete', + }, + { + id: 'CWE-64', + name: 'Windows Shortcut Following (.LNK)', + status: 'Incomplete', + }, + { + id: 'CWE-640', + name: 'Weak Password Recovery Mechanism for Forgotten Password', + status: 'Incomplete', + }, + { + id: 'CWE-641', + name: 'Improper Restriction of Names for Files and Other Resources', + status: 'Incomplete', + }, + { + id: 'CWE-642', + name: 'External Control of Critical State Data', + status: 'Draft', + }, + { + id: 'CWE-643', + name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-644', + name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', + status: 'Incomplete', + }, + { + id: 'CWE-645', + name: 'Overly Restrictive Account Lockout Mechanism', + status: 'Incomplete', + }, + { + id: 'CWE-646', + name: 'Reliance on File Name or Extension of Externally-Supplied File', + status: 'Incomplete', + }, + { + id: 'CWE-647', + name: 'Use of Non-Canonical URL Paths for Authorization Decisions', + status: 'Incomplete', + }, + { + id: 'CWE-648', + name: 'Incorrect Use of Privileged APIs', + status: 'Incomplete', + }, + { + id: 'CWE-649', + name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', + status: 'Incomplete', + }, + { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, + { + id: 'CWE-650', + name: 'Trusting HTTP Permission Methods on the Server Side', + status: 'Incomplete', + }, + { + id: 'CWE-651', + name: 'Exposure of WSDL File Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-652', + name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-653', + name: 'Insufficient Compartmentalization', + status: 'Draft', + }, + { + id: 'CWE-654', + name: 'Reliance on a Single Factor in a Security Decision', + status: 'Draft', + }, + { + id: 'CWE-655', + name: 'Insufficient Psychological Acceptability', + status: 'Draft', + }, + { + id: 'CWE-656', + name: 'Reliance on Security Through Obscurity', + status: 'Draft', + }, + { + id: 'CWE-657', + name: 'Violation of Secure Design Principles', + status: 'Draft', + }, + { + id: 'CWE-66', + name: 'Improper Handling of File Names that Identify Virtual Resources', + status: 'Draft', + }, + { id: 'CWE-662', name: 'Improper Synchronization', status: 'Draft' }, + { + id: 'CWE-663', + name: 'Use of a Non-reentrant Function in a Concurrent Context', + status: 'Draft', + }, + { + id: 'CWE-664', + name: 'Improper Control of a Resource Through its Lifetime', + status: 'Draft', + }, + { id: 'CWE-665', name: 'Improper Initialization', status: 'Draft' }, + { + id: 'CWE-666', + name: 'Operation on Resource in Wrong Phase of Lifetime', + status: 'Draft', + }, + { id: 'CWE-667', name: 'Improper Locking', status: 'Draft' }, + { + id: 'CWE-668', + name: 'Exposure of Resource to Wrong Sphere', + status: 'Draft', + }, + { + id: 'CWE-669', + name: 'Incorrect Resource Transfer Between Spheres', + status: 'Draft', + }, + { + id: 'CWE-67', + name: 'Improper Handling of Windows Device Names', + status: 'Incomplete', + }, + { + id: 'CWE-670', + name: 'Always-Incorrect Control Flow Implementation', + status: 'Draft', + }, + { + id: 'CWE-671', + name: 'Lack of Administrator Control over Security', + status: 'Draft', + }, + { + id: 'CWE-672', + name: 'Operation on a Resource after Expiration or Release', + status: 'Draft', + }, + { + id: 'CWE-673', + name: 'External Influence of Sphere Definition', + status: 'Draft', + }, + { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, + { + id: 'CWE-675', + name: 'Duplicate Operations on Resource', + status: 'Draft', + }, + { + id: 'CWE-676', + name: 'Use of Potentially Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-680', + name: 'Integer Overflow to Buffer Overflow', + status: 'Draft', + }, + { + id: 'CWE-681', + name: 'Incorrect Conversion between Numeric Types', + status: 'Draft', + }, + { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, + { + id: 'CWE-683', + name: 'Function Call With Incorrect Order of Arguments', + status: 'Draft', + }, + { + id: 'CWE-684', + name: 'Incorrect Provision of Specified Functionality', + status: 'Draft', + }, + { + id: 'CWE-685', + name: 'Function Call With Incorrect Number of Arguments', + status: 'Draft', + }, + { + id: 'CWE-686', + name: 'Function Call With Incorrect Argument Type', + status: 'Draft', + }, + { + id: 'CWE-687', + name: 'Function Call With Incorrectly Specified Argument Value', + status: 'Draft', + }, + { + id: 'CWE-688', + name: 'Function Call With Incorrect Variable or Reference as Argument', + status: 'Draft', + }, + { + id: 'CWE-689', + name: 'Permission Race Condition During Resource Copy', + status: 'Draft', + }, + { + id: 'CWE-69', + name: 'Improper Handling of Windows ::DATA Alternate Data Stream', + status: 'Incomplete', + }, + { + id: 'CWE-690', + name: 'Unchecked Return Value to NULL Pointer Dereference', + status: 'Draft', + }, + { + id: 'CWE-691', + name: 'Insufficient Control Flow Management', + status: 'Draft', + }, + { + id: 'CWE-692', + name: 'Incomplete Denylist to Cross-Site Scripting', + status: 'Draft', + }, + { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, + { + id: 'CWE-694', + name: 'Use of Multiple Resources with Duplicate Identifier', + status: 'Incomplete', + }, + { + id: 'CWE-695', + name: 'Use of Low-Level Functionality', + status: 'Incomplete', + }, + { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, + { id: 'CWE-697', name: 'Incorrect Comparison', status: 'Incomplete' }, + { + id: 'CWE-698', + name: 'Execution After Redirect (EAR)', + status: 'Incomplete', + }, + { + id: 'CWE-7', + name: 'J2EE Misconfiguration: Missing Custom Error Page', + status: 'Incomplete', + }, + { + id: 'CWE-703', + name: 'Improper Check or Handling of Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-704', + name: 'Incorrect Type Conversion or Cast', + status: 'Incomplete', + }, + { + id: 'CWE-705', + name: 'Incorrect Control Flow Scoping', + status: 'Incomplete', + }, + { + id: 'CWE-706', + name: 'Use of Incorrectly-Resolved Name or Reference', + status: 'Incomplete', + }, + { id: 'CWE-707', name: 'Improper Neutralization', status: 'Incomplete' }, + { + id: 'CWE-708', + name: 'Incorrect Ownership Assignment', + status: 'Incomplete', + }, + { + id: 'CWE-71', + name: "DEPRECATED: Apple '.DS_Store'", + status: 'Deprecated', + }, + { + id: 'CWE-710', + name: 'Improper Adherence to Coding Standards', + status: 'Incomplete', + }, + { + id: 'CWE-72', + name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', + status: 'Incomplete', + }, + { + id: 'CWE-73', + name: 'External Control of File Name or Path', + status: 'Draft', + }, + { + id: 'CWE-732', + name: 'Incorrect Permission Assignment for Critical Resource', + status: 'Draft', + }, + { + id: 'CWE-733', + name: 'Compiler Optimization Removal or Modification of Security-critical Code', + status: 'Incomplete', + }, + { + id: 'CWE-74', + name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-749', + name: 'Exposed Dangerous Method or Function', + status: 'Incomplete', + }, + { + id: 'CWE-75', + name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', + status: 'Draft', + }, + { + id: 'CWE-754', + name: 'Improper Check for Unusual or Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-755', + name: 'Improper Handling of Exceptional Conditions', + status: 'Incomplete', + }, + { id: 'CWE-756', name: 'Missing Custom Error Page', status: 'Incomplete' }, + { + id: 'CWE-757', + name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", + status: 'Incomplete', + }, + { + id: 'CWE-758', + name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', + status: 'Incomplete', + }, + { + id: 'CWE-759', + name: 'Use of a One-Way Hash without a Salt', + status: 'Incomplete', + }, + { + id: 'CWE-76', + name: 'Improper Neutralization of Equivalent Special Elements', + status: 'Draft', + }, + { + id: 'CWE-760', + name: 'Use of a One-Way Hash with a Predictable Salt', + status: 'Incomplete', + }, + { + id: 'CWE-761', + name: 'Free of Pointer not at Start of Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-762', + name: 'Mismatched Memory Management Routines', + status: 'Incomplete', + }, + { + id: 'CWE-763', + name: 'Release of Invalid Pointer or Reference', + status: 'Incomplete', + }, + { + id: 'CWE-764', + name: 'Multiple Locks of a Critical Resource', + status: 'Incomplete', + }, + { + id: 'CWE-765', + name: 'Multiple Unlocks of a Critical Resource', + status: 'Incomplete', + }, + { + id: 'CWE-766', + name: 'Critical Data Element Declared Public', + status: 'Incomplete', + }, + { + id: 'CWE-767', + name: 'Access to Critical Private Variable via Public Method', + status: 'Incomplete', + }, + { + id: 'CWE-768', + name: 'Incorrect Short Circuit Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-769', + name: 'DEPRECATED: Uncontrolled File Descriptor Consumption', + status: 'Deprecated', + }, + { + id: 'CWE-77', + name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", + status: 'Draft', + }, + { + id: 'CWE-770', + name: 'Allocation of Resources Without Limits or Throttling', + status: 'Incomplete', + }, + { + id: 'CWE-771', + name: 'Missing Reference to Active Allocated Resource', + status: 'Incomplete', + }, + { + id: 'CWE-772', + name: 'Missing Release of Resource after Effective Lifetime', + status: 'Draft', + }, + { + id: 'CWE-773', + name: 'Missing Reference to Active File Descriptor or Handle', + status: 'Incomplete', + }, + { + id: 'CWE-774', + name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', + status: 'Incomplete', + }, + { + id: 'CWE-775', + name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-776', + name: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", + status: 'Draft', + }, + { + id: 'CWE-777', + name: 'Regular Expression without Anchors', + status: 'Incomplete', + }, + { id: 'CWE-778', name: 'Insufficient Logging', status: 'Draft' }, + { id: 'CWE-779', name: 'Logging of Excessive Data', status: 'Draft' }, + { + id: 'CWE-78', + name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", + status: 'Stable', + }, + { + id: 'CWE-780', + name: 'Use of RSA Algorithm without OAEP', + status: 'Incomplete', + }, + { + id: 'CWE-781', + name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', + status: 'Draft', + }, + { + id: 'CWE-782', + name: 'Exposed IOCTL with Insufficient Access Control', + status: 'Draft', + }, + { id: 'CWE-783', name: 'Operator Precedence Logic Error', status: 'Draft' }, + { + id: 'CWE-784', + name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', + status: 'Draft', + }, + { + id: 'CWE-785', + name: 'Use of Path Manipulation Function without Maximum-sized Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-786', + name: 'Access of Memory Location Before Start of Buffer', + status: 'Incomplete', + }, + { id: 'CWE-787', name: 'Out-of-bounds Write', status: 'Draft' }, + { + id: 'CWE-788', + name: 'Access of Memory Location After End of Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-789', + name: 'Memory Allocation with Excessive Size Value', + status: 'Draft', + }, + { + id: 'CWE-79', + name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + status: 'Stable', + }, + { + id: 'CWE-790', + name: 'Improper Filtering of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-791', + name: 'Incomplete Filtering of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-792', + name: 'Incomplete Filtering of One or More Instances of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-793', + name: 'Only Filtering One Instance of a Special Element', + status: 'Incomplete', + }, + { + id: 'CWE-794', + name: 'Incomplete Filtering of Multiple Instances of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-795', + name: 'Only Filtering Special Elements at a Specified Location', + status: 'Incomplete', + }, + { + id: 'CWE-796', + name: 'Only Filtering Special Elements Relative to a Marker', + status: 'Incomplete', + }, + { + id: 'CWE-797', + name: 'Only Filtering Special Elements at an Absolute Position', + status: 'Incomplete', + }, + { id: 'CWE-798', name: 'Use of Hard-coded Credentials', status: 'Draft' }, + { + id: 'CWE-799', + name: 'Improper Control of Interaction Frequency', + status: 'Incomplete', + }, + { + id: 'CWE-8', + name: 'J2EE Misconfiguration: Entity Bean Declared Remote', + status: 'Incomplete', + }, + { + id: 'CWE-80', + name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', + status: 'Incomplete', + }, + { id: 'CWE-804', name: 'Guessable CAPTCHA', status: 'Incomplete' }, + { + id: 'CWE-805', + name: 'Buffer Access with Incorrect Length Value', + status: 'Incomplete', + }, + { + id: 'CWE-806', + name: 'Buffer Access Using Size of Source Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-807', + name: 'Reliance on Untrusted Inputs in a Security Decision', + status: 'Incomplete', + }, + { + id: 'CWE-81', + name: 'Improper Neutralization of Script in an Error Message Web Page', + status: 'Incomplete', + }, + { + id: 'CWE-82', + name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', + status: 'Incomplete', + }, + { id: 'CWE-820', name: 'Missing Synchronization', status: 'Incomplete' }, + { id: 'CWE-821', name: 'Incorrect Synchronization', status: 'Incomplete' }, + { + id: 'CWE-822', + name: 'Untrusted Pointer Dereference', + status: 'Incomplete', + }, + { + id: 'CWE-823', + name: 'Use of Out-of-range Pointer Offset', + status: 'Incomplete', + }, + { + id: 'CWE-824', + name: 'Access of Uninitialized Pointer', + status: 'Incomplete', + }, + { + id: 'CWE-825', + name: 'Expired Pointer Dereference', + status: 'Incomplete', + }, + { + id: 'CWE-826', + name: 'Premature Release of Resource During Expected Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-827', + name: 'Improper Control of Document Type Definition', + status: 'Incomplete', + }, + { + id: 'CWE-828', + name: 'Signal Handler with Functionality that is not Asynchronous-Safe', + status: 'Incomplete', + }, + { + id: 'CWE-829', + name: 'Inclusion of Functionality from Untrusted Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-83', + name: 'Improper Neutralization of Script in Attributes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-830', + name: 'Inclusion of Web Functionality from an Untrusted Source', + status: 'Incomplete', + }, + { + id: 'CWE-831', + name: 'Signal Handler Function Associated with Multiple Signals', + status: 'Incomplete', + }, + { + id: 'CWE-832', + name: 'Unlock of a Resource that is not Locked', + status: 'Incomplete', + }, + { id: 'CWE-833', name: 'Deadlock', status: 'Incomplete' }, + { id: 'CWE-834', name: 'Excessive Iteration', status: 'Incomplete' }, + { + id: 'CWE-835', + name: "Loop with Unreachable Exit Condition ('Infinite Loop')", + status: 'Incomplete', + }, + { + id: 'CWE-836', + name: 'Use of Password Hash Instead of Password for Authentication', + status: 'Incomplete', + }, + { + id: 'CWE-837', + name: 'Improper Enforcement of a Single, Unique Action', + status: 'Incomplete', + }, + { + id: 'CWE-838', + name: 'Inappropriate Encoding for Output Context', + status: 'Incomplete', + }, + { + id: 'CWE-839', + name: 'Numeric Range Comparison Without Minimum Check', + status: 'Incomplete', + }, + { + id: 'CWE-84', + name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-841', + name: 'Improper Enforcement of Behavioral Workflow', + status: 'Incomplete', + }, + { + id: 'CWE-842', + name: 'Placement of User into Incorrect Group', + status: 'Incomplete', + }, + { + id: 'CWE-843', + name: "Access of Resource Using Incompatible Type ('Type Confusion')", + status: 'Incomplete', + }, + { + id: 'CWE-85', + name: 'Doubled Character XSS Manipulations', + status: 'Draft', + }, + { + id: 'CWE-86', + name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', + status: 'Draft', + }, + { id: 'CWE-862', name: 'Missing Authorization', status: 'Incomplete' }, + { id: 'CWE-863', name: 'Incorrect Authorization', status: 'Incomplete' }, + { + id: 'CWE-87', + name: 'Improper Neutralization of Alternate XSS Syntax', + status: 'Draft', + }, + { + id: 'CWE-88', + name: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", + status: 'Draft', + }, + { + id: 'CWE-89', + name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + status: 'Stable', + }, + { + id: 'CWE-9', + name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', + status: 'Draft', + }, + { + id: 'CWE-90', + name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", + status: 'Draft', + }, + { + id: 'CWE-908', + name: 'Use of Uninitialized Resource', + status: 'Incomplete', + }, + { + id: 'CWE-909', + name: 'Missing Initialization of Resource', + status: 'Incomplete', + }, + { + id: 'CWE-91', + name: 'XML Injection (aka Blind XPath Injection)', + status: 'Draft', + }, + { + id: 'CWE-910', + name: 'Use of Expired File Descriptor', + status: 'Incomplete', + }, + { + id: 'CWE-911', + name: 'Improper Update of Reference Count', + status: 'Incomplete', + }, + { id: 'CWE-912', name: 'Hidden Functionality', status: 'Incomplete' }, + { + id: 'CWE-913', + name: 'Improper Control of Dynamically-Managed Code Resources', + status: 'Incomplete', + }, + { + id: 'CWE-914', + name: 'Improper Control of Dynamically-Identified Variables', + status: 'Incomplete', + }, + { + id: 'CWE-915', + name: 'Improperly Controlled Modification of Dynamically-Determined Object Attributes', + status: 'Incomplete', + }, + { + id: 'CWE-916', + name: 'Use of Password Hash With Insufficient Computational Effort', + status: 'Incomplete', + }, + { + id: 'CWE-917', + name: "Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-918', + name: 'Server-Side Request Forgery (SSRF)', + status: 'Incomplete', + }, + { + id: 'CWE-92', + name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', + status: 'Deprecated', + }, + { + id: 'CWE-920', + name: 'Improper Restriction of Power Consumption', + status: 'Incomplete', + }, + { + id: 'CWE-921', + name: 'Storage of Sensitive Data in a Mechanism without Access Control', + status: 'Incomplete', + }, + { + id: 'CWE-922', + name: 'Insecure Storage of Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-923', + name: 'Improper Restriction of Communication Channel to Intended Endpoints', + status: 'Incomplete', + }, + { + id: 'CWE-924', + name: 'Improper Enforcement of Message Integrity During Transmission in a Communication Channel', + status: 'Incomplete', + }, + { + id: 'CWE-925', + name: 'Improper Verification of Intent by Broadcast Receiver', + status: 'Incomplete', + }, + { + id: 'CWE-926', + name: 'Improper Export of Android Application Components', + status: 'Incomplete', + }, + { + id: 'CWE-927', + name: 'Use of Implicit Intent for Sensitive Communication', + status: 'Incomplete', + }, + { + id: 'CWE-93', + name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", + status: 'Draft', + }, + { + id: 'CWE-939', + name: 'Improper Authorization in Handler for Custom URL Scheme', + status: 'Incomplete', + }, + { + id: 'CWE-94', + name: "Improper Control of Generation of Code ('Code Injection')", + status: 'Draft', + }, + { + id: 'CWE-940', + name: 'Improper Verification of Source of a Communication Channel', + status: 'Incomplete', + }, + { + id: 'CWE-941', + name: 'Incorrectly Specified Destination in a Communication Channel', + status: 'Incomplete', + }, + { + id: 'CWE-942', + name: 'Permissive Cross-domain Policy with Untrusted Domains', + status: 'Incomplete', + }, + { + id: 'CWE-943', + name: 'Improper Neutralization of Special Elements in Data Query Logic', + status: 'Incomplete', + }, + { + id: 'CWE-95', + name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-96', + name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", + status: 'Draft', + }, + { + id: 'CWE-97', + name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', + status: 'Draft', + }, + { + id: 'CWE-98', + name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", + status: 'Draft', + }, + { + id: 'CWE-99', + name: "Improper Control of Resource Identifiers ('Resource Injection')", + status: 'Draft', + }, + ], +} diff --git a/lib/cwec/4.5.js b/lib/cwec/4.5.js new file mode 100644 index 00000000..4483e02d --- /dev/null +++ b/lib/cwec/4.5.js @@ -0,0 +1,4106 @@ +export default { + date: '2021-07-20', + weaknesses: [ + { + id: 'CWE-1004', + name: "Sensitive Cookie Without 'HttpOnly' Flag", + status: 'Incomplete', + }, + { + id: 'CWE-1007', + name: 'Insufficient Visual Distinction of Homoglyphs Presented to User', + status: 'Incomplete', + }, + { + id: 'CWE-102', + name: 'Struts: Duplicate Validation Forms', + status: 'Incomplete', + }, + { + id: 'CWE-1021', + name: 'Improper Restriction of Rendered UI Layers or Frames', + status: 'Incomplete', + }, + { + id: 'CWE-1022', + name: 'Use of Web Link to Untrusted Target with window.opener Access', + status: 'Incomplete', + }, + { + id: 'CWE-1023', + name: 'Incomplete Comparison with Missing Factors', + status: 'Incomplete', + }, + { + id: 'CWE-1024', + name: 'Comparison of Incompatible Types', + status: 'Incomplete', + }, + { + id: 'CWE-1025', + name: 'Comparison Using Wrong Factors', + status: 'Incomplete', + }, + { + id: 'CWE-103', + name: 'Struts: Incomplete validate() Method Definition', + status: 'Draft', + }, + { + id: 'CWE-1037', + name: 'Processor Optimization Removal or Modification of Security-critical Code', + status: 'Incomplete', + }, + { + id: 'CWE-1038', + name: 'Insecure Automated Optimizations', + status: 'Draft', + }, + { + id: 'CWE-1039', + name: 'Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations', + status: 'Incomplete', + }, + { + id: 'CWE-104', + name: 'Struts: Form Bean Does Not Extend Validation Class', + status: 'Draft', + }, + { id: 'CWE-1041', name: 'Use of Redundant Code', status: 'Incomplete' }, + { + id: 'CWE-1042', + name: 'Static Member Data Element outside of a Singleton Class Element', + status: 'Incomplete', + }, + { + id: 'CWE-1043', + name: 'Data Element Aggregating an Excessively Large Number of Non-Primitive Elements', + status: 'Incomplete', + }, + { + id: 'CWE-1044', + name: 'Architecture with Number of Horizontal Layers Outside of Expected Range', + status: 'Incomplete', + }, + { + id: 'CWE-1045', + name: 'Parent Class with a Virtual Destructor and a Child Class without a Virtual Destructor', + status: 'Incomplete', + }, + { + id: 'CWE-1046', + name: 'Creation of Immutable Text Using String Concatenation', + status: 'Incomplete', + }, + { + id: 'CWE-1047', + name: 'Modules with Circular Dependencies', + status: 'Incomplete', + }, + { + id: 'CWE-1048', + name: 'Invokable Control Element with Large Number of Outward Calls', + status: 'Incomplete', + }, + { + id: 'CWE-1049', + name: 'Excessive Data Query Operations in a Large Data Table', + status: 'Incomplete', + }, + { + id: 'CWE-105', + name: 'Struts: Form Field Without Validator', + status: 'Draft', + }, + { + id: 'CWE-1050', + name: 'Excessive Platform Resource Consumption within a Loop', + status: 'Incomplete', + }, + { + id: 'CWE-1051', + name: 'Initialization with Hard-Coded Network Resource Configuration Data', + status: 'Incomplete', + }, + { + id: 'CWE-1052', + name: 'Excessive Use of Hard-Coded Literals in Initialization', + status: 'Incomplete', + }, + { + id: 'CWE-1053', + name: 'Missing Documentation for Design', + status: 'Incomplete', + }, + { + id: 'CWE-1054', + name: 'Invocation of a Control Element at an Unnecessarily Deep Horizontal Layer', + status: 'Incomplete', + }, + { + id: 'CWE-1055', + name: 'Multiple Inheritance from Concrete Classes', + status: 'Incomplete', + }, + { + id: 'CWE-1056', + name: 'Invokable Control Element with Variadic Parameters', + status: 'Incomplete', + }, + { + id: 'CWE-1057', + name: 'Data Access Operations Outside of Expected Data Manager Component', + status: 'Incomplete', + }, + { + id: 'CWE-1058', + name: 'Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element', + status: 'Incomplete', + }, + { id: 'CWE-1059', name: 'Incomplete Documentation', status: 'Incomplete' }, + { + id: 'CWE-106', + name: 'Struts: Plug-in Framework not in Use', + status: 'Draft', + }, + { + id: 'CWE-1060', + name: 'Excessive Number of Inefficient Server-Side Data Accesses', + status: 'Incomplete', + }, + { + id: 'CWE-1061', + name: 'Insufficient Encapsulation', + status: 'Incomplete', + }, + { + id: 'CWE-1062', + name: 'Parent Class with References to Child Class', + status: 'Incomplete', + }, + { + id: 'CWE-1063', + name: 'Creation of Class Instance within a Static Code Block', + status: 'Incomplete', + }, + { + id: 'CWE-1064', + name: 'Invokable Control Element with Signature Containing an Excessive Number of Parameters', + status: 'Incomplete', + }, + { + id: 'CWE-1065', + name: 'Runtime Resource Management Control Element in a Component Built to Run on Application Servers', + status: 'Incomplete', + }, + { + id: 'CWE-1066', + name: 'Missing Serialization Control Element', + status: 'Incomplete', + }, + { + id: 'CWE-1067', + name: 'Excessive Execution of Sequential Searches of Data Resource', + status: 'Incomplete', + }, + { + id: 'CWE-1068', + name: 'Inconsistency Between Implementation and Documented Design', + status: 'Incomplete', + }, + { id: 'CWE-1069', name: 'Empty Exception Block', status: 'Incomplete' }, + { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, + { + id: 'CWE-1070', + name: 'Serializable Data Element Containing non-Serializable Item Elements', + status: 'Incomplete', + }, + { id: 'CWE-1071', name: 'Empty Code Block', status: 'Incomplete' }, + { + id: 'CWE-1072', + name: 'Data Resource Access without Use of Connection Pooling', + status: 'Incomplete', + }, + { + id: 'CWE-1073', + name: 'Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses', + status: 'Incomplete', + }, + { + id: 'CWE-1074', + name: 'Class with Excessively Deep Inheritance', + status: 'Incomplete', + }, + { + id: 'CWE-1075', + name: 'Unconditional Control Flow Transfer outside of Switch Block', + status: 'Incomplete', + }, + { + id: 'CWE-1076', + name: 'Insufficient Adherence to Expected Conventions', + status: 'Incomplete', + }, + { + id: 'CWE-1077', + name: 'Floating Point Comparison with Incorrect Operator', + status: 'Incomplete', + }, + { + id: 'CWE-1078', + name: 'Inappropriate Source Code Style or Formatting', + status: 'Incomplete', + }, + { + id: 'CWE-1079', + name: 'Parent Class without Virtual Destructor Method', + status: 'Incomplete', + }, + { + id: 'CWE-108', + name: 'Struts: Unvalidated Action Form', + status: 'Incomplete', + }, + { + id: 'CWE-1080', + name: 'Source Code File with Excessive Number of Lines of Code', + status: 'Incomplete', + }, + { + id: 'CWE-1082', + name: 'Class Instance Self Destruction Control Element', + status: 'Incomplete', + }, + { + id: 'CWE-1083', + name: 'Data Access from Outside Expected Data Manager Component', + status: 'Incomplete', + }, + { + id: 'CWE-1084', + name: 'Invokable Control Element with Excessive File or Data Access Operations', + status: 'Incomplete', + }, + { + id: 'CWE-1085', + name: 'Invokable Control Element with Excessive Volume of Commented-out Code', + status: 'Incomplete', + }, + { + id: 'CWE-1086', + name: 'Class with Excessive Number of Child Classes', + status: 'Incomplete', + }, + { + id: 'CWE-1087', + name: 'Class with Virtual Method without a Virtual Destructor', + status: 'Incomplete', + }, + { + id: 'CWE-1088', + name: 'Synchronous Access of Remote Resource without Timeout', + status: 'Incomplete', + }, + { + id: 'CWE-1089', + name: 'Large Data Table with Excessive Number of Indices', + status: 'Incomplete', + }, + { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, + { + id: 'CWE-1090', + name: 'Method Containing Access of a Member Element from Another Class', + status: 'Incomplete', + }, + { + id: 'CWE-1091', + name: 'Use of Object without Invoking Destructor Method', + status: 'Incomplete', + }, + { + id: 'CWE-1092', + name: 'Use of Same Invokable Control Element in Multiple Architectural Layers', + status: 'Incomplete', + }, + { + id: 'CWE-1093', + name: 'Excessively Complex Data Representation', + status: 'Incomplete', + }, + { + id: 'CWE-1094', + name: 'Excessive Index Range Scan for a Data Resource', + status: 'Incomplete', + }, + { + id: 'CWE-1095', + name: 'Loop Condition Value Update within the Loop', + status: 'Incomplete', + }, + { + id: 'CWE-1096', + name: 'Singleton Class Instance Creation without Proper Locking or Synchronization', + status: 'Incomplete', + }, + { + id: 'CWE-1097', + name: 'Persistent Storable Data Element without Associated Comparison Control Element', + status: 'Incomplete', + }, + { + id: 'CWE-1098', + name: 'Data Element containing Pointer Item without Proper Copy Control Element', + status: 'Incomplete', + }, + { + id: 'CWE-1099', + name: 'Inconsistent Naming Conventions for Identifiers', + status: 'Incomplete', + }, + { + id: 'CWE-11', + name: 'ASP.NET Misconfiguration: Creating Debug Binary', + status: 'Draft', + }, + { + id: 'CWE-110', + name: 'Struts: Validator Without Form Field', + status: 'Draft', + }, + { + id: 'CWE-1100', + name: 'Insufficient Isolation of System-Dependent Functions', + status: 'Incomplete', + }, + { + id: 'CWE-1101', + name: 'Reliance on Runtime Component in Generated Code', + status: 'Incomplete', + }, + { + id: 'CWE-1102', + name: 'Reliance on Machine-Dependent Data Representation', + status: 'Incomplete', + }, + { + id: 'CWE-1103', + name: 'Use of Platform-Dependent Third Party Components', + status: 'Incomplete', + }, + { + id: 'CWE-1104', + name: 'Use of Unmaintained Third Party Components', + status: 'Incomplete', + }, + { + id: 'CWE-1105', + name: 'Insufficient Encapsulation of Machine-Dependent Functionality', + status: 'Incomplete', + }, + { + id: 'CWE-1106', + name: 'Insufficient Use of Symbolic Constants', + status: 'Incomplete', + }, + { + id: 'CWE-1107', + name: 'Insufficient Isolation of Symbolic Constant Definitions', + status: 'Incomplete', + }, + { + id: 'CWE-1108', + name: 'Excessive Reliance on Global Variables', + status: 'Incomplete', + }, + { + id: 'CWE-1109', + name: 'Use of Same Variable for Multiple Purposes', + status: 'Incomplete', + }, + { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, + { + id: 'CWE-1110', + name: 'Incomplete Design Documentation', + status: 'Incomplete', + }, + { + id: 'CWE-1111', + name: 'Incomplete I/O Documentation', + status: 'Incomplete', + }, + { + id: 'CWE-1112', + name: 'Incomplete Documentation of Program Execution', + status: 'Incomplete', + }, + { + id: 'CWE-1113', + name: 'Inappropriate Comment Style', + status: 'Incomplete', + }, + { + id: 'CWE-1114', + name: 'Inappropriate Whitespace Style', + status: 'Incomplete', + }, + { + id: 'CWE-1115', + name: 'Source Code Element without Standard Prologue', + status: 'Incomplete', + }, + { id: 'CWE-1116', name: 'Inaccurate Comments', status: 'Incomplete' }, + { + id: 'CWE-1117', + name: 'Callable with Insufficient Behavioral Summary', + status: 'Incomplete', + }, + { + id: 'CWE-1118', + name: 'Insufficient Documentation of Error Handling Techniques', + status: 'Incomplete', + }, + { + id: 'CWE-1119', + name: 'Excessive Use of Unconditional Branching', + status: 'Incomplete', + }, + { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, + { id: 'CWE-1120', name: 'Excessive Code Complexity', status: 'Incomplete' }, + { + id: 'CWE-1121', + name: 'Excessive McCabe Cyclomatic Complexity', + status: 'Incomplete', + }, + { + id: 'CWE-1122', + name: 'Excessive Halstead Complexity', + status: 'Incomplete', + }, + { + id: 'CWE-1123', + name: 'Excessive Use of Self-Modifying Code', + status: 'Incomplete', + }, + { id: 'CWE-1124', name: 'Excessively Deep Nesting', status: 'Incomplete' }, + { id: 'CWE-1125', name: 'Excessive Attack Surface', status: 'Incomplete' }, + { + id: 'CWE-1126', + name: 'Declaration of Variable with Unnecessarily Wide Scope', + status: 'Incomplete', + }, + { + id: 'CWE-1127', + name: 'Compilation with Insufficient Warnings or Errors', + status: 'Incomplete', + }, + { + id: 'CWE-113', + name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')", + status: 'Incomplete', + }, + { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, + { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, + { + id: 'CWE-116', + name: 'Improper Encoding or Escaping of Output', + status: 'Draft', + }, + { id: 'CWE-1164', name: 'Irrelevant Code', status: 'Incomplete' }, + { + id: 'CWE-117', + name: 'Improper Output Neutralization for Logs', + status: 'Draft', + }, + { + id: 'CWE-1173', + name: 'Improper Use of Validation Framework', + status: 'Draft', + }, + { + id: 'CWE-1174', + name: 'ASP.NET Misconfiguration: Improper Model Validation', + status: 'Draft', + }, + { + id: 'CWE-1176', + name: 'Inefficient CPU Computation', + status: 'Incomplete', + }, + { id: 'CWE-1177', name: 'Use of Prohibited Code', status: 'Incomplete' }, + { + id: 'CWE-118', + name: "Incorrect Access of Indexable Resource ('Range Error')", + status: 'Incomplete', + }, + { + id: 'CWE-1187', + name: 'DEPRECATED: Use of Uninitialized Resource', + status: 'Deprecated', + }, + { + id: 'CWE-1188', + name: 'Insecure Default Initialization of Resource', + status: 'Incomplete', + }, + { + id: 'CWE-1189', + name: 'Improper Isolation of Shared Resources on System-on-a-Chip (SoC)', + status: 'Draft', + }, + { + id: 'CWE-119', + name: 'Improper Restriction of Operations within the Bounds of a Memory Buffer', + status: 'Stable', + }, + { + id: 'CWE-1190', + name: 'DMA Device Enabled Too Early in Boot Phase', + status: 'Draft', + }, + { + id: 'CWE-1191', + name: 'Exposed Chip Debug and Test Interface With Insufficient or Missing Authorization', + status: 'Draft', + }, + { + id: 'CWE-1192', + name: 'System-on-Chip (SoC) Using Components without Unique, Immutable Identifiers', + status: 'Draft', + }, + { + id: 'CWE-1193', + name: 'Power-On of Untrusted Execution Core Before Enabling Fabric Access Control', + status: 'Draft', + }, + { + id: 'CWE-12', + name: 'ASP.NET Misconfiguration: Missing Custom Error Page', + status: 'Draft', + }, + { + id: 'CWE-120', + name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", + status: 'Incomplete', + }, + { + id: 'CWE-1204', + name: 'Generation of Weak Initialization Vector (IV)', + status: 'Incomplete', + }, + { + id: 'CWE-1209', + name: 'Failure to Disable Reserved Bits', + status: 'Incomplete', + }, + { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, + { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, + { + id: 'CWE-1220', + name: 'Insufficient Granularity of Access Control', + status: 'Incomplete', + }, + { + id: 'CWE-1221', + name: 'Incorrect Register Defaults or Module Parameters', + status: 'Incomplete', + }, + { + id: 'CWE-1222', + name: 'Insufficient Granularity of Address Regions Protected by Register Locks', + status: 'Incomplete', + }, + { + id: 'CWE-1223', + name: 'Race Condition for Write-Once Attributes', + status: 'Incomplete', + }, + { + id: 'CWE-1224', + name: 'Improper Restriction of Write-Once Bit Fields', + status: 'Incomplete', + }, + { + id: 'CWE-1229', + name: 'Creation of Emergent Resource', + status: 'Incomplete', + }, + { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, + { + id: 'CWE-1230', + name: 'Exposure of Sensitive Information Through Metadata', + status: 'Incomplete', + }, + { + id: 'CWE-1231', + name: 'Improper Implementation of Lock Protection Registers', + status: 'Incomplete', + }, + { + id: 'CWE-1232', + name: 'Improper Lock Behavior After Power State Transition', + status: 'Incomplete', + }, + { + id: 'CWE-1233', + name: 'Improper Hardware Lock Protection for Security Sensitive Controls', + status: 'Incomplete', + }, + { + id: 'CWE-1234', + name: 'Hardware Internal or Debug Modes Allow Override of Locks', + status: 'Incomplete', + }, + { + id: 'CWE-1235', + name: 'Incorrect Use of Autoboxing and Unboxing for Performance Critical Operations', + status: 'Incomplete', + }, + { + id: 'CWE-1236', + name: 'Improper Neutralization of Formula Elements in a CSV File', + status: 'Incomplete', + }, + { + id: 'CWE-1239', + name: 'Improper Zeroization of Hardware Register', + status: 'Draft', + }, + { + id: 'CWE-124', + name: "Buffer Underwrite ('Buffer Underflow')", + status: 'Incomplete', + }, + { + id: 'CWE-1240', + name: 'Use of a Risky Cryptographic Primitive', + status: 'Draft', + }, + { + id: 'CWE-1241', + name: 'Use of Predictable Algorithm in Random Number Generator', + status: 'Draft', + }, + { + id: 'CWE-1242', + name: 'Inclusion of Undocumented Features or Chicken Bits', + status: 'Incomplete', + }, + { + id: 'CWE-1243', + name: 'Sensitive Non-Volatile Information Not Protected During Debug', + status: 'Incomplete', + }, + { + id: 'CWE-1244', + name: 'Improper Access to Sensitive Information Using Debug and Test Interfaces', + status: 'Incomplete', + }, + { + id: 'CWE-1245', + name: 'Improper Finite State Machines (FSMs) in Hardware Logic', + status: 'Incomplete', + }, + { + id: 'CWE-1246', + name: 'Improper Write Handling in Limited-write Non-Volatile Memories', + status: 'Incomplete', + }, + { + id: 'CWE-1247', + name: 'Missing or Improperly Implemented Protection Against Voltage and Clock Glitches', + status: 'Incomplete', + }, + { + id: 'CWE-1248', + name: 'Semiconductor Defects in Hardware Logic with Security-Sensitive Implications', + status: 'Incomplete', + }, + { + id: 'CWE-1249', + name: 'Application-Level Admin Tool with Inconsistent View of Underlying Operating System', + status: 'Incomplete', + }, + { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, + { + id: 'CWE-1250', + name: 'Improper Preservation of Consistency Between Independent Representations of Shared State', + status: 'Incomplete', + }, + { + id: 'CWE-1251', + name: 'Mirrored Regions with Different Values', + status: 'Incomplete', + }, + { + id: 'CWE-1252', + name: 'CPU Hardware Not Configured to Support Exclusivity of Write and Execute Operations', + status: 'Incomplete', + }, + { + id: 'CWE-1253', + name: 'Incorrect Selection of Fuse Values', + status: 'Draft', + }, + { + id: 'CWE-1254', + name: 'Incorrect Comparison Logic Granularity', + status: 'Draft', + }, + { + id: 'CWE-1255', + name: 'Comparison Logic is Vulnerable to Power Side-Channel Attacks', + status: 'Draft', + }, + { + id: 'CWE-1256', + name: 'Hardware Features Enable Physical Attacks from Software', + status: 'Incomplete', + }, + { + id: 'CWE-1257', + name: 'Improper Access Control Applied to Mirrored or Aliased Memory Regions', + status: 'Incomplete', + }, + { + id: 'CWE-1258', + name: 'Exposure of Sensitive System Information Due to Uncleared Debug Information', + status: 'Draft', + }, + { + id: 'CWE-1259', + name: 'Improper Restriction of Security Token Assignment', + status: 'Incomplete', + }, + { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, + { + id: 'CWE-1260', + name: 'Improper Handling of Overlap Between Protected Memory Ranges', + status: 'Draft', + }, + { + id: 'CWE-1261', + name: 'Improper Handling of Single Event Upsets', + status: 'Draft', + }, + { + id: 'CWE-1262', + name: 'Register Interface Allows Software Access to Sensitive Data or Security Settings', + status: 'Incomplete', + }, + { + id: 'CWE-1263', + name: 'Improper Physical Access Control', + status: 'Incomplete', + }, + { + id: 'CWE-1264', + name: 'Hardware Logic with Insecure De-Synchronization between Control and Data Channels', + status: 'Incomplete', + }, + { + id: 'CWE-1265', + name: 'Unintended Reentrant Invocation of Non-reentrant Code Via Nested Calls', + status: 'Draft', + }, + { + id: 'CWE-1266', + name: 'Improper Scrubbing of Sensitive Data from Decommissioned Device', + status: 'Incomplete', + }, + { id: 'CWE-1267', name: 'Policy Uses Obsolete Encoding', status: 'Draft' }, + { + id: 'CWE-1268', + name: 'Policy Privileges are not Assigned Consistently Between Control and Data Agents', + status: 'Draft', + }, + { + id: 'CWE-1269', + name: 'Product Released in Non-Release Configuration', + status: 'Incomplete', + }, + { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, + { + id: 'CWE-1270', + name: 'Generation of Incorrect Security Tokens', + status: 'Incomplete', + }, + { + id: 'CWE-1271', + name: 'Uninitialized Value on Reset for Registers Holding Security Settings', + status: 'Incomplete', + }, + { + id: 'CWE-1272', + name: 'Sensitive Information Uncleared Before Debug/Power State Transition', + status: 'Incomplete', + }, + { + id: 'CWE-1273', + name: 'Device Unlock Credential Sharing', + status: 'Incomplete', + }, + { + id: 'CWE-1274', + name: 'Insufficient Protections on the Volatile Memory Containing Boot Code', + status: 'Incomplete', + }, + { + id: 'CWE-1275', + name: 'Sensitive Cookie with Improper SameSite Attribute', + status: 'Incomplete', + }, + { + id: 'CWE-1276', + name: 'Hardware Child Block Incorrectly Connected to Parent System', + status: 'Incomplete', + }, + { id: 'CWE-1277', name: 'Firmware Not Updateable', status: 'Incomplete' }, + { + id: 'CWE-1278', + name: 'Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques', + status: 'Incomplete', + }, + { + id: 'CWE-1279', + name: 'Cryptographic Operations are run Before Supporting Units are Ready', + status: 'Incomplete', + }, + { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, + { + id: 'CWE-1280', + name: 'Access Control Check Implemented After Asset is Accessed', + status: 'Incomplete', + }, + { + id: 'CWE-1281', + name: 'Sequence of Processor Instructions Leads to Unexpected Behavior', + status: 'Incomplete', + }, + { + id: 'CWE-1282', + name: 'Assumed-Immutable Data is Stored in Writable Memory', + status: 'Incomplete', + }, + { + id: 'CWE-1283', + name: 'Mutable Attestation or Measurement Reporting Data', + status: 'Incomplete', + }, + { + id: 'CWE-1284', + name: 'Improper Validation of Specified Quantity in Input', + status: 'Incomplete', + }, + { + id: 'CWE-1285', + name: 'Improper Validation of Specified Index, Position, or Offset in Input', + status: 'Incomplete', + }, + { + id: 'CWE-1286', + name: 'Improper Validation of Syntactic Correctness of Input', + status: 'Incomplete', + }, + { + id: 'CWE-1287', + name: 'Improper Validation of Specified Type of Input', + status: 'Incomplete', + }, + { + id: 'CWE-1288', + name: 'Improper Validation of Consistency within Input', + status: 'Incomplete', + }, + { + id: 'CWE-1289', + name: 'Improper Validation of Unsafe Equivalence in Input', + status: 'Incomplete', + }, + { + id: 'CWE-129', + name: 'Improper Validation of Array Index', + status: 'Draft', + }, + { + id: 'CWE-1290', + name: 'Incorrect Decoding of Security Identifiers ', + status: 'Incomplete', + }, + { + id: 'CWE-1291', + name: 'Public Key Re-Use for Signing both Debug and Production Code', + status: 'Draft', + }, + { + id: 'CWE-1292', + name: 'Incorrect Conversion of Security Identifiers', + status: 'Draft', + }, + { + id: 'CWE-1293', + name: 'Missing Source Correlation of Multiple Independent Data', + status: 'Draft', + }, + { + id: 'CWE-1294', + name: 'Insecure Security Identifier Mechanism', + status: 'Incomplete', + }, + { + id: 'CWE-1295', + name: 'Debug Messages Revealing Unnecessary Information', + status: 'Incomplete', + }, + { + id: 'CWE-1296', + name: 'Incorrect Chaining or Granularity of Debug Components', + status: 'Incomplete', + }, + { + id: 'CWE-1297', + name: 'Unprotected Confidential Information on Device is Accessible by OSAT Vendors', + status: 'Incomplete', + }, + { + id: 'CWE-1298', + name: 'Hardware Logic Contains Race Conditions', + status: 'Draft', + }, + { + id: 'CWE-1299', + name: 'Missing Protection Mechanism for Alternate Hardware Interface', + status: 'Draft', + }, + { + id: 'CWE-13', + name: 'ASP.NET Misconfiguration: Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-130', + name: 'Improper Handling of Length Parameter Inconsistency', + status: 'Incomplete', + }, + { + id: 'CWE-1300', + name: 'Improper Protection Against Physical Side Channels', + status: 'Incomplete', + }, + { + id: 'CWE-1301', + name: 'Insufficient or Incomplete Data Removal within Hardware Component', + status: 'Incomplete', + }, + { + id: 'CWE-1302', + name: 'Missing Security Identifier', + status: 'Incomplete', + }, + { + id: 'CWE-1303', + name: 'Non-Transparent Sharing of Microarchitectural Resources', + status: 'Draft', + }, + { + id: 'CWE-1304', + name: 'Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation', + status: 'Draft', + }, + { + id: 'CWE-131', + name: 'Incorrect Calculation of Buffer Size', + status: 'Draft', + }, + { + id: 'CWE-1310', + name: 'Missing Ability to Patch ROM Code', + status: 'Draft', + }, + { + id: 'CWE-1311', + name: 'Improper Translation of Security Attributes by Fabric Bridge', + status: 'Draft', + }, + { + id: 'CWE-1312', + name: 'Missing Protection for Mirrored Regions in On-Chip Fabric Firewall', + status: 'Draft', + }, + { + id: 'CWE-1313', + name: 'Hardware Allows Activation of Test or Debug Logic at Runtime', + status: 'Draft', + }, + { + id: 'CWE-1314', + name: 'Missing Write Protection for Parametric Data Values', + status: 'Draft', + }, + { + id: 'CWE-1315', + name: 'Improper Setting of Bus Controlling Capability in Fabric End-point', + status: 'Incomplete', + }, + { + id: 'CWE-1316', + name: 'Fabric-Address Map Allows Programming of Unwarranted Overlaps of Protected and Unprotected Ranges', + status: 'Draft', + }, + { + id: 'CWE-1317', + name: 'Missing Security Checks in Fabric Bridge', + status: 'Draft', + }, + { + id: 'CWE-1318', + name: 'Missing Support for Security Features in On-chip Fabrics or Buses', + status: 'Incomplete', + }, + { + id: 'CWE-1319', + name: 'Improper Protection against Electromagnetic Fault Injection (EM-FI)', + status: 'Incomplete', + }, + { + id: 'CWE-132', + name: 'DEPRECATED: Miscalculated Null Termination', + status: 'Deprecated', + }, + { + id: 'CWE-1320', + name: 'Improper Protection for Out of Bounds Signal Level Alerts', + status: 'Draft', + }, + { + id: 'CWE-1321', + name: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", + status: 'Incomplete', + }, + { + id: 'CWE-1322', + name: 'Use of Blocking Code in Single-threaded, Non-blocking Context', + status: 'Incomplete', + }, + { + id: 'CWE-1323', + name: 'Improper Management of Sensitive Trace Data', + status: 'Draft', + }, + { + id: 'CWE-1324', + name: 'Sensitive Information Accessible by Physical Probing of JTAG Interface', + status: 'Draft', + }, + { + id: 'CWE-1325', + name: 'Improperly Controlled Sequential Memory Allocation', + status: 'Incomplete', + }, + { + id: 'CWE-1326', + name: 'Missing Immutable Root of Trust in Hardware', + status: 'Draft', + }, + { + id: 'CWE-1327', + name: 'Binding to an Unrestricted IP Address', + status: 'Incomplete', + }, + { + id: 'CWE-1328', + name: 'Security Version Number Mutable to Older Versions', + status: 'Draft', + }, + { + id: 'CWE-1329', + name: 'Reliance on Component That is Not Updateable', + status: 'Incomplete', + }, + { + id: 'CWE-1330', + name: 'Remanent Data Readable after Memory Erase', + status: 'Draft', + }, + { + id: 'CWE-1331', + name: 'Improper Isolation of Shared Resources in Network On Chip', + status: 'Draft', + }, + { + id: 'CWE-1332', + name: 'Insufficient Protection Against Instruction Skipping Via Fault Injection', + status: 'Incomplete', + }, + { + id: 'CWE-1333', + name: 'Inefficient Regular Expression Complexity', + status: 'Draft', + }, + { + id: 'CWE-1334', + name: 'Unauthorized Error Injection Can Degrade Hardware Redundancy', + status: 'Draft', + }, + { + id: 'CWE-1335', + name: 'Incorrect Bitwise Shift of Integer', + status: 'Draft', + }, + { + id: 'CWE-1336', + name: 'Improper Neutralization of Special Elements Used in a Template Engine', + status: 'Incomplete', + }, + { + id: 'CWE-1338', + name: 'Improper Protections Against Hardware Overheating', + status: 'Draft', + }, + { + id: 'CWE-1339', + name: 'Insufficient Precision or Accuracy of a Real Number', + status: 'Draft', + }, + { + id: 'CWE-134', + name: 'Use of Externally-Controlled Format String', + status: 'Draft', + }, + { + id: 'CWE-135', + name: 'Incorrect Calculation of Multi-Byte String Length', + status: 'Draft', + }, + { + id: 'CWE-1351', + name: 'Improper Handling of Hardware Behavior in Exceptionally Cold Environments', + status: 'Incomplete', + }, + { + id: 'CWE-138', + name: 'Improper Neutralization of Special Elements', + status: 'Draft', + }, + { + id: 'CWE-14', + name: 'Compiler Removal of Code to Clear Buffers', + status: 'Draft', + }, + { + id: 'CWE-140', + name: 'Improper Neutralization of Delimiters', + status: 'Draft', + }, + { + id: 'CWE-141', + name: 'Improper Neutralization of Parameter/Argument Delimiters', + status: 'Draft', + }, + { + id: 'CWE-142', + name: 'Improper Neutralization of Value Delimiters', + status: 'Draft', + }, + { + id: 'CWE-143', + name: 'Improper Neutralization of Record Delimiters', + status: 'Draft', + }, + { + id: 'CWE-144', + name: 'Improper Neutralization of Line Delimiters', + status: 'Draft', + }, + { + id: 'CWE-145', + name: 'Improper Neutralization of Section Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-146', + name: 'Improper Neutralization of Expression/Command Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-147', + name: 'Improper Neutralization of Input Terminators', + status: 'Draft', + }, + { + id: 'CWE-148', + name: 'Improper Neutralization of Input Leaders', + status: 'Draft', + }, + { + id: 'CWE-149', + name: 'Improper Neutralization of Quoting Syntax', + status: 'Draft', + }, + { + id: 'CWE-15', + name: 'External Control of System or Configuration Setting', + status: 'Incomplete', + }, + { + id: 'CWE-150', + name: 'Improper Neutralization of Escape, Meta, or Control Sequences', + status: 'Incomplete', + }, + { + id: 'CWE-151', + name: 'Improper Neutralization of Comment Delimiters', + status: 'Draft', + }, + { + id: 'CWE-152', + name: 'Improper Neutralization of Macro Symbols', + status: 'Draft', + }, + { + id: 'CWE-153', + name: 'Improper Neutralization of Substitution Characters', + status: 'Draft', + }, + { + id: 'CWE-154', + name: 'Improper Neutralization of Variable Name Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-155', + name: 'Improper Neutralization of Wildcards or Matching Symbols', + status: 'Draft', + }, + { + id: 'CWE-156', + name: 'Improper Neutralization of Whitespace', + status: 'Draft', + }, + { + id: 'CWE-157', + name: 'Failure to Sanitize Paired Delimiters', + status: 'Draft', + }, + { + id: 'CWE-158', + name: 'Improper Neutralization of Null Byte or NUL Character', + status: 'Incomplete', + }, + { + id: 'CWE-159', + name: 'Improper Handling of Invalid Use of Special Elements', + status: 'Draft', + }, + { + id: 'CWE-160', + name: 'Improper Neutralization of Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-161', + name: 'Improper Neutralization of Multiple Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-162', + name: 'Improper Neutralization of Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-163', + name: 'Improper Neutralization of Multiple Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-164', + name: 'Improper Neutralization of Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-165', + name: 'Improper Neutralization of Multiple Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-166', + name: 'Improper Handling of Missing Special Element', + status: 'Draft', + }, + { + id: 'CWE-167', + name: 'Improper Handling of Additional Special Element', + status: 'Draft', + }, + { + id: 'CWE-168', + name: 'Improper Handling of Inconsistent Special Elements', + status: 'Draft', + }, + { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, + { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, + { + id: 'CWE-173', + name: 'Improper Handling of Alternate Encoding', + status: 'Draft', + }, + { + id: 'CWE-174', + name: 'Double Decoding of the Same Data', + status: 'Draft', + }, + { + id: 'CWE-175', + name: 'Improper Handling of Mixed Encoding', + status: 'Draft', + }, + { + id: 'CWE-176', + name: 'Improper Handling of Unicode Encoding', + status: 'Draft', + }, + { + id: 'CWE-177', + name: 'Improper Handling of URL Encoding (Hex Encoding)', + status: 'Draft', + }, + { + id: 'CWE-178', + name: 'Improper Handling of Case Sensitivity', + status: 'Incomplete', + }, + { + id: 'CWE-179', + name: 'Incorrect Behavior Order: Early Validation', + status: 'Incomplete', + }, + { + id: 'CWE-180', + name: 'Incorrect Behavior Order: Validate Before Canonicalize', + status: 'Draft', + }, + { + id: 'CWE-181', + name: 'Incorrect Behavior Order: Validate Before Filter', + status: 'Draft', + }, + { + id: 'CWE-182', + name: 'Collapse of Data into Unsafe Value', + status: 'Draft', + }, + { + id: 'CWE-183', + name: 'Permissive List of Allowed Inputs', + status: 'Draft', + }, + { + id: 'CWE-184', + name: 'Incomplete List of Disallowed Inputs', + status: 'Draft', + }, + { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, + { + id: 'CWE-186', + name: 'Overly Restrictive Regular Expression', + status: 'Draft', + }, + { id: 'CWE-187', name: 'Partial String Comparison', status: 'Incomplete' }, + { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, + { id: 'CWE-190', name: 'Integer Overflow or Wraparound', status: 'Stable' }, + { + id: 'CWE-191', + name: 'Integer Underflow (Wrap or Wraparound)', + status: 'Draft', + }, + { id: 'CWE-192', name: 'Integer Coercion Error', status: 'Incomplete' }, + { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, + { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, + { + id: 'CWE-195', + name: 'Signed to Unsigned Conversion Error', + status: 'Draft', + }, + { + id: 'CWE-196', + name: 'Unsigned to Signed Conversion Error', + status: 'Draft', + }, + { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, + { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, + { id: 'CWE-20', name: 'Improper Input Validation', status: 'Stable' }, + { + id: 'CWE-200', + name: 'Exposure of Sensitive Information to an Unauthorized Actor', + status: 'Draft', + }, + { + id: 'CWE-201', + name: 'Insertion of Sensitive Information Into Sent Data', + status: 'Draft', + }, + { + id: 'CWE-202', + name: 'Exposure of Sensitive Information Through Data Queries', + status: 'Draft', + }, + { id: 'CWE-203', name: 'Observable Discrepancy', status: 'Incomplete' }, + { + id: 'CWE-204', + name: 'Observable Response Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-205', + name: 'Observable Behavioral Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-206', + name: 'Observable Internal Behavioral Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-207', + name: 'Observable Behavioral Discrepancy With Equivalent Products', + status: 'Draft', + }, + { + id: 'CWE-208', + name: 'Observable Timing Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-209', + name: 'Generation of Error Message Containing Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-210', + name: 'Self-generated Error Message Containing Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-211', + name: 'Externally-Generated Error Message Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-212', + name: 'Improper Removal of Sensitive Information Before Storage or Transfer', + status: 'Incomplete', + }, + { + id: 'CWE-213', + name: 'Exposure of Sensitive Information Due to Incompatible Policies', + status: 'Draft', + }, + { + id: 'CWE-214', + name: 'Invocation of Process Using Visible Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-215', + name: 'Insertion of Sensitive Information Into Debugging Code', + status: 'Draft', + }, + { + id: 'CWE-216', + name: 'DEPRECATED: Containment Errors (Container Errors)', + status: 'Deprecated', + }, + { + id: 'CWE-217', + name: 'DEPRECATED: Failure to Protect Stored Data from Modification', + status: 'Deprecated', + }, + { + id: 'CWE-218', + name: 'DEPRECATED: Failure to provide confidentiality for stored data', + status: 'Deprecated', + }, + { + id: 'CWE-219', + name: 'Storage of File with Sensitive Data Under Web Root', + status: 'Draft', + }, + { + id: 'CWE-22', + name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + status: 'Stable', + }, + { + id: 'CWE-220', + name: 'Storage of File With Sensitive Data Under FTP Root', + status: 'Draft', + }, + { + id: 'CWE-221', + name: 'Information Loss or Omission', + status: 'Incomplete', + }, + { + id: 'CWE-222', + name: 'Truncation of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-223', + name: 'Omission of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-224', + name: 'Obscured Security-relevant Information by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-225', + name: 'DEPRECATED: General Information Management Problems', + status: 'Deprecated', + }, + { + id: 'CWE-226', + name: 'Sensitive Information in Resource Not Removed Before Reuse', + status: 'Draft', + }, + { + id: 'CWE-228', + name: 'Improper Handling of Syntactically Invalid Structure', + status: 'Incomplete', + }, + { + id: 'CWE-229', + name: 'Improper Handling of Values', + status: 'Incomplete', + }, + { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, + { + id: 'CWE-230', + name: 'Improper Handling of Missing Values', + status: 'Draft', + }, + { + id: 'CWE-231', + name: 'Improper Handling of Extra Values', + status: 'Draft', + }, + { + id: 'CWE-232', + name: 'Improper Handling of Undefined Values', + status: 'Draft', + }, + { + id: 'CWE-233', + name: 'Improper Handling of Parameters', + status: 'Incomplete', + }, + { + id: 'CWE-234', + name: 'Failure to Handle Missing Parameter', + status: 'Incomplete', + }, + { + id: 'CWE-235', + name: 'Improper Handling of Extra Parameters', + status: 'Draft', + }, + { + id: 'CWE-236', + name: 'Improper Handling of Undefined Parameters', + status: 'Draft', + }, + { + id: 'CWE-237', + name: 'Improper Handling of Structural Elements', + status: 'Incomplete', + }, + { + id: 'CWE-238', + name: 'Improper Handling of Incomplete Structural Elements', + status: 'Draft', + }, + { + id: 'CWE-239', + name: 'Failure to Handle Incomplete Element', + status: 'Draft', + }, + { + id: 'CWE-24', + name: "Path Traversal: '../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-240', + name: 'Improper Handling of Inconsistent Structural Elements', + status: 'Draft', + }, + { + id: 'CWE-241', + name: 'Improper Handling of Unexpected Data Type', + status: 'Draft', + }, + { + id: 'CWE-242', + name: 'Use of Inherently Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-243', + name: 'Creation of chroot Jail Without Changing Working Directory', + status: 'Draft', + }, + { + id: 'CWE-244', + name: "Improper Clearing of Heap Memory Before Release ('Heap Inspection')", + status: 'Draft', + }, + { + id: 'CWE-245', + name: 'J2EE Bad Practices: Direct Management of Connections', + status: 'Draft', + }, + { + id: 'CWE-246', + name: 'J2EE Bad Practices: Direct Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-247', + name: 'DEPRECATED: Reliance on DNS Lookups in a Security Decision', + status: 'Deprecated', + }, + { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, + { + id: 'CWE-249', + name: 'DEPRECATED: Often Misused: Path Manipulation', + status: 'Deprecated', + }, + { + id: 'CWE-25', + name: "Path Traversal: '/../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-250', + name: 'Execution with Unnecessary Privileges', + status: 'Draft', + }, + { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, + { + id: 'CWE-253', + name: 'Incorrect Check of Function Return Value', + status: 'Incomplete', + }, + { + id: 'CWE-256', + name: 'Plaintext Storage of a Password', + status: 'Incomplete', + }, + { + id: 'CWE-257', + name: 'Storing Passwords in a Recoverable Format', + status: 'Incomplete', + }, + { + id: 'CWE-258', + name: 'Empty Password in Configuration File', + status: 'Incomplete', + }, + { id: 'CWE-259', name: 'Use of Hard-coded Password', status: 'Draft' }, + { + id: 'CWE-26', + name: "Path Traversal: '/dir/../filename'", + status: 'Draft', + }, + { + id: 'CWE-260', + name: 'Password in Configuration File', + status: 'Incomplete', + }, + { id: 'CWE-261', name: 'Weak Encoding for Password', status: 'Incomplete' }, + { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, + { + id: 'CWE-263', + name: 'Password Aging with Long Expiration', + status: 'Draft', + }, + { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, + { + id: 'CWE-267', + name: 'Privilege Defined With Unsafe Actions', + status: 'Incomplete', + }, + { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, + { id: 'CWE-269', name: 'Improper Privilege Management', status: 'Draft' }, + { + id: 'CWE-27', + name: "Path Traversal: 'dir/../../filename'", + status: 'Draft', + }, + { + id: 'CWE-270', + name: 'Privilege Context Switching Error', + status: 'Draft', + }, + { + id: 'CWE-271', + name: 'Privilege Dropping / Lowering Errors', + status: 'Incomplete', + }, + { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, + { + id: 'CWE-273', + name: 'Improper Check for Dropped Privileges', + status: 'Incomplete', + }, + { + id: 'CWE-274', + name: 'Improper Handling of Insufficient Privileges', + status: 'Draft', + }, + { id: 'CWE-276', name: 'Incorrect Default Permissions', status: 'Draft' }, + { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, + { + id: 'CWE-278', + name: 'Insecure Preserved Inherited Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-279', + name: 'Incorrect Execution-Assigned Permissions', + status: 'Draft', + }, + { + id: 'CWE-28', + name: "Path Traversal: '..\\filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-280', + name: 'Improper Handling of Insufficient Permissions or Privileges ', + status: 'Draft', + }, + { + id: 'CWE-281', + name: 'Improper Preservation of Permissions', + status: 'Draft', + }, + { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, + { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, + { id: 'CWE-284', name: 'Improper Access Control', status: 'Incomplete' }, + { id: 'CWE-285', name: 'Improper Authorization', status: 'Draft' }, + { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, + { id: 'CWE-287', name: 'Improper Authentication', status: 'Draft' }, + { + id: 'CWE-288', + name: 'Authentication Bypass Using an Alternate Path or Channel', + status: 'Incomplete', + }, + { + id: 'CWE-289', + name: 'Authentication Bypass by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-29', + name: "Path Traversal: '\\..\\filename'", + status: 'Incomplete', + }, + { + id: 'CWE-290', + name: 'Authentication Bypass by Spoofing', + status: 'Incomplete', + }, + { + id: 'CWE-291', + name: 'Reliance on IP Address for Authentication', + status: 'Incomplete', + }, + { + id: 'CWE-292', + name: 'DEPRECATED: Trusting Self-reported DNS Name', + status: 'Deprecated', + }, + { + id: 'CWE-293', + name: 'Using Referer Field for Authentication', + status: 'Draft', + }, + { + id: 'CWE-294', + name: 'Authentication Bypass by Capture-replay', + status: 'Incomplete', + }, + { id: 'CWE-295', name: 'Improper Certificate Validation', status: 'Draft' }, + { + id: 'CWE-296', + name: "Improper Following of a Certificate's Chain of Trust", + status: 'Draft', + }, + { + id: 'CWE-297', + name: 'Improper Validation of Certificate with Host Mismatch', + status: 'Incomplete', + }, + { + id: 'CWE-298', + name: 'Improper Validation of Certificate Expiration', + status: 'Draft', + }, + { + id: 'CWE-299', + name: 'Improper Check for Certificate Revocation', + status: 'Draft', + }, + { + id: 'CWE-30', + name: "Path Traversal: '\\dir\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-300', + name: 'Channel Accessible by Non-Endpoint', + status: 'Draft', + }, + { + id: 'CWE-301', + name: 'Reflection Attack in an Authentication Protocol', + status: 'Draft', + }, + { + id: 'CWE-302', + name: 'Authentication Bypass by Assumed-Immutable Data', + status: 'Incomplete', + }, + { + id: 'CWE-303', + name: 'Incorrect Implementation of Authentication Algorithm', + status: 'Draft', + }, + { + id: 'CWE-304', + name: 'Missing Critical Step in Authentication', + status: 'Draft', + }, + { + id: 'CWE-305', + name: 'Authentication Bypass by Primary Weakness', + status: 'Draft', + }, + { + id: 'CWE-306', + name: 'Missing Authentication for Critical Function', + status: 'Draft', + }, + { + id: 'CWE-307', + name: 'Improper Restriction of Excessive Authentication Attempts', + status: 'Draft', + }, + { + id: 'CWE-308', + name: 'Use of Single-factor Authentication', + status: 'Draft', + }, + { + id: 'CWE-309', + name: 'Use of Password System for Primary Authentication', + status: 'Draft', + }, + { + id: 'CWE-31', + name: "Path Traversal: 'dir\\..