From 38b1d622f69bd4aad31e761ec80ad534fe7dfa58 Mon Sep 17 00:00:00 2001 From: MaineK00n Date: Wed, 8 Jun 2022 21:36:54 +0000 Subject: [PATCH] feat(cwe): update CWE dictionary (#1443) --- cwe/cwe.go | 74 +- cwe/en.go | 2068 +++++++++++++++++++++++++++++++++++------ cwe/ja.go | 1846 ++++++++++++++++++++---------------- cwe/owasp.go | 292 +++++- cwe/sans.go | 74 +- detector/detector.go | 45 +- models/scanresults.go | 84 +- reporter/slack.go | 24 +- reporter/util.go | 85 +- 9 files changed, 3379 insertions(+), 1213 deletions(-) diff --git a/cwe/cwe.go b/cwe/cwe.go index 4bf42355..0236f80b 100644 --- a/cwe/cwe.go +++ b/cwe/cwe.go @@ -1,7 +1,13 @@ package cwe -// CweTopTwentyfive2019 has CWE-ID in CWE Top 25 -var CweTopTwentyfive2019 = map[string]string{ +// CweTopTwentyfives has CWE-ID in CWE Top 25 +var CweTopTwentyfives = map[string]map[string]string{ + "2019": cweTopTwentyfive2019, + "2020": cweTopTwentyfive2020, + "2021": cweTopTwentyfive2021, +} + +var cweTopTwentyfive2019 = map[string]string{ "119": "1", "79": "2", "20": "3", @@ -29,5 +35,65 @@ var CweTopTwentyfive2019 = map[string]string{ "295": "25", } -// CweTopTwentyfive2019URL has CWE Top25 links -var CweTopTwentyfive2019URL = "https://cwe.mitre.org/top25/archive/2019/2019_cwe_top25.html" +var cweTopTwentyfive2020 = map[string]string{ + "79": "1", + "787": "2", + "20": "3", + "125": "4", + "119": "5", + "89": "6", + "200": "7", + "416": "8", + "352": "9", + "78": "10", + "190": "11", + "22": "12", + "476": "13", + "287": "14", + "434": "16", + "732": "16", + "94": "17", + "522": "18", + "611": "19", + "798": "20", + "502": "21", + "269": "22", + "400": "23", + "306": "24", + "862": "25", +} + +var cweTopTwentyfive2021 = map[string]string{ + "787": "1", + "79": "2", + "125": "3", + "20": "4", + "78": "5", + "89": "6", + "416": "7", + "22": "8", + "352": "9", + "434": "10", + "306": "11", + "190": "12", + "502": "13", + "287": "14", + "476": "16", + "798": "16", + "119": "17", + "862": "18", + "276": "19", + "200": "20", + "522": "21", + "732": "22", + "611": "23", + "918": "24", + "77": "25", +} + +// CweTopTwentyfiveURLs has CWE Top25 links +var CweTopTwentyfiveURLs = map[string]string{ + "2019": "https://cwe.mitre.org/top25/archive/2019/2019_cwe_top25.html", + "2020": "https://cwe.mitre.org/top25/archive/2020/2020_cwe_top25.html", + "2021": "https://cwe.mitre.org/top25/archive/2021/2021_cwe_top25.html", +} diff --git a/cwe/en.go b/cwe/en.go index 215e2b62..fe3ff97c 100644 --- a/cwe/en.go +++ b/cwe/en.go @@ -9,7 +9,7 @@ type Cwe struct { Lang string `json:"-"` } -// CweDictEn is the Cwe dictionary +// CweDictEn is the Cwe dictionary (https://cwe.mitre.org/data/xml/cwec_latest.xml.zip) var CweDictEn = map[string]Cwe{ "1004": { CweID: "1004", @@ -41,37 +41,58 @@ var CweDictEn = map[string]Cwe{ }, "1022": { CweID: "1022", - Name: "Improper Restriction of Cross-Origin Permission to window.opener.location", - Description: "The web application does not restrict or incorrectly restricts modification of its window opener object's location property by an external application from a different origin.", - ExtendedDescription: "By default, many browsers that open a link to an external application with a target specified as a new window/tab provide cross-origin access to the location property via a window.opener object. This enables the external application to choose a location to redirect the calling web application, e.g. for a phishing attack.", + Name: "Use of Web Link to Untrusted Target with window.opener Access", + Description: "The web application produces links to untrusted external sites outside of its sphere of control, but it does not properly prevent the external site from modifying security-critical properties of the window.opener object, such as the location property.", + ExtendedDescription: `When a user clicks a link to an external site ("target"), the target="_blank" attribute causes the target site's contents to be opened in a new window or tab, which runs in the same process as the original page. The window.opener object records information about the original page that offered the link. If an attacker can run script on the target page, then they could read or modify certain properties of the window.opener object, including the location property - even if the original and target site are not the same origin. An attacker can modify the location property to automatically redirect the user to a malicious site, e.g. as part of a phishing attack. Since this redirect happens in the original window/tab - which is not necessarily visible, since the browser is focusing the display on the new target page - the user might not notice any suspicious redirection.`, Lang: "en", }, "1023": { CweID: "1023", Name: "Incomplete Comparison with Missing Factors", - Description: "The software performs a comparison between entities that must consider multiple factors or characteristics of each entity, but the comparison does not include one or more of these factors. This can lead to resultant weaknesses, e.g. by operating on the wrong object.", - ExtendedDescription: "", + Description: "The software performs a comparison between entities that must consider multiple factors or characteristics of each entity, but the comparison does not include one or more of these factors.", + ExtendedDescription: "An incomplete comparison can lead to resultant weaknesses, e.g., by operating on the wrong object or making a security decision without considering a required factor.", Lang: "en", }, "1024": { CweID: "1024", Name: "Comparison of Incompatible Types", Description: "The software performs a comparison between two entities, but the entities are of different, incompatible types that cannot be guaranteed to provide correct results when they are directly compared.", - ExtendedDescription: "In languages that are strictly typed but support casting/conversion, such as C or C++, the programmer might assume that casting one entity to the same type as another entity will ensure that the comparison will be performed correctly, but this cannot be guaranteed. In languages that are not strictly typed, such as PHP or JavaScript, there may be implicit casting/conversion to a type that the programmer is unaware of, causing unexpected results; for example, the string '123' might be converted to a number type. See examples.", + ExtendedDescription: `In languages that are strictly typed but support casting/conversion, such as C or C++, the programmer might assume that casting one entity to the same type as another entity will ensure that the comparison will be performed correctly, but this cannot be guaranteed. In languages that are not strictly typed, such as PHP or JavaScript, there may be implicit casting/conversion to a type that the programmer is unaware of, causing unexpected results; for example, the string "123" might be converted to a number type. See examples.`, Lang: "en", }, "1025": { CweID: "1025", Name: "Comparison Using Wrong Factors", - Description: "The software performs a comparison between two entities, but the comparison examines the wrong factors or characteristics of the entities, which can lead to incorrect results and resultant weaknesses.", - ExtendedDescription: "A common example of this weakness occurs when the code inadvertently extracts the reference to an object, instead of its relevant contents.", + Description: "The code performs a comparison between two entities, but the comparison examines the wrong factors or characteristics of the entities, which can lead to incorrect results and resultant weaknesses.", + ExtendedDescription: `This can lead to incorrect results and resultant weaknesses. For example, the code might inadvertently compare references to objects, instead of the relevant contents of those objects, causing two "equal" objects to be considered unequal.`, Lang: "en", }, "103": { CweID: "103", Name: "Struts: Incomplete validate() Method Definition", Description: "The application has a validator form that either does not define a validate() method, or defines a validate() method but does not call super.validate().", - ExtendedDescription: "If you do not call super.validate(), the Validation Framework cannot check the contents of the form against a validation form. In other words, the validation framework will be disabled for the given form.", + ExtendedDescription: "If the code does not call super.validate(), the Validation Framework cannot check the contents of the form against a validation form. In other words, the validation framework will be disabled for the given form.", + Lang: "en", + }, + "1037": { + CweID: "1037", + Name: "Processor Optimization Removal or Modification of Security-critical Code", + Description: "The developer builds a security-critical protection mechanism into the software, but the processor optimizes the execution of the program such that the mechanism is removed or modified.", + ExtendedDescription: "", + Lang: "en", + }, + "1038": { + CweID: "1038", + Name: "Insecure Automated Optimizations", + Description: "The product uses a mechanism that automatically optimizes code, e.g. to improve a characteristic such as performance, but the optimizations can have an unintended side effect that might violate an intended security assumption.", + ExtendedDescription: "", + Lang: "en", + }, + "1039": { + CweID: "1039", + Name: "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations", + Description: "The product uses an automated mechanism such as machine learning to recognize complex data inputs (e.g. image or audio) as a particular concept or category, but it does not properly detect or handle inputs that have been modified or constructed in a way that causes the mechanism to detect a different, incorrect concept.", + ExtendedDescription: "", Lang: "en", }, "104": { @@ -81,6 +102,69 @@ var CweDictEn = map[string]Cwe{ ExtendedDescription: "", Lang: "en", }, + "1041": { + CweID: "1041", + Name: "Use of Redundant Code", + Description: "The software has multiple functions, methods, procedures, macros, etc. that contain the same code.", + ExtendedDescription: "", + Lang: "en", + }, + "1042": { + CweID: "1042", + Name: "Static Member Data Element outside of a Singleton Class Element", + Description: "The code contains a member element that is declared as static (but not final), in which its parent class element is not a singleton class - that is, a class element that can be used only once in the 'to' association of a Create action.", + ExtendedDescription: "", + Lang: "en", + }, + "1043": { + CweID: "1043", + Name: "Data Element Aggregating an Excessively Large Number of Non-Primitive Elements", + Description: "The software uses a data element that has an excessively large number of sub-elements with non-primitive data types such as structures or aggregated objects.", + ExtendedDescription: "", + Lang: "en", + }, + "1044": { + CweID: "1044", + Name: "Architecture with Number of Horizontal Layers Outside of Expected Range", + Description: "The software's architecture contains too many - or too few - horizontal layers.", + ExtendedDescription: "", + Lang: "en", + }, + "1045": { + CweID: "1045", + Name: "Parent Class with a Virtual Destructor and a Child Class without a Virtual Destructor", + Description: "A parent class has a virtual destructor method, but the parent has a child class that does not have a virtual destructor.", + ExtendedDescription: "", + Lang: "en", + }, + "1046": { + CweID: "1046", + Name: "Creation of Immutable Text Using String Concatenation", + Description: "The software creates an immutable text string using string concatenation operations.", + ExtendedDescription: "", + Lang: "en", + }, + "1047": { + CweID: "1047", + Name: "Modules with Circular Dependencies", + Description: "The software contains modules in which one module has references that cycle back to itself, i.e., there are circular dependencies.", + ExtendedDescription: "", + Lang: "en", + }, + "1048": { + CweID: "1048", + Name: "Invokable Control Element with Large Number of Outward Calls", + Description: "The code contains callable control elements that contain an excessively large number of references to other application objects external to the context of the callable, i.e. a Fan-Out value that is excessively large.", + ExtendedDescription: "", + Lang: "en", + }, + "1049": { + CweID: "1049", + Name: "Excessive Data Query Operations in a Large Data Table", + Description: "The software performs a data query with a large number of joins and sub-queries on a large data table.", + ExtendedDescription: "", + Lang: "en", + }, "105": { CweID: "105", Name: "Struts: Form Field Without Validator", @@ -88,6 +172,76 @@ var CweDictEn = map[string]Cwe{ ExtendedDescription: "Omitting validation for even a single input field may give attackers the leeway they need to compromise the application. Although J2EE applications are not generally susceptible to memory corruption attacks, if a J2EE application interfaces with native code that does not perform array bounds checking, an attacker may be able to use an input validation mistake in the J2EE application to launch a buffer overflow attack.", Lang: "en", }, + "1050": { + CweID: "1050", + Name: "Excessive Platform Resource Consumption within a Loop", + Description: "The software has a loop body or loop condition that contains a control element that directly or indirectly consumes platform resources, e.g. messaging, sessions, locks, or file descriptors.", + ExtendedDescription: "", + Lang: "en", + }, + "1051": { + CweID: "1051", + Name: "Initialization with Hard-Coded Network Resource Configuration Data", + Description: "The software initializes data using hard-coded values that act as network resource identifiers.", + ExtendedDescription: "", + Lang: "en", + }, + "1052": { + CweID: "1052", + Name: "Excessive Use of Hard-Coded Literals in Initialization", + Description: "The software initializes a data element using a hard-coded literal that is not a simple integer or static constant element.", + ExtendedDescription: "", + Lang: "en", + }, + "1053": { + CweID: "1053", + Name: "Missing Documentation for Design", + Description: "The product does not have documentation that represents how it is designed.", + ExtendedDescription: "", + Lang: "en", + }, + "1054": { + CweID: "1054", + Name: "Invocation of a Control Element at an Unnecessarily Deep Horizontal Layer", + Description: "The code at one architectural layer invokes code that resides at a deeper layer than the adjacent layer, i.e., the invocation skips at least one layer, and the invoked code is not part of a vertical utility layer that can be referenced from any horizontal layer.", + ExtendedDescription: "", + Lang: "en", + }, + "1055": { + CweID: "1055", + Name: "Multiple Inheritance from Concrete Classes", + Description: "The software contains a class with inheritance from more than one concrete class.", + ExtendedDescription: "", + Lang: "en", + }, + "1056": { + CweID: "1056", + Name: "Invokable Control Element with Variadic Parameters", + Description: "A named-callable or method control element has a signature that supports a variable (variadic) number of parameters or arguments.", + ExtendedDescription: "", + Lang: "en", + }, + "1057": { + CweID: "1057", + Name: "Data Access Operations Outside of Expected Data Manager Component", + Description: "The software uses a dedicated, central data manager component as required by design, but it contains code that performs data-access operations that do not use this data manager.", + ExtendedDescription: "", + Lang: "en", + }, + "1058": { + CweID: "1058", + Name: "Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element", + Description: "The code contains a function or method that operates in a multi-threaded environment but owns an unsafe non-final static storable or member data element.", + ExtendedDescription: "", + Lang: "en", + }, + "1059": { + CweID: "1059", + Name: "Incomplete Documentation", + Description: "The documentation, whether on paper or in electronic form, does not contain descriptions of all the relevant elements of the product, such as its usage, structure, interfaces, design, implementation, configuration, operation, etc.", + ExtendedDescription: "", + Lang: "en", + }, "106": { CweID: "106", Name: "Struts: Plug-in Framework not in Use", @@ -95,6 +249,76 @@ var CweDictEn = map[string]Cwe{ ExtendedDescription: "", Lang: "en", }, + "1060": { + CweID: "1060", + Name: "Excessive Number of Inefficient Server-Side Data Accesses", + Description: "The software performs too many data queries without using efficient data processing functionality such as stored procedures.", + ExtendedDescription: "", + Lang: "en", + }, + "1061": { + CweID: "1061", + Name: "Insufficient Encapsulation", + Description: "The software does not sufficiently hide the internal representation and implementation details of data or methods, which might allow external components or modules to modify data unexpectedly, invoke unexpected functionality, or introduce dependencies that the programmer did not intend.", + ExtendedDescription: "", + Lang: "en", + }, + "1062": { + CweID: "1062", + Name: "Parent Class with References to Child Class", + Description: "The code has a parent class that contains references to a child class, its methods, or its members.", + ExtendedDescription: "", + Lang: "en", + }, + "1063": { + CweID: "1063", + Name: "Creation of Class Instance within a Static Code Block", + Description: "A static code block creates an instance of a class.", + ExtendedDescription: "", + Lang: "en", + }, + "1064": { + CweID: "1064", + Name: "Invokable Control Element with Signature Containing an Excessive Number of Parameters", + Description: "The software contains a function, subroutine, or method whose signature has an unnecessarily large number of parameters/arguments.", + ExtendedDescription: "", + Lang: "en", + }, + "1065": { + CweID: "1065", + Name: "Runtime Resource Management Control Element in a Component Built to Run on Application Servers", + Description: "The application uses deployed components from application servers, but it also uses low-level functions/methods for management of resources, instead of the API provided by the application server.", + ExtendedDescription: "", + Lang: "en", + }, + "1066": { + CweID: "1066", + Name: "Missing Serialization Control Element", + Description: "The software contains a serializable data element that does not have an associated serialization method.", + ExtendedDescription: "", + Lang: "en", + }, + "1067": { + CweID: "1067", + Name: "Excessive Execution of Sequential Searches of Data Resource", + Description: "The software contains a data query against an SQL table or view that is configured in a way that does not utilize an index and may cause sequential searches to be performed.", + ExtendedDescription: "", + Lang: "en", + }, + "1068": { + CweID: "1068", + Name: "Inconsistency Between Implementation and Documented Design", + Description: "The implementation of the product is not consistent with the design as described within the relevant documentation.", + ExtendedDescription: "", + Lang: "en", + }, + "1069": { + CweID: "1069", + Name: "Empty Exception Block", + Description: "An invokable code block contains an exception handling block that does not contain any code, i.e. is empty.", + ExtendedDescription: "", + Lang: "en", + }, "107": { CweID: "107", Name: "Struts: Unused Validation Form", @@ -102,6 +326,76 @@ var CweDictEn = map[string]Cwe{ ExtendedDescription: "It is easy for developers to forget to update validation logic when they remove or rename action form mappings. One indication that validation logic is not being properly maintained is the presence of an unused validation form.", Lang: "en", }, + "1070": { + CweID: "1070", + Name: "Serializable Data Element Containing non-Serializable Item Elements", + Description: "The software contains a serializable, storable data element such as a field or member, but the data element contains member elements that are not serializable.", + ExtendedDescription: "", + Lang: "en", + }, + "1071": { + CweID: "1071", + Name: "Empty Code Block", + Description: "The source code contains a block that does not contain any code, i.e., the block is empty.", + ExtendedDescription: "", + Lang: "en", + }, + "1072": { + CweID: "1072", + Name: "Data Resource Access without Use of Connection Pooling", + Description: "The software accesses a data resource through a database without using a connection pooling capability.", + ExtendedDescription: "", + Lang: "en", + }, + "1073": { + CweID: "1073", + Name: "Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses", + Description: "The software contains a client with a function or method that contains a large number of data accesses/queries that are sent through a data manager, i.e., does not use efficient database capabilities.", + ExtendedDescription: "", + Lang: "en", + }, + "1074": { + CweID: "1074", + Name: "Class with Excessively Deep Inheritance", + Description: "A class has an inheritance level that is too high, i.e., it has a large number of parent classes.", + ExtendedDescription: "", + Lang: "en", + }, + "1075": { + CweID: "1075", + Name: "Unconditional Control Flow Transfer outside of Switch Block", + Description: `The software performs unconditional control transfer (such as a "goto") in code outside of a branching structure such as a switch block.`, + ExtendedDescription: "", + Lang: "en", + }, + "1076": { + CweID: "1076", + Name: "Insufficient Adherence to Expected Conventions", + Description: "The product's architecture, source code, design, documentation, or other artifact does not follow required conventions.", + ExtendedDescription: "", + Lang: "en", + }, + "1077": { + CweID: "1077", + Name: "Floating Point Comparison with Incorrect Operator", + Description: "The code performs a comparison such as an equality test between two float (floating point) values, but it uses comparison operators that do not account for the possibility of loss of precision.", + ExtendedDescription: "", + Lang: "en", + }, + "1078": { + CweID: "1078", + Name: "Inappropriate Source Code Style or Formatting", + Description: "The source code does not follow desired style or formatting for indentation, white space, comments, etc.", + ExtendedDescription: "", + Lang: "en", + }, + "1079": { + CweID: "1079", + Name: "Parent Class without Virtual Destructor Method", + Description: "A parent class contains one or more child classes, but the parent class does not have a virtual destructor method.", + ExtendedDescription: "", + Lang: "en", + }, "108": { CweID: "108", Name: "Struts: Unvalidated Action Form", @@ -109,6 +403,69 @@ var CweDictEn = map[string]Cwe{ ExtendedDescription: "If a Struts Action Form Mapping specifies a form, it must have a validation form defined under the Struts Validator.", Lang: "en", }, + "1080": { + CweID: "1080", + Name: "Source Code File with Excessive Number of Lines of Code", + Description: "A source code file has too many lines of code.", + ExtendedDescription: "", + Lang: "en", + }, + "1082": { + CweID: "1082", + Name: "Class Instance Self Destruction Control Element", + Description: "The code contains a class instance that calls the method or function to delete or destroy itself.", + ExtendedDescription: "", + Lang: "en", + }, + "1083": { + CweID: "1083", + Name: "Data Access from Outside Expected Data Manager Component", + Description: "The software is intended to manage data access through a particular data manager component such as a relational or non-SQL database, but it contains code that performs data access operations without using that component.", + ExtendedDescription: "", + Lang: "en", + }, + "1084": { + CweID: "1084", + Name: "Invokable Control Element with Excessive File or Data Access Operations", + Description: "A function or method contains too many operations that utilize a data manager or file resource.", + ExtendedDescription: "", + Lang: "en", + }, + "1085": { + CweID: "1085", + Name: "Invokable Control Element with Excessive Volume of Commented-out Code", + Description: "A function, method, procedure, etc. contains an excessive amount of code that has been commented out within its body.", + ExtendedDescription: "", + Lang: "en", + }, + "1086": { + CweID: "1086", + Name: "Class with Excessive Number of Child Classes", + Description: "A class contains an unnecessarily large number of children.", + ExtendedDescription: "", + Lang: "en", + }, + "1087": { + CweID: "1087", + Name: "Class with Virtual Method without a Virtual Destructor", + Description: "A class contains a virtual method, but the method does not have an associated virtual destructor.", + ExtendedDescription: "", + Lang: "en", + }, + "1088": { + CweID: "1088", + Name: "Synchronous Access of Remote Resource without Timeout", + Description: "The code has a synchronous call to a remote resource, but there is no timeout for the call, or the timeout is set to infinite.", + ExtendedDescription: "", + Lang: "en", + }, + "1089": { + CweID: "1089", + Name: "Large Data Table with Excessive Number of Indices", + Description: "The software uses a large data table that contains an excessively large number of indices.", + ExtendedDescription: "", + Lang: "en", + }, "109": { CweID: "109", Name: "Struts: Validator Turned Off", @@ -116,6 +473,76 @@ var CweDictEn = map[string]Cwe{ ExtendedDescription: "", Lang: "en", }, + "1090": { + CweID: "1090", + Name: "Method Containing Access of a Member Element from Another Class", + Description: "A method for a class performs an operation that directly accesses a member element from another class.", + ExtendedDescription: "", + Lang: "en", + }, + "1091": { + CweID: "1091", + Name: "Use of Object without Invoking Destructor Method", + Description: "The software contains a method that accesses an object but does not later invoke the element's associated finalize/destructor method.", + ExtendedDescription: "", + Lang: "en", + }, + "1092": { + CweID: "1092", + Name: "Use of Same Invokable Control Element in Multiple Architectural Layers", + Description: "The software uses the same control element across multiple architectural layers.", + ExtendedDescription: "", + Lang: "en", + }, + "1093": { + CweID: "1093", + Name: "Excessively Complex Data Representation", + Description: "The software uses an unnecessarily complex internal representation for its data structures or interrelationships between those structures.", + ExtendedDescription: "", + Lang: "en", + }, + "1094": { + CweID: "1094", + Name: "Excessive Index Range Scan for a Data Resource", + Description: "The software contains an index range scan for a large data table, but the scan can cover a large number of rows.", + ExtendedDescription: "", + Lang: "en", + }, + "1095": { + CweID: "1095", + Name: "Loop Condition Value Update within the Loop", + Description: "The software uses a loop with a control flow condition based on a value that is updated within the body of the loop.", + ExtendedDescription: "", + Lang: "en", + }, + "1096": { + CweID: "1096", + Name: "Singleton Class Instance Creation without Proper Locking or Synchronization", + Description: "The software implements a Singleton design pattern but does not use appropriate locking or other synchronization mechanism to ensure that the singleton class is only instantiated once.", + ExtendedDescription: "", + Lang: "en", + }, + "1097": { + CweID: "1097", + Name: "Persistent Storable Data Element without Associated Comparison Control Element", + Description: "The software uses a storable data element that does not have all of the associated functions or methods that are necessary to support comparison.", + ExtendedDescription: "", + Lang: "en", + }, + "1098": { + CweID: "1098", + Name: "Data Element containing Pointer Item without Proper Copy Control Element", + Description: "The code contains a data element with a pointer that does not have an associated copy or constructor method.", + ExtendedDescription: "", + Lang: "en", + }, + "1099": { + CweID: "1099", + Name: "Inconsistent Naming Conventions for Identifiers", + Description: "The product's code, documentation, or other artifacts do not consistently use the same naming conventions for variables, callables, groups of related callables, I/O capabilities, data types, file names, or similar types of elements.", + ExtendedDescription: "", + Lang: "en", + }, "11": { CweID: "11", Name: "ASP.NET Misconfiguration: Creating Debug Binary", @@ -130,11 +557,151 @@ var CweDictEn = map[string]Cwe{ ExtendedDescription: "", Lang: "en", }, + "1100": { + CweID: "1100", + Name: "Insufficient Isolation of System-Dependent Functions", + Description: "The product or code does not isolate system-dependent functionality into separate standalone modules.", + ExtendedDescription: "", + Lang: "en", + }, + "1101": { + CweID: "1101", + Name: "Reliance on Runtime Component in Generated Code", + Description: "The product uses automatically-generated code that cannot be executed without a specific runtime support component.", + ExtendedDescription: "", + Lang: "en", + }, + "1102": { + CweID: "1102", + Name: "Reliance on Machine-Dependent Data Representation", + Description: "The code uses a data representation that relies on low-level data representation or constructs that may vary across different processors, physical machines, OSes, or other physical components.", + ExtendedDescription: "", + Lang: "en", + }, + "1103": { + CweID: "1103", + Name: "Use of Platform-Dependent Third Party Components", + Description: "The product relies on third-party software components that do not provide equivalent functionality across all desirable platforms.", + ExtendedDescription: "", + Lang: "en", + }, + "1104": { + CweID: "1104", + Name: "Use of Unmaintained Third Party Components", + Description: "The product relies on third-party components that are not actively supported or maintained by the original developer or a trusted proxy for the original developer.", + ExtendedDescription: "", + Lang: "en", + }, + "1105": { + CweID: "1105", + Name: "Insufficient Encapsulation of Machine-Dependent Functionality", + Description: "The product or code uses machine-dependent functionality, but it does not sufficiently encapsulate or isolate this functionality from the rest of the code.", + ExtendedDescription: "", + Lang: "en", + }, + "1106": { + CweID: "1106", + Name: "Insufficient Use of Symbolic Constants", + Description: "The source code uses literal constants that may need to change or evolve over time, instead of using symbolic constants.", + ExtendedDescription: "", + Lang: "en", + }, + "1107": { + CweID: "1107", + Name: "Insufficient Isolation of Symbolic Constant Definitions", + Description: "The source code uses symbolic constants, but it does not sufficiently place the definitions of these constants into a more centralized or isolated location.", + ExtendedDescription: "", + Lang: "en", + }, + "1108": { + CweID: "1108", + Name: "Excessive Reliance on Global Variables", + Description: "The code is structured in a way that relies too much on using or setting global variables throughout various points in the code, instead of preserving the associated information in a narrower, more local context.", + ExtendedDescription: "", + Lang: "en", + }, + "1109": { + CweID: "1109", + Name: "Use of Same Variable for Multiple Purposes", + Description: "The code contains a callable, block, or other code element in which the same variable is used to control more than one unique task or store more than one instance of data.", + ExtendedDescription: "", + Lang: "en", + }, "111": { CweID: "111", Name: "Direct Use of Unsafe JNI", Description: "When a Java application uses the Java Native Interface (JNI) to call code written in another programming language, it can expose the application to weaknesses in that code, even if those weaknesses cannot occur in Java.", - ExtendedDescription: "Many safety features that programmers may take for granted simply do not apply for native code, so you must carefully review all such code for potential problems. The languages used to implement native code may be more susceptible to buffer overflows and other attacks. Native code is unprotected by the security features enforced by the runtime environment, such as strong typing and array bounds checking.", + ExtendedDescription: "Many safety features that programmers may take for granted do not apply for native code, so you must carefully review all such code for potential problems. The languages used to implement native code may be more susceptible to buffer overflows and other attacks. Native code is unprotected by the security features enforced by the runtime environment, such as strong typing and array bounds checking.", + Lang: "en", + }, + "1110": { + CweID: "1110", + Name: "Incomplete Design Documentation", + Description: "The product's design documentation does not adequately describe control flow, data flow, system initialization, relationships between tasks, components, rationales, or other important aspects of the design.", + ExtendedDescription: "", + Lang: "en", + }, + "1111": { + CweID: "1111", + Name: "Incomplete I/O Documentation", + Description: "The product's documentation does not adequately define inputs, outputs, or system/software interfaces.", + ExtendedDescription: "", + Lang: "en", + }, + "1112": { + CweID: "1112", + Name: "Incomplete Documentation of Program Execution", + Description: "The document does not fully define all mechanisms that are used to control or influence how product-specific programs are executed.", + ExtendedDescription: "", + Lang: "en", + }, + "1113": { + CweID: "1113", + Name: "Inappropriate Comment Style", + Description: "The source code uses comment styles or formats that are inconsistent or do not follow expected standards for the product.", + ExtendedDescription: "", + Lang: "en", + }, + "1114": { + CweID: "1114", + Name: "Inappropriate Whitespace Style", + Description: "The source code contains whitespace that is inconsistent across the code or does not follow expected standards for the product.", + ExtendedDescription: "", + Lang: "en", + }, + "1115": { + CweID: "1115", + Name: "Source Code Element without Standard Prologue", + Description: "The source code contains elements such as source files that do not consistently provide a prologue or header that has been standardized for the project.", + ExtendedDescription: "", + Lang: "en", + }, + "1116": { + CweID: "1116", + Name: "Inaccurate Comments", + Description: "The source code contains comments that do not accurately describe or explain aspects of the portion of the code with which the comment is associated.", + ExtendedDescription: "", + Lang: "en", + }, + "1117": { + CweID: "1117", + Name: "Callable with Insufficient Behavioral Summary", + Description: "The code contains a function or method whose signature and/or associated inline documentation does not sufficiently describe the callable's inputs, outputs, side effects, assumptions, or return codes.", + ExtendedDescription: "", + Lang: "en", + }, + "1118": { + CweID: "1118", + Name: "Insufficient Documentation of Error Handling Techniques", + Description: "The documentation does not sufficiently describe the techniques that are used for error handling, exception processing, or similar mechanisms.", + ExtendedDescription: "", + Lang: "en", + }, + "1119": { + CweID: "1119", + Name: "Excessive Use of Unconditional Branching", + Description: `The code uses too many unconditional branches (such as "goto").`, + ExtendedDescription: "", Lang: "en", }, "112": { @@ -144,6 +711,62 @@ var CweDictEn = map[string]Cwe{ ExtendedDescription: "Most successful attacks begin with a violation of the programmer's assumptions. By accepting an XML document without validating it against a DTD or XML schema, the programmer leaves a door open for attackers to provide unexpected, unreasonable, or malicious input.", Lang: "en", }, + "1120": { + CweID: "1120", + Name: "Excessive Code Complexity", + Description: "The code is too complex, as calculated using a well-defined, quantitative measure.", + ExtendedDescription: "", + Lang: "en", + }, + "1121": { + CweID: "1121", + Name: "Excessive McCabe Cyclomatic Complexity", + Description: "The code contains McCabe cyclomatic complexity that exceeds a desirable maximum.", + ExtendedDescription: "", + Lang: "en", + }, + "1122": { + CweID: "1122", + Name: "Excessive Halstead Complexity", + Description: "The code is structured in a way that a Halstead complexity measure exceeds a desirable maximum.", + ExtendedDescription: "", + Lang: "en", + }, + "1123": { + CweID: "1123", + Name: "Excessive Use of Self-Modifying Code", + Description: "The product uses too much self-modifying code.", + ExtendedDescription: "", + Lang: "en", + }, + "1124": { + CweID: "1124", + Name: "Excessively Deep Nesting", + Description: "The code contains a callable or other code grouping in which the nesting / branching is too deep.", + ExtendedDescription: "", + Lang: "en", + }, + "1125": { + CweID: "1125", + Name: "Excessive Attack Surface", + Description: "The product has an attack surface whose quantitative measurement exceeds a desirable maximum.", + ExtendedDescription: "", + Lang: "en", + }, + "1126": { + CweID: "1126", + Name: "Declaration of Variable with Unnecessarily Wide Scope", + Description: "The source code declares a variable in one scope, but the variable is only used within a narrower scope.", + ExtendedDescription: "", + Lang: "en", + }, + "1127": { + CweID: "1127", + Name: "Compilation with Insufficient Warnings or Errors", + Description: "The code is compiled without sufficient warnings enabled, which may prevent the detection of subtle bugs or quality issues.", + ExtendedDescription: "", + Lang: "en", + }, "113": { CweID: "113", Name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')", @@ -172,6 +795,13 @@ var CweDictEn = map[string]Cwe{ ExtendedDescription: "", Lang: "en", }, + "1164": { + CweID: "1164", + Name: "Irrelevant Code", + Description: "The program contains code that is not essential for execution, i.e. makes no state changes and has no side effects that alter data or control flow, such that removal of the code would have no impact to functionality or correctness.", + ExtendedDescription: "", + Lang: "en", + }, "117": { CweID: "117", Name: "Improper Output Neutralization for Logs", @@ -179,6 +809,34 @@ var CweDictEn = map[string]Cwe{ ExtendedDescription: "", Lang: "en", }, + "1173": { + CweID: "1173", + Name: "Improper Use of Validation Framework", + Description: "The application does not use, or incorrectly uses, an input validation framework that is provided by the source language or an independent library.", + ExtendedDescription: "Many modern coding languages provide developers with input validation frameworks to make the task of input validation easier and less error-prone. These frameworks will automatically check all input against specified criteria and direct execution to error handlers when invalid input is received. The improper use (i.e., an incorrect implementation or missing altogether) of these frameworks is not directly exploitable, but can lead to an exploitable condition if proper input validation is not performed later in the application. Not using provided input validation frameworks can also hurt the maintainability of code as future developers may not recognize the downstream input validation being used in the place of the validation framework.", + Lang: "en", + }, + "1174": { + CweID: "1174", + Name: "ASP.NET Misconfiguration: Improper Model Validation", + Description: "The ASP.NET application does not use, or incorrectly uses, the model validation framework.", + ExtendedDescription: "", + Lang: "en", + }, + "1176": { + CweID: "1176", + Name: "Inefficient CPU Computation", + Description: "The program performs CPU computations using algorithms that are not as efficient as they could be for the needs of the developer, i.e., the computations can be optimized further.", + ExtendedDescription: "", + Lang: "en", + }, + "1177": { + CweID: "1177", + Name: "Use of Prohibited Code", + Description: "The software uses a function, library, or third party component that has been explicitly prohibited, whether by the developer or the customer.", + ExtendedDescription: "", + Lang: "en", + }, "118": { CweID: "118", Name: "Incorrect Access of Indexable Resource ('Range Error')", @@ -186,6 +844,27 @@ var CweDictEn = map[string]Cwe{ ExtendedDescription: "", Lang: "en", }, + "1187": { + CweID: "1187", + Name: "DEPRECATED: Use of Uninitialized Resource", + Description: "This entry has been deprecated because it was a duplicate of CWE-908. All content has been transferred to CWE-908.", + ExtendedDescription: "", + Lang: "en", + }, + "1188": { + CweID: "1188", + Name: "Insecure Default Initialization of Resource", + Description: "The software initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.", + ExtendedDescription: "", + Lang: "en", + }, + "1189": { + CweID: "1189", + Name: "Improper Isolation of Shared Resources on System-on-a-Chip (SoC)", + Description: "The System-On-a-Chip (SoC) does not properly isolate shared resources between trusted and untrusted agents.", + ExtendedDescription: "", + Lang: "en", + }, "119": { CweID: "119", Name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", @@ -193,6 +872,34 @@ var CweDictEn = map[string]Cwe{ ExtendedDescription: "", Lang: "en", }, + "1190": { + CweID: "1190", + Name: "DMA Device Enabled Too Early in Boot Phase", + Description: "The product enables a Direct Memory Access (DMA) capable device before the security configuration settings are established, which allows an attacker to extract data from or gain privileges on the product.", + ExtendedDescription: "", + Lang: "en", + }, + "1191": { + CweID: "1191", + Name: "On-Chip Debug and Test Interface With Improper Access Control", + Description: "The chip does not implement or does not correctly perform access control to check whether users are authorized to access internal registers and test modes through the physical debug/test interface.", + ExtendedDescription: "", + Lang: "en", + }, + "1192": { + CweID: "1192", + Name: "System-on-Chip (SoC) Using Components without Unique, Immutable Identifiers", + Description: "The System-on-Chip (SoC) does not have unique, immutable identifiers for each of its components.", + ExtendedDescription: "", + Lang: "en", + }, + "1193": { + CweID: "1193", + Name: "Power-On of Untrusted Execution Core Before Enabling Fabric Access Control", + Description: "The product enables components that contain untrusted firmware before memory and fabric access controls have been enabled.", + ExtendedDescription: "", + Lang: "en", + }, "12": { CweID: "12", Name: "ASP.NET Misconfiguration: Missing Custom Error Page", @@ -204,7 +911,21 @@ var CweDictEn = map[string]Cwe{ CweID: "120", Name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", Description: "The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.", - ExtendedDescription: "A buffer overflow condition exists when a program attempts to put more data in a buffer than it can hold, or when a program attempts to put data in a memory area outside of the boundaries of a buffer. The simplest type of error, and the most common cause of buffer overflows, is the 'classic' case in which the program copies the buffer without restricting how much is copied. Other variants exist, but the existence of a classic overflow strongly suggests that the programmer is not considering even the most basic of security protections.", + ExtendedDescription: `A buffer overflow condition exists when a program attempts to put more data in a buffer than it can hold, or when a program attempts to put data in a memory area outside of the boundaries of a buffer. The simplest type of error, and the most common cause of buffer overflows, is the "classic" case in which the program copies the buffer without restricting how much is copied. Other variants exist, but the existence of a classic overflow strongly suggests that the programmer is not considering even the most basic of security protections.`, + Lang: "en", + }, + "1204": { + CweID: "1204", + Name: "Generation of Weak Initialization Vector (IV)", + Description: "The product uses a cryptographic primitive that uses an Initialization Vector (IV), but the product does not generate IVs that are sufficiently unpredictable or unique according to the expected cryptographic requirements for that primitive.", + ExtendedDescription: "By design, some cryptographic primitives (such as block ciphers) require that IVs must have certain properties for the uniqueness and/or unpredictability of an IV. Primitives may vary in how important these properties are. If these properties are not maintained, e.g. by a bug in the code, then the cryptography may be weakened or broken by attacking the IVs themselves.", + Lang: "en", + }, + "1209": { + CweID: "1209", + Name: "Failure to Disable Reserved Bits", + Description: "The reserved bits in a hardware design are not disabled prior to production. Typically, reserved bits are used for future capabilities and should not support any functional logic in the design. However, designers might covertly use these bits to debug or further develop new capabilities in production hardware. Adversaries with access to these bits will write to them in hopes of compromising hardware state.", + ExtendedDescription: "", Lang: "en", }, "121": { @@ -221,6 +942,48 @@ var CweDictEn = map[string]Cwe{ ExtendedDescription: "", Lang: "en", }, + "1220": { + CweID: "1220", + Name: "Insufficient Granularity of Access Control", + Description: "The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system from untrusted agents. However, implemented access controls lack required granularity, which renders the control policy too broad because it allows accesses from unauthorized agents to the security-sensitive assets.", + ExtendedDescription: "", + Lang: "en", + }, + "1221": { + CweID: "1221", + Name: "Incorrect Register Defaults or Module Parameters", + Description: "Hardware description language code incorrectly defines register defaults or hardware IP parameters to insecure values.", + ExtendedDescription: "", + Lang: "en", + }, + "1222": { + CweID: "1222", + Name: "Insufficient Granularity of Address Regions Protected by Register Locks", + Description: "The product defines a large address region protected from modification by the same register lock control bit. This results in a conflict between the functional requirement that some addresses need to be writable by software during operation and the security requirement that the system configuration lock bit must be set during the boot process.", + ExtendedDescription: "", + Lang: "en", + }, + "1223": { + CweID: "1223", + Name: "Race Condition for Write-Once Attributes", + Description: "A write-once register in hardware design is programmable by an untrusted software component earlier than the trusted software component, resulting in a race condition issue.", + ExtendedDescription: "", + Lang: "en", + }, + "1224": { + CweID: "1224", + Name: "Improper Restriction of Write-Once Bit Fields", + Description: `The hardware design control register "sticky bits" or write-once bit fields are improperly implemented, such that they can be reprogrammed by software.