\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-311', + name: 'Missing Encryption of Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-312', + name: 'Cleartext Storage of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-313', + name: 'Cleartext Storage in a File or on Disk', + status: 'Draft', + }, + { + id: 'CWE-314', + name: 'Cleartext Storage in the Registry', + status: 'Draft', + }, + { + id: 'CWE-315', + name: 'Cleartext Storage of Sensitive Information in a Cookie', + status: 'Draft', + }, + { + id: 'CWE-316', + name: 'Cleartext Storage of Sensitive Information in Memory', + status: 'Draft', + }, + { + id: 'CWE-317', + name: 'Cleartext Storage of Sensitive Information in GUI', + status: 'Draft', + }, + { + id: 'CWE-318', + name: 'Cleartext Storage of Sensitive Information in Executable', + status: 'Draft', + }, + { + id: 'CWE-319', + name: 'Cleartext Transmission of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-32', + name: "Path Traversal: '...' (Triple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-321', + name: 'Use of Hard-coded Cryptographic Key', + status: 'Draft', + }, + { + id: 'CWE-322', + name: 'Key Exchange without Entity Authentication', + status: 'Draft', + }, + { + id: 'CWE-323', + name: 'Reusing a Nonce, Key Pair in Encryption', + status: 'Incomplete', + }, + { + id: 'CWE-324', + name: 'Use of a Key Past its Expiration Date', + status: 'Draft', + }, + { id: 'CWE-325', name: 'Missing Cryptographic Step', status: 'Draft' }, + { id: 'CWE-326', name: 'Inadequate Encryption Strength', status: 'Draft' }, + { + id: 'CWE-327', + name: 'Use of a Broken or Risky Cryptographic Algorithm', + status: 'Draft', + }, + { id: 'CWE-328', name: 'Reversible One-Way Hash', status: 'Draft' }, + { + id: 'CWE-329', + name: 'Generation of Predictable IV with CBC Mode', + status: 'Draft', + }, + { + id: 'CWE-33', + name: "Path Traversal: '....' (Multiple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-330', + name: 'Use of Insufficiently Random Values', + status: 'Stable', + }, + { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, + { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, + { + id: 'CWE-333', + name: 'Improper Handling of Insufficient Entropy in TRNG', + status: 'Draft', + }, + { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, + { + id: 'CWE-335', + name: 'Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + }, + { + id: 'CWE-336', + name: 'Same Seed in Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + }, + { + id: 'CWE-337', + name: 'Predictable Seed in Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + }, + { + id: 'CWE-338', + name: 'Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + }, + { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, + { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, + { + id: 'CWE-340', + name: 'Generation of Predictable Numbers or Identifiers', + status: 'Incomplete', + }, + { + id: 'CWE-341', + name: 'Predictable from Observable State', + status: 'Draft', + }, + { + id: 'CWE-342', + name: 'Predictable Exact Value from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-343', + name: 'Predictable Value Range from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-344', + name: 'Use of Invariant Value in Dynamically Changing Context', + status: 'Draft', + }, + { + id: 'CWE-345', + name: 'Insufficient Verification of Data Authenticity', + status: 'Draft', + }, + { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, + { + id: 'CWE-347', + name: 'Improper Verification of Cryptographic Signature', + status: 'Draft', + }, + { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, + { + id: 'CWE-349', + name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', + status: 'Draft', + }, + { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, + { + id: 'CWE-350', + name: 'Reliance on Reverse DNS Resolution for a Security-Critical Action', + status: 'Draft', + }, + { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, + { + id: 'CWE-352', + name: 'Cross-Site Request Forgery (CSRF)', + status: 'Stable', + }, + { + id: 'CWE-353', + name: 'Missing Support for Integrity Check', + status: 'Draft', + }, + { + id: 'CWE-354', + name: 'Improper Validation of Integrity Check Value', + status: 'Draft', + }, + { + id: 'CWE-356', + name: 'Product UI does not Warn User of Unsafe Actions', + status: 'Incomplete', + }, + { + id: 'CWE-357', + name: 'Insufficient UI Warning of Dangerous Operations', + status: 'Draft', + }, + { + id: 'CWE-358', + name: 'Improperly Implemented Security Check for Standard', + status: 'Draft', + }, + { + id: 'CWE-359', + name: 'Exposure of Private Personal Information to an Unauthorized Actor', + status: 'Incomplete', + }, + { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, + { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, + { + id: 'CWE-362', + name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", + status: 'Draft', + }, + { + id: 'CWE-363', + name: 'Race Condition Enabling Link Following', + status: 'Draft', + }, + { + id: 'CWE-364', + name: 'Signal Handler Race Condition', + status: 'Incomplete', + }, + { id: 'CWE-365', name: 'Race Condition in Switch', status: 'Draft' }, + { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, + { + id: 'CWE-367', + name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', + status: 'Incomplete', + }, + { + id: 'CWE-368', + name: 'Context Switching Race Condition', + status: 'Draft', + }, + { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, + { + id: 'CWE-37', + name: "Path Traversal: '/absolute/pathname/here'", + status: 'Draft', + }, + { + id: 'CWE-370', + name: 'Missing Check for Certificate Revocation after Initial Check', + status: 'Draft', + }, + { + id: 'CWE-372', + name: 'Incomplete Internal State Distinction', + status: 'Draft', + }, + { + id: 'CWE-373', + name: 'DEPRECATED: State Synchronization Error', + status: 'Deprecated', + }, + { + id: 'CWE-374', + name: 'Passing Mutable Objects to an Untrusted Method', + status: 'Draft', + }, + { + id: 'CWE-375', + name: 'Returning a Mutable Object to an Untrusted Caller', + status: 'Draft', + }, + { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, + { + id: 'CWE-378', + name: 'Creation of Temporary File With Insecure Permissions', + status: 'Draft', + }, + { + id: 'CWE-379', + name: 'Creation of Temporary File in Directory with Insecure Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-38', + name: "Path Traversal: '\\absolute\\pathname\\here'", + status: 'Draft', + }, + { + id: 'CWE-382', + name: 'J2EE Bad Practices: Use of System.exit()', + status: 'Draft', + }, + { + id: 'CWE-383', + name: 'J2EE Bad Practices: Direct Use of Threads', + status: 'Draft', + }, + { id: 'CWE-384', name: 'Session Fixation', status: 'Incomplete' }, + { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, + { + id: 'CWE-386', + name: 'Symbolic Name not Mapping to Correct Object', + status: 'Draft', + }, + { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, + { + id: 'CWE-390', + name: 'Detection of Error Condition Without Action', + status: 'Draft', + }, + { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, + { + id: 'CWE-392', + name: 'Missing Report of Error Condition', + status: 'Draft', + }, + { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, + { + id: 'CWE-394', + name: 'Unexpected Status Code or Return Value', + status: 'Draft', + }, + { + id: 'CWE-395', + name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', + status: 'Draft', + }, + { + id: 'CWE-396', + name: 'Declaration of Catch for Generic Exception', + status: 'Draft', + }, + { + id: 'CWE-397', + name: 'Declaration of Throws for Generic Exception', + status: 'Draft', + }, + { + id: 'CWE-40', + name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", + status: 'Draft', + }, + { + id: 'CWE-400', + name: 'Uncontrolled Resource Consumption', + status: 'Draft', + }, + { + id: 'CWE-401', + name: 'Missing Release of Memory after Effective Lifetime', + status: 'Draft', + }, + { + id: 'CWE-402', + name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", + status: 'Draft', + }, + { + id: 'CWE-403', + name: "Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')", + status: 'Draft', + }, + { + id: 'CWE-404', + name: 'Improper Resource Shutdown or Release', + status: 'Draft', + }, + { + id: 'CWE-405', + name: 'Asymmetric Resource Consumption (Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-406', + name: 'Insufficient Control of Network Message Volume (Network Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-407', + name: 'Inefficient Algorithmic Complexity', + status: 'Incomplete', + }, + { + id: 'CWE-408', + name: 'Incorrect Behavior Order: Early Amplification', + status: 'Draft', + }, + { + id: 'CWE-409', + name: 'Improper Handling of Highly Compressed Data (Data Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-41', + name: 'Improper Resolution of Path Equivalence', + status: 'Incomplete', + }, + { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, + { + id: 'CWE-412', + name: 'Unrestricted Externally Accessible Lock', + status: 'Incomplete', + }, + { id: 'CWE-413', name: 'Improper Resource Locking', status: 'Draft' }, + { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, + { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, + { id: 'CWE-416', name: 'Use After Free', status: 'Stable' }, + { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, + { + id: 'CWE-42', + name: "Path Equivalence: 'filename.' (Trailing Dot)", + status: 'Incomplete', + }, + { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, + { + id: 'CWE-421', + name: 'Race Condition During Access to Alternate Channel', + status: 'Draft', + }, + { + id: 'CWE-422', + name: "Unprotected Windows Messaging Channel ('Shatter')", + status: 'Draft', + }, + { + id: 'CWE-423', + name: 'DEPRECATED: Proxied Trusted Channel', + status: 'Deprecated', + }, + { + id: 'CWE-424', + name: 'Improper Protection of Alternate Path', + status: 'Draft', + }, + { + id: 'CWE-425', + name: "Direct Request ('Forced Browsing')", + status: 'Incomplete', + }, + { id: 'CWE-426', name: 'Untrusted Search Path', status: 'Stable' }, + { + id: 'CWE-427', + name: 'Uncontrolled Search Path Element', + status: 'Draft', + }, + { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, + { + id: 'CWE-43', + name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-430', + name: 'Deployment of Wrong Handler', + status: 'Incomplete', + }, + { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, + { + id: 'CWE-432', + name: 'Dangerous Signal Handler not Disabled During Sensitive Operations', + status: 'Draft', + }, + { + id: 'CWE-433', + name: 'Unparsed Raw Web Content Delivery', + status: 'Incomplete', + }, + { + id: 'CWE-434', + name: 'Unrestricted Upload of File with Dangerous Type', + status: 'Draft', + }, + { + id: 'CWE-435', + name: 'Improper Interaction Between Multiple Correctly-Behaving Entities', + status: 'Draft', + }, + { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, + { + id: 'CWE-437', + name: 'Incomplete Model of Endpoint Features', + status: 'Incomplete', + }, + { + id: 'CWE-439', + name: 'Behavioral Change in New Version or Environment', + status: 'Draft', + }, + { + id: 'CWE-44', + name: "Path Equivalence: 'file.name' (Internal Dot)", + status: 'Incomplete', + }, + { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, + { + id: 'CWE-441', + name: "Unintended Proxy or Intermediary ('Confused Deputy')", + status: 'Draft', + }, + { + id: 'CWE-443', + name: 'DEPRECATED: HTTP response splitting', + status: 'Deprecated', + }, + { + id: 'CWE-444', + name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')", + status: 'Incomplete', + }, + { + id: 'CWE-446', + name: 'UI Discrepancy for Security Feature', + status: 'Incomplete', + }, + { + id: 'CWE-447', + name: 'Unimplemented or Unsupported Feature in UI', + status: 'Draft', + }, + { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, + { + id: 'CWE-449', + name: 'The UI Performs the Wrong Action', + status: 'Incomplete', + }, + { + id: 'CWE-45', + name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-450', + name: 'Multiple Interpretations of UI Input', + status: 'Draft', + }, + { + id: 'CWE-451', + name: 'User Interface (UI) Misrepresentation of Critical Information', + status: 'Draft', + }, + { + id: 'CWE-453', + name: 'Insecure Default Variable Initialization', + status: 'Draft', + }, + { + id: 'CWE-454', + name: 'External Initialization of Trusted Variables or Data Stores', + status: 'Draft', + }, + { + id: 'CWE-455', + name: 'Non-exit on Failed Initialization', + status: 'Draft', + }, + { + id: 'CWE-456', + name: 'Missing Initialization of a Variable', + status: 'Draft', + }, + { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, + { + id: 'CWE-458', + name: 'DEPRECATED: Incorrect Initialization', + status: 'Deprecated', + }, + { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, + { + id: 'CWE-46', + name: "Path Equivalence: 'filename ' (Trailing Space)", + status: 'Incomplete', + }, + { + id: 'CWE-460', + name: 'Improper Cleanup on Thrown Exception', + status: 'Draft', + }, + { + id: 'CWE-462', + name: 'Duplicate Key in Associative List (Alist)', + status: 'Incomplete', + }, + { + id: 'CWE-463', + name: 'Deletion of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-464', + name: 'Addition of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-466', + name: 'Return of Pointer Value Outside of Expected Range', + status: 'Draft', + }, + { + id: 'CWE-467', + name: 'Use of sizeof() on a Pointer Type', + status: 'Draft', + }, + { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, + { + id: 'CWE-469', + name: 'Use of Pointer Subtraction to Determine Size', + status: 'Draft', + }, + { + id: 'CWE-47', + name: "Path Equivalence: ' filename' (Leading Space)", + status: 'Incomplete', + }, + { + id: 'CWE-470', + name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", + status: 'Draft', + }, + { + id: 'CWE-471', + name: 'Modification of Assumed-Immutable Data (MAID)', + status: 'Draft', + }, + { + id: 'CWE-472', + name: 'External Control of Assumed-Immutable Web Parameter', + status: 'Draft', + }, + { + id: 'CWE-473', + name: 'PHP External Variable Modification', + status: 'Draft', + }, + { + id: 'CWE-474', + name: 'Use of Function with Inconsistent Implementations', + status: 'Draft', + }, + { + id: 'CWE-475', + name: 'Undefined Behavior for Input to API', + status: 'Incomplete', + }, + { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Stable' }, + { id: 'CWE-477', name: 'Use of Obsolete Function', status: 'Draft' }, + { + id: 'CWE-478', + name: 'Missing Default Case in Switch Statement', + status: 'Draft', + }, + { + id: 'CWE-479', + name: 'Signal Handler Use of a Non-reentrant Function', + status: 'Draft', + }, + { + id: 'CWE-48', + name: "Path Equivalence: 'file name' (Internal Whitespace)", + status: 'Incomplete', + }, + { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, + { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, + { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, + { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, + { + id: 'CWE-484', + name: 'Omitted Break Statement in Switch', + status: 'Draft', + }, + { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, + { + id: 'CWE-487', + name: 'Reliance on Package-level Scope', + status: 'Incomplete', + }, + { + id: 'CWE-488', + name: 'Exposure of Data Element to Wrong Session', + status: 'Draft', + }, + { id: 'CWE-489', name: 'Active Debug Code', status: 'Draft' }, + { + id: 'CWE-49', + name: "Path Equivalence: 'filename/' (Trailing Slash)", + status: 'Incomplete', + }, + { + id: 'CWE-491', + name: "Public cloneable() Method Without Final ('Object Hijack')", + status: 'Draft', + }, + { + id: 'CWE-492', + name: 'Use of Inner Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-493', + name: 'Critical Public Variable Without Final Modifier', + status: 'Draft', + }, + { + id: 'CWE-494', + name: 'Download of Code Without Integrity Check', + status: 'Draft', + }, + { + id: 'CWE-495', + name: 'Private Data Structure Returned From A Public Method', + status: 'Draft', + }, + { + id: 'CWE-496', + name: 'Public Data Assigned to Private Array-Typed Field', + status: 'Incomplete', + }, + { + id: 'CWE-497', + name: 'Exposure of Sensitive System Information to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-498', + name: 'Cloneable Class Containing Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-499', + name: 'Serializable Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-5', + name: 'J2EE Misconfiguration: Data Transmission Without Encryption', + status: 'Draft', + }, + { + id: 'CWE-50', + name: "Path Equivalence: '//multiple/leading/slash'", + status: 'Incomplete', + }, + { + id: 'CWE-500', + name: 'Public Static Field Not Marked Final', + status: 'Draft', + }, + { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, + { + id: 'CWE-502', + name: 'Deserialization of Untrusted Data', + status: 'Draft', + }, + { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, + { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, + { + id: 'CWE-508', + name: 'Non-Replicating Malicious Code', + status: 'Incomplete', + }, + { + id: 'CWE-509', + name: 'Replicating Malicious Code (Virus or Worm)', + status: 'Incomplete', + }, + { + id: 'CWE-51', + name: "Path Equivalence: '/multiple//internal/slash'", + status: 'Incomplete', + }, + { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, + { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, + { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, + { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, + { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, + { + id: 'CWE-516', + name: 'DEPRECATED: Covert Timing Channel', + status: 'Deprecated', + }, + { + id: 'CWE-52', + name: "Path Equivalence: '/multiple/trailing/slash//'", + status: 'Incomplete', + }, + { + id: 'CWE-520', + name: '.NET Misconfiguration: Use of Impersonation', + status: 'Incomplete', + }, + { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, + { + id: 'CWE-522', + name: 'Insufficiently Protected Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-523', + name: 'Unprotected Transport of Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-524', + name: 'Use of Cache Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-525', + name: 'Use of Web Browser Cache Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-526', + name: 'Exposure of Sensitive Information Through Environmental Variables', + status: 'Incomplete', + }, + { + id: 'CWE-527', + name: 'Exposure of Version-Control Repository to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-528', + name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', + status: 'Draft', + }, + { + id: 'CWE-529', + name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-53', + name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", + status: 'Incomplete', + }, + { + id: 'CWE-530', + name: 'Exposure of Backup File to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-531', + name: 'Inclusion of Sensitive Information in Test Code', + status: 'Incomplete', + }, + { + id: 'CWE-532', + name: 'Insertion of Sensitive Information into Log File', + status: 'Incomplete', + }, + { + id: 'CWE-533', + name: 'DEPRECATED: Information Exposure Through Server Log Files', + status: 'Deprecated', + }, + { + id: 'CWE-534', + name: 'DEPRECATED: Information Exposure Through Debug Log Files', + status: 'Deprecated', + }, + { + id: 'CWE-535', + name: 'Exposure of Information Through Shell Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-536', + name: 'Servlet Runtime Error Message Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-537', + name: 'Java Runtime Error Message Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-538', + name: 'Insertion of Sensitive Information into Externally-Accessible File or Directory', + status: 'Draft', + }, + { + id: 'CWE-539', + name: 'Use of Persistent Cookies Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-54', + name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", + status: 'Incomplete', + }, + { + id: 'CWE-540', + name: 'Inclusion of Sensitive Information in Source Code', + status: 'Incomplete', + }, + { + id: 'CWE-541', + name: 'Inclusion of Sensitive Information in an Include File', + status: 'Incomplete', + }, + { + id: 'CWE-542', + name: 'DEPRECATED: Information Exposure Through Cleanup Log Files', + status: 'Deprecated', + }, + { + id: 'CWE-543', + name: 'Use of Singleton Pattern Without Synchronization in a Multithreaded Context', + status: 'Incomplete', + }, + { + id: 'CWE-544', + name: 'Missing Standardized Error Handling Mechanism', + status: 'Draft', + }, + { + id: 'CWE-545', + name: 'DEPRECATED: Use of Dynamic Class Loading', + status: 'Deprecated', + }, + { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, + { + id: 'CWE-547', + name: 'Use of Hard-coded, Security-relevant Constants', + status: 'Draft', + }, + { + id: 'CWE-548', + name: 'Exposure of Information Through Directory Listing', + status: 'Draft', + }, + { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, + { + id: 'CWE-55', + name: "Path Equivalence: '/./' (Single Dot Directory)", + status: 'Incomplete', + }, + { + id: 'CWE-550', + name: 'Server-generated Error Message Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-551', + name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', + status: 'Incomplete', + }, + { + id: 'CWE-552', + name: 'Files or Directories Accessible to External Parties', + status: 'Draft', + }, + { + id: 'CWE-553', + name: 'Command Shell in Externally Accessible Directory', + status: 'Incomplete', + }, + { + id: 'CWE-554', + name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', + status: 'Draft', + }, + { + id: 'CWE-555', + name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-556', + name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', + status: 'Incomplete', + }, + { + id: 'CWE-558', + name: 'Use of getlogin() in Multithreaded Application', + status: 'Draft', + }, + { + id: 'CWE-56', + name: "Path Equivalence: 'filedir*' (Wildcard)", + status: 'Incomplete', + }, + { + id: 'CWE-560', + name: 'Use of umask() with chmod-style Argument', + status: 'Draft', + }, + { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, + { + id: 'CWE-562', + name: 'Return of Stack Variable Address', + status: 'Draft', + }, + { + id: 'CWE-563', + name: 'Assignment to Variable without Use', + status: 'Draft', + }, + { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, + { + id: 'CWE-565', + name: 'Reliance on Cookies without Validation and Integrity Checking', + status: 'Incomplete', + }, + { + id: 'CWE-566', + name: 'Authorization Bypass Through User-Controlled SQL Primary Key', + status: 'Incomplete', + }, + { + id: 'CWE-567', + name: 'Unsynchronized Access to Shared Data in a Multithreaded Context', + status: 'Draft', + }, + { + id: 'CWE-568', + name: 'finalize() Method Without super.finalize()', + status: 'Draft', + }, + { + id: 'CWE-57', + name: "Path Equivalence: 'fakedir/../realdir/filename'", + status: 'Incomplete', + }, + { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, + { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, + { + id: 'CWE-572', + name: 'Call to Thread run() instead of start()', + status: 'Draft', + }, + { + id: 'CWE-573', + name: 'Improper Following of Specification by Caller', + status: 'Draft', + }, + { + id: 'CWE-574', + name: 'EJB Bad Practices: Use of Synchronization Primitives', + status: 'Draft', + }, + { + id: 'CWE-575', + name: 'EJB Bad Practices: Use of AWT Swing', + status: 'Draft', + }, + { + id: 'CWE-576', + name: 'EJB Bad Practices: Use of Java I/O', + status: 'Draft', + }, + { + id: 'CWE-577', + name: 'EJB Bad Practices: Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-578', + name: 'EJB Bad Practices: Use of Class Loader', + status: 'Draft', + }, + { + id: 'CWE-579', + name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', + status: 'Draft', + }, + { + id: 'CWE-58', + name: 'Path Equivalence: Windows 8.3 Filename', + status: 'Incomplete', + }, + { + id: 'CWE-580', + name: 'clone() Method Without super.clone()', + status: 'Draft', + }, + { + id: 'CWE-581', + name: 'Object Model Violation: Just One of Equals and Hashcode Defined', + status: 'Draft', + }, + { + id: 'CWE-582', + name: 'Array Declared Public, Final, and Static', + status: 'Draft', + }, + { + id: 'CWE-583', + name: 'finalize() Method Declared Public', + status: 'Incomplete', + }, + { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, + { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, + { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, + { + id: 'CWE-587', + name: 'Assignment of a Fixed Address to a Pointer', + status: 'Draft', + }, + { + id: 'CWE-588', + name: 'Attempt to Access Child of a Non-structure Pointer', + status: 'Incomplete', + }, + { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, + { + id: 'CWE-59', + name: "Improper Link Resolution Before File Access ('Link Following')", + status: 'Draft', + }, + { + id: 'CWE-590', + name: 'Free of Memory not on the Heap', + status: 'Incomplete', + }, + { + id: 'CWE-591', + name: 'Sensitive Data Storage in Improperly Locked Memory', + status: 'Draft', + }, + { + id: 'CWE-592', + name: 'DEPRECATED: Authentication Bypass Issues', + status: 'Deprecated', + }, + { + id: 'CWE-593', + name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', + status: 'Draft', + }, + { + id: 'CWE-594', + name: 'J2EE Framework: Saving Unserializable Objects to Disk', + status: 'Incomplete', + }, + { + id: 'CWE-595', + name: 'Comparison of Object References Instead of Object Contents', + status: 'Incomplete', + }, + { + id: 'CWE-596', + name: 'DEPRECATED: Incorrect Semantic Object Comparison', + status: 'Deprecated', + }, + { + id: 'CWE-597', + name: 'Use of Wrong Operator in String Comparison', + status: 'Draft', + }, + { + id: 'CWE-598', + name: 'Use of GET Request Method With Sensitive Query Strings', + status: 'Draft', + }, + { + id: 'CWE-599', + name: 'Missing Validation of OpenSSL Certificate', + status: 'Incomplete', + }, + { + id: 'CWE-6', + name: 'J2EE Misconfiguration: Insufficient Session-ID Length', + status: 'Incomplete', + }, + { id: 'CWE-600', name: 'Uncaught Exception in Servlet ', status: 'Draft' }, + { + id: 'CWE-601', + name: "URL Redirection to Untrusted Site ('Open Redirect')", + status: 'Draft', + }, + { + id: 'CWE-602', + name: 'Client-Side Enforcement of Server-Side Security', + status: 'Draft', + }, + { + id: 'CWE-603', + name: 'Use of Client-Side Authentication', + status: 'Draft', + }, + { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, + { + id: 'CWE-606', + name: 'Unchecked Input for Loop Condition', + status: 'Draft', + }, + { + id: 'CWE-607', + name: 'Public Static Final Field References Mutable Object', + status: 'Draft', + }, + { + id: 'CWE-608', + name: 'Struts: Non-private Field in ActionForm Class', + status: 'Draft', + }, + { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, + { + id: 'CWE-61', + name: 'UNIX Symbolic Link (Symlink) Following', + status: 'Incomplete', + }, + { + id: 'CWE-610', + name: 'Externally Controlled Reference to a Resource in Another Sphere', + status: 'Draft', + }, + { + id: 'CWE-611', + name: 'Improper Restriction of XML External Entity Reference', + status: 'Draft', + }, + { + id: 'CWE-612', + name: 'Improper Authorization of Index Containing Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-613', + name: 'Insufficient Session Expiration', + status: 'Incomplete', + }, + { + id: 'CWE-614', + name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", + status: 'Draft', + }, + { + id: 'CWE-615', + name: 'Inclusion of Sensitive Information in Source Code Comments', + status: 'Incomplete', + }, + { + id: 'CWE-616', + name: 'Incomplete Identification of Uploaded File Variables (PHP)', + status: 'Incomplete', + }, + { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, + { + id: 'CWE-618', + name: 'Exposed Unsafe ActiveX Method', + status: 'Incomplete', + }, + { + id: 'CWE-619', + name: "Dangling Database Cursor ('Cursor Injection')", + status: 'Incomplete', + }, + { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, + { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, + { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, + { + id: 'CWE-622', + name: 'Improper Validation of Function Hook Arguments', + status: 'Draft', + }, + { + id: 'CWE-623', + name: 'Unsafe ActiveX Control Marked Safe For Scripting', + status: 'Draft', + }, + { + id: 'CWE-624', + name: 'Executable Regular Expression Error', + status: 'Incomplete', + }, + { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, + { + id: 'CWE-626', + name: 'Null Byte Interaction Error (Poison Null Byte)', + status: 'Draft', + }, + { + id: 'CWE-627', + name: 'Dynamic Variable Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-628', + name: 'Function Call with Incorrectly Specified Arguments', + status: 'Draft', + }, + { + id: 'CWE-636', + name: "Not Failing Securely ('Failing Open')", + status: 'Draft', + }, + { + id: 'CWE-637', + name: "Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')", + status: 'Draft', + }, + { id: 'CWE-638', name: 'Not Using Complete Mediation', status: 'Draft' }, + { + id: 'CWE-639', + name: 'Authorization Bypass Through User-Controlled Key', + status: 'Incomplete', + }, + { + id: 'CWE-64', + name: 'Windows Shortcut Following (.LNK)', + status: 'Incomplete', + }, + { + id: 'CWE-640', + name: 'Weak Password Recovery Mechanism for Forgotten Password', + status: 'Incomplete', + }, + { + id: 'CWE-641', + name: 'Improper Restriction of Names for Files and Other Resources', + status: 'Incomplete', + }, + { + id: 'CWE-642', + name: 'External Control of Critical State Data', + status: 'Draft', + }, + { + id: 'CWE-643', + name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-644', + name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', + status: 'Incomplete', + }, + { + id: 'CWE-645', + name: 'Overly Restrictive Account Lockout Mechanism', + status: 'Incomplete', + }, + { + id: 'CWE-646', + name: 'Reliance on File Name or Extension of Externally-Supplied File', + status: 'Incomplete', + }, + { + id: 'CWE-647', + name: 'Use of Non-Canonical URL Paths for Authorization Decisions', + status: 'Incomplete', + }, + { + id: 'CWE-648', + name: 'Incorrect Use of Privileged APIs', + status: 'Incomplete', + }, + { + id: 'CWE-649', + name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', + status: 'Incomplete', + }, + { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, + { + id: 'CWE-650', + name: 'Trusting HTTP Permission Methods on the Server Side', + status: 'Incomplete', + }, + { + id: 'CWE-651', + name: 'Exposure of WSDL File Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-652', + name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-653', + name: 'Insufficient Compartmentalization', + status: 'Draft', + }, + { + id: 'CWE-654', + name: 'Reliance on a Single Factor in a Security Decision', + status: 'Draft', + }, + { + id: 'CWE-655', + name: 'Insufficient Psychological Acceptability', + status: 'Draft', + }, + { + id: 'CWE-656', + name: 'Reliance on Security Through Obscurity', + status: 'Draft', + }, + { + id: 'CWE-657', + name: 'Violation of Secure Design Principles', + status: 'Draft', + }, + { + id: 'CWE-66', + name: 'Improper Handling of File Names that Identify Virtual Resources', + status: 'Draft', + }, + { id: 'CWE-662', name: 'Improper Synchronization', status: 'Draft' }, + { + id: 'CWE-663', + name: 'Use of a Non-reentrant Function in a Concurrent Context', + status: 'Draft', + }, + { + id: 'CWE-664', + name: 'Improper Control of a Resource Through its Lifetime', + status: 'Draft', + }, + { id: 'CWE-665', name: 'Improper Initialization', status: 'Draft' }, + { + id: 'CWE-666', + name: 'Operation on Resource in Wrong Phase of Lifetime', + status: 'Draft', + }, + { id: 'CWE-667', name: 'Improper Locking', status: 'Draft' }, + { + id: 'CWE-668', + name: 'Exposure of Resource to Wrong Sphere', + status: 'Draft', + }, + { + id: 'CWE-669', + name: 'Incorrect Resource Transfer Between Spheres', + status: 'Draft', + }, + { + id: 'CWE-67', + name: 'Improper Handling of Windows Device Names', + status: 'Incomplete', + }, + { + id: 'CWE-670', + name: 'Always-Incorrect Control Flow Implementation', + status: 'Draft', + }, + { + id: 'CWE-671', + name: 'Lack of Administrator Control over Security', + status: 'Draft', + }, + { + id: 'CWE-672', + name: 'Operation on a Resource after Expiration or Release', + status: 'Draft', + }, + { + id: 'CWE-673', + name: 'External Influence of Sphere Definition', + status: 'Draft', + }, + { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, + { + id: 'CWE-675', + name: 'Duplicate Operations on Resource', + status: 'Draft', + }, + { + id: 'CWE-676', + name: 'Use of Potentially Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-680', + name: 'Integer Overflow to Buffer Overflow', + status: 'Draft', + }, + { + id: 'CWE-681', + name: 'Incorrect Conversion between Numeric Types', + status: 'Draft', + }, + { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, + { + id: 'CWE-683', + name: 'Function Call With Incorrect Order of Arguments', + status: 'Draft', + }, + { + id: 'CWE-684', + name: 'Incorrect Provision of Specified Functionality', + status: 'Draft', + }, + { + id: 'CWE-685', + name: 'Function Call With Incorrect Number of Arguments', + status: 'Draft', + }, + { + id: 'CWE-686', + name: 'Function Call With Incorrect Argument Type', + status: 'Draft', + }, + { + id: 'CWE-687', + name: 'Function Call With Incorrectly Specified Argument Value', + status: 'Draft', + }, + { + id: 'CWE-688', + name: 'Function Call With Incorrect Variable or Reference as Argument', + status: 'Draft', + }, + { + id: 'CWE-689', + name: 'Permission Race Condition During Resource Copy', + status: 'Draft', + }, + { + id: 'CWE-69', + name: 'Improper Handling of Windows ::DATA Alternate Data Stream', + status: 'Incomplete', + }, + { + id: 'CWE-690', + name: 'Unchecked Return Value to NULL Pointer Dereference', + status: 'Draft', + }, + { + id: 'CWE-691', + name: 'Insufficient Control Flow Management', + status: 'Draft', + }, + { + id: 'CWE-692', + name: 'Incomplete Denylist to Cross-Site Scripting', + status: 'Draft', + }, + { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, + { + id: 'CWE-694', + name: 'Use of Multiple Resources with Duplicate Identifier', + status: 'Incomplete', + }, + { + id: 'CWE-695', + name: 'Use of Low-Level Functionality', + status: 'Incomplete', + }, + { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, + { id: 'CWE-697', name: 'Incorrect Comparison', status: 'Incomplete' }, + { + id: 'CWE-698', + name: 'Execution After Redirect (EAR)', + status: 'Incomplete', + }, + { + id: 'CWE-7', + name: 'J2EE Misconfiguration: Missing Custom Error Page', + status: 'Incomplete', + }, + { + id: 'CWE-703', + name: 'Improper Check or Handling of Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-704', + name: 'Incorrect Type Conversion or Cast', + status: 'Incomplete', + }, + { + id: 'CWE-705', + name: 'Incorrect Control Flow Scoping', + status: 'Incomplete', + }, + { + id: 'CWE-706', + name: 'Use of Incorrectly-Resolved Name or Reference', + status: 'Incomplete', + }, + { id: 'CWE-707', name: 'Improper Neutralization', status: 'Incomplete' }, + { + id: 'CWE-708', + name: 'Incorrect Ownership Assignment', + status: 'Incomplete', + }, + { + id: 'CWE-71', + name: "DEPRECATED: Apple '.DS_Store'", + status: 'Deprecated', + }, + { + id: 'CWE-710', + name: 'Improper Adherence to Coding Standards', + status: 'Incomplete', + }, + { + id: 'CWE-72', + name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', + status: 'Incomplete', + }, + { + id: 'CWE-73', + name: 'External Control of File Name or Path', + status: 'Draft', + }, + { + id: 'CWE-732', + name: 'Incorrect Permission Assignment for Critical Resource', + status: 'Draft', + }, + { + id: 'CWE-733', + name: 'Compiler Optimization Removal or Modification of Security-critical Code', + status: 'Incomplete', + }, + { + id: 'CWE-74', + name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-749', + name: 'Exposed Dangerous Method or Function', + status: 'Incomplete', + }, + { + id: 'CWE-75', + name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', + status: 'Draft', + }, + { + id: 'CWE-754', + name: 'Improper Check for Unusual or Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-755', + name: 'Improper Handling of Exceptional Conditions', + status: 'Incomplete', + }, + { id: 'CWE-756', name: 'Missing Custom Error Page', status: 'Incomplete' }, + { + id: 'CWE-757', + name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", + status: 'Incomplete', + }, + { + id: 'CWE-758', + name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', + status: 'Incomplete', + }, + { + id: 'CWE-759', + name: 'Use of a One-Way Hash without a Salt', + status: 'Incomplete', + }, + { + id: 'CWE-76', + name: 'Improper Neutralization of Equivalent Special Elements', + status: 'Draft', + }, + { + id: 'CWE-760', + name: 'Use of a One-Way Hash with a Predictable Salt', + status: 'Incomplete', + }, + { + id: 'CWE-761', + name: 'Free of Pointer not at Start of Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-762', + name: 'Mismatched Memory Management Routines', + status: 'Incomplete', + }, + { + id: 'CWE-763', + name: 'Release of Invalid Pointer or Reference', + status: 'Incomplete', + }, + { + id: 'CWE-764', + name: 'Multiple Locks of a Critical Resource', + status: 'Incomplete', + }, + { + id: 'CWE-765', + name: 'Multiple Unlocks of a Critical Resource', + status: 'Incomplete', + }, + { + id: 'CWE-766', + name: 'Critical Data Element Declared Public', + status: 'Incomplete', + }, + { + id: 'CWE-767', + name: 'Access to Critical Private Variable via Public Method', + status: 'Incomplete', + }, + { + id: 'CWE-768', + name: 'Incorrect Short Circuit Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-769', + name: 'DEPRECATED: Uncontrolled File Descriptor Consumption', + status: 'Deprecated', + }, + { + id: 'CWE-77', + name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", + status: 'Draft', + }, + { + id: 'CWE-770', + name: 'Allocation of Resources Without Limits or Throttling', + status: 'Incomplete', + }, + { + id: 'CWE-771', + name: 'Missing Reference to Active Allocated Resource', + status: 'Incomplete', + }, + { + id: 'CWE-772', + name: 'Missing Release of Resource after Effective Lifetime', + status: 'Draft', + }, + { + id: 'CWE-773', + name: 'Missing Reference to Active File Descriptor or Handle', + status: 'Incomplete', + }, + { + id: 'CWE-774', + name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', + status: 'Incomplete', + }, + { + id: 'CWE-775', + name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-776', + name: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", + status: 'Draft', + }, + { + id: 'CWE-777', + name: 'Regular Expression without Anchors', + status: 'Incomplete', + }, + { id: 'CWE-778', name: 'Insufficient Logging', status: 'Draft' }, + { id: 'CWE-779', name: 'Logging of Excessive Data', status: 'Draft' }, + { + id: 'CWE-78', + name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", + status: 'Stable', + }, + { + id: 'CWE-780', + name: 'Use of RSA Algorithm without OAEP', + status: 'Incomplete', + }, + { + id: 'CWE-781', + name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', + status: 'Draft', + }, + { + id: 'CWE-782', + name: 'Exposed IOCTL with Insufficient Access Control', + status: 'Draft', + }, + { id: 'CWE-783', name: 'Operator Precedence Logic Error', status: 'Draft' }, + { + id: 'CWE-784', + name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', + status: 'Draft', + }, + { + id: 'CWE-785', + name: 'Use of Path Manipulation Function without Maximum-sized Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-786', + name: 'Access of Memory Location Before Start of Buffer', + status: 'Incomplete', + }, + { id: 'CWE-787', name: 'Out-of-bounds Write', status: 'Draft' }, + { + id: 'CWE-788', + name: 'Access of Memory Location After End of Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-789', + name: 'Memory Allocation with Excessive Size Value', + status: 'Draft', + }, + { + id: 'CWE-79', + name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + status: 'Stable', + }, + { + id: 'CWE-790', + name: 'Improper Filtering of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-791', + name: 'Incomplete Filtering of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-792', + name: 'Incomplete Filtering of One or More Instances of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-793', + name: 'Only Filtering One Instance of a Special Element', + status: 'Incomplete', + }, + { + id: 'CWE-794', + name: 'Incomplete Filtering of Multiple Instances of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-795', + name: 'Only Filtering Special Elements at a Specified Location', + status: 'Incomplete', + }, + { + id: 'CWE-796', + name: 'Only Filtering Special Elements Relative to a Marker', + status: 'Incomplete', + }, + { + id: 'CWE-797', + name: 'Only Filtering Special Elements at an Absolute Position', + status: 'Incomplete', + }, + { id: 'CWE-798', name: 'Use of Hard-coded Credentials', status: 'Draft' }, + { + id: 'CWE-799', + name: 'Improper Control of Interaction Frequency', + status: 'Incomplete', + }, + { + id: 'CWE-8', + name: 'J2EE Misconfiguration: Entity Bean Declared Remote', + status: 'Incomplete', + }, + { + id: 'CWE-80', + name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', + status: 'Incomplete', + }, + { id: 'CWE-804', name: 'Guessable CAPTCHA', status: 'Incomplete' }, + { + id: 'CWE-805', + name: 'Buffer Access with Incorrect Length Value', + status: 'Incomplete', + }, + { + id: 'CWE-806', + name: 'Buffer Access Using Size of Source Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-807', + name: 'Reliance on Untrusted Inputs in a Security Decision', + status: 'Incomplete', + }, + { + id: 'CWE-81', + name: 'Improper Neutralization of Script in an Error Message Web Page', + status: 'Incomplete', + }, + { + id: 'CWE-82', + name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', + status: 'Incomplete', + }, + { id: 'CWE-820', name: 'Missing Synchronization', status: 'Incomplete' }, + { id: 'CWE-821', name: 'Incorrect Synchronization', status: 'Incomplete' }, + { + id: 'CWE-822', + name: 'Untrusted Pointer Dereference', + status: 'Incomplete', + }, + { + id: 'CWE-823', + name: 'Use of Out-of-range Pointer Offset', + status: 'Incomplete', + }, + { + id: 'CWE-824', + name: 'Access of Uninitialized Pointer', + status: 'Incomplete', + }, + { + id: 'CWE-825', + name: 'Expired Pointer Dereference', + status: 'Incomplete', + }, + { + id: 'CWE-826', + name: 'Premature Release of Resource During Expected Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-827', + name: 'Improper Control of Document Type Definition', + status: 'Incomplete', + }, + { + id: 'CWE-828', + name: 'Signal Handler with Functionality that is not Asynchronous-Safe', + status: 'Incomplete', + }, + { + id: 'CWE-829', + name: 'Inclusion of Functionality from Untrusted Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-83', + name: 'Improper Neutralization of Script in Attributes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-830', + name: 'Inclusion of Web Functionality from an Untrusted Source', + status: 'Incomplete', + }, + { + id: 'CWE-831', + name: 'Signal Handler Function Associated with Multiple Signals', + status: 'Incomplete', + }, + { + id: 'CWE-832', + name: 'Unlock of a Resource that is not Locked', + status: 'Incomplete', + }, + { id: 'CWE-833', name: 'Deadlock', status: 'Incomplete' }, + { id: 'CWE-834', name: 'Excessive Iteration', status: 'Incomplete' }, + { + id: 'CWE-835', + name: "Loop with Unreachable Exit Condition ('Infinite Loop')", + status: 'Incomplete', + }, + { + id: 'CWE-836', + name: 'Use of Password Hash Instead of Password for Authentication', + status: 'Incomplete', + }, + { + id: 'CWE-837', + name: 'Improper Enforcement of a Single, Unique Action', + status: 'Incomplete', + }, + { + id: 'CWE-838', + name: 'Inappropriate Encoding for Output Context', + status: 'Incomplete', + }, + { + id: 'CWE-839', + name: 'Numeric Range Comparison Without Minimum Check', + status: 'Incomplete', + }, + { + id: 'CWE-84', + name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-841', + name: 'Improper Enforcement of Behavioral Workflow', + status: 'Incomplete', + }, + { + id: 'CWE-842', + name: 'Placement of User into Incorrect Group', + status: 'Incomplete', + }, + { + id: 'CWE-843', + name: "Access of Resource Using Incompatible Type ('Type Confusion')", + status: 'Incomplete', + }, + { + id: 'CWE-85', + name: 'Doubled Character XSS Manipulations', + status: 'Draft', + }, + { + id: 'CWE-86', + name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', + status: 'Draft', + }, + { id: 'CWE-862', name: 'Missing Authorization', status: 'Incomplete' }, + { id: 'CWE-863', name: 'Incorrect Authorization', status: 'Incomplete' }, + { + id: 'CWE-87', + name: 'Improper Neutralization of Alternate XSS Syntax', + status: 'Draft', + }, + { + id: 'CWE-88', + name: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", + status: 'Draft', + }, + { + id: 'CWE-89', + name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + status: 'Stable', + }, + { + id: 'CWE-9', + name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', + status: 'Draft', + }, + { + id: 'CWE-90', + name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", + status: 'Draft', + }, + { + id: 'CWE-908', + name: 'Use of Uninitialized Resource', + status: 'Incomplete', + }, + { + id: 'CWE-909', + name: 'Missing Initialization of Resource', + status: 'Incomplete', + }, + { + id: 'CWE-91', + name: 'XML Injection (aka Blind XPath Injection)', + status: 'Draft', + }, + { + id: 'CWE-910', + name: 'Use of Expired File Descriptor', + status: 'Incomplete', + }, + { + id: 'CWE-911', + name: 'Improper Update of Reference Count', + status: 'Incomplete', + }, + { id: 'CWE-912', name: 'Hidden Functionality', status: 'Incomplete' }, + { + id: 'CWE-913', + name: 'Improper Control of Dynamically-Managed Code Resources', + status: 'Incomplete', + }, + { + id: 'CWE-914', + name: 'Improper Control of Dynamically-Identified Variables', + status: 'Incomplete', + }, + { + id: 'CWE-915', + name: 'Improperly Controlled Modification of Dynamically-Determined Object Attributes', + status: 'Incomplete', + }, + { + id: 'CWE-916', + name: 'Use of Password Hash With Insufficient Computational Effort', + status: 'Incomplete', + }, + { + id: 'CWE-917', + name: "Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-918', + name: 'Server-Side Request Forgery (SSRF)', + status: 'Incomplete', + }, + { + id: 'CWE-92', + name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', + status: 'Deprecated', + }, + { + id: 'CWE-920', + name: 'Improper Restriction of Power Consumption', + status: 'Incomplete', + }, + { + id: 'CWE-921', + name: 'Storage of Sensitive Data in a Mechanism without Access Control', + status: 'Incomplete', + }, + { + id: 'CWE-922', + name: 'Insecure Storage of Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-923', + name: 'Improper Restriction of Communication Channel to Intended Endpoints', + status: 'Incomplete', + }, + { + id: 'CWE-924', + name: 'Improper Enforcement of Message Integrity During Transmission in a Communication Channel', + status: 'Incomplete', + }, + { + id: 'CWE-925', + name: 'Improper Verification of Intent by Broadcast Receiver', + status: 'Incomplete', + }, + { + id: 'CWE-926', + name: 'Improper Export of Android Application Components', + status: 'Incomplete', + }, + { + id: 'CWE-927', + name: 'Use of Implicit Intent for Sensitive Communication', + status: 'Incomplete', + }, + { + id: 'CWE-93', + name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", + status: 'Draft', + }, + { + id: 'CWE-939', + name: 'Improper Authorization in Handler for Custom URL Scheme', + status: 'Incomplete', + }, + { + id: 'CWE-94', + name: "Improper Control of Generation of Code ('Code Injection')", + status: 'Draft', + }, + { + id: 'CWE-940', + name: 'Improper Verification of Source of a Communication Channel', + status: 'Incomplete', + }, + { + id: 'CWE-941', + name: 'Incorrectly Specified Destination in a Communication Channel', + status: 'Incomplete', + }, + { + id: 'CWE-942', + name: 'Permissive Cross-domain Policy with Untrusted Domains', + status: 'Incomplete', + }, + { + id: 'CWE-943', + name: 'Improper Neutralization of Special Elements in Data Query Logic', + status: 'Incomplete', + }, + { + id: 'CWE-95', + name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-96', + name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", + status: 'Draft', + }, + { + id: 'CWE-97', + name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', + status: 'Draft', + }, + { + id: 'CWE-98', + name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", + status: 'Draft', + }, + { + id: 'CWE-99', + name: "Improper Control of Resource Identifiers ('Resource Injection')", + status: 'Draft', + }, + ], +} diff --git a/lib/cwec/4.6.js b/lib/cwec/4.6.js new file mode 100644 index 00000000..a53f2bfc --- /dev/null +++ b/lib/cwec/4.6.js @@ -0,0 +1,4116 @@ +export default { + date: '2021-10-28', + weaknesses: [ + { + id: 'CWE-1004', + name: "Sensitive Cookie Without 'HttpOnly' Flag", + status: 'Incomplete', + }, + { + id: 'CWE-1007', + name: 'Insufficient Visual Distinction of Homoglyphs Presented to User', + status: 'Incomplete', + }, + { + id: 'CWE-102', + name: 'Struts: Duplicate Validation Forms', + status: 'Incomplete', + }, + { + id: 'CWE-1021', + name: 'Improper Restriction of Rendered UI Layers or Frames', + status: 'Incomplete', + }, + { + id: 'CWE-1022', + name: 'Use of Web Link to Untrusted Target with window.opener Access', + status: 'Incomplete', + }, + { + id: 'CWE-1023', + name: 'Incomplete Comparison with Missing Factors', + status: 'Incomplete', + }, + { + id: 'CWE-1024', + name: 'Comparison of Incompatible Types', + status: 'Incomplete', + }, + { + id: 'CWE-1025', + name: 'Comparison Using Wrong Factors', + status: 'Incomplete', + }, + { + id: 'CWE-103', + name: 'Struts: Incomplete validate() Method Definition', + status: 'Draft', + }, + { + id: 'CWE-1037', + name: 'Processor Optimization Removal or Modification of Security-critical Code', + status: 'Incomplete', + }, + { + id: 'CWE-1038', + name: 'Insecure Automated Optimizations', + status: 'Draft', + }, + { + id: 'CWE-1039', + name: 'Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations', + status: 'Incomplete', + }, + { + id: 'CWE-104', + name: 'Struts: Form Bean Does Not Extend Validation Class', + status: 'Draft', + }, + { id: 'CWE-1041', name: 'Use of Redundant Code', status: 'Incomplete' }, + { + id: 'CWE-1042', + name: 'Static Member Data Element outside of a Singleton Class Element', + status: 'Incomplete', + }, + { + id: 'CWE-1043', + name: 'Data Element Aggregating an Excessively Large Number of Non-Primitive Elements', + status: 'Incomplete', + }, + { + id: 'CWE-1044', + name: 'Architecture with Number of Horizontal Layers Outside of Expected Range', + status: 'Incomplete', + }, + { + id: 'CWE-1045', + name: 'Parent Class with a Virtual Destructor and a Child Class without a Virtual Destructor', + status: 'Incomplete', + }, + { + id: 'CWE-1046', + name: 'Creation of Immutable Text Using String Concatenation', + status: 'Incomplete', + }, + { + id: 'CWE-1047', + name: 'Modules with Circular Dependencies', + status: 'Incomplete', + }, + { + id: 'CWE-1048', + name: 'Invokable Control Element with Large Number of Outward Calls', + status: 'Incomplete', + }, + { + id: 'CWE-1049', + name: 'Excessive Data Query Operations in a Large Data Table', + status: 'Incomplete', + }, + { + id: 'CWE-105', + name: 'Struts: Form Field Without Validator', + status: 'Draft', + }, + { + id: 'CWE-1050', + name: 'Excessive Platform Resource Consumption within a Loop', + status: 'Incomplete', + }, + { + id: 'CWE-1051', + name: 'Initialization with Hard-Coded Network Resource Configuration Data', + status: 'Incomplete', + }, + { + id: 'CWE-1052', + name: 'Excessive Use of Hard-Coded Literals in Initialization', + status: 'Incomplete', + }, + { + id: 'CWE-1053', + name: 'Missing Documentation for Design', + status: 'Incomplete', + }, + { + id: 'CWE-1054', + name: 'Invocation of a Control Element at an Unnecessarily Deep Horizontal Layer', + status: 'Incomplete', + }, + { + id: 'CWE-1055', + name: 'Multiple Inheritance from Concrete Classes', + status: 'Incomplete', + }, + { + id: 'CWE-1056', + name: 'Invokable Control Element with Variadic Parameters', + status: 'Incomplete', + }, + { + id: 'CWE-1057', + name: 'Data Access Operations Outside of Expected Data Manager Component', + status: 'Incomplete', + }, + { + id: 'CWE-1058', + name: 'Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element', + status: 'Incomplete', + }, + { id: 'CWE-1059', name: 'Incomplete Documentation', status: 'Incomplete' }, + { + id: 'CWE-106', + name: 'Struts: Plug-in Framework not in Use', + status: 'Draft', + }, + { + id: 'CWE-1060', + name: 'Excessive Number of Inefficient Server-Side Data Accesses', + status: 'Incomplete', + }, + { + id: 'CWE-1061', + name: 'Insufficient Encapsulation', + status: 'Incomplete', + }, + { + id: 'CWE-1062', + name: 'Parent Class with References to Child Class', + status: 'Incomplete', + }, + { + id: 'CWE-1063', + name: 'Creation of Class Instance within a Static Code Block', + status: 'Incomplete', + }, + { + id: 'CWE-1064', + name: 'Invokable Control Element with Signature Containing an Excessive Number of Parameters', + status: 'Incomplete', + }, + { + id: 'CWE-1065', + name: 'Runtime Resource Management Control Element in a Component Built to Run on Application Servers', + status: 'Incomplete', + }, + { + id: 'CWE-1066', + name: 'Missing Serialization Control Element', + status: 'Incomplete', + }, + { + id: 'CWE-1067', + name: 'Excessive Execution of Sequential Searches of Data Resource', + status: 'Incomplete', + }, + { + id: 'CWE-1068', + name: 'Inconsistency Between Implementation and Documented Design', + status: 'Incomplete', + }, + { id: 'CWE-1069', name: 'Empty Exception Block', status: 'Incomplete' }, + { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, + { + id: 'CWE-1070', + name: 'Serializable Data Element Containing non-Serializable Item Elements', + status: 'Incomplete', + }, + { id: 'CWE-1071', name: 'Empty Code Block', status: 'Incomplete' }, + { + id: 'CWE-1072', + name: 'Data Resource Access without Use of Connection Pooling', + status: 'Incomplete', + }, + { + id: 'CWE-1073', + name: 'Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses', + status: 'Incomplete', + }, + { + id: 'CWE-1074', + name: 'Class with Excessively Deep Inheritance', + status: 'Incomplete', + }, + { + id: 'CWE-1075', + name: 'Unconditional Control Flow Transfer outside of Switch Block', + status: 'Incomplete', + }, + { + id: 'CWE-1076', + name: 'Insufficient Adherence to Expected Conventions', + status: 'Incomplete', + }, + { + id: 'CWE-1077', + name: 'Floating Point Comparison with Incorrect Operator', + status: 'Incomplete', + }, + { + id: 'CWE-1078', + name: 'Inappropriate Source Code Style or Formatting', + status: 'Incomplete', + }, + { + id: 'CWE-1079', + name: 'Parent Class without Virtual Destructor Method', + status: 'Incomplete', + }, + { + id: 'CWE-108', + name: 'Struts: Unvalidated Action Form', + status: 'Incomplete', + }, + { + id: 'CWE-1080', + name: 'Source Code File with Excessive Number of Lines of Code', + status: 'Incomplete', + }, + { + id: 'CWE-1082', + name: 'Class Instance Self Destruction Control Element', + status: 'Incomplete', + }, + { + id: 'CWE-1083', + name: 'Data Access from Outside Expected Data Manager Component', + status: 'Incomplete', + }, + { + id: 'CWE-1084', + name: 'Invokable Control Element with Excessive File or Data Access Operations', + status: 'Incomplete', + }, + { + id: 'CWE-1085', + name: 'Invokable Control Element with Excessive Volume of Commented-out Code', + status: 'Incomplete', + }, + { + id: 'CWE-1086', + name: 'Class with Excessive Number of Child Classes', + status: 'Incomplete', + }, + { + id: 'CWE-1087', + name: 'Class with Virtual Method without a Virtual Destructor', + status: 'Incomplete', + }, + { + id: 'CWE-1088', + name: 'Synchronous Access of Remote Resource without Timeout', + status: 'Incomplete', + }, + { + id: 'CWE-1089', + name: 'Large Data Table with Excessive Number of Indices', + status: 'Incomplete', + }, + { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, + { + id: 'CWE-1090', + name: 'Method Containing Access of a Member Element from Another Class', + status: 'Incomplete', + }, + { + id: 'CWE-1091', + name: 'Use of Object without Invoking Destructor Method', + status: 'Incomplete', + }, + { + id: 'CWE-1092', + name: 'Use of Same Invokable Control Element in Multiple Architectural Layers', + status: 'Incomplete', + }, + { + id: 'CWE-1093', + name: 'Excessively Complex Data Representation', + status: 'Incomplete', + }, + { + id: 'CWE-1094', + name: 'Excessive Index Range Scan for a Data Resource', + status: 'Incomplete', + }, + { + id: 'CWE-1095', + name: 'Loop Condition Value Update within the Loop', + status: 'Incomplete', + }, + { + id: 'CWE-1096', + name: 'Singleton Class Instance Creation without Proper Locking or Synchronization', + status: 'Incomplete', + }, + { + id: 'CWE-1097', + name: 'Persistent Storable Data Element without Associated Comparison Control Element', + status: 'Incomplete', + }, + { + id: 'CWE-1098', + name: 'Data Element containing Pointer Item without Proper Copy Control Element', + status: 'Incomplete', + }, + { + id: 'CWE-1099', + name: 'Inconsistent Naming Conventions for Identifiers', + status: 'Incomplete', + }, + { + id: 'CWE-11', + name: 'ASP.NET Misconfiguration: Creating Debug Binary', + status: 'Draft', + }, + { + id: 'CWE-110', + name: 'Struts: Validator Without Form Field', + status: 'Draft', + }, + { + id: 'CWE-1100', + name: 'Insufficient Isolation of System-Dependent Functions', + status: 'Incomplete', + }, + { + id: 'CWE-1101', + name: 'Reliance on Runtime Component in Generated Code', + status: 'Incomplete', + }, + { + id: 'CWE-1102', + name: 'Reliance on Machine-Dependent Data Representation', + status: 'Incomplete', + }, + { + id: 'CWE-1103', + name: 'Use of Platform-Dependent Third Party Components', + status: 'Incomplete', + }, + { + id: 'CWE-1104', + name: 'Use of Unmaintained Third Party Components', + status: 'Incomplete', + }, + { + id: 'CWE-1105', + name: 'Insufficient Encapsulation of Machine-Dependent Functionality', + status: 'Incomplete', + }, + { + id: 'CWE-1106', + name: 'Insufficient Use of Symbolic Constants', + status: 'Incomplete', + }, + { + id: 'CWE-1107', + name: 'Insufficient Isolation of Symbolic Constant Definitions', + status: 'Incomplete', + }, + { + id: 'CWE-1108', + name: 'Excessive Reliance on Global Variables', + status: 'Incomplete', + }, + { + id: 'CWE-1109', + name: 'Use of Same Variable for Multiple Purposes', + status: 'Incomplete', + }, + { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, + { + id: 'CWE-1110', + name: 'Incomplete Design Documentation', + status: 'Incomplete', + }, + { + id: 'CWE-1111', + name: 'Incomplete I/O Documentation', + status: 'Incomplete', + }, + { + id: 'CWE-1112', + name: 'Incomplete Documentation of Program Execution', + status: 'Incomplete', + }, + { + id: 'CWE-1113', + name: 'Inappropriate Comment Style', + status: 'Incomplete', + }, + { + id: 'CWE-1114', + name: 'Inappropriate Whitespace Style', + status: 'Incomplete', + }, + { + id: 'CWE-1115', + name: 'Source Code Element without Standard Prologue', + status: 'Incomplete', + }, + { id: 'CWE-1116', name: 'Inaccurate Comments', status: 'Incomplete' }, + { + id: 'CWE-1117', + name: 'Callable with Insufficient Behavioral Summary', + status: 'Incomplete', + }, + { + id: 'CWE-1118', + name: 'Insufficient Documentation of Error Handling Techniques', + status: 'Incomplete', + }, + { + id: 'CWE-1119', + name: 'Excessive Use of Unconditional Branching', + status: 'Incomplete', + }, + { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, + { id: 'CWE-1120', name: 'Excessive Code Complexity', status: 'Incomplete' }, + { + id: 'CWE-1121', + name: 'Excessive McCabe Cyclomatic Complexity', + status: 'Incomplete', + }, + { + id: 'CWE-1122', + name: 'Excessive Halstead Complexity', + status: 'Incomplete', + }, + { + id: 'CWE-1123', + name: 'Excessive Use of Self-Modifying Code', + status: 'Incomplete', + }, + { id: 'CWE-1124', name: 'Excessively Deep Nesting', status: 'Incomplete' }, + { id: 'CWE-1125', name: 'Excessive Attack Surface', status: 'Incomplete' }, + { + id: 'CWE-1126', + name: 'Declaration of Variable with Unnecessarily Wide Scope', + status: 'Incomplete', + }, + { + id: 'CWE-1127', + name: 'Compilation with Insufficient Warnings or Errors', + status: 'Incomplete', + }, + { + id: 'CWE-113', + name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')", + status: 'Incomplete', + }, + { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, + { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, + { + id: 'CWE-116', + name: 'Improper Encoding or Escaping of Output', + status: 'Draft', + }, + { id: 'CWE-1164', name: 'Irrelevant Code', status: 'Incomplete' }, + { + id: 'CWE-117', + name: 'Improper Output Neutralization for Logs', + status: 'Draft', + }, + { + id: 'CWE-1173', + name: 'Improper Use of Validation Framework', + status: 'Draft', + }, + { + id: 'CWE-1174', + name: 'ASP.NET Misconfiguration: Improper Model Validation', + status: 'Draft', + }, + { + id: 'CWE-1176', + name: 'Inefficient CPU Computation', + status: 'Incomplete', + }, + { id: 'CWE-1177', name: 'Use of Prohibited Code', status: 'Incomplete' }, + { + id: 'CWE-118', + name: "Incorrect Access of Indexable Resource ('Range Error')", + status: 'Incomplete', + }, + { + id: 'CWE-1187', + name: 'DEPRECATED: Use of Uninitialized Resource', + status: 'Deprecated', + }, + { + id: 'CWE-1188', + name: 'Insecure Default Initialization of Resource', + status: 'Incomplete', + }, + { + id: 'CWE-1189', + name: 'Improper Isolation of Shared Resources on System-on-a-Chip (SoC)', + status: 'Stable', + }, + { + id: 'CWE-119', + name: 'Improper Restriction of Operations within the Bounds of a Memory Buffer', + status: 'Stable', + }, + { + id: 'CWE-1190', + name: 'DMA Device Enabled Too Early in Boot Phase', + status: 'Draft', + }, + { + id: 'CWE-1191', + name: 'On-Chip Debug and Test Interface With Improper Access Control', + status: 'Stable', + }, + { + id: 'CWE-1192', + name: 'System-on-Chip (SoC) Using Components without Unique, Immutable Identifiers', + status: 'Draft', + }, + { + id: 'CWE-1193', + name: 'Power-On of Untrusted Execution Core Before Enabling Fabric Access Control', + status: 'Draft', + }, + { + id: 'CWE-12', + name: 'ASP.NET Misconfiguration: Missing Custom Error Page', + status: 'Draft', + }, + { + id: 'CWE-120', + name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", + status: 'Incomplete', + }, + { + id: 'CWE-1204', + name: 'Generation of Weak Initialization Vector (IV)', + status: 'Incomplete', + }, + { + id: 'CWE-1209', + name: 'Failure to Disable Reserved Bits', + status: 'Incomplete', + }, + { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, + { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, + { + id: 'CWE-1220', + name: 'Insufficient Granularity of Access Control', + status: 'Incomplete', + }, + { + id: 'CWE-1221', + name: 'Incorrect Register Defaults or Module Parameters', + status: 'Incomplete', + }, + { + id: 'CWE-1222', + name: 'Insufficient Granularity of Address Regions Protected by Register Locks', + status: 'Incomplete', + }, + { + id: 'CWE-1223', + name: 'Race Condition for Write-Once Attributes', + status: 'Incomplete', + }, + { + id: 'CWE-1224', + name: 'Improper Restriction of Write-Once Bit Fields', + status: 'Incomplete', + }, + { + id: 'CWE-1229', + name: 'Creation of Emergent Resource', + status: 'Incomplete', + }, + { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, + { + id: 'CWE-1230', + name: 'Exposure of Sensitive Information Through Metadata', + status: 'Incomplete', + }, + { + id: 'CWE-1231', + name: 'Improper Prevention of Lock Bit Modification', + status: 'Stable', + }, + { + id: 'CWE-1232', + name: 'Improper Lock Behavior After Power State Transition', + status: 'Incomplete', + }, + { + id: 'CWE-1233', + name: 'Security-Sensitive Hardware Controls with Missing Lock Bit Protection', + status: 'Stable', + }, + { + id: 'CWE-1234', + name: 'Hardware Internal or Debug Modes Allow Override of Locks', + status: 'Incomplete', + }, + { + id: 'CWE-1235', + name: 'Incorrect Use of Autoboxing and Unboxing for Performance Critical Operations', + status: 'Incomplete', + }, + { + id: 'CWE-1236', + name: 'Improper Neutralization of Formula Elements in a CSV File', + status: 'Incomplete', + }, + { + id: 'CWE-1239', + name: 'Improper Zeroization of Hardware Register', + status: 'Draft', + }, + { + id: 'CWE-124', + name: "Buffer Underwrite ('Buffer Underflow')", + status: 'Incomplete', + }, + { + id: 'CWE-1240', + name: 'Use of a Cryptographic Primitive with a Risky Implementation', + status: 'Draft', + }, + { + id: 'CWE-1241', + name: 'Use of Predictable Algorithm in Random Number Generator', + status: 'Draft', + }, + { + id: 'CWE-1242', + name: 'Inclusion of Undocumented Features or Chicken Bits', + status: 'Incomplete', + }, + { + id: 'CWE-1243', + name: 'Sensitive Non-Volatile Information Not Protected During Debug', + status: 'Incomplete', + }, + { + id: 