`, + ExtendedDescription: "", + Lang: "en", + }, + "1229": { + CweID: "1229", + Name: "Creation of Emergent Resource", + Description: "The product manages resources or behaves in a way that indirectly creates a new, distinct resource that can be used by attackers in violation of the intended policy.", + ExtendedDescription: "", + Lang: "en", + }, "123": { CweID: "123", Name: "Write-what-where Condition", @@ -228,6 +991,62 @@ var CweDictEn = map[string]Cwe{ ExtendedDescription: "", Lang: "en", }, + "1230": { + CweID: "1230", + Name: "Exposure of Sensitive Information Through Metadata", + Description: "The product prevents direct access to a resource containing sensitive information, but it does not sufficiently limit access to metadata that is derived from the original, sensitive information.", + ExtendedDescription: "", + Lang: "en", + }, + "1231": { + CweID: "1231", + Name: "Improper Prevention of Lock Bit Modification", + Description: "The product uses a trusted lock bit for restricting access to registers, address regions, or other resources, but the product does not prevent the value of the lock bit from being modified after it has been set.", + ExtendedDescription: "", + Lang: "en", + }, + "1232": { + CweID: "1232", + Name: "Improper Lock Behavior After Power State Transition", + Description: "Register lock bit protection disables changes to system configuration once the bit is set. Some of the protected registers or lock bits become programmable after power state transitions (e.g., Entry and wake from low power sleep modes) causing the system configuration to be changeable.", + ExtendedDescription: "", + Lang: "en", + }, + "1233": { + CweID: "1233", + Name: "Security-Sensitive Hardware Controls with Missing Lock Bit Protection", + Description: "The product uses a register lock bit protection mechanism, but it does not ensure that the lock bit prevents modification of system registers or controls that perform changes to important hardware system configuration.", + ExtendedDescription: "", + Lang: "en", + }, + "1234": { + CweID: "1234", + Name: "Hardware Internal or Debug Modes Allow Override of Locks", + Description: "System configuration protection may be bypassed during debug mode.", + ExtendedDescription: "", + Lang: "en", + }, + "1235": { + CweID: "1235", + Name: "Incorrect Use of Autoboxing and Unboxing for Performance Critical Operations", + Description: "The code uses boxed primitives, which may introduce inefficiencies into performance-critical operations.", + ExtendedDescription: "", + Lang: "en", + }, + "1236": { + CweID: "1236", + Name: "Improper Neutralization of Formula Elements in a CSV File", + Description: "The software saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by spreadsheet software.", + ExtendedDescription: "User-provided data is often saved to traditional databases. This data can be exported to a CSV file, which allows users to read the data using spreadsheet software such as Excel, Numbers, or Calc. This software interprets entries beginning with '=' as formulas, which are then executed by the spreadsheet software. The software's formula language often allows methods to access hyperlinks or the local command line, and frequently allows enough characters to invoke an entire script. Attackers can populate data fields which, when saved to a CSV file, may attempt information exfiltration or other malicious activity when automatically executed by the spreadsheet software.", + Lang: "en", + }, + "1239": { + CweID: "1239", + Name: "Improper Zeroization of Hardware Register", + Description: "The hardware product does not properly clear sensitive information from built-in registers when the user of the hardware block changes.", + ExtendedDescription: "Hardware logic operates on data stored in registers local to the hardware block. Most hardware IPs, including cryptographic accelerators, rely on registers to buffer I/O, store intermediate values, and interface with software. The result of this is that sensitive information, such as passwords or encryption keys, can exist in locations not transparent to the user of the hardware logic. When a different entity obtains access to the IP due to a change in operating mode or conditions, the new entity can extract information belonging to the previous user if no mechanisms are in place to clear register contents. It is important to clear information stored in the hardware if a physical attack on the product is detected, or if the user of the hardware block changes. The process of clearing register contents in a hardware IP is referred to as zeroization in standards for cryptographic hardware modules such as FIPS-140-2 [REF-267].", + Lang: "en", + }, "124": { CweID: "124", Name: "Buffer Underwrite ('Buffer Underflow')", @@ -235,11 +1054,151 @@ var CweDictEn = map[string]Cwe{ ExtendedDescription: "This typically occurs when a pointer or its index is decremented to a position before the buffer, when pointer arithmetic results in a position before the beginning of the valid memory location, or when a negative index is used.", Lang: "en", }, + "1240": { + CweID: "1240", + Name: "Use of a Cryptographic Primitive with a Risky Implementation", + Description: "To fulfill the need for a cryptographic primitive, the product implements a cryptographic algorithm using a non-standard, unproven, or disallowed/non-compliant cryptographic implementation.", + ExtendedDescription: "", + Lang: "en", + }, + "1241": { + CweID: "1241", + Name: "Use of Predictable Algorithm in Random Number Generator", + Description: "The device uses an algorithm that is predictable and generates a pseudo-random number.", + ExtendedDescription: "", + Lang: "en", + }, + "1242": { + CweID: "1242", + Name: "Inclusion of Undocumented Features or Chicken Bits", + Description: "The device includes chicken bits or undocumented features that can create entry points for unauthorized actors.", + ExtendedDescription: "", + Lang: "en", + }, + "1243": { + CweID: "1243", + Name: "Sensitive Non-Volatile Information Not Protected During Debug", + Description: "Access to security-sensitive information stored in fuses is not limited during debug.", + ExtendedDescription: "", + Lang: "en", + }, + "1244": { + CweID: "1244", + Name: "Internal Asset Exposed to Unsafe Debug Access Level or State", + Description: "The product uses physical debug or test interfaces with support for multiple access levels, but it assigns the wrong debug access level to an internal asset, providing unintended access to the asset from untrusted debug agents.", + ExtendedDescription: "", + Lang: "en", + }, + "1245": { + CweID: "1245", + Name: "Improper Finite State Machines (FSMs) in Hardware Logic", + Description: "Faulty finite state machines (FSMs) in the hardware logic allow an attacker to put the system in an undefined state, to cause a denial of service (DoS) or gain privileges on the victim's system.", + ExtendedDescription: "", + Lang: "en", + }, + "1246": { + CweID: "1246", + Name: "Improper Write Handling in Limited-write Non-Volatile Memories", + Description: "The product does not implement or incorrectly implements wear leveling operations in limited-write non-volatile memories.", + ExtendedDescription: "", + Lang: "en", + }, + "1247": { + CweID: "1247", + Name: "Improper Protection Against Voltage and Clock Glitches", + Description: "The device does not contain or contains incorrectly implemented circuitry or sensors to detect and mitigate voltage and clock glitches and protect sensitive information or software contained on the device.", + ExtendedDescription: "", + Lang: "en", + }, + "1248": { + CweID: "1248", + Name: "Semiconductor Defects in Hardware Logic with Security-Sensitive Implications", + Description: "The security-sensitive hardware module contains semiconductor defects.", + ExtendedDescription: "", + Lang: "en", + }, + "1249": { + CweID: "1249", + Name: "Application-Level Admin Tool with Inconsistent View of Underlying Operating System", + Description: "The product provides an application for administrators to manage parts of the underlying operating system, but the application does not accurately identify all of the relevant entities or resources that exist in the OS; that is, the application's model of the OS's state is inconsistent with the OS's actual state.", + ExtendedDescription: "", + Lang: "en", + }, "125": { CweID: "125", Name: "Out-of-bounds Read", Description: "The software reads data past the end, or before the beginning, of the intended buffer.", - ExtendedDescription: "This typically occurs when the pointer or its index is incremented or decremented to a position beyond the bounds of the buffer or when pointer arithmetic results in a position outside of the valid memory location to name a few. This may result in corruption of sensitive information, a crash, or code execution among other things.", + ExtendedDescription: "Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash. A crash can occur when the code reads a variable amount of data and assumes that a sentinel exists to stop the read operation, such as a NUL in a string. The expected sentinel might not be located in the out-of-bounds memory, causing excessive data to be read, leading to a segmentation fault or a buffer overflow. The software may modify an index or perform pointer arithmetic that references a memory location that is outside of the boundaries of the buffer. A subsequent read operation then produces undefined or unexpected results.", + Lang: "en", + }, + "1250": { + CweID: "1250", + Name: "Improper Preservation of Consistency Between Independent Representations of Shared State", + Description: "The product has or supports multiple distributed components or sub-systems that are each required to keep their own local copy of shared data - such as state or cache - but the product does not ensure that all local copies remain consistent with each other.", + ExtendedDescription: "", + Lang: "en", + }, + "1251": { + CweID: "1251", + Name: "Mirrored Regions with Different Values", + Description: "The product's architecture mirrors regions without ensuring that their contents always stay in sync.", + ExtendedDescription: "", + Lang: "en", + }, + "1252": { + CweID: "1252", + Name: "CPU Hardware Not Configured to Support Exclusivity of Write and Execute Operations", + Description: "The CPU is not configured to provide hardware support for exclusivity of write and execute operations on memory. This allows an attacker to execute data from all of memory.", + ExtendedDescription: "", + Lang: "en", + }, + "1253": { + CweID: "1253", + Name: "Incorrect Selection of Fuse Values", + Description: "The logic level used to set a system to a secure state relies on a fuse being unblown. An attacker can set the system to an insecure state merely by blowing the fuse.", + ExtendedDescription: "", + Lang: "en", + }, + "1254": { + CweID: "1254", + Name: "Incorrect Comparison Logic Granularity", + Description: "The product's comparison logic is performed over a series of steps rather than across the entire string in one operation. If there is a comparison logic failure on one of these steps, the operation may be vulnerable to a timing attack that can result in the interception of the process for nefarious purposes.", + ExtendedDescription: "", + Lang: "en", + }, + "1255": { + CweID: "1255", + Name: "Comparison Logic is Vulnerable to Power Side-Channel Attacks", + Description: "A device's real time power consumption may be monitored during security token evaluation and the information gleaned may be used to determine the value of the reference token.", + ExtendedDescription: "", + Lang: "en", + }, + "1256": { + CweID: "1256", + Name: "Improper Restriction of Software Interfaces to Hardware Features", + Description: "The product provides software-controllable device functionality for capabilities such as power and clock management, but it does not properly limit functionality that can lead to modification of hardware memory or register bits, or the ability to observe physical side channels.", + ExtendedDescription: "", + Lang: "en", + }, + "1257": { + CweID: "1257", + Name: "Improper Access Control Applied to Mirrored or Aliased Memory Regions", + Description: "Aliased or mirrored memory regions in hardware designs may have inconsistent read/write permissions enforced by the hardware. A possible result is that an untrusted agent is blocked from accessing a memory region but is not blocked from accessing the corresponding aliased memory region.", + ExtendedDescription: "", + Lang: "en", + }, + "1258": { + CweID: "1258", + Name: "Exposure of Sensitive System Information Due to Uncleared Debug Information", + Description: "The hardware does not fully clear security-sensitive values, such as keys and intermediate values in cryptographic operations, when debug mode is entered.", + ExtendedDescription: "", + Lang: "en", + }, + "1259": { + CweID: "1259", + Name: "Improper Restriction of Security Token Assignment", + Description: "The System-On-A-Chip (SoC) implements a Security Token mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. However, the Security Tokens are improperly protected.", + ExtendedDescription: "Systems-On-A-Chip (Integrated circuits and hardware engines) implement Security Tokens to differentiate and identify which actions originated from which agent. These actions may be one of the directives: 'read', 'write', 'program', 'reset', 'fetch', 'compute', etc. Security Tokens are assigned to every agent in the System that is capable of generating an action or receiving an action from another agent. Multiple Security Tokens may be assigned to an agent and may be unique based on the agent's trust level or allowed privileges. Since the Security Tokens are integral for the maintenance of security in an SoC, they need to be protected properly. A common weakness afflicting Security Tokens is improperly restricting the assignment to trusted components. Consequently, an improperly protected Security Token may be able to be programmed by a malicious agent (i.e., the Security Token is mutable) to spoof the action as if it originated from a trusted agent.", Lang: "en", }, "126": { @@ -249,6 +1208,76 @@ var CweDictEn = map[string]Cwe{ ExtendedDescription: "This typically occurs when the pointer or its index is incremented to a position beyond the bounds of the buffer or when pointer arithmetic results in a position outside of the valid memory location to name a few. This may result in exposure of sensitive information or possibly a crash.", Lang: "en", }, + "1260": { + CweID: "1260", + Name: "Improper Handling of Overlap Between Protected Memory Ranges", + Description: "The product allows address regions to overlap, which can result in the bypassing of intended memory protection.", + ExtendedDescription: "", + Lang: "en", + }, + "1261": { + CweID: "1261", + Name: "Improper Handling of Single Event Upsets", + Description: "The hardware logic does not effectively handle when single-event upsets (SEUs) occur.", + ExtendedDescription: "", + Lang: "en", + }, + "1262": { + CweID: "1262", + Name: "Improper Access Control for Register Interface", + Description: "The product uses memory-mapped I/O registers that act as an interface to hardware functionality from software, but there is improper access control to those registers.", + ExtendedDescription: "", + Lang: "en", + }, + "1263": { + CweID: "1263", + Name: "Improper Physical Access Control", + Description: "The product is designed with access restricted to certain information, but it does not sufficiently protect against an unauthorized actor with physical access to these areas.", + ExtendedDescription: "Sections of a product intended to have restricted access may be inadvertently or intentionally rendered accessible when the implemented physical protections are insufficient. The specific requirements around how robust the design of the physical protection mechanism needs to be depends on the type of product being protected. Selecting the correct physical protection mechanism and properly enforcing it through implementation and manufacturing are critical to the overall physical security of the product.", + Lang: "en", + }, + "1264": { + CweID: "1264", + Name: "Hardware Logic with Insecure De-Synchronization between Control and Data Channels", + Description: "The hardware logic for error handling and security checks can incorrectly forward data before the security check is complete.", + ExtendedDescription: "", + Lang: "en", + }, + "1265": { + CweID: "1265", + Name: "Unintended Reentrant Invocation of Non-reentrant Code Via Nested Calls", + Description: "During execution of non-reentrant code, the software performs a call that unintentionally produces a nested invocation of the non-reentrant code.", + ExtendedDescription: "In complex software, a single function call may lead to many different possible code paths, some of which may involve deeply nested calls. It may be difficult to foresee all possible code paths that could emanate from a given function call. In some systems, an external actor can manipulate inputs to the system and thereby achieve a wide range of possible control flows. This is frequently of concern in software that executes script from untrusted sources. Examples of such software are web browsers and PDF readers. A weakness is present when one of the possible code paths resulting from a function call alters program state that the original caller assumes to be unchanged during the call.", + Lang: "en", + }, + "1266": { + CweID: "1266", + Name: "Improper Scrubbing of Sensitive Data from Decommissioned Device", + Description: "The product does not properly provide a capability for the product administrator to remove sensitive data at the time the product is decommissioned. A scrubbing capability could be missing, insufficient, or incorrect.", + ExtendedDescription: "", + Lang: "en", + }, + "1267": { + CweID: "1267", + Name: "Policy Uses Obsolete Encoding", + Description: "The product uses an obsolete encoding mechanism to implement access controls.", + ExtendedDescription: "", + Lang: "en", + }, + "1268": { + CweID: "1268", + Name: "Policy Privileges are not Assigned Consistently Between Control and Data Agents", + Description: "The product's hardware-enforced access control for a particular resource improperly accounts for privilege discrepancies between control and write policies.", + ExtendedDescription: "", + Lang: "en", + }, + "1269": { + CweID: "1269", + Name: "Product Released in Non-Release Configuration", + Description: "The product released to market is released in pre-production or manufacturing configuration.", + ExtendedDescription: "", + Lang: "en", + }, "127": { CweID: "127", Name: "Buffer Under-read", @@ -256,10 +1285,150 @@ var CweDictEn = map[string]Cwe{ ExtendedDescription: "This typically occurs when the pointer or its index is decremented to a position before the buffer, when pointer arithmetic results in a position before the beginning of the valid memory location, or when a negative index is used. This may result in exposure of sensitive information or possibly a crash.", Lang: "en", }, + "1270": { + CweID: "1270", + Name: "Generation of Incorrect Security Tokens", + Description: "The product implements a Security Token mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. However, the Security Tokens generated in the system are incorrect.", + ExtendedDescription: "", + Lang: "en", + }, + "1271": { + CweID: "1271", + Name: "Uninitialized Value on Reset for Registers Holding Security Settings", + Description: "Security-critical logic is not set to a known value on reset.", + ExtendedDescription: "", + Lang: "en", + }, + "1272": { + CweID: "1272", + Name: "Sensitive Information Uncleared Before Debug/Power State Transition", + Description: "The product performs a power or debug state transition, but it does not clear sensitive information that should no longer be accessible due to changes to information access restrictions.", + ExtendedDescription: "", + Lang: "en", + }, + "1273": { + CweID: "1273", + Name: "Device Unlock Credential Sharing", + Description: "The credentials necessary for unlocking a device are shared across multiple parties and may expose sensitive information.", + ExtendedDescription: "", + Lang: "en", + }, + "1274": { + CweID: "1274", + Name: "Improper Access Control for Volatile Memory Containing Boot Code", + Description: "The product conducts a secure-boot process that transfers bootloader code from Non-Volatile Memory (NVM) into Volatile Memory (VM), but it does not have sufficient access control or other protections for the Volatile Memory.", + ExtendedDescription: "", + Lang: "en", + }, + "1275": { + CweID: "1275", + Name: "Sensitive Cookie with Improper SameSite Attribute", + Description: "The SameSite attribute for sensitive cookies is not set, or an insecure value is used.", + ExtendedDescription: "The SameSite attribute controls how cookies are sent for cross-domain requests. This attribute may have three values: 'Lax', 'Strict', or 'None'. If the 'None' value is used, a website may create a cross-domain POST HTTP request to another website, and the browser automatically adds cookies to this request. This may lead to Cross-Site-Request-Forgery (CSRF) attacks if there are no additional protections in place (such as Anti-CSRF tokens).", + Lang: "en", + }, + "1276": { + CweID: "1276", + Name: "Hardware Child Block Incorrectly Connected to Parent System", + Description: "Signals between a hardware IP and the parent system design are incorrectly connected causing security risks.", + ExtendedDescription: "", + Lang: "en", + }, + "1277": { + CweID: "1277", + Name: "Firmware Not Updateable", + Description: "The product does not provide its users with the ability to update or patch its firmware to address any vulnerabilities or weaknesses that may be present.", + ExtendedDescription: "Without the ability to patch or update firmware, consumers will be left vulnerable to exploitation of any known vulnerabilities, or any vulnerabilities that are discovered in the future. This can expose consumers to permanent risk throughout the entire lifetime of the device, which could be years or decades. Some external protective measures and mitigations might be employed to aid in preventing or reducing the risk of malicious attack, but the root weakness cannot be corrected.", + Lang: "en", + }, + "1278": { + CweID: "1278", + Name: "Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques", + Description: "Information stored in hardware may be recovered by an attacker with the capability to capture and analyze images of the integrated circuit using techniques such as scanning electron microscopy.", + ExtendedDescription: "", + Lang: "en", + }, + "1279": { + CweID: "1279", + Name: "Cryptographic Operations are run Before Supporting Units are Ready", + Description: "Performing cryptographic operations without ensuring that the supporting inputs are ready to supply valid data may compromise the cryptographic result.", + ExtendedDescription: "Many cryptographic hardware units depend upon other hardware units to supply information to them to produce a securely encrypted result. For example, a cryptographic unit that depends on an external random-number-generator (RNG) unit for entropy must wait until the RNG unit is producing random numbers. If a cryptographic unit retrieves a private encryption key from a fuse unit, the fuse unit must be up and running before a key may be supplied.", + Lang: "en", + }, "128": { CweID: "128", Name: "Wrap-around Error", - Description: "Wrap around errors occur whenever a value is incremented past the maximum value for its type and therefore 'wraps around' to a very small, negative, or undefined value.", + Description: `Wrap around errors occur whenever a value is incremented past the maximum value for its type and therefore "wraps around" to a very small, negative, or undefined value.`, + ExtendedDescription: "", + Lang: "en", + }, + "1280": { + CweID: "1280", + Name: "Access Control Check Implemented After Asset is Accessed", + Description: "A product's hardware-based access control check occurs after the asset has been accessed.", + ExtendedDescription: "", + Lang: "en", + }, + "1281": { + CweID: "1281", + Name: "Sequence of Processor Instructions Leads to Unexpected Behavior", + Description: "Specific combinations of processor instructions lead to undesirable behavior such as locking the processor until a hard reset performed.", + ExtendedDescription: "", + Lang: "en", + }, + "1282": { + CweID: "1282", + Name: "Assumed-Immutable Data is Stored in Writable Memory", + Description: `Immutable data, such as a first-stage bootloader, device identifiers, and "write-once" configuration settings are stored in writable memory that can be re-programmed or updated in the field.`, + ExtendedDescription: "", + Lang: "en", + }, + "1283": { + CweID: "1283", + Name: "Mutable Attestation or Measurement Reporting Data", + Description: "The register contents used for attestation or measurement reporting data to verify boot flow are modifiable by an adversary.", + ExtendedDescription: "", + Lang: "en", + }, + "1284": { + CweID: "1284", + Name: "Improper Validation of Specified Quantity in Input", + Description: "The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.", + ExtendedDescription: "", + Lang: "en", + }, + "1285": { + CweID: "1285", + Name: "Improper Validation of Specified Index, Position, or Offset in Input", + Description: "The product receives input that is expected to specify an index, position, or offset into an indexable resource such as a buffer or file, but it does not validate or incorrectly validates that the specified index/position/offset has the required properties.", + ExtendedDescription: "", + Lang: "en", + }, + "1286": { + CweID: "1286", + Name: "Improper Validation of Syntactic Correctness of Input", + Description: "The product receives input that is expected to be well-formed - i.e., to comply with a certain syntax - but it does not validate or incorrectly validates that the input complies with the syntax.", + ExtendedDescription: "", + Lang: "en", + }, + "1287": { + CweID: "1287", + Name: "Improper Validation of Specified Type of Input", + Description: "The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type.", + ExtendedDescription: "", + Lang: "en", + }, + "1288": { + CweID: "1288", + Name: "Improper Validation of Consistency within Input", + Description: "The product receives a complex input with multiple elements or fields that must be consistent with each other, but it does not validate or incorrectly validates that the input is actually consistent.", + ExtendedDescription: "", + Lang: "en", + }, + "1289": { + CweID: "1289", + Name: "Improper Validation of Unsafe Equivalence in Input", + Description: "The product receives an input value that is used as a resource identifier or other type of reference, but it does not validate or incorrectly validates that the input is equivalent to a potentially-unsafe value.", ExtendedDescription: "", Lang: "en", }, @@ -270,6 +1439,76 @@ var CweDictEn = map[string]Cwe{ ExtendedDescription: "", Lang: "en", }, + "1290": { + CweID: "1290", + Name: "Incorrect Decoding of Security Identifiers ", + Description: "The product implements a decoding mechanism to decode certain bus-transaction signals to security identifiers. If the decoding is implemented incorrectly, then untrusted agents can now gain unauthorized access to the asset.", + ExtendedDescription: "", + Lang: "en", + }, + "1291": { + CweID: "1291", + Name: "Public Key Re-Use for Signing both Debug and Production Code", + Description: "The same public key is used for signing both debug and production code.", + ExtendedDescription: "", + Lang: "en", + }, + "1292": { + CweID: "1292", + Name: "Incorrect Conversion of Security Identifiers", + Description: "The product implements a conversion mechanism to map certain bus-transaction signals to security identifiers. However, if the conversion is incorrectly implemented, untrusted agents can gain unauthorized access to the asset.", + ExtendedDescription: "", + Lang: "en", + }, + "1293": { + CweID: "1293", + Name: "Missing Source Correlation of Multiple Independent Data", + Description: "The software relies on one source of data, preventing the ability to detect if an adversary has compromised a data source.", + ExtendedDescription: "", + Lang: "en", + }, + "1294": { + CweID: "1294", + Name: "Insecure Security Identifier Mechanism", + Description: "The System-on-Chip (SoC) implements a Security Identifier mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. However, the Security Identifiers are not correctly implemented.", + ExtendedDescription: "", + Lang: "en", + }, + "1295": { + CweID: "1295", + Name: "Debug Messages Revealing Unnecessary Information", + Description: "The product fails to adequately prevent the revealing of unnecessary and potentially sensitive system information within debugging messages.", + ExtendedDescription: "", + Lang: "en", + }, + "1296": { + CweID: "1296", + Name: "Incorrect Chaining or Granularity of Debug Components", + Description: "The product's debug components contain incorrect chaining or granularity of debug components.", + ExtendedDescription: "", + Lang: "en", + }, + "1297": { + CweID: "1297", + Name: "Unprotected Confidential Information on Device is Accessible by OSAT Vendors", + Description: "The product does not adequately protect confidential information on the device from being accessed by Outsourced Semiconductor Assembly and Test (OSAT) vendors.", + ExtendedDescription: "", + Lang: "en", + }, + "1298": { + CweID: "1298", + Name: "Hardware Logic Contains Race Conditions", + Description: "A race condition in the hardware logic results in undermining security guarantees of the system.", + ExtendedDescription: "", + Lang: "en", + }, + "1299": { + CweID: "1299", + Name: "Missing Protection Mechanism for Alternate Hardware Interface", + Description: "The lack of protections on alternate paths to access control-protected assets (such as unprotected shadow registers and other external facing unguarded interfaces) allows an attacker to bypass existing protections to the asset that are only performed against the primary path.", + ExtendedDescription: "", + Lang: "en", + }, "13": { CweID: "13", Name: "ASP.NET Misconfiguration: Password in Configuration File", @@ -284,6 +1523,41 @@ var CweDictEn = map[string]Cwe{ ExtendedDescription: "If an attacker can manipulate the length parameter associated with an input such that it is inconsistent with the actual length of the input, this can be leveraged to cause the target application to behave in unexpected, and possibly, malicious ways. One of the possible motives for doing so is to pass in arbitrarily large input to the application. Another possible motivation is the modification of application state by including invalid data for subsequent properties of the application. Such weaknesses commonly lead to attacks such as buffer overflows and execution of arbitrary code.", Lang: "en", }, + "1300": { + CweID: "1300", + Name: "Improper Protection of Physical Side Channels", + Description: "The device does not contain sufficient protection mechanisms to prevent physical side channels from exposing sensitive information due to patterns in physically observable phenomena such as variations in power consumption, electromagnetic emissions (EME), or acoustic emissions.", + ExtendedDescription: "", + Lang: "en", + }, + "1301": { + CweID: "1301", + Name: "Insufficient or Incomplete Data Removal within Hardware Component", + Description: "The product's data removal process does not completely delete all data and potentially sensitive information within hardware components.", + ExtendedDescription: "", + Lang: "en", + }, + "1302": { + CweID: "1302", + Name: "Missing Security Identifier", + Description: "The product implements a security identifier mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. A transaction is sent without a security identifier.", + ExtendedDescription: "", + Lang: "en", + }, + "1303": { + CweID: "1303", + Name: "Non-Transparent Sharing of Microarchitectural Resources", + Description: "Hardware structures shared across execution contexts (e.g., caches and branch predictors) can violate the expected architecture isolation between contexts.", + ExtendedDescription: "", + Lang: "en", + }, + "1304": { + CweID: "1304", + Name: "Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation", + Description: "The product performs a power save/restore operation, but it does not ensure that the integrity of the configuration state is maintained and/or verified between the beginning and ending of the operation.", + ExtendedDescription: "", + Lang: "en", + }, "131": { CweID: "131", Name: "Incorrect Calculation of Buffer Size", @@ -291,13 +1565,216 @@ var CweDictEn = map[string]Cwe{ ExtendedDescription: "", Lang: "en", }, + "1310": { + CweID: "1310", + Name: "Missing Ability to Patch ROM Code", + Description: "Missing an ability to patch ROM code may leave a System or System-on-Chip (SoC) in a vulnerable state.", + ExtendedDescription: "", + Lang: "en", + }, + "1311": { + CweID: "1311", + Name: "Improper Translation of Security Attributes by Fabric Bridge", + Description: "The bridge incorrectly translates security attributes from either trusted to untrusted or from untrusted to trusted when converting from one fabric protocol to another.", + ExtendedDescription: "", + Lang: "en", + }, + "1312": { + CweID: "1312", + Name: "Missing Protection for Mirrored Regions in On-Chip Fabric Firewall", + Description: "The firewall in an on-chip fabric protects the main addressed region, but it does not protect any mirrored memory or memory-mapped-IO (MMIO) regions.", + ExtendedDescription: "", + Lang: "en", + }, + "1313": { + CweID: "1313", + Name: "Hardware Allows Activation of Test or Debug Logic at Runtime", + Description: "During runtime, the hardware allows for test or debug logic (feature) to be activated, which allows for changing the state of the hardware. This feature can alter the intended behavior of the system and allow for alteration and leakage of sensitive data by an adversary.", + ExtendedDescription: "", + Lang: "en", + }, + "1314": { + CweID: "1314", + Name: "Missing Write Protection for Parametric Data Values", + Description: "The device does not write-protect the parametric data values for sensors that scale the sensor value, allowing untrusted software to manipulate the apparent result and potentially damage hardware or cause operational failure.", + ExtendedDescription: "", + Lang: "en", + }, + "1315": { + CweID: "1315", + Name: "Improper Setting of Bus Controlling Capability in Fabric End-point", + Description: "The bus controller enables bits in the fabric end-point to allow responder devices to control transactions on the fabric.", + ExtendedDescription: "", + Lang: "en", + }, + "1316": { + CweID: "1316", + Name: "Fabric-Address Map Allows Programming of Unwarranted Overlaps of Protected and Unprotected Ranges", + Description: "The address map of the on-chip fabric has protected and unprotected regions overlapping, allowing an attacker to bypass access control to the overlapping portion of the protected region.", + ExtendedDescription: "", + Lang: "en", + }, + "1317": { + CweID: "1317", + Name: "Missing Security Checks in Fabric Bridge", + Description: "A bridge that is connected to a fabric without security features forwards transactions to the slave without checking the privilege level of the master. Similarly, it does not check the hardware identity of the transaction received from the slave interface of the bridge.", + ExtendedDescription: "", + Lang: "en", + }, + "1318": { + CweID: "1318", + Name: "Missing Support for Security Features in On-chip Fabrics or Buses", + Description: "On-chip fabrics or buses either do not support or are not configured to support privilege separation or other security features, such as access control.", + ExtendedDescription: "", + Lang: "en", + }, + "1319": { + CweID: "1319", + Name: "Improper Protection against Electromagnetic Fault Injection (EM-FI)", + Description: "The device is susceptible to electromagnetic fault injection attacks, causing device internal information to be compromised or security mechanisms to be bypassed.", + ExtendedDescription: "", + Lang: "en", + }, "132": { CweID: "132", - Name: "DEPRECATED (Duplicate): Miscalculated Null Termination", + Name: "DEPRECATED: Miscalculated Null Termination", Description: "This entry has been deprecated because it was a duplicate of CWE-170. All content has been transferred to CWE-170.", ExtendedDescription: "", Lang: "en", }, + "1320": { + CweID: "1320", + Name: "Improper Protection for Out of Bounds Signal Level Alerts", + Description: "Untrusted agents can disable alerts about signal conditions exceeding limits or the response mechanism that handles such alerts.", + ExtendedDescription: "", + Lang: "en", + }, + "1321": { + CweID: "1321", + Name: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", + Description: "The software receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.", + ExtendedDescription: "", + Lang: "en", + }, + "1322": { + CweID: "1322", + Name: "Use of Blocking Code in Single-threaded, Non-blocking Context", + Description: "The product uses a non-blocking model that relies on a single threaded process for features such as scalability, but it contains code that can block when it is invoked.", + ExtendedDescription: "", + Lang: "en", + }, + "1323": { + CweID: "1323", + Name: "Improper Management of Sensitive Trace Data", + Description: "Trace data collected from several sources on the System-on-Chip (SoC) is stored in unprotected locations or transported to untrusted agents.", + ExtendedDescription: "", + Lang: "en", + }, + "1324": { + CweID: "1324", + Name: "Sensitive Information Accessible by Physical Probing of JTAG Interface", + Description: "Sensitive information in clear text on the JTAG interface may be examined by an eavesdropper, e.g. by placing a probe device on the interface such as a logic analyzer, or a corresponding software technique.", + ExtendedDescription: "", + Lang: "en", + }, + "1325": { + CweID: "1325", + Name: "Improperly Controlled Sequential Memory Allocation", + Description: "The product manages a group of objects or resources and performs a separate memory allocation for each object, but it does not properly limit the total amount of memory that is consumed by all of the combined objects.", + ExtendedDescription: "", + Lang: "en", + }, + "1326": { + CweID: "1326", + Name: "Missing Immutable Root of Trust in Hardware", + Description: "A missing immutable root of trust in the hardware results in the ability to bypass secure boot or execute untrusted or adversarial boot code.", + ExtendedDescription: "", + Lang: "en", + }, + "1327": { + CweID: "1327", + Name: "Binding to an Unrestricted IP Address", + Description: "The product assigns the address 0.0.0.0 for a database server, a cloud service/instance, or any computing resource that communicates remotely.", + ExtendedDescription: "", + Lang: "en", + }, + "1328": { + CweID: "1328", + Name: "Security Version Number Mutable to Older Versions", + Description: "Security-version number in hardware is mutable, resulting in the ability to downgrade (roll-back) the boot firmware to vulnerable code versions.", + ExtendedDescription: "", + Lang: "en", + }, + "1329": { + CweID: "1329", + Name: "Reliance on Component That is Not Updateable", + Description: "The product contains a component that cannot be updated or patched in order to remove vulnerabilities or significant bugs.", + ExtendedDescription: "", + Lang: "en", + }, + "1330": { + CweID: "1330", + Name: "Remanent Data Readable after Memory Erase", + Description: "Confidential information stored in memory circuits is readable or recoverable after being cleared or erased.", + ExtendedDescription: "", + Lang: "en", + }, + "1331": { + CweID: "1331", + Name: "Improper Isolation of Shared Resources in Network On Chip (NoC)", + Description: "The Network On Chip (NoC) does not isolate or incorrectly isolates its on-chip-fabric and internal resources such that they are shared between trusted and untrusted agents, creating timing channels.", + ExtendedDescription: "", + Lang: "en", + }, + "1332": { + CweID: "1332", + Name: "Improper Handling of Faults that Lead to Instruction Skips", + Description: "The device is missing or incorrectly implements circuitry or sensors that detect and mitigate the skipping of security-critical CPU instructions when they occur.", + ExtendedDescription: "", + Lang: "en", + }, + "1333": { + CweID: "1333", + Name: "Inefficient Regular Expression Complexity", + Description: "The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.", + ExtendedDescription: `Some regular expression engines have a feature called "backtracking". If the token cannot match, the engine "backtracks" to a position that may result in a different token that can match. Backtracking becomes a weakness if all of these conditions are met:`, + Lang: "en", + }, + "1334": { + CweID: "1334", + Name: "Unauthorized Error Injection Can Degrade Hardware Redundancy", + Description: "An unauthorized agent can inject errors into a redundant block to deprive the system of redundancy or put the system in a degraded operating mode.", + ExtendedDescription: "", + Lang: "en", + }, + "1335": { + CweID: "1335", + Name: "Incorrect Bitwise Shift of Integer", + Description: "An integer value is specified to be shifted by a negative amount or an amount greater than or equal to the number of bits contained in the value causing an unexpected or indeterminate result.", + ExtendedDescription: "", + Lang: "en", + }, + "1336": { + CweID: "1336", + Name: "Improper Neutralization of Special Elements Used in a Template Engine", + Description: "The product uses a template engine to insert or process externally-influenced input, but it does not neutralize or incorrectly neutralizes special elements or syntax that can be interpreted as template expressions or other code directives when processed by the engine.", + ExtendedDescription: "", + Lang: "en", + }, + "1338": { + CweID: "1338", + Name: "Improper Protections Against Hardware Overheating", + Description: "A hardware device is missing or has inadequate protection features to prevent overheating.", + ExtendedDescription: "", + Lang: "en", + }, + "1339": { + CweID: "1339", + Name: "Insufficient Precision or Accuracy of a Real Number", + Description: "The program processes a real number with an implementation in which the number’s representation does not preserve required accuracy and precision in its fractional part, causing an incorrect result.", + ExtendedDescription: "", + Lang: "en", + }, "134": { CweID: "134", Name: "Use of Externally-Controlled Format String", @@ -305,6 +1782,20 @@ var CweDictEn = map[string]Cwe{ ExtendedDescription: "", Lang: "en", }, + "1341": { + CweID: "1341", + Name: "Multiple Releases of Same Resource or Handle", + Description: "The product attempts to close or release a resource or handle more than once, without an intervening successful open.", + ExtendedDescription: "", + Lang: "en", + }, + "1342": { + CweID: "1342", + Name: "Information Exposure through Microarchitectural State after Transient Execution", + Description: "The processor does not properly clear microarchitectural state after incorrect microcode assists or speculative execution, resulting in transient execution.", + ExtendedDescription: "", + Lang: "en", + }, "135": { CweID: "135", Name: "Incorrect Calculation of Multi-Byte String Length", @@ -312,17 +1803,24 @@ var CweDictEn = map[string]Cwe{ ExtendedDescription: "", Lang: "en", }, + "1351": { + CweID: "1351", + Name: "Improper Handling of Hardware Behavior in Exceptionally Cold Environments", + Description: "A hardware device, or the firmware running on it, is missing or has incorrect protection features to maintain goals of security primitives when the device is cooled below standard operating temperatures.", + ExtendedDescription: "", + Lang: "en", + }, "138": { CweID: "138", Name: "Improper Neutralization of Special Elements", Description: "The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as control elements or syntactic markers when they are sent to a downstream component.", - ExtendedDescription: "Most languages and protocols have their own special elements such as characters and reserved words. These special elements can carry control implications. If software does not prevent external control or influence over the inclusion of such special elements, the control flow of the program may be altered from what was intended. For example, both Unix and Windows interpret the symbol < ('less than') as meaning 'read input from a file'.", + ExtendedDescription: `Most languages and protocols have their own special elements such as characters and reserved words. These special elements can carry control implications. If software does not prevent external control or influence over the inclusion of such special elements, the control flow of the program may be altered from what was intended. For example, both Unix and Windows interpret the symbol < ("less than") as meaning "read input from a file".`, Lang: "en", }, "14": { CweID: "14", Name: "Compiler Removal of Code to Clear Buffers", - Description: "Sensitive memory is cleared according to the source code, but compiler optimizations leave the memory untouched when it is not read from again, aka 'dead store removal.'", + Description: `Sensitive memory is cleared according to the source code, but compiler optimizations leave the memory untouched when it is not read from again, aka "dead store removal."`, ExtendedDescription: "", Lang: "en", }, @@ -379,13 +1877,13 @@ var CweDictEn = map[string]Cwe{ CweID: "147", Name: "Improper Neutralization of Input Terminators", Description: "The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as input terminators when they are sent to a downstream component.", - ExtendedDescription: "For example, a '.' in SMTP signifies the end of mail message data, whereas a null character can be used for the end of a string.", + ExtendedDescription: `For example, a "." in SMTP signifies the end of mail message data, whereas a null character can be used for the end of a string.`, Lang: "en", }, "148": { CweID: "148", Name: "Improper Neutralization of Input Leaders", - Description: "The application does not properly handle when a leading character or sequence ('leader') is missing or malformed, or if multiple leaders are used when only one should be allowed.", + Description: `The application does not properly handle when a leading character or sequence ("leader") is missing or malformed, or if multiple leaders are used when only one should be allowed.`, ExtendedDescription: "", Lang: "en", }, @@ -435,7 +1933,7 @@ var CweDictEn = map[string]Cwe{ CweID: "154", Name: "Improper Neutralization of Variable Name Delimiters", Description: "The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as variable name delimiters when they are sent to a downstream component.", - ExtendedDescription: "As data is parsed, an injected delimiter may cause the process to take unexpected actions that result in an attack. Example: '$' for an environment variable.", + ExtendedDescription: `As data is parsed, an injected delimiter may cause the process to take unexpected actions that result in an attack. Example: "$" for an environment variable.`, Lang: "en", }, "155": { @@ -468,8 +1966,8 @@ var CweDictEn = map[string]Cwe{ }, "159": { CweID: "159", - Name: "Failure to Sanitize Special Element", - Description: "Weaknesses in this attack-focused category do not properly filter and interpret special elements in user-controlled input which could cause adverse effect on the software behavior and integrity.", + Name: "Improper Handling of Invalid Use of Special Elements", + Description: "The product does not properly filter, remove, quote, or otherwise manage the invalid use of special elements in user-controlled input, which could cause adverse effect on its behavior and integrity.", ExtendedDescription: "", Lang: "en", }, @@ -525,14 +2023,14 @@ var CweDictEn = map[string]Cwe{ "167": { CweID: "167", Name: "Improper Handling of Additional Special Element", - Description: "The software receives input from an upstream component, but it does not handle or incorrectly handles when an additional unexpected special element is missing.", + Description: "The software receives input from an upstream component, but it does not handle or incorrectly handles when an additional unexpected special element is provided.", ExtendedDescription: "", Lang: "en", }, "168": { CweID: "168", Name: "Improper Handling of Inconsistent Special Elements", - Description: "The software does not handle when an inconsistency exists between two or more special characters or reserved words.", + Description: "The software does not properly handle input in which an inconsistency exists between two or more special characters or reserved words.", ExtendedDescription: "An example of this problem would be if paired characters appear in the wrong order, or if the special characters are not properly nested.", Lang: "en", }, @@ -616,22 +2114,22 @@ var CweDictEn = map[string]Cwe{ "182": { CweID: "182", Name: "Collapse of Data into Unsafe Value", - Description: "The software filters data in a way that causes it to be reduced or 'collapsed' into an unsafe value that violates an expected security property.", + Description: `The software filters data in a way that causes it to be reduced or "collapsed" into an unsafe value that violates an expected security property.