'CWE-1244', + name: 'Internal Asset Exposed to Unsafe Debug Access Level or State', + status: 'Stable', + }, + { + id: 'CWE-1245', + name: 'Improper Finite State Machines (FSMs) in Hardware Logic', + status: 'Incomplete', + }, + { + id: 'CWE-1246', + name: 'Improper Write Handling in Limited-write Non-Volatile Memories', + status: 'Incomplete', + }, + { + id: 'CWE-1247', + name: 'Improper Protection Against Voltage and Clock Glitches', + status: 'Stable', + }, + { + id: 'CWE-1248', + name: 'Semiconductor Defects in Hardware Logic with Security-Sensitive Implications', + status: 'Incomplete', + }, + { + id: 'CWE-1249', + name: 'Application-Level Admin Tool with Inconsistent View of Underlying Operating System', + status: 'Incomplete', + }, + { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, + { + id: 'CWE-1250', + name: 'Improper Preservation of Consistency Between Independent Representations of Shared State', + status: 'Incomplete', + }, + { + id: 'CWE-1251', + name: 'Mirrored Regions with Different Values', + status: 'Incomplete', + }, + { + id: 'CWE-1252', + name: 'CPU Hardware Not Configured to Support Exclusivity of Write and Execute Operations', + status: 'Incomplete', + }, + { + id: 'CWE-1253', + name: 'Incorrect Selection of Fuse Values', + status: 'Draft', + }, + { + id: 'CWE-1254', + name: 'Incorrect Comparison Logic Granularity', + status: 'Draft', + }, + { + id: 'CWE-1255', + name: 'Comparison Logic is Vulnerable to Power Side-Channel Attacks', + status: 'Draft', + }, + { + id: 'CWE-1256', + name: 'Improper Restriction of Software Interfaces to Hardware Features', + status: 'Stable', + }, + { + id: 'CWE-1257', + name: 'Improper Access Control Applied to Mirrored or Aliased Memory Regions', + status: 'Incomplete', + }, + { + id: 'CWE-1258', + name: 'Exposure of Sensitive System Information Due to Uncleared Debug Information', + status: 'Draft', + }, + { + id: 'CWE-1259', + name: 'Improper Restriction of Security Token Assignment', + status: 'Incomplete', + }, + { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, + { + id: 'CWE-1260', + name: 'Improper Handling of Overlap Between Protected Memory Ranges', + status: 'Stable', + }, + { + id: 'CWE-1261', + name: 'Improper Handling of Single Event Upsets', + status: 'Draft', + }, + { + id: 'CWE-1262', + name: 'Improper Access Control for Register Interface', + status: 'Stable', + }, + { + id: 'CWE-1263', + name: 'Improper Physical Access Control', + status: 'Incomplete', + }, + { + id: 'CWE-1264', + name: 'Hardware Logic with Insecure De-Synchronization between Control and Data Channels', + status: 'Incomplete', + }, + { + id: 'CWE-1265', + name: 'Unintended Reentrant Invocation of Non-reentrant Code Via Nested Calls', + status: 'Draft', + }, + { + id: 'CWE-1266', + name: 'Improper Scrubbing of Sensitive Data from Decommissioned Device', + status: 'Incomplete', + }, + { id: 'CWE-1267', name: 'Policy Uses Obsolete Encoding', status: 'Draft' }, + { + id: 'CWE-1268', + name: 'Policy Privileges are not Assigned Consistently Between Control and Data Agents', + status: 'Draft', + }, + { + id: 'CWE-1269', + name: 'Product Released in Non-Release Configuration', + status: 'Incomplete', + }, + { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, + { + id: 'CWE-1270', + name: 'Generation of Incorrect Security Tokens', + status: 'Incomplete', + }, + { + id: 'CWE-1271', + name: 'Uninitialized Value on Reset for Registers Holding Security Settings', + status: 'Incomplete', + }, + { + id: 'CWE-1272', + name: 'Sensitive Information Uncleared Before Debug/Power State Transition', + status: 'Stable', + }, + { + id: 'CWE-1273', + name: 'Device Unlock Credential Sharing', + status: 'Incomplete', + }, + { + id: 'CWE-1274', + name: 'Improper Access Control for Volatile Memory Containing Boot Code', + status: 'Stable', + }, + { + id: 'CWE-1275', + name: 'Sensitive Cookie with Improper SameSite Attribute', + status: 'Incomplete', + }, + { + id: 'CWE-1276', + name: 'Hardware Child Block Incorrectly Connected to Parent System', + status: 'Incomplete', + }, + { id: 'CWE-1277', name: 'Firmware Not Updateable', status: 'Draft' }, + { + id: 'CWE-1278', + name: 'Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques', + status: 'Incomplete', + }, + { + id: 'CWE-1279', + name: 'Cryptographic Operations are run Before Supporting Units are Ready', + status: 'Incomplete', + }, + { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, + { + id: 'CWE-1280', + name: 'Access Control Check Implemented After Asset is Accessed', + status: 'Incomplete', + }, + { + id: 'CWE-1281', + name: 'Sequence of Processor Instructions Leads to Unexpected Behavior', + status: 'Incomplete', + }, + { + id: 'CWE-1282', + name: 'Assumed-Immutable Data is Stored in Writable Memory', + status: 'Incomplete', + }, + { + id: 'CWE-1283', + name: 'Mutable Attestation or Measurement Reporting Data', + status: 'Incomplete', + }, + { + id: 'CWE-1284', + name: 'Improper Validation of Specified Quantity in Input', + status: 'Incomplete', + }, + { + id: 'CWE-1285', + name: 'Improper Validation of Specified Index, Position, or Offset in Input', + status: 'Incomplete', + }, + { + id: 'CWE-1286', + name: 'Improper Validation of Syntactic Correctness of Input', + status: 'Incomplete', + }, + { + id: 'CWE-1287', + name: 'Improper Validation of Specified Type of Input', + status: 'Incomplete', + }, + { + id: 'CWE-1288', + name: 'Improper Validation of Consistency within Input', + status: 'Incomplete', + }, + { + id: 'CWE-1289', + name: 'Improper Validation of Unsafe Equivalence in Input', + status: 'Incomplete', + }, + { + id: 'CWE-129', + name: 'Improper Validation of Array Index', + status: 'Draft', + }, + { + id: 'CWE-1290', + name: 'Incorrect Decoding of Security Identifiers ', + status: 'Incomplete', + }, + { + id: 'CWE-1291', + name: 'Public Key Re-Use for Signing both Debug and Production Code', + status: 'Draft', + }, + { + id: 'CWE-1292', + name: 'Incorrect Conversion of Security Identifiers', + status: 'Draft', + }, + { + id: 'CWE-1293', + name: 'Missing Source Correlation of Multiple Independent Data', + status: 'Draft', + }, + { + id: 'CWE-1294', + name: 'Insecure Security Identifier Mechanism', + status: 'Incomplete', + }, + { + id: 'CWE-1295', + name: 'Debug Messages Revealing Unnecessary Information', + status: 'Incomplete', + }, + { + id: 'CWE-1296', + name: 'Incorrect Chaining or Granularity of Debug Components', + status: 'Incomplete', + }, + { + id: 'CWE-1297', + name: 'Unprotected Confidential Information on Device is Accessible by OSAT Vendors', + status: 'Incomplete', + }, + { + id: 'CWE-1298', + name: 'Hardware Logic Contains Race Conditions', + status: 'Draft', + }, + { + id: 'CWE-1299', + name: 'Missing Protection Mechanism for Alternate Hardware Interface', + status: 'Draft', + }, + { + id: 'CWE-13', + name: 'ASP.NET Misconfiguration: Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-130', + name: 'Improper Handling of Length Parameter Inconsistency', + status: 'Incomplete', + }, + { + id: 'CWE-1300', + name: 'Improper Protection of Physical Side Channels', + status: 'Stable', + }, + { + id: 'CWE-1301', + name: 'Insufficient or Incomplete Data Removal within Hardware Component', + status: 'Incomplete', + }, + { + id: 'CWE-1302', + name: 'Missing Security Identifier', + status: 'Incomplete', + }, + { + id: 'CWE-1303', + name: 'Non-Transparent Sharing of Microarchitectural Resources', + status: 'Draft', + }, + { + id: 'CWE-1304', + name: 'Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation', + status: 'Draft', + }, + { + id: 'CWE-131', + name: 'Incorrect Calculation of Buffer Size', + status: 'Draft', + }, + { + id: 'CWE-1310', + name: 'Missing Ability to Patch ROM Code', + status: 'Draft', + }, + { + id: 'CWE-1311', + name: 'Improper Translation of Security Attributes by Fabric Bridge', + status: 'Draft', + }, + { + id: 'CWE-1312', + name: 'Missing Protection for Mirrored Regions in On-Chip Fabric Firewall', + status: 'Draft', + }, + { + id: 'CWE-1313', + name: 'Hardware Allows Activation of Test or Debug Logic at Runtime', + status: 'Draft', + }, + { + id: 'CWE-1314', + name: 'Missing Write Protection for Parametric Data Values', + status: 'Draft', + }, + { + id: 'CWE-1315', + name: 'Improper Setting of Bus Controlling Capability in Fabric End-point', + status: 'Incomplete', + }, + { + id: 'CWE-1316', + name: 'Fabric-Address Map Allows Programming of Unwarranted Overlaps of Protected and Unprotected Ranges', + status: 'Draft', + }, + { + id: 'CWE-1317', + name: 'Missing Security Checks in Fabric Bridge', + status: 'Draft', + }, + { + id: 'CWE-1318', + name: 'Missing Support for Security Features in On-chip Fabrics or Buses', + status: 'Incomplete', + }, + { + id: 'CWE-1319', + name: 'Improper Protection against Electromagnetic Fault Injection (EM-FI)', + status: 'Incomplete', + }, + { + id: 'CWE-132', + name: 'DEPRECATED: Miscalculated Null Termination', + status: 'Deprecated', + }, + { + id: 'CWE-1320', + name: 'Improper Protection for Out of Bounds Signal Level Alerts', + status: 'Draft', + }, + { + id: 'CWE-1321', + name: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", + status: 'Incomplete', + }, + { + id: 'CWE-1322', + name: 'Use of Blocking Code in Single-threaded, Non-blocking Context', + status: 'Incomplete', + }, + { + id: 'CWE-1323', + name: 'Improper Management of Sensitive Trace Data', + status: 'Draft', + }, + { + id: 'CWE-1324', + name: 'Sensitive Information Accessible by Physical Probing of JTAG Interface', + status: 'Draft', + }, + { + id: 'CWE-1325', + name: 'Improperly Controlled Sequential Memory Allocation', + status: 'Incomplete', + }, + { + id: 'CWE-1326', + name: 'Missing Immutable Root of Trust in Hardware', + status: 'Draft', + }, + { + id: 'CWE-1327', + name: 'Binding to an Unrestricted IP Address', + status: 'Incomplete', + }, + { + id: 'CWE-1328', + name: 'Security Version Number Mutable to Older Versions', + status: 'Draft', + }, + { + id: 'CWE-1329', + name: 'Reliance on Component That is Not Updateable', + status: 'Incomplete', + }, + { + id: 'CWE-1330', + name: 'Remanent Data Readable after Memory Erase', + status: 'Draft', + }, + { + id: 'CWE-1331', + name: 'Improper Isolation of Shared Resources in Network On Chip (NoC)', + status: 'Stable', + }, + { + id: 'CWE-1332', + name: 'Improper Handling of Faults that Lead to Instruction Skips', + status: 'Stable', + }, + { + id: 'CWE-1333', + name: 'Inefficient Regular Expression Complexity', + status: 'Draft', + }, + { + id: 'CWE-1334', + name: 'Unauthorized Error Injection Can Degrade Hardware Redundancy', + status: 'Draft', + }, + { + id: 'CWE-1335', + name: 'Incorrect Bitwise Shift of Integer', + status: 'Draft', + }, + { + id: 'CWE-1336', + name: 'Improper Neutralization of Special Elements Used in a Template Engine', + status: 'Incomplete', + }, + { + id: 'CWE-1338', + name: 'Improper Protections Against Hardware Overheating', + status: 'Draft', + }, + { + id: 'CWE-1339', + name: 'Insufficient Precision or Accuracy of a Real Number', + status: 'Draft', + }, + { + id: 'CWE-134', + name: 'Use of Externally-Controlled Format String', + status: 'Draft', + }, + { + id: 'CWE-1341', + name: 'Multiple Releases of Same Resource or Handle', + status: 'Incomplete', + }, + { + id: 'CWE-1342', + name: 'Information Exposure through Microarchitectural State after Transient Execution', + status: 'Incomplete', + }, + { + id: 'CWE-135', + name: 'Incorrect Calculation of Multi-Byte String Length', + status: 'Draft', + }, + { + id: 'CWE-1351', + name: 'Improper Handling of Hardware Behavior in Exceptionally Cold Environments', + status: 'Incomplete', + }, + { + id: 'CWE-138', + name: 'Improper Neutralization of Special Elements', + status: 'Draft', + }, + { + id: 'CWE-14', + name: 'Compiler Removal of Code to Clear Buffers', + status: 'Draft', + }, + { + id: 'CWE-140', + name: 'Improper Neutralization of Delimiters', + status: 'Draft', + }, + { + id: 'CWE-141', + name: 'Improper Neutralization of Parameter/Argument Delimiters', + status: 'Draft', + }, + { + id: 'CWE-142', + name: 'Improper Neutralization of Value Delimiters', + status: 'Draft', + }, + { + id: 'CWE-143', + name: 'Improper Neutralization of Record Delimiters', + status: 'Draft', + }, + { + id: 'CWE-144', + name: 'Improper Neutralization of Line Delimiters', + status: 'Draft', + }, + { + id: 'CWE-145', + name: 'Improper Neutralization of Section Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-146', + name: 'Improper Neutralization of Expression/Command Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-147', + name: 'Improper Neutralization of Input Terminators', + status: 'Draft', + }, + { + id: 'CWE-148', + name: 'Improper Neutralization of Input Leaders', + status: 'Draft', + }, + { + id: 'CWE-149', + name: 'Improper Neutralization of Quoting Syntax', + status: 'Draft', + }, + { + id: 'CWE-15', + name: 'External Control of System or Configuration Setting', + status: 'Incomplete', + }, + { + id: 'CWE-150', + name: 'Improper Neutralization of Escape, Meta, or Control Sequences', + status: 'Incomplete', + }, + { + id: 'CWE-151', + name: 'Improper Neutralization of Comment Delimiters', + status: 'Draft', + }, + { + id: 'CWE-152', + name: 'Improper Neutralization of Macro Symbols', + status: 'Draft', + }, + { + id: 'CWE-153', + name: 'Improper Neutralization of Substitution Characters', + status: 'Draft', + }, + { + id: 'CWE-154', + name: 'Improper Neutralization of Variable Name Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-155', + name: 'Improper Neutralization of Wildcards or Matching Symbols', + status: 'Draft', + }, + { + id: 'CWE-156', + name: 'Improper Neutralization of Whitespace', + status: 'Draft', + }, + { + id: 'CWE-157', + name: 'Failure to Sanitize Paired Delimiters', + status: 'Draft', + }, + { + id: 'CWE-158', + name: 'Improper Neutralization of Null Byte or NUL Character', + status: 'Incomplete', + }, + { + id: 'CWE-159', + name: 'Improper Handling of Invalid Use of Special Elements', + status: 'Draft', + }, + { + id: 'CWE-160', + name: 'Improper Neutralization of Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-161', + name: 'Improper Neutralization of Multiple Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-162', + name: 'Improper Neutralization of Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-163', + name: 'Improper Neutralization of Multiple Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-164', + name: 'Improper Neutralization of Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-165', + name: 'Improper Neutralization of Multiple Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-166', + name: 'Improper Handling of Missing Special Element', + status: 'Draft', + }, + { + id: 'CWE-167', + name: 'Improper Handling of Additional Special Element', + status: 'Draft', + }, + { + id: 'CWE-168', + name: 'Improper Handling of Inconsistent Special Elements', + status: 'Draft', + }, + { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, + { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, + { + id: 'CWE-173', + name: 'Improper Handling of Alternate Encoding', + status: 'Draft', + }, + { + id: 'CWE-174', + name: 'Double Decoding of the Same Data', + status: 'Draft', + }, + { + id: 'CWE-175', + name: 'Improper Handling of Mixed Encoding', + status: 'Draft', + }, + { + id: 'CWE-176', + name: 'Improper Handling of Unicode Encoding', + status: 'Draft', + }, + { + id: 'CWE-177', + name: 'Improper Handling of URL Encoding (Hex Encoding)', + status: 'Draft', + }, + { + id: 'CWE-178', + name: 'Improper Handling of Case Sensitivity', + status: 'Incomplete', + }, + { + id: 'CWE-179', + name: 'Incorrect Behavior Order: Early Validation', + status: 'Incomplete', + }, + { + id: 'CWE-180', + name: 'Incorrect Behavior Order: Validate Before Canonicalize', + status: 'Draft', + }, + { + id: 'CWE-181', + name: 'Incorrect Behavior Order: Validate Before Filter', + status: 'Draft', + }, + { + id: 'CWE-182', + name: 'Collapse of Data into Unsafe Value', + status: 'Draft', + }, + { + id: 'CWE-183', + name: 'Permissive List of Allowed Inputs', + status: 'Draft', + }, + { + id: 'CWE-184', + name: 'Incomplete List of Disallowed Inputs', + status: 'Draft', + }, + { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, + { + id: 'CWE-186', + name: 'Overly Restrictive Regular Expression', + status: 'Draft', + }, + { id: 'CWE-187', name: 'Partial String Comparison', status: 'Incomplete' }, + { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, + { id: 'CWE-190', name: 'Integer Overflow or Wraparound', status: 'Stable' }, + { + id: 'CWE-191', + name: 'Integer Underflow (Wrap or Wraparound)', + status: 'Draft', + }, + { id: 'CWE-192', name: 'Integer Coercion Error', status: 'Incomplete' }, + { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, + { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, + { + id: 'CWE-195', + name: 'Signed to Unsigned Conversion Error', + status: 'Draft', + }, + { + id: 'CWE-196', + name: 'Unsigned to Signed Conversion Error', + status: 'Draft', + }, + { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, + { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, + { id: 'CWE-20', name: 'Improper Input Validation', status: 'Stable' }, + { + id: 'CWE-200', + name: 'Exposure of Sensitive Information to an Unauthorized Actor', + status: 'Draft', + }, + { + id: 'CWE-201', + name: 'Insertion of Sensitive Information Into Sent Data', + status: 'Draft', + }, + { + id: 'CWE-202', + name: 'Exposure of Sensitive Information Through Data Queries', + status: 'Draft', + }, + { id: 'CWE-203', name: 'Observable Discrepancy', status: 'Incomplete' }, + { + id: 'CWE-204', + name: 'Observable Response Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-205', + name: 'Observable Behavioral Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-206', + name: 'Observable Internal Behavioral Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-207', + name: 'Observable Behavioral Discrepancy With Equivalent Products', + status: 'Draft', + }, + { + id: 'CWE-208', + name: 'Observable Timing Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-209', + name: 'Generation of Error Message Containing Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-210', + name: 'Self-generated Error Message Containing Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-211', + name: 'Externally-Generated Error Message Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-212', + name: 'Improper Removal of Sensitive Information Before Storage or Transfer', + status: 'Incomplete', + }, + { + id: 'CWE-213', + name: 'Exposure of Sensitive Information Due to Incompatible Policies', + status: 'Draft', + }, + { + id: 'CWE-214', + name: 'Invocation of Process Using Visible Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-215', + name: 'Insertion of Sensitive Information Into Debugging Code', + status: 'Draft', + }, + { + id: 'CWE-216', + name: 'DEPRECATED: Containment Errors (Container Errors)', + status: 'Deprecated', + }, + { + id: 'CWE-217', + name: 'DEPRECATED: Failure to Protect Stored Data from Modification', + status: 'Deprecated', + }, + { + id: 'CWE-218', + name: 'DEPRECATED: Failure to provide confidentiality for stored data', + status: 'Deprecated', + }, + { + id: 'CWE-219', + name: 'Storage of File with Sensitive Data Under Web Root', + status: 'Draft', + }, + { + id: 'CWE-22', + name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + status: 'Stable', + }, + { + id: 'CWE-220', + name: 'Storage of File With Sensitive Data Under FTP Root', + status: 'Draft', + }, + { + id: 'CWE-221', + name: 'Information Loss or Omission', + status: 'Incomplete', + }, + { + id: 'CWE-222', + name: 'Truncation of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-223', + name: 'Omission of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-224', + name: 'Obscured Security-relevant Information by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-225', + name: 'DEPRECATED: General Information Management Problems', + status: 'Deprecated', + }, + { + id: 'CWE-226', + name: 'Sensitive Information in Resource Not Removed Before Reuse', + status: 'Draft', + }, + { + id: 'CWE-228', + name: 'Improper Handling of Syntactically Invalid Structure', + status: 'Incomplete', + }, + { + id: 'CWE-229', + name: 'Improper Handling of Values', + status: 'Incomplete', + }, + { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, + { + id: 'CWE-230', + name: 'Improper Handling of Missing Values', + status: 'Draft', + }, + { + id: 'CWE-231', + name: 'Improper Handling of Extra Values', + status: 'Draft', + }, + { + id: 'CWE-232', + name: 'Improper Handling of Undefined Values', + status: 'Draft', + }, + { + id: 'CWE-233', + name: 'Improper Handling of Parameters', + status: 'Incomplete', + }, + { + id: 'CWE-234', + name: 'Failure to Handle Missing Parameter', + status: 'Incomplete', + }, + { + id: 'CWE-235', + name: 'Improper Handling of Extra Parameters', + status: 'Draft', + }, + { + id: 'CWE-236', + name: 'Improper Handling of Undefined Parameters', + status: 'Draft', + }, + { + id: 'CWE-237', + name: 'Improper Handling of Structural Elements', + status: 'Incomplete', + }, + { + id: 'CWE-238', + name: 'Improper Handling of Incomplete Structural Elements', + status: 'Draft', + }, + { + id: 'CWE-239', + name: 'Failure to Handle Incomplete Element', + status: 'Draft', + }, + { + id: 'CWE-24', + name: "Path Traversal: '../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-240', + name: 'Improper Handling of Inconsistent Structural Elements', + status: 'Draft', + }, + { + id: 'CWE-241', + name: 'Improper Handling of Unexpected Data Type', + status: 'Draft', + }, + { + id: 'CWE-242', + name: 'Use of Inherently Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-243', + name: 'Creation of chroot Jail Without Changing Working Directory', + status: 'Draft', + }, + { + id: 'CWE-244', + name: "Improper Clearing of Heap Memory Before Release ('Heap Inspection')", + status: 'Draft', + }, + { + id: 'CWE-245', + name: 'J2EE Bad Practices: Direct Management of Connections', + status: 'Draft', + }, + { + id: 'CWE-246', + name: 'J2EE Bad Practices: Direct Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-247', + name: 'DEPRECATED: Reliance on DNS Lookups in a Security Decision', + status: 'Deprecated', + }, + { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, + { + id: 'CWE-249', + name: 'DEPRECATED: Often Misused: Path Manipulation', + status: 'Deprecated', + }, + { + id: 'CWE-25', + name: "Path Traversal: '/../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-250', + name: 'Execution with Unnecessary Privileges', + status: 'Draft', + }, + { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, + { + id: 'CWE-253', + name: 'Incorrect Check of Function Return Value', + status: 'Incomplete', + }, + { + id: 'CWE-256', + name: 'Plaintext Storage of a Password', + status: 'Incomplete', + }, + { + id: 'CWE-257', + name: 'Storing Passwords in a Recoverable Format', + status: 'Incomplete', + }, + { + id: 'CWE-258', + name: 'Empty Password in Configuration File', + status: 'Incomplete', + }, + { id: 'CWE-259', name: 'Use of Hard-coded Password', status: 'Draft' }, + { + id: 'CWE-26', + name: "Path Traversal: '/dir/../filename'", + status: 'Draft', + }, + { + id: 'CWE-260', + name: 'Password in Configuration File', + status: 'Incomplete', + }, + { id: 'CWE-261', name: 'Weak Encoding for Password', status: 'Incomplete' }, + { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, + { + id: 'CWE-263', + name: 'Password Aging with Long Expiration', + status: 'Draft', + }, + { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, + { + id: 'CWE-267', + name: 'Privilege Defined With Unsafe Actions', + status: 'Incomplete', + }, + { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, + { id: 'CWE-269', name: 'Improper Privilege Management', status: 'Draft' }, + { + id: 'CWE-27', + name: "Path Traversal: 'dir/../../filename'", + status: 'Draft', + }, + { + id: 'CWE-270', + name: 'Privilege Context Switching Error', + status: 'Draft', + }, + { + id: 'CWE-271', + name: 'Privilege Dropping / Lowering Errors', + status: 'Incomplete', + }, + { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, + { + id: 'CWE-273', + name: 'Improper Check for Dropped Privileges', + status: 'Incomplete', + }, + { + id: 'CWE-274', + name: 'Improper Handling of Insufficient Privileges', + status: 'Draft', + }, + { id: 'CWE-276', name: 'Incorrect Default Permissions', status: 'Draft' }, + { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, + { + id: 'CWE-278', + name: 'Insecure Preserved Inherited Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-279', + name: 'Incorrect Execution-Assigned Permissions', + status: 'Draft', + }, + { + id: 'CWE-28', + name: "Path Traversal: '..\\filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-280', + name: 'Improper Handling of Insufficient Permissions or Privileges ', + status: 'Draft', + }, + { + id: 'CWE-281', + name: 'Improper Preservation of Permissions', + status: 'Draft', + }, + { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, + { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, + { id: 'CWE-284', name: 'Improper Access Control', status: 'Incomplete' }, + { id: 'CWE-285', name: 'Improper Authorization', status: 'Draft' }, + { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, + { id: 'CWE-287', name: 'Improper Authentication', status: 'Draft' }, + { + id: 'CWE-288', + name: 'Authentication Bypass Using an Alternate Path or Channel', + status: 'Incomplete', + }, + { + id: 'CWE-289', + name: 'Authentication Bypass by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-29', + name: "Path Traversal: '\\..\\filename'", + status: 'Incomplete', + }, + { + id: 'CWE-290', + name: 'Authentication Bypass by Spoofing', + status: 'Incomplete', + }, + { + id: 'CWE-291', + name: 'Reliance on IP Address for Authentication', + status: 'Incomplete', + }, + { + id: 'CWE-292', + name: 'DEPRECATED: Trusting Self-reported DNS Name', + status: 'Deprecated', + }, + { + id: 'CWE-293', + name: 'Using Referer Field for Authentication', + status: 'Draft', + }, + { + id: 'CWE-294', + name: 'Authentication Bypass by Capture-replay', + status: 'Incomplete', + }, + { id: 'CWE-295', name: 'Improper Certificate Validation', status: 'Draft' }, + { + id: 'CWE-296', + name: "Improper Following of a Certificate's Chain of Trust", + status: 'Draft', + }, + { + id: 'CWE-297', + name: 'Improper Validation of Certificate with Host Mismatch', + status: 'Incomplete', + }, + { + id: 'CWE-298', + name: 'Improper Validation of Certificate Expiration', + status: 'Draft', + }, + { + id: 'CWE-299', + name: 'Improper Check for Certificate Revocation', + status: 'Draft', + }, + { + id: 'CWE-30', + name: "Path Traversal: '\\dir\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-300', + name: 'Channel Accessible by Non-Endpoint', + status: 'Draft', + }, + { + id: 'CWE-301', + name: 'Reflection Attack in an Authentication Protocol', + status: 'Draft', + }, + { + id: 'CWE-302', + name: 'Authentication Bypass by Assumed-Immutable Data', + status: 'Incomplete', + }, + { + id: 'CWE-303', + name: 'Incorrect Implementation of Authentication Algorithm', + status: 'Draft', + }, + { + id: 'CWE-304', + name: 'Missing Critical Step in Authentication', + status: 'Draft', + }, + { + id: 'CWE-305', + name: 'Authentication Bypass by Primary Weakness', + status: 'Draft', + }, + { + id: 'CWE-306', + name: 'Missing Authentication for Critical Function', + status: 'Draft', + }, + { + id: 'CWE-307', + name: 'Improper Restriction of Excessive Authentication Attempts', + status: 'Draft', + }, + { + id: 'CWE-308', + name: 'Use of Single-factor Authentication', + status: 'Draft', + }, + { + id: 'CWE-309', + name: 'Use of Password System for Primary Authentication', + status: 'Draft', + }, + { + id: 'CWE-31', + name: "Path Traversal: 'dir\\..\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-311', + name: 'Missing Encryption of Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-312', + name: 'Cleartext Storage of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-313', + name: 'Cleartext Storage in a File or on Disk', + status: 'Draft', + }, + { + id: 'CWE-314', + name: 'Cleartext Storage in the Registry', + status: 'Draft', + }, + { + id: 'CWE-315', + name: 'Cleartext Storage of Sensitive Information in a Cookie', + status: 'Draft', + }, + { + id: 'CWE-316', + name: 'Cleartext Storage of Sensitive Information in Memory', + status: 'Draft', + }, + { + id: 'CWE-317', + name: 'Cleartext Storage of Sensitive Information in GUI', + status: 'Draft', + }, + { + id: 'CWE-318', + name: 'Cleartext Storage of Sensitive Information in Executable', + status: 'Draft', + }, + { + id: 'CWE-319', + name: 'Cleartext Transmission of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-32', + name: "Path Traversal: '...' (Triple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-321', + name: 'Use of Hard-coded Cryptographic Key', + status: 'Draft', + }, + { + id: 'CWE-322', + name: 'Key Exchange without Entity Authentication', + status: 'Draft', + }, + { + id: 'CWE-323', + name: 'Reusing a Nonce, Key Pair in Encryption', + status: 'Incomplete', + }, + { + id: 'CWE-324', + name: 'Use of a Key Past its Expiration Date', + status: 'Draft', + }, + { id: 'CWE-325', name: 'Missing Cryptographic Step', status: 'Draft' }, + { id: 'CWE-326', name: 'Inadequate Encryption Strength', status: 'Draft' }, + { + id: 'CWE-327', + name: 'Use of a Broken or Risky Cryptographic Algorithm', + status: 'Draft', + }, + { id: 'CWE-328', name: 'Use of Weak Hash', status: 'Draft' }, + { + id: 'CWE-329', + name: 'Generation of Predictable IV with CBC Mode', + status: 'Draft', + }, + { + id: 'CWE-33', + name: "Path Traversal: '....' (Multiple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-330', + name: 'Use of Insufficiently Random Values', + status: 'Stable', + }, + { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, + { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, + { + id: 'CWE-333', + name: 'Improper Handling of Insufficient Entropy in TRNG', + status: 'Draft', + }, + { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, + { + id: 'CWE-335', + name: 'Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + }, + { + id: 'CWE-336', + name: 'Same Seed in Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + }, + { + id: 'CWE-337', + name: 'Predictable Seed in Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + }, + { + id: 'CWE-338', + name: 'Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + }, + { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, + { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, + { + id: 'CWE-340', + name: 'Generation of Predictable Numbers or Identifiers', + status: 'Incomplete', + }, + { + id: 'CWE-341', + name: 'Predictable from Observable State', + status: 'Draft', + }, + { + id: 'CWE-342', + name: 'Predictable Exact Value from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-343', + name: 'Predictable Value Range from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-344', + name: 'Use of Invariant Value in Dynamically Changing Context', + status: 'Draft', + }, + { + id: 'CWE-345', + name: 'Insufficient Verification of Data Authenticity', + status: 'Draft', + }, + { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, + { + id: 'CWE-347', + name: 'Improper Verification of Cryptographic Signature', + status: 'Draft', + }, + { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, + { + id: 'CWE-349', + name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', + status: 'Draft', + }, + { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, + { + id: 'CWE-350', + name: 'Reliance on Reverse DNS Resolution for a Security-Critical Action', + status: 'Draft', + }, + { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, + { + id: 'CWE-352', + name: 'Cross-Site Request Forgery (CSRF)', + status: 'Stable', + }, + { + id: 'CWE-353', + name: 'Missing Support for Integrity Check', + status: 'Draft', + }, + { + id: 'CWE-354', + name: 'Improper Validation of Integrity Check Value', + status: 'Draft', + }, + { + id: 'CWE-356', + name: 'Product UI does not Warn User of Unsafe Actions', + status: 'Incomplete', + }, + { + id: 'CWE-357', + name: 'Insufficient UI Warning of Dangerous Operations', + status: 'Draft', + }, + { + id: 'CWE-358', + name: 'Improperly Implemented Security Check for Standard', + status: 'Draft', + }, + { + id: 'CWE-359', + name: 'Exposure of Private Personal Information to an Unauthorized Actor', + status: 'Incomplete', + }, + { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, + { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, + { + id: 'CWE-362', + name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", + status: 'Draft', + }, + { + id: 'CWE-363', + name: 'Race Condition Enabling Link Following', + status: 'Draft', + }, + { + id: 'CWE-364', + name: 'Signal Handler Race Condition', + status: 'Incomplete', + }, + { id: 'CWE-365', name: 'Race Condition in Switch', status: 'Draft' }, + { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, + { + id: 'CWE-367', + name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', + status: 'Incomplete', + }, + { + id: 'CWE-368', + name: 'Context Switching Race Condition', + status: 'Draft', + }, + { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, + { + id: 'CWE-37', + name: "Path Traversal: '/absolute/pathname/here'", + status: 'Draft', + }, + { + id: 'CWE-370', + name: 'Missing Check for Certificate Revocation after Initial Check', + status: 'Draft', + }, + { + id: 'CWE-372', + name: 'Incomplete Internal State Distinction', + status: 'Draft', + }, + { + id: 'CWE-373', + name: 'DEPRECATED: State Synchronization Error', + status: 'Deprecated', + }, + { + id: 'CWE-374', + name: 'Passing Mutable Objects to an Untrusted Method', + status: 'Draft', + }, + { + id: 'CWE-375', + name: 'Returning a Mutable Object to an Untrusted Caller', + status: 'Draft', + }, + { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, + { + id: 'CWE-378', + name: 'Creation of Temporary File With Insecure Permissions', + status: 'Draft', + }, + { + id: 'CWE-379', + name: 'Creation of Temporary File in Directory with Insecure Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-38', + name: "Path Traversal: '\\absolute\\pathname\\here'", + status: 'Draft', + }, + { + id: 'CWE-382', + name: 'J2EE Bad Practices: Use of System.exit()', + status: 'Draft', + }, + { + id: 'CWE-383', + name: 'J2EE Bad Practices: Direct Use of Threads', + status: 'Draft', + }, + { id: 'CWE-384', name: 'Session Fixation', status: 'Incomplete' }, + { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, + { + id: 'CWE-386', + name: 'Symbolic Name not Mapping to Correct Object', + status: 'Draft', + }, + { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, + { + id: 'CWE-390', + name: 'Detection of Error Condition Without Action', + status: 'Draft', + }, + { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, + { + id: 'CWE-392', + name: 'Missing Report of Error Condition', + status: 'Draft', + }, + { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, + { + id: 'CWE-394', + name: 'Unexpected Status Code or Return Value', + status: 'Draft', + }, + { + id: 'CWE-395', + name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', + status: 'Draft', + }, + { + id: 'CWE-396', + name: 'Declaration of Catch for Generic Exception', + status: 'Draft', + }, + { + id: 'CWE-397', + name: 'Declaration of Throws for Generic Exception', + status: 'Draft', + }, + { + id: 'CWE-40', + name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", + status: 'Draft', + }, + { + id: 'CWE-400', + name: 'Uncontrolled Resource Consumption', + status: 'Draft', + }, + { + id: 'CWE-401', + name: 'Missing Release of Memory after Effective Lifetime', + status: 'Draft', + }, + { + id: 'CWE-402', + name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", + status: 'Draft', + }, + { + id: 'CWE-403', + name: "Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')", + status: 'Draft', + }, + { + id: 'CWE-404', + name: 'Improper Resource Shutdown or Release', + status: 'Draft', + }, + { + id: 'CWE-405', + name: 'Asymmetric Resource Consumption (Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-406', + name: 'Insufficient Control of Network Message Volume (Network Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-407', + name: 'Inefficient Algorithmic Complexity', + status: 'Incomplete', + }, + { + id: 'CWE-408', + name: 'Incorrect Behavior Order: Early Amplification', + status: 'Draft', + }, + { + id: 'CWE-409', + name: 'Improper Handling of Highly Compressed Data (Data Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-41', + name: 'Improper Resolution of Path Equivalence', + status: 'Incomplete', + }, + { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, + { + id: 'CWE-412', + name: 'Unrestricted Externally Accessible Lock', + status: 'Incomplete', + }, + { id: 'CWE-413', name: 'Improper Resource Locking', status: 'Draft' }, + { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, + { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, + { id: 'CWE-416', name: 'Use After Free', status: 'Stable' }, + { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, + { + id: 'CWE-42', + name: "Path Equivalence: 'filename.' (Trailing Dot)", + status: 'Incomplete', + }, + { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, + { + id: 'CWE-421', + name: 'Race Condition During Access to Alternate Channel', + status: 'Draft', + }, + { + id: 'CWE-422', + name: "Unprotected Windows Messaging Channel ('Shatter')", + status: 'Draft', + }, + { + id: 'CWE-423', + name: 'DEPRECATED: Proxied Trusted Channel', + status: 'Deprecated', + }, + { + id: 'CWE-424', + name: 'Improper Protection of Alternate Path', + status: 'Draft', + }, + { + id: 'CWE-425', + name: "Direct Request ('Forced Browsing')", + status: 'Incomplete', + }, + { id: 'CWE-426', name: 'Untrusted Search Path', status: 'Stable' }, + { + id: 'CWE-427', + name: 'Uncontrolled Search Path Element', + status: 'Draft', + }, + { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, + { + id: 'CWE-43', + name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-430', + name: 'Deployment of Wrong Handler', + status: 'Incomplete', + }, + { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, + { + id: 'CWE-432', + name: 'Dangerous Signal Handler not Disabled During Sensitive Operations', + status: 'Draft', + }, + { + id: 'CWE-433', + name: 'Unparsed Raw Web Content Delivery', + status: 'Incomplete', + }, + { + id: 'CWE-434', + name: 'Unrestricted Upload of File with Dangerous Type', + status: 'Draft', + }, + { + id: 'CWE-435', + name: 'Improper Interaction Between Multiple Correctly-Behaving Entities', + status: 'Draft', + }, + { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, + { + id: 'CWE-437', + name: 'Incomplete Model of Endpoint Features', + status: 'Incomplete', + }, + { + id: 'CWE-439', + name: 'Behavioral Change in New Version or Environment', + status: 'Draft', + }, + { + id: 'CWE-44', + name: "Path Equivalence: 'file.name' (Internal Dot)", + status: 'Incomplete', + }, + { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, + { + id: 'CWE-441', + name: "Unintended Proxy or Intermediary ('Confused Deputy')", + status: 'Draft', + }, + { + id: 'CWE-443', + name: 'DEPRECATED: HTTP response splitting', + status: 'Deprecated', + }, + { + id: 'CWE-444', + name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')", + status: 'Incomplete', + }, + { + id: 'CWE-446', + name: 'UI Discrepancy for Security Feature', + status: 'Incomplete', + }, + { + id: 'CWE-447', + name: 'Unimplemented or Unsupported Feature in UI', + status: 'Draft', + }, + { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, + { + id: 'CWE-449', + name: 'The UI Performs the Wrong Action', + status: 'Incomplete', + }, + { + id: 'CWE-45', + name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-450', + name: 'Multiple Interpretations of UI Input', + status: 'Draft', + }, + { + id: 'CWE-451', + name: 'User Interface (UI) Misrepresentation of Critical Information', + status: 'Draft', + }, + { + id: 'CWE-453', + name: 'Insecure Default Variable Initialization', + status: 'Draft', + }, + { + id: 'CWE-454', + name: 'External Initialization of Trusted Variables or Data Stores', + status: 'Draft', + }, + { + id: 'CWE-455', + name: 'Non-exit on Failed Initialization', + status: 'Draft', + }, + { + id: 'CWE-456', + name: 'Missing Initialization of a Variable', + status: 'Draft', + }, + { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, + { + id: 'CWE-458', + name: 'DEPRECATED: Incorrect Initialization', + status: 'Deprecated', + }, + { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, + { + id: 'CWE-46', + name: "Path Equivalence: 'filename ' (Trailing Space)", + status: 'Incomplete', + }, + { + id: 'CWE-460', + name: 'Improper Cleanup on Thrown Exception', + status: 'Draft', + }, + { + id: 'CWE-462', + name: 'Duplicate Key in Associative List (Alist)', + status: 'Incomplete', + }, + { + id: 'CWE-463', + name: 'Deletion of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-464', + name: 'Addition of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-466', + name: 'Return of Pointer Value Outside of Expected Range', + status: 'Draft', + }, + { + id: 'CWE-467', + name: 'Use of sizeof() on a Pointer Type', + status: 'Draft', + }, + { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, + { + id: 'CWE-469', + name: 'Use of Pointer Subtraction to Determine Size', + status: 'Draft', + }, + { + id: 'CWE-47', + name: "Path Equivalence: ' filename' (Leading Space)", + status: 'Incomplete', + }, + { + id: 'CWE-470', + name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", + status: 'Draft', + }, + { + id: 'CWE-471', + name: 'Modification of Assumed-Immutable Data (MAID)', + status: 'Draft', + }, + { + id: 'CWE-472', + name: 'External Control of Assumed-Immutable Web Parameter', + status: 'Draft', + }, + { + id: 'CWE-473', + name: 'PHP External Variable Modification', + status: 'Draft', + }, + { + id: 'CWE-474', + name: 'Use of Function with Inconsistent Implementations', + status: 'Draft', + }, + { + id: 'CWE-475', + name: 'Undefined Behavior for Input to API', + status: 'Incomplete', + }, + { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Stable' }, + { id: 'CWE-477', name: 'Use of Obsolete Function', status: 'Draft' }, + { + id: 'CWE-478', + name: 'Missing Default Case in Switch Statement', + status: 'Draft', + }, + { + id: 'CWE-479', + name: 'Signal Handler Use of a Non-reentrant Function', + status: 'Draft', + }, + { + id: 'CWE-48', + name: "Path Equivalence: 'file name' (Internal Whitespace)", + status: 'Incomplete', + }, + { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, + { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, + { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, + { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, + { + id: 'CWE-484', + name: 'Omitted Break Statement in Switch', + status: 'Draft', + }, + { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, + { + id: 'CWE-487', + name: 'Reliance on Package-level Scope', + status: 'Incomplete', + }, + { + id: 'CWE-488', + name: 'Exposure of Data Element to Wrong Session', + status: 'Draft', + }, + { id: 'CWE-489', name: 'Active Debug Code', status: 'Draft' }, + { + id: 'CWE-49', + name: "Path Equivalence: 'filename/' (Trailing Slash)", + status: 'Incomplete', + }, + { + id: 'CWE-491', + name: "Public cloneable() Method Without Final ('Object Hijack')", + status: 'Draft', + }, + { + id: 'CWE-492', + name: 'Use of Inner Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-493', + name: 'Critical Public Variable Without Final Modifier', + status: 'Draft', + }, + { + id: 'CWE-494', + name: 'Download of Code Without Integrity Check', + status: 'Draft', + }, + { + id: 'CWE-495', + name: 'Private Data Structure Returned From A Public Method', + status: 'Draft', + }, + { + id: 'CWE-496', + name: 'Public Data Assigned to Private Array-Typed Field', + status: 'Incomplete', + }, + { + id: 'CWE-497', + name: 'Exposure of Sensitive System Information to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-498', + name: 'Cloneable Class Containing Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-499', + name: 'Serializable Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-5', + name: 'J2EE Misconfiguration: Data Transmission Without Encryption', + status: 'Draft', + }, + { + id: 'CWE-50', + name: "Path Equivalence: '//multiple/leading/slash'", + status: 'Incomplete', + }, + { + id: 'CWE-500', + name: 'Public Static Field Not Marked Final', + status: 'Draft', + }, + { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, + { + id: 'CWE-502', + name: 'Deserialization of Untrusted Data', + status: 'Draft', + }, + { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, + { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, + { + id: 'CWE-508', + name: 'Non-Replicating Malicious Code', + status: 'Incomplete', + }, + { + id: 'CWE-509', + name: 'Replicating Malicious Code (Virus or Worm)', + status: 'Incomplete', + }, + { + id: 'CWE-51', + name: "Path Equivalence: '/multiple//internal/slash'", + status: 'Incomplete', + }, + { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, + { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, + { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, + { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, + { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, + { + id: 'CWE-516', + name: 'DEPRECATED: Covert Timing Channel', + status: 'Deprecated', + }, + { + id: 'CWE-52', + name: "Path Equivalence: '/multiple/trailing/slash//'", + status: 'Incomplete', + }, + { + id: 'CWE-520', + name: '.NET Misconfiguration: Use of Impersonation', + status: 'Incomplete', + }, + { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, + { + id: 'CWE-522', + name: 'Insufficiently Protected Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-523', + name: 'Unprotected Transport of Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-524', + name: 'Use of Cache Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-525', + name: 'Use of Web Browser Cache Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-526', + name: 'Exposure of Sensitive Information Through Environmental Variables', + status: 'Incomplete', + }, + { + id: 'CWE-527', + name: 'Exposure of Version-Control Repository to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-528', + name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', + status: 'Draft', + }, + { + id: 'CWE-529', + name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-53', + name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", + status: 'Incomplete', + }, + { + id: 'CWE-530', + name: 'Exposure of Backup File to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-531', + name: 'Inclusion of Sensitive Information in Test Code', + status: 'Incomplete', + }, + { + id: 'CWE-532', + name: 'Insertion of Sensitive Information into Log File', + status: 'Incomplete', + }, + { + id: 'CWE-533', + name: 'DEPRECATED: Information Exposure Through Server Log Files', + status: 'Deprecated', + }, + { + id: 'CWE-534', + name: 'DEPRECATED: Information Exposure Through Debug Log Files', + status: 'Deprecated', + }, + { + id: 'CWE-535', + name: 'Exposure of Information Through Shell Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-536', + name: 'Servlet Runtime Error Message Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-537', + name: 'Java Runtime Error Message Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-538', + name: 'Insertion of Sensitive Information into Externally-Accessible File or Directory', + status: 'Draft', + }, + { + id: 'CWE-539', + name: 'Use of Persistent Cookies Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-54', + name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", + status: 'Incomplete', + }, + { + id: 'CWE-540', + name: 'Inclusion of Sensitive Information in Source Code', + status: 'Incomplete', + }, + { + id: 'CWE-541', + name: 'Inclusion of Sensitive Information in an Include File', + status: 'Incomplete', + }, + { + id: 'CWE-542', + name: 'DEPRECATED: Information Exposure Through Cleanup Log Files', + status: 'Deprecated', + }, + { + id: 'CWE-543', + name: 'Use of Singleton Pattern Without Synchronization in a Multithreaded Context', + status: 'Incomplete', + }, + { + id: 'CWE-544', + name: 'Missing Standardized Error Handling Mechanism', + status: 'Draft', + }, + { + id: 'CWE-545', + name: 'DEPRECATED: Use of Dynamic Class Loading', + status: 'Deprecated', + }, + { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, + { + id: 'CWE-547', + name: 'Use of Hard-coded, Security-relevant Constants', + status: 'Draft', + }, + { + id: 'CWE-548', + name: 'Exposure of Information Through Directory Listing', + status: 'Draft', + }, + { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, + { + id: 'CWE-55', + name: "Path Equivalence: '/./' (Single Dot Directory)", + status: 'Incomplete', + }, + { + id: 'CWE-550', + name: 'Server-generated Error Message Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-551', + name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', + status: 'Incomplete', + }, + { + id: 'CWE-552', + name: 'Files or Directories Accessible to External Parties', + status: 'Draft', + }, + { + id: 'CWE-553', + name: 'Command Shell in Externally Accessible Directory', + status: 'Incomplete', + }, + { + id: 'CWE-554', + name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', + status: 'Draft', + }, + { + id: 'CWE-555', + name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-556', + name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', + status: 'Incomplete', + }, + { + id: 'CWE-558', + name: 'Use of getlogin() in Multithreaded Application', + status: 'Draft', + }, + { + id: 'CWE-56', + name: "Path Equivalence: 'filedir*' (Wildcard)", + status: 'Incomplete', + }, + { + id: 'CWE-560', + name: 'Use of umask() with chmod-style Argument', + status: 'Draft', + }, + { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, + { + id: 'CWE-562', + name: 'Return of Stack Variable Address', + status: 'Draft', + }, + { + id: 'CWE-563', + name: 'Assignment to Variable without Use', + status: 'Draft', + }, + { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, + { + id: 'CWE-565', + name: 'Reliance on Cookies without Validation and Integrity Checking', + status: 'Incomplete', + }, + { + id: 'CWE-566', + name: 'Authorization Bypass Through User-Controlled SQL Primary Key', + status: 'Incomplete', + }, + { + id: 'CWE-567', + name: 'Unsynchronized Access to Shared Data in a Multithreaded Context', + status: 'Draft', + }, + { + id: 'CWE-568', + name: 'finalize() Method Without super.finalize()', + status: 'Draft', + }, + { + id: 'CWE-57', + name: "Path Equivalence: 'fakedir/../realdir/filename'", + status: 'Incomplete', + }, + { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, + { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, + { + id: 'CWE-572', + name: 'Call to Thread run() instead of start()', + status: 'Draft', + }, + { + id: 'CWE-573', + name: 'Improper Following of Specification by Caller', + status: 'Draft', + }, + { + id: 'CWE-574', + name: 'EJB Bad Practices: Use of Synchronization Primitives', + status: 'Draft', + }, + { + id: 'CWE-575', + name: 'EJB Bad Practices: Use of AWT Swing', + status: 'Draft', + }, + { + id: 'CWE-576', + name: 'EJB Bad Practices: Use of Java I/O', + status: 'Draft', + }, + { + id: 'CWE-577', + name: 'EJB Bad Practices: Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-578', + name: 'EJB Bad Practices: Use of Class Loader', + status: 'Draft', + }, + { + id: 'CWE-579', + name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', + status: 'Draft', + }, + { + id: 'CWE-58', + name: 'Path Equivalence: Windows 8.3 Filename', + status: 'Incomplete', + }, + { + id: 'CWE-580', + name: 'clone() Method Without super.clone()', + status: 'Draft', + }, + { + id: 'CWE-581', + name: 'Object Model Violation: Just One of Equals and Hashcode Defined', + status: 'Draft', + }, + { + id: 'CWE-582', + name: 'Array Declared Public, Final, and Static', + status: 'Draft', + }, + { + id: 'CWE-583', + name: 'finalize() Method Declared Public', + status: 'Incomplete', + }, + { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, + { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, + { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, + { + id: 'CWE-587', + name: 'Assignment of a Fixed Address to a Pointer', + status: 'Draft', + }, + { + id: 'CWE-588', + name: 'Attempt to Access Child of a Non-structure Pointer', + status: 'Incomplete', + }, + { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, + { + id: 'CWE-59', + name: "Improper Link Resolution Before File Access ('Link Following')", + status: 'Draft', + }, + { + id: 'CWE-590', + name: 'Free of Memory not on the Heap', + status: 'Incomplete', + }, + { + id: 'CWE-591', + name: 'Sensitive Data Storage in Improperly Locked Memory', + status: 'Draft', + }, + { + id: 'CWE-592', + name: 'DEPRECATED: Authentication Bypass Issues', + status: 'Deprecated', + }, + { + id: 'CWE-593', + name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', + status: 'Draft', + }, + { + id: 'CWE-594', + name: 'J2EE Framework: Saving Unserializable Objects to Disk', + status: 'Incomplete', + }, + { + id: 'CWE-595', + name: 'Comparison of Object References Instead of Object Contents', + status: 'Incomplete', + }, + { + id: 'CWE-596', + name: 'DEPRECATED: Incorrect Semantic Object Comparison', + status: 'Deprecated', + }, + { + id: 'CWE-597', + name: 'Use of Wrong Operator in String Comparison', + status: 'Draft', + }, + { + id: 'CWE-598', + name: 'Use of GET Request Method With Sensitive Query Strings', + status: 'Draft', + }, + { + id: 'CWE-599', + name: 'Missing Validation of OpenSSL Certificate', + status: 'Incomplete', + }, + { + id: 'CWE-6', + name: 'J2EE Misconfiguration: Insufficient Session-ID Length', + status: 'Incomplete', + }, + { id: 'CWE-600', name: 'Uncaught Exception in Servlet ', status: 'Draft' }, + { + id: 'CWE-601', + name: "URL Redirection to Untrusted Site ('Open Redirect')", + status: 'Draft', + }, + { + id: 'CWE-602', + name: 'Client-Side Enforcement of Server-Side Security', + status: 'Draft', + }, + { + id: 'CWE-603', + name: 'Use of Client-Side Authentication', + status: 'Draft', + }, + { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, + { + id: 'CWE-606', + name: 'Unchecked Input for Loop Condition', + status: 'Draft', + }, + { + id: 'CWE-607', + name: 'Public Static Final Field References Mutable Object', + status: 'Draft', + }, + { + id: 'CWE-608', + name: 'Struts: Non-private Field in ActionForm Class', + status: 'Draft', + }, + { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, + { + id: 'CWE-61', + name: 'UNIX Symbolic Link (Symlink) Following', + status: 'Incomplete', + }, + { + id: 'CWE-610', + name: 'Externally Controlled Reference to a Resource in Another Sphere', + status: 'Draft', + }, + { + id: 'CWE-611', + name: 'Improper Restriction of XML External Entity Reference', + status: 'Draft', + }, + { + id: 'CWE-612', + name: 'Improper Authorization of Index Containing Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-613', + name: 'Insufficient Session Expiration', + status: 'Incomplete', + }, + { + id: 'CWE-614', + name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", + status: 'Draft', + }, + { + id: 'CWE-615', + name: 'Inclusion of Sensitive Information in Source Code Comments', + status: 'Incomplete', + }, + { + id: 'CWE-616', + name: 'Incomplete Identification of Uploaded File Variables (PHP)', + status: 'Incomplete', + }, + { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, + { + id: 'CWE-618', + name: 'Exposed Unsafe ActiveX Method', + status: 'Incomplete', + }, + { + id: 'CWE-619', + name: "Dangling Database Cursor ('Cursor Injection')", + status: 'Incomplete', + }, + { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, + { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, + { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, + { + id: 'CWE-622', + name: 'Improper Validation of Function Hook Arguments', + status: 'Draft', + }, + { + id: 'CWE-623', + name: 'Unsafe ActiveX Control Marked Safe For Scripting', + status: 'Draft', + }, + { + id: 'CWE-624', + name: 'Executable Regular Expression Error', + status: 'Incomplete', + }, + { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, + { + id: 'CWE-626', + name: 'Null Byte Interaction Error (Poison Null Byte)', + status: 'Draft', + }, + { + id: 'CWE-627', + name: 'Dynamic Variable Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-628', + name: 'Function Call with Incorrectly Specified Arguments', + status: 'Draft', + }, + { + id: 'CWE-636', + name: "Not Failing Securely ('Failing Open')", + status: 'Draft', + }, + { + id: 'CWE-637', + name: "Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')", + status: 'Draft', + }, + { id: 'CWE-638', name: 'Not Using Complete Mediation', status: 'Draft' }, + { + id: 'CWE-639', + name: 'Authorization Bypass Through User-Controlled Key', + status: 'Incomplete', + }, + { + id: 'CWE-64', + name: 'Windows Shortcut Following (.LNK)', + status: 'Incomplete', + }, + { + id: 'CWE-640', + name: 'Weak Password Recovery Mechanism for Forgotten Password', + status: 'Incomplete', + }, + { + id: 'CWE-641', + name: 'Improper Restriction of Names for Files and Other Resources', + status: 'Incomplete', + }, + { + id: 'CWE-642', + name: 'External Control of Critical State Data', + status: 'Draft', + }, + { + id: 'CWE-643', + name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-644', + name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', + status: 'Incomplete', + }, + { + id: 'CWE-645', + name: 'Overly Restrictive Account Lockout Mechanism', + status: 'Incomplete', + }, + { + id: 'CWE-646', + name: 'Reliance on File Name or Extension of Externally-Supplied File', + status: 'Incomplete', + }, + { + id: 'CWE-647', + name: 'Use of Non-Canonical URL Paths for Authorization Decisions', + status: 'Incomplete', + }, + { + id: 'CWE-648', + name: 'Incorrect Use of Privileged APIs', + status: 'Incomplete', + }, + { + id: 'CWE-649', + name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', + status: 'Incomplete', + }, + { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, + { + id: 'CWE-650', + name: 'Trusting HTTP Permission Methods on the Server Side', + status: 'Incomplete', + }, + { + id: 'CWE-651', + name: 'Exposure of WSDL File Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-652', + name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-653', + name: 'Improper Isolation or Compartmentalization', + status: 'Draft', + }, + { + id: 'CWE-654', + name: 'Reliance on a Single Factor in a Security Decision', + status: 'Draft', + }, + { + id: 'CWE-655', + name: 'Insufficient Psychological Acceptability', + status: 'Draft', + }, + { + id: 'CWE-656', + name: 'Reliance on Security Through Obscurity', + status: 'Draft', + }, + { + id: 'CWE-657', + name: 'Violation of Secure Design Principles', + status: 'Draft', + }, + { + id: 'CWE-66', + name: 'Improper Handling of File Names that Identify Virtual Resources', + status: 'Draft', + }, + { id: 'CWE-662', name: 'Improper Synchronization', status: 'Draft' }, + { + id: 'CWE-663', + name: 'Use of a Non-reentrant Function in a Concurrent Context', + status: 'Draft', + }, + { + id: 'CWE-664', + name: 'Improper Control of a Resource Through its Lifetime', + status: 'Draft', + }, + { id: 'CWE-665', name: 'Improper Initialization', status: 'Draft' }, + { + id: 'CWE-666', + name: 'Operation on Resource in Wrong Phase of Lifetime', + status: 'Draft', + }, + { id: 'CWE-667', name: 'Improper Locking', status: 'Draft' }, + { + id: 'CWE-668', + name: 'Exposure of Resource to Wrong Sphere', + status: 'Draft', + }, + { + id: 'CWE-669', + name: 'Incorrect Resource Transfer Between Spheres', + status: 'Draft', + }, + { + id: 'CWE-67', + name: 'Improper Handling of Windows Device Names', + status: 'Incomplete', + }, + { + id: 'CWE-670', + name: 'Always-Incorrect Control Flow Implementation', + status: 'Draft', + }, + { + id: 'CWE-671', + name: 'Lack of Administrator Control over Security', + status: 'Draft', + }, + { + id: 'CWE-672', + name: 'Operation on a Resource after Expiration or Release', + status: 'Draft', + }, + { + id: 'CWE-673', + name: 'External Influence of Sphere Definition', + status: 'Draft', + }, + { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, + { + id: 'CWE-675', + name: 'Multiple Operations on Resource in Single-Operation Context', + status: 'Draft', + }, + { + id: 'CWE-676', + name: 'Use of Potentially Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-680', + name: 'Integer Overflow to Buffer Overflow', + status: 'Draft', + }, + { + id: 'CWE-681', + name: 'Incorrect Conversion between Numeric Types', + status: 'Draft', + }, + { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, + { + id: 'CWE-683', + name: 'Function Call With Incorrect Order of Arguments', + status: 'Draft', + }, + { + id: 'CWE-684', + name: 'Incorrect Provision of Specified Functionality', + status: 'Draft', + }, + { + id: 'CWE-685', + name: 'Function Call With Incorrect Number of Arguments', + status: 'Draft', + }, + { + id: 'CWE-686', + name: 'Function Call With Incorrect Argument Type', + status: 'Draft', + }, + { + id: 'CWE-687', + name: 'Function Call With Incorrectly Specified Argument Value', + status: 'Draft', + }, + { + id: 'CWE-688', + name: 'Function Call With Incorrect Variable or Reference as Argument', + status: 'Draft', + }, + { + id: 'CWE-689', + name: 'Permission Race Condition During Resource Copy', + status: 'Draft', + }, + { + id: 'CWE-69', + name: 'Improper Handling of Windows ::DATA Alternate Data Stream', + status: 'Incomplete', + }, + { + id: 'CWE-690', + name: 'Unchecked Return Value to NULL Pointer Dereference', + status: 'Draft', + }, + { + id: 'CWE-691', + name: 'Insufficient Control Flow Management', + status: 'Draft', + }, + { + id: 'CWE-692', + name: 'Incomplete Denylist to Cross-Site Scripting', + status: 'Draft', + }, + { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, + { + id: 'CWE-694', + name: 'Use of Multiple Resources with Duplicate Identifier', + status: 'Incomplete', + }, + { + id: 'CWE-695', + name: 'Use of Low-Level Functionality', + status: 'Incomplete', + }, + { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, + { id: 'CWE-697', name: 'Incorrect Comparison', status: 'Incomplete' }, + { + id: 'CWE-698', + name: 'Execution After Redirect (EAR)', + status: 'Incomplete', + }, + { + id: 'CWE-7', + name: 'J2EE Misconfiguration: Missing Custom Error Page', + status: 'Incomplete', + }, + { + id: 'CWE-703', + name: 'Improper Check or Handling of Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-704', + name: 'Incorrect Type Conversion or Cast', + status: 'Incomplete', + }, + { + id: 'CWE-705', + name: 'Incorrect Control Flow Scoping', + status: 'Incomplete', + }, + { + id: 'CWE-706', + name: 'Use of Incorrectly-Resolved Name or Reference', + status: 'Incomplete', + }, + { id: 'CWE-707', name: 'Improper Neutralization', status: 'Incomplete' }, + { + id: 'CWE-708', + name: 'Incorrect Ownership Assignment', + status: 'Incomplete', + }, + { + id: 'CWE-71', + name: "DEPRECATED: Apple '.DS_Store'", + status: 'Deprecated', + }, + { + id: 'CWE-710', + name: 'Improper Adherence to Coding Standards', + status: 'Incomplete', + }, + { + id: 'CWE-72', + name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', + status: 'Incomplete', + }, + { + id: 'CWE-73', + name: 'External Control of File Name or Path', + status: 'Draft', + }, + { + id: 'CWE-732', + name: 'Incorrect Permission Assignment for Critical Resource', + status: 'Draft', + }, + { + id: 'CWE-733', + name: 'Compiler Optimization Removal or Modification of Security-critical Code', + status: 'Incomplete', + }, + { + id: 'CWE-74', + name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-749', + name: 'Exposed Dangerous Method or Function', + status: 'Incomplete', + }, + { + id: 'CWE-75', + name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', + status: 'Draft', + }, + { + id: 'CWE-754', + name: 'Improper Check for Unusual or Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-755', + name: 'Improper Handling of Exceptional Conditions', + status: 'Incomplete', + }, + { id: 'CWE-756', name: 'Missing Custom Error Page', status: 'Incomplete' }, + { + id: 'CWE-757', + name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", + status: 'Incomplete', + }, + { + id: 'CWE-758', + name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', + status: 'Incomplete', + }, + { + id: 'CWE-759', + name: 'Use of a One-Way Hash without a Salt', + status: 'Incomplete', + }, + { + id: 'CWE-76', + name: 'Improper