`, ExtendedDescription: "", Lang: "en", }, "183": { CweID: "183", - Name: "Permissive Whitelist", - Description: "An application uses a 'whitelist' of acceptable values, but the whitelist includes at least one unsafe value, leading to resultant weaknesses.", + Name: "Permissive List of Allowed Inputs", + Description: "The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are explicitly allowed by policy because the inputs are assumed to be safe, but the list is too permissive - that is, it allows an input that is unsafe, leading to resultant weaknesses.", ExtendedDescription: "", Lang: "en", }, "184": { CweID: "184", - Name: "Incomplete Blacklist", - Description: "An application uses a 'blacklist' of prohibited values, but the blacklist is incomplete.", - ExtendedDescription: "If an incomplete blacklist is used as a security mechanism, then the software may allow unintended values to pass into the application logic.", + Name: "Incomplete List of Disallowed Inputs", + Description: "The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete, leading to resultant weaknesses.", + ExtendedDescription: "Developers often try to protect their products against malicious input by performing tests against inputs that are known to be bad, such as special characters that can invoke new commands. However, such lists often only account for the most well-known bad inputs. Attackers may be able to find other malicious inputs that were not expected by the developer, allowing them to bypass the intended protection mechanism.", Lang: "en", }, "185": { @@ -645,12 +2143,12 @@ var CweDictEn = map[string]Cwe{ CweID: "186", Name: "Overly Restrictive Regular Expression", Description: "A regular expression is overly restrictive, which prevents dangerous values from being detected.", - ExtendedDescription: "", + ExtendedDescription: `This weakness is not about regular expression complexity. Rather, it is about a regular expression that does not match all values that are intended. Consider the use of a regexp to identify acceptable values or to spot unwanted terms. An overly restrictive regexp misses some potentially security-relevant values leading to either false positives *or* false negatives, depending on how the regexp is being used within the code. Consider the expression /[0-8]/ where the intention was /[0-9]/. This expression is not "complex" but the value "9" is not matched when maybe the programmer planned to check for it.`, Lang: "en", }, "187": { CweID: "187", - Name: "Partial Comparison", + Name: "Partial String Comparison", Description: "The software performs a comparison that only examines a portion of a factor before determining whether there is a match, such as a substring, leading to resultant weaknesses.", ExtendedDescription: "For example, an attacker might succeed in authentication by providing a small password that matches the associated portion of the larger, correct password.", Lang: "en", @@ -728,148 +2226,148 @@ var CweDictEn = map[string]Cwe{ "20": { CweID: "20", Name: "Improper Input Validation", - Description: "The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.", - ExtendedDescription: "When software does not validate input properly, an attacker is able to craft the input in a form that is not expected by the rest of the application. This will lead to parts of the system receiving unintended input, which may result in altered control flow, arbitrary control of a resource, or arbitrary code execution.", + Description: "The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.", + ExtendedDescription: "", Lang: "en", }, "200": { CweID: "200", - Name: "Information Exposure", - Description: "An information exposure is the intentional or unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information.", + Name: "Exposure of Sensitive Information to an Unauthorized Actor", + Description: "The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.", ExtendedDescription: "", Lang: "en", }, "201": { CweID: "201", - Name: "Information Exposure Through Sent Data", - Description: "The accidental exposure of sensitive information through sent data refers to the transmission of data which are either sensitive in and of itself or useful in the further exploitation of the system through standard data channels.", - ExtendedDescription: "", + Name: "Insertion of Sensitive Information Into Sent Data", + Description: "The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.", + ExtendedDescription: "Sensitive information could include data that is sensitive in and of itself (such as credentials or private messages), or otherwise useful in the further exploitation of the system (such as internal file system structure).", Lang: "en", }, "202": { CweID: "202", - Name: "Exposure of Sensitive Data Through Data Queries", + Name: "Exposure of Sensitive Information Through Data Queries", Description: "When trying to keep information confidential, an attacker can often infer some of the information by using statistics.", - ExtendedDescription: "In situations where data should not be tied to individual users, but a large number of users should be able to make queries that 'scrub' the identity of users, it may be possible to get information about a user -- e.g., by specifying search terms that are known to be unique to that user.", + ExtendedDescription: `In situations where data should not be tied to individual users, but a large number of users should be able to make queries that "scrub" the identity of users, it may be possible to get information about a user -- e.g., by specifying search terms that are known to be unique to that user.`, Lang: "en", }, "203": { CweID: "203", - Name: "Information Exposure Through Discrepancy", - Description: "The product behaves differently or sends different responses in a way that exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.", - ExtendedDescription: "", + Name: "Observable Discrepancy", + Description: "The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.", + ExtendedDescription: "Discrepancies can take many forms, and variations may be detectable in timing, control flow, communications such as replies or requests, or general behavior. These discrepancies can reveal information about the product's operation or internal state to an unauthorized actor. In some cases, discrepancies can be used by attackers to form a side channel.", Lang: "en", }, "204": { CweID: "204", - Name: "Response Discrepancy Information Exposure", - Description: "The software provides different responses to incoming requests in a way that allows an actor to determine system state information that is outside of that actor's control sphere.", + Name: "Observable Response Discrepancy", + Description: "The product provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere.", ExtendedDescription: "This issue frequently occurs during authentication, where a difference in failed-login messages could allow an attacker to determine if the username is valid or not. These exposures can be inadvertent (bug) or intentional (design).", Lang: "en", }, "205": { CweID: "205", - Name: "Information Exposure Through Behavioral Discrepancy", - Description: "The product's actions indicate important differences based on (1) the internal state of the product or (2) differences from other products in the same class.", - ExtendedDescription: "For example, attacks such as OS fingerprinting rely heavily on both behavioral and response discrepancies.", + Name: "Observable Behavioral Discrepancy", + Description: "The product's behaviors indicate important differences that may be observed by unauthorized actors in a way that reveals (1) its internal state or decision process, or (2) differences from other products with equivalent functionality.", + ExtendedDescription: "Ideally, a product should provide as little information about its internal operations as possible. Otherwise, attackers could use knowledge of these internal operations to simplify or optimize their attack. In some cases, behavioral discrepancies can be used by attackers to form a side channel.", Lang: "en", }, "206": { CweID: "206", - Name: "Information Exposure of Internal State Through Behavioral Inconsistency", - Description: "Two separate operations in a product cause the product to behave differently in a way that is observable to an attacker and reveals security-relevant information about the internal state of the product, such as whether a particular operation was successful or not.", - ExtendedDescription: "", + Name: "Observable Internal Behavioral Discrepancy", + Description: "The product performs multiple behaviors that are combined to produce a single result, but the individual behaviors are observable separately in a way that allows attackers to reveal internal state or internal decision points.", + ExtendedDescription: "Ideally, a product should provide as little information as possible to an attacker. Any hints that the attacker may be making progress can then be used to simplify or optimize the attack. For example, in a login procedure that requires a username and password, ultimately there is only one decision: success or failure. However, internally, two separate actions are performed: determining if the username exists, and checking if the password is correct. If the product behaves differently based on whether the username exists or not, then the attacker only needs to concentrate on the password.", Lang: "en", }, "207": { CweID: "207", - Name: "Information Exposure Through an External Behavioral Inconsistency", - Description: "The product behaves differently than other products like it, in a way that is observable to an attacker and exposes security-relevant information about which product is being used.", - ExtendedDescription: "", + Name: "Observable Behavioral Discrepancy With Equivalent Products", + Description: "The product operates in an environment in which its existence or specific identity should not be known, but it behaves differently than other products with equivalent functionality, in a way that is observable to an attacker.", + ExtendedDescription: `For many kinds of products, multiple products may be available that perform the same functionality, such as a web server, network interface, or intrusion detection system. Attackers often perform "fingerprinting," which uses discrepancies in order to identify which specific product is in use. Once the specific product has been identified, the attacks can be made more customized and efficient. Often, an organization might intentionally allow the specific product to be identifiable. However, in some environments, the ability to identify a distinct product is unacceptable, and it is expected that every product would behave in exactly the same way. In these more restricted environments, a behavioral difference might pose an unacceptable risk if it makes it easier to identify the product's vendor, model, configuration, version, etc.`, Lang: "en", }, "208": { CweID: "208", - Name: "Information Exposure Through Timing Discrepancy", + Name: "Observable Timing Discrepancy", Description: "Two separate operations in a product require different amounts of time to complete, in a way that is observable to an actor and reveals security-relevant information about the state of the product, such as whether a particular operation was successful or not.", - ExtendedDescription: "", + ExtendedDescription: "In security-relevant contexts, even small variations in timing can be exploited by attackers to indirectly infer certain details about the product's internal operations. For example, in some cryptographic algorithms, attackers can use timing differences to infer certain properties about a private key, making the key easier to guess. Timing discrepancies effectively form a timing side channel.", Lang: "en", }, "209": { CweID: "209", - Name: "Information Exposure Through an Error Message", + Name: "Generation of Error Message Containing Sensitive Information", Description: "The software generates an error message that includes sensitive information about its environment, users, or associated data.", - ExtendedDescription: "The sensitive information may be valuable information on its own (such as a password), or it may be useful for launching other, more deadly attacks. If an attack fails, an attacker may use error information provided by the server to launch another more focused attack. For example, an attempt to exploit a path traversal weakness (CWE-22) might yield the full pathname of the installed application. In turn, this could be used to select the proper number of '..' sequences to navigate to the targeted file. An attack using SQL injection (CWE-89) might not initially succeed, but an error message could reveal the malformed query, which would expose query logic and possibly even passwords or other sensitive information used within the query.", + ExtendedDescription: "", Lang: "en", }, "210": { CweID: "210", - Name: "Information Exposure Through Self-generated Error Message", + Name: "Self-generated Error Message Containing Sensitive Information", Description: "The software identifies an error condition and creates its own diagnostic or error messages that contain sensitive information.", ExtendedDescription: "", Lang: "en", }, "211": { CweID: "211", - Name: "Information Exposure Through Externally-Generated Error Message", - Description: "The software performs an operation that triggers an external diagnostic or error message that is not directly generated by the software, such as an error generated by the programming language interpreter that the software uses. The error can contain sensitive system information.", + Name: "Externally-Generated Error Message Containing Sensitive Information", + Description: "The application performs an operation that triggers an external diagnostic or error message that is not directly generated or controlled by the application, such as an error generated by the programming language interpreter that the software uses. The error can contain sensitive system information.", ExtendedDescription: "", Lang: "en", }, "212": { CweID: "212", - Name: "Improper Cross-boundary Removal of Sensitive Data", - Description: "The software uses a resource that contains sensitive data, but it does not properly remove that data before it stores, transfers, or shares the resource with actors in another control sphere.", + Name: "Improper Removal of Sensitive Information Before Storage or Transfer", + Description: "The product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors.", ExtendedDescription: "", Lang: "en", }, "213": { CweID: "213", - Name: "Intentional Information Exposure", - Description: "A product's design or configuration explicitly requires the publication of information that could be regarded as sensitive by an administrator.", + Name: "Exposure of Sensitive Information Due to Incompatible Policies", + Description: "The product's intended functionality exposes information to certain actors in accordance with the developer's security policy, but this information is regarded as sensitive according to the intended security policies of other stakeholders such as the product's administrator, users, or others whose information is being processed.", ExtendedDescription: "", Lang: "en", }, "214": { CweID: "214", - Name: "Information Exposure Through Process Environment", - Description: "A process is invoked with sensitive arguments, environment variables, or other elements that can be seen by other processes on the operating system.", - ExtendedDescription: "Many operating systems allow a user to list information about processes that are owned by other users. This information could include command line arguments or environment variable settings. When this data contains sensitive information such as credentials, it might allow other users to launch an attack against the software or related resources.", + Name: "Invocation of Process Using Visible Sensitive Information", + Description: "A process is invoked with sensitive command-line arguments, environment variables, or other elements that can be seen by other processes on the operating system.", + ExtendedDescription: "Many operating systems allow a user to list information about processes that are owned by other users. Other users could see information such as command line arguments or environment variable settings. When this data contains sensitive information such as credentials, it might allow other users to launch an attack against the software or related resources.", Lang: "en", }, "215": { CweID: "215", - Name: "Information Exposure Through Debug Information", - Description: "The application contains debugging code that can expose sensitive information to untrusted parties.", - ExtendedDescription: "", + Name: "Insertion of Sensitive Information Into Debugging Code", + Description: "The application inserts sensitive information into debugging code, which could expose this information if the debugging code is not disabled in production.", + ExtendedDescription: "When debugging, it may be necessary to report detailed information to the programmer. However, if the debugging code is not disabled when the application is operating in a production environment, then this sensitive information may be exposed to attackers.", Lang: "en", }, "216": { CweID: "216", - Name: "Containment Errors (Container Errors)", - Description: "This tries to cover various problems in which improper data are included within a 'container.'", + Name: "DEPRECATED: Containment Errors (Container Errors)", + Description: `This entry has been deprecated, as it was not effective as a weakness and was structured more like a category. In addition, the name is inappropriate, since the "container" term is widely understood by developers in different ways than originally intended by PLOVER, the original source for this entry.`, ExtendedDescription: "", Lang: "en", }, "217": { CweID: "217", Name: "DEPRECATED: Failure to Protect Stored Data from Modification", - Description: "This weakness has been deprecated because it incorporated and confused multiple weaknesses. The issues formerly covered in this weakness can be found at CWE-766 and CWE-767.", + Description: "This entry has been deprecated because it incorporated and confused multiple weaknesses. The issues formerly covered in this entry can be found at CWE-766 and CWE-767.", ExtendedDescription: "", Lang: "en", }, "218": { CweID: "218", - Name: "DEPRECATED (Duplicate): Failure to provide confidentiality for stored data", + Name: "DEPRECATED: Failure to provide confidentiality for stored data", Description: "This weakness has been deprecated because it was a duplicate of CWE-493. All content has been transferred to CWE-493.", ExtendedDescription: "", Lang: "en", }, "219": { CweID: "219", - Name: "Sensitive Data Under Web Root", + Name: "Storage of File with Sensitive Data Under Web Root", Description: "The application stores sensitive data under the web document root with insufficient access control, which might make it accessible to untrusted parties.", - ExtendedDescription: "", + ExtendedDescription: "Besides public-facing web pages and code, applications may store sensitive data, code that is not directly invoked, or other files under the web document root of the web server. If the server is not configured or otherwise used to prevent direct access to those files, then attackers may obtain this sensitive data.", Lang: "en", }, "22": { @@ -881,8 +2379,8 @@ var CweDictEn = map[string]Cwe{ }, "220": { CweID: "220", - Name: "Sensitive Data Under FTP Root", - Description: "The application stores sensitive data under the FTP document root with insufficient access control, which might make it accessible to untrusted parties.", + Name: "Storage of File With Sensitive Data Under FTP Root", + Description: "The application stores sensitive data under the FTP server root with insufficient access control, which might make it accessible to untrusted parties.", ExtendedDescription: "", Lang: "en", }, @@ -916,16 +2414,16 @@ var CweDictEn = map[string]Cwe{ }, "225": { CweID: "225", - Name: "DEPRECATED (Duplicate): General Information Management Problems", + Name: "DEPRECATED: General Information Management Problems", Description: "This weakness can be found at CWE-199.", ExtendedDescription: "", Lang: "en", }, "226": { CweID: "226", - Name: "Sensitive Information Uncleared Before Release", - Description: "The software does not fully clear previously used information in a data structure, file, or other resource, before making that resource available to a party in another control sphere.", - ExtendedDescription: "This typically results from new data that is not as long as the old data, which leaves portions of the old data still available. Equivalent errors can occur in other situations where the length of data is variable but the associated data structure is not. If memory is not cleared after use, it may allow unintended actors to read the data when the memory is reallocated.", + Name: "Sensitive Information in Resource Not Removed Before Reuse", + Description: `The product releases a resource such as memory or a file so that it can be made available for reuse, but it does not clear or "zeroize" the information contained in the resource before the product performs a critical state transition or makes the resource available for reuse by other entities.`, + ExtendedDescription: "", Lang: "en", }, "228": { @@ -945,7 +2443,7 @@ var CweDictEn = map[string]Cwe{ "23": { CweID: "23", Name: "Relative Path Traversal", - Description: "The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as '..' that can resolve to a location that is outside of that directory.", + Description: `The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.`, ExtendedDescription: "This allows attackers to traverse the file system to access files or directories that are outside of the restricted directory.", Lang: "en", }, @@ -1022,7 +2520,7 @@ var CweDictEn = map[string]Cwe{ "24": { CweID: "24", Name: "Path Traversal: '../filedir'", - Description: "The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '../' sequences that can resolve to a location that is outside of that directory.", + Description: `The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize "../" sequences that can resolve to a location that is outside of that directory.`, ExtendedDescription: "", Lang: "en", }, @@ -1058,7 +2556,7 @@ var CweDictEn = map[string]Cwe{ CweID: "244", Name: "Improper Clearing of Heap Memory Before Release ('Heap Inspection')", Description: "Using realloc() to resize buffers that store sensitive information can leave the sensitive information exposed to attack, because it is not removed from memory.", - ExtendedDescription: "When sensitive data such as a password or an encryption key is not removed from memory, it could be exposed to an attacker using a 'heap inspection' attack that reads the sensitive data using memory dumps or other methods. The realloc() function is commonly used to increase the size of a block of allocated memory. This operation often requires copying the contents of the old memory block into a new and larger block. This operation leaves the contents of the original block intact but inaccessible to the program, preventing the program from being able to scrub sensitive data from memory. If an attacker can later examine the contents of a memory dump, the sensitive data could be exposed.", + ExtendedDescription: `When sensitive data such as a password or an encryption key is not removed from memory, it could be exposed to an attacker using a "heap inspection" attack that reads the sensitive data using memory dumps or other methods. The realloc() function is commonly used to increase the size of a block of allocated memory. This operation often requires copying the contents of the old memory block into a new and larger block. This operation leaves the contents of the original block intact but inaccessible to the program, preventing the program from being able to scrub sensitive data from memory. If an attacker can later examine the contents of a memory dump, the sensitive data could be exposed.`, Lang: "en", }, "245": { @@ -1077,7 +2575,7 @@ var CweDictEn = map[string]Cwe{ }, "247": { CweID: "247", - Name: "DEPRECATED (Duplicate): Reliance on DNS Lookups in a Security Decision", + Name: "DEPRECATED: Reliance on DNS Lookups in a Security Decision", Description: "This entry has been deprecated because it was a duplicate of CWE-350. All content has been transferred to CWE-350.", ExtendedDescription: "", Lang: "en", @@ -1092,14 +2590,14 @@ var CweDictEn = map[string]Cwe{ "249": { CweID: "249", Name: "DEPRECATED: Often Misused: Path Manipulation", - Description: "This entry has been deprecated because of name confusion and an accidental combination of multiple weaknesses. Most of its content has been transferred to CWE-785.", + Description: `This entry has been deprecated because of name confusion and an accidental combination of multiple weaknesses. Most of its content has been transferred to CWE-785. This entry was deprecated for several reasons. The primary reason is over-loading of the "path manipulation" term and the description. The original description for this entry was the same as that for the "Often Misused: File System" item in the original Seven Pernicious Kingdoms paper. However, Seven Pernicious Kingdoms also has a "Path Manipulation" phrase that is for external control of pathnames (CWE-73), which is a factor in symbolic link following and path traversal, neither of which is explicitly mentioned in 7PK. Fortify uses the phrase "Often Misused: Path Manipulation" for a broader range of problems, generally for issues related to buffer management. Given the multiple conflicting uses of this term, there is a chance that CWE users may have incorrectly mapped to this entry. The second reason for deprecation is an implied combination of multiple weaknesses within buffer-handling functions. The focus of this entry was generally on the path-conversion functions and their association with buffer overflows. However, some of Fortify's Vulncat entries have the term "path manipulation" but describe a non-overflow weakness in which the buffer is not guaranteed to contain the entire pathname, i.e., there is information truncation (see CWE-222 for a similar concept). A new entry for this non-overflow weakness may be created in a future version of CWE.`, ExtendedDescription: "", Lang: "en", }, "25": { CweID: "25", Name: "Path Traversal: '/../filedir'", - Description: "The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '/../' sequences that can resolve to a location that is outside of that directory.", + Description: `The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize "/../" sequences that can resolve to a location that is outside of that directory.`, ExtendedDescription: "", Lang: "en", }, @@ -1114,7 +2612,7 @@ var CweDictEn = map[string]Cwe{ CweID: "252", Name: "Unchecked Return Value", Description: "The software does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.", - ExtendedDescription: "Two common programmer assumptions are 'this function call can never fail' and 'it doesn't matter if this function call fails'. If an attacker can force the function to fail or otherwise return a value that is not expected, then the subsequent program logic could lead to a vulnerability, because the software is not in a state that the programmer assumes. For example, if the program calls a function to drop privileges but does not check the return code to ensure that privileges were successfully dropped, then the program will continue to operate with the higher privileges.", + ExtendedDescription: `Two common programmer assumptions are "this function call can never fail" and "it doesn't matter if this function call fails". If an attacker can force the function to fail or otherwise return a value that is not expected, then the subsequent program logic could lead to a vulnerability, because the software is not in a state that the programmer assumes. For example, if the program calls a function to drop privileges but does not check the return code to ensure that privileges were successfully dropped, then the program will continue to operate with the higher privileges.`, Lang: "en", }, "253": { @@ -1128,7 +2626,7 @@ var CweDictEn = map[string]Cwe{ CweID: "256", Name: "Plaintext Storage of a Password", Description: "Storing a password in plaintext may result in a system compromise.", - ExtendedDescription: "Password management issues occur when a password is stored in plaintext in an application's properties or configuration file. Storing a plaintext password in a configuration file allows anyone who can read the file access to the password-protected resource.", + ExtendedDescription: "Password management issues occur when a password is stored in plaintext in an application's properties, configuration file, or memory. Storing a plaintext password in a configuration file allows anyone who can read the file access to the password-protected resource. In some contexts, even storage of a plaintext password in memory is considered a security risk if the password is not cleared immediately after it is used.", Lang: "en", }, "257": { @@ -1155,7 +2653,7 @@ var CweDictEn = map[string]Cwe{ "26": { CweID: "26", Name: "Path Traversal: '/dir/../filename'", - Description: "The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '/dir/../filename' sequences that can resolve to a location that is outside of that directory.", + Description: `The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize "/dir/../filename" sequences that can resolve to a location that is outside of that directory.`, ExtendedDescription: "", Lang: "en", }, @@ -1168,16 +2666,16 @@ var CweDictEn = map[string]Cwe{ }, "261": { CweID: "261", - Name: "Weak Cryptography for Passwords", + Name: "Weak Encoding for Password", Description: "Obscuring a password with a trivial encoding does not protect the password.", - ExtendedDescription: "", + ExtendedDescription: "Password management issues occur when a password is stored in plaintext in an application's properties or configuration file. A programmer can attempt to remedy the password management problem by obscuring the password with an encoding function, such as base 64 encoding, but this effort does not adequately protect the password.", Lang: "en", }, "262": { CweID: "262", Name: "Not Using Password Aging", Description: "If no mechanism is in place for managing password aging, users will have no incentive to update passwords in a timely manner.", - ExtendedDescription: "", + ExtendedDescription: "Security experts have often recommended that users change their passwords regularly and avoid reusing passwords. Although this can be an effective mitigation, if the expiration window is too short, it can cause users to generate poor or predictable passwords. As such, it is important to discourage creating similar passwords. It is also useful to have a password aging mechanism that notifies users when passwords are considered old and requests that they replace them with new, strong passwords. Companion documentation which stresses how important this practice is can help users understand and better support this approach.", Lang: "en", }, "263": { @@ -1218,7 +2716,7 @@ var CweDictEn = map[string]Cwe{ "27": { CweID: "27", Name: "Path Traversal: 'dir/../../filename'", - Description: "The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize multiple internal '../' sequences that can resolve to a location that is outside of that directory.", + Description: `The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize multiple internal "../" sequences that can resolve to a location that is outside of that directory.`, ExtendedDescription: "", Lang: "en", }, @@ -1260,7 +2758,7 @@ var CweDictEn = map[string]Cwe{ "276": { CweID: "276", Name: "Incorrect Default Permissions", - Description: "The software, upon installation, sets incorrect permissions for an object that exposes it to an unintended actor.", + Description: "During installation, installed file permissions are set to allow anyone to modify those files.", ExtendedDescription: "", Lang: "en", }, @@ -1288,13 +2786,13 @@ var CweDictEn = map[string]Cwe{ "28": { CweID: "28", Name: "Path Traversal: '..\\filedir'", - Description: "The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '..\\' sequences that can resolve to a location that is outside of that directory.", + Description: `The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize "..\\" sequences that can resolve to a location that is outside of that directory.`, ExtendedDescription: "", Lang: "en", }, "280": { CweID: "280", - Name: "Improper Handling of Insufficient Permissions or Privileges", + Name: "Improper Handling of Insufficient Permissions or Privileges ", Description: "The application does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected code paths that may leave the application in an invalid state.", ExtendedDescription: "", Lang: "en", @@ -1385,7 +2883,7 @@ var CweDictEn = map[string]Cwe{ }, "292": { CweID: "292", - Name: "DEPRECATED (Duplicate): Trusting Self-reported DNS Name", + Name: "DEPRECATED: Trusting Self-reported DNS Name", Description: "This entry has been deprecated because it was a duplicate of CWE-350. All content has been transferred to CWE-350.", ExtendedDescription: "", Lang: "en", @@ -1408,7 +2906,7 @@ var CweDictEn = map[string]Cwe{ CweID: "295", Name: "Improper Certificate Validation", Description: "The software does not validate, or incorrectly validates, a certificate.", - ExtendedDescription: "When a certificate is invalid or malicious, it might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. The software might connect to a malicious host while believing it is a trusted host, or the software might be deceived into accepting spoofed data that appears to originate from a trusted host.", + ExtendedDescription: "When a certificate is invalid or malicious, it might allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. The software might connect to a malicious host while believing it is a trusted host, or the software might be deceived into accepting spoofed data that appears to originate from a trusted host.", Lang: "en", }, "296": { @@ -1448,7 +2946,7 @@ var CweDictEn = map[string]Cwe{ }, "300": { CweID: "300", - Name: "Channel Accessible by Non-Endpoint ('Man-in-the-Middle')", + Name: "Channel Accessible by Non-Endpoint", Description: "The product does not adequately verify the identity of actors at both ends of a communication channel, or does not adequately ensure the integrity of the channel, in a way that allows the channel to be accessed or influenced by an actor that is not an endpoint.", ExtendedDescription: "In order to establish secure communication between two parties, it is often important to adequately verify the identity of entities at each end of the communication channel. Inadequate or inconsistent verification may result in insufficient or incorrect identification of either communicating entity. This can have negative consequences such as misplaced trust in the entity at the other end of the channel. An attacker can leverage this by interposing between the communicating entities and masquerading as the original entity. In the absence of sufficient verification of identity, such an attacker can eavesdrop and potentially modify the communication between the original entities.", Lang: "en", @@ -1457,7 +2955,7 @@ var CweDictEn = map[string]Cwe{ CweID: "301", Name: "Reflection Attack in an Authentication Protocol", Description: "Simple authentication protocols are subject to reflection attacks if a malicious user can use the target machine to impersonate a trusted user.", - ExtendedDescription: "A mutual authentication protocol requires each party to respond to a random challenge by the other party by encrypting it with a pre-shared key. Often, however, such protocols employ the same pre-shared key for communication with a number of different entities. A malicious user or an attacker can easily compromise this protocol without possessing the correct key by employing a reflection attack on the protocol.", + ExtendedDescription: "", Lang: "en", }, "302": { @@ -1583,7 +3081,7 @@ var CweDictEn = map[string]Cwe{ CweID: "319", Name: "Cleartext Transmission of Sensitive Information", Description: "The software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.", - ExtendedDescription: "Many communication channels can be 'sniffed' by attackers during data transmission. For example, network traffic can often be sniffed by any attacker who has access to a network interface. This significantly lowers the difficulty of exploitation by attackers.", + ExtendedDescription: `Many communication channels can be "sniffed" by attackers during data transmission. For example, network traffic can often be sniffed by any attacker who has access to a network interface. This significantly lowers the difficulty of exploitation by attackers.`, Lang: "en", }, "32": { @@ -1604,7 +3102,7 @@ var CweDictEn = map[string]Cwe{ CweID: "322", Name: "Key Exchange without Entity Authentication", Description: "The software performs a key exchange with an actor without verifying the identity of that actor.", - ExtendedDescription: "Performing a key exchange will preserve the integrity of the information sent between two entities, but this will not guarantee that the entities are who they claim they are. This may enable a set of 'man-in-the-middle' attacks. Typically, this involves a victim client that contacts a malicious server that is impersonating a trusted server. If the client skips authentication or ignores an authentication failure, the malicious server may request authentication information from the user. The malicious server can then use this authentication information to log in to the trusted server using the victim's credentials, sniff traffic between the victim and trusted server, etc.", + ExtendedDescription: "Performing a key exchange will preserve the integrity of the information sent between two entities, but this will not guarantee that the entities are who they claim they are. This may enable an attacker to impersonate an actor by modifying traffic between the two entities. Typically, this involves a victim client that contacts a malicious server that is impersonating a trusted server. If the client skips authentication or ignores an authentication failure, the malicious server may request authentication information from the user. The malicious server can then use this authentication information to log in to the trusted server using the victim's credentials, sniff traffic between the victim and trusted server, etc.", Lang: "en", }, "323": { @@ -1623,9 +3121,9 @@ var CweDictEn = map[string]Cwe{ }, "325": { CweID: "325", - Name: "Missing Required Cryptographic Step", - Description: "The software does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than advertised by that algorithm.", - ExtendedDescription: "Cryptographic implementations should follow the algorithms that define them exactly, otherwise encryption can be weaker than expected.", + Name: "Missing Cryptographic Step", + Description: "The product does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than advertised by the algorithm.", + ExtendedDescription: "", Lang: "en", }, "326": { @@ -1644,15 +3142,15 @@ var CweDictEn = map[string]Cwe{ }, "328": { CweID: "328", - Name: "Reversible One-Way Hash", - Description: "The product uses a hashing algorithm that produces a hash value that can be used to determine the original input, or to find an input that can produce the same hash, more efficiently than brute force techniques.", - ExtendedDescription: "This weakness is especially dangerous when the hash is used in security algorithms that require the one-way property to hold. For example, if an authentication system takes an incoming password and generates a hash, then compares the hash to another hash that it has stored in its authentication database, then the ability to create a collision could allow an attacker to provide an alternate password that produces the same target hash, bypassing authentication.", + Name: "Use of Weak Hash", + Description: "The product uses an algorithm that produces a digest (output value) that does not meet security expectations for a hash function that allows an adversary to reasonably determine the original input (preimage attack), find another input that can produce the same hash (2nd preimage attack), or find multiple inputs that evaluate to the same hash (birthday attack).", + ExtendedDescription: "", Lang: "en", }, "329": { CweID: "329", - Name: "Not Using a Random IV with CBC Mode", - Description: "Not using a random initialization Vector (IV) with Cipher Block Chaining (CBC) Mode causes algorithms to be susceptible to dictionary attacks.", + Name: "Generation of Predictable IV with CBC Mode", + Description: "The product generates and uses a predictable initialization Vector (IV) with Cipher Block Chaining (CBC) Mode, which causes algorithms to be susceptible to dictionary attacks when they are encrypted under the same key.", ExtendedDescription: "", Lang: "en", }, @@ -1666,7 +3164,7 @@ var CweDictEn = map[string]Cwe{ "330": { CweID: "330", Name: "Use of Insufficiently Random Values", - Description: "The software may use insufficiently random numbers or values in a security context that depends on unpredictable numbers.", + Description: "The software uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.", ExtendedDescription: "When software generates predictable values in a context requiring unpredictability, it may be possible for an attacker to guess the next value that will be generated, and use this guess to impersonate another user or access sensitive information.", Lang: "en", }, @@ -1701,7 +3199,7 @@ var CweDictEn = map[string]Cwe{ "335": { CweID: "335", Name: "Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)", - Description: "The software uses a Pseudo-Random Number Generator (PRNG) that does not correctly manage seeds.", + Description: "The software uses a Pseudo-Random Number Generator (PRNG) but does not correctly manage seeds.", ExtendedDescription: "", Lang: "en", }, @@ -1709,14 +3207,14 @@ var CweDictEn = map[string]Cwe{ CweID: "336", Name: "Same Seed in Pseudo-Random Number Generator (PRNG)", Description: "A Pseudo-Random Number Generator (PRNG) uses the same seed each time the product is initialized.", - ExtendedDescription: "If an attacker can guess (or knows) the seed, then the attacker may be able to determine the random numbers that will be produced from the PRNG.", + ExtendedDescription: "Given the deterministic nature of PRNGs, using the same seed for each initialization will lead to the same output in the same order. If an attacker can guess (or knows) the seed, then the attacker may be able to determine the random numbers that will be produced from the PRNG.", Lang: "en", }, "337": { CweID: "337", Name: "Predictable Seed in Pseudo-Random Number Generator (PRNG)", Description: "A Pseudo-Random Number Generator (PRNG) is initialized from a predictable seed, such as the process ID or system time.", - ExtendedDescription: "The use of predictable seeds significantly reduces the number of possible seeds that an attacker would need to test in order to predict which random numnbers will be generated by the PRNG.", + ExtendedDescription: "The use of predictable seeds significantly reduces the number of possible seeds that an attacker would need to test in order to predict which random numbers will be generated by the PRNG.", Lang: "en", }, "338": { @@ -1729,8 +3227,8 @@ var CweDictEn = map[string]Cwe{ "339": { CweID: "339", Name: "Small Seed Space in PRNG", - Description: "A PRNG uses a relatively small space of seeds.", - ExtendedDescription: "", + Description: "A Pseudo-Random Number Generator (PRNG) uses a relatively small seed space, which makes it more susceptible to brute force attacks.", + ExtendedDescription: "PRNGs are entirely deterministic once seeded, so it should be extremely difficult to guess the seed. If an attacker can collect the outputs of a PRNG and then brute force the seed by trying every possibility to see which seed matches the observed output, then the attacker will know the output of any subsequent calls to the PRNG. A small seed space implies that the attacker will have far fewer possible values to try to exhaust all possibilities.", Lang: "en", }, "34": { @@ -1742,8 +3240,8 @@ var CweDictEn = map[string]Cwe{ }, "340": { CweID: "340", - Name: "Predictability Problems", - Description: "Weaknesses in this category are related to schemes that generate numbers or identifiers that are more predictable than required by the application.", + Name: "Generation of Predictable Numbers or Identifiers", + Description: "The product uses a scheme that generates numbers or identifiers that are more predictable than required.", ExtendedDescription: "", Lang: "en", }, @@ -1842,13 +3340,13 @@ var CweDictEn = map[string]Cwe{ CweID: "353", Name: "Missing Support for Integrity Check", Description: "The software uses a transmission protocol that does not include a mechanism for verifying the integrity of the data during transmission, such as a checksum.", - ExtendedDescription: "If integrity check values or 'checksums' are omitted from a protocol, there is no way of determining if data has been corrupted in transmission. The lack of checksum functionality in a protocol removes the first application-level check of data that can be used. The end-to-end philosophy of checks states that integrity checks should be performed at the lowest level that they can be completely implemented. Excluding further sanity checks and input validation performed by applications, the protocol's checksum is the most important level of checksum, since it can be performed more completely than at any previous level and takes into account entire messages, as opposed to single packets.", + ExtendedDescription: `If integrity check values or "checksums" are omitted from a protocol, there is no way of determining if data has been corrupted in transmission. The lack of checksum functionality in a protocol removes the first application-level check of data that can be used. The end-to-end philosophy of checks states that integrity checks should be performed at the lowest level that they can be completely implemented. Excluding further sanity checks and input validation performed by applications, the protocol's checksum is the most important level of checksum, since it can be performed more completely than at any previous level and takes into account entire messages, as opposed to single packets.`, Lang: "en", }, "354": { CweID: "354", Name: "Improper Validation of Integrity Check Value", - Description: "The software does not validate or incorrectly validates the integrity check values or 'checksums' of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission.", + Description: `The software does not validate or incorrectly validates the integrity check values or "checksums" of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission.`, ExtendedDescription: "Improper validation of checksums before use results in an unnecessary risk that can easily be mitigated. The protocol specification describes the algorithm used for calculating the checksum. It is then a simple matter of implementing the calculation and verifying that the calculated checksum and the received checksum match. Improper verification of the calculated checksum and the received checksum can lead to far greater consequences.", Lang: "en", }, @@ -1875,15 +3373,15 @@ var CweDictEn = map[string]Cwe{ }, "359": { CweID: "359", - Name: "Exposure of Private Information ('Privacy Violation')", - Description: "The software does not properly prevent private data (such as credit card numbers) from being accessed by actors who either (1) are not explicitly authorized to access the data or (2) do not have the implicit consent of the people to which the data is related.", + Name: "Exposure of Private Personal Information to an Unauthorized Actor", + Description: "The product does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the information or (2) do not have the implicit consent of the person about whom the information is collected.", ExtendedDescription: "", Lang: "en", }, "36": { CweID: "36", Name: "Absolute Path Traversal", - Description: "The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize absolute path sequences such as '/abs/path' that can resolve to a location that is outside of that directory.", + Description: `The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize absolute path sequences such as "/abs/path" that can resolve to a location that is outside of that directory.`, ExtendedDescription: "This allows attackers to traverse the file system to access files or directories that are outside of the restricted directory.", Lang: "en", }, @@ -1919,7 +3417,7 @@ var CweDictEn = map[string]Cwe{ CweID: "365", Name: "Race Condition in Switch", Description: "The code contains a switch statement in which the switched variable can be modified while the switch is still executing, resulting in unexpected behavior.", - ExtendedDescription: "This issue is particularly important in the case of switch statements that involve fall-through style case statements - ie., those which do not end with break. If the variable being tested by the switch changes in the course of execution, this could change the intended logic of the switch so much that it places the process in a contradictory state and in some cases could even result in memory corruption.", + ExtendedDescription: "This issue is particularly important in the case of switch statements that involve fall-through style case statements - i.e., those which do not end with break. If the variable being tested by the switch changes in the course of execution, this could change the intended logic of the switch so much that it places the process in a contradictory state and in some cases could even result in memory corruption.", Lang: "en", }, "366": { @@ -2008,7 +3506,7 @@ var CweDictEn = map[string]Cwe{ }, "379": { CweID: "379", - Name: "Creation of Temporary File in Directory with Incorrect Permissions", + Name: "Creation of Temporary File in Directory with Insecure Permissions", Description: "The software creates a temporary file in a directory whose permissions allow unintended actors to determine the file's existence or otherwise access that file.", ExtendedDescription: "On some operating systems, the fact that the temporary file exists may be apparent to any user with sufficient privileges to access that directory. Since the file is visible, the application that is using the temporary file could be known. If one has access to list the processes on the system, the attacker has gained information about what the user is doing at that time. By correlating this with the applications the user is running, an attacker could potentially discover what a user's actions are. From this, higher levels of security could be breached.", Lang: "en", @@ -2072,7 +3570,7 @@ var CweDictEn = map[string]Cwe{ "391": { CweID: "391", Name: "Unchecked Error Condition", - Description: "Ignoring exceptions and other error conditions may allow an attacker to induce unexpected behavior unnoticed.", + Description: "[PLANNED FOR DEPRECATION. SEE MAINTENANCE NOTES AND CONSIDER CWE-252, CWE-248, OR CWE-1069.] Ignoring exceptions and other error conditions may allow an attacker to induce unexpected behavior unnoticed.", ExtendedDescription: "", Lang: "en", }, @@ -2108,7 +3606,7 @@ var CweDictEn = map[string]Cwe{ CweID: "396", Name: "Declaration of Catch for Generic Exception", Description: "Catching overly broad exceptions promotes complex error handling code that is more likely to contain security vulnerabilities.", - ExtendedDescription: "Multiple catch blocks can get ugly and repetitive, but 'condensing' catch blocks by catching a high-level class like Exception can obscure exceptions that deserve special treatment or that should not be caught at this point in the program. Catching an overly broad exception essentially defeats the purpose of Java's typed exceptions, and can become particularly dangerous if the program grows and begins to throw new types of exceptions. The new exception types will not receive any attention.", + ExtendedDescription: `Multiple catch blocks can get ugly and repetitive, but "condensing" catch blocks by catching a high-level class like Exception can obscure exceptions that deserve special treatment or that should not be caught at this point in the program. Catching an overly broad exception essentially defeats the purpose of Java's typed exceptions, and can become particularly dangerous if the program grows and begins to throw new types of exceptions. The new exception types will not receive any attention.`, Lang: "en", }, "397": { @@ -2127,16 +3625,16 @@ var CweDictEn = map[string]Cwe{ }, "400": { CweID: "400", - Name: "Uncontrolled Resource Consumption ('Resource Exhaustion')", - Description: "The software does not properly restrict the size or amount of resources that are requested or influenced by an actor, which can be used to consume more resources than intended.", + Name: "Uncontrolled Resource Consumption", + Description: "The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.", ExtendedDescription: "", Lang: "en", }, "401": { CweID: "401", - Name: "Improper Release of Memory Before Removing Last Reference ('Memory Leak')", + Name: "Missing Release of Memory after Effective Lifetime", Description: "The software does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.", - ExtendedDescription: "This is often triggered by improper handling of malformed data or unexpectedly interrupted sessions.", + ExtendedDescription: "This is often triggered by improper handling of malformed data or unexpectedly interrupted sessions. In some languages, developers are responsible for tracking memory allocation and releasing the memory. If there are no more pointers or references to the memory, then it can no longer be tracked and identified for release.", Lang: "en", }, "402": { @@ -2176,7 +3674,7 @@ var CweDictEn = map[string]Cwe{ }, "407": { CweID: "407", - Name: "Algorithmic Complexity", + Name: "Inefficient Algorithmic Complexity", Description: "An algorithm in a product has an inefficient worst-case computational complexity that may be detrimental to system performance and can be triggered by an attacker, typically using crafted manipulations that ensure that the worst case is being reached.", ExtendedDescription: "", Lang: "en", @@ -2192,7 +3690,7 @@ var CweDictEn = map[string]Cwe{ CweID: "409", Name: "Improper Handling of Highly Compressed Data (Data Amplification)", Description: "The software does not handle or incorrectly handles a compressed input with a very high compression ratio that produces a large output.", - ExtendedDescription: "An example of data amplification is a 'decompression bomb,' a small ZIP file that can produce a large amount of data when it is decompressed.", + ExtendedDescription: `An example of data amplification is a "decompression bomb," a small ZIP file that can produce a large amount of data when it is decompressed.`, Lang: "en", }, "41": { @@ -2206,7 +3704,7 @@ var CweDictEn = map[string]Cwe{ CweID: "410", Name: "Insufficient Resource Pool", Description: "The software's resource pool is not large enough to handle peak demand, which allows an attacker to prevent others from accessing the resource by using a (relatively) large number of requests for resources.", - ExtendedDescription: "Frequently the consequence is a 'flood' of connection or sessions.", + ExtendedDescription: `Frequently the consequence is a "flood" of connection or sessions.`, Lang: "en", }, "412": { @@ -2281,7 +3779,7 @@ var CweDictEn = map[string]Cwe{ }, "423": { CweID: "423", - Name: "DEPRECATED (Duplicate): Proxied Trusted Channel", + Name: "DEPRECATED: Proxied Trusted Channel", Description: "This entry has been deprecated because it was a duplicate of CWE-441. All content has been transferred to CWE-441.", ExtendedDescription: "", Lang: "en", @@ -2318,7 +3816,7 @@ var CweDictEn = map[string]Cwe{ CweID: "428", Name: "Unquoted Search Path or Element", Description: "The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.", - ExtendedDescription: "If a malicious individual has access to the file system, it is possible to elevate privileges by inserting such a file as 'C:\\Program.exe' to be run by a privileged program making use of WinExec.", + ExtendedDescription: `If a malicious individual has access to the file system, it is possible to elevate privileges by inserting such a file as "C:\\Program.exe" to be run by a privileged program making use of WinExec.`, Lang: "en", }, "43": { @@ -2331,8 +3829,8 @@ var CweDictEn = map[string]Cwe{ "430": { CweID: "430", Name: "Deployment of Wrong Handler", - Description: "The wrong 'handler' is assigned to process an object.", - ExtendedDescription: "An example of deploying the wrong handler would be calling a servlet to reveal source code of a .JSP file, or automatically 'determining' type of the object even if it is contradictory to an explicitly specified type.", + Description: `The wrong "handler" is assigned to process an object.`, + ExtendedDescription: `An example of deploying the wrong handler would be calling a servlet to reveal source code of a .JSP file, or automatically "determining" type of the object even if it is contradictory to an explicitly specified type.`, Lang: "en", }, "431": { @@ -2353,7 +3851,7 @@ var CweDictEn = map[string]Cwe{ CweID: "433", Name: "Unparsed Raw Web Content Delivery", Description: "The software stores raw content or supporting code under the web document root with an extension that is not specifically handled by the server.", - ExtendedDescription: "If code is stored in a file with an extension such as '.inc' or '.pl', and the web server does not have a handler for that extension, then the server will likely send the contents of the file directly to the requester without the pre-processing that was expected. When that file contains sensitive information such as database credentials, this may allow the attacker to compromise the application or associated components.", + ExtendedDescription: `If code is stored in a file with an extension such as ".inc" or ".pl", and the web server does not have a handler for that extension, then the server will likely send the contents of the file directly to the requester without the pre-processing that was expected. When that file contains sensitive information such as database credentials, this may allow the attacker to compromise the application or associated components.`, Lang: "en", }, "434": { @@ -2365,9 +3863,9 @@ var CweDictEn = map[string]Cwe{ }, "435": { CweID: "435", - Name: "Improper Interaction Between Multiple Entities", - Description: "An interaction error occurs when two entities work correctly when running independently, but they interact in unexpected ways when they are run together.", - ExtendedDescription: "This could apply to products, systems, components, etc.", + Name: "Improper Interaction Between Multiple Correctly-Behaving Entities", + Description: "An interaction error occurs when two entities have correct behavior when running independently of each other, but when they are integrated as components in a larger system or process, they introduce incorrect behaviors that may cause resultant weaknesses.", + ExtendedDescription: "When a system or process combines multiple independent components, this often produces new, emergent behaviors at the system level. However, if the interactions between these components are not fully accounted for, some of the emergent behaviors can be incorrect or even insecure.", Lang: "en", }, "436": { @@ -2401,20 +3899,20 @@ var CweDictEn = map[string]Cwe{ "440": { CweID: "440", Name: "Expected Behavior Violation", - Description: "A feature, API, or function being used by a product behaves differently than the product expects.", + Description: "A feature, API, or function does not perform according to its specification.", ExtendedDescription: "", Lang: "en", }, "441": { CweID: "441", Name: "Unintended Proxy or Intermediary ('Confused Deputy')", - Description: "The software receives a request, message, or directive from an upstream component, but the software does not sufficiently preserve the original source of the request before forwarding the request to an external actor that is outside of the software's control sphere. This causes the software to appear to be the source of the request, leading it to act as a proxy or other intermediary between the upstream component and the external actor.", + Description: "The product receives a request, message, or directive from an upstream component, but the product does not sufficiently preserve the original source of the request before forwarding the request to an external actor that is outside of the product's control sphere. This causes the product to appear to be the source of the request, leading it to act as a proxy or other intermediary between the upstream component and the external actor.", ExtendedDescription: "", Lang: "en", }, "443": { CweID: "443", - Name: "DEPRECATED (Duplicate): HTTP response splitting", + Name: "DEPRECATED: HTTP response splitting", Description: "This weakness can be found at CWE-113.", ExtendedDescription: "", Lang: "en", @@ -2422,7 +3920,7 @@ var CweDictEn = map[string]Cwe{ "444": { CweID: "444", Name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')", - Description: "When malformed or abnormal HTTP requests are interpreted by one or more entities in the data flow between the user and the web server, such as a proxy or firewall, they can be interpreted inconsistently, allowing the attacker to 'smuggle' a request to one device without the other device being aware of it.", + Description: `When malformed or abnormal HTTP requests are interpreted by one or more entities in the data flow between the user and the web server, such as a proxy or firewall, they can be interpreted inconsistently, allowing the attacker to "smuggle" a request to one device without the other device being aware of it.`, ExtendedDescription: "", Lang: "en", }, @@ -2430,7 +3928,7 @@ var CweDictEn = map[string]Cwe{ CweID: "446", Name: "UI Discrepancy for Security Feature", Description: "The user interface does not correctly enable or configure a security feature, but the interface provides feedback that causes the user to believe that the feature is in a secure state.", - ExtendedDescription: "When the user interface does not properly reflect what the user asks of it, then it can lead the user into a false sense of security. For example, the user might check a box to enable a security option to enable encrypted communications, but the software does not actually enable the encryption. Alternately, the user might provide a 'restrict ALL'' access control rule, but the software only implements 'restrict SOME'.", + ExtendedDescription: `When the user interface does not properly reflect what the user asks of it, then it can lead the user into a false sense of security. For example, the user might check a box to enable a security option to enable encrypted communications, but the software does not actually enable the encryption. Alternately, the user might provide a "restrict ALL'" access control rule, but the software only implements "restrict SOME".`, Lang: "en", }, "447": { @@ -2520,7 +4018,7 @@ var CweDictEn = map[string]Cwe{ "459": { CweID: "459", Name: "Incomplete Cleanup", - Description: "The software does not properly 'clean up' and remove temporary or supporting resources after they have been used.", + Description: `The software does not properly "clean up" and remove temporary or supporting resources after they have been used.`, ExtendedDescription: "", Lang: "en", }, @@ -2729,9 +4227,9 @@ var CweDictEn = map[string]Cwe{ }, "489": { CweID: "489", - Name: "Leftover Debug Code", - Description: "The application can be deployed with active debugging code that can create unintended entry points.", - ExtendedDescription: "A common development practice is to add 'back door' code specifically designed for debugging or testing purposes that is not intended to be shipped or deployed with the application. These back door entry points create security risks because they are not considered during design or testing and fall outside of the expected operating conditions of the application.", + Name: "Active Debug Code", + Description: "The application is deployed to unauthorized actors with debugging code still enabled or active, which can create unintended entry points or expose sensitive information.", + ExtendedDescription: `A common development practice is to add "back door" code specifically designed for debugging or testing purposes that is not intended to be shipped or deployed with the application. These back door entry points create security risks because they are not considered during design or testing and fall outside of the expected operating conditions of the application.`, Lang: "en", }, "49": { @@ -2752,7 +4250,7 @@ var CweDictEn = map[string]Cwe{ CweID: "492", Name: "Use of Inner Class Containing Sensitive Data", Description: "Inner classes are translated into classes that are accessible at package scope and may expose code that the programmer intended to keep private to attackers.", - ExtendedDescription: "Inner classes quietly introduce several security concerns because of the way they are translated into Java bytecode. In Java source code, it appears that an inner class can be declared to be accessible only by the enclosing class, but Java bytecode has no concept of an inner class, so the compiler must transform an inner class declaration into a peer class with package level access to the original outer class. More insidiously, since an inner class can access private fields in their enclosing class, once an inner class becomes a peer class in bytecode, the compiler converts private fields accessed by the inner class into protected fields.", + ExtendedDescription: "Inner classes quietly introduce several security concerns because of the way they are translated into Java bytecode. In Java source code, it appears that an inner class can be declared to be accessible only by the enclosing class, but Java bytecode has no concept of an inner class, so the compiler must transform an inner class declaration into a peer class with package level access to the original outer class. More insidiously, since an inner class can access private fields in its enclosing class, once an inner class becomes a peer class in bytecode, the compiler converts private fields accessed by the inner class into protected fields.", Lang: "en", }, "493": { @@ -2771,8 +4269,8 @@ var CweDictEn = map[string]Cwe{ }, "495": { CweID: "495", - Name: "Private Array-Typed Field Returned From A Public Method", - Description: "The product has a method that is declared public, but returns a reference to a private array, which could then be modified in unexpected ways.", + Name: "Private Data Structure Returned From A Public Method", + Description: "The product has a method that is declared public, but returns a reference to a private data structure, which could then be modified in unexpected ways.", ExtendedDescription: "", Lang: "en", }, @@ -2785,9 +4283,9 @@ var CweDictEn = map[string]Cwe{ }, "497": { CweID: "497", - Name: "Exposure of System Data to an Unauthorized Control Sphere", - Description: "Exposing system data or debugging information helps an adversary learn about the system and form an attack plan.", - ExtendedDescription: "An information exposure occurs when system data or debugging information leaves the program through an output stream or logging function that makes it accessible to unauthorized parties. An attacker can also cause errors to occur by submitting unusual requests to the web application. The response to these errors can reveal detailed system information, deny service, cause security mechanisms to fail, and crash the server. An attacker can use error messages that reveal technologies, operating systems, and product versions to tune the attack against known vulnerabilities in these technologies. An application may use diagnostic methods that provide significant implementation details such as stack traces as part of its error handling mechanism.", + Name: "Exposure of Sensitive System Information to an Unauthorized Control Sphere", + Description: "The application does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the application does.", + ExtendedDescription: "", Lang: "en", }, "498": { @@ -2892,7 +4390,7 @@ var CweDictEn = map[string]Cwe{ CweID: "512", Name: "Spyware", Description: "The software collects personally identifiable information about a human user or the user's activities, but the software accesses this information using other resources besides itself, and it does not require that user's explicit approval or direct input into the software.", - ExtendedDescription: "'Spyware' is a commonly used term with many definitions and interpretations. In general, it is meant to software that collects information or installs functionality that human users might not allow if they were fully aware of the actions being taken by the software. For example, a user might expect that tax software would collect a social security number and include it when filing a tax return, but that same user would not expect gaming software to obtain the social security number from that tax software's data.", + ExtendedDescription: `"Spyware" is a commonly used term with many definitions and interpretations. In general, it is meant to software that collects information or installs functionality that human users might not allow if they were fully aware of the actions being taken by the software. For example, a user might expect that tax software would collect a social security number and include it when filing a tax return, but that same user would not expect gaming software to obtain the social security number from that tax software's data.