Neutralization of Equivalent Special Elements', + status: 'Draft', + }, + { + id: 'CWE-760', + name: 'Use of a One-Way Hash with a Predictable Salt', + status: 'Incomplete', + }, + { + id: 'CWE-761', + name: 'Free of Pointer not at Start of Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-762', + name: 'Mismatched Memory Management Routines', + status: 'Incomplete', + }, + { + id: 'CWE-763', + name: 'Release of Invalid Pointer or Reference', + status: 'Incomplete', + }, + { + id: 'CWE-764', + name: 'Multiple Locks of a Critical Resource', + status: 'Incomplete', + }, + { + id: 'CWE-765', + name: 'Multiple Unlocks of a Critical Resource', + status: 'Incomplete', + }, + { + id: 'CWE-766', + name: 'Critical Data Element Declared Public', + status: 'Incomplete', + }, + { + id: 'CWE-767', + name: 'Access to Critical Private Variable via Public Method', + status: 'Incomplete', + }, + { + id: 'CWE-768', + name: 'Incorrect Short Circuit Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-769', + name: 'DEPRECATED: Uncontrolled File Descriptor Consumption', + status: 'Deprecated', + }, + { + id: 'CWE-77', + name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", + status: 'Draft', + }, + { + id: 'CWE-770', + name: 'Allocation of Resources Without Limits or Throttling', + status: 'Incomplete', + }, + { + id: 'CWE-771', + name: 'Missing Reference to Active Allocated Resource', + status: 'Incomplete', + }, + { + id: 'CWE-772', + name: 'Missing Release of Resource after Effective Lifetime', + status: 'Draft', + }, + { + id: 'CWE-773', + name: 'Missing Reference to Active File Descriptor or Handle', + status: 'Incomplete', + }, + { + id: 'CWE-774', + name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', + status: 'Incomplete', + }, + { + id: 'CWE-775', + name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-776', + name: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", + status: 'Draft', + }, + { + id: 'CWE-777', + name: 'Regular Expression without Anchors', + status: 'Incomplete', + }, + { id: 'CWE-778', name: 'Insufficient Logging', status: 'Draft' }, + { id: 'CWE-779', name: 'Logging of Excessive Data', status: 'Draft' }, + { + id: 'CWE-78', + name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", + status: 'Stable', + }, + { + id: 'CWE-780', + name: 'Use of RSA Algorithm without OAEP', + status: 'Incomplete', + }, + { + id: 'CWE-781', + name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', + status: 'Draft', + }, + { + id: 'CWE-782', + name: 'Exposed IOCTL with Insufficient Access Control', + status: 'Draft', + }, + { id: 'CWE-783', name: 'Operator Precedence Logic Error', status: 'Draft' }, + { + id: 'CWE-784', + name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', + status: 'Draft', + }, + { + id: 'CWE-785', + name: 'Use of Path Manipulation Function without Maximum-sized Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-786', + name: 'Access of Memory Location Before Start of Buffer', + status: 'Incomplete', + }, + { id: 'CWE-787', name: 'Out-of-bounds Write', status: 'Draft' }, + { + id: 'CWE-788', + name: 'Access of Memory Location After End of Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-789', + name: 'Memory Allocation with Excessive Size Value', + status: 'Draft', + }, + { + id: 'CWE-79', + name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + status: 'Stable', + }, + { + id: 'CWE-790', + name: 'Improper Filtering of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-791', + name: 'Incomplete Filtering of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-792', + name: 'Incomplete Filtering of One or More Instances of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-793', + name: 'Only Filtering One Instance of a Special Element', + status: 'Incomplete', + }, + { + id: 'CWE-794', + name: 'Incomplete Filtering of Multiple Instances of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-795', + name: 'Only Filtering Special Elements at a Specified Location', + status: 'Incomplete', + }, + { + id: 'CWE-796', + name: 'Only Filtering Special Elements Relative to a Marker', + status: 'Incomplete', + }, + { + id: 'CWE-797', + name: 'Only Filtering Special Elements at an Absolute Position', + status: 'Incomplete', + }, + { id: 'CWE-798', name: 'Use of Hard-coded Credentials', status: 'Draft' }, + { + id: 'CWE-799', + name: 'Improper Control of Interaction Frequency', + status: 'Incomplete', + }, + { + id: 'CWE-8', + name: 'J2EE Misconfiguration: Entity Bean Declared Remote', + status: 'Incomplete', + }, + { + id: 'CWE-80', + name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', + status: 'Incomplete', + }, + { id: 'CWE-804', name: 'Guessable CAPTCHA', status: 'Incomplete' }, + { + id: 'CWE-805', + name: 'Buffer Access with Incorrect Length Value', + status: 'Incomplete', + }, + { + id: 'CWE-806', + name: 'Buffer Access Using Size of Source Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-807', + name: 'Reliance on Untrusted Inputs in a Security Decision', + status: 'Incomplete', + }, + { + id: 'CWE-81', + name: 'Improper Neutralization of Script in an Error Message Web Page', + status: 'Incomplete', + }, + { + id: 'CWE-82', + name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', + status: 'Incomplete', + }, + { id: 'CWE-820', name: 'Missing Synchronization', status: 'Incomplete' }, + { id: 'CWE-821', name: 'Incorrect Synchronization', status: 'Incomplete' }, + { + id: 'CWE-822', + name: 'Untrusted Pointer Dereference', + status: 'Incomplete', + }, + { + id: 'CWE-823', + name: 'Use of Out-of-range Pointer Offset', + status: 'Incomplete', + }, + { + id: 'CWE-824', + name: 'Access of Uninitialized Pointer', + status: 'Incomplete', + }, + { + id: 'CWE-825', + name: 'Expired Pointer Dereference', + status: 'Incomplete', + }, + { + id: 'CWE-826', + name: 'Premature Release of Resource During Expected Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-827', + name: 'Improper Control of Document Type Definition', + status: 'Incomplete', + }, + { + id: 'CWE-828', + name: 'Signal Handler with Functionality that is not Asynchronous-Safe', + status: 'Incomplete', + }, + { + id: 'CWE-829', + name: 'Inclusion of Functionality from Untrusted Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-83', + name: 'Improper Neutralization of Script in Attributes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-830', + name: 'Inclusion of Web Functionality from an Untrusted Source', + status: 'Incomplete', + }, + { + id: 'CWE-831', + name: 'Signal Handler Function Associated with Multiple Signals', + status: 'Incomplete', + }, + { + id: 'CWE-832', + name: 'Unlock of a Resource that is not Locked', + status: 'Incomplete', + }, + { id: 'CWE-833', name: 'Deadlock', status: 'Incomplete' }, + { id: 'CWE-834', name: 'Excessive Iteration', status: 'Incomplete' }, + { + id: 'CWE-835', + name: "Loop with Unreachable Exit Condition ('Infinite Loop')", + status: 'Incomplete', + }, + { + id: 'CWE-836', + name: 'Use of Password Hash Instead of Password for Authentication', + status: 'Incomplete', + }, + { + id: 'CWE-837', + name: 'Improper Enforcement of a Single, Unique Action', + status: 'Incomplete', + }, + { + id: 'CWE-838', + name: 'Inappropriate Encoding for Output Context', + status: 'Incomplete', + }, + { + id: 'CWE-839', + name: 'Numeric Range Comparison Without Minimum Check', + status: 'Incomplete', + }, + { + id: 'CWE-84', + name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-841', + name: 'Improper Enforcement of Behavioral Workflow', + status: 'Incomplete', + }, + { + id: 'CWE-842', + name: 'Placement of User into Incorrect Group', + status: 'Incomplete', + }, + { + id: 'CWE-843', + name: "Access of Resource Using Incompatible Type ('Type Confusion')", + status: 'Incomplete', + }, + { + id: 'CWE-85', + name: 'Doubled Character XSS Manipulations', + status: 'Draft', + }, + { + id: 'CWE-86', + name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', + status: 'Draft', + }, + { id: 'CWE-862', name: 'Missing Authorization', status: 'Incomplete' }, + { id: 'CWE-863', name: 'Incorrect Authorization', status: 'Incomplete' }, + { + id: 'CWE-87', + name: 'Improper Neutralization of Alternate XSS Syntax', + status: 'Draft', + }, + { + id: 'CWE-88', + name: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", + status: 'Draft', + }, + { + id: 'CWE-89', + name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + status: 'Stable', + }, + { + id: 'CWE-9', + name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', + status: 'Draft', + }, + { + id: 'CWE-90', + name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", + status: 'Draft', + }, + { + id: 'CWE-908', + name: 'Use of Uninitialized Resource', + status: 'Incomplete', + }, + { + id: 'CWE-909', + name: 'Missing Initialization of Resource', + status: 'Incomplete', + }, + { + id: 'CWE-91', + name: 'XML Injection (aka Blind XPath Injection)', + status: 'Draft', + }, + { + id: 'CWE-910', + name: 'Use of Expired File Descriptor', + status: 'Incomplete', + }, + { + id: 'CWE-911', + name: 'Improper Update of Reference Count', + status: 'Incomplete', + }, + { id: 'CWE-912', name: 'Hidden Functionality', status: 'Incomplete' }, + { + id: 'CWE-913', + name: 'Improper Control of Dynamically-Managed Code Resources', + status: 'Incomplete', + }, + { + id: 'CWE-914', + name: 'Improper Control of Dynamically-Identified Variables', + status: 'Incomplete', + }, + { + id: 'CWE-915', + name: 'Improperly Controlled Modification of Dynamically-Determined Object Attributes', + status: 'Incomplete', + }, + { + id: 'CWE-916', + name: 'Use of Password Hash With Insufficient Computational Effort', + status: 'Incomplete', + }, + { + id: 'CWE-917', + name: "Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-918', + name: 'Server-Side Request Forgery (SSRF)', + status: 'Incomplete', + }, + { + id: 'CWE-92', + name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', + status: 'Deprecated', + }, + { + id: 'CWE-920', + name: 'Improper Restriction of Power Consumption', + status: 'Incomplete', + }, + { + id: 'CWE-921', + name: 'Storage of Sensitive Data in a Mechanism without Access Control', + status: 'Incomplete', + }, + { + id: 'CWE-922', + name: 'Insecure Storage of Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-923', + name: 'Improper Restriction of Communication Channel to Intended Endpoints', + status: 'Incomplete', + }, + { + id: 'CWE-924', + name: 'Improper Enforcement of Message Integrity During Transmission in a Communication Channel', + status: 'Incomplete', + }, + { + id: 'CWE-925', + name: 'Improper Verification of Intent by Broadcast Receiver', + status: 'Incomplete', + }, + { + id: 'CWE-926', + name: 'Improper Export of Android Application Components', + status: 'Incomplete', + }, + { + id: 'CWE-927', + name: 'Use of Implicit Intent for Sensitive Communication', + status: 'Incomplete', + }, + { + id: 'CWE-93', + name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", + status: 'Draft', + }, + { + id: 'CWE-939', + name: 'Improper Authorization in Handler for Custom URL Scheme', + status: 'Incomplete', + }, + { + id: 'CWE-94', + name: "Improper Control of Generation of Code ('Code Injection')", + status: 'Draft', + }, + { + id: 'CWE-940', + name: 'Improper Verification of Source of a Communication Channel', + status: 'Incomplete', + }, + { + id: 'CWE-941', + name: 'Incorrectly Specified Destination in a Communication Channel', + status: 'Incomplete', + }, + { + id: 'CWE-942', + name: 'Permissive Cross-domain Policy with Untrusted Domains', + status: 'Incomplete', + }, + { + id: 'CWE-943', + name: 'Improper Neutralization of Special Elements in Data Query Logic', + status: 'Incomplete', + }, + { + id: 'CWE-95', + name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-96', + name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", + status: 'Draft', + }, + { + id: 'CWE-97', + name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', + status: 'Draft', + }, + { + id: 'CWE-98', + name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", + status: 'Draft', + }, + { + id: 'CWE-99', + name: "Improper Control of Resource Identifiers ('Resource Injection')", + status: 'Draft', + }, + ], +} diff --git a/lib/cwec/4.7.js b/lib/cwec/4.7.js new file mode 100644 index 00000000..b75d9608 --- /dev/null +++ b/lib/cwec/4.7.js @@ -0,0 +1,4139 @@ +export default { + date: '2022-04-28', + weaknesses: [ + { + id: 'CWE-1004', + name: "Sensitive Cookie Without 'HttpOnly' Flag", + status: 'Incomplete', + }, + { + id: 'CWE-1007', + name: 'Insufficient Visual Distinction of Homoglyphs Presented to User', + status: 'Incomplete', + }, + { + id: 'CWE-102', + name: 'Struts: Duplicate Validation Forms', + status: 'Incomplete', + }, + { + id: 'CWE-1021', + name: 'Improper Restriction of Rendered UI Layers or Frames', + status: 'Incomplete', + }, + { + id: 'CWE-1022', + name: 'Use of Web Link to Untrusted Target with window.opener Access', + status: 'Incomplete', + }, + { + id: 'CWE-1023', + name: 'Incomplete Comparison with Missing Factors', + status: 'Incomplete', + }, + { + id: 'CWE-1024', + name: 'Comparison of Incompatible Types', + status: 'Incomplete', + }, + { + id: 'CWE-1025', + name: 'Comparison Using Wrong Factors', + status: 'Incomplete', + }, + { + id: 'CWE-103', + name: 'Struts: Incomplete validate() Method Definition', + status: 'Draft', + }, + { + id: 'CWE-1037', + name: 'Processor Optimization Removal or Modification of Security-critical Code', + status: 'Incomplete', + }, + { + id: 'CWE-1038', + name: 'Insecure Automated Optimizations', + status: 'Draft', + }, + { + id: 'CWE-1039', + name: 'Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations', + status: 'Incomplete', + }, + { + id: 'CWE-104', + name: 'Struts: Form Bean Does Not Extend Validation Class', + status: 'Draft', + }, + { id: 'CWE-1041', name: 'Use of Redundant Code', status: 'Incomplete' }, + { + id: 'CWE-1042', + name: 'Static Member Data Element outside of a Singleton Class Element', + status: 'Incomplete', + }, + { + id: 'CWE-1043', + name: 'Data Element Aggregating an Excessively Large Number of Non-Primitive Elements', + status: 'Incomplete', + }, + { + id: 'CWE-1044', + name: 'Architecture with Number of Horizontal Layers Outside of Expected Range', + status: 'Incomplete', + }, + { + id: 'CWE-1045', + name: 'Parent Class with a Virtual Destructor and a Child Class without a Virtual Destructor', + status: 'Incomplete', + }, + { + id: 'CWE-1046', + name: 'Creation of Immutable Text Using String Concatenation', + status: 'Incomplete', + }, + { + id: 'CWE-1047', + name: 'Modules with Circular Dependencies', + status: 'Incomplete', + }, + { + id: 'CWE-1048', + name: 'Invokable Control Element with Large Number of Outward Calls', + status: 'Incomplete', + }, + { + id: 'CWE-1049', + name: 'Excessive Data Query Operations in a Large Data Table', + status: 'Incomplete', + }, + { + id: 'CWE-105', + name: 'Struts: Form Field Without Validator', + status: 'Draft', + }, + { + id: 'CWE-1050', + name: 'Excessive Platform Resource Consumption within a Loop', + status: 'Incomplete', + }, + { + id: 'CWE-1051', + name: 'Initialization with Hard-Coded Network Resource Configuration Data', + status: 'Incomplete', + }, + { + id: 'CWE-1052', + name: 'Excessive Use of Hard-Coded Literals in Initialization', + status: 'Incomplete', + }, + { + id: 'CWE-1053', + name: 'Missing Documentation for Design', + status: 'Incomplete', + }, + { + id: 'CWE-1054', + name: 'Invocation of a Control Element at an Unnecessarily Deep Horizontal Layer', + status: 'Incomplete', + }, + { + id: 'CWE-1055', + name: 'Multiple Inheritance from Concrete Classes', + status: 'Incomplete', + }, + { + id: 'CWE-1056', + name: 'Invokable Control Element with Variadic Parameters', + status: 'Incomplete', + }, + { + id: 'CWE-1057', + name: 'Data Access Operations Outside of Expected Data Manager Component', + status: 'Incomplete', + }, + { + id: 'CWE-1058', + name: 'Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element', + status: 'Incomplete', + }, + { + id: 'CWE-1059', + name: 'Insufficient Technical Documentation', + status: 'Incomplete', + }, + { + id: 'CWE-106', + name: 'Struts: Plug-in Framework not in Use', + status: 'Draft', + }, + { + id: 'CWE-1060', + name: 'Excessive Number of Inefficient Server-Side Data Accesses', + status: 'Incomplete', + }, + { + id: 'CWE-1061', + name: 'Insufficient Encapsulation', + status: 'Incomplete', + }, + { + id: 'CWE-1062', + name: 'Parent Class with References to Child Class', + status: 'Incomplete', + }, + { + id: 'CWE-1063', + name: 'Creation of Class Instance within a Static Code Block', + status: 'Incomplete', + }, + { + id: 'CWE-1064', + name: 'Invokable Control Element with Signature Containing an Excessive Number of Parameters', + status: 'Incomplete', + }, + { + id: 'CWE-1065', + name: 'Runtime Resource Management Control Element in a Component Built to Run on Application Servers', + status: 'Incomplete', + }, + { + id: 'CWE-1066', + name: 'Missing Serialization Control Element', + status: 'Incomplete', + }, + { + id: 'CWE-1067', + name: 'Excessive Execution of Sequential Searches of Data Resource', + status: 'Incomplete', + }, + { + id: 'CWE-1068', + name: 'Inconsistency Between Implementation and Documented Design', + status: 'Incomplete', + }, + { id: 'CWE-1069', name: 'Empty Exception Block', status: 'Incomplete' }, + { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, + { + id: 'CWE-1070', + name: 'Serializable Data Element Containing non-Serializable Item Elements', + status: 'Incomplete', + }, + { id: 'CWE-1071', name: 'Empty Code Block', status: 'Incomplete' }, + { + id: 'CWE-1072', + name: 'Data Resource Access without Use of Connection Pooling', + status: 'Incomplete', + }, + { + id: 'CWE-1073', + name: 'Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses', + status: 'Incomplete', + }, + { + id: 'CWE-1074', + name: 'Class with Excessively Deep Inheritance', + status: 'Incomplete', + }, + { + id: 'CWE-1075', + name: 'Unconditional Control Flow Transfer outside of Switch Block', + status: 'Incomplete', + }, + { + id: 'CWE-1076', + name: 'Insufficient Adherence to Expected Conventions', + status: 'Incomplete', + }, + { + id: 'CWE-1077', + name: 'Floating Point Comparison with Incorrect Operator', + status: 'Incomplete', + }, + { + id: 'CWE-1078', + name: 'Inappropriate Source Code Style or Formatting', + status: 'Incomplete', + }, + { + id: 'CWE-1079', + name: 'Parent Class without Virtual Destructor Method', + status: 'Incomplete', + }, + { + id: 'CWE-108', + name: 'Struts: Unvalidated Action Form', + status: 'Incomplete', + }, + { + id: 'CWE-1080', + name: 'Source Code File with Excessive Number of Lines of Code', + status: 'Incomplete', + }, + { + id: 'CWE-1082', + name: 'Class Instance Self Destruction Control Element', + status: 'Incomplete', + }, + { + id: 'CWE-1083', + name: 'Data Access from Outside Expected Data Manager Component', + status: 'Incomplete', + }, + { + id: 'CWE-1084', + name: 'Invokable Control Element with Excessive File or Data Access Operations', + status: 'Incomplete', + }, + { + id: 'CWE-1085', + name: 'Invokable Control Element with Excessive Volume of Commented-out Code', + status: 'Incomplete', + }, + { + id: 'CWE-1086', + name: 'Class with Excessive Number of Child Classes', + status: 'Incomplete', + }, + { + id: 'CWE-1087', + name: 'Class with Virtual Method without a Virtual Destructor', + status: 'Incomplete', + }, + { + id: 'CWE-1088', + name: 'Synchronous Access of Remote Resource without Timeout', + status: 'Incomplete', + }, + { + id: 'CWE-1089', + name: 'Large Data Table with Excessive Number of Indices', + status: 'Incomplete', + }, + { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, + { + id: 'CWE-1090', + name: 'Method Containing Access of a Member Element from Another Class', + status: 'Incomplete', + }, + { + id: 'CWE-1091', + name: 'Use of Object without Invoking Destructor Method', + status: 'Incomplete', + }, + { + id: 'CWE-1092', + name: 'Use of Same Invokable Control Element in Multiple Architectural Layers', + status: 'Incomplete', + }, + { + id: 'CWE-1093', + name: 'Excessively Complex Data Representation', + status: 'Incomplete', + }, + { + id: 'CWE-1094', + name: 'Excessive Index Range Scan for a Data Resource', + status: 'Incomplete', + }, + { + id: 'CWE-1095', + name: 'Loop Condition Value Update within the Loop', + status: 'Incomplete', + }, + { + id: 'CWE-1096', + name: 'Singleton Class Instance Creation without Proper Locking or Synchronization', + status: 'Incomplete', + }, + { + id: 'CWE-1097', + name: 'Persistent Storable Data Element without Associated Comparison Control Element', + status: 'Incomplete', + }, + { + id: 'CWE-1098', + name: 'Data Element containing Pointer Item without Proper Copy Control Element', + status: 'Incomplete', + }, + { + id: 'CWE-1099', + name: 'Inconsistent Naming Conventions for Identifiers', + status: 'Incomplete', + }, + { + id: 'CWE-11', + name: 'ASP.NET Misconfiguration: Creating Debug Binary', + status: 'Draft', + }, + { + id: 'CWE-110', + name: 'Struts: Validator Without Form Field', + status: 'Draft', + }, + { + id: 'CWE-1100', + name: 'Insufficient Isolation of System-Dependent Functions', + status: 'Incomplete', + }, + { + id: 'CWE-1101', + name: 'Reliance on Runtime Component in Generated Code', + status: 'Incomplete', + }, + { + id: 'CWE-1102', + name: 'Reliance on Machine-Dependent Data Representation', + status: 'Incomplete', + }, + { + id: 'CWE-1103', + name: 'Use of Platform-Dependent Third Party Components', + status: 'Incomplete', + }, + { + id: 'CWE-1104', + name: 'Use of Unmaintained Third Party Components', + status: 'Incomplete', + }, + { + id: 'CWE-1105', + name: 'Insufficient Encapsulation of Machine-Dependent Functionality', + status: 'Incomplete', + }, + { + id: 'CWE-1106', + name: 'Insufficient Use of Symbolic Constants', + status: 'Incomplete', + }, + { + id: 'CWE-1107', + name: 'Insufficient Isolation of Symbolic Constant Definitions', + status: 'Incomplete', + }, + { + id: 'CWE-1108', + name: 'Excessive Reliance on Global Variables', + status: 'Incomplete', + }, + { + id: 'CWE-1109', + name: 'Use of Same Variable for Multiple Purposes', + status: 'Incomplete', + }, + { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, + { + id: 'CWE-1110', + name: 'Incomplete Design Documentation', + status: 'Incomplete', + }, + { + id: 'CWE-1111', + name: 'Incomplete I/O Documentation', + status: 'Incomplete', + }, + { + id: 'CWE-1112', + name: 'Incomplete Documentation of Program Execution', + status: 'Incomplete', + }, + { + id: 'CWE-1113', + name: 'Inappropriate Comment Style', + status: 'Incomplete', + }, + { + id: 'CWE-1114', + name: 'Inappropriate Whitespace Style', + status: 'Incomplete', + }, + { + id: 'CWE-1115', + name: 'Source Code Element without Standard Prologue', + status: 'Incomplete', + }, + { id: 'CWE-1116', name: 'Inaccurate Comments', status: 'Incomplete' }, + { + id: 'CWE-1117', + name: 'Callable with Insufficient Behavioral Summary', + status: 'Incomplete', + }, + { + id: 'CWE-1118', + name: 'Insufficient Documentation of Error Handling Techniques', + status: 'Incomplete', + }, + { + id: 'CWE-1119', + name: 'Excessive Use of Unconditional Branching', + status: 'Incomplete', + }, + { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, + { id: 'CWE-1120', name: 'Excessive Code Complexity', status: 'Incomplete' }, + { + id: 'CWE-1121', + name: 'Excessive McCabe Cyclomatic Complexity', + status: 'Incomplete', + }, + { + id: 'CWE-1122', + name: 'Excessive Halstead Complexity', + status: 'Incomplete', + }, + { + id: 'CWE-1123', + name: 'Excessive Use of Self-Modifying Code', + status: 'Incomplete', + }, + { id: 'CWE-1124', name: 'Excessively Deep Nesting', status: 'Incomplete' }, + { id: 'CWE-1125', name: 'Excessive Attack Surface', status: 'Incomplete' }, + { + id: 'CWE-1126', + name: 'Declaration of Variable with Unnecessarily Wide Scope', + status: 'Incomplete', + }, + { + id: 'CWE-1127', + name: 'Compilation with Insufficient Warnings or Errors', + status: 'Incomplete', + }, + { + id: 'CWE-113', + name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')", + status: 'Incomplete', + }, + { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, + { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, + { + id: 'CWE-116', + name: 'Improper Encoding or Escaping of Output', + status: 'Draft', + }, + { id: 'CWE-1164', name: 'Irrelevant Code', status: 'Incomplete' }, + { + id: 'CWE-117', + name: 'Improper Output Neutralization for Logs', + status: 'Draft', + }, + { + id: 'CWE-1173', + name: 'Improper Use of Validation Framework', + status: 'Draft', + }, + { + id: 'CWE-1174', + name: 'ASP.NET Misconfiguration: Improper Model Validation', + status: 'Draft', + }, + { + id: 'CWE-1176', + name: 'Inefficient CPU Computation', + status: 'Incomplete', + }, + { id: 'CWE-1177', name: 'Use of Prohibited Code', status: 'Incomplete' }, + { + id: 'CWE-118', + name: "Incorrect Access of Indexable Resource ('Range Error')", + status: 'Incomplete', + }, + { + id: 'CWE-1187', + name: 'DEPRECATED: Use of Uninitialized Resource', + status: 'Deprecated', + }, + { + id: 'CWE-1188', + name: 'Insecure Default Initialization of Resource', + status: 'Incomplete', + }, + { + id: 'CWE-1189', + name: 'Improper Isolation of Shared Resources on System-on-a-Chip (SoC)', + status: 'Stable', + }, + { + id: 'CWE-119', + name: 'Improper Restriction of Operations within the Bounds of a Memory Buffer', + status: 'Stable', + }, + { + id: 'CWE-1190', + name: 'DMA Device Enabled Too Early in Boot Phase', + status: 'Draft', + }, + { + id: 'CWE-1191', + name: 'On-Chip Debug and Test Interface With Improper Access Control', + status: 'Stable', + }, + { + id: 'CWE-1192', + name: 'System-on-Chip (SoC) Using Components without Unique, Immutable Identifiers', + status: 'Draft', + }, + { + id: 'CWE-1193', + name: 'Power-On of Untrusted Execution Core Before Enabling Fabric Access Control', + status: 'Draft', + }, + { + id: 'CWE-12', + name: 'ASP.NET Misconfiguration: Missing Custom Error Page', + status: 'Draft', + }, + { + id: 'CWE-120', + name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", + status: 'Incomplete', + }, + { + id: 'CWE-1204', + name: 'Generation of Weak Initialization Vector (IV)', + status: 'Incomplete', + }, + { + id: 'CWE-1209', + name: 'Failure to Disable Reserved Bits', + status: 'Incomplete', + }, + { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, + { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, + { + id: 'CWE-1220', + name: 'Insufficient Granularity of Access Control', + status: 'Incomplete', + }, + { + id: 'CWE-1221', + name: 'Incorrect Register Defaults or Module Parameters', + status: 'Incomplete', + }, + { + id: 'CWE-1222', + name: 'Insufficient Granularity of Address Regions Protected by Register Locks', + status: 'Incomplete', + }, + { + id: 'CWE-1223', + name: 'Race Condition for Write-Once Attributes', + status: 'Incomplete', + }, + { + id: 'CWE-1224', + name: 'Improper Restriction of Write-Once Bit Fields', + status: 'Incomplete', + }, + { + id: 'CWE-1229', + name: 'Creation of Emergent Resource', + status: 'Incomplete', + }, + { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, + { + id: 'CWE-1230', + name: 'Exposure of Sensitive Information Through Metadata', + status: 'Incomplete', + }, + { + id: 'CWE-1231', + name: 'Improper Prevention of Lock Bit Modification', + status: 'Stable', + }, + { + id: 'CWE-1232', + name: 'Improper Lock Behavior After Power State Transition', + status: 'Incomplete', + }, + { + id: 'CWE-1233', + name: 'Security-Sensitive Hardware Controls with Missing Lock Bit Protection', + status: 'Stable', + }, + { + id: 'CWE-1234', + name: 'Hardware Internal or Debug Modes Allow Override of Locks', + status: 'Incomplete', + }, + { + id: 'CWE-1235', + name: 'Incorrect Use of Autoboxing and Unboxing for Performance Critical Operations', + status: 'Incomplete', + }, + { + id: 'CWE-1236', + name: 'Improper Neutralization of Formula Elements in a CSV File', + status: 'Incomplete', + }, + { + id: 'CWE-1239', + name: 'Improper Zeroization of Hardware Register', + status: 'Draft', + }, + { + id: 'CWE-124', + name: "Buffer Underwrite ('Buffer Underflow')", + status: 'Incomplete', + }, + { + id: 'CWE-1240', + name: 'Use of a Cryptographic Primitive with a Risky Implementation', + status: 'Draft', + }, + { + id: 'CWE-1241', + name: 'Use of Predictable Algorithm in Random Number Generator', + status: 'Draft', + }, + { + id: 'CWE-1242', + name: 'Inclusion of Undocumented Features or Chicken Bits', + status: 'Incomplete', + }, + { + id: 'CWE-1243', + name: 'Sensitive Non-Volatile Information Not Protected During Debug', + status: 'Incomplete', + }, + { + id: 'CWE-1244', + name: 'Internal Asset Exposed to Unsafe Debug Access Level or State', + status: 'Stable', + }, + { + id: 'CWE-1245', + name: 'Improper Finite State Machines (FSMs) in Hardware Logic', + status: 'Incomplete', + }, + { + id: 'CWE-1246', + name: 'Improper Write Handling in Limited-write Non-Volatile Memories', + status: 'Incomplete', + }, + { + id: 'CWE-1247', + name: 'Improper Protection Against Voltage and Clock Glitches', + status: 'Stable', + }, + { + id: 'CWE-1248', + name: 'Semiconductor Defects in Hardware Logic with Security-Sensitive Implications', + status: 'Incomplete', + }, + { + id: 'CWE-1249', + name: 'Application-Level Admin Tool with Inconsistent View of Underlying Operating System', + status: 'Incomplete', + }, + { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, + { + id: 'CWE-1250', + name: 'Improper Preservation of Consistency Between Independent Representations of Shared State', + status: 'Incomplete', + }, + { + id: 'CWE-1251', + name: 'Mirrored Regions with Different Values', + status: 'Incomplete', + }, + { + id: 'CWE-1252', + name: 'CPU Hardware Not Configured to Support Exclusivity of Write and Execute Operations', + status: 'Incomplete', + }, + { + id: 'CWE-1253', + name: 'Incorrect Selection of Fuse Values', + status: 'Draft', + }, + { + id: 'CWE-1254', + name: 'Incorrect Comparison Logic Granularity', + status: 'Draft', + }, + { + id: 'CWE-1255', + name: 'Comparison Logic is Vulnerable to Power Side-Channel Attacks', + status: 'Draft', + }, + { + id: 'CWE-1256', + name: 'Improper Restriction of Software Interfaces to Hardware Features', + status: 'Stable', + }, + { + id: 'CWE-1257', + name: 'Improper Access Control Applied to Mirrored or Aliased Memory Regions', + status: 'Incomplete', + }, + { + id: 'CWE-1258', + name: 'Exposure of Sensitive System Information Due to Uncleared Debug Information', + status: 'Draft', + }, + { + id: 'CWE-1259', + name: 'Improper Restriction of Security Token Assignment', + status: 'Incomplete', + }, + { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, + { + id: 'CWE-1260', + name: 'Improper Handling of Overlap Between Protected Memory Ranges', + status: 'Stable', + }, + { + id: 'CWE-1261', + name: 'Improper Handling of Single Event Upsets', + status: 'Draft', + }, + { + id: 'CWE-1262', + name: 'Improper Access Control for Register Interface', + status: 'Stable', + }, + { + id: 'CWE-1263', + name: 'Improper Physical Access Control', + status: 'Incomplete', + }, + { + id: 'CWE-1264', + name: 'Hardware Logic with Insecure De-Synchronization between Control and Data Channels', + status: 'Incomplete', + }, + { + id: 'CWE-1265', + name: 'Unintended Reentrant Invocation of Non-reentrant Code Via Nested Calls', + status: 'Draft', + }, + { + id: 'CWE-1266', + name: 'Improper Scrubbing of Sensitive Data from Decommissioned Device', + status: 'Incomplete', + }, + { id: 'CWE-1267', name: 'Policy Uses Obsolete Encoding', status: 'Draft' }, + { + id: 'CWE-1268', + name: 'Policy Privileges are not Assigned Consistently Between Control and Data Agents', + status: 'Draft', + }, + { + id: 'CWE-1269', + name: 'Product Released in Non-Release Configuration', + status: 'Incomplete', + }, + { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, + { + id: 'CWE-1270', + name: 'Generation of Incorrect Security Tokens', + status: 'Incomplete', + }, + { + id: 'CWE-1271', + name: 'Uninitialized Value on Reset for Registers Holding Security Settings', + status: 'Incomplete', + }, + { + id: 'CWE-1272', + name: 'Sensitive Information Uncleared Before Debug/Power State Transition', + status: 'Stable', + }, + { + id: 'CWE-1273', + name: 'Device Unlock Credential Sharing', + status: 'Incomplete', + }, + { + id: 'CWE-1274', + name: 'Improper Access Control for Volatile Memory Containing Boot Code', + status: 'Stable', + }, + { + id: 'CWE-1275', + name: 'Sensitive Cookie with Improper SameSite Attribute', + status: 'Incomplete', + }, + { + id: 'CWE-1276', + name: 'Hardware Child Block Incorrectly Connected to Parent System', + status: 'Incomplete', + }, + { id: 'CWE-1277', name: 'Firmware Not Updateable', status: 'Draft' }, + { + id: 'CWE-1278', + name: 'Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques', + status: 'Incomplete', + }, + { + id: 'CWE-1279', + name: 'Cryptographic Operations are run Before Supporting Units are Ready', + status: 'Incomplete', + }, + { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, + { + id: 'CWE-1280', + name: 'Access Control Check Implemented After Asset is Accessed', + status: 'Incomplete', + }, + { + id: 'CWE-1281', + name: 'Sequence of Processor Instructions Leads to Unexpected Behavior', + status: 'Incomplete', + }, + { + id: 'CWE-1282', + name: 'Assumed-Immutable Data is Stored in Writable Memory', + status: 'Incomplete', + }, + { + id: 'CWE-1283', + name: 'Mutable Attestation or Measurement Reporting Data', + status: 'Incomplete', + }, + { + id: 'CWE-1284', + name: 'Improper Validation of Specified Quantity in Input', + status: 'Incomplete', + }, + { + id: 'CWE-1285', + name: 'Improper Validation of Specified Index, Position, or Offset in Input', + status: 'Incomplete', + }, + { + id: 'CWE-1286', + name: 'Improper Validation of Syntactic Correctness of Input', + status: 'Incomplete', + }, + { + id: 'CWE-1287', + name: 'Improper Validation of Specified Type of Input', + status: 'Incomplete', + }, + { + id: 'CWE-1288', + name: 'Improper Validation of Consistency within Input', + status: 'Incomplete', + }, + { + id: 'CWE-1289', + name: 'Improper Validation of Unsafe Equivalence in Input', + status: 'Incomplete', + }, + { + id: 'CWE-129', + name: 'Improper Validation of Array Index', + status: 'Draft', + }, + { + id: 'CWE-1290', + name: 'Incorrect Decoding of Security Identifiers ', + status: 'Incomplete', + }, + { + id: 'CWE-1291', + name: 'Public Key Re-Use for Signing both Debug and Production Code', + status: 'Draft', + }, + { + id: 'CWE-1292', + name: 'Incorrect Conversion of Security Identifiers', + status: 'Draft', + }, + { + id: 'CWE-1293', + name: 'Missing Source Correlation of Multiple Independent Data', + status: 'Draft', + }, + { + id: 'CWE-1294', + name: 'Insecure Security Identifier Mechanism', + status: 'Incomplete', + }, + { + id: 'CWE-1295', + name: 'Debug Messages Revealing Unnecessary Information', + status: 'Incomplete', + }, + { + id: 'CWE-1296', + name: 'Incorrect Chaining or Granularity of Debug Components', + status: 'Incomplete', + }, + { + id: 'CWE-1297', + name: 'Unprotected Confidential Information on Device is Accessible by OSAT Vendors', + status: 'Incomplete', + }, + { + id: 'CWE-1298', + name: 'Hardware Logic Contains Race Conditions', + status: 'Draft', + }, + { + id: 'CWE-1299', + name: 'Missing Protection Mechanism for Alternate Hardware Interface', + status: 'Draft', + }, + { + id: 'CWE-13', + name: 'ASP.NET Misconfiguration: Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-130', + name: 'Improper Handling of Length Parameter Inconsistency', + status: 'Incomplete', + }, + { + id: 'CWE-1300', + name: 'Improper Protection of Physical Side Channels', + status: 'Stable', + }, + { + id: 'CWE-1301', + name: 'Insufficient or Incomplete Data Removal within Hardware Component', + status: 'Incomplete', + }, + { + id: 'CWE-1302', + name: 'Missing Security Identifier', + status: 'Incomplete', + }, + { + id: 'CWE-1303', + name: 'Non-Transparent Sharing of Microarchitectural Resources', + status: 'Draft', + }, + { + id: 'CWE-1304', + name: 'Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation', + status: 'Draft', + }, + { + id: 'CWE-131', + name: 'Incorrect Calculation of Buffer Size', + status: 'Draft', + }, + { + id: 'CWE-1310', + name: 'Missing Ability to Patch ROM Code', + status: 'Draft', + }, + { + id: 'CWE-1311', + name: 'Improper Translation of Security Attributes by Fabric Bridge', + status: 'Draft', + }, + { + id: 'CWE-1312', + name: 'Missing Protection for Mirrored Regions in On-Chip Fabric Firewall', + status: 'Draft', + }, + { + id: 'CWE-1313', + name: 'Hardware Allows Activation of Test or Debug Logic at Runtime', + status: 'Draft', + }, + { + id: 'CWE-1314', + name: 'Missing Write Protection for Parametric Data Values', + status: 'Draft', + }, + { + id: 'CWE-1315', + name: 'Improper Setting of Bus Controlling Capability in Fabric End-point', + status: 'Incomplete', + }, + { + id: 'CWE-1316', + name: 'Fabric-Address Map Allows Programming of Unwarranted Overlaps of Protected and Unprotected Ranges', + status: 'Draft', + }, + { + id: 'CWE-1317', + name: 'Missing Security Checks in Fabric Bridge', + status: 'Draft', + }, + { + id: 'CWE-1318', + name: 'Missing Support for Security Features in On-chip Fabrics or Buses', + status: 'Incomplete', + }, + { + id: 'CWE-1319', + name: 'Improper Protection against Electromagnetic Fault Injection (EM-FI)', + status: 'Incomplete', + }, + { + id: 'CWE-132', + name: 'DEPRECATED: Miscalculated Null Termination', + status: 'Deprecated', + }, + { + id: 'CWE-1320', + name: 'Improper Protection for Out of Bounds Signal Level Alerts', + status: 'Draft', + }, + { + id: 'CWE-1321', + name: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", + status: 'Incomplete', + }, + { + id: 'CWE-1322', + name: 'Use of Blocking Code in Single-threaded, Non-blocking Context', + status: 'Incomplete', + }, + { + id: 'CWE-1323', + name: 'Improper Management of Sensitive Trace Data', + status: 'Draft', + }, + { + id: 'CWE-1324', + name: 'Sensitive Information Accessible by Physical Probing of JTAG Interface', + status: 'Draft', + }, + { + id: 'CWE-1325', + name: 'Improperly Controlled Sequential Memory Allocation', + status: 'Incomplete', + }, + { + id: 'CWE-1326', + name: 'Missing Immutable Root of Trust in Hardware', + status: 'Draft', + }, + { + id: 'CWE-1327', + name: 'Binding to an Unrestricted IP Address', + status: 'Incomplete', + }, + { + id: 'CWE-1328', + name: 'Security Version Number Mutable to Older Versions', + status: 'Draft', + }, + { + id: 'CWE-1329', + name: 'Reliance on Component That is Not Updateable', + status: 'Incomplete', + }, + { + id: 'CWE-1330', + name: 'Remanent Data Readable after Memory Erase', + status: 'Draft', + }, + { + id: 'CWE-1331', + name: 'Improper Isolation of Shared Resources in Network On Chip (NoC)', + status: 'Stable', + }, + { + id: 'CWE-1332', + name: 'Improper Handling of Faults that Lead to Instruction Skips', + status: 'Stable', + }, + { + id: 'CWE-1333', + name: 'Inefficient Regular Expression Complexity', + status: 'Draft', + }, + { + id: 'CWE-1334', + name: 'Unauthorized Error Injection Can Degrade Hardware Redundancy', + status: 'Draft', + }, + { + id: 'CWE-1335', + name: 'Incorrect Bitwise Shift of Integer', + status: 'Draft', + }, + { + id: 'CWE-1336', + name: 'Improper Neutralization of Special Elements Used in a Template Engine', + status: 'Incomplete', + }, + { + id: 'CWE-1338', + name: 'Improper Protections Against Hardware Overheating', + status: 'Draft', + }, + { + id: 'CWE-1339', + name: 'Insufficient Precision or Accuracy of a Real Number', + status: 'Draft', + }, + { + id: 'CWE-134', + name: 'Use of Externally-Controlled Format String', + status: 'Draft', + }, + { + id: 'CWE-1341', + name: 'Multiple Releases of Same Resource or Handle', + status: 'Incomplete', + }, + { + id: 'CWE-1342', + name: 'Information Exposure through Microarchitectural State after Transient Execution', + status: 'Incomplete', + }, + { + id: 'CWE-135', + name: 'Incorrect Calculation of Multi-Byte String Length', + status: 'Draft', + }, + { + id: 'CWE-1351', + name: 'Improper Handling of Hardware Behavior in Exceptionally Cold Environments', + status: 'Incomplete', + }, + { + id: 'CWE-1357', + name: 'Reliance on Uncontrolled Component', + status: 'Incomplete', + }, + { + id: 'CWE-138', + name: 'Improper Neutralization of Special Elements', + status: 'Draft', + }, + { + id: 'CWE-1384', + name: 'Improper Handling of Extreme Physical Environment Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-1385', + name: 'Missing Origin Validation in WebSockets', + status: 'Incomplete', + }, + { + id: 'CWE-14', + name: 'Compiler Removal of Code to Clear Buffers', + status: 'Draft', + }, + { + id: 'CWE-140', + name: 'Improper Neutralization of Delimiters', + status: 'Draft', + }, + { + id: 'CWE-141', + name: 'Improper Neutralization of Parameter/Argument Delimiters', + status: 'Draft', + }, + { + id: 'CWE-142', + name: 'Improper Neutralization of Value Delimiters', + status: 'Draft', + }, + { + id: 'CWE-143', + name: 'Improper Neutralization of Record Delimiters', + status: 'Draft', + }, + { + id: 'CWE-144', + name: 'Improper Neutralization of Line Delimiters', + status: 'Draft', + }, + { + id: 'CWE-145', + name: 'Improper Neutralization of Section Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-146', + name: 'Improper Neutralization of Expression/Command Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-147', + name: 'Improper Neutralization of Input Terminators', + status: 'Draft', + }, + { + id: 'CWE-148', + name: 'Improper Neutralization of Input Leaders', + status: 'Draft', + }, + { + id: 'CWE-149', + name: 'Improper Neutralization of Quoting Syntax', + status: 'Draft', + }, + { + id: 'CWE-15', + name: 'External Control of System or Configuration Setting', + status: 'Incomplete', + }, + { + id: 'CWE-150', + name: 'Improper Neutralization of Escape, Meta, or Control Sequences', + status: 'Incomplete', + }, + { + id: 'CWE-151', + name: 'Improper Neutralization of Comment Delimiters', + status: 'Draft', + }, + { + id: 'CWE-152', + name: 'Improper Neutralization of Macro Symbols', + status: 'Draft', + }, + { + id: 'CWE-153', + name: 'Improper Neutralization of Substitution Characters', + status: 'Draft', + }, + { + id: 'CWE-154', + name: 'Improper Neutralization of Variable Name Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-155', + name: 'Improper Neutralization of Wildcards or Matching Symbols', + status: 'Draft', + }, + { + id: 'CWE-156', + name: 'Improper Neutralization of Whitespace', + status: 'Draft', + }, + { + id: 'CWE-157', + name: 'Failure to Sanitize Paired Delimiters', + status: 'Draft', + }, + { + id: 'CWE-158', + name: 'Improper Neutralization of Null Byte or NUL Character', + status: 'Incomplete', + }, + { + id: 'CWE-159', + name: 'Improper Handling of Invalid Use of Special Elements', + status: 'Draft', + }, + { + id: 'CWE-160', + name: 'Improper Neutralization of Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-161', + name: 'Improper Neutralization of Multiple Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-162', + name: 'Improper Neutralization of Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-163', + name: 'Improper Neutralization of Multiple Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-164', + name: 'Improper Neutralization of Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-165', + name: 'Improper Neutralization of Multiple Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-166', + name: 'Improper Handling of Missing Special Element', + status: 'Draft', + }, + { + id: 'CWE-167', + name: 'Improper Handling of Additional Special Element', + status: 'Draft', + }, + { + id: 'CWE-168', + name: 'Improper Handling of Inconsistent Special Elements', + status: 'Draft', + }, + { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, + { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, + { + id: 'CWE-173', + name: 'Improper Handling of Alternate Encoding', + status: 'Draft', + }, + { + id: 'CWE-174', + name: 'Double Decoding of the Same Data', + status: 'Draft', + }, + { + id: 'CWE-175', + name: 'Improper Handling of Mixed Encoding', + status: 'Draft', + }, + { + id: 'CWE-176', + name: 'Improper Handling of Unicode Encoding', + status: 'Draft', + }, + { + id: 'CWE-177', + name: 'Improper Handling of URL Encoding (Hex Encoding)', + status: 'Draft', + }, + { + id: 'CWE-178', + name: 'Improper Handling of Case Sensitivity', + status: 'Incomplete', + }, + { + id: 'CWE-179', + name: 'Incorrect Behavior Order: Early Validation', + status: 'Incomplete', + }, + { + id: 'CWE-180', + name: 'Incorrect Behavior Order: Validate Before Canonicalize', + status: 'Draft', + }, + { + id: 'CWE-181', + name: 'Incorrect Behavior Order: Validate Before Filter', + status: 'Draft', + }, + { + id: 'CWE-182', + name: 'Collapse of Data into Unsafe Value', + status: 'Draft', + }, + { + id: 'CWE-183', + name: 'Permissive List of Allowed Inputs', + status: 'Draft', + }, + { + id: 'CWE-184', + name: 'Incomplete List of Disallowed Inputs', + status: 'Draft', + }, + { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, + { + id: 'CWE-186', + name: 'Overly Restrictive Regular Expression', + status: 'Draft', + }, + { id: 'CWE-187', name: 'Partial String Comparison', status: 'Incomplete' }, + { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, + { id: 'CWE-190', name: 'Integer Overflow or Wraparound', status: 'Stable' }, + { + id: 'CWE-191', + name: 'Integer Underflow (Wrap or Wraparound)', + status: 'Draft', + }, + { id: 'CWE-192', name: 'Integer Coercion Error', status: 'Incomplete' }, + { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, + { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, + { + id: 'CWE-195', + name: 'Signed to Unsigned Conversion Error', + status: 'Draft', + }, + { + id: 'CWE-196', + name: 'Unsigned to Signed Conversion Error', + status: 'Draft', + }, + { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, + { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, + { id: 'CWE-20', name: 'Improper Input Validation', status: 'Stable' }, + { + id: 'CWE-200', + name: 'Exposure of Sensitive Information to an Unauthorized Actor', + status: 'Draft', + }, + { + id: 'CWE-201', + name: 'Insertion of Sensitive Information Into Sent Data', + status: 'Draft', + }, + { + id: 'CWE-202', + name: 'Exposure of Sensitive Information Through Data Queries', + status: 'Draft', + }, + { id: 'CWE-203', name: 'Observable Discrepancy', status: 'Incomplete' }, + { + id: 'CWE-204', + name: 'Observable Response Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-205', + name: 'Observable Behavioral Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-206', + name: 'Observable Internal Behavioral Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-207', + name: 'Observable Behavioral Discrepancy With Equivalent Products', + status: 'Draft', + }, + { + id: 'CWE-208', + name: 'Observable Timing Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-209', + name: 'Generation of Error Message Containing Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-210', + name: 'Self-generated Error Message Containing Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-211', + name: 'Externally-Generated Error Message Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-212', + name: 'Improper Removal of Sensitive Information Before Storage or Transfer', + status: 'Incomplete', + }, + { + id: 'CWE-213', + name: 'Exposure of Sensitive Information Due to Incompatible Policies', + status: 'Draft', + }, + { + id: 'CWE-214', + name: 'Invocation of Process Using Visible Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-215', + name: 'Insertion of Sensitive Information Into Debugging Code', + status: 'Draft', + }, + { + id: 'CWE-216', + name: 'DEPRECATED: Containment Errors (Container Errors)', + status: 'Deprecated', + }, + { + id: 'CWE-217', + name: 'DEPRECATED: Failure to Protect Stored Data from Modification', + status: 'Deprecated', + }, + { + id: 'CWE-218', + name: 'DEPRECATED: Failure to provide confidentiality for stored data', + status: 'Deprecated', + }, + { + id: 'CWE-219', + name: 'Storage of File with Sensitive Data Under Web Root', + status: 'Draft', + }, + { + id: 'CWE-22', + name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + status: 'Stable', + }, + { + id: 'CWE-220', + name: 'Storage of File With Sensitive Data Under FTP Root', + status: 'Draft', + }, + { + id: 'CWE-221', + name: 'Information Loss or Omission', + status: 'Incomplete', + }, + { + id: 'CWE-222', + name: 'Truncation of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-223', + name: 'Omission of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-224', + name: 'Obscured Security-relevant Information by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-225', + name: 'DEPRECATED: General Information Management Problems', + status: 'Deprecated', + }, + { + id: 'CWE-226', + name: 'Sensitive Information in Resource Not Removed Before Reuse', + status: 'Draft', + }, + { + id: 'CWE-228', + name: 'Improper Handling of Syntactically Invalid Structure', + status: 'Incomplete', + }, + { + id: 'CWE-229', + name: 'Improper Handling of Values', + status: 'Incomplete', + }, + { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, + { + id: 'CWE-230', + name: 'Improper Handling of Missing Values', + status: 'Draft', + }, + { + id: 'CWE-231', + name: 'Improper Handling of Extra Values', + status: 'Draft', + }, + { + id: 'CWE-232', + name: 'Improper Handling of Undefined Values', + status: 'Draft', + }, + { + id: 'CWE-233', + name: 'Improper Handling of Parameters', + status: 'Incomplete', + }, + { + id: 'CWE-234', + name: 'Failure to Handle Missing Parameter', + status: 'Incomplete', + }, + { + id: 'CWE-235', + name: 'Improper Handling of Extra Parameters', + status: 'Draft', + }, + { + id: 'CWE-236', + name: 'Improper Handling of Undefined Parameters', + status: 'Draft', + }, + { + id: 'CWE-237', + name: 'Improper Handling of Structural Elements', + status: 'Incomplete', + }, + { + id: 'CWE-238', + name: 'Improper Handling of Incomplete Structural Elements', + status: 'Draft', + }, + { + id: 'CWE-239', + name: 'Failure to Handle Incomplete Element', + status: 'Draft', + }, + { + id: 'CWE-24', + name: "Path Traversal: '../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-240', + name: 'Improper Handling of Inconsistent Structural Elements', + status: 'Draft', + }, + { + id: 'CWE-241', + name: 'Improper Handling of Unexpected Data Type', + status: 'Draft', + }, + { + id: 'CWE-242', + name: 'Use of Inherently Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-243', + name: 'Creation of chroot Jail Without Changing Working Directory', + status: 'Draft', + }, + { + id: 'CWE-244', + name: "Improper Clearing of Heap Memory Before Release ('Heap Inspection')", + status: 'Draft', + }, + { + id: 'CWE-245', + name: 'J2EE Bad Practices: Direct Management of Connections', + status: 'Draft', + }, + { + id: 'CWE-246', + name: 'J2EE Bad Practices: Direct Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-247', + name: 'DEPRECATED: Reliance on DNS Lookups in a Security Decision', + status: 'Deprecated', + }, + { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, + { + id: 'CWE-249', + name: 'DEPRECATED: Often Misused: Path Manipulation', + status: 'Deprecated', + }, + { + id: 'CWE-25', + name: "Path Traversal: '/../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-250', + name: 'Execution with Unnecessary Privileges', + status: 'Draft', + }, + { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, + { + id: 'CWE-253', + name: 'Incorrect Check of Function Return Value', + status: 'Incomplete', + }, + { + id: 'CWE-256', + name: 'Plaintext Storage of a Password', + status: 'Incomplete', + }, + { + id: 'CWE-257', + name: 'Storing Passwords in a Recoverable Format', + status: 'Incomplete', + }, + { + id: 'CWE-258', + name: 'Empty Password in Configuration File', + status: 'Incomplete', + }, + { id: 'CWE-259', name: 'Use of Hard-coded Password', status: 'Draft' }, + { + id: 'CWE-26', + name: "Path Traversal: '/dir/../filename'", + status: 'Draft', + }, + { + id: 'CWE-260', + name: 'Password in Configuration File', + status: 'Incomplete', + }, + { id: 'CWE-261', name: 'Weak Encoding for Password', status: 'Incomplete' }, + { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, + { + id: 'CWE-263', + name: 'Password Aging with Long Expiration', + status: 'Draft', + }, + { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, + { + id: 'CWE-267', + name: 'Privilege Defined With Unsafe Actions', + status: 'Incomplete', + }, + { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, + { id: 'CWE-269', name: 'Improper Privilege Management', status: 'Draft' }, + { + id: 'CWE-27', + name: "Path Traversal: 'dir/../../filename'", + status: 'Draft', + }, + { + id: 'CWE-270', + name: 'Privilege Context Switching Error', + status: 'Draft', + }, + { + id: 'CWE-271', + name: 'Privilege Dropping / Lowering Errors', + status: 'Incomplete', + }, + { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, + { + id: 'CWE-273', + name: 'Improper Check for Dropped Privileges', + status: 'Incomplete', + }, + { + id: 'CWE-274', + name: 'Improper Handling of Insufficient Privileges', + status: 'Draft', + }, + { id: 'CWE-276', name: 'Incorrect Default Permissions', status: 'Draft' }, + { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, + { + id: 'CWE-278', + name: 'Insecure Preserved Inherited Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-279', + name: 'Incorrect Execution-Assigned Permissions', + status: 'Draft', + }, + { + id: 'CWE-28', + name: "Path Traversal: '..\\filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-280', + name: 'Improper Handling of Insufficient Permissions or Privileges ', + status: 'Draft', + }, + { + id: 'CWE-281', + name: 'Improper Preservation of Permissions', + status: 'Draft', + }, + { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, + { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, + { id: 'CWE-284', name: 'Improper Access Control', status: 'Incomplete' }, + { id: 'CWE-285', name: 'Improper Authorization', status: 'Draft' }, + { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, + { id: 'CWE-287', name: 'Improper Authentication', status: 'Draft' }, + { + id: 'CWE-288', + name: 'Authentication Bypass Using an Alternate Path or Channel', + status: 'Incomplete', + }, + { + id: 'CWE-289', + name: 'Authentication Bypass by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-29', + name: "Path Traversal: '\\..\\filename'", + status: 'Incomplete', + }, + { + id: 'CWE-290', + name: 'Authentication Bypass by Spoofing', + status: 'Incomplete', + }, + { + id: 'CWE-291', + name: 'Reliance on IP Address for Authentication', + status: 'Incomplete', + }, + { + id: 'CWE-292', + name: 'DEPRECATED: Trusting Self-reported DNS Name', + status: 'Deprecated', + }, + { + id: 'CWE-293', + name: 'Using Referer Field for Authentication', + status: 'Draft', + }, + { + id: 'CWE-294', + name: 'Authentication Bypass by Capture-replay', + status: 'Incomplete', + }, + { id: 'CWE-295', name: 'Improper Certificate Validation', status: 'Draft' }, + { + id: 'CWE-296', + name: "Improper Following of a Certificate's Chain of Trust", + status: 'Draft', + }, + { + id: 'CWE-297', + name: 'Improper Validation of Certificate with Host Mismatch', + status: 'Incomplete', + }, + { + id: 'CWE-298', + name: 'Improper Validation of Certificate Expiration', + status: 'Draft', + }, + { + id: 'CWE-299', + name: 'Improper Check for Certificate Revocation', + status: 'Draft', + }, + { + id: 'CWE-30', + name: "Path Traversal: '\\dir\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-300', + name: 'Channel Accessible by Non-Endpoint', + status: 'Draft', + }, + { + id: 'CWE-301', + name: 'Reflection Attack in an Authentication Protocol', + status: 'Draft', + }, + { + id: 'CWE-302', + name: 'Authentication Bypass by Assumed-Immutable Data', + status: 'Incomplete', + }, + { + id: 'CWE-303', + name: 'Incorrect Implementation of Authentication Algorithm', + status: 'Draft', + }, + { + id: 'CWE-304', + name: 'Missing Critical Step in Authentication', + status: 'Draft', + }, + { + id: 'CWE-305', + name: 'Authentication Bypass by Primary Weakness', + status: 'Draft', + }, + { + id: 'CWE-306', + name: 'Missing Authentication for Critical Function', + status: 'Draft', + }, + { + id: 'CWE-307', + name: 'Improper Restriction of Excessive Authentication Attempts', + status: 'Draft', + }, + { + id: 'CWE-308', + name: 'Use of Single-factor Authentication', + status: 'Draft', + }, + { + id: 'CWE-309', + name: 'Use of Password System for Primary Authentication', + status: 'Draft', + }, + { + id: 'CWE-31', + name: "Path Traversal: 'dir\\..\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-311', + name: 'Missing Encryption of Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-312', + name: 'Cleartext Storage of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-313', + name: 'Cleartext Storage in a File or on Disk', + status: 'Draft', + }, + { + id: 'CWE-314', + name: 'Cleartext Storage in the Registry', + status: 'Draft', + }, + { + id: 'CWE-315', + name: 'Cleartext Storage of Sensitive Information in a Cookie', + status: 'Draft', + }, + { + id: 'CWE-316', + name: 'Cleartext Storage of Sensitive Information in Memory', + status: 'Draft', + }, + { + id: 'CWE-317', + name: 'Cleartext Storage of Sensitive Information in GUI', + status: 'Draft', + }, + { + id: 'CWE-318', + name: 'Cleartext Storage of Sensitive Information in Executable', + status: 'Draft', + }, + { + id: 'CWE-319', + name: 'Cleartext Transmission of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-32', + name: "Path Traversal: '...' (Triple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-321', + name: 'Use of Hard-coded Cryptographic Key', + status: 'Draft', + }, + { + id: 'CWE-322', + name: 'Key Exchange without Entity Authentication', + status: 'Draft', + }, + { + id: 'CWE-323', + name: 'Reusing a Nonce, Key Pair in Encryption', + status: 'Incomplete', + }, + { + id: 'CWE-324', + name: 'Use of a Key Past its Expiration Date', + status: 'Draft', + }, + { id: 'CWE-325', name: 'Missing Cryptographic Step', status: 'Draft' }, + { id: 'CWE-326', name: 'Inadequate Encryption Strength', status: 'Draft' }, + { + id: 'CWE-327', + name: 'Use of a Broken or Risky Cryptographic Algorithm', + status: 'Draft', + }, + { id: 'CWE-328', name: 'Use of Weak Hash', status: 'Draft' }, + { + id: 'CWE-329', + name: 'Generation of Predictable IV with CBC Mode', + status: 'Draft', + }, + { + id: 'CWE-33', + name: "Path Traversal: '....' (Multiple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-330', + name: 'Use of Insufficiently Random Values', + status: 'Stable', + }, + { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, + { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, + { + id: 'CWE-333', + name: 'Improper Handling of Insufficient Entropy in TRNG', + status: 'Draft', + }, + { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, + { + id: 'CWE-335', + name: 'Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + }, + { + id: 'CWE-336', + name: 'Same Seed in Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + }, + { + id: 'CWE-337', + name: 'Predictable Seed in Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + }, + { + id: 'CWE-338', + name: 'Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + }, + { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, + { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, + { + id: 'CWE-340', + name: 'Generation of Predictable Numbers or Identifiers', + status: 'Incomplete', + }, + { + id: 'CWE-341', + name: 'Predictable from Observable State', + status: 'Draft', + }, + { + id: 'CWE-342', + name: 'Predictable Exact Value from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-343', + name: 'Predictable Value Range from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-344', + name: 'Use of Invariant Value in Dynamically Changing Context', + status: 'Draft', + }, + { + id: 'CWE-345', + name: 'Insufficient Verification of Data Authenticity', + status: 'Draft', + }, + { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, + { + id: 'CWE-347', + name: 'Improper Verification of Cryptographic Signature', + status: 'Draft', + }, + { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, + { + id: 'CWE-349', + name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', + status: 'Draft', + }, + { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, + { + id: 'CWE-350', + name: 'Reliance on Reverse DNS Resolution for a Security-Critical Action', + status: 'Draft', + }, + { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, + { + id: 'CWE-352', + name: 'Cross-Site Request Forgery (CSRF)', + status: 'Stable', + }, + { + id: 'CWE-353', + name: 'Missing Support for Integrity Check', + status: 'Draft', + }, + { + id: 'CWE-354', + name: 'Improper Validation of Integrity Check Value', + status: 'Draft', + }, + { + id: 'CWE-356', + name: 'Product UI does not Warn User of Unsafe Actions', + status: 'Incomplete', + }, + { + id: 'CWE-357', + name: 'Insufficient UI Warning of Dangerous Operations', + status: 'Draft', + }, + { + id: 'CWE-358', + name: 'Improperly Implemented Security Check for Standard', + status: 'Draft', + }, + { + id: 'CWE-359', + name: 'Exposure of Private Personal Information to an Unauthorized Actor', + status: 'Incomplete', + }, + { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, + { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, + { + id: 'CWE-362', + name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", + status: 'Draft', + }, + { + id: 'CWE-363', + name: 'Race Condition Enabling Link Following', + status: 'Draft', + }, + { + id: 'CWE-364', + name: 'Signal Handler Race Condition', + status: 'Incomplete', + }, + { + id: 'CWE-365', + name: 'DEPRECATED: Race Condition in Switch', + status: 'Deprecated', + }, + { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, + { + id: 'CWE-367', + name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', + status: 'Incomplete', + }, + { + id: 'CWE-368', + name: 'Context Switching Race Condition', + status: 'Draft', + }, + { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, + { + id: 'CWE-37', + name: "Path Traversal: '/absolute/pathname/here'", + status: 'Draft', + }, + { + id: 'CWE-370', + name: 'Missing Check for Certificate Revocation after Initial Check', + status: 'Draft', + }, + { + id: 'CWE-372', + name: 'Incomplete Internal State Distinction', + status: 'Draft', + }, + { + id: 'CWE-373', + name: 'DEPRECATED: State Synchronization Error', + status: 'Deprecated', + }, + { + id: 'CWE-374', + name: 'Passing Mutable Objects to an Untrusted Method', + status: 'Draft', + }, + { + id: 'CWE-375', + name: 'Returning a Mutable Object to an Untrusted Caller', + status: 'Draft', + }, + { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, + { + id: 'CWE-378', + name: 'Creation of Temporary File With Insecure Permissions', + status: 'Draft', + }, + { + id: 'CWE-379', + name: 'Creation of Temporary File in Directory with Insecure Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-38', + name: "Path Traversal: '\\absolute\\pathname\\here'", + status: 'Draft', + }, + { + id: 'CWE-382', + name: 'J2EE Bad Practices: Use of System.exit()', + status: 'Draft', + }, + { + id: 'CWE-383', + name: 'J2EE Bad Practices: Direct Use of Threads', + status: 'Draft', + }, + { id: 'CWE-384', name: 'Session Fixation', status: 'Incomplete' }, + { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, + { + id: 'CWE-386', + name: 'Symbolic Name not Mapping to Correct Object', + status: 'Draft', + }, + { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, + { + id: 'CWE-390', + name: 'Detection of Error Condition Without Action', + status: 'Draft', + }, + { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, + { + id: 'CWE-392', + name: 'Missing Report of Error Condition', + status: 'Draft', + }, + { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, + { + id: 'CWE-394', + name: 'Unexpected Status Code or Return Value', + status: 'Draft', + }, + { + id: 'CWE-395', + name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', + status: 'Draft', + }, + { + id: 'CWE-396', + name: 'Declaration of Catch for Generic Exception', + status: 'Draft', + }, + { + id: 'CWE-397', + name: 'Declaration of Throws for Generic Exception', + status: 'Draft', + }, + { + id: 'CWE-40', + name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", + status: 'Draft', + }, + { + id: 'CWE-400', + name: 'Uncontrolled Resource Consumption', + status: 'Draft', + }, + { + id: 'CWE-401', + name: 'Missing Release of Memory after Effective Lifetime', + status: 'Draft', + }, + { + id: 'CWE-402', + name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", + status: 'Draft', + }, + { + id: 'CWE-403', + name: "Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')", + status: 'Draft', + }, + { + id: 'CWE-404', + name: 'Improper Resource Shutdown or Release', + status: 'Draft', + }, + { + id: 'CWE-405', + name: 'Asymmetric Resource Consumption (Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-406', + name: 'Insufficient Control of Network Message Volume (Network Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-407', + name: 'Inefficient Algorithmic Complexity', + status: 'Incomplete', + }, + { + id: 'CWE-408', + name: 'Incorrect Behavior Order: Early Amplification', + status: 'Draft', + }, + { + id: 'CWE-409', + name: 'Improper Handling of Highly Compressed Data (Data Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-41', + name: 'Improper Resolution of Path Equivalence', + status: 'Incomplete', + }, + { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, + { + id: 'CWE-412', + name: 'Unrestricted Externally Accessible Lock', + status: 'Incomplete', + }, + { id: 'CWE-413', name: 'Improper Resource Locking', status: 'Draft' }, + { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, + { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, + { id: 'CWE-416', name: 'Use After Free', status: 'Stable' }, + { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, + { + id: 'CWE-42', + name: "Path Equivalence: 'filename.' (Trailing Dot)", + status: 'Incomplete', + }, + { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, + { + id: 'CWE-421', + name: 'Race Condition During Access to Alternate Channel', + status: 'Draft', + }, + { + id: 'CWE-422', + name: "Unprotected Windows Messaging Channel ('Shatter')", + status: 'Draft', + }, + { + id: 'CWE-423', + name: 'DEPRECATED: Proxied Trusted Channel', + status: 'Deprecated', + }, + { + id: 'CWE-424', + name: 'Improper Protection of Alternate Path', + status: 'Draft', + }, + { + id: 'CWE-425', + name: "Direct Request ('Forced Browsing')", + status: 'Incomplete', + }, + { id: 'CWE-426', name: 'Untrusted Search Path', status: 'Stable' }, + { + id: 'CWE-427', + name: 'Uncontrolled Search Path Element', + status: 'Draft', + }, + { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, + { + id: 'CWE-43', + name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-430', + name: 'Deployment of Wrong Handler', + status: 'Incomplete', + }, + { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, + { + id: 'CWE-432', + name: 'Dangerous Signal Handler not Disabled During Sensitive Operations', + status: 'Draft', + }, + { + id: 'CWE-433', + name: 'Unparsed Raw Web Content Delivery', + status: 'Incomplete', + }, + { + id: 'CWE-434', + name: 'Unrestricted Upload of File with Dangerous Type', + status: 'Draft', + }, + { + id: 'CWE-435', + name: 'Improper Interaction Between Multiple Correctly-Behaving Entities', + status: 'Draft', + }, + { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, + { + id: 'CWE-437', + name: 'Incomplete Model of Endpoint Features', + status: 'Incomplete', + }, + { + id: 'CWE-439', + name: 'Behavioral Change in New Version or Environment', + status: 'Draft', + }, + { + id: 'CWE-44', + name: "Path Equivalence: 'file.name' (Internal Dot)", + status: 'Incomplete', + }, + { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, + { + id: 'CWE-441', + name: "Unintended Proxy or Intermediary ('Confused Deputy')", + status: 'Draft', + }, + { + id: 'CWE-443', + name: 'DEPRECATED: HTTP response splitting', + status: 'Deprecated', + }, + { + id: 'CWE-444', + name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')", + status: 'Incomplete', + }, + { + id: 'CWE-446', + name: 'UI Discrepancy for Security Feature', + status: 'Incomplete', + }, + { + id: 'CWE-447', + name: 'Unimplemented or Unsupported Feature in UI', + status: 'Draft', + }, + { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, + { + id: 'CWE-449', + name: 'The UI Performs the Wrong Action', + status: 'Incomplete', + }, + { + id: 'CWE-45', + name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-450', + name: 'Multiple Interpretations of UI Input', + status: 'Draft', + }, + { + id: 'CWE-451', + name: 'User Interface (UI) Misrepresentation of Critical Information', + status: 'Draft', + }, + { + id: 'CWE-453', + name: 'Insecure Default Variable Initialization', + status: 'Draft', + }, + { + id: 'CWE-454', + name: 'External Initialization of Trusted Variables or Data Stores', + status: 'Draft', + }, + { + id: 'CWE-455', + name: 'Non-exit on Failed Initialization', + status: 'Draft', + }, + { + id: 'CWE-456', + name: 'Missing Initialization of a Variable', + status: 'Draft', + }, + { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, + { + id: 'CWE-458', + name: 'DEPRECATED: Incorrect Initialization', + status: 'Deprecated', + }, + { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, + { + id: 'CWE-46', + name: "Path Equivalence: 'filename ' (Trailing Space)", + status: 'Incomplete', + }, + { + id: 'CWE-460', + name: 'Improper Cleanup on Thrown Exception', + status: 'Draft', + }, + { + id: 'CWE-462', + name: 'Duplicate Key in Associative List (Alist)', + status: 'Incomplete', + }, + { + id: 'CWE-463', + name: 'Deletion of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-464', + name: 'Addition of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-466', + name: 'Return of Pointer Value Outside of Expected Range', + status: 'Draft', + }, + { + id: 'CWE-467', + name: 'Use of sizeof() on a Pointer Type', + status: 'Draft', + }, + { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, + { + id: 'CWE-469', + name: 'Use of Pointer Subtraction to Determine Size', + status: 'Draft', + }, + { + id: 'CWE-47', + name: "Path Equivalence: ' filename' (Leading Space)", + status: 'Incomplete', + }, + { + id: 'CWE-470', + name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", + status: 'Draft', + }, + { + id: 'CWE-471', + name: 'Modification of Assumed-Immutable Data (MAID)', + status: 'Draft', + }, + { + id: 'CWE-472', + name: 'External Control of Assumed-Immutable Web Parameter', + status: 'Draft', + }, + { + id: 'CWE-473', + name: 'PHP External Variable Modification', + status: 'Draft', + }, + { + id: 'CWE-474', + name: 'Use of Function with Inconsistent Implementations', + status: 'Draft', + }, + { + id: 'CWE-475', + name: 'Undefined Behavior for Input to API', + status: 'Incomplete', + }, + { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Stable' }, + { id: 'CWE-477', name: 'Use of Obsolete Function', status: 'Draft' }, + { + id: 'CWE-478', + name: 'Missing Default Case in Switch Statement', + status: 'Draft', + }, + { + id: 'CWE-479', + name: 'Signal Handler Use of a Non-reentrant Function', + status: 'Draft', + }, + { + id: 'CWE-48', + name: "Path Equivalence: 'file name' (Internal Whitespace)", + status: 'Incomplete', + }, + { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, + { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, + { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, + { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, + { + id: 'CWE-484', + name: 'Omitted Break Statement in Switch', + status: 'Draft', + }, + { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, + { + id: 'CWE-487', + name: 'Reliance on Package-level Scope', + status: 'Incomplete', + }, + { + id: 'CWE-488', + name: 'Exposure of Data Element to Wrong Session', + status: 'Draft', + }, + { id: 'CWE-489', name: 'Active Debug Code', status: 'Draft' }, + { + id: 'CWE-49', + name: "Path Equivalence: 'filename/' (Trailing Slash)", + status: 'Incomplete', + }, + { + id: 'CWE-491', + name: "Public cloneable() Method Without Final ('Object Hijack')", + status: 'Draft', + }, + { + id: 'CWE-492', + name: 'Use of Inner Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-493', + name: 'Critical Public Variable Without Final Modifier', + status: 'Draft', + }, + { + id: 'CWE-494', + name: 'Download of Code Without Integrity Check', + status: 'Draft', + }, + { + id: 'CWE-495', + name: 'Private Data Structure Returned From A Public Method', + status: 'Draft', + }, + { + id: 'CWE-496', + name: 'Public Data Assigned to Private Array-Typed Field', + status: 'Incomplete', + }, + { + id: 'CWE-497', + name: 'Exposure of Sensitive System Information to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-498', + name: 'Cloneable Class Containing Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-499', + name: 'Serializable Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-5', + name: 'J2EE Misconfiguration: Data Transmission Without Encryption', + status: 'Draft', + }, + { + id: 'CWE-50', + name: "Path Equivalence: '//multiple/leading/slash'", + status: 'Incomplete', + }, + { + id: 'CWE-500', + name: 'Public Static Field Not Marked Final', + status: 'Draft', + }, + { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, + { + id: 'CWE-502', + name: 'Deserialization of Untrusted Data', + status: 'Draft', + }, + { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, + { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, + { + id: 'CWE-508', + name: 'Non-Replicating Malicious Code', + status: 'Incomplete', + }, + { + id: 'CWE-509', + name: 'Replicating Malicious Code (Virus or Worm)', + status: 'Incomplete', + }, + { + id: 'CWE-51', + name: "Path Equivalence: '/multiple//internal/slash'", + status: 'Incomplete', + }, + { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, + { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, + { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, + { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, + { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, + { + id: 'CWE-516', + name: 'DEPRECATED: Covert Timing Channel', + status: 'Deprecated', + }, + { + id: 'CWE-52', + name: "Path Equivalence: '/multiple/trailing/slash//'", + status: 'Incomplete', + }, + { + id: 'CWE-520', + name: '.NET Misconfiguration: Use of Impersonation', + status: 'Incomplete', + }, + { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, + { + id: 'CWE-522', + name: 'Insufficiently Protected Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-523', + name: 'Unprotected Transport of Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-524', + name: 'Use of Cache Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-525', + name: 'Use of Web Browser Cache Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-526', + name: 'Exposure of Sensitive Information Through Environmental Variables', + status: 'Incomplete', + }, + { + id: 'CWE-527', + name: 'Exposure of Version-Control Repository to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-528', + name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', + status: 'Draft', + }, + { + id: 'CWE-529', + name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-53', + name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", + status: 'Incomplete', + }, + { + id: 'CWE-530', + name: 'Exposure of Backup File to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-531', + name: 'Inclusion of Sensitive Information in Test Code', + status: 'Incomplete', + }, + { + id: 'CWE-532', + name: 'Insertion of Sensitive Information into Log File', + status: 'Incomplete', + }, + { + id: 'CWE-533', + name: 'DEPRECATED: Information Exposure Through Server Log Files', + status: 'Deprecated', + }, + { + id: 'CWE-534', + name: 'DEPRECATED: Information Exposure Through Debug Log Files', + status: 'Deprecated', + }, + { + id: 'CWE-535', + name: 'Exposure of Information Through Shell Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-536', + name: 'Servlet Runtime Error Message Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-537', + name: 'Java Runtime Error Message Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-538', + name: 'Insertion of Sensitive Information into Externally-Accessible File or Directory', + status: 'Draft', + }, + { + id: 'CWE-539', + name: 'Use of Persistent Cookies Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-54', + name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", + status: 'Incomplete', + }, + { + id: 'CWE-540', + name: 'Inclusion of Sensitive Information in Source Code', + status: 'Incomplete', + }, + { + id: 'CWE-541', + name: 'Inclusion of Sensitive Information in an Include File', + status: 'Incomplete', + }, + { + id: 'CWE-542', + name: 'DEPRECATED: Information Exposure Through Cleanup Log Files', + status: 'Deprecated', + }, + { + id: 'CWE-543', + name: 'Use of Singleton Pattern Without Synchronization in a Multithreaded Context', + status: 'Incomplete', + }, + { + id: 'CWE-544', + name: 'Missing Standardized Error Handling Mechanism', + status: 'Draft', + }, + { + id: 'CWE-545', + name: 'DEPRECATED: Use of Dynamic Class Loading', + status: 'Deprecated', + }, + { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, + { + id: 'CWE-547', + name: 'Use of Hard-coded, Security-relevant Constants', + status: 'Draft', + }, + { + id: 'CWE-548', + name: 'Exposure of Information Through Directory Listing', + status: 'Draft', + }, + { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, + { + id: 'CWE-55', + name: "Path Equivalence: '/./' (Single Dot Directory)", + status: 'Incomplete', + }, + { + id: 'CWE-550', + name: 'Server-generated Error Message Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-551', + name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', + status: 'Incomplete', + }, + { + id: 'CWE-552', + name: 'Files or Directories Accessible to External Parties', + status: 'Draft', + }, + { + id: 'CWE-553', + name: 'Command Shell in Externally Accessible Directory', + status: 'Incomplete', + }, + { + id: 'CWE-554', + name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', + status: 'Draft', + }, + { + id: 'CWE-555', + name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-556', + name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', + status: 'Incomplete', + }, + { + id: 'CWE-558', + name: 'Use of getlogin() in Multithreaded Application', + status: 'Draft', + }, + { + id: 'CWE-56', + name: "Path Equivalence: 'filedir*' (Wildcard)", + status: 'Incomplete', + }, + { + id: 'CWE-560', + name: 'Use of umask() with chmod-style Argument', + status: 'Draft', + }, + { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, + { + id: 'CWE-562', + name: 'Return of Stack Variable Address', + status: 'Draft', + }, + { + id: 'CWE-563', + name: 'Assignment to Variable without Use', + status: 'Draft', + }, + { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, + { + id: 'CWE-565', + name: 'Reliance on Cookies without Validation and Integrity Checking', + status: 'Incomplete', + }, + { + id: 'CWE-566', + name: 'Authorization Bypass Through User-Controlled SQL Primary Key', + status: 'Incomplete', + }, + { + id: 'CWE-567', + name: 'Unsynchronized Access to Shared Data in a Multithreaded Context', + status: 'Draft', + }, + { + id: 'CWE-568', + name: 'finalize() Method Without super.finalize()', + status: 'Draft', + }, + { + id: 'CWE-57', + name: "Path Equivalence: 'fakedir/../realdir/filename'", + status: 'Incomplete', + }, + { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, + { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, + { + id: 'CWE-572', + name: 'Call to Thread run() instead of start()', + status: 'Draft', + }, + { + id: 'CWE-573', + name: 'Improper Following of Specification by Caller', + status: 'Draft', + }, + { + id: 'CWE-574', + name: 'EJB Bad Practices: Use of Synchronization Primitives', + status: 'Draft', + }, + { + id: 'CWE-575', + name: 'EJB Bad Practices: Use of AWT Swing', + status: 'Draft', + }, + { + id: 'CWE-576', + name: 'EJB Bad Practices: Use of Java I/O', + status: 'Draft', + }, + { + id: 'CWE-577', + name: 'EJB Bad Practices: Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-578', + name: 'EJB Bad Practices: Use of Class Loader', + status: 'Draft', + }, + { + id: 'CWE-579', + name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', + status: 'Draft', + }, + { + id: 'CWE-58', + name: 'Path Equivalence: Windows 8.3 Filename', + status: 'Incomplete', + }, + { + id: 'CWE-580', + name: 'clone() Method Without super.clone()', + status: 'Draft', + }, + { + id: 'CWE-581', + name: 'Object Model Violation: Just One of Equals and Hashcode Defined', + status: 'Draft', + }, + { + id: 'CWE-582', + name: 'Array Declared Public, Final, and Static', + status: 'Draft', + }, + { + id: 'CWE-583', + name: 'finalize() Method Declared Public', + status: 'Incomplete', + }, + { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, + { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, + { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, + { + id: 'CWE-587', + name: 'Assignment of a Fixed Address to a Pointer', + status: 'Draft', + }, + { + id: 'CWE-588', + name: 'Attempt to Access Child of a Non-structure Pointer', + status: 'Incomplete', + }, + { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, + { + id: 'CWE-59', + name: "Improper Link Resolution Before File Access ('Link Following')", + status: 'Draft', + }, + { + id: 'CWE-590', + name: 'Free of Memory not on the Heap', + status: 'Incomplete', + }, + { + id: 'CWE-591', + name: 'Sensitive Data Storage in Improperly Locked Memory', + status: 'Draft', + }, + { + id: 'CWE-592', + name: 'DEPRECATED: Authentication Bypass Issues', + status: 'Deprecated', + }, + { + id: 'CWE-593', + name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', + status: 'Draft', + }, + { + id: 'CWE-594', + name: 'J2EE Framework: Saving Unserializable Objects to Disk', + status: 'Incomplete', + }, + { + id: 'CWE-595', + name: 'Comparison of Object References Instead of Object Contents', + status: 'Incomplete', + }, + { + id: 'CWE-596', + name: 'DEPRECATED: Incorrect Semantic Object Comparison', + status: 'Deprecated', + }, + { + id: 'CWE-597', + name: 'Use of Wrong Operator in String Comparison', + status: 'Draft', + }, + { + id: 'CWE-598', + name: 'Use of GET Request Method With Sensitive Query Strings', + status: 'Draft', + }, + { + id: 'CWE-599', + name: 'Missing Validation of OpenSSL Certificate', + status: 'Incomplete', + }, + { + id: 'CWE-6', + name: 'J2EE Misconfiguration: Insufficient Session-ID Length', + status: 'Incomplete', + }, + { id: 'CWE-600', name: 'Uncaught Exception in Servlet ', status: 'Draft' }, + { + id: 'CWE-601', + name: "URL Redirection to Untrusted Site ('Open Redirect')", + status: 'Draft', + }, + { + id: 'CWE-602', + name: 'Client-Side Enforcement of Server-Side Security', + status: 'Draft', + }, + { + id: 'CWE-603', + name: 'Use of Client-Side Authentication', + status: 'Draft', + }, + { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, + { + id: 'CWE-606', + name: 'Unchecked Input for Loop Condition', + status: 'Draft', + }, + { + id: 'CWE-607', + name: 'Public Static Final Field References Mutable Object', + status: 'Draft', + }, + { + id: 'CWE-608', + name: 'Struts: Non-private Field in ActionForm Class', + status: 'Draft', + }, + { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, + { + id: 'CWE-61', + name: 'UNIX Symbolic Link (Symlink) Following', + status: 'Incomplete', + }, + { + id: 'CWE-610', + name: 'Externally Controlled Reference to a Resource in Another Sphere', + status: 'Draft', + }, + { + id: 'CWE-611', + name: 'Improper Restriction of XML External Entity Reference', + status: 'Draft', + }, + { + id: 'CWE-612', + name: 'Improper Authorization of Index Containing Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-613', + name: 'Insufficient Session Expiration', + status: 'Incomplete', + }, + { + id: 'CWE-614', + name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", + status: 'Draft', + }, + { + id: 'CWE-615', + name: 'Inclusion of Sensitive Information in Source Code Comments', + status: 'Incomplete', + }, + { + id: 'CWE-616', + name: 'Incomplete Identification of Uploaded File Variables (PHP)', + status: 'Incomplete', + }, + { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, + { + id: 'CWE-618', + name: 'Exposed Unsafe ActiveX Method', + status: 'Incomplete', + }, + { + id: 'CWE-619', + name: "Dangling Database Cursor ('Cursor Injection')", + status: 'Incomplete', + }, + { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, + { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, + { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, + { + id: 'CWE-622', + name: 'Improper Validation of Function Hook Arguments', + status: 'Draft', + }, + { + id: 'CWE-623', + name: 'Unsafe ActiveX Control Marked Safe For Scripting', + status: 'Draft', + }, + { + id: 'CWE-624', + name: 'Executable Regular Expression Error', + status: 'Incomplete', + }, + { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, + { + id: 'CWE-626', + name: 'Null Byte Interaction Error (Poison Null Byte)', + status: 'Draft', + }, + { + id: 'CWE-627', + name: 'Dynamic Variable Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-628', + name: 'Function Call with Incorrectly Specified Arguments', + status: 'Draft', + }, + { + id: 'CWE-636', + name: "Not Failing Securely ('Failing Open')", + status: 'Draft', + }, + { + id: 'CWE-637', + name: "Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')", + status: 'Draft', + }, + { id: 'CWE-638', name: 'Not Using Complete Mediation', status: 'Draft' }, + { + id: 'CWE-639', + name: 'Authorization Bypass Through User-Controlled Key', + status: 'Incomplete', + }, + { + id: 'CWE-64', + name: 'Windows Shortcut Following (.LNK)', + status: 'Incomplete', + }, + { + id: 'CWE-640', + name: 'Weak Password Recovery Mechanism for Forgotten Password', + status: 'Incomplete', + }, + { + id: 'CWE-641', + name: 'Improper Restriction of Names for Files and Other Resources', + status: 'Incomplete', + }, + { + id: 'CWE-642', + name: 'External Control of Critical State Data', + status: 'Draft', + }, + { + id: 'CWE-643', + name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-644', + name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', + status: 'Incomplete', + }, + { + id: 'CWE-645', + name: 'Overly Restrictive Account Lockout Mechanism', + status: 'Incomplete', + }, + { + id: 'CWE-646', + name: 'Reliance on File Name or Extension of Externally-Supplied File', + status: 'Incomplete', + }, + { + id: 'CWE-647', + name: 'Use of Non-Canonical URL Paths for Authorization Decisions', + status: 'Incomplete', + }, + { + id: 'CWE-648', + name: 'Incorrect Use of Privileged APIs', + status: 'Incomplete', + }, + { + id: 'CWE-649', + name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', + status: 'Incomplete', + }, + { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, + { + id: 'CWE-650', + name: 'Trusting HTTP Permission Methods on the Server Side', + status: 'Incomplete', + }, + { + id: 'CWE-651', + name: 'Exposure of WSDL File Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-652', + name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-653', + name: 'Improper Isolation or Compartmentalization', + status: 'Draft', + }, + { + id: 'CWE-654', + name: 'Reliance on a Single Factor in a Security Decision', + status: 'Draft', + }, + { + id: 'CWE-655', + name: 'Insufficient Psychological Acceptability', + status: 'Draft', + }, + { + id: 'CWE-656', + name: 'Reliance on Security Through Obscurity', + status: 'Draft', + }, + { + id: 'CWE-657', + name: 'Violation of Secure Design Principles', + status: 'Draft', + }, + { + id: 'CWE-66', + name: 'Improper Handling of File Names that Identify Virtual Resources', + status: 'Draft', + }, + { id: 'CWE-662', name: 'Improper Synchronization', status: 'Draft' }, + { + id: 'CWE-663', + name: 'Use of a Non-reentrant Function in a Concurrent Context', + status: 'Draft', + }, + { + id: 'CWE-664', + name: 'Improper Control of a Resource Through its Lifetime', + status: 'Draft', + }, + { id: 'CWE-665', name: 'Improper Initialization', status: 'Draft' }, + { + id: 'CWE-666', + name: 'Operation on Resource in Wrong Phase of Lifetime', + status: 'Draft', + }, + { id: 'CWE-667', name: 'Improper Locking', status: 'Draft' }, + { + id: 'CWE-668', + name: 'Exposure of Resource to Wrong Sphere', + status: 'Draft', + }, + { + id: 'CWE-669', + name: 'Incorrect Resource Transfer Between Spheres', + status: 'Draft', + }, + { + id: 'CWE-67', + name: 'Improper Handling of Windows Device Names', + status: 'Incomplete', + }, + { + id: 'CWE-670', + name: 'Always-Incorrect Control Flow Implementation', + status: 'Draft', + }, + { + id: 'CWE-671', + name: 'Lack of Administrator Control over Security', + status: 'Draft', + }, + { + id: 'CWE-672', + name: 'Operation on a Resource after Expiration or Release', + status: 'Draft', + }, + { + id: 'CWE-673', + name: 'External Influence of Sphere Definition', + status: 'Draft', + }, + { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, + { + id: 'CWE-675', + name: 'Multiple Operations on Resource in Single-Operation Context', + status: 'Draft', + }, + { + id: 'CWE-676', + name: 'Use of Potentially Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-680', + name: 'Integer Overflow to Buffer Overflow', + status: 'Draft', + }, + { + id: 'CWE-681', + name: 'Incorrect Conversion between Numeric Types', + status: 'Draft', + }, + { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, + { + id: 'CWE-683', + name: 'Function Call With Incorrect Order of Arguments', + status: 'Draft', + }, + { + id: 'CWE-684', + name: 'Incorrect Provision of Specified Functionality', + status: 'Draft', + }, + { + id: 'CWE-685', + name: 'Function Call With Incorrect Number of Arguments', + status: 'Draft', + }, + { + id: 'CWE-686', + name: 'Function Call With Incorrect Argument Type', + status: 'Draft', + }, + { + id: 'CWE-687', + name: 'Function Call With Incorrectly Specified Argument Value', + status: 'Draft', + }, + { + id: 'CWE-688', + name: 'Function Call With Incorrect Variable or Reference as Argument', + status: 'Draft', + }, + { + id: 'CWE-689', + name: 'Permission Race Condition During Resource Copy', + status: 'Draft', + }, + { + id: 'CWE-69', + name: 'Improper Handling of Windows ::DATA Alternate Data Stream', + status: 'Incomplete', + }, + { + id: 'CWE-690', + name: 'Unchecked Return Value to NULL Pointer Dereference', + status: 'Draft', + }, + { + id: 'CWE-691', + name: 'Insufficient Control Flow Management', + status: 'Draft', + }, + { + id: 'CWE-692', + name: 'Incomplete Denylist to Cross-Site Scripting', + status: 'Draft', + }, + { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, + { + id: 'CWE-694', + name: 'Use of Multiple Resources with Duplicate Identifier', + status: 'Incomplete', + }, + { + id: 'CWE-695', + name: 'Use of Low-Level Functionality', + status: 'Incomplete', + }, + { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, + { id: 'CWE-697', name: 'Incorrect Comparison', status: 'Incomplete' }, + { + id: 'CWE-698', + name: 'Execution After Redirect (EAR)', + status: 'Incomplete', + }, + { + id: 'CWE-7', + name: 'J2EE Misconfiguration: Missing Custom Error Page', + status: 'Incomplete', + }, + { + id: 'CWE-703', + name: 'Improper Check or Handling of Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-704', + name: 'Incorrect Type Conversion or Cast', + status: 'Incomplete', + }, + { + id: 'CWE-705', + name: 'Incorrect Control Flow Scoping', + status: 'Incomplete', + }, + { + id: 'CWE-706', + name: 'Use of Incorrectly-Resolved Name or Reference', + status: 'Incomplete', + }, + { id: 'CWE-707', name: 'Improper Neutralization', status: 'Incomplete' }, + { + id: 'CWE-708', + name: 'Incorrect Ownership Assignment', + status: 'Incomplete', + }, + { + id: 'CWE-71', + name: "DEPRECATED: Apple '.DS_Store'", + status: 'Deprecated', + }, + { + id: 'CWE-710', + name: 'Improper Adherence to Coding Standards', + status: 'Incomplete', + }, + { + id: 'CWE-72', + name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', + status: 'Incomplete', + }, + { + id: 'CWE-73', + name: 'External Control of File Name or Path', + status: 'Draft', + }, + { + id: 'CWE-732', + name: 'Incorrect Permission Assignment for Critical Resource', + status: 'Draft', + }, + { + id: 'CWE-733', + name: 'Compiler Optimization Removal or Modification of Security-critical Code', + status: 'Incomplete', + }, + { + id: 'CWE-74', + name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-749', + name: 'Exposed Dangerous Method or Function', + status: 'Incomplete', + }, + { + id: 'CWE-75', + name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', + status: 'Draft', + }, + { + id: 'CWE-754', + name: 'Improper Check for Unusual or Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-755', + name: 'Improper Handling of Exceptional Conditions', + status: 'Incomplete', + }, + { id: 'CWE-756', name: 'Missing Custom Error Page', status: 'Incomplete' }, + { + id: 'CWE-757', + name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", + status: 'Incomplete', + }, + { + id: 'CWE-758', + name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', + status: 'Incomplete', + }, + { + id: 'CWE-759', + name: 'Use of a One-Way Hash without a Salt', + status: 'Incomplete', + }, + { + id: 'CWE-76', + name: 'Improper Neutralization of Equivalent Special Elements', + status: 'Draft', + }, + { + id: 'CWE-760', + name: 'Use of a One-Way Hash with a Predictable Salt', + status: 'Incomplete', + }, + { + id: 'CWE-761', + name: 'Free of Pointer not at Start of Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-762', + name: 'Mismatched Memory Management Routines', + status: 'Incomplete', + }, + { + id: 'CWE-763', + name: 'Release of Invalid Pointer or Reference', + status: 'Incomplete', + }, + { + id: 'CWE-764', + name: 'Multiple Locks of a Critical Resource', + status: 'Incomplete', + }, + { + id: 'CWE-765', + name: 'Multiple Unlocks of a Critical Resource', + status: 'Incomplete', + }, + { + id: 'CWE-766', + name: 'Critical Data Element Declared Public', + status: 'Incomplete', + }, + { + id: 'CWE-767', + name: 'Access to Critical Private Variable via Public Method', + status: 'Incomplete', + }, + { + id: 'CWE-768', + name: 'Incorrect Short Circuit Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-769', + name: 'DEPRECATED: Uncontrolled File Descriptor Consumption', + status: 'Deprecated', + }, + { + id: 'CWE-77', + name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", + status: 'Draft', + }, + { + id: 'CWE-770', + name: 'Allocation of Resources Without Limits or Throttling', + status: 'Incomplete', + }, + { + id: 'CWE-771', + name: 'Missing Reference to Active Allocated Resource', + status: 'Incomplete', + }, + { + id: 'CWE-772', + name: 'Missing Release of Resource after Effective Lifetime', + status: 'Draft', + }, + { + id: 'CWE-773', + name: 'Missing Reference to Active File Descriptor or Handle', + status: 'Incomplete', + }, + { + id: 'CWE-774', + name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', + status: 'Incomplete', + }, + { + id: 'CWE-775', + name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-776', + name: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", + status: 'Draft', + }, + { + id: 'CWE-777', + name: 'Regular Expression without Anchors', + status: 'Incomplete', + }, + { id: 'CWE-778', name: 'Insufficient Logging', status: 'Draft' }, + { id: 'CWE-779', name: 'Logging of Excessive Data', status: 'Draft' }, + { + id: 'CWE-78', + name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", + status: 'Stable', + }, + { + id: 'CWE-780', + name: 'Use of RSA Algorithm without OAEP', + status: 'Incomplete', + }, + { + id: 'CWE-781', + name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', + status: 'Draft', + }, + { + id: 'CWE-782', + name: 'Exposed IOCTL with Insufficient Access Control', + status: 'Draft', + }, + { id: 'CWE-783', name: 'Operator Precedence Logic Error', status: 'Draft' }, + { + id: 'CWE-784', + name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', + status: 'Draft', + }, + { + id: 'CWE-785', + name: 'Use of Path Manipulation Function without Maximum-sized Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-786', + name: 'Access of Memory Location Before Start of Buffer', + status: 'Incomplete', + }, + { id: 'CWE-787', name: 'Out-of-bounds Write', status: 'Draft' }, + { + id: 'CWE-788', + name: 'Access of Memory Location After End of Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-789', + name: 'Memory Allocation with Excessive Size Value', + status: 'Draft', + }, + { + id: 'CWE-79', + name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + status: 'Stable', + }, + { + id: 'CWE-790', + name: 'Improper Filtering of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-791', + name: 'Incomplete Filtering of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-792', + name: 'Incomplete Filtering of One or More Instances of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-793', + name: 'Only Filtering One Instance of a Special Element', + status: 'Incomplete', + }, + { + id: 'CWE-794', + name: 'Incomplete Filtering of Multiple Instances of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-795', + name: 'Only Filtering Special Elements at a Specified Location', + status: 'Incomplete', + }, + { + id: 'CWE-796', + name: 'Only Filtering Special Elements Relative to a Marker', + status: 'Incomplete', + }, + { + id: 'CWE-797', + name: 'Only Filtering Special Elements at an Absolute Position', + status: 'Incomplete', + }, + { id: 'CWE-798', name: 'Use of Hard-coded Credentials', status: 'Draft' }, + { + id: 'CWE-799', + name: 'Improper Control of Interaction Frequency', + status: 'Incomplete', + }, + { + id: 'CWE-8', + name: 'J2EE Misconfiguration: Entity Bean Declared Remote', + status: 'Incomplete', + }, + { + id: 'CWE-80', + name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', + status: 'Incomplete', + }, + { id: 'CWE-804', name: 'Guessable CAPTCHA', status: 'Incomplete' }, + { + id: 'CWE-805', + name: 'Buffer Access with Incorrect Length Value', + status: 'Incomplete', + }, + { + id: 'CWE-806', + name: 'Buffer Access Using Size of Source Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-807', + name: 'Reliance on Untrusted Inputs in a Security Decision', + status: 'Incomplete', + }, + { + id: 'CWE-81', + name: 'Improper Neutralization of Script in an Error Message Web Page', + status: 'Incomplete', + }, + { + id: 'CWE-82', + name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', + status: 'Incomplete', + }, + { id: 'CWE-820', name: 'Missing Synchronization', status: 'Incomplete' }, + { id: 'CWE-821', name: 'Incorrect Synchronization', status: 'Incomplete' }, + { + id: 'CWE-822', + name: 'Untrusted Pointer Dereference', + status: 'Incomplete', + }, + { + id: 'CWE-823', + name: 'Use of Out-of-range Pointer Offset', + status: 'Incomplete', + }, + { + id: 'CWE-824', + name: 'Access of Uninitialized Pointer', + status: 'Incomplete', + }, + { + id: 'CWE-825', + name: 'Expired Pointer Dereference', + status: 'Incomplete', + }, + { + id: 'CWE-826', + name: 'Premature Release of Resource During Expected Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-827', + name: 'Improper Control of Document Type Definition', + status: 'Incomplete', + }, + { + id: 'CWE-828', + name: 'Signal Handler with Functionality that is not Asynchronous-Safe', + status: 'Incomplete', + }, + { + id: 'CWE-829', + name: 'Inclusion of Functionality from Untrusted Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-83', + name: 'Improper Neutralization of Script in Attributes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-830', + name: 'Inclusion of Web Functionality from an Untrusted Source', + status: 'Incomplete', + }, + { + id: 'CWE-831', + name: 'Signal Handler Function Associated with Multiple Signals', + status: 'Incomplete', + }, + { + id: 'CWE-832', + name: 'Unlock of a Resource that is not Locked', + status: 'Incomplete', + }, + { id: 'CWE-833', name: 'Deadlock', status: 'Incomplete' }, + { id: 'CWE-834', name: 'Excessive Iteration', status: 'Incomplete' }, + { + id: 'CWE-835', + name: "Loop with Unreachable Exit Condition ('Infinite Loop')", + status: 'Incomplete', + }, + { + id: 'CWE-836', + name: 'Use of Password Hash Instead of Password for Authentication', + status: 'Incomplete', + }, + { + id: 'CWE-837', + name: 'Improper Enforcement of a Single, Unique Action', + status: 'Incomplete', + }, + { + id: 'CWE-838', + name: 'Inappropriate Encoding for Output Context', + status: 'Incomplete', + }, + { + id: 'CWE-839', + name: 'Numeric Range Comparison Without Minimum Check', + status: 'Incomplete', + }, + { + id: 'CWE-84', + name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-841', + name: 'Improper Enforcement of Behavioral Workflow', + status: 'Incomplete', + }, + { + id: 'CWE-842', + name: 'Placement of User into Incorrect Group', + status: 'Incomplete', + }, + { + id: 'CWE-843', + name: "Access of Resource Using Incompatible Type ('Type Confusion')", + status: 'Incomplete', + }, + { + id: 'CWE-85', + name: 'Doubled Character XSS Manipulations', + status: 'Draft', + }, + { + id: 'CWE-86', + name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', + status: 'Draft', + }, + { id: 'CWE-862', name: 'Missing Authorization', status: 'Incomplete' }, + { id: 'CWE-863', name: 'Incorrect Authorization', status: 'Incomplete' }, + { + id: 'CWE-87', + name: 'Improper Neutralization of Alternate XSS Syntax', + status: 'Draft', + }, + { + id: 'CWE-88', + name: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", + status: 'Draft', + }, + { + id: 'CWE-89', + name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + status: 'Stable', + }, + { + id: 'CWE-9', + name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', + status: 'Draft', + }, + { + id: 'CWE-90', + name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", + status: 'Draft', + }, + { + id: 'CWE-908', + name: 'Use of Uninitialized Resource', + status: 'Incomplete', + }, + { + id: 'CWE-909', + name: 'Missing Initialization of Resource', + status: 'Incomplete', + }, + { + id: 'CWE-91', + name: 'XML Injection (aka Blind XPath Injection)', + status: 'Draft', + }, + { + id: 'CWE-910', + name: 'Use of Expired File Descriptor', + status: 'Incomplete', + }, + { + id: 'CWE-911', + name: 'Improper Update of Reference Count', + status: 'Incomplete', + }, + { id: 'CWE-912', name: 'Hidden Functionality', status: 'Incomplete' }, + { + id: 'CWE-913', + name: 'Improper Control of Dynamically-Managed Code Resources', + status: 'Incomplete', + }, + { + id: 'CWE-914', + name: 'Improper Control of Dynamically-Identified Variables', + status: 'Incomplete', + }, + { + id: 'CWE-915', + name: 'Improperly Controlled Modification of Dynamically-Determined Object Attributes', + status: 'Incomplete', + }, + { + id: 'CWE-916', + name: 'Use of Password Hash With Insufficient Computational Effort', + status: 'Incomplete', + }, + { + id: 'CWE-917', + name: "Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-918', + name: 'Server-Side Request Forgery (SSRF)', + status: 'Incomplete', + }, + { + id: 'CWE-92', + name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', + status: 'Deprecated', + }, + { + id: 'CWE-920', + name: 'Improper Restriction of Power Consumption', + status: 'Incomplete', + }, + { + id: 'CWE-921', + name: 'Storage of Sensitive Data in a Mechanism without Access Control', + status: 'Incomplete', + }, + { + id: 'CWE-922', + name: 'Insecure Storage of Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-923', + name: 'Improper Restriction of Communication Channel to Intended Endpoints', + status: 'Incomplete', + }, + { + id: 'CWE-924', + name: 'Improper Enforcement of Message Integrity During Transmission in a Communication Channel', + status: 'Incomplete', + }, + { + id: 'CWE-925', + name: 'Improper Verification of Intent by Broadcast Receiver', + status: 'Incomplete', + }, + { + id: 'CWE-926', + name: 'Improper Export of Android Application Components', + status: 'Incomplete', + }, + { + id: 'CWE-927', + name: 'Use of Implicit Intent for Sensitive Communication', + status: 'Incomplete', + }, + { + id: 'CWE-93', + name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", + status: 'Draft', + }, + { + id: 'CWE-939', + name: 'Improper Authorization in Handler for Custom URL Scheme', + status: 'Incomplete', + }, + { + id: 'CWE-94', + name: "Improper Control of Generation of Code ('Code Injection')", + status: 'Draft', + }, + { + id: 'CWE-940', + name: 'Improper Verification of Source of a Communication Channel', + status: 'Incomplete', + }, + { + id: 'CWE-941', + name: 'Incorrectly Specified Destination in a Communication Channel', + status: 'Incomplete', + }, + { + id: 'CWE-942', + name: 'Permissive Cross-domain Policy with Untrusted Domains', + status: 'Incomplete', + }, + { + id: 'CWE-943', + name: 'Improper Neutralization of Special Elements in Data Query Logic', + status: 'Incomplete', + }, + { + id: 'CWE-95', + name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-96', + name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", + status: 'Draft', + }, + { + id: 'CWE-97', + name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', + status: 'Draft', + }, + { + id: 'CWE-98', + name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", + status: 'Draft', + }, + { + id: 'CWE-99', + name: "Improper Control of Resource Identifiers ('Resource Injection')", + status: 'Draft', + }, + ], +} diff --git a/lib/cwec/4.8.js b/lib/cwec/4.8.js new file mode 100644 index 00000000..78add8cb --- /dev/null +++ b/lib/cwec/4.8.js @@ -0,0 +1,4144 @@ +export default { + date: '2022-06-28', + weaknesses: [ + { + id: 'CWE-1004', + name: "Sensitive Cookie Without 'HttpOnly' Flag", + status: 'Incomplete', + }, + { + id: 'CWE-1007', + name: 'Insufficient Visual Distinction of Homoglyphs Presented to User', + status: 'Incomplete', + }, + { + id: 'CWE-102', + name: 'Struts: Duplicate Validation Forms', + status: 'Incomplete', + }, + { + id: 'CWE-1021', + name: 'Improper Restriction of Rendered UI Layers or Frames', + status: 'Incomplete', + }, + { + id: 'CWE-1022', + name: 'Use of Web Link to Untrusted Target with window.opener Access', + status: 'Incomplete', + }, + { + id: 'CWE-1023', + name: 'Incomplete Comparison with Missing Factors', + status: 'Incomplete', + }, + { + id: 'CWE-1024', + name: 'Comparison of Incompatible Types', + status: 'Incomplete', + }, + { + id: 'CWE-1025', + name: 'Comparison Using Wrong Factors', + status: 'Incomplete', + }, + { + id: 'CWE-103', + name: 'Struts: Incomplete validate() Method Definition', + status: 'Draft', + }, + { + id: 'CWE-1037', + name: 'Processor Optimization Removal or Modification of Security-critical Code', + status: 'Incomplete', + }, + { + id: 'CWE-1038', + name: 'Insecure Automated Optimizations', + status: 'Draft', + }, + { + id: 'CWE-1039', + name: 'Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations', + status: 'Incomplete', + }, + { + id: 'CWE-104', + name: 'Struts: Form Bean Does Not Extend Validation Class', + status: 'Draft', + }, + { id: 'CWE-1041', name: 'Use of Redundant Code', status: 'Incomplete' }, + { + id: 'CWE-1042', + name: 'Static Member Data Element outside of a Singleton Class Element', + status: 'Incomplete', + }, + { + id: 'CWE-1043', + name: 'Data Element Aggregating an Excessively Large Number of Non-Primitive Elements', + status: 'Incomplete', + }, + { + id: 'CWE-1044', + name: 'Architecture with Number of Horizontal Layers Outside of Expected Range', + status: 'Incomplete', + }, + { + id: 'CWE-1045', + name: 'Parent Class with a Virtual Destructor and a Child Class without a Virtual Destructor', + status: 'Incomplete', + }, + { + id: 'CWE-1046', + name: 'Creation of Immutable Text Using String Concatenation', + status: 'Incomplete', + }, + { + id: 'CWE-1047', + name: 'Modules with Circular Dependencies', + status: 'Incomplete', + }, + { + id: 'CWE-1048', + name: 'Invokable Control Element with Large Number of Outward Calls', + status: 'Incomplete', + }, + { + id: 'CWE-1049', + name: 'Excessive Data Query Operations in a Large Data Table', + status: 'Incomplete', + }, + { + id: 'CWE-105', + name: 'Struts: Form Field Without Validator', + status: 'Draft', + }, + { + id: 'CWE-1050', + name: 'Excessive Platform Resource Consumption within a Loop', + status: 'Incomplete', + }, + { + id: 'CWE-1051', + name: 'Initialization with Hard-Coded Network Resource Configuration Data', + status: 'Incomplete', + }, + { + id: 'CWE-1052', + name: 'Excessive Use of Hard-Coded Literals in Initialization', + status: 'Incomplete', + }, + { + id: 'CWE-1053', + name: 'Missing Documentation for Design', + status: 'Incomplete', + }, + { + id: 'CWE-1054', + name: 'Invocation of a Control Element at an Unnecessarily Deep Horizontal Layer', + status: 'Incomplete', + }, + { + id: 'CWE-1055', + name: 'Multiple Inheritance from Concrete Classes', + status: 'Incomplete', + }, + { + id: 'CWE-1056', + name: 'Invokable Control Element with Variadic Parameters', + status: 'Incomplete', + }, + { + id: 'CWE-1057', + name: 'Data Access Operations Outside of Expected Data Manager Component', + status: 'Incomplete', + }, + { + id: 'CWE-1058', + name: 'Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element', + status: 'Incomplete', + }, + { + id: 'CWE-1059', + name: 'Insufficient Technical Documentation', + status: 'Incomplete', + }, + { + id: 'CWE-106', + name: 'Struts: Plug-in Framework not in Use', + status: 'Draft', + }, + { + id: 'CWE-1060', + name: 'Excessive Number of Inefficient Server-Side Data Accesses', + status: 'Incomplete', + }, + { + id: 'CWE-1061', + name: 'Insufficient Encapsulation', + status: 'Incomplete', + }, + { + id: 'CWE-1062', + name: 'Parent Class with References to Child Class', + status: 'Incomplete', + }, + { + id: 'CWE-1063', + name: 'Creation of Class Instance within a Static Code Block', + status: 'Incomplete', + }, + { + id: 'CWE-1064', + name: 'Invokable Control Element with Signature Containing an Excessive Number of Parameters', + status: 'Incomplete', + }, + { + id: 'CWE-1065', + name: 'Runtime Resource Management Control Element in a Component Built to Run on Application Servers', + status: 'Incomplete', + }, + { + id: 'CWE-1066', + name: 'Missing Serialization Control Element', + status: 'Incomplete', + }, + { + id: 'CWE-1067', + name: 'Excessive Execution of Sequential Searches of Data Resource', + status: 'Incomplete', + }, + { + id: 'CWE-1068', + name: 'Inconsistency Between Implementation and Documented Design', + status: 'Incomplete', + }, + { id: 'CWE-1069', name: 'Empty Exception Block', status: 'Incomplete' }, + { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, + { + id: 'CWE-1070', + name: 'Serializable Data Element Containing non-Serializable Item Elements', + status: 'Incomplete', + }, + { id: 'CWE-1071', name: 'Empty Code Block', status: 'Incomplete' }, + { + id: 'CWE-1072', + name: 'Data Resource Access without Use of Connection Pooling', + status: 'Incomplete', + }, + { + id: 'CWE-1073', + name: 'Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses', + status: 'Incomplete', + }, + { + id: 'CWE-1074', + name: 'Class with Excessively Deep Inheritance', + status: 'Incomplete', + }, + { + id: 'CWE-1075', + name: 'Unconditional Control Flow Transfer outside of Switch Block', + status: 'Incomplete', + }, + { + id: 'CWE-1076', + name: 'Insufficient Adherence to Expected Conventions', + status: 'Incomplete', + }, + { + id: 'CWE-1077', + name: 'Floating Point Comparison with Incorrect Operator', + status: 'Incomplete', + }, + { + id: 'CWE-1078', + name: 'Inappropriate Source Code Style or Formatting', + status: 'Incomplete', + }, + { + id: 'CWE-1079', + name: 'Parent Class without Virtual Destructor Method', + status: 'Incomplete', + }, + { + id: 'CWE-108', + name: 'Struts: Unvalidated Action Form', + status: 'Incomplete', + }, + { + id: 'CWE-1080', + name: 'Source Code File with Excessive Number of Lines of Code', + status: 'Incomplete', + }, + { + id: 'CWE-1082', + name: 'Class Instance Self Destruction Control Element', + status: 'Incomplete', + }, + { + id: 'CWE-1083', + name: 'Data Access from Outside Expected Data Manager Component', + status: 'Incomplete', + }, + { + id: 'CWE-1084', + name: 'Invokable Control Element with Excessive File or Data Access Operations', + status: 'Incomplete', + }, + { + id: 'CWE-1085', + name: 'Invokable Control Element with Excessive Volume of Commented-out Code', + status: 'Incomplete', + }, + { + id: 'CWE-1086', + name: 'Class with Excessive Number of Child Classes', + status: 'Incomplete', + }, + { + id: 'CWE-1087', + name: 'Class with Virtual Method without a Virtual Destructor', + status: 'Incomplete', + }, + { + id: 'CWE-1088', + name: 'Synchronous Access of Remote Resource without Timeout', + status: 'Incomplete', + }, + { + id: 'CWE-1089', + name: 'Large Data Table with Excessive Number of Indices', + status: 'Incomplete', + }, + { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, + { + id: 'CWE-1090', + name: 'Method Containing Access of a Member Element from Another Class', + status: 'Incomplete', + }, + { + id: 'CWE-1091', + name: 'Use of Object without Invoking Destructor Method', + status: 'Incomplete', + }, + { + id: 'CWE-1092', + name: 'Use of Same Invokable Control Element in Multiple Architectural Layers', + status: 'Incomplete', + }, + { + id: 'CWE-1093', + name: 'Excessively Complex Data Representation', + status: 'Incomplete', + }, + { + id: 'CWE-1094', + name: 'Excessive Index Range Scan for a Data Resource', + status: 'Incomplete', + }, + { + id: 'CWE-1095', + name: 'Loop Condition Value Update within the Loop', + status: 'Incomplete', + }, + { + id: 'CWE-1096', + name: 'Singleton Class Instance Creation without Proper Locking or Synchronization', + status: 'Incomplete', + }, + { + id: 'CWE-1097', + name: 'Persistent Storable Data Element without Associated Comparison Control Element', + status: 'Incomplete', + }, + { + id: 'CWE-1098', + name: 'Data Element containing Pointer Item without Proper Copy Control Element', + status: 'Incomplete', + }, + { + id: 'CWE-1099', + name: 'Inconsistent Naming Conventions for Identifiers', + status: 'Incomplete', + }, + { + id: 'CWE-11', + name: 'ASP.NET Misconfiguration: Creating Debug Binary', + status: 'Draft', + }, + { + id: 'CWE-110', + name: 'Struts: Validator Without Form Field', + status: 'Draft', + }, + { + id: 'CWE-1100', + name: 'Insufficient Isolation of System-Dependent Functions', + status: 'Incomplete', + }, + { + id: 'CWE-1101', + name: 'Reliance on Runtime Component in Generated Code', + status: 'Incomplete', + }, + { + id: 'CWE-1102', + name: 'Reliance on Machine-Dependent Data Representation', + status: 'Incomplete', + }, + { + id: 'CWE-1103', + name: 'Use of Platform-Dependent Third Party Components', + status: 'Incomplete', + }, + { + id: 'CWE-1104', + name: 'Use of Unmaintained Third Party Components', + status: 'Incomplete', + }, + { + id: 'CWE-1105', + name: 'Insufficient Encapsulation of Machine-Dependent Functionality', + status: 'Incomplete', + }, + { + id: 'CWE-1106', + name: 'Insufficient Use of Symbolic Constants', + status: 'Incomplete', + }, + { + id: 'CWE-1107', + name: 'Insufficient Isolation of Symbolic Constant Definitions', + status: 'Incomplete', + }, + { + id: 'CWE-1108', + name: 'Excessive Reliance on Global Variables', + status: 'Incomplete', + }, + { + id: 'CWE-1109', + name: 'Use of Same Variable for Multiple Purposes', + status: 'Incomplete', + }, + { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, + { + id: 'CWE-1110', + name: 'Incomplete Design Documentation', + status: 'Incomplete', + }, + { + id: 'CWE-1111', + name: 'Incomplete I/O Documentation', + status: 'Incomplete', + }, + { + id: 'CWE-1112', + name: 'Incomplete Documentation of Program Execution', + status: 'Incomplete', + }, + { + id: 'CWE-1113', + name: 'Inappropriate Comment Style', + status: 'Incomplete', + }, + { + id: 'CWE-1114', + name: 'Inappropriate Whitespace Style', + status: 'Incomplete', + }, + { + id: 'CWE-1115', + name: 'Source Code Element without Standard Prologue', + status: 'Incomplete', + }, + { id: 'CWE-1116', name: 'Inaccurate Comments', status: 'Incomplete' }, + { + id: 'CWE-1117', + name: 'Callable with Insufficient Behavioral Summary', + status: 'Incomplete', + }, + { + id: 'CWE-1118', + name: 'Insufficient Documentation of Error Handling Techniques', + status: 'Incomplete', + }, + { + id: 'CWE-1119', + name: 'Excessive Use of Unconditional Branching', + status: 'Incomplete', + }, + { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, + { id: 'CWE-1120', name: 'Excessive Code Complexity', status: 'Incomplete' }, + { + id: 'CWE-1121', + name: 'Excessive McCabe Cyclomatic Complexity', + status: 'Incomplete', + }, + { + id: 'CWE-1122', + name: 'Excessive Halstead Complexity', + status: 'Incomplete', + }, + { + id: 'CWE-1123', + name: 'Excessive Use of Self-Modifying Code', + status: 'Incomplete', + }, + { id: 'CWE-1124', name: 'Excessively Deep Nesting', status: 'Incomplete' }, + { id: 'CWE-1125', name: 'Excessive Attack Surface', status: 'Incomplete' }, + { + id: 'CWE-1126', + name: 'Declaration of Variable with Unnecessarily Wide Scope', + status: 'Incomplete', + }, + { + id: 'CWE-1127', + name: 'Compilation with Insufficient Warnings or Errors', + status: 'Incomplete', + }, + { + id: 'CWE-113', + name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')", + status: 'Incomplete', + }, + { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, + { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, + { + id: 'CWE-116', + name: 'Improper Encoding or Escaping of Output', + status: 'Draft', + }, + { id: 'CWE-1164', name: 'Irrelevant Code', status: 'Incomplete' }, + { + id: 'CWE-117', + name: 'Improper Output Neutralization for Logs', + status: 'Draft', + }, + { + id: 'CWE-1173', + name: 'Improper Use of Validation Framework', + status: 'Draft', + }, + { + id: 'CWE-1174', + name: 'ASP.NET Misconfiguration: Improper Model Validation', + status: 'Draft', + }, + { + id: 'CWE-1176', + name: 'Inefficient CPU Computation', + status: 'Incomplete', + }, + { id: 'CWE-1177', name: 'Use of Prohibited Code', status: 'Incomplete' }, + { + id: 'CWE-118', + name: "Incorrect Access of Indexable Resource ('Range Error')", + status: 'Incomplete', + }, + { + id: 'CWE-1187', + name: 'DEPRECATED: Use of Uninitialized Resource', + status: 'Deprecated', + }, + { + id: 'CWE-1188', + name: 'Insecure Default Initialization of Resource', + status: 'Incomplete', + }, + { + id: 'CWE-1189', + name: 'Improper Isolation of Shared Resources on System-on-a-Chip (SoC)', + status: 'Stable', + }, + { + id: 'CWE-119', + name: 'Improper Restriction of Operations within the Bounds of a Memory Buffer', + status: 'Stable', + }, + { + id: 'CWE-1190', + name: 'DMA Device Enabled Too Early in Boot Phase', + status: 'Draft', + }, + { + id: 'CWE-1191', + name: 'On-Chip Debug and Test Interface With Improper Access Control', + status: 'Stable', + }, + { + id: 'CWE-1192', + name: 'System-on-Chip (SoC) Using Components without Unique, Immutable Identifiers', + status: 'Draft', + }, + { + id: 'CWE-1193', + name: 'Power-On of Untrusted Execution Core Before Enabling Fabric Access Control', + status: 'Draft', + }, + { + id: 'CWE-12', + name: 'ASP.NET Misconfiguration: Missing Custom Error Page', + status: 'Draft', + }, + { + id: 'CWE-120', + name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", + status: 'Incomplete', + }, + { + id: 'CWE-1204', + name: 'Generation of Weak Initialization Vector (IV)', + status: 'Incomplete', + }, + { + id: 'CWE-1209', + name: 'Failure to Disable Reserved Bits', + status: 'Incomplete', + }, + { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, + { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, + { + id: 'CWE-1220', + name: 'Insufficient Granularity of Access Control', + status: 'Incomplete', + }, + { + id: 'CWE-1221', + name: 'Incorrect Register Defaults or Module Parameters', + status: 'Incomplete', + }, + { + id: 'CWE-1222', + name: 'Insufficient Granularity of Address Regions Protected by Register Locks', + status: 'Incomplete', + }, + { + id: 'CWE-1223', + name: 'Race Condition for Write-Once Attributes', + status: 'Incomplete', + }, + { + id: 'CWE-1224', + name: 'Improper Restriction of Write-Once Bit Fields', + status: 'Incomplete', + }, + { + id: 'CWE-1229', + name: 'Creation of Emergent Resource', + status: 'Incomplete', + }, + { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, + { + id: 'CWE-1230', + name: 'Exposure of Sensitive Information Through Metadata', + status: 'Incomplete', + }, + { + id: 'CWE-1231', + name: 'Improper Prevention of Lock Bit Modification', + status: 'Stable', + }, + { + id: 'CWE-1232', + name: 'Improper Lock Behavior After Power State Transition', + status: 'Incomplete', + }, + { + id: 'CWE-1233', + name: 'Security-Sensitive Hardware Controls with Missing Lock Bit Protection', + status: 'Stable', + }, + { + id: 'CWE-1234', + name: 'Hardware Internal or Debug Modes Allow Override of Locks', + status: 'Incomplete', + }, + { + id: 'CWE-1235', + name: 'Incorrect Use of Autoboxing and Unboxing for Performance Critical Operations', + status: 'Incomplete', + }, + { + id: 'CWE-1236', + name: 'Improper Neutralization of Formula Elements in a CSV File', + status: 'Incomplete', + }, + { + id: 'CWE-1239', + name: 'Improper Zeroization of Hardware Register', + status: 'Draft', + }, + { + id: 'CWE-124', + name: "Buffer Underwrite ('Buffer Underflow')", + status: 'Incomplete', + }, + { + id: 'CWE-1240', + name: 'Use of a Cryptographic Primitive with a Risky Implementation', + status: 'Draft', + }, + { + id: 'CWE-1241', + name: 'Use of Predictable Algorithm in Random Number Generator', + status: 'Draft', + }, + { + id: 'CWE-1242', + name: 'Inclusion of Undocumented Features or Chicken Bits', + status: 'Incomplete', + }, + { + id: 'CWE-1243', + name: 'Sensitive Non-Volatile Information Not Protected During Debug', + status: 'Incomplete', + }, + { + id: 'CWE-1244', + name: 'Internal Asset Exposed to Unsafe Debug Access Level or State', + status: 'Stable', + }, + { + id: 'CWE-1245', + name: 'Improper Finite State Machines (FSMs) in Hardware Logic', + status: 'Incomplete', + }, + { + id: 'CWE-1246', + name: 'Improper Write Handling in Limited-write Non-Volatile Memories', + status: 'Incomplete', + }, + { + id: 'CWE-1247', + name: 'Improper Protection Against Voltage and Clock Glitches', + status: 'Stable', + }, + { + id: 'CWE-1248', + name: 'Semiconductor Defects in Hardware Logic with Security-Sensitive Implications', + status: 'Incomplete', + }, + { + id: 'CWE-1249', + name: 'Application-Level Admin Tool with Inconsistent View of Underlying Operating System', + status: 'Incomplete', + }, + { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, + { + id: 'CWE-1250', + name: 'Improper Preservation of Consistency Between Independent Representations of Shared State', + status: 'Incomplete', + }, + { + id: 'CWE-1251', + name: 'Mirrored Regions with Different Values', + status: 'Incomplete', + }, + { + id: 'CWE-1252', + name: 'CPU Hardware Not Configured to Support Exclusivity of Write and Execute Operations', + status: 'Incomplete', + }, + { + id: 'CWE-1253', + name: 'Incorrect Selection of Fuse Values', + status: 'Draft', + }, + { + id: 'CWE-1254', + name: 'Incorrect Comparison Logic Granularity', + status: 'Draft', + }, + { + id: 'CWE-1255', + name: 'Comparison Logic is Vulnerable to Power Side-Channel Attacks', + status: 'Draft', + }, + { + id: 'CWE-1256', + name: 'Improper Restriction of Software Interfaces to Hardware Features', + status: 'Stable', + }, + { + id: 'CWE-1257', + name: 'Improper Access Control Applied to Mirrored or Aliased Memory Regions', + status: 'Incomplete', + }, + { + id: 'CWE-1258', + name: 'Exposure of Sensitive System Information Due to Uncleared Debug Information', + status: 'Draft', + }, + { + id: 'CWE-1259', + name: 'Improper Restriction of Security Token Assignment', + status: 'Incomplete', + }, + { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, + { + id: 'CWE-1260', + name: 'Improper Handling of Overlap Between Protected Memory Ranges', + status: 'Stable', + }, + { + id: 'CWE-1261', + name: 'Improper Handling of Single Event Upsets', + status: 'Draft', + }, + { + id: 'CWE-1262', + name: 'Improper Access Control for Register Interface', + status: 'Stable', + }, + { + id: 'CWE-1263', + name: 'Improper Physical Access Control', + status: 'Incomplete', + }, + { + id: 'CWE-1264', + name: 'Hardware Logic with Insecure De-Synchronization between Control and Data Channels', + status: 'Incomplete', + }, + { + id: 'CWE-1265', + name: 'Unintended Reentrant Invocation of Non-reentrant Code Via Nested Calls', + status: 'Draft', + }, + { + id: 'CWE-1266', + name: 'Improper Scrubbing of Sensitive Data from Decommissioned Device', + status: 'Incomplete', + }, + { id: 'CWE-1267', name: 'Policy Uses Obsolete Encoding', status: 'Draft' }, + { + id: 'CWE-1268', + name: 'Policy Privileges are not Assigned Consistently Between Control and Data Agents', + status: 'Draft', + }, + { + id: 'CWE-1269', + name: 'Product Released in Non-Release Configuration', + status: 'Incomplete', + }, + { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, + { + id: 'CWE-1270', + name: 'Generation of Incorrect Security Tokens', + status: 'Incomplete', + }, + { + id: 'CWE-1271', + name: 'Uninitialized Value on Reset for Registers Holding Security Settings', + status: 'Incomplete', + }, + { + id: 'CWE-1272', + name: 'Sensitive Information Uncleared Before Debug/Power State Transition', + status: 'Stable', + }, + { + id: 'CWE-1273', + name: 'Device Unlock Credential Sharing', + status: 'Incomplete', + }, + { + id: 'CWE-1274', + name: 'Improper Access Control for Volatile Memory Containing Boot Code', + status: 'Stable', + }, + { + id: 'CWE-1275', + name: 'Sensitive Cookie with Improper SameSite Attribute', + status: 'Incomplete', + }, + { + id: 'CWE-1276', + name: 'Hardware Child Block Incorrectly Connected to Parent System', + status: 'Incomplete', + }, + { id: 'CWE-1277', name: 'Firmware Not Updateable', status: 'Draft' }, + { + id: 'CWE-1278', + name: 'Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques', + status: 'Incomplete', + }, + { + id: 'CWE-1279', + name: 'Cryptographic Operations are run Before Supporting Units are Ready', + status: 'Incomplete', + }, + { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, + { + id: 'CWE-1280', + name: 'Access Control Check Implemented After Asset is Accessed', + status: 'Incomplete', + }, + { + id: 'CWE-1281', + name: 'Sequence of Processor Instructions Leads to Unexpected Behavior', + status: 'Incomplete', + }, + { + id: 'CWE-1282', + name: 'Assumed-Immutable Data is Stored in Writable Memory', + status: 'Incomplete', + }, + { + id: 'CWE-1283', + name: 'Mutable Attestation or Measurement Reporting Data', + status: 'Incomplete', + }, + { + id: 'CWE-1284', + name: 'Improper Validation of Specified Quantity in Input', + status: 'Incomplete', + }, + { + id: 'CWE-1285', + name: 'Improper Validation of Specified Index, Position, or Offset in Input', + status: 'Incomplete', + }, + { + id: 'CWE-1286', + name: 'Improper Validation of Syntactic Correctness of Input', + status: 'Incomplete', + }, + { + id: 'CWE-1287', + name: 'Improper Validation of Specified Type of Input', + status: 'Incomplete', + }, + { + id: 'CWE-1288', + name: 'Improper Validation of Consistency within Input', + status: 'Incomplete', + }, + { + id: 'CWE-1289', + name: 'Improper Validation of Unsafe Equivalence in Input', + status: 'Incomplete', + }, + { + id: 'CWE-129', + name: 'Improper Validation of Array Index', + status: 'Draft', + }, + { + id: 'CWE-1290', + name: 'Incorrect Decoding of Security Identifiers ', + status: 'Incomplete', + }, + { + id: 'CWE-1291', + name: 'Public Key Re-Use for Signing both Debug and Production Code', + status: 'Draft', + }, + { + id: 'CWE-1292', + name: 'Incorrect Conversion of Security Identifiers', + status: 'Draft', + }, + { + id: 'CWE-1293', + name: 'Missing Source Correlation of Multiple Independent Data', + status: 'Draft', + }, + { + id: 'CWE-1294', + name: 'Insecure Security Identifier Mechanism', + status: 'Incomplete', + }, + { + id: 'CWE-1295', + name: 'Debug Messages Revealing Unnecessary Information', + status: 'Incomplete', + }, + { + id: 'CWE-1296', + name: 'Incorrect Chaining or Granularity of Debug Components', + status: 'Incomplete', + }, + { + id: 'CWE-1297', + name: 'Unprotected Confidential Information on Device is Accessible by OSAT Vendors', + status: 'Incomplete', + }, + { + id: 'CWE-1298', + name: 'Hardware Logic Contains Race Conditions', + status: 'Draft', + }, + { + id: 'CWE-1299', + name: 'Missing Protection Mechanism for Alternate Hardware Interface', + status: 'Draft', + }, + { + id: 'CWE-13', + name: 'ASP.NET Misconfiguration: Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-130', + name: 'Improper Handling of Length Parameter Inconsistency', + status: 'Incomplete', + }, + { + id: 'CWE-1300', + name: 'Improper Protection of Physical Side Channels', + status: 'Stable', + }, + { + id: 'CWE-1301', + name: 'Insufficient or Incomplete Data Removal within Hardware Component', + status: 'Incomplete', + }, + { + id: 'CWE-1302', + name: 'Missing Security Identifier', + status: 'Incomplete', + }, + { + id: 'CWE-1303', + name: 'Non-Transparent Sharing of Microarchitectural Resources', + status: 'Draft', + }, + { + id: 'CWE-1304', + name: 'Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation', + status: 'Draft', + }, + { + id: 'CWE-131', + name: 'Incorrect Calculation of Buffer Size', + status: 'Draft', + }, + { + id: 'CWE-1310', + name: 'Missing Ability to Patch ROM Code', + status: 'Draft', + }, + { + id: 'CWE-1311', + name: 'Improper Translation of Security Attributes by Fabric Bridge', + status: 'Draft', + }, + { + id: 'CWE-1312', + name: 'Missing Protection for Mirrored Regions in On-Chip Fabric Firewall', + status: 'Draft', + }, + { + id: 'CWE-1313', + name: 'Hardware Allows Activation of Test or Debug Logic at Runtime', + status: 'Draft', + }, + { + id: 'CWE-1314', + name: 'Missing Write Protection for Parametric Data Values', + status: 'Draft', + }, + { + id: 'CWE-1315', + name: 'Improper Setting of Bus Controlling Capability in Fabric End-point', + status: 'Incomplete', + }, + { + id: 'CWE-1316', + name: 'Fabric-Address Map Allows Programming of Unwarranted Overlaps of Protected and Unprotected Ranges', + status: 'Draft', + }, + { + id: 'CWE-1317', + name: 'Missing Security Checks in Fabric Bridge', + status: 'Draft', + }, + { + id: 'CWE-1318', + name: 'Missing Support for Security Features in On-chip Fabrics or Buses', + status: 'Incomplete', + }, + { + id: 'CWE-1319', + name: 'Improper Protection against Electromagnetic Fault Injection (EM-FI)', + status: 'Incomplete', + }, + { + id: 'CWE-132', + name: 'DEPRECATED: Miscalculated Null Termination', + status: 'Deprecated', + }, + { + id: 'CWE-1320', + name: 'Improper Protection for Out of Bounds Signal Level Alerts', + status: 'Draft', + }, + { + id: 'CWE-1321', + name: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", + status: 'Incomplete', + }, + { + id: 'CWE-1322', + name: 'Use of Blocking Code in Single-threaded, Non-blocking Context', + status: 'Incomplete', + }, + { + id: 'CWE-1323', + name: 'Improper Management of Sensitive Trace Data', + status: 'Draft', + }, + { + id: 'CWE-1324', + name: 'Sensitive Information Accessible by Physical Probing of JTAG Interface', + status: 'Draft', + }, + { + id: 'CWE-1325', + name: 'Improperly Controlled Sequential Memory Allocation', + status: 'Incomplete', + }, + { + id: 'CWE-1326', + name: 'Missing Immutable Root of Trust in Hardware', + status: 'Draft', + }, + { + id: 'CWE-1327', + name: 'Binding to an Unrestricted IP Address', + status: 'Incomplete', + }, + { + id: 'CWE-1328', + name: 'Security Version Number Mutable to Older Versions', + status: 'Draft', + }, + { + id: 'CWE-1329', + name: 'Reliance on Component That is Not Updateable', + status: 'Incomplete', + }, + { + id: 'CWE-1330', + name: 'Remanent Data Readable after Memory Erase', + status: 'Draft', + }, + { + id: 'CWE-1331', + name: 'Improper Isolation of Shared Resources in Network On Chip (NoC)', + status: 'Stable', + }, + { + id: 'CWE-1332', + name: 'Improper Handling of Faults that Lead to Instruction Skips', + status: 'Stable', + }, + { + id: 'CWE-1333', + name: 'Inefficient Regular Expression Complexity', + status: 'Draft', + }, + { + id: 'CWE-1334', + name: 'Unauthorized Error Injection Can Degrade Hardware Redundancy', + status: 'Draft', + }, + { + id: 'CWE-1335', + name: 'Incorrect Bitwise Shift of Integer', + status: 'Draft', + }, + { + id: 'CWE-1336', + name: 'Improper Neutralization of Special Elements Used in a Template Engine', + status: 'Incomplete', + }, + { + id: 'CWE-1338', + name: 'Improper Protections Against Hardware Overheating', + status: 'Draft', + }, + { + id: 'CWE-1339', + name: 'Insufficient Precision or Accuracy of a Real Number', + status: 'Draft', + }, + { + id: 'CWE-134', + name: 'Use of Externally-Controlled Format String', + status: 'Draft', + }, + { + id: 'CWE-1341', + name: 'Multiple Releases of Same Resource or Handle', + status: 'Incomplete', + }, + { + id: 'CWE-1342', + name: 'Information Exposure through Microarchitectural State after Transient Execution', + status: 'Incomplete', + }, + { + id: 'CWE-135', + name: 'Incorrect Calculation of Multi-Byte String Length', + status: 'Draft', + }, + { + id: 'CWE-1351', + name: 'Improper Handling of Hardware Behavior in Exceptionally Cold Environments', + status: 'Incomplete', + }, + { + id: 'CWE-1357', + name: 'Reliance on Uncontrolled Component', + status: 'Incomplete', + }, + { + id: 'CWE-138', + name: 'Improper Neutralization of Special Elements', + status: 'Draft', + }, + { + id: 'CWE-1384', + name: 'Improper Handling of Physical or Environmental Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-1385', + name: 'Missing Origin Validation in WebSockets', + status: 'Incomplete', + }, + { + id: 'CWE-1386', + name: 'Insecure Operation on Windows Junction / Mount Point', + status: 'Incomplete', + }, + { + id: 'CWE-14', + name: 'Compiler Removal of Code to Clear Buffers', + status: 'Draft', + }, + { + id: 'CWE-140', + name: 'Improper Neutralization of Delimiters', + status: 'Draft', + }, + { + id: 'CWE-141', + name: 'Improper Neutralization of Parameter/Argument Delimiters', + status: 'Draft', + }, + { + id: 'CWE-142', + name: 'Improper Neutralization of Value Delimiters', + status: 'Draft', + }, + { + id: 'CWE-143', + name: 'Improper Neutralization of Record Delimiters', + status: 'Draft', + }, + { + id: 'CWE-144', + name: 'Improper Neutralization of Line Delimiters', + status: 'Draft', + }, + { + id: 'CWE-145', + name: 'Improper Neutralization of Section Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-146', + name: 'Improper Neutralization of Expression/Command Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-147', + name: 'Improper Neutralization of Input Terminators', + status: 'Draft', + }, + { + id: 'CWE-148', + name: 'Improper Neutralization of Input Leaders', + status: 'Draft', + }, + { + id: 'CWE-149', + name: 'Improper Neutralization of Quoting Syntax', + status: 'Draft', + }, + { + id: 'CWE-15', + name: 'External Control of System or Configuration Setting', + status: 'Incomplete', + }, + { + id: 'CWE-150', + name: 'Improper Neutralization of Escape, Meta, or Control Sequences', + status: 'Incomplete', + }, + { + id: 'CWE-151', + name: 'Improper Neutralization of Comment Delimiters', + status: 'Draft', + }, + { + id: 'CWE-152', + name: 'Improper Neutralization of Macro Symbols', + status: 'Draft', + }, + { + id: 'CWE-153', + name: 'Improper Neutralization of Substitution Characters', + status: 'Draft', + }, + { + id: 'CWE-154', + name: 'Improper Neutralization of Variable Name Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-155', + name: 'Improper Neutralization of Wildcards or Matching Symbols', + status: 'Draft', + }, + { + id: 'CWE-156', + name: 'Improper Neutralization of Whitespace', + status: 'Draft', + }, + { + id: 'CWE-157', + name: 'Failure to Sanitize Paired Delimiters', + status: 'Draft', + }, + { + id: 'CWE-158', + name: 'Improper Neutralization of Null Byte or NUL Character', + status: 'Incomplete', + }, + { + id: 'CWE-159', + name: 'Improper Handling of Invalid Use of Special Elements', + status: 'Draft', + }, + { + id: 'CWE-160', + name: 'Improper Neutralization of Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-161', + name: 'Improper Neutralization of Multiple Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-162', + name: 'Improper Neutralization of Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-163', + name: 'Improper Neutralization of Multiple Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-164', + name: 'Improper Neutralization of Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-165', + name: 'Improper Neutralization of Multiple Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-166', + name: 'Improper Handling of Missing Special Element', + status: 'Draft', + }, + { + id: 'CWE-167', + name: 'Improper Handling of Additional Special Element', + status: 'Draft', + }, + { + id: 'CWE-168', + name: 'Improper Handling of Inconsistent Special Elements', + status: 'Draft', + }, + { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, + { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, + { + id: 'CWE-173', + name: 'Improper Handling of Alternate Encoding', + status: 'Draft', + }, + { + id: 'CWE-174', + name: 'Double Decoding of the Same Data', + status: 'Draft', + }, + { + id: 'CWE-175', + name: 'Improper Handling of Mixed Encoding', + status: 'Draft', + }, + { + id: 'CWE-176', + name: 'Improper Handling of Unicode Encoding', + status: 'Draft', + }, + { + id: 'CWE-177', + name: 'Improper Handling of URL Encoding (Hex Encoding)', + status: 'Draft', + }, + { + id: 'CWE-178', + name: 'Improper Handling of Case Sensitivity', + status: 'Incomplete', + }, + { + id: 'CWE-179', + name: 'Incorrect Behavior Order: Early Validation', + status: 'Incomplete', + }, + { + id: 'CWE-180', + name: 'Incorrect Behavior Order: Validate Before Canonicalize', + status: 'Draft', + }, + { + id: 'CWE-181', + name: 'Incorrect Behavior Order: Validate Before Filter', + status: 'Draft', + }, + { + id: 'CWE-182', + name: 'Collapse of Data into Unsafe Value', + status: 'Draft', + }, + { + id: 'CWE-183', + name: 'Permissive List of Allowed Inputs', + status: 'Draft', + }, + { + id: 'CWE-184', + name: 'Incomplete List of Disallowed Inputs', + status: 'Draft', + }, + { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, + { + id: 'CWE-186', + name: 'Overly Restrictive Regular Expression', + status: 'Draft', + }, + { id: 'CWE-187', name: 'Partial String Comparison', status: 'Incomplete' }, + { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, + { id: 'CWE-190', name: 'Integer Overflow or Wraparound', status: 'Stable' }, + { + id: 'CWE-191', + name: 'Integer Underflow (Wrap or Wraparound)', + status: 'Draft', + }, + { id: 'CWE-192', name: 'Integer Coercion Error', status: 'Incomplete' }, + { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, + { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, + { + id: 'CWE-195', + name: 'Signed to Unsigned Conversion Error', + status: 'Draft', + }, + { + id: 'CWE-196', + name: 'Unsigned to Signed Conversion Error', + status: 'Draft', + }, + { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, + { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, + { id: 'CWE-20', name: 'Improper Input Validation', status: 'Stable' }, + { + id: 'CWE-200', + name: 'Exposure of Sensitive Information to an Unauthorized Actor', + status: 'Draft', + }, + { + id: 'CWE-201', + name: 'Insertion of Sensitive Information Into Sent Data', + status: 'Draft', + }, + { + id: 'CWE-202', + name: 'Exposure of Sensitive Information Through Data Queries', + status: 'Draft', + }, + { id: 'CWE-203', name: 'Observable Discrepancy', status: 'Incomplete' }, + { + id: 'CWE-204', + name: 'Observable Response Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-205', + name: 'Observable Behavioral Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-206', + name: 'Observable Internal Behavioral Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-207', + name: 'Observable Behavioral Discrepancy With Equivalent Products', + status: 'Draft', + }, + { + id: 'CWE-208', + name: 'Observable Timing Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-209', + name: 'Generation of Error Message Containing Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-210', + name: 'Self-generated Error Message Containing Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-211', + name: 'Externally-Generated Error Message Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-212', + name: 'Improper Removal of Sensitive Information Before Storage or Transfer', + status: 'Incomplete', + }, + { + id: 'CWE-213', + name: 'Exposure of Sensitive Information Due to Incompatible Policies', + status: 'Draft', + }, + { + id: 'CWE-214', + name: 'Invocation of Process Using Visible Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-215', + name: 'Insertion of Sensitive Information Into Debugging Code', + status: 'Draft', + }, + { + id: 'CWE-216', + name: 'DEPRECATED: Containment Errors (Container Errors)', + status: 'Deprecated', + }, + { + id: 'CWE-217', + name: 'DEPRECATED: Failure to Protect Stored Data from Modification', + status: 'Deprecated', + }, + { + id: 'CWE-218', + name: 'DEPRECATED: Failure to provide confidentiality for stored data', + status: 'Deprecated', + }, + { + id: 'CWE-219', + name: 'Storage of File with Sensitive Data Under Web Root', + status: 'Draft', + }, + { + id: 'CWE-22', + name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + status: 'Stable', + }, + { + id: 'CWE-220', + name: 'Storage of File With Sensitive Data Under FTP Root', + status: 'Draft', + }, + { + id: 'CWE-221', + name: 'Information Loss or Omission', + status: 'Incomplete', + }, + { + id: 'CWE-222', + name: 'Truncation of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-223', + name: 'Omission of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-224', + name: 'Obscured Security-relevant Information by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-225', + name: 'DEPRECATED: General Information Management Problems', + status: 'Deprecated', + }, + { + id: 'CWE-226', + name: 'Sensitive Information in Resource Not Removed Before Reuse', + status: 'Draft', + }, + { + id: 'CWE-228', + name: 'Improper Handling of Syntactically Invalid Structure', + status: 'Incomplete', + }, + { + id: 'CWE-229', + name: 'Improper Handling of Values', + status: 'Incomplete', + }, + { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, + { + id: 'CWE-230', + name: 'Improper Handling of Missing Values', + status: 'Draft', + }, + { + id: 'CWE-231', + name: 'Improper Handling of Extra Values', + status: 'Draft', + }, + { + id: 'CWE-232', + name: 'Improper Handling of Undefined Values', + status: 'Draft', + }, + { + id: 'CWE-233', + name: 'Improper Handling of Parameters', + status: 'Incomplete', + }, + { + id: 'CWE-234', + name: 'Failure to Handle Missing Parameter', + status: 'Incomplete', + }, + { + id: 'CWE-235', + name: 'Improper Handling of Extra Parameters', + status: 'Draft', + }, + { + id: 'CWE-236', + name: 'Improper Handling of Undefined Parameters', + status: 'Draft', + }, + { + id: 'CWE-237', + name: 'Improper Handling of Structural Elements', + status: 'Incomplete', + }, + { + id: 'CWE-238', + name: 'Improper Handling of Incomplete Structural Elements', + status: 'Draft', + }, + { + id: 'CWE-239', + name: 'Failure to Handle Incomplete Element', + status: 'Draft', + }, + { + id: 'CWE-24', + name: "Path Traversal: '../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-240', + name: 'Improper Handling of Inconsistent Structural Elements', + status: 'Draft', + }, + { + id: 'CWE-241', + name: 'Improper Handling of Unexpected Data Type', + status: 'Draft', + }, + { + id: 'CWE-242', + name: 'Use of Inherently Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-243', + name: 'Creation of chroot Jail Without Changing Working Directory', + status: 'Draft', + }, + { + id: 'CWE-244', + name: "Improper Clearing of Heap Memory Before Release ('Heap Inspection')", + status: 'Draft', + }, + { + id: 'CWE-245', + name: 'J2EE Bad Practices: Direct Management of Connections', + status: 'Draft', + }, + { + id: 'CWE-246', + name: 'J2EE Bad Practices: Direct Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-247', + name: 'DEPRECATED: Reliance on DNS Lookups in a Security Decision', + status: 'Deprecated', + }, + { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, + { + id: 'CWE-249', + name: 'DEPRECATED: Often Misused: Path Manipulation', + status: 'Deprecated', + }, + { + id: 'CWE-25', + name: "Path Traversal: '/../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-250', + name: 'Execution with Unnecessary Privileges', + status: 'Draft', + }, + { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, + { + id: 'CWE-253', + name: 'Incorrect Check of Function Return Value', + status: 'Incomplete', + }, + { + id: 'CWE-256', + name: 'Plaintext Storage of a Password', + status: 'Incomplete', + }, + { + id: 'CWE-257', + name: 'Storing Passwords in a Recoverable Format', + status: 'Incomplete', + }, + { + id: 'CWE-258', + name: 'Empty Password in Configuration File', + status: 'Incomplete', + }, + { id: 'CWE-259', name: 'Use of Hard-coded Password', status: 'Draft' }, + { + id: 'CWE-26', + name: "Path Traversal: '/dir/../filename'", + status: 'Draft', + }, + { + id: 'CWE-260', + name: 'Password in Configuration File', + status: 'Incomplete', + }, + { id: 'CWE-261', name: 'Weak Encoding for Password', status: 'Incomplete' }, + { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, + { + id: 'CWE-263', + name: 'Password Aging with Long Expiration', + status: 'Draft', + }, + { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, + { + id: 'CWE-267', + name: 'Privilege Defined With Unsafe Actions', + status: 'Incomplete', + }, + { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, + { id: 'CWE-269', name: 'Improper Privilege Management', status: 'Draft' }, + { + id: 'CWE-27', + name: "Path Traversal: 'dir/../../filename'", + status: 'Draft', + }, + { + id: 'CWE-270', + name: 'Privilege Context Switching Error', + status: 'Draft', + }, + { + id: 'CWE-271', + name: 'Privilege Dropping / Lowering Errors', + status: 'Incomplete', + }, + { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, + { + id: 'CWE-273', + name: 'Improper Check for Dropped Privileges', + status: 'Incomplete', + }, + { + id: 'CWE-274', + name: 'Improper Handling of Insufficient Privileges', + status: 'Draft', + }, + { id: 'CWE-276', name: 'Incorrect Default Permissions', status: 'Draft' }, + { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, + { + id: 'CWE-278', + name: 'Insecure Preserved Inherited Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-279', + name: 'Incorrect Execution-Assigned Permissions', + status: 'Draft', + }, + { + id: 'CWE-28', + name: "Path Traversal: '..\\filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-280', + name: 'Improper Handling of Insufficient Permissions or Privileges ', + status: 'Draft', + }, + { + id: 'CWE-281', + name: 'Improper Preservation of Permissions', + status: 'Draft', + }, + { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, + { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, + { id: 'CWE-284', name: 'Improper Access Control', status: 'Incomplete' }, + { id: 'CWE-285', name: 'Improper Authorization', status: 'Draft' }, + { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, + { id: 'CWE-287', name: 'Improper Authentication', status: 'Draft' }, + { + id: 'CWE-288', + name: 'Authentication Bypass Using an Alternate Path or Channel', + status: 'Incomplete', + }, + { + id: 'CWE-289', + name: 'Authentication Bypass by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-29', + name: "Path Traversal: '\\..\\filename'", + status: 'Incomplete', + }, + { + id: 'CWE-290', + name: 'Authentication Bypass by Spoofing', + status: 'Incomplete', + }, + { + id: 'CWE-291', + name: 'Reliance on IP Address for Authentication', + status: 'Incomplete', + }, + { + id: 'CWE-292', + name: 'DEPRECATED: Trusting Self-reported DNS Name', + status: 'Deprecated', + }, + { + id: 'CWE-293', + name: 'Using Referer Field for Authentication', + status: 'Draft', + }, + { + id: 'CWE-294', + name: 'Authentication Bypass by Capture-replay', + status: 'Incomplete', + }, + { id: 'CWE-295', name: 'Improper Certificate Validation', status: 'Draft' }, + { + id: 'CWE-296', + name: "Improper Following of a Certificate's Chain of Trust", + status: 'Draft', + }, + { + id: 'CWE-297', + name: 'Improper Validation of Certificate with Host Mismatch', + status: 'Incomplete', + }, + { + id: 'CWE-298', + name: 'Improper Validation of Certificate Expiration', + status: 'Draft', + }, + { + id: 'CWE-299', + name: 'Improper Check for Certificate Revocation', + status: 'Draft', + }, + { + id: 'CWE-30', + name: "Path Traversal: '\\dir\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-300', + name: 'Channel Accessible by Non-Endpoint', + status: 'Draft', + }, + { + id: 'CWE-301', + name: 'Reflection Attack in an Authentication Protocol', + status: 'Draft', + }, + { + id: 'CWE-302', + name: 'Authentication Bypass by Assumed-Immutable Data', + status: 'Incomplete', + }, + { + id: 'CWE-303', + name: 'Incorrect Implementation of Authentication Algorithm', + status: 'Draft', + }, + { + id: 'CWE-304', + name: 'Missing Critical Step in Authentication', + status: 'Draft', + }, + { + id: 'CWE-305', + name: 'Authentication Bypass by Primary Weakness', + status: 'Draft', + }, + { + id: 'CWE-306', + name: 'Missing Authentication for Critical Function', + status: 'Draft', + }, + { + id: 'CWE-307', + name: 'Improper Restriction of Excessive Authentication Attempts', + status: 'Draft', + }, + { + id: 'CWE-308', + name: 'Use of Single-factor Authentication', + status: 'Draft', + }, + { + id: 'CWE-309', + name: 'Use of Password System for Primary Authentication', + status: 'Draft', + }, + { + id: 'CWE-31', + name: "Path Traversal: 'dir\\..\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-311', + name: 'Missing Encryption of Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-312', + name: 'Cleartext Storage of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-313', + name: 'Cleartext Storage in a File or on Disk', + status: 'Draft', + }, + { + id: 'CWE-314', + name: 'Cleartext Storage in the Registry', + status: 'Draft', + }, + { + id: 'CWE-315', + name: 'Cleartext Storage of Sensitive Information in a Cookie', + status: 'Draft', + }, + { + id: 'CWE-316', + name: 'Cleartext Storage of Sensitive Information in Memory', + status: 'Draft', + }, + { + id: 'CWE-317', + name: 'Cleartext Storage of Sensitive Information in GUI', + status: 'Draft', + }, + { + id: 'CWE-318', + name: 'Cleartext Storage of Sensitive Information in Executable', + status: 'Draft', + }, + { + id: 'CWE-319', + name: 'Cleartext Transmission of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-32', + name: "Path Traversal: '...' (Triple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-321', + name: 'Use of Hard-coded Cryptographic Key', + status: 'Draft', + }, + { + id: 'CWE-322', + name: 'Key Exchange without Entity Authentication', + status: 'Draft', + }, + { + id: 'CWE-323', + name: 'Reusing a Nonce, Key Pair in Encryption', + status: 'Incomplete', + }, + { + id: 'CWE-324', + name: 'Use of a Key Past its Expiration Date', + status: 'Draft', + }, + { id: 'CWE-325', name: 'Missing Cryptographic Step', status: 'Draft' }, + { id: 'CWE-326', name: 'Inadequate Encryption Strength', status: 'Draft' }, + { + id: 'CWE-327', + name: 'Use of a Broken or Risky Cryptographic Algorithm', + status: 'Draft', + }, + { id: 'CWE-328', name: 'Use of Weak Hash', status: 'Draft' }, + { + id: 'CWE-329', + name: 'Generation of Predictable IV with CBC Mode', + status: 'Draft', + }, + { + id: 'CWE-33', + name: "Path Traversal: '....' (Multiple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-330', + name: 'Use of Insufficiently Random Values', + status: 'Stable', + }, + { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, + { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, + { + id: 'CWE-333', + name: 'Improper Handling of Insufficient Entropy in TRNG', + status: 'Draft', + }, + { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, + { + id: 'CWE-335', + name: 'Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + }, + { + id: 'CWE-336', + name: 'Same Seed in Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + }, + { + id: 'CWE-337', + name: 'Predictable Seed in Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + }, + { + id: 'CWE-338', + name: 'Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + }, + { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, + { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, + { + id: 'CWE-340', + name: 'Generation of Predictable Numbers or Identifiers', + status: 'Incomplete', + }, + { + id: 'CWE-341', + name: 'Predictable from Observable State', + status: 'Draft', + }, + { + id: 'CWE-342', + name: 'Predictable Exact Value from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-343', + name: 'Predictable Value Range from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-344', + name: 'Use of Invariant Value in Dynamically Changing Context', + status: 'Draft', + }, + { + id: 'CWE-345', + name: 'Insufficient Verification of Data Authenticity', + status: 'Draft', + }, + { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, + { + id: 'CWE-347', + name: 'Improper Verification of Cryptographic Signature', + status: 'Draft', + }, + { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, + { + id: 'CWE-349', + name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', + status: 'Draft', + }, + { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, + { + id: 'CWE-350', + name: 'Reliance on Reverse DNS Resolution for a Security-Critical Action', + status: 'Draft', + }, + { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, + { + id: 'CWE-352', + name: 'Cross-Site Request Forgery (CSRF)', + status: 'Stable', + }, + { + id: 'CWE-353', + name: 'Missing Support for Integrity Check', + status: 'Draft', + }, + { + id: 'CWE-354', + name: 'Improper Validation of Integrity Check Value', + status: 'Draft', + }, + { + id: 'CWE-356', + name: 'Product UI does not Warn User of Unsafe Actions', + status: 'Incomplete', + }, + { + id: 'CWE-357', + name: 'Insufficient UI Warning of Dangerous Operations', + status: 'Draft', + }, + { + id: 'CWE-358', + name: 'Improperly Implemented Security Check for Standard', + status: 'Draft', + }, + { + id: 'CWE-359', + name: 'Exposure of Private Personal Information to an Unauthorized Actor', + status: 'Incomplete', + }, + { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, + { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, + { + id: 'CWE-362', + name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", + status: 'Draft', + }, + { + id: 'CWE-363', + name: 'Race Condition Enabling Link Following', + status: 'Draft', + }, + { + id: 'CWE-364', + name: 'Signal Handler Race Condition', + status: 'Incomplete', + }, + { + id: 'CWE-365', + name: 'DEPRECATED: Race Condition in Switch', + status: 'Deprecated', + }, + { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, + { + id: 'CWE-367', + name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', + status: 'Incomplete', + }, + { + id: 'CWE-368', + name: 'Context Switching Race Condition', + status: 'Draft', + }, + { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, + { + id: 'CWE-37', + name: "Path Traversal: '/absolute/pathname/here'", + status: 'Draft', + }, + { + id: 'CWE-370', + name: 'Missing Check for Certificate Revocation after Initial Check', + status: 'Draft', + }, + { + id: 'CWE-372', + name: 'Incomplete Internal State Distinction', + status: 'Draft', + }, + { + id: 'CWE-373', + name: 'DEPRECATED: State Synchronization Error', + status: 'Deprecated', + }, + { + id: 'CWE-374', + name: 'Passing Mutable Objects to an Untrusted Method', + status: 'Draft', + }, + { + id: 'CWE-375', + name: 'Returning a Mutable Object to an Untrusted Caller', + status: 'Draft', + }, + { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, + { + id: 'CWE-378', + name: 'Creation of Temporary File With Insecure Permissions', + status: 'Draft', + }, + { + id: 'CWE-379', + name: 'Creation of Temporary File in Directory with Insecure Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-38', + name: "Path Traversal: '\\absolute\\pathname\\here'", + status: 'Draft', + }, + { + id: 'CWE-382', + name: 'J2EE Bad Practices: Use of System.exit()', + status: 'Draft', + }, + { + id: 'CWE-383', + name: 'J2EE Bad Practices: Direct Use of Threads', + status: 'Draft', + }, + { id: 'CWE-384', name: 'Session Fixation', status: 'Incomplete' }, + { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, + { + id: 'CWE-386', + name: 'Symbolic Name not Mapping to Correct Object', + status: 'Draft', + }, + { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, + { + id: 'CWE-390', + name: 'Detection of Error Condition Without Action', + status: 'Draft', + }, + { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, + { + id: 'CWE-392', + name: 'Missing Report of Error Condition', + status: 'Draft', + }, + { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, + { + id: 'CWE-394', + name: 'Unexpected Status Code or Return Value', + status: 'Draft', + }, + { + id: 'CWE-395', + name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', + status: 'Draft', + }, + { + id: 'CWE-396', + name: 'Declaration of Catch for Generic Exception', + status: 'Draft', + }, + { + id: 'CWE-397', + name: 'Declaration of Throws for Generic Exception', + status: 'Draft', + }, + { + id: 'CWE-40', + name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", + status: 'Draft', + }, + { + id: 'CWE-400', + name: 'Uncontrolled Resource Consumption', + status: 'Draft', + }, + { + id: 'CWE-401', + name: 'Missing Release of Memory after Effective Lifetime', + status: 'Draft', + }, + { + id: 'CWE-402', + name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", + status: 'Draft', + }, + { + id: 'CWE-403', + name: "Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')", + status: 'Draft', + }, + { + id: 'CWE-404', + name: 'Improper Resource Shutdown or Release', + status: 'Draft', + }, + { + id: 'CWE-405', + name: 'Asymmetric Resource Consumption (Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-406', + name: 'Insufficient Control of Network Message Volume (Network Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-407', + name: 'Inefficient Algorithmic Complexity', + status: 'Incomplete', + }, + { + id: 'CWE-408', + name: 'Incorrect Behavior Order: Early Amplification', + status: 'Draft', + }, + { + id: 'CWE-409', + name: 'Improper Handling of Highly Compressed Data (Data Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-41', + name: 'Improper Resolution of Path Equivalence', + status: 'Incomplete', + }, + { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, + { + id: 'CWE-412', + name: 'Unrestricted Externally Accessible Lock', + status: 'Incomplete', + }, + { id: 'CWE-413', name: 'Improper Resource Locking', status: 'Draft' }, + { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, + { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, + { id: 'CWE-416', name: 'Use After Free', status: 'Stable' }, + { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, + { + id: 'CWE-42', + name: "Path Equivalence: 'filename.' (Trailing Dot)", + status: 'Incomplete', + }, + { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, + { + id: 'CWE-421', + name: 'Race Condition During Access to Alternate Channel', + status: 'Draft', + }, + { + id: 'CWE-422', + name: "Unprotected Windows Messaging Channel ('Shatter')", + status: 'Draft', + }, + { + id: 'CWE-423', + name: 'DEPRECATED: Proxied Trusted Channel', + status: 'Deprecated', + }, + { + id: 'CWE-424', + name: 'Improper Protection of Alternate Path', + status: 'Draft', + }, + { + id: 'CWE-425', + name: "Direct Request ('Forced Browsing')", + status: 'Incomplete', + }, + { id: 'CWE-426', name: 'Untrusted Search Path', status: 'Stable' }, + { + id: 'CWE-427', + name: 'Uncontrolled Search Path Element', + status: 'Draft', + }, + { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, + { + id: 'CWE-43', + name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-430', + name: 'Deployment of Wrong Handler', + status: 'Incomplete', + }, + { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, + { + id: 'CWE-432', + name: 'Dangerous Signal Handler not Disabled During Sensitive Operations', + status: 'Draft', + }, + { + id: 'CWE-433', + name: 'Unparsed Raw Web Content Delivery', + status: 'Incomplete', + }, + { + id: 'CWE-434', + name: 'Unrestricted Upload of File with Dangerous Type', + status: 'Draft', + }, + { + id: 'CWE-435', + name: 'Improper Interaction Between Multiple Correctly-Behaving Entities', + status: 'Draft', + }, + { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, + { + id: 'CWE-437', + name: 'Incomplete Model of Endpoint Features', + status: 'Incomplete', + }, + { + id: 'CWE-439', + name: 'Behavioral Change in New Version or Environment', + status: 'Draft', + }, + { + id: 'CWE-44', + name: "Path Equivalence: 'file.name' (Internal Dot)", + status: 'Incomplete', + }, + { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, + { + id: 'CWE-441', + name: "Unintended Proxy or Intermediary ('Confused Deputy')", + status: 'Draft', + }, + { + id: 'CWE-443', + name: 'DEPRECATED: HTTP response splitting', + status: 'Deprecated', + }, + { + id: 'CWE-444', + name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", + status: 'Incomplete', + }, + { + id: 'CWE-446', + name: 'UI Discrepancy for Security Feature', + status: 'Incomplete', + }, + { + id: 'CWE-447', + name: 'Unimplemented or Unsupported Feature in UI', + status: 'Draft', + }, + { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, + { + id: 'CWE-449', + name: 'The UI Performs the Wrong Action', + status: 'Incomplete', + }, + { + id: 'CWE-45', + name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-450', + name: 'Multiple Interpretations of UI Input', + status: 'Draft', + }, + { + id: 'CWE-451', + name: 'User Interface (UI) Misrepresentation of Critical Information', + status: 'Draft', + }, + { + id: 'CWE-453', + name: 'Insecure Default Variable Initialization', + status: 'Draft', + }, + { + id: 'CWE-454', + name: 'External Initialization of Trusted Variables or Data Stores', + status: 'Draft', + }, + { + id: 'CWE-455', + name: 'Non-exit on Failed Initialization', + status: 'Draft', + }, + { + id: 'CWE-456', + name: 'Missing Initialization of a Variable', + status: 'Draft', + }, + { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, + { + id: 'CWE-458', + name: 'DEPRECATED: Incorrect Initialization', + status: 'Deprecated', + }, + { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, + { + id: 'CWE-46', + name: "Path Equivalence: 'filename ' (Trailing Space)", + status: 'Incomplete', + }, + { + id: 'CWE-460', + name: 'Improper Cleanup on Thrown Exception', + status: 'Draft', + }, + { + id: 'CWE-462', + name: 'Duplicate Key in Associative List (Alist)', + status: 'Incomplete', + }, + { + id: 'CWE-463', + name: 'Deletion of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-464', + name: 'Addition of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-466', + name: 'Return of Pointer Value Outside of Expected Range', + status: 'Draft', + }, + { + id: 'CWE-467', + name: 'Use of sizeof() on a Pointer Type', + status: 'Draft', + }, + { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, + { + id: 'CWE-469', + name: 'Use of Pointer Subtraction to Determine Size', + status: 'Draft', + }, + { + id: 'CWE-47', + name: "Path Equivalence: ' filename' (Leading Space)", + status: 'Incomplete', + }, + { + id: 'CWE-470', + name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", + status: 'Draft', + }, + { + id: 'CWE-471', + name: 'Modification of Assumed-Immutable Data (MAID)', + status: 'Draft', + }, + { + id: 'CWE-472', + name: 'External Control of Assumed-Immutable Web Parameter', + status: 'Draft', + }, + { + id: 'CWE-473', + name: 'PHP External Variable Modification', + status: 'Draft', + }, + { + id: 'CWE-474', + name: 'Use of Function with Inconsistent Implementations', + status: 'Draft', + }, + { + id: 'CWE-475', + name: 'Undefined Behavior for Input to API', + status: 'Incomplete', + }, + { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Stable' }, + { id: 'CWE-477', name: 'Use of Obsolete Function', status: 'Draft' }, + { + id: 'CWE-478', + name: 'Missing Default Case in Switch Statement', + status: 'Draft', + }, + { + id: 'CWE-479', + name: 'Signal Handler Use of a Non-reentrant Function', + status: 'Draft', + }, + { + id: 'CWE-48', + name: "Path Equivalence: 'file name' (Internal Whitespace)", + status: 'Incomplete', + }, + { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, + { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, + { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, + { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, + { + id: 'CWE-484', + name: 'Omitted Break Statement in Switch', + status: 'Draft', + }, + { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, + { + id: 'CWE-487', + name: 'Reliance on Package-level Scope', + status: 'Incomplete', + }, + { + id: 'CWE-488', + name: 'Exposure of Data Element to Wrong Session', + status: 'Draft', + }, + { id: 'CWE-489', name: 'Active Debug Code', status: 'Draft' }, + { + id: 'CWE-49', + name: "Path Equivalence: 'filename/' (Trailing Slash)", + status: 'Incomplete', + }, + { + id: 'CWE-491', + name: "Public cloneable() Method Without Final ('Object Hijack')", + status: 'Draft', + }, + { + id: 'CWE-492', + name: 'Use of Inner Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-493', + name: 'Critical Public Variable Without Final Modifier', + status: 'Draft', + }, + { + id: 'CWE-494', + name: 'Download of Code Without Integrity Check', + status: 'Draft', + }, + { + id: 'CWE-495', + name: 'Private Data Structure Returned From A Public Method', + status: 'Draft', + }, + { + id: 'CWE-496', + name: 'Public Data Assigned to Private Array-Typed Field', + status: 'Incomplete', + }, + { + id: 'CWE-497', + name: 'Exposure of Sensitive System Information to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-498', + name: 'Cloneable Class Containing Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-499', + name: 'Serializable Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-5', + name: 'J2EE Misconfiguration: Data Transmission Without Encryption', + status: 'Draft', + }, + { + id: 'CWE-50', + name: "Path Equivalence: '//multiple/leading/slash'", + status: 'Incomplete', + }, + { + id: 'CWE-500', + name: 'Public Static Field Not Marked Final', + status: 'Draft', + }, + { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, + { + id: 'CWE-502', + name: 'Deserialization of Untrusted Data', + status: 'Draft', + }, + { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, + { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, + { + id: 'CWE-508', + name: 'Non-Replicating Malicious Code', + status: 'Incomplete', + }, + { + id: 'CWE-509', + name: 'Replicating Malicious Code (Virus or Worm)', + status: 'Incomplete', + }, + { + id: 'CWE-51', + name: "Path Equivalence: '/multiple//internal/slash'", + status: 'Incomplete', + }, + { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, + { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, + { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, + { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, + { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, + { + id: 'CWE-516', + name: 'DEPRECATED: Covert Timing Channel', + status: 'Deprecated', + }, + { + id: 'CWE-52', + name: "Path Equivalence: '/multiple/trailing/slash//'", + status: 'Incomplete', + }, + { + id: 'CWE-520', + name: '.NET Misconfiguration: Use of Impersonation', + status: 'Incomplete', + }, + { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, + { + id: 'CWE-522', + name: 'Insufficiently Protected Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-523', + name: 'Unprotected Transport of Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-524', + name: 'Use of Cache Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-525', + name: 'Use of Web Browser Cache Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-526', + name: 'Exposure of Sensitive Information Through Environmental Variables', + status: 'Incomplete', + }, + { + id: 'CWE-527', + name: 'Exposure of Version-Control Repository to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-528', + name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', + status: 'Draft', + }, + { + id: 'CWE-529', + name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-53', + name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", + status: 'Incomplete', + }, + { + id: 'CWE-530', + name: 'Exposure of Backup File to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-531', + name: 'Inclusion of Sensitive Information in Test Code', + status: 'Incomplete', + }, + { + id: 'CWE-532', + name: 'Insertion of Sensitive Information into Log File', + status: 'Incomplete', + }, + { + id: 'CWE-533', + name: 'DEPRECATED: Information Exposure Through Server Log Files', + status: 'Deprecated', + }, + { + id: 'CWE-534', + name: 'DEPRECATED: Information Exposure Through Debug Log Files', + status: 'Deprecated', + }, + { + id: 'CWE-535', + name: 'Exposure of Information Through Shell Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-536', + name: 'Servlet Runtime Error Message Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-537', + name: 'Java Runtime Error Message Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-538', + name: 'Insertion of Sensitive Information into Externally-Accessible File or Directory', + status: 'Draft', + }, + { + id: 'CWE-539', + name: 'Use of Persistent Cookies Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-54', + name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", + status: 'Incomplete', + }, + { + id: 'CWE-540', + name: 'Inclusion of Sensitive Information in Source Code', + status: 'Incomplete', + }, + { + id: 'CWE-541', + name: 'Inclusion of Sensitive Information in an Include File', + status: 'Incomplete', + }, + { + id: 'CWE-542', + name: 'DEPRECATED: Information Exposure Through Cleanup Log Files', + status: 'Deprecated', + }, + { + id: 'CWE-543', + name: 'Use of Singleton Pattern Without Synchronization in a Multithreaded Context', + status: 'Incomplete', + }, + { + id: 'CWE-544', + name: 'Missing Standardized Error Handling Mechanism', + status: 'Draft', + }, + { + id: 'CWE-545', + name: 'DEPRECATED: Use of Dynamic Class Loading', + status: 'Deprecated', + }, + { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, + { + id: 'CWE-547', + name: 'Use of Hard-coded, Security-relevant Constants', + status: 'Draft', + }, + { + id: 'CWE-548', + name: 'Exposure of Information Through Directory Listing', + status: 'Draft', + }, + { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, + { + id: 'CWE-55', + name: "Path Equivalence: '/./' (Single Dot Directory)", + status: 'Incomplete', + }, + { + id: 'CWE-550', + name: 'Server-generated Error Message Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-551', + name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', + status: 'Incomplete', + }, + { + id: 'CWE-552', + name: 'Files or Directories Accessible to External Parties', + status: 'Draft', + }, + { + id: 'CWE-553', + name: 'Command Shell in Externally Accessible Directory', + status: 'Incomplete', + }, + { + id: 'CWE-554', + name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', + status: 'Draft', + }, + { + id: 'CWE-555', + name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-556', + name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', + status: 'Incomplete', + }, + { + id: 'CWE-558', + name: 'Use of getlogin() in Multithreaded Application', + status: 'Draft', + }, + { + id: 'CWE-56', + name: "Path Equivalence: 'filedir*' (Wildcard)", + status: 'Incomplete', + }, + { + id: 'CWE-560', + name: 'Use of umask() with chmod-style Argument', + status: 'Draft', + }, + { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, + { + id: 'CWE-562', + name: 'Return of Stack Variable Address', + status: 'Draft', + }, + { + id: 'CWE-563', + name: 'Assignment to Variable without Use', + status: 'Draft', + }, + { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, + { + id: 'CWE-565', + name: 'Reliance on Cookies without Validation and Integrity Checking', + status: 'Incomplete', + }, + { + id: 'CWE-566', + name: 'Authorization Bypass Through User-Controlled SQL Primary Key', + status: 'Incomplete', + }, + { + id: 'CWE-567', + name: 'Unsynchronized Access to Shared Data in a Multithreaded Context', + status: 'Draft', + }, + { + id: 'CWE-568', + name: 'finalize() Method Without super.finalize()', + status: 'Draft', + }, + { + id: 'CWE-57', + name: "Path Equivalence: 'fakedir/../realdir/filename'", + status: 'Incomplete', + }, + { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, + { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, + { + id: 'CWE-572', + name: 'Call to Thread run() instead of start()', + status: 'Draft', + }, + { + id: 'CWE-573', + name: 'Improper Following of Specification by Caller', + status: 'Draft', + }, + { + id: 'CWE-574', + name: 'EJB Bad Practices: Use of Synchronization Primitives', + status: 'Draft', + }, + { + id: 'CWE-575', + name: 'EJB Bad Practices: Use of AWT Swing', + status: 'Draft', + }, + { + id: 'CWE-576', + name: 'EJB Bad Practices: Use of Java I/O', + status: 'Draft', + }, + { + id: 'CWE-577', + name: 'EJB Bad Practices: Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-578', + name: 'EJB Bad Practices: Use of Class Loader', + status: 'Draft', + }, + { + id: 'CWE-579', + name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', + status: 'Draft', + }, + { + id: 'CWE-58', + name: 'Path Equivalence: Windows 8.3 Filename', + status: 'Incomplete', + }, + { + id: 'CWE-580', + name: 'clone() Method Without super.clone()', + status: 'Draft', + }, + { + id: 'CWE-581', + name: 'Object Model Violation: Just One of Equals and Hashcode Defined', + status: 'Draft', + }, + { + id: 'CWE-582', + name: 'Array Declared Public, Final, and Static', + status: 'Draft', + }, + { + id: 'CWE-583', + name: 'finalize() Method Declared Public', + status: 'Incomplete', + }, + { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, + { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, + { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, + { + id: 'CWE-587', + name: 'Assignment of a Fixed Address to a Pointer', + status: 'Draft', + }, + { + id: 'CWE-588', + name: 'Attempt to Access Child of a Non-structure Pointer', + status: 'Incomplete', + }, + { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, + { + id: 'CWE-59', + name: "Improper Link Resolution Before File Access ('Link Following')", + status: 'Draft', + }, + { + id: 'CWE-590', + name: 'Free of Memory not on the Heap', + status: 'Incomplete', + }, + { + id: 'CWE-591', + name: 'Sensitive Data Storage in Improperly Locked Memory', + status: 'Draft', + }, + { + id: 'CWE-592', + name: 'DEPRECATED: Authentication Bypass Issues', + status: 'Deprecated', + }, + { + id: 'CWE-593', + name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', + status: 'Draft', + }, + { + id: 'CWE-594', + name: 'J2EE Framework: Saving Unserializable Objects to Disk', + status: 'Incomplete', + }, + { + id: 'CWE-595', + name: 'Comparison of Object References Instead of Object Contents', + status: 'Incomplete', + }, + { + id: 'CWE-596', + name: 'DEPRECATED: Incorrect Semantic Object Comparison', + status: 'Deprecated', + }, + { + id: 'CWE-597', + name: 'Use of Wrong Operator in String Comparison', + status: 'Draft', + }, + { + id: 'CWE-598', + name: 'Use of GET Request Method With Sensitive Query Strings', + status: 'Draft', + }, + { + id: 'CWE-599', + name: 'Missing Validation of OpenSSL Certificate', + status: 'Incomplete', + }, + { + id: 'CWE-6', + name: 'J2EE Misconfiguration: Insufficient Session-ID Length', + status: 'Incomplete', + }, + { id: 'CWE-600', name: 'Uncaught Exception in Servlet ', status: 'Draft' }, + { + id: 'CWE-601', + name: "URL Redirection to Untrusted Site ('Open Redirect')", + status: 'Draft', + }, + { + id: 'CWE-602', + name: 'Client-Side Enforcement of Server-Side Security', + status: 'Draft', + }, + { + id: 'CWE-603', + name: 'Use of Client-Side Authentication', + status: 'Draft', + }, + { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, + { + id: 'CWE-606', + name: 'Unchecked Input for Loop Condition', + status: 'Draft', + }, + { + id: 'CWE-607', + name: 'Public Static Final Field References Mutable Object', + status: 'Draft', + }, + { + id: 'CWE-608', + name: 'Struts: Non-private Field in ActionForm Class', + status: 'Draft', + }, + { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, + { + id: 'CWE-61', + name: 'UNIX Symbolic Link (Symlink) Following', + status: 'Incomplete', + }, + { + id: 'CWE-610', + name: 'Externally Controlled Reference to a Resource in Another Sphere', + status: 'Draft', + }, + { + id: 'CWE-611', + name: 'Improper Restriction of XML External Entity Reference', + status: 'Draft', + }, + { + id: 'CWE-612', + name: 'Improper Authorization of Index Containing Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-613', + name: 'Insufficient Session Expiration', + status: 'Incomplete', + }, + { + id: 'CWE-614', + name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", + status: 'Draft', + }, + { + id: 'CWE-615', + name: 'Inclusion of Sensitive Information in Source Code Comments', + status: 'Incomplete', + }, + { + id: 'CWE-616', + name: 'Incomplete Identification of Uploaded File Variables (PHP)', + status: 'Incomplete', + }, + { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, + { + id: 'CWE-618', + name: 'Exposed Unsafe ActiveX Method', + status: 'Incomplete', + }, + { + id: 'CWE-619', + name: "Dangling Database Cursor ('Cursor Injection')", + status: 'Incomplete', + }, + { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, + { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, + { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, + { + id: 'CWE-622', + name: 'Improper Validation of Function Hook Arguments', + status: 'Draft', + }, + { + id: 'CWE-623', + name: 'Unsafe ActiveX Control Marked Safe For Scripting', + status: 'Draft', + }, + { + id: 'CWE-624', + name: 'Executable Regular Expression Error', + status: 'Incomplete', + }, + { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, + { + id: 'CWE-626', + name: 'Null Byte Interaction Error (Poison Null Byte)', + status: 'Draft', + }, + { + id: 'CWE-627', + name: 'Dynamic Variable Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-628', + name: 'Function Call with Incorrectly Specified Arguments', + status: 'Draft', + }, + { + id: 'CWE-636', + name: "Not Failing Securely ('Failing Open')", + status: 'Draft', + }, + { + id: 'CWE-637', + name: "Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')", + status: 'Draft', + }, + { id: 'CWE-638', name: 'Not Using Complete Mediation', status: 'Draft' }, + { + id: 'CWE-639', + name: 'Authorization Bypass Through User-Controlled Key', + status: 'Incomplete', + }, + { + id: 'CWE-64', + name: 'Windows Shortcut Following (.LNK)', + status: 'Incomplete', + }, + { + id: 'CWE-640', + name: 'Weak Password Recovery Mechanism for Forgotten Password', + status: 'Incomplete', + }, + { + id: 'CWE-641', + name: 'Improper Restriction of Names for Files and Other Resources', + status: 'Incomplete', + }, + { + id: 'CWE-642', + name: 'External Control of Critical State Data', + status: 'Draft', + }, + { + id: 'CWE-643', + name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-644', + name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', + status: 'Incomplete', + }, + { + id: 'CWE-645', + name: 'Overly Restrictive Account Lockout Mechanism', + status: 'Incomplete', + }, + { + id: 'CWE-646', + name: 'Reliance on File Name or Extension of Externally-Supplied File', + status: 'Incomplete', + }, + { + id: 'CWE-647', + name: 'Use of Non-Canonical URL Paths for Authorization Decisions', + status: 'Incomplete', + }, + { + id: 'CWE-648', + name: 'Incorrect Use of Privileged APIs', + status: 'Incomplete', + }, + { + id: 'CWE-649', + name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', + status: 'Incomplete', + }, + { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, + { + id: 'CWE-650', + name: 'Trusting HTTP Permission Methods on the Server Side', + status: 'Incomplete', + }, + { + id: 'CWE-651', + name: 'Exposure of WSDL File Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-652', + name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-653', + name: 'Improper Isolation or Compartmentalization', + status: 'Draft', + }, + { + id: 'CWE-654', + name: 'Reliance on a Single Factor in a Security Decision', + status: 'Draft', + }, + { + id: 'CWE-655', + name: 'Insufficient Psychological Acceptability', + status: 'Draft', + }, + { + id: 'CWE-656', + name: 'Reliance on Security Through Obscurity', + status: 'Draft', + }, + { + id: 'CWE-657', + name: 'Violation of Secure Design Principles', + status: 'Draft', + }, + { + id: 'CWE-66', + name: 'Improper Handling of File Names that Identify Virtual Resources', + status: 'Draft', + }, + { id: 'CWE-662', name: 'Improper Synchronization', status: 'Draft' }, + { + id: 'CWE-663', + name: 'Use of a Non-reentrant Function in a Concurrent Context', + status: 'Draft', + }, + { + id: 'CWE-664', + name: 'Improper Control of a Resource Through its Lifetime', + status: 'Draft', + }, + { id: 'CWE-665', name: 'Improper Initialization', status: 'Draft' }, + { + id: 'CWE-666', + name: 'Operation on Resource in Wrong Phase of Lifetime', + status: 'Draft', + }, + { id: 'CWE-667', name: 'Improper Locking', status: 'Draft' }, + { + id: 'CWE-668', + name: 'Exposure of Resource to Wrong Sphere', + status: 'Draft', + }, + { + id: 'CWE-669', + name: 'Incorrect Resource Transfer Between Spheres', + status: 'Draft', + }, + { + id: 'CWE-67', + name: 'Improper Handling of Windows Device Names', + status: 'Incomplete', + }, + { + id: 'CWE-670', + name: 'Always-Incorrect Control Flow Implementation', + status: 'Draft', + }, + { + id: 'CWE-671', + name: 'Lack of Administrator Control over Security', + status: 'Draft', + }, + { + id: 'CWE-672', + name: 'Operation on a Resource after Expiration or Release', + status: 'Draft', + }, + { + id: 'CWE-673', + name: 'External Influence of Sphere Definition', + status: 'Draft', + }, + { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, + { + id: 'CWE-675', + name: 'Multiple Operations on Resource in Single-Operation Context', + status: 'Draft', + }, + { + id: 'CWE-676', + name: 'Use of Potentially Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-680', + name: 'Integer Overflow to Buffer Overflow', + status: 'Draft', + }, + { + id: 'CWE-681', + name: 'Incorrect Conversion between Numeric Types', + status: 'Draft', + }, + { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, + { + id: 'CWE-683', + name: 'Function Call With Incorrect Order of Arguments', + status: 'Draft', + }, + { + id: 'CWE-684', + name: 'Incorrect Provision of Specified Functionality', + status: 'Draft', + }, + { + id: 'CWE-685', + name: 'Function Call With Incorrect Number of Arguments', + status: 'Draft', + }, + { + id: 'CWE-686', + name: 'Function Call With Incorrect Argument Type', + status: 'Draft', + }, + { + id: 'CWE-687', + name: 'Function Call With Incorrectly Specified Argument Value', + status: 'Draft', + }, + { + id: 'CWE-688', + name: 'Function Call With Incorrect Variable or Reference as Argument', + status: 'Draft', + }, + { + id: 'CWE-689', + name: 'Permission Race Condition During Resource Copy', + status: 'Draft', + }, + { + id: 'CWE-69', + name: 'Improper Handling of Windows ::DATA Alternate Data Stream', + status: 'Incomplete', + }, + { + id: 'CWE-690', + name: 'Unchecked Return Value to NULL Pointer Dereference', + status: 'Draft', + }, + { + id: 'CWE-691', + name: 'Insufficient Control Flow Management', + status: 'Draft', + }, + { + id: 'CWE-692', + name: 'Incomplete Denylist to Cross-Site Scripting', + status: 'Draft', + }, + { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, + { + id: 'CWE-694', + name: 'Use of Multiple Resources with Duplicate Identifier', + status: 'Incomplete', + }, + { + id: 'CWE-695', + name: 'Use of Low-Level Functionality', + status: 'Incomplete', + }, + { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, + { id: 'CWE-697', name: 'Incorrect Comparison', status: 'Incomplete' }, + { + id: 'CWE-698', + name: 'Execution After Redirect (EAR)', + status: 'Incomplete', + }, + { + id: 'CWE-7', + name: 'J2EE Misconfiguration: Missing Custom Error Page', + status: 'Incomplete', + }, + { + id: 'CWE-703', + name: 'Improper Check or Handling of Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-704', + name: 'Incorrect Type Conversion or Cast', + status: 'Incomplete', + }, + { + id: 'CWE-705', + name: 'Incorrect Control Flow Scoping', + status: 'Incomplete', + }, + { + id: 'CWE-706', + name: 'Use of Incorrectly-Resolved Name or Reference', + status: 'Incomplete', + }, + { id: 'CWE-707', name: 'Improper Neutralization', status: 'Incomplete' }, + { + id: 'CWE-708', + name: 'Incorrect Ownership Assignment', + status: 'Incomplete', + }, + { + id: 'CWE-71', + name: "DEPRECATED: Apple '.DS_Store'", + status: 'Deprecated', + }, + { + id: 'CWE-710', + name: 'Improper Adherence to Coding Standards', + status: 'Incomplete', + }, + { + id: 'CWE-72', + name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', + status: 'Incomplete', + }, + { + id: 'CWE-73', + name: 'External Control of File Name or Path', + status: 'Draft', + }, + { + id: 'CWE-732', + name: 'Incorrect Permission Assignment for Critical Resource', + status: 'Draft', + }, + { + id: 'CWE-733', + name: 'Compiler Optimization Removal or Modification of Security-critical Code', + status: 'Incomplete', + }, + { + id: 'CWE-74', + name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-749', + name: 'Exposed Dangerous Method or Function', + status: 'Incomplete', + }, + { + id: 'CWE-75', + name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', + status: 'Draft', + }, + { + id: 'CWE-754', + name: 'Improper Check for Unusual or Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-755', + name: 'Improper Handling of Exceptional Conditions', + status: 'Incomplete', + }, + { id: 'CWE-756', name: 'Missing Custom Error Page', status: 'Incomplete' }, + { + id: 'CWE-757', + name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", + status: 'Incomplete', + }, + { + id: 'CWE-758', + name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', + status: 'Incomplete', + }, + { + id: 'CWE-759', + name: 'Use of a One-Way Hash without a Salt', + status: 'Incomplete', + }, + { + id: 'CWE-76', + name: 'Improper Neutralization of Equivalent Special Elements', + status: 'Draft', + }, + { + id: 'CWE-760', + name: 'Use of a One-Way Hash with a Predictable Salt', + status: 'Incomplete', + }, + { + id: 'CWE-761', + name: 'Free of Pointer not at Start of Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-762', + name: 'Mismatched Memory Management Routines', + status: 'Incomplete', + }, + { + id: 'CWE-763', + name: 'Release of Invalid Pointer or Reference', + status: 'Incomplete', + }, + { + id: 'CWE-764', + name: 'Multiple Locks of a Critical Resource', + status: 'Incomplete', + }, + { + id: 'CWE-765', + name: 'Multiple Unlocks of a Critical Resource', + status: 'Incomplete', + }, + { + id: 'CWE-766', + name: 'Critical Data Element Declared Public', + status: 'Incomplete', + }, + { + id: 'CWE-767', + name: 'Access to Critical Private Variable via Public Method', + status: 'Incomplete', + }, + { + id: 'CWE-768', + name: 'Incorrect Short Circuit Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-769', + name: 'DEPRECATED: Uncontrolled File Descriptor Consumption', + status: 'Deprecated', + }, + { + id: 'CWE-77', + name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", + status: 'Draft', + }, + { + id: 'CWE-770', + name: 'Allocation of Resources Without Limits or Throttling', + status: 'Incomplete', + }, + { + id: 'CWE-771', + name: 'Missing Reference to Active Allocated Resource', + status: 'Incomplete', + }, + { + id: 'CWE-772', + name: 'Missing Release of Resource after Effective Lifetime', + status: 'Draft', + }, + { + id: 'CWE-773', + name: 'Missing Reference to Active File Descriptor or Handle', + status: 'Incomplete', + }, + { + id: 'CWE-774', + name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', + status: 'Incomplete', + }, + { + id: 'CWE-775', + name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-776', + name: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", + status: 'Draft', + }, + { + id: 'CWE-777', + name: 'Regular Expression without Anchors', + status: 'Incomplete', + }, + { id: 'CWE-778', name: 'Insufficient Logging', status: 'Draft' }, + { id: 'CWE-779', name: 'Logging of Excessive Data', status: 'Draft' }, + { + id: 'CWE-78', + name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", + status: 'Stable', + }, + { + id: 'CWE-780', + name: 'Use of RSA Algorithm without OAEP', + status: 'Incomplete', + }, + { + id: 'CWE-781', + name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', + status: 'Draft', + }, + { + id: 'CWE-782', + name: 'Exposed IOCTL with Insufficient Access Control', + status: 'Draft', + }, + { id: 'CWE-783', name: 'Operator Precedence Logic Error', status: 'Draft' }, + { + id: 'CWE-784', + name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', + status: 'Draft', + }, + { + id: 'CWE-785', + name: 'Use of Path Manipulation Function without Maximum-sized Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-786', + name: 'Access of Memory Location Before Start of Buffer', + status: 'Incomplete', + }, + { id: 'CWE-787', name: 'Out-of-bounds Write', status: 'Draft' }, + { + id: 'CWE-788', + name: 'Access of Memory Location After End of Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-789', + name: 'Memory Allocation with Excessive Size Value', + status: 'Draft', + }, + { + id: 'CWE-79', + name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + status: 'Stable', + }, + { + id: 'CWE-790', + name: 'Improper Filtering of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-791', + name: 'Incomplete Filtering of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-792', + name: 'Incomplete Filtering of One or More Instances of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-793', + name: 'Only Filtering One Instance of a Special Element', + status: 'Incomplete', + }, + { + id: 'CWE-794', + name: 'Incomplete Filtering of Multiple Instances of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-795', + name: 'Only Filtering Special Elements at a Specified Location', + status: 'Incomplete', + }, + { + id: 'CWE-796', + name: 'Only Filtering Special Elements Relative to a Marker', + status: 'Incomplete', + }, + { + id: 'CWE-797', + name: 'Only Filtering Special Elements at an Absolute Position', + status: 'Incomplete', + }, + { id: 'CWE-798', name: 'Use of Hard-coded Credentials', status: 'Draft' }, + { + id: 'CWE-799', + name: 'Improper Control of Interaction Frequency', + status: 'Incomplete', + }, + { + id: 'CWE-8', + name: 'J2EE Misconfiguration: Entity Bean Declared Remote', + status: 'Incomplete', + }, + { + id: 'CWE-80', + name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', + status: 'Incomplete', + }, + { id: 'CWE-804', name: 'Guessable CAPTCHA', status: 'Incomplete' }, + { + id: 'CWE-805', + name: 'Buffer Access with Incorrect Length Value', + status: 'Incomplete', + }, + { + id: 'CWE-806', + name: 'Buffer Access Using Size of Source Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-807', + name: 'Reliance on Untrusted Inputs in a Security Decision', + status: 'Incomplete', + }, + { + id: 'CWE-81', + name: 'Improper Neutralization of Script in an Error Message Web Page', + status: 'Incomplete', + }, + { + id: 'CWE-82', + name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', + status: 'Incomplete', + }, + { id: 'CWE-820', name: 'Missing Synchronization', status: 'Incomplete' }, + { id: 'CWE-821', name: 'Incorrect Synchronization', status: 'Incomplete' }, + { + id: 'CWE-822', + name: 'Untrusted Pointer Dereference', + status: 'Incomplete', + }, + { + id: 'CWE-823', + name: 'Use of Out-of-range Pointer Offset', + status: 'Incomplete', + }, + { + id: 'CWE-824', + name: 'Access of Uninitialized Pointer', + status: 'Incomplete', + }, + { + id: 'CWE-825', + name: 'Expired Pointer Dereference', + status: 'Incomplete', + }, + { + id: 'CWE-826', + name: 'Premature Release of Resource During Expected Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-827', + name: 'Improper Control of Document Type Definition', + status: 'Incomplete', + }, + { + id: 'CWE-828', + name: 'Signal Handler with Functionality that is not Asynchronous-Safe', + status: 'Incomplete', + }, + { + id: 'CWE-829', + name: 'Inclusion of Functionality from Untrusted Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-83', + name: 'Improper Neutralization of Script in Attributes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-830', + name: 'Inclusion of Web Functionality from an Untrusted Source', + status: 'Incomplete', + }, + { + id: 'CWE-831', + name: 'Signal Handler Function Associated with Multiple Signals', + status: 'Incomplete', + }, + { + id: 'CWE-832', + name: 'Unlock of a Resource that is not Locked', + status: 'Incomplete', + }, + { id: 'CWE-833', name: 'Deadlock', status: 'Incomplete' }, + { id: 'CWE-834', name: 'Excessive Iteration', status: 'Incomplete' }, + { + id: 'CWE-835', + name: "Loop with Unreachable Exit Condition ('Infinite Loop')", + status: 'Incomplete', + }, + { + id: 'CWE-836', + name: 'Use of Password Hash Instead of Password for Authentication', + status: 'Incomplete', + }, + { + id: 'CWE-837', + name: 'Improper Enforcement of a Single, Unique Action', + status: 'Incomplete', + }, + { + id: 'CWE-838', + name: 'Inappropriate Encoding for Output Context', + status: 'Incomplete', + }, + { + id: 'CWE-839', + name: 'Numeric Range Comparison Without Minimum Check', + status: 'Incomplete', + }, + { + id: 'CWE-84', + name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-841', + name: 'Improper Enforcement of Behavioral Workflow', + status: 'Incomplete', + }, + { + id: 'CWE-842', + name: 'Placement of User into Incorrect Group', + status: 'Incomplete', + }, + { + id: 'CWE-843', + name: "Access of Resource Using Incompatible Type ('Type Confusion')", + status: 'Incomplete', + }, + { + id: 'CWE-85', + name: 'Doubled Character XSS Manipulations', + status: 'Draft', + }, + { + id: 'CWE-86', + name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', + status: 'Draft', + }, + { id: 'CWE-862', name: 'Missing Authorization', status: 'Incomplete' }, + { id: 'CWE-863', name: 'Incorrect Authorization', status: 'Incomplete' }, + { + id: 'CWE-87', + name: 'Improper Neutralization of Alternate XSS Syntax', + status: 'Draft', + }, + { + id: 'CWE-88', + name: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", + status: 'Draft', + }, + { + id: 'CWE-89', + name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + status: 'Stable', + }, + { + id: 'CWE-9', + name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', + status: 'Draft', + }, + { + id: 'CWE-90', + name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", + status: 'Draft', + }, + { + id: 'CWE-908', + name: 'Use of Uninitialized Resource', + status: 'Incomplete', + }, + { + id: 'CWE-909', + name: 'Missing Initialization of Resource', + status: 'Incomplete', + }, + { + id: 'CWE-91', + name: 'XML Injection (aka Blind XPath Injection)', + status: 'Draft', + }, + { + id: 'CWE-910', + name: 'Use of Expired File Descriptor', + status: 'Incomplete', + }, + { + id: 'CWE-911', + name: 'Improper Update of Reference Count', + status: 'Incomplete', + }, + { id: 'CWE-912', name: 'Hidden Functionality', status: 'Incomplete' }, + { + id: 'CWE-913', + name: 'Improper Control of Dynamically-Managed Code Resources', + status: 'Incomplete', + }, + { + id: 'CWE-914', + name: 'Improper Control of Dynamically-Identified Variables', + status: 'Incomplete', + }, + { + id: 'CWE-915', + name: 'Improperly Controlled Modification of Dynamically-Determined Object Attributes', + status: 'Incomplete', + }, + { + id: 'CWE-916', + name: 'Use of Password Hash With Insufficient Computational Effort', + status: 'Incomplete', + }, + { + id: 'CWE-917', + name: "Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-918', + name: 'Server-Side Request Forgery (SSRF)', + status: 'Incomplete', + }, + { + id: 'CWE-92', + name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', + status: 'Deprecated', + }, + { + id: 'CWE-920', + name: 'Improper Restriction of Power Consumption', + status: 'Incomplete', + }, + { + id: 'CWE-921', + name: 'Storage of Sensitive Data in a Mechanism without Access Control', + status: 'Incomplete', + }, + { + id: 'CWE-922', + name: 'Insecure Storage of Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-923', + name: 'Improper Restriction of Communication Channel to Intended Endpoints', + status: 'Incomplete', + }, + { + id: 'CWE-924', + name: 'Improper Enforcement of Message Integrity During Transmission in a Communication Channel', + status: 'Incomplete', + }, + { + id: 'CWE-925', + name: 'Improper Verification of Intent by Broadcast Receiver', + status: 'Incomplete', + }, + { + id: 'CWE-926', + name: 'Improper Export of Android Application Components', + status: 'Incomplete', + }, + { + id: 'CWE-927', + name: 'Use of Implicit Intent for Sensitive Communication', + status: 'Incomplete', + }, + { + id: 'CWE-93', + name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", + status: 'Draft', + }, + { + id: 'CWE-939', + name: 'Improper Authorization in Handler for Custom URL Scheme', + status: 'Incomplete', + }, + { + id: 'CWE-94', + name: "Improper Control of Generation of Code ('Code Injection')", + status: 'Draft', + }, + { + id: 'CWE-940', + name: 'Improper Verification of Source of a Communication Channel', + status: 'Incomplete', + }, + { + id: 'CWE-941', + name: 'Incorrectly Specified Destination in a Communication Channel', + status: 'Incomplete', + }, + { + id: 'CWE-942', + name: 'Permissive Cross-domain Policy with Untrusted Domains', + status: 'Incomplete', + }, + { + id: 'CWE-943', + name: 'Improper Neutralization of Special Elements in Data Query Logic', + status: 'Incomplete', + }, + { + id: 'CWE-95', + name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-96', + name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", + status: 'Draft', + }, + { + id: 'CWE-97', + name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', + status: 'Draft', + }, + { + id: 'CWE-98', + name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", + status: 'Draft', + }, + { + id: 'CWE-99', + name: "Improper Control of Resource Identifiers ('Resource Injection')", + status: 'Draft', + }, + ], +} diff --git a/lib/cwec/4.9.js b/lib/cwec/4.9.js new file mode 100644 index 00000000..7a5f15a3 --- /dev/null +++ b/lib/cwec/4.9.js @@ -0,0 +1,4162 @@ +export default { + date: '2022-10-13', + weaknesses: [ + { + id: 'CWE-1004', + name: "Sensitive Cookie Without 'HttpOnly' Flag", + status: 'Incomplete', + }, + { + id: 'CWE-1007', + name: 'Insufficient Visual Distinction of Homoglyphs Presented to User', + status: 'Incomplete', + }, + { + id: 'CWE-102', + name: 'Struts: Duplicate Validation Forms', + status: 'Incomplete', + }, + { + id: 'CWE-1021', + name: 'Improper Restriction of Rendered UI Layers or Frames', + status: 'Incomplete', + }, + { + id: 'CWE-1022', + name: 'Use of Web Link to Untrusted Target with window.opener Access', + status: 'Incomplete', + }, + { + id: 'CWE-1023', + name: 'Incomplete Comparison with Missing Factors', + status: 'Incomplete', + }, + { + id: 'CWE-1024', + name: 'Comparison of Incompatible Types', + status: 'Incomplete', + }, + { + id: 'CWE-1025', + name: 'Comparison Using Wrong Factors', + status: 'Incomplete', + }, + { + id: 'CWE-103', + name: 'Struts: Incomplete validate() Method Definition', + status: 'Draft', + }, + { + id: 'CWE-1037', + name: 'Processor Optimization Removal or Modification of Security-critical Code', + status: 'Incomplete', + }, + { + id: 'CWE-1038', + name: 'Insecure Automated Optimizations', + status: 'Draft', + }, + { + id: 'CWE-1039', + name: 'Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations', + status: 'Incomplete', + }, + { + id: 'CWE-104', + name: 'Struts: Form Bean Does Not Extend Validation Class', + status: 'Draft', + }, + { id: 'CWE-1041', name: 'Use of Redundant Code', status: 'Incomplete' }, + { + id: 'CWE-1042', + name: 'Static Member Data Element outside of a Singleton Class Element', + status: 'Incomplete', + }, + { + id: 'CWE-1043', + name: 'Data Element Aggregating an Excessively Large Number of Non-Primitive Elements', + status: 'Incomplete', + }, + { + id: 'CWE-1044', + name: 'Architecture with Number of Horizontal Layers Outside of Expected Range', + status: 'Incomplete', + }, + { + id: 'CWE-1045', + name: 'Parent Class with a Virtual Destructor and a Child Class without a Virtual Destructor', + status: 'Incomplete', + }, + { + id: 'CWE-1046', + name: 'Creation of Immutable Text Using String Concatenation', + status: 'Incomplete', + }, + { + id: 'CWE-1047', + name: 'Modules with Circular Dependencies', + status: 'Incomplete', + }, + { + id: 'CWE-1048', + name: 'Invokable Control Element with Large Number of Outward Calls', + status: 'Incomplete', + }, + { + id: 'CWE-1049', + name: 'Excessive Data Query Operations in a Large Data Table', + status: 'Incomplete', + }, + { + id: 'CWE-105', + name: 'Struts: Form Field Without Validator', + status: 'Draft', + }, + { + id: 'CWE-1050', + name: 'Excessive Platform Resource Consumption within a Loop', + status: 'Incomplete', + }, + { + id: 'CWE-1051', + name: 'Initialization with Hard-Coded Network Resource Configuration Data', + status: 'Incomplete', + }, + { + id: 'CWE-1052', + name: 'Excessive Use of Hard-Coded Literals in Initialization', + status: 'Incomplete', + }, + { + id: 'CWE-1053', + name: 'Missing Documentation for Design', + status: 'Incomplete', + }, + { + id: 'CWE-1054', + name: 'Invocation of a Control Element at an Unnecessarily Deep Horizontal Layer', + status: 'Incomplete', + }, + { + id: 'CWE-1055', + name: 'Multiple Inheritance from Concrete Classes', + status: 'Incomplete', + }, + { + id: 'CWE-1056', + name: 'Invokable Control Element with Variadic Parameters', + status: 'Incomplete', + }, + { + id: 'CWE-1057', + name: 'Data Access Operations Outside of Expected Data Manager Component', + status: 'Incomplete', + }, + { + id: 'CWE-1058', + name: 'Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element', + status: 'Incomplete', + }, + { + id: 'CWE-1059', + name: 'Insufficient Technical Documentation', + status: 'Incomplete', + }, + { + id: 'CWE-106', + name: 'Struts: Plug-in Framework not in Use', + status: 'Draft', + }, + { + id: 'CWE-1060', + name: 'Excessive Number of Inefficient Server-Side Data Accesses', + status: 'Incomplete', + }, + { + id: 'CWE-1061', + name: 'Insufficient Encapsulation', + status: 'Incomplete', + }, + { + id: 'CWE-1062', + name: 'Parent Class with References to Child Class', + status: 'Incomplete', + }, + { + id: 'CWE-1063', + name: 'Creation of Class Instance within a Static Code Block', + status: 'Incomplete', + }, + { + id: 'CWE-1064', + name: 'Invokable Control Element with Signature Containing an Excessive Number of Parameters', + status: 'Incomplete', + }, + { + id: 'CWE-1065', + name: 'Runtime Resource Management Control Element in a Component Built to Run on Application Servers', + status: 'Incomplete', + }, + { + id: 'CWE-1066', + name: 'Missing Serialization Control Element', + status: 'Incomplete', + }, + { + id: 'CWE-1067', + name: 'Excessive Execution of Sequential Searches of Data Resource', + status: 'Incomplete', + }, + { + id: 'CWE-1068', + name: 'Inconsistency Between Implementation and Documented Design', + status: 'Incomplete', + }, + { id: 'CWE-1069', name: 'Empty Exception Block', status: 'Incomplete' }, + { id: 'CWE-107', name: 'Struts: Unused Validation Form', status: 'Draft' }, + { + id: 'CWE-1070', + name: 'Serializable Data Element Containing non-Serializable Item Elements', + status: 'Incomplete', + }, + { id: 'CWE-1071', name: 'Empty Code Block', status: 'Incomplete' }, + { + id: 'CWE-1072', + name: 'Data Resource Access without Use of Connection Pooling', + status: 'Incomplete', + }, + { + id: 'CWE-1073', + name: 'Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses', + status: 'Incomplete', + }, + { + id: 'CWE-1074', + name: 'Class with Excessively Deep Inheritance', + status: 'Incomplete', + }, + { + id: 'CWE-1075', + name: 'Unconditional Control Flow Transfer outside of Switch Block', + status: 'Incomplete', + }, + { + id: 'CWE-1076', + name: 'Insufficient Adherence to Expected Conventions', + status: 'Incomplete', + }, + { + id: 'CWE-1077', + name: 'Floating Point Comparison with Incorrect Operator', + status: 'Incomplete', + }, + { + id: 'CWE-1078', + name: 'Inappropriate Source Code Style or Formatting', + status: 'Incomplete', + }, + { + id: 'CWE-1079', + name: 'Parent Class without Virtual Destructor Method', + status: 'Incomplete', + }, + { + id: 'CWE-108', + name: 'Struts: Unvalidated Action Form', + status: 'Incomplete', + }, + { + id: 'CWE-1080', + name: 'Source Code File with Excessive Number of Lines of Code', + status: 'Incomplete', + }, + { + id: 'CWE-1082', + name: 'Class Instance Self Destruction Control Element', + status: 'Incomplete', + }, + { + id: 'CWE-1083', + name: 'Data Access from Outside Expected Data Manager Component', + status: 'Incomplete', + }, + { + id: 'CWE-1084', + name: 'Invokable Control Element with Excessive File or Data Access Operations', + status: 'Incomplete', + }, + { + id: 'CWE-1085', + name: 'Invokable Control Element with Excessive Volume of Commented-out Code', + status: 'Incomplete', + }, + { + id: 'CWE-1086', + name: 'Class with Excessive Number of Child Classes', + status: 'Incomplete', + }, + { + id: 'CWE-1087', + name: 'Class with Virtual Method without a Virtual Destructor', + status: 'Incomplete', + }, + { + id: 'CWE-1088', + name: 'Synchronous Access of Remote Resource without Timeout', + status: 'Incomplete', + }, + { + id: 'CWE-1089', + name: 'Large Data Table with Excessive Number of Indices', + status: 'Incomplete', + }, + { id: 'CWE-109', name: 'Struts: Validator Turned Off', status: 'Draft' }, + { + id: 'CWE-1090', + name: 'Method Containing Access of a Member Element from Another Class', + status: 'Incomplete', + }, + { + id: 'CWE-1091', + name: 'Use of Object without Invoking Destructor Method', + status: 'Incomplete', + }, + { + id: 'CWE-1092', + name: 'Use of Same Invokable Control Element in Multiple Architectural Layers', + status: 'Incomplete', + }, + { + id: 'CWE-1093', + name: 'Excessively Complex Data Representation', + status: 'Incomplete', + }, + { + id: 'CWE-1094', + name: 'Excessive Index Range Scan for a Data Resource', + status: 'Incomplete', + }, + { + id: 'CWE-1095', + name: 'Loop Condition Value Update within the Loop', + status: 'Incomplete', + }, + { + id: 'CWE-1096', + name: 'Singleton Class Instance Creation without Proper Locking or Synchronization', + status: 'Incomplete', + }, + { + id: 'CWE-1097', + name: 'Persistent Storable Data Element without Associated Comparison Control Element', + status: 'Incomplete', + }, + { + id: 'CWE-1098', + name: 'Data Element containing Pointer Item without Proper Copy Control Element', + status: 'Incomplete', + }, + { + id: 'CWE-1099', + name: 'Inconsistent Naming Conventions for Identifiers', + status: 'Incomplete', + }, + { + id: 'CWE-11', + name: 'ASP.NET Misconfiguration: Creating Debug Binary', + status: 'Draft', + }, + { + id: 'CWE-110', + name: 'Struts: Validator Without Form Field', + status: 'Draft', + }, + { + id: 'CWE-1100', + name: 'Insufficient Isolation of System-Dependent Functions', + status: 'Incomplete', + }, + { + id: 'CWE-1101', + name: 'Reliance on Runtime Component in Generated Code', + status: 'Incomplete', + }, + { + id: 'CWE-1102', + name: 'Reliance on Machine-Dependent Data Representation', + status: 'Incomplete', + }, + { + id: 'CWE-1103', + name: 'Use of Platform-Dependent Third Party Components', + status: 'Incomplete', + }, + { + id: 'CWE-1104', + name: 'Use of Unmaintained Third Party Components', + status: 'Incomplete', + }, + { + id: 'CWE-1105', + name: 'Insufficient Encapsulation of Machine-Dependent Functionality', + status: 'Incomplete', + }, + { + id: 'CWE-1106', + name: 'Insufficient Use of Symbolic Constants', + status: 'Incomplete', + }, + { + id: 'CWE-1107', + name: 'Insufficient Isolation of Symbolic Constant Definitions', + status: 'Incomplete', + }, + { + id: 'CWE-1108', + name: 'Excessive Reliance on Global Variables', + status: 'Incomplete', + }, + { + id: 'CWE-1109', + name: 'Use of Same Variable for Multiple Purposes', + status: 'Incomplete', + }, + { id: 'CWE-111', name: 'Direct Use of Unsafe JNI', status: 'Draft' }, + { + id: 'CWE-1110', + name: 'Incomplete Design Documentation', + status: 'Incomplete', + }, + { + id: 'CWE-1111', + name: 'Incomplete I/O Documentation', + status: 'Incomplete', + }, + { + id: 'CWE-1112', + name: 'Incomplete Documentation of Program Execution', + status: 'Incomplete', + }, + { + id: 'CWE-1113', + name: 'Inappropriate Comment Style', + status: 'Incomplete', + }, + { + id: 'CWE-1114', + name: 'Inappropriate Whitespace Style', + status: 'Incomplete', + }, + { + id: 'CWE-1115', + name: 'Source Code Element without Standard Prologue', + status: 'Incomplete', + }, + { id: 'CWE-1116', name: 'Inaccurate Comments', status: 'Incomplete' }, + { + id: 'CWE-1117', + name: 'Callable with Insufficient Behavioral Summary', + status: 'Incomplete', + }, + { + id: 'CWE-1118', + name: 'Insufficient Documentation of Error Handling Techniques', + status: 'Incomplete', + }, + { + id: 'CWE-1119', + name: 'Excessive Use of Unconditional Branching', + status: 'Incomplete', + }, + { id: 'CWE-112', name: 'Missing XML Validation', status: 'Draft' }, + { id: 'CWE-1120', name: 'Excessive Code Complexity', status: 'Incomplete' }, + { + id: 'CWE-1121', + name: 'Excessive McCabe Cyclomatic Complexity', + status: 'Incomplete', + }, + { + id: 'CWE-1122', + name: 'Excessive Halstead Complexity', + status: 'Incomplete', + }, + { + id: 'CWE-1123', + name: 'Excessive Use of Self-Modifying Code', + status: 'Incomplete', + }, + { id: 'CWE-1124', name: 'Excessively Deep Nesting', status: 'Incomplete' }, + { id: 'CWE-1125', name: 'Excessive Attack Surface', status: 'Incomplete' }, + { + id: 'CWE-1126', + name: 'Declaration of Variable with Unnecessarily Wide Scope', + status: 'Incomplete', + }, + { + id: 'CWE-1127', + name: 'Compilation with Insufficient Warnings or Errors', + status: 'Incomplete', + }, + { + id: 'CWE-113', + name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')", + status: 'Incomplete', + }, + { id: 'CWE-114', name: 'Process Control', status: 'Incomplete' }, + { id: 'CWE-115', name: 'Misinterpretation of Input', status: 'Incomplete' }, + { + id: 'CWE-116', + name: 'Improper Encoding or Escaping of Output', + status: 'Draft', + }, + { id: 'CWE-1164', name: 'Irrelevant Code', status: 'Incomplete' }, + { + id: 'CWE-117', + name: 'Improper Output Neutralization for Logs', + status: 'Draft', + }, + { + id: 'CWE-1173', + name: 'Improper Use of Validation Framework', + status: 'Draft', + }, + { + id: 'CWE-1174', + name: 'ASP.NET Misconfiguration: Improper Model Validation', + status: 'Draft', + }, + { + id: 'CWE-1176', + name: 'Inefficient CPU Computation', + status: 'Incomplete', + }, + { id: 'CWE-1177', name: 'Use of Prohibited Code', status: 'Incomplete' }, + { + id: 'CWE-118', + name: "Incorrect Access of Indexable Resource ('Range Error')", + status: 'Incomplete', + }, + { + id: 'CWE-1187', + name: 'DEPRECATED: Use of Uninitialized Resource', + status: 'Deprecated', + }, + { + id: 'CWE-1188', + name: 'Insecure Default Initialization of Resource', + status: 'Incomplete', + }, + { + id: 'CWE-1189', + name: 'Improper Isolation of Shared Resources on System-on-a-Chip (SoC)', + status: 'Stable', + }, + { + id: 'CWE-119', + name: 'Improper Restriction of Operations within the Bounds of a Memory Buffer', + status: 'Stable', + }, + { + id: 'CWE-1190', + name: 'DMA Device Enabled Too Early in Boot Phase', + status: 'Draft', + }, + { + id: 'CWE-1191', + name: 'On-Chip Debug and Test Interface With Improper Access Control', + status: 'Stable', + }, + { + id: 'CWE-1192', + name: 'System-on-Chip (SoC) Using Components without Unique, Immutable Identifiers', + status: 'Draft', + }, + { + id: 'CWE-1193', + name: 'Power-On of Untrusted Execution Core Before Enabling Fabric Access Control', + status: 'Draft', + }, + { + id: 'CWE-12', + name: 'ASP.NET Misconfiguration: Missing Custom Error Page', + status: 'Draft', + }, + { + id: 'CWE-120', + name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", + status: 'Incomplete', + }, + { + id: 'CWE-1204', + name: 'Generation of Weak Initialization Vector (IV)', + status: 'Incomplete', + }, + { + id: 'CWE-1209', + name: 'Failure to Disable Reserved Bits', + status: 'Incomplete', + }, + { id: 'CWE-121', name: 'Stack-based Buffer Overflow', status: 'Draft' }, + { id: 'CWE-122', name: 'Heap-based Buffer Overflow', status: 'Draft' }, + { + id: 'CWE-1220', + name: 'Insufficient Granularity of Access Control', + status: 'Incomplete', + }, + { + id: 'CWE-1221', + name: 'Incorrect Register Defaults or Module Parameters', + status: 'Incomplete', + }, + { + id: 'CWE-1222', + name: 'Insufficient Granularity of Address Regions Protected by Register Locks', + status: 'Incomplete', + }, + { + id: 'CWE-1223', + name: 'Race Condition for Write-Once Attributes', + status: 'Incomplete', + }, + { + id: 'CWE-1224', + name: 'Improper Restriction of Write-Once Bit Fields', + status: 'Incomplete', + }, + { + id: 'CWE-1229', + name: 'Creation of Emergent Resource', + status: 'Incomplete', + }, + { id: 'CWE-123', name: 'Write-what-where Condition', status: 'Draft' }, + { + id: 'CWE-1230', + name: 'Exposure of Sensitive Information Through Metadata', + status: 'Incomplete', + }, + { + id: 'CWE-1231', + name: 'Improper Prevention of Lock Bit Modification', + status: 'Stable', + }, + { + id: 'CWE-1232', + name: 'Improper Lock Behavior After Power State Transition', + status: 'Incomplete', + }, + { + id: 'CWE-1233', + name: 'Security-Sensitive Hardware Controls with Missing Lock Bit Protection', + status: 'Stable', + }, + { + id: 'CWE-1234', + name: 'Hardware Internal or Debug Modes Allow Override of Locks', + status: 'Incomplete', + }, + { + id: 'CWE-1235', + name: 'Incorrect Use of Autoboxing and Unboxing for Performance Critical Operations', + status: 'Incomplete', + }, + { + id: 'CWE-1236', + name: 'Improper Neutralization of Formula Elements in a CSV File', + status: 'Incomplete', + }, + { + id: 'CWE-1239', + name: 'Improper Zeroization of Hardware Register', + status: 'Draft', + }, + { + id: 'CWE-124', + name: "Buffer Underwrite ('Buffer Underflow')", + status: 'Incomplete', + }, + { + id: 'CWE-1240', + name: 'Use of a Cryptographic Primitive with a Risky Implementation', + status: 'Draft', + }, + { + id: 'CWE-1241', + name: 'Use of Predictable Algorithm in Random Number Generator', + status: 'Draft', + }, + { + id: 'CWE-1242', + name: 'Inclusion of Undocumented Features or Chicken Bits', + status: 'Incomplete', + }, + { + id: 'CWE-1243', + name: 'Sensitive Non-Volatile Information Not Protected During Debug', + status: 'Incomplete', + }, + { + id: 'CWE-1244', + name: 'Internal Asset Exposed to Unsafe Debug Access Level or State', + status: 'Stable', + }, + { + id: 'CWE-1245', + name: 'Improper Finite State Machines (FSMs) in Hardware Logic', + status: 'Incomplete', + }, + { + id: 'CWE-1246', + name: 'Improper Write Handling in Limited-write Non-Volatile Memories', + status: 'Incomplete', + }, + { + id: 'CWE-1247', + name: 'Improper Protection Against Voltage and Clock Glitches', + status: 'Stable', + }, + { + id: 'CWE-1248', + name: 'Semiconductor Defects in Hardware Logic with Security-Sensitive Implications', + status: 'Incomplete', + }, + { + id: 'CWE-1249', + name: 'Application-Level Admin Tool with Inconsistent View of Underlying Operating System', + status: 'Incomplete', + }, + { id: 'CWE-125', name: 'Out-of-bounds Read', status: 'Draft' }, + { + id: 'CWE-1250', + name: 'Improper Preservation of Consistency Between Independent Representations of Shared State', + status: 'Incomplete', + }, + { + id: 'CWE-1251', + name: 'Mirrored Regions with Different Values', + status: 'Incomplete', + }, + { + id: 'CWE-1252', + name: 'CPU Hardware Not Configured to Support Exclusivity of Write and Execute Operations', + status: 'Incomplete', + }, + { + id: 'CWE-1253', + name: 'Incorrect Selection of Fuse Values', + status: 'Draft', + }, + { + id: 'CWE-1254', + name: 'Incorrect Comparison Logic Granularity', + status: 'Draft', + }, + { + id: 'CWE-1255', + name: 'Comparison Logic is Vulnerable to Power Side-Channel Attacks', + status: 'Draft', + }, + { + id: 'CWE-1256', + name: 'Improper Restriction of Software Interfaces to Hardware Features', + status: 'Stable', + }, + { + id: 'CWE-1257', + name: 'Improper Access Control Applied to Mirrored or Aliased Memory Regions', + status: 'Incomplete', + }, + { + id: 'CWE-1258', + name: 'Exposure of Sensitive System Information Due to Uncleared Debug Information', + status: 'Draft', + }, + { + id: 'CWE-1259', + name: 'Improper Restriction of Security Token Assignment', + status: 'Incomplete', + }, + { id: 'CWE-126', name: 'Buffer Over-read', status: 'Draft' }, + { + id: 'CWE-1260', + name: 'Improper Handling of Overlap Between Protected Memory Ranges', + status: 'Stable', + }, + { + id: 'CWE-1261', + name: 'Improper Handling of Single Event Upsets', + status: 'Draft', + }, + { + id: 'CWE-1262', + name: 'Improper Access Control for Register Interface', + status: 'Stable', + }, + { + id: 'CWE-1263', + name: 'Improper Physical Access Control', + status: 'Incomplete', + }, + { + id: 'CWE-1264', + name: 'Hardware Logic with Insecure De-Synchronization between Control and Data Channels', + status: 'Incomplete', + }, + { + id: 'CWE-1265', + name: 'Unintended Reentrant Invocation of Non-reentrant Code Via Nested Calls', + status: 'Draft', + }, + { + id: 'CWE-1266', + name: 'Improper Scrubbing of Sensitive Data from Decommissioned Device', + status: 'Incomplete', + }, + { id: 'CWE-1267', name: 'Policy Uses Obsolete Encoding', status: 'Draft' }, + { + id: 'CWE-1268', + name: 'Policy Privileges are not Assigned Consistently Between Control and Data Agents', + status: 'Draft', + }, + { + id: 'CWE-1269', + name: 'Product Released in Non-Release Configuration', + status: 'Incomplete', + }, + { id: 'CWE-127', name: 'Buffer Under-read', status: 'Draft' }, + { + id: 'CWE-1270', + name: 'Generation of Incorrect Security Tokens', + status: 'Incomplete', + }, + { + id: 'CWE-1271', + name: 'Uninitialized Value on Reset for Registers Holding Security Settings', + status: 'Incomplete', + }, + { + id: 'CWE-1272', + name: 'Sensitive Information Uncleared Before Debug/Power State Transition', + status: 'Stable', + }, + { + id: 'CWE-1273', + name: 'Device Unlock Credential Sharing', + status: 'Incomplete', + }, + { + id: 'CWE-1274', + name: 'Improper Access Control for Volatile Memory Containing Boot Code', + status: 'Stable', + }, + { + id: 'CWE-1275', + name: 'Sensitive Cookie with Improper SameSite Attribute', + status: 'Incomplete', + }, + { + id: 'CWE-1276', + name: 'Hardware Child Block Incorrectly Connected to Parent System', + status: 'Incomplete', + }, + { id: 'CWE-1277', name: 'Firmware Not Updateable', status: 'Draft' }, + { + id: 'CWE-1278', + name: 'Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques', + status: 'Incomplete', + }, + { + id: 'CWE-1279', + name: 'Cryptographic Operations are run Before Supporting Units are Ready', + status: 'Incomplete', + }, + { id: 'CWE-128', name: 'Wrap-around Error', status: 'Incomplete' }, + { + id: 'CWE-1280', + name: 'Access Control Check Implemented After Asset is Accessed', + status: 'Incomplete', + }, + { + id: 'CWE-1281', + name: 'Sequence of Processor Instructions Leads to Unexpected Behavior', + status: 'Incomplete', + }, + { + id: 'CWE-1282', + name: 'Assumed-Immutable Data is Stored in Writable Memory', + status: 'Incomplete', + }, + { + id: 'CWE-1283', + name: 'Mutable Attestation or Measurement Reporting Data', + status: 'Incomplete', + }, + { + id: 'CWE-1284', + name: 'Improper Validation of Specified Quantity in Input', + status: 'Incomplete', + }, + { + id: 'CWE-1285', + name: 'Improper Validation of Specified Index, Position, or Offset in Input', + status: 'Incomplete', + }, + { + id: 'CWE-1286', + name: 'Improper Validation of Syntactic Correctness of Input', + status: 'Incomplete', + }, + { + id: 'CWE-1287', + name: 'Improper Validation of Specified Type of Input', + status: 'Incomplete', + }, + { + id: 'CWE-1288', + name: 'Improper Validation of Consistency within Input', + status: 'Incomplete', + }, + { + id: 'CWE-1289', + name: 'Improper Validation of Unsafe Equivalence in Input', + status: 'Incomplete', + }, + { + id: 'CWE-129', + name: 'Improper Validation of Array Index', + status: 'Draft', + }, + { + id: 'CWE-1290', + name: 'Incorrect Decoding of Security Identifiers ', + status: 'Incomplete', + }, + { + id: 'CWE-1291', + name: 'Public Key Re-Use for Signing both Debug and Production Code', + status: 'Draft', + }, + { + id: 'CWE-1292', + name: 'Incorrect Conversion of Security Identifiers', + status: 'Draft', + }, + { + id: 'CWE-1293', + name: 'Missing Source Correlation of Multiple Independent Data', + status: 'Draft', + }, + { + id: 'CWE-1294', + name: 'Insecure Security Identifier Mechanism', + status: 'Incomplete', + }, + { + id: 'CWE-1295', + name: 'Debug Messages Revealing Unnecessary Information', + status: 'Incomplete', + }, + { + id: 'CWE-1296', + name: 'Incorrect Chaining or Granularity of Debug Components', + status: 'Incomplete', + }, + { + id: 'CWE-1297', + name: 'Unprotected Confidential Information on Device is Accessible by OSAT Vendors', + status: 'Incomplete', + }, + { + id: 'CWE-1298', + name: 'Hardware Logic Contains Race Conditions', + status: 'Draft', + }, + { + id: 'CWE-1299', + name: 'Missing Protection Mechanism for Alternate Hardware Interface', + status: 'Draft', + }, + { + id: 'CWE-13', + name: 'ASP.NET Misconfiguration: Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-130', + name: 'Improper Handling of Length Parameter Inconsistency', + status: 'Incomplete', + }, + { + id: 'CWE-1300', + name: 'Improper Protection of Physical Side Channels', + status: 'Stable', + }, + { + id: 'CWE-1301', + name: 'Insufficient or Incomplete Data Removal within Hardware Component', + status: 'Incomplete', + }, + { + id: 'CWE-1302', + name: 'Missing Security Identifier', + status: 'Incomplete', + }, + { + id: 'CWE-1303', + name: 'Non-Transparent Sharing of Microarchitectural Resources', + status: 'Draft', + }, + { + id: 'CWE-1304', + name: 'Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation', + status: 'Draft', + }, + { + id: 'CWE-131', + name: 'Incorrect Calculation of Buffer Size', + status: 'Draft', + }, + { + id: 'CWE-1310', + name: 'Missing Ability to Patch ROM Code', + status: 'Draft', + }, + { + id: 'CWE-1311', + name: 'Improper Translation of Security Attributes by Fabric Bridge', + status: 'Draft', + }, + { + id: 'CWE-1312', + name: 'Missing Protection for Mirrored Regions in On-Chip Fabric Firewall', + status: 'Draft', + }, + { + id: 'CWE-1313', + name: 'Hardware Allows Activation of Test or Debug Logic at Runtime', + status: 'Draft', + }, + { + id: 'CWE-1314', + name: 'Missing Write Protection for Parametric Data Values', + status: 'Draft', + }, + { + id: 'CWE-1315', + name: 'Improper Setting of Bus Controlling Capability in Fabric End-point', + status: 'Incomplete', + }, + { + id: 'CWE-1316', + name: 'Fabric-Address Map Allows Programming of Unwarranted Overlaps of Protected and Unprotected Ranges', + status: 'Draft', + }, + { + id: 'CWE-1317', + name: 'Improper Access Control in Fabric Bridge', + status: 'Draft', + }, + { + id: 'CWE-1318', + name: 'Missing Support for Security Features in On-chip Fabrics or Buses', + status: 'Incomplete', + }, + { + id: 'CWE-1319', + name: 'Improper Protection against Electromagnetic Fault Injection (EM-FI)', + status: 'Incomplete', + }, + { + id: 'CWE-132', + name: 'DEPRECATED: Miscalculated Null Termination', + status: 'Deprecated', + }, + { + id: 'CWE-1320', + name: 'Improper Protection for Outbound Error Messages and Alert Signals', + status: 'Draft', + }, + { + id: 'CWE-1321', + name: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", + status: 'Incomplete', + }, + { + id: 'CWE-1322', + name: 'Use of Blocking Code in Single-threaded, Non-blocking Context', + status: 'Incomplete', + }, + { + id: 'CWE-1323', + name: 'Improper Management of Sensitive Trace Data', + status: 'Draft', + }, + { + id: 'CWE-1324', + name: 'Sensitive Information Accessible by Physical Probing of JTAG Interface', + status: 'Draft', + }, + { + id: 'CWE-1325', + name: 'Improperly Controlled Sequential Memory Allocation', + status: 'Incomplete', + }, + { + id: 'CWE-1326', + name: 'Missing Immutable Root of Trust in Hardware', + status: 'Draft', + }, + { + id: 'CWE-1327', + name: 'Binding to an Unrestricted IP Address', + status: 'Incomplete', + }, + { + id: 'CWE-1328', + name: 'Security Version Number Mutable to Older Versions', + status: 'Draft', + }, + { + id: 'CWE-1329', + name: 'Reliance on Component That is Not Updateable', + status: 'Incomplete', + }, + { + id: 'CWE-1330', + name: 'Remanent Data Readable after Memory Erase', + status: 'Draft', + }, + { + id: 'CWE-1331', + name: 'Improper Isolation of Shared Resources in Network On Chip (NoC)', + status: 'Stable', + }, + { + id: 'CWE-1332', + name: 'Improper Handling of Faults that Lead to Instruction Skips', + status: 'Stable', + }, + { + id: 'CWE-1333', + name: 'Inefficient Regular Expression Complexity', + status: 'Draft', + }, + { + id: 'CWE-1334', + name: 'Unauthorized Error Injection Can Degrade Hardware Redundancy', + status: 'Draft', + }, + { + id: 'CWE-1335', + name: 'Incorrect Bitwise Shift of Integer', + status: 'Draft', + }, + { + id: 'CWE-1336', + name: 'Improper Neutralization of Special Elements Used in a Template Engine', + status: 'Incomplete', + }, + { + id: 'CWE-1338', + name: 'Improper Protections Against Hardware Overheating', + status: 'Draft', + }, + { + id: 'CWE-1339', + name: 'Insufficient Precision or Accuracy of a Real Number', + status: 'Draft', + }, + { + id: 'CWE-134', + name: 'Use of Externally-Controlled Format String', + status: 'Draft', + }, + { + id: 'CWE-1341', + name: 'Multiple Releases of Same Resource or Handle', + status: 'Incomplete', + }, + { + id: 'CWE-1342', + name: 'Information Exposure through Microarchitectural State after Transient Execution', + status: 'Incomplete', + }, + { + id: 'CWE-135', + name: 'Incorrect Calculation of Multi-Byte String Length', + status: 'Draft', + }, + { + id: 'CWE-1351', + name: 'Improper Handling of Hardware Behavior in Exceptionally Cold Environments', + status: 'Incomplete', + }, + { + id: 'CWE-1357', + name: 'Reliance on Uncontrolled Component', + status: 'Incomplete', + }, + { + id: 'CWE-138', + name: 'Improper Neutralization of Special Elements', + status: 'Draft', + }, + { + id: 'CWE-1384', + name: 'Improper Handling of Physical or Environmental Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-1385', + name: 'Missing Origin Validation in WebSockets', + status: 'Incomplete', + }, + { + id: 'CWE-1386', + name: 'Insecure Operation on Windows Junction / Mount Point', + status: 'Incomplete', + }, + { + id: 'CWE-1389', + name: 'Incorrect Parsing of Numbers with Different Radices', + status: 'Incomplete', + }, + { id: 'CWE-1390', name: 'Weak Authentication', status: 'Incomplete' }, + { id: 'CWE-1391', name: 'Use of Weak Credentials', status: 'Incomplete' }, + { + id: 'CWE-1392', + name: 'Use of Default Credentials', + status: 'Incomplete', + }, + { id: 'CWE-1393', name: 'Use of Default Password', status: 'Incomplete' }, + { + id: 'CWE-1394', + name: 'Use of Default Cryptographic Key', + status: 'Incomplete', + }, + { + id: 'CWE-14', + name: 'Compiler Removal of Code to Clear Buffers', + status: 'Draft', + }, + { + id: 'CWE-140', + name: 'Improper Neutralization of Delimiters', + status: 'Draft', + }, + { + id: 'CWE-141', + name: 'Improper Neutralization of Parameter/Argument Delimiters', + status: 'Draft', + }, + { + id: 'CWE-142', + name: 'Improper Neutralization of Value Delimiters', + status: 'Draft', + }, + { + id: 'CWE-143', + name: 'Improper Neutralization of Record Delimiters', + status: 'Draft', + }, + { + id: 'CWE-144', + name: 'Improper Neutralization of Line Delimiters', + status: 'Draft', + }, + { + id: 'CWE-145', + name: 'Improper Neutralization of Section Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-146', + name: 'Improper Neutralization of Expression/Command Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-147', + name: 'Improper Neutralization of Input Terminators', + status: 'Draft', + }, + { + id: 'CWE-148', + name: 'Improper Neutralization of Input Leaders', + status: 'Draft', + }, + { + id: 'CWE-149', + name: 'Improper Neutralization of Quoting Syntax', + status: 'Draft', + }, + { + id: 'CWE-15', + name: 'External Control of System or Configuration Setting', + status: 'Incomplete', + }, + { + id: 'CWE-150', + name: 'Improper Neutralization of Escape, Meta, or Control Sequences', + status: 'Incomplete', + }, + { + id: 'CWE-151', + name: 'Improper Neutralization of Comment Delimiters', + status: 'Draft', + }, + { + id: 'CWE-152', + name: 'Improper Neutralization of Macro Symbols', + status: 'Draft', + }, + { + id: 'CWE-153', + name: 'Improper Neutralization of Substitution Characters', + status: 'Draft', + }, + { + id: 'CWE-154', + name: 'Improper Neutralization of Variable Name Delimiters', + status: 'Incomplete', + }, + { + id: 'CWE-155', + name: 'Improper Neutralization of Wildcards or Matching Symbols', + status: 'Draft', + }, + { + id: 'CWE-156', + name: 'Improper Neutralization of Whitespace', + status: 'Draft', + }, + { + id: 'CWE-157', + name: 'Failure to Sanitize Paired Delimiters', + status: 'Draft', + }, + { + id: 'CWE-158', + name: 'Improper Neutralization of Null Byte or NUL Character', + status: 'Incomplete', + }, + { + id: 'CWE-159', + name: 'Improper Handling of Invalid Use of Special Elements', + status: 'Draft', + }, + { + id: 'CWE-160', + name: 'Improper Neutralization of Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-161', + name: 'Improper Neutralization of Multiple Leading Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-162', + name: 'Improper Neutralization of Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-163', + name: 'Improper Neutralization of Multiple Trailing Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-164', + name: 'Improper Neutralization of Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-165', + name: 'Improper Neutralization of Multiple Internal Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-166', + name: 'Improper Handling of Missing Special Element', + status: 'Draft', + }, + { + id: 'CWE-167', + name: 'Improper Handling of Additional Special Element', + status: 'Draft', + }, + { + id: 'CWE-168', + name: 'Improper Handling of Inconsistent Special Elements', + status: 'Draft', + }, + { id: 'CWE-170', name: 'Improper Null Termination', status: 'Incomplete' }, + { id: 'CWE-172', name: 'Encoding Error', status: 'Draft' }, + { + id: 'CWE-173', + name: 'Improper Handling of Alternate Encoding', + status: 'Draft', + }, + { + id: 'CWE-174', + name: 'Double Decoding of the Same Data', + status: 'Draft', + }, + { + id: 'CWE-175', + name: 'Improper Handling of Mixed Encoding', + status: 'Draft', + }, + { + id: 'CWE-176', + name: 'Improper Handling of Unicode Encoding', + status: 'Draft', + }, + { + id: 'CWE-177', + name: 'Improper Handling of URL Encoding (Hex Encoding)', + status: 'Draft', + }, + { + id: 'CWE-178', + name: 'Improper Handling of Case Sensitivity', + status: 'Incomplete', + }, + { + id: 'CWE-179', + name: 'Incorrect Behavior Order: Early Validation', + status: 'Incomplete', + }, + { + id: 'CWE-180', + name: 'Incorrect Behavior Order: Validate Before Canonicalize', + status: 'Draft', + }, + { + id: 'CWE-181', + name: 'Incorrect Behavior Order: Validate Before Filter', + status: 'Draft', + }, + { + id: 'CWE-182', + name: 'Collapse of Data into Unsafe Value', + status: 'Draft', + }, + { + id: 'CWE-183', + name: 'Permissive List of Allowed Inputs', + status: 'Draft', + }, + { + id: 'CWE-184', + name: 'Incomplete List of Disallowed Inputs', + status: 'Draft', + }, + { id: 'CWE-185', name: 'Incorrect Regular Expression', status: 'Draft' }, + { + id: 'CWE-186', + name: 'Overly Restrictive Regular Expression', + status: 'Draft', + }, + { id: 'CWE-187', name: 'Partial String Comparison', status: 'Incomplete' }, + { id: 'CWE-188', name: 'Reliance on Data/Memory Layout', status: 'Draft' }, + { id: 'CWE-190', name: 'Integer Overflow or Wraparound', status: 'Stable' }, + { + id: 'CWE-191', + name: 'Integer Underflow (Wrap or Wraparound)', + status: 'Draft', + }, + { id: 'CWE-192', name: 'Integer Coercion Error', status: 'Incomplete' }, + { id: 'CWE-193', name: 'Off-by-one Error', status: 'Draft' }, + { id: 'CWE-194', name: 'Unexpected Sign Extension', status: 'Incomplete' }, + { + id: 'CWE-195', + name: 'Signed to Unsigned Conversion Error', + status: 'Draft', + }, + { + id: 'CWE-196', + name: 'Unsigned to Signed Conversion Error', + status: 'Draft', + }, + { id: 'CWE-197', name: 'Numeric Truncation Error', status: 'Incomplete' }, + { id: 'CWE-198', name: 'Use of Incorrect Byte Ordering', status: 'Draft' }, + { id: 'CWE-20', name: 'Improper Input Validation', status: 'Stable' }, + { + id: 'CWE-200', + name: 'Exposure of Sensitive Information to an Unauthorized Actor', + status: 'Draft', + }, + { + id: 'CWE-201', + name: 'Insertion of Sensitive Information Into Sent Data', + status: 'Draft', + }, + { + id: 'CWE-202', + name: 'Exposure of Sensitive Information Through Data Queries', + status: 'Draft', + }, + { id: 'CWE-203', name: 'Observable Discrepancy', status: 'Incomplete' }, + { + id: 'CWE-204', + name: 'Observable Response Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-205', + name: 'Observable Behavioral Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-206', + name: 'Observable Internal Behavioral Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-207', + name: 'Observable Behavioral Discrepancy With Equivalent Products', + status: 'Draft', + }, + { + id: 'CWE-208', + name: 'Observable Timing Discrepancy', + status: 'Incomplete', + }, + { + id: 'CWE-209', + name: 'Generation of Error Message Containing Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-210', + name: 'Self-generated Error Message Containing Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-211', + name: 'Externally-Generated Error Message Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-212', + name: 'Improper Removal of Sensitive Information Before Storage or Transfer', + status: 'Incomplete', + }, + { + id: 'CWE-213', + name: 'Exposure of Sensitive Information Due to Incompatible Policies', + status: 'Draft', + }, + { + id: 'CWE-214', + name: 'Invocation of Process Using Visible Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-215', + name: 'Insertion of Sensitive Information Into Debugging Code', + status: 'Draft', + }, + { + id: 'CWE-216', + name: 'DEPRECATED: Containment Errors (Container Errors)', + status: 'Deprecated', + }, + { + id: 'CWE-217', + name: 'DEPRECATED: Failure to Protect Stored Data from Modification', + status: 'Deprecated', + }, + { + id: 'CWE-218', + name: 'DEPRECATED: Failure to provide confidentiality for stored data', + status: 'Deprecated', + }, + { + id: 'CWE-219', + name: 'Storage of File with Sensitive Data Under Web Root', + status: 'Draft', + }, + { + id: 'CWE-22', + name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + status: 'Stable', + }, + { + id: 'CWE-220', + name: 'Storage of File With Sensitive Data Under FTP Root', + status: 'Draft', + }, + { + id: 'CWE-221', + name: 'Information Loss or Omission', + status: 'Incomplete', + }, + { + id: 'CWE-222', + name: 'Truncation of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-223', + name: 'Omission of Security-relevant Information', + status: 'Draft', + }, + { + id: 'CWE-224', + name: 'Obscured Security-relevant Information by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-225', + name: 'DEPRECATED: General Information Management Problems', + status: 'Deprecated', + }, + { + id: 'CWE-226', + name: 'Sensitive Information in Resource Not Removed Before Reuse', + status: 'Draft', + }, + { + id: 'CWE-228', + name: 'Improper Handling of Syntactically Invalid Structure', + status: 'Incomplete', + }, + { + id: 'CWE-229', + name: 'Improper Handling of Values', + status: 'Incomplete', + }, + { id: 'CWE-23', name: 'Relative Path Traversal', status: 'Draft' }, + { + id: 'CWE-230', + name: 'Improper Handling of Missing Values', + status: 'Draft', + }, + { + id: 'CWE-231', + name: 'Improper Handling of Extra Values', + status: 'Draft', + }, + { + id: 'CWE-232', + name: 'Improper Handling of Undefined Values', + status: 'Draft', + }, + { + id: 'CWE-233', + name: 'Improper Handling of Parameters', + status: 'Incomplete', + }, + { + id: 'CWE-234', + name: 'Failure to Handle Missing Parameter', + status: 'Incomplete', + }, + { + id: 'CWE-235', + name: 'Improper Handling of Extra Parameters', + status: 'Draft', + }, + { + id: 'CWE-236', + name: 'Improper Handling of Undefined Parameters', + status: 'Draft', + }, + { + id: 'CWE-237', + name: 'Improper Handling of Structural Elements', + status: 'Incomplete', + }, + { + id: 'CWE-238', + name: 'Improper Handling of Incomplete Structural Elements', + status: 'Draft', + }, + { + id: 'CWE-239', + name: 'Failure to Handle Incomplete Element', + status: 'Draft', + }, + { + id: 'CWE-24', + name: "Path Traversal: '../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-240', + name: 'Improper Handling of Inconsistent Structural Elements', + status: 'Draft', + }, + { + id: 'CWE-241', + name: 'Improper Handling of Unexpected Data Type', + status: 'Draft', + }, + { + id: 'CWE-242', + name: 'Use of Inherently Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-243', + name: 'Creation of chroot Jail Without Changing Working Directory', + status: 'Draft', + }, + { + id: 'CWE-244', + name: "Improper Clearing of Heap Memory Before Release ('Heap Inspection')", + status: 'Draft', + }, + { + id: 'CWE-245', + name: 'J2EE Bad Practices: Direct Management of Connections', + status: 'Draft', + }, + { + id: 'CWE-246', + name: 'J2EE Bad Practices: Direct Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-247', + name: 'DEPRECATED: Reliance on DNS Lookups in a Security Decision', + status: 'Deprecated', + }, + { id: 'CWE-248', name: 'Uncaught Exception', status: 'Draft' }, + { + id: 'CWE-249', + name: 'DEPRECATED: Often Misused: Path Manipulation', + status: 'Deprecated', + }, + { + id: 'CWE-25', + name: "Path Traversal: '/../filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-250', + name: 'Execution with Unnecessary Privileges', + status: 'Draft', + }, + { id: 'CWE-252', name: 'Unchecked Return Value', status: 'Draft' }, + { + id: 'CWE-253', + name: 'Incorrect Check of Function Return Value', + status: 'Incomplete', + }, + { + id: 'CWE-256', + name: 'Plaintext Storage of a Password', + status: 'Incomplete', + }, + { + id: 'CWE-257', + name: 'Storing Passwords in a Recoverable Format', + status: 'Incomplete', + }, + { + id: 'CWE-258', + name: 'Empty Password in Configuration File', + status: 'Incomplete', + }, + { id: 'CWE-259', name: 'Use of Hard-coded Password', status: 'Draft' }, + { + id: 'CWE-26', + name: "Path Traversal: '/dir/../filename'", + status: 'Draft', + }, + { + id: 'CWE-260', + name: 'Password in Configuration File', + status: 'Incomplete', + }, + { id: 'CWE-261', name: 'Weak Encoding for Password', status: 'Incomplete' }, + { id: 'CWE-262', name: 'Not Using Password Aging', status: 'Draft' }, + { + id: 'CWE-263', + name: 'Password Aging with Long Expiration', + status: 'Draft', + }, + { id: 'CWE-266', name: 'Incorrect Privilege Assignment', status: 'Draft' }, + { + id: 'CWE-267', + name: 'Privilege Defined With Unsafe Actions', + status: 'Incomplete', + }, + { id: 'CWE-268', name: 'Privilege Chaining', status: 'Draft' }, + { id: 'CWE-269', name: 'Improper Privilege Management', status: 'Draft' }, + { + id: 'CWE-27', + name: "Path Traversal: 'dir/../../filename'", + status: 'Draft', + }, + { + id: 'CWE-270', + name: 'Privilege Context Switching Error', + status: 'Draft', + }, + { + id: 'CWE-271', + name: 'Privilege Dropping / Lowering Errors', + status: 'Incomplete', + }, + { id: 'CWE-272', name: 'Least Privilege Violation', status: 'Incomplete' }, + { + id: 'CWE-273', + name: 'Improper Check for Dropped Privileges', + status: 'Incomplete', + }, + { + id: 'CWE-274', + name: 'Improper Handling of Insufficient Privileges', + status: 'Draft', + }, + { id: 'CWE-276', name: 'Incorrect Default Permissions', status: 'Draft' }, + { id: 'CWE-277', name: 'Insecure Inherited Permissions', status: 'Draft' }, + { + id: 'CWE-278', + name: 'Insecure Preserved Inherited Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-279', + name: 'Incorrect Execution-Assigned Permissions', + status: 'Draft', + }, + { + id: 'CWE-28', + name: "Path Traversal: '..\\filedir'", + status: 'Incomplete', + }, + { + id: 'CWE-280', + name: 'Improper Handling of Insufficient Permissions or Privileges ', + status: 'Draft', + }, + { + id: 'CWE-281', + name: 'Improper Preservation of Permissions', + status: 'Draft', + }, + { id: 'CWE-282', name: 'Improper Ownership Management', status: 'Draft' }, + { id: 'CWE-283', name: 'Unverified Ownership', status: 'Draft' }, + { id: 'CWE-284', name: 'Improper Access Control', status: 'Incomplete' }, + { id: 'CWE-285', name: 'Improper Authorization', status: 'Draft' }, + { id: 'CWE-286', name: 'Incorrect User Management', status: 'Incomplete' }, + { id: 'CWE-287', name: 'Improper Authentication', status: 'Draft' }, + { + id: 'CWE-288', + name: 'Authentication Bypass Using an Alternate Path or Channel', + status: 'Incomplete', + }, + { + id: 'CWE-289', + name: 'Authentication Bypass by Alternate Name', + status: 'Incomplete', + }, + { + id: 'CWE-29', + name: "Path Traversal: '\\..\\filename'", + status: 'Incomplete', + }, + { + id: 'CWE-290', + name: 'Authentication Bypass by Spoofing', + status: 'Incomplete', + }, + { + id: 'CWE-291', + name: 'Reliance on IP Address for Authentication', + status: 'Incomplete', + }, + { + id: 'CWE-292', + name: 'DEPRECATED: Trusting Self-reported DNS Name', + status: 'Deprecated', + }, + { + id: 'CWE-293', + name: 'Using Referer Field for Authentication', + status: 'Draft', + }, + { + id: 'CWE-294', + name: 'Authentication Bypass by Capture-replay', + status: 'Incomplete', + }, + { id: 'CWE-295', name: 'Improper Certificate Validation', status: 'Draft' }, + { + id: 'CWE-296', + name: "Improper Following of a Certificate's Chain of Trust", + status: 'Draft', + }, + { + id: 'CWE-297', + name: 'Improper Validation of Certificate with Host Mismatch', + status: 'Incomplete', + }, + { + id: 'CWE-298', + name: 'Improper Validation of Certificate Expiration', + status: 'Draft', + }, + { + id: 'CWE-299', + name: 'Improper Check for Certificate Revocation', + status: 'Draft', + }, + { + id: 'CWE-30', + name: "Path Traversal: '\\dir\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-300', + name: 'Channel Accessible by Non-Endpoint', + status: 'Draft', + }, + { + id: 'CWE-301', + name: 'Reflection Attack in an Authentication Protocol', + status: 'Draft', + }, + { + id: 'CWE-302', + name: 'Authentication Bypass by Assumed-Immutable Data', + status: 'Incomplete', + }, + { + id: 'CWE-303', + name: 'Incorrect Implementation of Authentication Algorithm', + status: 'Draft', + }, + { + id: 'CWE-304', + name: 'Missing Critical Step in Authentication', + status: 'Draft', + }, + { + id: 'CWE-305', + name: 'Authentication Bypass by Primary Weakness', + status: 'Draft', + }, + { + id: 'CWE-306', + name: 'Missing Authentication for Critical Function', + status: 'Draft', + }, + { + id: 'CWE-307', + name: 'Improper Restriction of Excessive Authentication Attempts', + status: 'Draft', + }, + { + id: 'CWE-308', + name: 'Use of Single-factor Authentication', + status: 'Draft', + }, + { + id: 'CWE-309', + name: 'Use of Password System for Primary Authentication', + status: 'Draft', + }, + { + id: 'CWE-31', + name: "Path Traversal: 'dir\\..\\..\\filename'", + status: 'Draft', + }, + { + id: 'CWE-311', + name: 'Missing Encryption of Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-312', + name: 'Cleartext Storage of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-313', + name: 'Cleartext Storage in a File or on Disk', + status: 'Draft', + }, + { + id: 'CWE-314', + name: 'Cleartext Storage in the Registry', + status: 'Draft', + }, + { + id: 'CWE-315', + name: 'Cleartext Storage of Sensitive Information in a Cookie', + status: 'Draft', + }, + { + id: 'CWE-316', + name: 'Cleartext Storage of Sensitive Information in Memory', + status: 'Draft', + }, + { + id: 'CWE-317', + name: 'Cleartext Storage of Sensitive Information in GUI', + status: 'Draft', + }, + { + id: 'CWE-318', + name: 'Cleartext Storage of Sensitive Information in Executable', + status: 'Draft', + }, + { + id: 'CWE-319', + name: 'Cleartext Transmission of Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-32', + name: "Path Traversal: '...' (Triple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-321', + name: 'Use of Hard-coded Cryptographic Key', + status: 'Draft', + }, + { + id: 'CWE-322', + name: 'Key Exchange without Entity Authentication', + status: 'Draft', + }, + { + id: 'CWE-323', + name: 'Reusing a Nonce, Key Pair in Encryption', + status: 'Incomplete', + }, + { + id: 'CWE-324', + name: 'Use of a Key Past its Expiration Date', + status: 'Draft', + }, + { id: 'CWE-325', name: 'Missing Cryptographic Step', status: 'Draft' }, + { id: 'CWE-326', name: 'Inadequate Encryption Strength', status: 'Draft' }, + { + id: 'CWE-327', + name: 'Use of a Broken or Risky Cryptographic Algorithm', + status: 'Draft', + }, + { id: 'CWE-328', name: 'Use of Weak Hash', status: 'Draft' }, + { + id: 'CWE-329', + name: 'Generation of Predictable IV with CBC Mode', + status: 'Draft', + }, + { + id: 'CWE-33', + name: "Path Traversal: '....' (Multiple Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-330', + name: 'Use of Insufficiently Random Values', + status: 'Stable', + }, + { id: 'CWE-331', name: 'Insufficient Entropy', status: 'Draft' }, + { id: 'CWE-332', name: 'Insufficient Entropy in PRNG', status: 'Draft' }, + { + id: 'CWE-333', + name: 'Improper Handling of Insufficient Entropy in TRNG', + status: 'Draft', + }, + { id: 'CWE-334', name: 'Small Space of Random Values', status: 'Draft' }, + { + id: 'CWE-335', + name: 'Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + }, + { + id: 'CWE-336', + name: 'Same Seed in Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + }, + { + id: 'CWE-337', + name: 'Predictable Seed in Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + }, + { + id: 'CWE-338', + name: 'Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)', + status: 'Draft', + }, + { id: 'CWE-339', name: 'Small Seed Space in PRNG', status: 'Draft' }, + { id: 'CWE-34', name: "Path Traversal: '....//'", status: 'Incomplete' }, + { + id: 'CWE-340', + name: 'Generation of Predictable Numbers or Identifiers', + status: 'Incomplete', + }, + { + id: 'CWE-341', + name: 'Predictable from Observable State', + status: 'Draft', + }, + { + id: 'CWE-342', + name: 'Predictable Exact Value from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-343', + name: 'Predictable Value Range from Previous Values', + status: 'Draft', + }, + { + id: 'CWE-344', + name: 'Use of Invariant Value in Dynamically Changing Context', + status: 'Draft', + }, + { + id: 'CWE-345', + name: 'Insufficient Verification of Data Authenticity', + status: 'Draft', + }, + { id: 'CWE-346', name: 'Origin Validation Error', status: 'Draft' }, + { + id: 'CWE-347', + name: 'Improper Verification of Cryptographic Signature', + status: 'Draft', + }, + { id: 'CWE-348', name: 'Use of Less Trusted Source', status: 'Draft' }, + { + id: 'CWE-349', + name: 'Acceptance of Extraneous Untrusted Data With Trusted Data', + status: 'Draft', + }, + { id: 'CWE-35', name: "Path Traversal: '.../...//'", status: 'Incomplete' }, + { + id: 'CWE-350', + name: 'Reliance on Reverse DNS Resolution for a Security-Critical Action', + status: 'Draft', + }, + { id: 'CWE-351', name: 'Insufficient Type Distinction', status: 'Draft' }, + { + id: 'CWE-352', + name: 'Cross-Site Request Forgery (CSRF)', + status: 'Stable', + }, + { + id: 'CWE-353', + name: 'Missing Support for Integrity Check', + status: 'Draft', + }, + { + id: 'CWE-354', + name: 'Improper Validation of Integrity Check Value', + status: 'Draft', + }, + { + id: 'CWE-356', + name: 'Product UI does not Warn User of Unsafe Actions', + status: 'Incomplete', + }, + { + id: 'CWE-357', + name: 'Insufficient UI Warning of Dangerous Operations', + status: 'Draft', + }, + { + id: 'CWE-358', + name: 'Improperly Implemented Security Check for Standard', + status: 'Draft', + }, + { + id: 'CWE-359', + name: 'Exposure of Private Personal Information to an Unauthorized Actor', + status: 'Incomplete', + }, + { id: 'CWE-36', name: 'Absolute Path Traversal', status: 'Draft' }, + { id: 'CWE-360', name: 'Trust of System Event Data', status: 'Incomplete' }, + { + id: 'CWE-362', + name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", + status: 'Draft', + }, + { + id: 'CWE-363', + name: 'Race Condition Enabling Link Following', + status: 'Draft', + }, + { + id: 'CWE-364', + name: 'Signal Handler Race Condition', + status: 'Incomplete', + }, + { + id: 'CWE-365', + name: 'DEPRECATED: Race Condition in Switch', + status: 'Deprecated', + }, + { id: 'CWE-366', name: 'Race Condition within a Thread', status: 'Draft' }, + { + id: 'CWE-367', + name: 'Time-of-check Time-of-use (TOCTOU) Race Condition', + status: 'Incomplete', + }, + { + id: 'CWE-368', + name: 'Context Switching Race Condition', + status: 'Draft', + }, + { id: 'CWE-369', name: 'Divide By Zero', status: 'Draft' }, + { + id: 'CWE-37', + name: "Path Traversal: '/absolute/pathname/here'", + status: 'Draft', + }, + { + id: 'CWE-370', + name: 'Missing Check for Certificate Revocation after Initial Check', + status: 'Draft', + }, + { + id: 'CWE-372', + name: 'Incomplete Internal State Distinction', + status: 'Draft', + }, + { + id: 'CWE-373', + name: 'DEPRECATED: State Synchronization Error', + status: 'Deprecated', + }, + { + id: 'CWE-374', + name: 'Passing Mutable Objects to an Untrusted Method', + status: 'Draft', + }, + { + id: 'CWE-375', + name: 'Returning a Mutable Object to an Untrusted Caller', + status: 'Draft', + }, + { id: 'CWE-377', name: 'Insecure Temporary File', status: 'Incomplete' }, + { + id: 'CWE-378', + name: 'Creation of Temporary File With Insecure Permissions', + status: 'Draft', + }, + { + id: 'CWE-379', + name: 'Creation of Temporary File in Directory with Insecure Permissions', + status: 'Incomplete', + }, + { + id: 'CWE-38', + name: "Path Traversal: '\\absolute\\pathname\\here'", + status: 'Draft', + }, + { + id: 'CWE-382', + name: 'J2EE Bad Practices: Use of System.exit()', + status: 'Draft', + }, + { + id: 'CWE-383', + name: 'J2EE Bad Practices: Direct Use of Threads', + status: 'Draft', + }, + { id: 'CWE-384', name: 'Session Fixation', status: 'Incomplete' }, + { id: 'CWE-385', name: 'Covert Timing Channel', status: 'Incomplete' }, + { + id: 'CWE-386', + name: 'Symbolic Name not Mapping to Correct Object', + status: 'Draft', + }, + { id: 'CWE-39', name: "Path Traversal: 'C:dirname'", status: 'Draft' }, + { + id: 'CWE-390', + name: 'Detection of Error Condition Without Action', + status: 'Draft', + }, + { id: 'CWE-391', name: 'Unchecked Error Condition', status: 'Incomplete' }, + { + id: 'CWE-392', + name: 'Missing Report of Error Condition', + status: 'Draft', + }, + { id: 'CWE-393', name: 'Return of Wrong Status Code', status: 'Draft' }, + { + id: 'CWE-394', + name: 'Unexpected Status Code or Return Value', + status: 'Draft', + }, + { + id: 'CWE-395', + name: 'Use of NullPointerException Catch to Detect NULL Pointer Dereference', + status: 'Draft', + }, + { + id: 'CWE-396', + name: 'Declaration of Catch for Generic Exception', + status: 'Draft', + }, + { + id: 'CWE-397', + name: 'Declaration of Throws for Generic Exception', + status: 'Draft', + }, + { + id: 'CWE-40', + name: "Path Traversal: '\\\\UNC\\share\\name\\' (Windows UNC Share)", + status: 'Draft', + }, + { + id: 'CWE-400', + name: 'Uncontrolled Resource Consumption', + status: 'Draft', + }, + { + id: 'CWE-401', + name: 'Missing Release of Memory after Effective Lifetime', + status: 'Draft', + }, + { + id: 'CWE-402', + name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", + status: 'Draft', + }, + { + id: 'CWE-403', + name: "Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')", + status: 'Draft', + }, + { + id: 'CWE-404', + name: 'Improper Resource Shutdown or Release', + status: 'Draft', + }, + { + id: 'CWE-405', + name: 'Asymmetric Resource Consumption (Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-406', + name: 'Insufficient Control of Network Message Volume (Network Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-407', + name: 'Inefficient Algorithmic Complexity', + status: 'Incomplete', + }, + { + id: 'CWE-408', + name: 'Incorrect Behavior Order: Early Amplification', + status: 'Draft', + }, + { + id: 'CWE-409', + name: 'Improper Handling of Highly Compressed Data (Data Amplification)', + status: 'Incomplete', + }, + { + id: 'CWE-41', + name: 'Improper Resolution of Path Equivalence', + status: 'Incomplete', + }, + { id: 'CWE-410', name: 'Insufficient Resource Pool', status: 'Incomplete' }, + { + id: 'CWE-412', + name: 'Unrestricted Externally Accessible Lock', + status: 'Incomplete', + }, + { id: 'CWE-413', name: 'Improper Resource Locking', status: 'Draft' }, + { id: 'CWE-414', name: 'Missing Lock Check', status: 'Draft' }, + { id: 'CWE-415', name: 'Double Free', status: 'Draft' }, + { id: 'CWE-416', name: 'Use After Free', status: 'Stable' }, + { id: 'CWE-419', name: 'Unprotected Primary Channel', status: 'Draft' }, + { + id: 'CWE-42', + name: "Path Equivalence: 'filename.' (Trailing Dot)", + status: 'Incomplete', + }, + { id: 'CWE-420', name: 'Unprotected Alternate Channel', status: 'Draft' }, + { + id: 'CWE-421', + name: 'Race Condition During Access to Alternate Channel', + status: 'Draft', + }, + { + id: 'CWE-422', + name: "Unprotected Windows Messaging Channel ('Shatter')", + status: 'Draft', + }, + { + id: 'CWE-423', + name: 'DEPRECATED: Proxied Trusted Channel', + status: 'Deprecated', + }, + { + id: 'CWE-424', + name: 'Improper Protection of Alternate Path', + status: 'Draft', + }, + { + id: 'CWE-425', + name: "Direct Request ('Forced Browsing')", + status: 'Incomplete', + }, + { id: 'CWE-426', name: 'Untrusted Search Path', status: 'Stable' }, + { + id: 'CWE-427', + name: 'Uncontrolled Search Path Element', + status: 'Draft', + }, + { id: 'CWE-428', name: 'Unquoted Search Path or Element', status: 'Draft' }, + { + id: 'CWE-43', + name: "Path Equivalence: 'filename....' (Multiple Trailing Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-430', + name: 'Deployment of Wrong Handler', + status: 'Incomplete', + }, + { id: 'CWE-431', name: 'Missing Handler', status: 'Draft' }, + { + id: 'CWE-432', + name: 'Dangerous Signal Handler not Disabled During Sensitive Operations', + status: 'Draft', + }, + { + id: 'CWE-433', + name: 'Unparsed Raw Web Content Delivery', + status: 'Incomplete', + }, + { + id: 'CWE-434', + name: 'Unrestricted Upload of File with Dangerous Type', + status: 'Draft', + }, + { + id: 'CWE-435', + name: 'Improper Interaction Between Multiple Correctly-Behaving Entities', + status: 'Draft', + }, + { id: 'CWE-436', name: 'Interpretation Conflict', status: 'Incomplete' }, + { + id: 'CWE-437', + name: 'Incomplete Model of Endpoint Features', + status: 'Incomplete', + }, + { + id: 'CWE-439', + name: 'Behavioral Change in New Version or Environment', + status: 'Draft', + }, + { + id: 'CWE-44', + name: "Path Equivalence: 'file.name' (Internal Dot)", + status: 'Incomplete', + }, + { id: 'CWE-440', name: 'Expected Behavior Violation', status: 'Draft' }, + { + id: 'CWE-441', + name: "Unintended Proxy or Intermediary ('Confused Deputy')", + status: 'Draft', + }, + { + id: 'CWE-443', + name: 'DEPRECATED: HTTP response splitting', + status: 'Deprecated', + }, + { + id: 'CWE-444', + name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", + status: 'Incomplete', + }, + { + id: 'CWE-446', + name: 'UI Discrepancy for Security Feature', + status: 'Incomplete', + }, + { + id: 'CWE-447', + name: 'Unimplemented or Unsupported Feature in UI', + status: 'Draft', + }, + { id: 'CWE-448', name: 'Obsolete Feature in UI', status: 'Draft' }, + { + id: 'CWE-449', + name: 'The UI Performs the Wrong Action', + status: 'Incomplete', + }, + { + id: 'CWE-45', + name: "Path Equivalence: 'file...name' (Multiple Internal Dot)", + status: 'Incomplete', + }, + { + id: 'CWE-450', + name: 'Multiple Interpretations of UI Input', + status: 'Draft', + }, + { + id: 'CWE-451', + name: 'User Interface (UI) Misrepresentation of Critical Information', + status: 'Draft', + }, + { + id: 'CWE-453', + name: 'Insecure Default Variable Initialization', + status: 'Draft', + }, + { + id: 'CWE-454', + name: 'External Initialization of Trusted Variables or Data Stores', + status: 'Draft', + }, + { + id: 'CWE-455', + name: 'Non-exit on Failed Initialization', + status: 'Draft', + }, + { + id: 'CWE-456', + name: 'Missing Initialization of a Variable', + status: 'Draft', + }, + { id: 'CWE-457', name: 'Use of Uninitialized Variable', status: 'Draft' }, + { + id: 'CWE-458', + name: 'DEPRECATED: Incorrect Initialization', + status: 'Deprecated', + }, + { id: 'CWE-459', name: 'Incomplete Cleanup', status: 'Draft' }, + { + id: 'CWE-46', + name: "Path Equivalence: 'filename ' (Trailing Space)", + status: 'Incomplete', + }, + { + id: 'CWE-460', + name: 'Improper Cleanup on Thrown Exception', + status: 'Draft', + }, + { + id: 'CWE-462', + name: 'Duplicate Key in Associative List (Alist)', + status: 'Incomplete', + }, + { + id: 'CWE-463', + name: 'Deletion of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-464', + name: 'Addition of Data Structure Sentinel', + status: 'Incomplete', + }, + { + id: 'CWE-466', + name: 'Return of Pointer Value Outside of Expected Range', + status: 'Draft', + }, + { + id: 'CWE-467', + name: 'Use of sizeof() on a Pointer Type', + status: 'Draft', + }, + { id: 'CWE-468', name: 'Incorrect Pointer Scaling', status: 'Incomplete' }, + { + id: 'CWE-469', + name: 'Use of Pointer Subtraction to Determine Size', + status: 'Draft', + }, + { + id: 'CWE-47', + name: "Path Equivalence: ' filename' (Leading Space)", + status: 'Incomplete', + }, + { + id: 'CWE-470', + name: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", + status: 'Draft', + }, + { + id: 'CWE-471', + name: 'Modification of Assumed-Immutable Data (MAID)', + status: 'Draft', + }, + { + id: 'CWE-472', + name: 'External Control of Assumed-Immutable Web Parameter', + status: 'Draft', + }, + { + id: 'CWE-473', + name: 'PHP External Variable Modification', + status: 'Draft', + }, + { + id: 'CWE-474', + name: 'Use of Function with Inconsistent Implementations', + status: 'Draft', + }, + { + id: 'CWE-475', + name: 'Undefined Behavior for Input to API', + status: 'Incomplete', + }, + { id: 'CWE-476', name: 'NULL Pointer Dereference', status: 'Stable' }, + { id: 'CWE-477', name: 'Use of Obsolete Function', status: 'Draft' }, + { + id: 'CWE-478', + name: 'Missing Default Case in Multiple Condition Expression', + status: 'Draft', + }, + { + id: 'CWE-479', + name: 'Signal Handler Use of a Non-reentrant Function', + status: 'Draft', + }, + { + id: 'CWE-48', + name: "Path Equivalence: 'file name' (Internal Whitespace)", + status: 'Incomplete', + }, + { id: 'CWE-480', name: 'Use of Incorrect Operator', status: 'Draft' }, + { id: 'CWE-481', name: 'Assigning instead of Comparing', status: 'Draft' }, + { id: 'CWE-482', name: 'Comparing instead of Assigning', status: 'Draft' }, + { id: 'CWE-483', name: 'Incorrect Block Delimitation', status: 'Draft' }, + { + id: 'CWE-484', + name: 'Omitted Break Statement in Switch', + status: 'Draft', + }, + { id: 'CWE-486', name: 'Comparison of Classes by Name', status: 'Draft' }, + { + id: 'CWE-487', + name: 'Reliance on Package-level Scope', + status: 'Incomplete', + }, + { + id: 'CWE-488', + name: 'Exposure of Data Element to Wrong Session', + status: 'Draft', + }, + { id: 'CWE-489', name: 'Active Debug Code', status: 'Draft' }, + { + id: 'CWE-49', + name: "Path Equivalence: 'filename/' (Trailing Slash)", + status: 'Incomplete', + }, + { + id: 'CWE-491', + name: "Public cloneable() Method Without Final ('Object Hijack')", + status: 'Draft', + }, + { + id: 'CWE-492', + name: 'Use of Inner Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-493', + name: 'Critical Public Variable Without Final Modifier', + status: 'Draft', + }, + { + id: 'CWE-494', + name: 'Download of Code Without Integrity Check', + status: 'Draft', + }, + { + id: 'CWE-495', + name: 'Private Data Structure Returned From A Public Method', + status: 'Draft', + }, + { + id: 'CWE-496', + name: 'Public Data Assigned to Private Array-Typed Field', + status: 'Incomplete', + }, + { + id: 'CWE-497', + name: 'Exposure of Sensitive System Information to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-498', + name: 'Cloneable Class Containing Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-499', + name: 'Serializable Class Containing Sensitive Data', + status: 'Draft', + }, + { + id: 'CWE-5', + name: 'J2EE Misconfiguration: Data Transmission Without Encryption', + status: 'Draft', + }, + { + id: 'CWE-50', + name: "Path Equivalence: '//multiple/leading/slash'", + status: 'Incomplete', + }, + { + id: 'CWE-500', + name: 'Public Static Field Not Marked Final', + status: 'Draft', + }, + { id: 'CWE-501', name: 'Trust Boundary Violation', status: 'Draft' }, + { + id: 'CWE-502', + name: 'Deserialization of Untrusted Data', + status: 'Draft', + }, + { id: 'CWE-506', name: 'Embedded Malicious Code', status: 'Incomplete' }, + { id: 'CWE-507', name: 'Trojan Horse', status: 'Incomplete' }, + { + id: 'CWE-508', + name: 'Non-Replicating Malicious Code', + status: 'Incomplete', + }, + { + id: 'CWE-509', + name: 'Replicating Malicious Code (Virus or Worm)', + status: 'Incomplete', + }, + { + id: 'CWE-51', + name: "Path Equivalence: '/multiple//internal/slash'", + status: 'Incomplete', + }, + { id: 'CWE-510', name: 'Trapdoor', status: 'Incomplete' }, + { id: 'CWE-511', name: 'Logic/Time Bomb', status: 'Incomplete' }, + { id: 'CWE-512', name: 'Spyware', status: 'Incomplete' }, + { id: 'CWE-514', name: 'Covert Channel', status: 'Incomplete' }, + { id: 'CWE-515', name: 'Covert Storage Channel', status: 'Incomplete' }, + { + id: 'CWE-516', + name: 'DEPRECATED: Covert Timing Channel', + status: 'Deprecated', + }, + { + id: 'CWE-52', + name: "Path Equivalence: '/multiple/trailing/slash//'", + status: 'Incomplete', + }, + { + id: 'CWE-520', + name: '.NET Misconfiguration: Use of Impersonation', + status: 'Incomplete', + }, + { id: 'CWE-521', name: 'Weak Password Requirements', status: 'Draft' }, + { + id: 'CWE-522', + name: 'Insufficiently Protected Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-523', + name: 'Unprotected Transport of Credentials', + status: 'Incomplete', + }, + { + id: 'CWE-524', + name: 'Use of Cache Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-525', + name: 'Use of Web Browser Cache Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-526', + name: 'Exposure of Sensitive Information Through Environmental Variables', + status: 'Incomplete', + }, + { + id: 'CWE-527', + name: 'Exposure of Version-Control Repository to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-528', + name: 'Exposure of Core Dump File to an Unauthorized Control Sphere', + status: 'Draft', + }, + { + id: 'CWE-529', + name: 'Exposure of Access Control List Files to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-53', + name: "Path Equivalence: '\\multiple\\\\internal\\backslash'", + status: 'Incomplete', + }, + { + id: 'CWE-530', + name: 'Exposure of Backup File to an Unauthorized Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-531', + name: 'Inclusion of Sensitive Information in Test Code', + status: 'Incomplete', + }, + { + id: 'CWE-532', + name: 'Insertion of Sensitive Information into Log File', + status: 'Incomplete', + }, + { + id: 'CWE-533', + name: 'DEPRECATED: Information Exposure Through Server Log Files', + status: 'Deprecated', + }, + { + id: 'CWE-534', + name: 'DEPRECATED: Information Exposure Through Debug Log Files', + status: 'Deprecated', + }, + { + id: 'CWE-535', + name: 'Exposure of Information Through Shell Error Message', + status: 'Incomplete', + }, + { + id: 'CWE-536', + name: 'Servlet Runtime Error Message Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-537', + name: 'Java Runtime Error Message Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-538', + name: 'Insertion of Sensitive Information into Externally-Accessible File or Directory', + status: 'Draft', + }, + { + id: 'CWE-539', + name: 'Use of Persistent Cookies Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-54', + name: "Path Equivalence: 'filedir\\' (Trailing Backslash)", + status: 'Incomplete', + }, + { + id: 'CWE-540', + name: 'Inclusion of Sensitive Information in Source Code', + status: 'Incomplete', + }, + { + id: 'CWE-541', + name: 'Inclusion of Sensitive Information in an Include File', + status: 'Incomplete', + }, + { + id: 'CWE-542', + name: 'DEPRECATED: Information Exposure Through Cleanup Log Files', + status: 'Deprecated', + }, + { + id: 'CWE-543', + name: 'Use of Singleton Pattern Without Synchronization in a Multithreaded Context', + status: 'Incomplete', + }, + { + id: 'CWE-544', + name: 'Missing Standardized Error Handling Mechanism', + status: 'Draft', + }, + { + id: 'CWE-545', + name: 'DEPRECATED: Use of Dynamic Class Loading', + status: 'Deprecated', + }, + { id: 'CWE-546', name: 'Suspicious Comment', status: 'Draft' }, + { + id: 'CWE-547', + name: 'Use of Hard-coded, Security-relevant Constants', + status: 'Draft', + }, + { + id: 'CWE-548', + name: 'Exposure of Information Through Directory Listing', + status: 'Draft', + }, + { id: 'CWE-549', name: 'Missing Password Field Masking', status: 'Draft' }, + { + id: 'CWE-55', + name: "Path Equivalence: '/./' (Single Dot Directory)", + status: 'Incomplete', + }, + { + id: 'CWE-550', + name: 'Server-generated Error Message Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-551', + name: 'Incorrect Behavior Order: Authorization Before Parsing and Canonicalization', + status: 'Incomplete', + }, + { + id: 'CWE-552', + name: 'Files or Directories Accessible to External Parties', + status: 'Draft', + }, + { + id: 'CWE-553', + name: 'Command Shell in Externally Accessible Directory', + status: 'Incomplete', + }, + { + id: 'CWE-554', + name: 'ASP.NET Misconfiguration: Not Using Input Validation Framework', + status: 'Draft', + }, + { + id: 'CWE-555', + name: 'J2EE Misconfiguration: Plaintext Password in Configuration File', + status: 'Draft', + }, + { + id: 'CWE-556', + name: 'ASP.NET Misconfiguration: Use of Identity Impersonation', + status: 'Incomplete', + }, + { + id: 'CWE-558', + name: 'Use of getlogin() in Multithreaded Application', + status: 'Draft', + }, + { + id: 'CWE-56', + name: "Path Equivalence: 'filedir*' (Wildcard)", + status: 'Incomplete', + }, + { + id: 'CWE-560', + name: 'Use of umask() with chmod-style Argument', + status: 'Draft', + }, + { id: 'CWE-561', name: 'Dead Code', status: 'Draft' }, + { + id: 'CWE-562', + name: 'Return of Stack Variable Address', + status: 'Draft', + }, + { + id: 'CWE-563', + name: 'Assignment to Variable without Use', + status: 'Draft', + }, + { id: 'CWE-564', name: 'SQL Injection: Hibernate', status: 'Incomplete' }, + { + id: 'CWE-565', + name: 'Reliance on Cookies without Validation and Integrity Checking', + status: 'Incomplete', + }, + { + id: 'CWE-566', + name: 'Authorization Bypass Through User-Controlled SQL Primary Key', + status: 'Incomplete', + }, + { + id: 'CWE-567', + name: 'Unsynchronized Access to Shared Data in a Multithreaded Context', + status: 'Draft', + }, + { + id: 'CWE-568', + name: 'finalize() Method Without super.finalize()', + status: 'Draft', + }, + { + id: 'CWE-57', + name: "Path Equivalence: 'fakedir/../realdir/filename'", + status: 'Incomplete', + }, + { id: 'CWE-570', name: 'Expression is Always False', status: 'Draft' }, + { id: 'CWE-571', name: 'Expression is Always True', status: 'Draft' }, + { + id: 'CWE-572', + name: 'Call to Thread run() instead of start()', + status: 'Draft', + }, + { + id: 'CWE-573', + name: 'Improper Following of Specification by Caller', + status: 'Draft', + }, + { + id: 'CWE-574', + name: 'EJB Bad Practices: Use of Synchronization Primitives', + status: 'Draft', + }, + { + id: 'CWE-575', + name: 'EJB Bad Practices: Use of AWT Swing', + status: 'Draft', + }, + { + id: 'CWE-576', + name: 'EJB Bad Practices: Use of Java I/O', + status: 'Draft', + }, + { + id: 'CWE-577', + name: 'EJB Bad Practices: Use of Sockets', + status: 'Draft', + }, + { + id: 'CWE-578', + name: 'EJB Bad Practices: Use of Class Loader', + status: 'Draft', + }, + { + id: 'CWE-579', + name: 'J2EE Bad Practices: Non-serializable Object Stored in Session', + status: 'Draft', + }, + { + id: 'CWE-58', + name: 'Path Equivalence: Windows 8.3 Filename', + status: 'Incomplete', + }, + { + id: 'CWE-580', + name: 'clone() Method Without super.clone()', + status: 'Draft', + }, + { + id: 'CWE-581', + name: 'Object Model Violation: Just One of Equals and Hashcode Defined', + status: 'Draft', + }, + { + id: 'CWE-582', + name: 'Array Declared Public, Final, and Static', + status: 'Draft', + }, + { + id: 'CWE-583', + name: 'finalize() Method Declared Public', + status: 'Incomplete', + }, + { id: 'CWE-584', name: 'Return Inside Finally Block', status: 'Draft' }, + { id: 'CWE-585', name: 'Empty Synchronized Block', status: 'Draft' }, + { id: 'CWE-586', name: 'Explicit Call to Finalize()', status: 'Draft' }, + { + id: 'CWE-587', + name: 'Assignment of a Fixed Address to a Pointer', + status: 'Draft', + }, + { + id: 'CWE-588', + name: 'Attempt to Access Child of a Non-structure Pointer', + status: 'Incomplete', + }, + { id: 'CWE-589', name: 'Call to Non-ubiquitous API', status: 'Incomplete' }, + { + id: 'CWE-59', + name: "Improper Link Resolution Before File Access ('Link Following')", + status: 'Draft', + }, + { + id: 'CWE-590', + name: 'Free of Memory not on the Heap', + status: 'Incomplete', + }, + { + id: 'CWE-591', + name: 'Sensitive Data Storage in Improperly Locked Memory', + status: 'Draft', + }, + { + id: 'CWE-592', + name: 'DEPRECATED: Authentication Bypass Issues', + status: 'Deprecated', + }, + { + id: 'CWE-593', + name: 'Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created', + status: 'Draft', + }, + { + id: 'CWE-594', + name: 'J2EE Framework: Saving Unserializable Objects to Disk', + status: 'Incomplete', + }, + { + id: 'CWE-595', + name: 'Comparison of Object References Instead of Object Contents', + status: 'Incomplete', + }, + { + id: 'CWE-596', + name: 'DEPRECATED: Incorrect Semantic Object Comparison', + status: 'Deprecated', + }, + { + id: 'CWE-597', + name: 'Use of Wrong Operator in String Comparison', + status: 'Draft', + }, + { + id: 'CWE-598', + name: 'Use of GET Request Method With Sensitive Query Strings', + status: 'Draft', + }, + { + id: 'CWE-599', + name: 'Missing Validation of OpenSSL Certificate', + status: 'Incomplete', + }, + { + id: 'CWE-6', + name: 'J2EE Misconfiguration: Insufficient Session-ID Length', + status: 'Incomplete', + }, + { id: 'CWE-600', name: 'Uncaught Exception in Servlet ', status: 'Draft' }, + { + id: 'CWE-601', + name: "URL Redirection to Untrusted Site ('Open Redirect')", + status: 'Draft', + }, + { + id: 'CWE-602', + name: 'Client-Side Enforcement of Server-Side Security', + status: 'Draft', + }, + { + id: 'CWE-603', + name: 'Use of Client-Side Authentication', + status: 'Draft', + }, + { id: 'CWE-605', name: 'Multiple Binds to the Same Port', status: 'Draft' }, + { + id: 'CWE-606', + name: 'Unchecked Input for Loop Condition', + status: 'Draft', + }, + { + id: 'CWE-607', + name: 'Public Static Final Field References Mutable Object', + status: 'Draft', + }, + { + id: 'CWE-608', + name: 'Struts: Non-private Field in ActionForm Class', + status: 'Draft', + }, + { id: 'CWE-609', name: 'Double-Checked Locking', status: 'Draft' }, + { + id: 'CWE-61', + name: 'UNIX Symbolic Link (Symlink) Following', + status: 'Incomplete', + }, + { + id: 'CWE-610', + name: 'Externally Controlled Reference to a Resource in Another Sphere', + status: 'Draft', + }, + { + id: 'CWE-611', + name: 'Improper Restriction of XML External Entity Reference', + status: 'Draft', + }, + { + id: 'CWE-612', + name: 'Improper Authorization of Index Containing Sensitive Information', + status: 'Draft', + }, + { + id: 'CWE-613', + name: 'Insufficient Session Expiration', + status: 'Incomplete', + }, + { + id: 'CWE-614', + name: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", + status: 'Draft', + }, + { + id: 'CWE-615', + name: 'Inclusion of Sensitive Information in Source Code Comments', + status: 'Incomplete', + }, + { + id: 'CWE-616', + name: 'Incomplete Identification of Uploaded File Variables (PHP)', + status: 'Incomplete', + }, + { id: 'CWE-617', name: 'Reachable Assertion', status: 'Draft' }, + { + id: 'CWE-618', + name: 'Exposed Unsafe ActiveX Method', + status: 'Incomplete', + }, + { + id: 'CWE-619', + name: "Dangling Database Cursor ('Cursor Injection')", + status: 'Incomplete', + }, + { id: 'CWE-62', name: 'UNIX Hard Link', status: 'Incomplete' }, + { id: 'CWE-620', name: 'Unverified Password Change', status: 'Draft' }, + { id: 'CWE-621', name: 'Variable Extraction Error', status: 'Incomplete' }, + { + id: 'CWE-622', + name: 'Improper Validation of Function Hook Arguments', + status: 'Draft', + }, + { + id: 'CWE-623', + name: 'Unsafe ActiveX Control Marked Safe For Scripting', + status: 'Draft', + }, + { + id: 'CWE-624', + name: 'Executable Regular Expression Error', + status: 'Incomplete', + }, + { id: 'CWE-625', name: 'Permissive Regular Expression', status: 'Draft' }, + { + id: 'CWE-626', + name: 'Null Byte Interaction Error (Poison Null Byte)', + status: 'Draft', + }, + { + id: 'CWE-627', + name: 'Dynamic Variable Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-628', + name: 'Function Call with Incorrectly Specified Arguments', + status: 'Draft', + }, + { + id: 'CWE-636', + name: "Not Failing Securely ('Failing Open')", + status: 'Draft', + }, + { + id: 'CWE-637', + name: "Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')", + status: 'Draft', + }, + { id: 'CWE-638', name: 'Not Using Complete Mediation', status: 'Draft' }, + { + id: 'CWE-639', + name: 'Authorization Bypass Through User-Controlled Key', + status: 'Incomplete', + }, + { + id: 'CWE-64', + name: 'Windows Shortcut Following (.LNK)', + status: 'Incomplete', + }, + { + id: 'CWE-640', + name: 'Weak Password Recovery Mechanism for Forgotten Password', + status: 'Incomplete', + }, + { + id: 'CWE-641', + name: 'Improper Restriction of Names for Files and Other Resources', + status: 'Incomplete', + }, + { + id: 'CWE-642', + name: 'External Control of Critical State Data', + status: 'Draft', + }, + { + id: 'CWE-643', + name: "Improper Neutralization of Data within XPath Expressions ('XPath Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-644', + name: 'Improper Neutralization of HTTP Headers for Scripting Syntax', + status: 'Incomplete', + }, + { + id: 'CWE-645', + name: 'Overly Restrictive Account Lockout Mechanism', + status: 'Incomplete', + }, + { + id: 'CWE-646', + name: 'Reliance on File Name or Extension of Externally-Supplied File', + status: 'Incomplete', + }, + { + id: 'CWE-647', + name: 'Use of Non-Canonical URL Paths for Authorization Decisions', + status: 'Incomplete', + }, + { + id: 'CWE-648', + name: 'Incorrect Use of Privileged APIs', + status: 'Incomplete', + }, + { + id: 'CWE-649', + name: 'Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking', + status: 'Incomplete', + }, + { id: 'CWE-65', name: 'Windows Hard Link', status: 'Incomplete' }, + { + id: 'CWE-650', + name: 'Trusting HTTP Permission Methods on the Server Side', + status: 'Incomplete', + }, + { + id: 'CWE-651', + name: 'Exposure of WSDL File Containing Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-652', + name: "Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-653', + name: 'Improper Isolation or Compartmentalization', + status: 'Draft', + }, + { + id: 'CWE-654', + name: 'Reliance on a Single Factor in a Security Decision', + status: 'Draft', + }, + { + id: 'CWE-655', + name: 'Insufficient Psychological Acceptability', + status: 'Draft', + }, + { + id: 'CWE-656', + name: 'Reliance on Security Through Obscurity', + status: 'Draft', + }, + { + id: 'CWE-657', + name: 'Violation of Secure Design Principles', + status: 'Draft', + }, + { + id: 'CWE-66', + name: 'Improper Handling of File Names that Identify Virtual Resources', + status: 'Draft', + }, + { id: 'CWE-662', name: 'Improper Synchronization', status: 'Draft' }, + { + id: 'CWE-663', + name: 'Use of a Non-reentrant Function in a Concurrent Context', + status: 'Draft', + }, + { + id: 'CWE-664', + name: 'Improper Control of a Resource Through its Lifetime', + status: 'Draft', + }, + { id: 'CWE-665', name: 'Improper Initialization', status: 'Draft' }, + { + id: 'CWE-666', + name: 'Operation on Resource in Wrong Phase of Lifetime', + status: 'Draft', + }, + { id: 'CWE-667', name: 'Improper Locking', status: 'Draft' }, + { + id: 'CWE-668', + name: 'Exposure of Resource to Wrong Sphere', + status: 'Draft', + }, + { + id: 'CWE-669', + name: 'Incorrect Resource Transfer Between Spheres', + status: 'Draft', + }, + { + id: 'CWE-67', + name: 'Improper Handling of Windows Device Names', + status: 'Incomplete', + }, + { + id: 'CWE-670', + name: 'Always-Incorrect Control Flow Implementation', + status: 'Draft', + }, + { + id: 'CWE-671', + name: 'Lack of Administrator Control over Security', + status: 'Draft', + }, + { + id: 'CWE-672', + name: 'Operation on a Resource after Expiration or Release', + status: 'Draft', + }, + { + id: 'CWE-673', + name: 'External Influence of Sphere Definition', + status: 'Draft', + }, + { id: 'CWE-674', name: 'Uncontrolled Recursion', status: 'Draft' }, + { + id: 'CWE-675', + name: 'Multiple Operations on Resource in Single-Operation Context', + status: 'Draft', + }, + { + id: 'CWE-676', + name: 'Use of Potentially Dangerous Function', + status: 'Draft', + }, + { + id: 'CWE-680', + name: 'Integer Overflow to Buffer Overflow', + status: 'Draft', + }, + { + id: 'CWE-681', + name: 'Incorrect Conversion between Numeric Types', + status: 'Draft', + }, + { id: 'CWE-682', name: 'Incorrect Calculation', status: 'Draft' }, + { + id: 'CWE-683', + name: 'Function Call With Incorrect Order of Arguments', + status: 'Draft', + }, + { + id: 'CWE-684', + name: 'Incorrect Provision of Specified Functionality', + status: 'Draft', + }, + { + id: 'CWE-685', + name: 'Function Call With Incorrect Number of Arguments', + status: 'Draft', + }, + { + id: 'CWE-686', + name: 'Function Call With Incorrect Argument Type', + status: 'Draft', + }, + { + id: 'CWE-687', + name: 'Function Call With Incorrectly Specified Argument Value', + status: 'Draft', + }, + { + id: 'CWE-688', + name: 'Function Call With Incorrect Variable or Reference as Argument', + status: 'Draft', + }, + { + id: 'CWE-689', + name: 'Permission Race Condition During Resource Copy', + status: 'Draft', + }, + { + id: 'CWE-69', + name: 'Improper Handling of Windows ::DATA Alternate Data Stream', + status: 'Incomplete', + }, + { + id: 'CWE-690', + name: 'Unchecked Return Value to NULL Pointer Dereference', + status: 'Draft', + }, + { + id: 'CWE-691', + name: 'Insufficient Control Flow Management', + status: 'Draft', + }, + { + id: 'CWE-692', + name: 'Incomplete Denylist to Cross-Site Scripting', + status: 'Draft', + }, + { id: 'CWE-693', name: 'Protection Mechanism Failure', status: 'Draft' }, + { + id: 'CWE-694', + name: 'Use of Multiple Resources with Duplicate Identifier', + status: 'Incomplete', + }, + { + id: 'CWE-695', + name: 'Use of Low-Level Functionality', + status: 'Incomplete', + }, + { id: 'CWE-696', name: 'Incorrect Behavior Order', status: 'Incomplete' }, + { id: 'CWE-697', name: 'Incorrect Comparison', status: 'Incomplete' }, + { + id: 'CWE-698', + name: 'Execution After Redirect (EAR)', + status: 'Incomplete', + }, + { + id: 'CWE-7', + name: 'J2EE Misconfiguration: Missing Custom Error Page', + status: 'Incomplete', + }, + { + id: 'CWE-703', + name: 'Improper Check or Handling of Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-704', + name: 'Incorrect Type Conversion or Cast', + status: 'Incomplete', + }, + { + id: 'CWE-705', + name: 'Incorrect Control Flow Scoping', + status: 'Incomplete', + }, + { + id: 'CWE-706', + name: 'Use of Incorrectly-Resolved Name or Reference', + status: 'Incomplete', + }, + { id: 'CWE-707', name: 'Improper Neutralization', status: 'Incomplete' }, + { + id: 'CWE-708', + name: 'Incorrect Ownership Assignment', + status: 'Incomplete', + }, + { + id: 'CWE-71', + name: "DEPRECATED: Apple '.DS_Store'", + status: 'Deprecated', + }, + { + id: 'CWE-710', + name: 'Improper Adherence to Coding Standards', + status: 'Incomplete', + }, + { + id: 'CWE-72', + name: 'Improper Handling of Apple HFS+ Alternate Data Stream Path', + status: 'Incomplete', + }, + { + id: 'CWE-73', + name: 'External Control of File Name or Path', + status: 'Draft', + }, + { + id: 'CWE-732', + name: 'Incorrect Permission Assignment for Critical Resource', + status: 'Draft', + }, + { + id: 'CWE-733', + name: 'Compiler Optimization Removal or Modification of Security-critical Code', + status: 'Incomplete', + }, + { + id: 'CWE-74', + name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-749', + name: 'Exposed Dangerous Method or Function', + status: 'Incomplete', + }, + { + id: 'CWE-75', + name: 'Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)', + status: 'Draft', + }, + { + id: 'CWE-754', + name: 'Improper Check for Unusual or Exceptional Conditions', + status: 'Incomplete', + }, + { + id: 'CWE-755', + name: 'Improper Handling of Exceptional Conditions', + status: 'Incomplete', + }, + { id: 'CWE-756', name: 'Missing Custom Error Page', status: 'Incomplete' }, + { + id: 'CWE-757', + name: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", + status: 'Incomplete', + }, + { + id: 'CWE-758', + name: 'Reliance on Undefined, Unspecified, or Implementation-Defined Behavior', + status: 'Incomplete', + }, + { + id: 'CWE-759', + name: 'Use of a One-Way Hash without a Salt', + status: 'Incomplete', + }, + { + id: 'CWE-76', + name: 'Improper Neutralization of Equivalent Special Elements', + status: 'Draft', + }, + { + id: 'CWE-760', + name: 'Use of a One-Way Hash with a Predictable Salt', + status: 'Incomplete', + }, + { + id: 'CWE-761', + name: 'Free of Pointer not at Start of Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-762', + name: 'Mismatched Memory Management Routines', + status: 'Incomplete', + }, + { + id: 'CWE-763', + name: 'Release of Invalid Pointer or Reference', + status: 'Incomplete', + }, + { + id: 'CWE-764', + name: 'Multiple Locks of a Critical Resource', + status: 'Incomplete', + }, + { + id: 'CWE-765', + name: 'Multiple Unlocks of a Critical Resource', + status: 'Incomplete', + }, + { + id: 'CWE-766', + name: 'Critical Data Element Declared Public', + status: 'Incomplete', + }, + { + id: 'CWE-767', + name: 'Access to Critical Private Variable via Public Method', + status: 'Incomplete', + }, + { + id: 'CWE-768', + name: 'Incorrect Short Circuit Evaluation', + status: 'Incomplete', + }, + { + id: 'CWE-769', + name: 'DEPRECATED: Uncontrolled File Descriptor Consumption', + status: 'Deprecated', + }, + { + id: 'CWE-77', + name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", + status: 'Draft', + }, + { + id: 'CWE-770', + name: 'Allocation of Resources Without Limits or Throttling', + status: 'Incomplete', + }, + { + id: 'CWE-771', + name: 'Missing Reference to Active Allocated Resource', + status: 'Incomplete', + }, + { + id: 'CWE-772', + name: 'Missing Release of Resource after Effective Lifetime', + status: 'Draft', + }, + { + id: 'CWE-773', + name: 'Missing Reference to Active File Descriptor or Handle', + status: 'Incomplete', + }, + { + id: 'CWE-774', + name: 'Allocation of File Descriptors or Handles Without Limits or Throttling', + status: 'Incomplete', + }, + { + id: 'CWE-775', + name: 'Missing Release of File Descriptor or Handle after Effective Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-776', + name: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", + status: 'Draft', + }, + { + id: 'CWE-777', + name: 'Regular Expression without Anchors', + status: 'Incomplete', + }, + { id: 'CWE-778', name: 'Insufficient Logging', status: 'Draft' }, + { id: 'CWE-779', name: 'Logging of Excessive Data', status: 'Draft' }, + { + id: 'CWE-78', + name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", + status: 'Stable', + }, + { + id: 'CWE-780', + name: 'Use of RSA Algorithm without OAEP', + status: 'Incomplete', + }, + { + id: 'CWE-781', + name: 'Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code', + status: 'Draft', + }, + { + id: 'CWE-782', + name: 'Exposed IOCTL with Insufficient Access Control', + status: 'Draft', + }, + { id: 'CWE-783', name: 'Operator Precedence Logic Error', status: 'Draft' }, + { + id: 'CWE-784', + name: 'Reliance on Cookies without Validation and Integrity Checking in a Security Decision', + status: 'Draft', + }, + { + id: 'CWE-785', + name: 'Use of Path Manipulation Function without Maximum-sized Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-786', + name: 'Access of Memory Location Before Start of Buffer', + status: 'Incomplete', + }, + { id: 'CWE-787', name: 'Out-of-bounds Write', status: 'Draft' }, + { + id: 'CWE-788', + name: 'Access of Memory Location After End of Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-789', + name: 'Memory Allocation with Excessive Size Value', + status: 'Draft', + }, + { + id: 'CWE-79', + name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + status: 'Stable', + }, + { + id: 'CWE-790', + name: 'Improper Filtering of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-791', + name: 'Incomplete Filtering of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-792', + name: 'Incomplete Filtering of One or More Instances of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-793', + name: 'Only Filtering One Instance of a Special Element', + status: 'Incomplete', + }, + { + id: 'CWE-794', + name: 'Incomplete Filtering of Multiple Instances of Special Elements', + status: 'Incomplete', + }, + { + id: 'CWE-795', + name: 'Only Filtering Special Elements at a Specified Location', + status: 'Incomplete', + }, + { + id: 'CWE-796', + name: 'Only Filtering Special Elements Relative to a Marker', + status: 'Incomplete', + }, + { + id: 'CWE-797', + name: 'Only Filtering Special Elements at an Absolute Position', + status: 'Incomplete', + }, + { id: 'CWE-798', name: 'Use of Hard-coded Credentials', status: 'Draft' }, + { + id: 'CWE-799', + name: 'Improper Control of Interaction Frequency', + status: 'Incomplete', + }, + { + id: 'CWE-8', + name: 'J2EE Misconfiguration: Entity Bean Declared Remote', + status: 'Incomplete', + }, + { + id: 'CWE-80', + name: 'Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)', + status: 'Incomplete', + }, + { id: 'CWE-804', name: 'Guessable CAPTCHA', status: 'Incomplete' }, + { + id: 'CWE-805', + name: 'Buffer Access with Incorrect Length Value', + status: 'Incomplete', + }, + { + id: 'CWE-806', + name: 'Buffer Access Using Size of Source Buffer', + status: 'Incomplete', + }, + { + id: 'CWE-807', + name: 'Reliance on Untrusted Inputs in a Security Decision', + status: 'Incomplete', + }, + { + id: 'CWE-81', + name: 'Improper Neutralization of Script in an Error Message Web Page', + status: 'Incomplete', + }, + { + id: 'CWE-82', + name: 'Improper Neutralization of Script in Attributes of IMG Tags in a Web Page', + status: 'Incomplete', + }, + { id: 'CWE-820', name: 'Missing Synchronization', status: 'Incomplete' }, + { id: 'CWE-821', name: 'Incorrect Synchronization', status: 'Incomplete' }, + { + id: 'CWE-822', + name: 'Untrusted Pointer Dereference', + status: 'Incomplete', + }, + { + id: 'CWE-823', + name: 'Use of Out-of-range Pointer Offset', + status: 'Incomplete', + }, + { + id: 'CWE-824', + name: 'Access of Uninitialized Pointer', + status: 'Incomplete', + }, + { + id: 'CWE-825', + name: 'Expired Pointer Dereference', + status: 'Incomplete', + }, + { + id: 'CWE-826', + name: 'Premature Release of Resource During Expected Lifetime', + status: 'Incomplete', + }, + { + id: 'CWE-827', + name: 'Improper Control of Document Type Definition', + status: 'Incomplete', + }, + { + id: 'CWE-828', + name: 'Signal Handler with Functionality that is not Asynchronous-Safe', + status: 'Incomplete', + }, + { + id: 'CWE-829', + name: 'Inclusion of Functionality from Untrusted Control Sphere', + status: 'Incomplete', + }, + { + id: 'CWE-83', + name: 'Improper Neutralization of Script in Attributes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-830', + name: 'Inclusion of Web Functionality from an Untrusted Source', + status: 'Incomplete', + }, + { + id: 'CWE-831', + name: 'Signal Handler Function Associated with Multiple Signals', + status: 'Incomplete', + }, + { + id: 'CWE-832', + name: 'Unlock of a Resource that is not Locked', + status: 'Incomplete', + }, + { id: 'CWE-833', name: 'Deadlock', status: 'Incomplete' }, + { id: 'CWE-834', name: 'Excessive Iteration', status: 'Incomplete' }, + { + id: 'CWE-835', + name: "Loop with Unreachable Exit Condition ('Infinite Loop')", + status: 'Incomplete', + }, + { + id: 'CWE-836', + name: 'Use of Password Hash Instead of Password for Authentication', + status: 'Incomplete', + }, + { + id: 'CWE-837', + name: 'Improper Enforcement of a Single, Unique Action', + status: 'Incomplete', + }, + { + id: 'CWE-838', + name: 'Inappropriate Encoding for Output Context', + status: 'Incomplete', + }, + { + id: 'CWE-839', + name: 'Numeric Range Comparison Without Minimum Check', + status: 'Incomplete', + }, + { + id: 'CWE-84', + name: 'Improper Neutralization of Encoded URI Schemes in a Web Page', + status: 'Draft', + }, + { + id: 'CWE-841', + name: 'Improper Enforcement of Behavioral Workflow', + status: 'Incomplete', + }, + { + id: 'CWE-842', + name: 'Placement of User into Incorrect Group', + status: 'Incomplete', + }, + { + id: 'CWE-843', + name: "Access of Resource Using Incompatible Type ('Type Confusion')", + status: 'Incomplete', + }, + { + id: 'CWE-85', + name: 'Doubled Character XSS Manipulations', + status: 'Draft', + }, + { + id: 'CWE-86', + name: 'Improper Neutralization of Invalid Characters in Identifiers in Web Pages', + status: 'Draft', + }, + { id: 'CWE-862', name: 'Missing Authorization', status: 'Incomplete' }, + { id: 'CWE-863', name: 'Incorrect Authorization', status: 'Incomplete' }, + { + id: 'CWE-87', + name: 'Improper Neutralization of Alternate XSS Syntax', + status: 'Draft', + }, + { + id: 'CWE-88', + name: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", + status: 'Draft', + }, + { + id: 'CWE-89', + name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + status: 'Stable', + }, + { + id: 'CWE-9', + name: 'J2EE Misconfiguration: Weak Access Permissions for EJB Methods', + status: 'Draft', + }, + { + id: 'CWE-90', + name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", + status: 'Draft', + }, + { + id: 'CWE-908', + name: 'Use of Uninitialized Resource', + status: 'Incomplete', + }, + { + id: 'CWE-909', + name: 'Missing Initialization of Resource', + status: 'Incomplete', + }, + { + id: 'CWE-91', + name: 'XML Injection (aka Blind XPath Injection)', + status: 'Draft', + }, + { + id: 'CWE-910', + name: 'Use of Expired File Descriptor', + status: 'Incomplete', + }, + { + id: 'CWE-911', + name: 'Improper Update of Reference Count', + status: 'Incomplete', + }, + { id: 'CWE-912', name: 'Hidden Functionality', status: 'Incomplete' }, + { + id: 'CWE-913', + name: 'Improper Control of Dynamically-Managed Code Resources', + status: 'Incomplete', + }, + { + id: 'CWE-914', + name: 'Improper Control of Dynamically-Identified Variables', + status: 'Incomplete', + }, + { + id: 'CWE-915', + name: 'Improperly Controlled Modification of Dynamically-Determined Object Attributes', + status: 'Incomplete', + }, + { + id: 'CWE-916', + name: 'Use of Password Hash With Insufficient Computational Effort', + status: 'Incomplete', + }, + { + id: 'CWE-917', + name: "Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-918', + name: 'Server-Side Request Forgery (SSRF)', + status: 'Incomplete', + }, + { + id: 'CWE-92', + name: 'DEPRECATED: Improper Sanitization of Custom Special Characters', + status: 'Deprecated', + }, + { + id: 'CWE-920', + name: 'Improper Restriction of Power Consumption', + status: 'Incomplete', + }, + { + id: 'CWE-921', + name: 'Storage of Sensitive Data in a Mechanism without Access Control', + status: 'Incomplete', + }, + { + id: 'CWE-922', + name: 'Insecure Storage of Sensitive Information', + status: 'Incomplete', + }, + { + id: 'CWE-923', + name: 'Improper Restriction of Communication Channel to Intended Endpoints', + status: 'Incomplete', + }, + { + id: 'CWE-924', + name: 'Improper Enforcement of Message Integrity During Transmission in a Communication Channel', + status: 'Incomplete', + }, + { + id: 'CWE-925', + name: 'Improper Verification of Intent by Broadcast Receiver', + status: 'Incomplete', + }, + { + id: 'CWE-926', + name: 'Improper Export of Android Application Components', + status: 'Incomplete', + }, + { + id: 'CWE-927', + name: 'Use of Implicit Intent for Sensitive Communication', + status: 'Incomplete', + }, + { + id: 'CWE-93', + name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", + status: 'Draft', + }, + { + id: 'CWE-939', + name: 'Improper Authorization in Handler for Custom URL Scheme', + status: 'Incomplete', + }, + { + id: 'CWE-94', + name: "Improper Control of Generation of Code ('Code Injection')", + status: 'Draft', + }, + { + id: 'CWE-940', + name: 'Improper Verification of Source of a Communication Channel', + status: 'Incomplete', + }, + { + id: 'CWE-941', + name: 'Incorrectly Specified Destination in a Communication Channel', + status: 'Incomplete', + }, + { + id: 'CWE-942', + name: 'Permissive Cross-domain Policy with Untrusted Domains', + status: 'Incomplete', + }, + { + id: 'CWE-943', + name: 'Improper Neutralization of Special Elements in Data Query Logic', + status: 'Incomplete', + }, + { + id: 'CWE-95', + name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", + status: 'Incomplete', + }, + { + id: 'CWE-96', + name: "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", + status: 'Draft', + }, + { + id: 'CWE-97', + name: 'Improper Neutralization of Server-Side Includes (SSI) Within a Web Page', + status: 'Draft', + }, + { + id: 'CWE-98', + name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", + status: 'Draft', + }, + { + id: 'CWE-99', + name: "Improper Control of Resource Identifiers ('Resource Injection')", + status: 'Draft', + }, + ], +} diff --git a/lib/shared/csafAjv.js b/lib/shared/csafAjv.js index 816e492a..b528ce65 100644 --- a/lib/shared/csafAjv.js +++ b/lib/shared/csafAjv.js @@ -3,11 +3,13 @@ import Ajv2020 from 'ajv/dist/2020.js' import cvss_v2_0 from './csafAjv/cvss-v2.0.js' import cvss_v3_0 from './csafAjv/cvss-v3.0.js' import cvss_v3_1 from './csafAjv/cvss-v3.1.js' +import cvss_v4_0 from './csafAjv/cvss-v4.0.js' const csafAjv = new Ajv2020({ strict: false, allErrors: true }) addFormats(csafAjv) csafAjv.addSchema(cvss_v2_0, 'https://www.first.org/cvss/cvss-v2.0.json') csafAjv.addSchema(cvss_v3_0, 'https://www.first.org/cvss/cvss-v3.0.json') csafAjv.addSchema(cvss_v3_1, 'https://www.first.org/cvss/cvss-v3.1.json') +csafAjv.addSchema(cvss_v4_0, 'https://www.first.org/cvss/cvss-v4.0.json') export default csafAjv diff --git a/lib/shared/csafAjv/cvss-v4.0.js b/lib/shared/csafAjv/cvss-v4.0.js new file mode 100644 index 00000000..4bf575fc --- /dev/null +++ b/lib/shared/csafAjv/cvss-v4.0.js @@ -0,0 +1,407 @@ +export default { + license: [ + 'Copyright (c) 2023, FIRST.ORG, INC.', + 'All rights reserved.', + '', + 'Redistribution and use in source and binary forms, with or without modification, are permitted provided that the ', + 'following conditions are met:', + '1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following ', + ' disclaimer.', + '2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the ', + ' following disclaimer in the documentation and/or other materials provided with the distribution.', + '3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote ', + ' products derived from this software without specific prior written permission.', + '', + "THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 'AS IS' AND ANY EXPRESS OR IMPLIED WARRANTIES, ", + 'INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE ', + 'DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ', + 'SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR ', + 'SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, ', + 'WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE ', + 'OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.', + ], + + $schema: 'https://json-schema.org/draft/2020-12/schema', + title: 'JSON Schema for Common Vulnerability Scoring System version 4.0', + $id: 'https://www.first.org/cvss/cvss-v4.0.json?20240216', + type: 'object', + definitions: { + attackVectorType: { + type: 'string', + enum: ['NETWORK', 'ADJACENT', 'LOCAL', 'PHYSICAL'], + }, + modifiedAttackVectorType: { + type: 'string', + enum: ['NETWORK', 'ADJACENT', 'LOCAL', 'PHYSICAL', 'NOT_DEFINED'], + default: 'NOT_DEFINED', + }, + attackComplexityType: { + type: 'string', + enum: ['HIGH', 'LOW'], + }, + modifiedAttackComplexityType: { + type: 'string', + enum: ['HIGH', 'LOW', 'NOT_DEFINED'], + default: 'NOT_DEFINED', + }, + attackRequirementsType: { + type: 'string', + enum: ['NONE', 'PRESENT'], + }, + modifiedAttackRequirementsType: { + type: 'string', + enum: ['NONE', 'PRESENT', 'NOT_DEFINED'], + default: 'NOT_DEFINED', + }, + privilegesRequiredType: { + type: 'string', + enum: ['HIGH', 'LOW', 'NONE'], + }, + modifiedPrivilegesRequiredType: { + type: 'string', + enum: ['HIGH', 'LOW', 'NONE', 'NOT_DEFINED'], + default: 'NOT_DEFINED', + }, + userInteractionType: { + type: 'string', + enum: ['NONE', 'PASSIVE', 'ACTIVE'], + }, + modifiedUserInteractionType: { + type: 'string', + enum: ['NONE', 'PASSIVE', 'ACTIVE', 'NOT_DEFINED'], + default: 'NOT_DEFINED', + }, + vulnCiaType: { + type: 'string', + enum: ['NONE', 'LOW', 'HIGH'], + }, + modifiedVulnCiaType: { + type: 'string', + enum: ['NONE', 'LOW', 'HIGH', 'NOT_DEFINED'], + default: 'NOT_DEFINED', + }, + subCiaType: { + type: 'string', + enum: ['NONE', 'LOW', 'HIGH'], + }, + modifiedSubCType: { + type: 'string', + enum: ['NEGLIGIBLE', 'LOW', 'HIGH', 'NOT_DEFINED'], + default: 'NOT_DEFINED', + }, + modifiedSubIaType: { + type: 'string', + enum: ['NEGLIGIBLE', 'LOW', 'HIGH', 'SAFETY', 'NOT_DEFINED'], + default: 'NOT_DEFINED', + }, + exploitMaturityType: { + type: 'string', + enum: ['UNREPORTED', 'PROOF_OF_CONCEPT', 'ATTACKED', 'NOT_DEFINED'], + default: 'NOT_DEFINED', + }, + ciaRequirementType: { + type: 'string', + enum: ['LOW', 'MEDIUM', 'HIGH', 'NOT_DEFINED'], + default: 'NOT_DEFINED', + }, + safetyType: { + type: 'string', + enum: ['NEGLIGIBLE', 'PRESENT', 'NOT_DEFINED'], + default: 'NOT_DEFINED', + }, + automatableType: { + type: 'string', + enum: ['NO', 'YES', 'NOT_DEFINED'], + default: 'NOT_DEFINED', + }, + recoveryType: { + type: 'string', + enum: ['AUTOMATIC', 'USER', 'IRRECOVERABLE', 'NOT_DEFINED'], + default: 'NOT_DEFINED', + }, + valueDensityType: { + type: 'string', + enum: ['DIFFUSE', 'CONCENTRATED', 'NOT_DEFINED'], + default: 'NOT_DEFINED', + }, + vulnerabilityResponseEffortType: { + type: 'string', + enum: ['LOW', 'MODERATE', 'HIGH', 'NOT_DEFINED'], + default: 'NOT_DEFINED', + }, + providerUrgencyType: { + type: 'string', + enum: ['CLEAR', 'GREEN', 'AMBER', 'RED', 'NOT_DEFINED'], + default: 'NOT_DEFINED', + }, + noneScoreType: { + type: 'number', + minimum: 0.0, + maximum: 0.0, + }, + lowScoreType: { + type: 'number', + minimum: 0.1, + maximum: 3.9, + multipleOf: 0.1, + }, + mediumScoreType: { + type: 'number', + minimum: 4.0, + maximum: 6.9, + multipleOf: 0.1, + }, + highScoreType: { + type: 'number', + minimum: 7.0, + maximum: 8.9, + multipleOf: 0.1, + }, + criticalScoreType: { + type: 'number', + minimum: 9.0, + maximum: 10, + multipleOf: 0.1, + }, + noneSeverityType: { + const: 'NONE', + }, + lowSeverityType: { + const: 'LOW', + }, + mediumSeverityType: { + const: 'MEDIUM', + }, + highSeverityType: { + const: 'HIGH', + }, + criticalSeverityType: { + const: 'CRITICAL', + }, + }, + properties: { + version: { + description: 'CVSS Version', + type: 'string', + enum: ['4.0'], + }, + vectorString: { + type: 'string', + pattern: + '^CVSS:4[.]0/AV:[NALP]/AC:[LH]/AT:[NP]/PR:[NLH]/UI:[NPA]/VC:[HLN]/VI:[HLN]/VA:[HLN]/SC:[HLN]/SI:[HLN]/SA:[HLN](/E:[XAPU])?(/CR:[XHML])?(/IR:[XHML])?(/AR:[XHML])?(/MAV:[XNALP])?(/MAC:[XLH])?(/MAT:[XNP])?(/MPR:[XNLH])?(/MUI:[XNPA])?(/MVC:[XNLH])?(/MVI:[XNLH])?(/MVA:[XNLH])?(/MSC:[XNLH])?(/MSI:[XNLHS])?(/MSA:[XNLHS])?(/S:[XNP])?(/AU:[XNY])?(/R:[XAUI])?(/V:[XDC])?(/RE:[XLMH])?(/U:(X|Clear|Green|Amber|Red))?$', + }, + attackVector: { $ref: '#/definitions/attackVectorType' }, + attackComplexity: { $ref: '#/definitions/attackComplexityType' }, + attackRequirements: { $ref: '#/definitions/attackRequirementsType' }, + privilegesRequired: { $ref: '#/definitions/privilegesRequiredType' }, + userInteraction: { $ref: '#/definitions/userInteractionType' }, + vulnConfidentialityImpact: { $ref: '#/definitions/vulnCiaType' }, + vulnIntegrityImpact: { $ref: '#/definitions/vulnCiaType' }, + vulnAvailabilityImpact: { $ref: '#/definitions/vulnCiaType' }, + subConfidentialityImpact: { $ref: '#/definitions/subCiaType' }, + subIntegrityImpact: { $ref: '#/definitions/subCiaType' }, + subAvailabilityImpact: { $ref: '#/definitions/subCiaType' }, + exploitMaturity: { $ref: '#/definitions/exploitMaturityType' }, + confidentialityRequirement: { $ref: '#/definitions/ciaRequirementType' }, + integrityRequirement: { $ref: '#/definitions/ciaRequirementType' }, + availabilityRequirement: { $ref: '#/definitions/ciaRequirementType' }, + modifiedAttackVector: { $ref: '#/definitions/modifiedAttackVectorType' }, + modifiedAttackComplexity: { + $ref: '#/definitions/modifiedAttackComplexityType', + }, + modifiedAttackRequirements: { + $ref: '#/definitions/modifiedAttackRequirementsType', + }, + modifiedPrivilegesRequired: { + $ref: '#/definitions/modifiedPrivilegesRequiredType', + }, + modifiedUserInteraction: { + $ref: '#/definitions/modifiedUserInteractionType', + }, + modifiedVulnConfidentialityImpact: { + $ref: '#/definitions/modifiedVulnCiaType', + }, + modifiedVulnIntegrityImpact: { $ref: '#/definitions/modifiedVulnCiaType' }, + modifiedVulnAvailabilityImpact: { + $ref: '#/definitions/modifiedVulnCiaType', + }, + modifiedSubConfidentialityImpact: { + $ref: '#/definitions/modifiedSubCType', + }, + modifiedSubIntegrityImpact: { $ref: '#/definitions/modifiedSubIaType' }, + modifiedSubAvailabilityImpact: { $ref: '#/definitions/modifiedSubIaType' }, + Safety: { $ref: '#/definitions/safetyType' }, + Automatable: { $ref: '#/definitions/automatableType' }, + Recovery: { $ref: '#/definitions/recoveryType' }, + valueDensity: { $ref: '#/definitions/valueDensityType' }, + vulnerabilityResponseEffort: { + $ref: '#/definitions/vulnerabilityResponseEffortType', + }, + providerUrgency: { $ref: '#/definitions/providerUrgencyType' }, + }, + allOf: [ + { + anyOf: [ + { + properties: { + baseScore: { + $ref: '#/definitions/noneScoreType', + }, + baseSeverity: { + $ref: '#/definitions/noneSeverityType', + }, + }, + }, + { + properties: { + baseScore: { + $ref: '#/definitions/lowScoreType', + }, + baseSeverity: { + $ref: '#/definitions/lowSeverityType', + }, + }, + }, + { + properties: { + baseScore: { + $ref: '#/definitions/mediumScoreType', + }, + baseSeverity: { + $ref: '#/definitions/mediumSeverityType', + }, + }, + }, + { + properties: { + baseScore: { + $ref: '#/definitions/highScoreType', + }, + baseSeverity: { + $ref: '#/definitions/highSeverityType', + }, + }, + }, + { + properties: { + baseScore: { + $ref: '#/definitions/criticalScoreType', + }, + baseSeverity: { + $ref: '#/definitions/criticalSeverityType', + }, + }, + }, + ], + }, + { + anyOf: [ + { + properties: { + threatScore: { + $ref: '#/definitions/noneScoreType', + }, + threatSeverity: { + $ref: '#/definitions/noneSeverityType', + }, + }, + }, + { + properties: { + threatScore: { + $ref: '#/definitions/lowScoreType', + }, + threatSeverity: { + $ref: '#/definitions/lowSeverityType', + }, + }, + }, + { + properties: { + threatScore: { + $ref: '#/definitions/mediumScoreType', + }, + threatSeverity: { + $ref: '#/definitions/mediumSeverityType', + }, + }, + }, + { + properties: { + threatScore: { + $ref: '#/definitions/highScoreType', + }, + threatSeverity: { + $ref: '#/definitions/highSeverityType', + }, + }, + }, + { + properties: { + threatScore: { + $ref: '#/definitions/criticalScoreType', + }, + threatSeverity: { + $ref: '#/definitions/criticalSeverityType', + }, + }, + }, + ], + }, + { + anyOf: [ + { + properties: { + environmentalScore: { + $ref: '#/definitions/noneScoreType', + }, + environmentalSeverity: { + $ref: '#/definitions/noneSeverityType', + }, + }, + }, + { + properties: { + environmentalScore: { + $ref: '#/definitions/lowScoreType', + }, + environmentalSeverity: { + $ref: '#/definitions/lowSeverityType', + }, + }, + }, + { + properties: { + environmentalScore: { + $ref: '#/definitions/mediumScoreType', + }, + environmentalSeverity: { + $ref: '#/definitions/mediumSeverityType', + }, + }, + }, + { + properties: { + environmentalScore: { + $ref: '#/definitions/highScoreType', + }, + environmentalSeverity: { + $ref: '#/definitions/highSeverityType', + }, + }, + }, + { + properties: { + environmentalScore: { + $ref: '#/definitions/criticalScoreType', + }, + environmentalSeverity: { + $ref: '#/definitions/criticalSeverityType', + }, + }, + }, + ], + }, + ], + required: ['version', 'vectorString', 'baseScore', 'baseSeverity'], +} diff --git a/package-lock.json b/package-lock.json index fec4645c..eefbfaad 100644 --- a/package-lock.json +++ b/package-lock.json @@ -34,7 +34,7 @@ "chai": "^4.3.7", "mocha": "^10.2.0", "prettier": "^2.8.1", - "typescript": "^4.9.4", + "typescript": "^5.7.3", "xml2js": "^0.5.0" } }, @@ -1589,9 +1589,9 @@ } }, "node_modules/typescript": { - "version": "4.9.5", - "resolved": "https://registry.npmjs.org/typescript/-/typescript-4.9.5.tgz", - "integrity": "sha512-1FXk9E2Hm+QzZQ7z+McJiHL4NW1F2EzMu9Nq9i3zAaGqibafqYwCVU6WyWAuyQRRzOlxou8xZSyXLEN8oKj24g==", + "version": "5.7.3", + "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.7.3.tgz", + "integrity": "sha512-84MVSjMEHP+FQRPy3pX9sTVV/INIex71s9TL2Gm5FG/WG1SqXeKyZ0k7/blY/4FdOzI12CBy1vGc4og/eus0fw==", "dev": true, "license": "Apache-2.0", "bin": { @@ -1599,7 +1599,7 @@ "tsserver": "bin/tsserver" }, "engines": { - "node": ">=4.2.0" + "node": ">=14.17" } }, "node_modules/undici": { diff --git a/package.json b/package.json index 2018f1af..9507420f 100644 --- a/package.json +++ b/package.json @@ -45,7 +45,7 @@ "chai": "^4.3.7", "mocha": "^10.2.0", "prettier": "^2.8.1", - "typescript": "^4.9.4", + "typescript": "^5.7.3", "xml2js": "^0.5.0" }, "version": "1.3.46" diff --git a/scripts/cwe-importCatalogue.js b/scripts/cwe-importCatalogue.js index 66954cd7..11df1572 100755 --- a/scripts/cwe-importCatalogue.js +++ b/scripts/cwe-importCatalogue.js @@ -3,42 +3,64 @@ import { writeFile, readFile } from 'node:fs/promises' import prettier from 'prettier' import xml2js from 'xml2js' +import { cwecMap } from '../lib/cwec.js' -// The registry file can be downloaded from https://cwe.mitre.org/data/xml/cwec_latest.xml.zip +/** + * This script can be used to loop over all cwe files containing the entire information of all cwe versions + * and extract only the properties relevant for the tests + * + * The input files containing the entire information of all cwe versions + * can be downloaded from https://cwe.mitre.org/data/archive.html + * Then create a cwe_raw_data folder and place these files there + * + * If a new cwe version is available, add the respective entry to the cwecMap + * + * After that, you can run this script + * + * */ -const [, , REGISTRY_FILE] = process.argv -const OUTPUT_FILE = 'lib/shared/cwec.js' +const cwec = Array.from(cwecMap.keys()) -/** - * @typedef {{ ID: string; Name: string }} Weakness - * @typedef {{Weaknesses: {Weakness: Array}}} Weaknesses - */ - -const parser = new xml2js.Parser({ - explicitArray: false, - mergeAttrs: true, - explicitRoot: false, -}) - -const fileXML = await parser.parseStringPromise( - await readFile(REGISTRY_FILE, 'utf-8') -) - -const json = { - weaknesses: fileXML.Weaknesses.Weakness.map( - (/** @type {Weakness} */ weakness) => { - return { id: `CWE-${weakness.ID}`, name: weakness.Name } - } - ), -} +for (const version of cwec) { + const INPUT_FILE = `../lib/cwe_raw_data/cwec_v${version}.xml` + const OUTPUT_FILE = `../lib/cwec/${version}.js` + + /** + * @typedef {{ ID: string; Name: string, Status: string, Mapping_Notes: {Usage: string} }} Weakness + * @typedef {{Weaknesses: {Weakness: Array}}} Weaknesses + * @typedef {{Date: string}} Date + */ + + const parser = new xml2js.Parser({ + explicitArray: false, + mergeAttrs: true, + explicitRoot: false, + }) -await writeFile( - OUTPUT_FILE, - prettier.format( - `export default /** @type {const} */ (${JSON.stringify(json)})`, - { + const fileXML = await parser.parseStringPromise( + await readFile(INPUT_FILE, 'utf-8') + ) + + const json = { + date: fileXML.Date, + weaknesses: fileXML.Weaknesses.Weakness.map( + (/** @type {Weakness} */ weakness) => { + return { + id: `CWE-${weakness.ID}`, + name: weakness.Name, + status: weakness.Status, + // Please note that the Usage property only exists in cwe version 4.12 and newer + usage: weakness.Mapping_Notes?.Usage, + } + } + ), + } + + await writeFile( + OUTPUT_FILE, + prettier.format(`export default (${JSON.stringify(json)})`, { ...(await prettier.resolveConfig(OUTPUT_FILE)), filepath: OUTPUT_FILE, - } + }) ) -) +} diff --git a/scripts/runTest.js b/scripts/runTest.js index 773b6684..f58f067d 100755 --- a/scripts/runTest.js +++ b/scripts/runTest.js @@ -3,44 +3,126 @@ /** * @file Script to validate JSON files against given tests * - * Usage: node .js json/file/path.json mandatoryTest_6_1_1 + * Usage: node .js -f -t [-c ] * - * `mandatoryTest_6_1_1` is a sample here. You can insert any test name from lib/mandatoryTests.js, - * `lib/optionalTests.js`, `lib/schemaTests.js` and `lib/schemaTests.js`. + * -f + * Specifies the path to the csaf json file to validate the given test against. + * + * -t + * Specifies the test(s) to run. The values that you can pass here depend on the value + * of the `-c` option which specifies the used csaf version. If you use 2.0 here you + * can insert any test name from `mandatoryTests.js`, `optionalTests.js`, + * `informativeTests.js` and `schemaTests.js`. + * If you use 2.1 here you can insert any test name from `csaf_2_1/mandatoryTests.js`, + * `csaf_2_1/optionalTests.js`, `csaf_2_1/informativeTests.js` and `csaf_2_1/schemaTests.js`. + * Some presets are also allowed such as `mandatory`, `optional`, `informative`, + * `schema` and `base`. + * + * -c (default: 2.0) + * Specifies the csaf version to use. The currently allowed versions are `2.0` (the default) + * and `2.1`. */ import { readFile } from 'fs/promises' -import * as schemaTests from '../schemaTests.js' -import * as mandatoryTests from '../mandatoryTests.js' -import * as optionalTests from '../optionalTests.js' -import * as informativeTests from '../informativeTests.js' import validate from '../validate.js' +import { parseArgs } from 'node:util' +import assert from 'node:assert' + +/** + * Types a function that can lazily load a set of tests. This is used to speed up the script + * by avoiding to load unused test sets. + * + * @typedef {() => Promise>} DocumentTestLoader + */ + +/** + * This is the main function that reads the file, executes the resolved test + * and logs the result. + * + * @param {object} ctx + * @param {DocumentTestLoader} ctx.schemaTests + * @param {DocumentTestLoader} ctx.mandatoryTests + * @param {DocumentTestLoader} ctx.optionalTests + * @param {DocumentTestLoader} ctx.informativeTests + * @param {object} params + * @param {string} params.testName + * @param {string} params.filePath + */ +const main = async ( + { informativeTests, mandatoryTests, optionalTests, schemaTests }, + { testName, filePath } +) => { + const json = JSON.parse(await readFile(filePath, { encoding: 'utf-8' })) + + const matchingTests = + testName === 'mandatory' + ? Object.values(await mandatoryTests()) + : testName === 'optional' + ? Object.values(await optionalTests()) + : testName === 'informative' + ? Object.values(await informativeTests()) + : testName === 'schema' + ? Object.values(await schemaTests()) + : testName === 'base' + ? Object.values(await schemaTests()).concat( + Object.values(await mandatoryTests()) + ) + : Object.values(await mandatoryTests()) + .concat(Object.values(await optionalTests())) + .concat(Object.values(await informativeTests())) + .concat(Object.values(await schemaTests())) + .filter((t) => t.name === testName) + + if (!matchingTests.length) + throw new Error(`No test matching "${testName}" found`) + const result = await validate(matchingTests, json) + process.exitCode = result.isValid ? 0 : 1 + console.log(JSON.stringify(result, null, 2)) +} + +const { values: cliOptions } = parseArgs({ + options: { + file: { + type: 'string', + short: 'f', + }, + 'csaf-version': { + type: 'string', + short: 'c', + default: '2.0', + }, + test: { + type: 'string', + short: 't', + }, + }, +}) + +const filePath = cliOptions.file +const testName = cliOptions.test +assert(filePath) +assert(testName) -const [, , filePath, testName] = process.argv - -const json = JSON.parse(await readFile(filePath, { encoding: 'utf-8' })) - -const matchingTests = - testName === 'mandatory' - ? Object.values(mandatoryTests) - : testName === 'optional' - ? Object.values(optionalTests) - : testName === 'informative' - ? Object.values(informativeTests) - : testName === 'schema' - ? Object.values(schemaTests) - : testName === 'base' - ? Object.values(schemaTests).concat(Object.values(mandatoryTests)) - : /** @type {Array} */ ( - Object.values(mandatoryTests) - ) - .concat(Object.values(optionalTests)) - .concat(Object.values(informativeTests)) - .concat(Object.values(schemaTests)) - .filter((t) => t.name === testName) - -if (!matchingTests.length) - throw new Error(`No test matching "${testName}" found`) -const result = await validate(matchingTests, json) -process.exitCode = result.isValid ? 0 : 1 -console.log(JSON.stringify(result, null, 2)) +if (cliOptions['csaf-version'] === '2.0') { + await main( + { + mandatoryTests: () => import('../mandatoryTests.js'), + informativeTests: () => import('../informativeTests.js'), + optionalTests: () => import('../optionalTests.js'), + schemaTests: () => import('../schemaTests.js'), + }, + { filePath, testName } + ) +} else if (cliOptions['csaf-version'] === '2.1') { + await main( + { + mandatoryTests: () => import('../csaf_2_1/mandatoryTests.js'), + informativeTests: () => import('../csaf_2_1/informativeTests.js'), + optionalTests: () => import('../csaf_2_1/optionalTests.js'), + schemaTests: () => import('../csaf_2_1/schemaTests.js'), + }, + { filePath, testName } + ) +} else { + throw new Error('Unknown CSAF version') +} diff --git a/scripts/test.js b/scripts/test.js index 54896a70..c2b42993 100644 --- a/scripts/test.js +++ b/scripts/test.js @@ -3,7 +3,7 @@ import { spawn } from 'child_process' import { fileURLToPath } from 'url' -spawn('mocha', ['tests', ...process.argv.slice(2)], { +spawn('mocha', ['tests', 'tests/csaf_2_1', ...process.argv.slice(2)], { stdio: 'inherit', shell: true, env: { diff --git a/tests/csaf_2_1/mandatoryTest_6_1_35.js b/tests/csaf_2_1/mandatoryTest_6_1_35.js new file mode 100644 index 00000000..13da1457 --- /dev/null +++ b/tests/csaf_2_1/mandatoryTest_6_1_35.js @@ -0,0 +1,35 @@ +import assert from 'node:assert' +import { mandatoryTest_6_1_35 } from '../../csaf_2_1/mandatoryTests.js' + +describe('mandatoryTest_6_1_37', function () { + it('only runs on relevant documents', function () { + assert.equal(mandatoryTest_6_1_35({ document: 'mydoc' }).isValid, true) + }) + + it('skips remediations without valid category', function () { + assert.equal( + mandatoryTest_6_1_35({ + vulnerabilities: [{ remediations: [{}] }], + }).isValid, + true + ) + }) + + it('skips remediation group checks without declared group', function () { + assert.equal( + mandatoryTest_6_1_35({ + vulnerabilities: [ + { + remediations: [ + { + category: 'some_category', + group_ids: ['my_not_existing_group'], + }, + ], + }, + ], + }).isValid, + true + ) + }) +}) diff --git a/tests/csaf_2_1/oasis.js b/tests/csaf_2_1/oasis.js new file mode 100644 index 00000000..ee426520 --- /dev/null +++ b/tests/csaf_2_1/oasis.js @@ -0,0 +1,190 @@ +import { readFile } from 'node:fs/promises' +import { readFileSync } from 'node:fs' +import assert from 'node:assert/strict' +import * as informative from '../../csaf_2_1/informativeTests.js' +import * as optional from '../../csaf_2_1/optionalTests.js' +import * as mandatory from '../../csaf_2_1/mandatoryTests.js' + +/* + This is a list that includes all test numbers that are not yet implemented. + Once all tests are implemented for CSAF 2.1 this should be deleted. + */ +const excluded = [ + '6.1.7', + '6.1.9', + '6.1.10', + '6.1.13', + '6.1.14', + '6.1.16', + '6.1.36', + '6.1.37', + '6.1.38', + '6.1.39', + '6.1.40', + '6.1.41', + '6.1.42', + '6.1.43', + '6.1.44', + '6.1.45', + '6.1.46', + '6.1.47', + '6.1.48', + '6.1.49', + '6.2.6', + '6.2.11', + '6.2.19', + '6.2.21', + '6.2.22', + '6.2.23', + '6.2.24', + '6.2.26', + '6.2.27', + '6.2.28', + '6.2.29', + '6.2.30', + '6.2.31', + '6.2.32', + '6.2.33', + '6.2.34', + '6.2.35', + '6.3.1', + '6.3.2', + '6.3.4', + '6.3.12', + '6.3.13', +] + +/** @typedef {import('../../lib/shared/types.js').DocumentTest} DocumentTest */ + +/** @typedef {Map} TestMap */ + +/** + * @typedef {object} TestCases + * @property {TestCase[]} tests + */ + +/** + * @typedef {object} TestCase + * @property {string} id + * @property {string} group + * @property {TestSpec[]} [failures] + * @property {TestSpec[]} [valid] + */ + +/** + * @typedef {object} TestSpec + * @property {string} name + * @property {boolean} valid + */ + +const tests = new Map([ + [ + 'informative', + /** @type {TestMap} */ (new Map(Object.entries(informative))), + ], + ['optional', /** @type {TestMap} */ (new Map(Object.entries(optional)))], + ['mandatory', /** @type {TestMap} */ (new Map(Object.entries(mandatory)))], +]) + +const testDataBaseUrl = new URL( + '../../csaf/csaf_2.1/test/validator/data/', + import.meta.url +) + +const testCases = /** @type {TestCases} */ ( + JSON.parse( + await readFile(new URL('testcases.json', testDataBaseUrl), 'utf-8') + ) +) + +const testMap = parseTestCases() + +for (const [group, t] of testMap) { + describe(group, function () { + for (const [testId, u] of t) { + describe(testId, function () { + for (const [type, testSpecs] of u) { + describe(type, function () { + for (const testSpec of testSpecs) { + if (excluded.includes(testId)) continue + + it(testSpec.name, async () => { + const test = tests + .get(group) + ?.get(`${group}Test_${testId.replace(/\./g, '_')}`) + + assert(test, 'test does not exist') + + const doc = JSON.parse( + readFileSync(new URL(testSpec.name, testDataBaseUrl), 'utf-8') + ) + + const result = await test(doc) + + if (group === 'mandatory') { + assert.equal(result.isValid, testSpec.valid) + assert.equal( + Boolean(result.errors?.length), + type === 'failures', + type === 'failures' + ? 'should have errors' + : `should not have errors, but had ${result.errors?.length}` + ) + } else { + assert.equal(result.isValid === undefined, testSpec.valid) + + if (group === 'optional') { + assert.equal( + Boolean(result.warnings?.length), + type === 'failures', + type === 'failures' + ? 'should have warnings' + : `should not have warnings, but had ${result.warnings?.length}` + ) + } else if (group === 'informative') { + assert.equal( + Boolean(result.infos?.length), + type === 'failures', + type === 'failures' + ? 'should have infos' + : `should not have infos, but had ${result.infos?.length}` + ) + } + } + }) + } + }) + } + }) + } + }) +} + +function parseTestCases() { + /** @type {Map>>} */ + const testData = new Map() + for (const test of testCases.tests) { + const valids = testData.get(test.group)?.get(test.id)?.get('valid') ?? [] + const failures = + testData.get(test.group)?.get(test.id)?.get('failures') ?? [] + + for (const valid of test.valid ?? []) { + valids.push(valid) + } + for (const failure of test.failures ?? []) { + failures.push(failure) + } + + testData.set( + test.group, + new Map(testData.get(test.group)).set( + test.id, + new Map(testData.get(test.group)?.get(test.id)) + .set('valid', valids) + .set('failures', failures) + ) + ) + } + + return testData +} diff --git a/tsconfig.json b/tsconfig.json index a6b04a95..30aa0c4a 100644 --- a/tsconfig.json +++ b/tsconfig.json @@ -33,7 +33,7 @@ // "typeRoots": [], /* Specify multiple folders that act like `./node_modules/@types`. */ // "types": [], /* Specify type package names to be included without being referenced in a source file. */ // "allowUmdGlobalAccess": true, /* Allow accessing UMD globals from modules. */ - "resolveJsonModule": true /* Enable importing .json files */, + // "resolveJsonModule": true /* Enable importing .json files */, // "noResolve": true, /* Disallow `import`s, `require`s or ``s from expanding the number of files TypeScript should add to a project. */ /* JavaScript Support */ @@ -98,6 +98,6 @@ // "skipDefaultLibCheck": true, /* Skip type checking .d.ts files that are included with TypeScript. */ "skipLibCheck": true /* Skip type checking all .d.ts files. */ }, - "include": ["**/*.js", "**/*.ts", "**/*.json", "**/*.cjs"], + "include": ["**/*.js", "**/*.ts", "**/*.cjs"], "exclude": ["node_modules", "build", "csaf"] }