`, Lang: "en", }, "514": { @@ -2911,7 +4409,7 @@ var CweDictEn = map[string]Cwe{ }, "516": { CweID: "516", - Name: "DEPRECATED (Duplicate): Covert Timing Channel", + Name: "DEPRECATED: Covert Timing Channel", Description: "This weakness can be found at CWE-385.", ExtendedDescription: "", Lang: "en", @@ -2934,55 +4432,55 @@ var CweDictEn = map[string]Cwe{ CweID: "521", Name: "Weak Password Requirements", Description: "The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.", - ExtendedDescription: "An authentication mechanism is only as strong as its credentials. For this reason, it is important to require users to have strong passwords. Lack of password complexity significantly reduces the search space when trying to guess user's passwords, making brute-force attacks easier.", + ExtendedDescription: "Authentication mechanisms often rely on a memorized secret (also known as a password) to provide an assertion of identity for a user of a system. It is therefore important that this password be of sufficient complexity and impractical for an adversary to guess. The specific requirements around how complex a password needs to be depends on the type of system being protected. Selecting the correct password requirements and enforcing them through implementation are critical to the overall success of the authentication mechanism.", Lang: "en", }, "522": { CweID: "522", Name: "Insufficiently Protected Credentials", - Description: "This weakness occurs when the application transmits or stores authentication credentials and uses an insecure method that is susceptible to unauthorized interception and/or retrieval.", + Description: "The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.", ExtendedDescription: "", Lang: "en", }, "523": { CweID: "523", Name: "Unprotected Transport of Credentials", - Description: "Login pages not using adequate measures to protect the user name and password while they are in transit from the client to the server.", + Description: "Login pages do not use adequate measures to protect the user name and password while they are in transit from the client to the server.", ExtendedDescription: "", Lang: "en", }, "524": { CweID: "524", - Name: "Information Exposure Through Caching", - Description: "The application uses a cache to maintain a pool of objects, threads, connections, pages, or passwords to minimize the time it takes to access them or the resources to which they connect. If implemented improperly, these caches can allow access to unauthorized information or cause a denial of service vulnerability.", - ExtendedDescription: "", + Name: "Use of Cache Containing Sensitive Information", + Description: "The code uses a cache that contains sensitive information, but the cache can be read by an actor outside of the intended control sphere.", + ExtendedDescription: "Applications may use caches to improve efficiency when communicating with remote entities or performing intensive calculations. A cache maintains a pool of objects, threads, connections, pages, financial data, passwords, or other resources to minimize the time it takes to initialize and access these resources. If the cache is accessible to unauthorized actors, attackers can read the cache and obtain this sensitive information.", Lang: "en", }, "525": { CweID: "525", - Name: "Information Exposure Through Browser Caching", - Description: "For each web page, the application should have an appropriate caching policy specifying the extent to which the page and its form fields should be cached.", + Name: "Use of Web Browser Cache Containing Sensitive Information", + Description: "The web application does not use an appropriate caching policy that specifies the extent to which each web page and associated form fields should be cached.", ExtendedDescription: "", Lang: "en", }, "526": { CweID: "526", - Name: "Information Exposure Through Environmental Variables", + Name: "Exposure of Sensitive Information Through Environmental Variables", Description: "Environmental variables may contain sensitive information about a remote server.", ExtendedDescription: "", Lang: "en", }, "527": { CweID: "527", - Name: "Exposure of CVS Repository to an Unauthorized Control Sphere", - Description: "The product stores a CVS repository in a directory or other container that is accessible to actors outside of the intended control sphere.", - ExtendedDescription: "Information contained within a CVS subdirectory on a web server or other server could be recovered by an attacker and used for malicious purposes. This information may include usernames, filenames, path root, and IP addresses.", + Name: "Exposure of Version-Control Repository to an Unauthorized Control Sphere", + Description: "The product stores a CVS, git, or other repository in a directory, archive, or other resource that is stored, transferred, or otherwise made accessible to unauthorized actors.", + ExtendedDescription: `Version control repositories such as CVS or git store version-specific metadata and other details within subdirectories. If these subdirectories are stored on a web server or added to an archive, then these could be used by an attacker. This information may include usernames, filenames, path root, IP addresses, and detailed "diff" data about how files have been changed - which could reveal source code snippets that were never intended to be made public.`, Lang: "en", }, "528": { CweID: "528", Name: "Exposure of Core Dump File to an Unauthorized Control Sphere", - Description: "The product generates a core dump file in a directory that is accessible to actors outside of the intended control sphere.", + Description: "The product generates a core dump file in a directory, archive, or other resource that is stored, transferred, or otherwise made accessible to unauthorized actors.", ExtendedDescription: "", Lang: "en", }, @@ -3003,71 +4501,71 @@ var CweDictEn = map[string]Cwe{ "530": { CweID: "530", Name: "Exposure of Backup File to an Unauthorized Control Sphere", - Description: "A backup file is stored in a directory that is accessible to actors outside of the intended control sphere.", - ExtendedDescription: "Often, old files are renamed with an extension such as .~bk to distinguish them from production files. The source code for old files that have been renamed in this manner and left in the webroot can often be retrieved. This renaming may have been performed automatically by the web server, or manually by the administrator.", + Description: "A backup file is stored in a directory or archive that is made accessible to unauthorized actors.", + ExtendedDescription: "Often, older backup files are renamed with an extension such as .~bk to distinguish them from production files. The source code for old files that have been renamed in this manner and left in the webroot can often be retrieved. This renaming may have been performed automatically by the web server, or manually by the administrator.", Lang: "en", }, "531": { CweID: "531", - Name: "Information Exposure Through Test Code", + Name: "Inclusion of Sensitive Information in Test Code", Description: "Accessible test applications can pose a variety of security risks. Since developers or administrators rarely consider that someone besides themselves would even know about the existence of these applications, it is common for them to contain sensitive information or functions.", ExtendedDescription: "", Lang: "en", }, "532": { CweID: "532", - Name: "Information Exposure Through Log Files", + Name: "Insertion of Sensitive Information into Log File", Description: "Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.", - ExtendedDescription: "While logging all information may be helpful during development stages, it is important that logging levels be set appropriately before a product ships so that sensitive user data and system information are not accidentally exposed to potential attackers.", + ExtendedDescription: "", Lang: "en", }, "533": { CweID: "533", - Name: "Information Exposure Through Server Log Files", - Description: "A server.log file was found. This can give information on whatever application left the file. Usually this can give full path names and system information, and sometimes usernames and passwords.", + Name: "DEPRECATED: Information Exposure Through Server Log Files", + Description: "This entry has been deprecated because its abstraction was too low-level. See CWE-532.", ExtendedDescription: "", Lang: "en", }, "534": { CweID: "534", - Name: "Information Exposure Through Debug Log Files", - Description: "The application does not sufficiently restrict access to a log file that is used for debugging.", + Name: "DEPRECATED: Information Exposure Through Debug Log Files", + Description: "This entry has been deprecated because its abstraction was too low-level. See CWE-532.", ExtendedDescription: "", Lang: "en", }, "535": { CweID: "535", - Name: "Information Exposure Through Shell Error Message", + Name: "Exposure of Information Through Shell Error Message", Description: "A command shell error message indicates that there exists an unhandled exception in the web application code. In many cases, an attacker can leverage the conditions that cause these errors in order to gain unauthorized access to the system.", ExtendedDescription: "", Lang: "en", }, "536": { CweID: "536", - Name: "Information Exposure Through Servlet Runtime Error Message", + Name: "Servlet Runtime Error Message Containing Sensitive Information", Description: "A servlet error message indicates that there exists an unhandled exception in your web application code and may provide useful information to an attacker.", ExtendedDescription: "", Lang: "en", }, "537": { CweID: "537", - Name: "Information Exposure Through Java Runtime Error Message", + Name: "Java Runtime Error Message Containing Sensitive Information", Description: "In many cases, an attacker can leverage the conditions that cause unhandled exception errors in order to gain unauthorized access to the system.", ExtendedDescription: "", Lang: "en", }, "538": { CweID: "538", - Name: "File and Directory Information Exposure", - Description: "The product stores sensitive information in files or directories that are accessible to actors outside of the intended control sphere.", + Name: "Insertion of Sensitive Information into Externally-Accessible File or Directory", + Description: "The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information.", ExtendedDescription: "", Lang: "en", }, "539": { CweID: "539", - Name: "Information Exposure Through Persistent Cookies", - Description: "Persistent cookies are cookies that are stored on the browser's hard drive. This can cause security and privacy issues depending on the information stored in the cookie and how it is accessed.", - ExtendedDescription: "Cookies are small bits of data that are sent by the web application but stored locally in the browser. This lets the application use the cookie to pass information between pages and store variable information. The web application controls what information is stored in a cookie and how it is used. Typical types of information stored in cookies are session Identifiers, personalization and customization information, and in rare cases even usernames to enable automated logins. There are two different types of cookies: session cookies and persistent cookies. Session cookies just live in the browser's memory, and are not stored anywhere, but persistent cookies are stored on the browser's hard drive.", + Name: "Use of Persistent Cookies Containing Sensitive Information", + Description: "The web application uses persistent cookies, but the cookies contain sensitive information.", + ExtendedDescription: "Cookies are small bits of data that are sent by the web application but stored locally in the browser. This lets the application use the cookie to pass information between pages and store variable information. The web application controls what information is stored in a cookie and how it is used. Typical types of information stored in cookies are session identifiers, personalization and customization information, and in rare cases even usernames to enable automated logins. There are two different types of cookies: session cookies and persistent cookies. Session cookies just live in the browser's memory and are not stored anywhere, but persistent cookies are stored on the browser's hard drive. This can cause security and privacy issues depending on the information stored in the cookie and how it is accessed.", Lang: "en", }, "54": { @@ -3079,22 +4577,22 @@ var CweDictEn = map[string]Cwe{ }, "540": { CweID: "540", - Name: "Information Exposure Through Source Code", - Description: "Source code on a web server often contains sensitive information and should generally not be accessible to users.", + Name: "Inclusion of Sensitive Information in Source Code", + Description: "Source code on a web server or repository often contains sensitive information and should generally not be accessible to users.", ExtendedDescription: "There are situations where it is critical to remove source code from an area or server. For example, obtaining Perl source code on a system allows an attacker to understand the logic of the script and extract extremely useful information such as code bugs or logins and passwords.", Lang: "en", }, "541": { CweID: "541", - Name: "Information Exposure Through Include Source Code", + Name: "Inclusion of Sensitive Information in an Include File", Description: "If an include file source is accessible, the file can contain usernames and passwords, as well as sensitive information pertaining to the application and system.", ExtendedDescription: "", Lang: "en", }, "542": { CweID: "542", - Name: "Information Exposure Through Cleanup Log Files", - Description: "The application does not properly protect or delete a log file related to cleanup.", + Name: "DEPRECATED: Information Exposure Through Cleanup Log Files", + Description: "This entry has been deprecated because its abstraction was too low-level. See CWE-532.", ExtendedDescription: "", Lang: "en", }, @@ -3135,7 +4633,7 @@ var CweDictEn = map[string]Cwe{ }, "548": { CweID: "548", - Name: "Information Exposure Through Directory Listing", + Name: "Exposure of Information Through Directory Listing", Description: "A directory listing is inappropriately exposed, yielding potentially sensitive information to attackers.", ExtendedDescription: "A directory listing provides an attacker with the complete index of all the resources located inside of the directory. The specific risks and consequences vary depending on which files are listed and accessible.", Lang: "en", @@ -3156,7 +4654,7 @@ var CweDictEn = map[string]Cwe{ }, "550": { CweID: "550", - Name: "Information Exposure Through Server Error Message", + Name: "Server-generated Error Message Containing Sensitive Information", Description: "Certain conditions, such as network failure, will cause a server error message to be displayed.", ExtendedDescription: "While error messages in and of themselves are not dangerous, per se, it is what an attacker can glean from them that might cause eventual problems.", Lang: "en", @@ -3171,8 +4669,8 @@ var CweDictEn = map[string]Cwe{ "552": { CweID: "552", Name: "Files or Directories Accessible to External Parties", - Description: "Files or directories are accessible in the environment that should not be.", - ExtendedDescription: "", + Description: "The product makes files or directories accessible to unauthorized actors, even though they should not be.", + ExtendedDescription: `Web servers, FTP servers, and similar servers may store a set of files underneath a "root" directory that is accessible to the server's users. Applications may store sensitive files underneath this root without also using access control to limit which users may request those files, if any. Alternately, an application might package multiple files or directories into an archive file (e.g., ZIP or tar), but the application might not exclude sensitive files that are underneath those directories.`, Lang: "en", }, "553": { @@ -3319,35 +4817,35 @@ var CweDictEn = map[string]Cwe{ CweID: "574", Name: "EJB Bad Practices: Use of Synchronization Primitives", Description: "The program violates the Enterprise JavaBeans (EJB) specification by using thread synchronization primitives.", - ExtendedDescription: "The Enterprise JavaBeans specification requires that every bean provider follow a set of programming guidelines designed to ensure that the bean will be portable and behave consistently in any EJB container. In this case, the program violates the following EJB guideline: 'An enterprise bean must not use thread synchronization primitives to synchronize execution of multiple instances.' The specification justifies this requirement in the following way: 'This rule is required to ensure consistent runtime semantics because while some EJB containers may use a single JVM to execute all enterprise bean's instances, others may distribute the instances across multiple JVMs.'", + ExtendedDescription: `The Enterprise JavaBeans specification requires that every bean provider follow a set of programming guidelines designed to ensure that the bean will be portable and behave consistently in any EJB container. In this case, the program violates the following EJB guideline: "An enterprise bean must not use thread synchronization primitives to synchronize execution of multiple instances." The specification justifies this requirement in the following way: "This rule is required to ensure consistent runtime semantics because while some EJB containers may use a single JVM to execute all enterprise bean's instances, others may distribute the instances across multiple JVMs."`, Lang: "en", }, "575": { CweID: "575", Name: "EJB Bad Practices: Use of AWT Swing", Description: "The program violates the Enterprise JavaBeans (EJB) specification by using AWT/Swing.", - ExtendedDescription: "The Enterprise JavaBeans specification requires that every bean provider follow a set of programming guidelines designed to ensure that the bean will be portable and behave consistently in any EJB container. In this case, the program violates the following EJB guideline: 'An enterprise bean must not use the AWT functionality to attempt to output information to a display, or to input information from a keyboard.' The specification justifies this requirement in the following way: 'Most servers do not allow direct interaction between an application program and a keyboard/display attached to the server system.'", + ExtendedDescription: `The Enterprise JavaBeans specification requires that every bean provider follow a set of programming guidelines designed to ensure that the bean will be portable and behave consistently in any EJB container. In this case, the program violates the following EJB guideline: "An enterprise bean must not use the AWT functionality to attempt to output information to a display, or to input information from a keyboard." The specification justifies this requirement in the following way: "Most servers do not allow direct interaction between an application program and a keyboard/display attached to the server system."`, Lang: "en", }, "576": { CweID: "576", Name: "EJB Bad Practices: Use of Java I/O", Description: "The program violates the Enterprise JavaBeans (EJB) specification by using the java.io package.", - ExtendedDescription: "The Enterprise JavaBeans specification requires that every bean provider follow a set of programming guidelines designed to ensure that the bean will be portable and behave consistently in any EJB container. In this case, the program violates the following EJB guideline: 'An enterprise bean must not use the java.io package to attempt to access files and directories in the file system.' The specification justifies this requirement in the following way: 'The file system APIs are not well-suited for business components to access data. Business components should use a resource manager API, such as JDBC, to store data.'", + ExtendedDescription: `The Enterprise JavaBeans specification requires that every bean provider follow a set of programming guidelines designed to ensure that the bean will be portable and behave consistently in any EJB container. In this case, the program violates the following EJB guideline: "An enterprise bean must not use the java.io package to attempt to access files and directories in the file system." The specification justifies this requirement in the following way: "The file system APIs are not well-suited for business components to access data. Business components should use a resource manager API, such as JDBC, to store data."`, Lang: "en", }, "577": { CweID: "577", Name: "EJB Bad Practices: Use of Sockets", Description: "The program violates the Enterprise JavaBeans (EJB) specification by using sockets.", - ExtendedDescription: "The Enterprise JavaBeans specification requires that every bean provider follow a set of programming guidelines designed to ensure that the bean will be portable and behave consistently in any EJB container. In this case, the program violates the following EJB guideline: 'An enterprise bean must not attempt to listen on a socket, accept connections on a socket, or use a socket for multicast.' The specification justifies this requirement in the following way: 'The EJB architecture allows an enterprise bean instance to be a network socket client, but it does not allow it to be a network server. Allowing the instance to become a network server would conflict with the basic function of the enterprise bean-- to serve the EJB clients.'", + ExtendedDescription: `The Enterprise JavaBeans specification requires that every bean provider follow a set of programming guidelines designed to ensure that the bean will be portable and behave consistently in any EJB container. In this case, the program violates the following EJB guideline: "An enterprise bean must not attempt to listen on a socket, accept connections on a socket, or use a socket for multicast." The specification justifies this requirement in the following way: "The EJB architecture allows an enterprise bean instance to be a network socket client, but it does not allow it to be a network server. Allowing the instance to become a network server would conflict with the basic function of the enterprise bean-- to serve the EJB clients."`, Lang: "en", }, "578": { CweID: "578", Name: "EJB Bad Practices: Use of Class Loader", Description: "The program violates the Enterprise JavaBeans (EJB) specification by using the class loader.", - ExtendedDescription: "The Enterprise JavaBeans specification requires that every bean provider follow a set of programming guidelines designed to ensure that the bean will be portable and behave consistently in any EJB container. In this case, the program violates the following EJB guideline: 'The enterprise bean must not attempt to create a class loader; obtain the current class loader; set the context class loader; set security manager; create a new security manager; stop the JVM; or change the input, output, and error streams.' The specification justifies this requirement in the following way: 'These functions are reserved for the EJB container. Allowing the enterprise bean to use these functions could compromise security and decrease the container's ability to properly manage the runtime environment.'", + ExtendedDescription: `The Enterprise JavaBeans specification requires that every bean provider follow a set of programming guidelines designed to ensure that the bean will be portable and behave consistently in any EJB container. In this case, the program violates the following EJB guideline: "The enterprise bean must not attempt to create a class loader; obtain the current class loader; set the context class loader; set security manager; create a new security manager; stop the JVM; or change the input, output, and error streams." The specification justifies this requirement in the following way: "These functions are reserved for the EJB container. Allowing the enterprise bean to use these functions could compromise security and decrease the container's ability to properly manage the runtime environment."`, Lang: "en", }, "579": { @@ -3360,8 +4858,8 @@ var CweDictEn = map[string]Cwe{ "58": { CweID: "58", Name: "Path Equivalence: Windows 8.3 Filename", - Description: "The software contains a protection mechanism that restricts access to a long filename on a Windows operating system, but the software does not properly restrict access to the equivalent short '8.3' filename.", - ExtendedDescription: "On later Windows operating systems, a file can have a 'long name' and a short name that is compatible with older Windows file systems, with up to 8 characters in the filename and 3 characters for the extension. These '8.3' filenames, therefore, act as an alternate name for files with long names, so they are useful pathname equivalence manipulations.", + Description: `The software contains a protection mechanism that restricts access to a long filename on a Windows operating system, but the software does not properly restrict access to the equivalent short "8.3" filename.`, + ExtendedDescription: `On later Windows operating systems, a file can have a "long name" and a short name that is compatible with older Windows file systems, with up to 8 characters in the filename and 3 characters for the extension. These "8.3" filenames, therefore, act as an alternate name for files with long names, so they are useful pathname equivalence manipulations.`, Lang: "en", }, "580": { @@ -3389,7 +4887,7 @@ var CweDictEn = map[string]Cwe{ CweID: "583", Name: "finalize() Method Declared Public", Description: "The program violates secure coding principles for mobile code by declaring a finalize() method public.", - ExtendedDescription: "A program should never call finalize explicitly, except to call super.finalize() inside an implementation of finalize(). In mobile code situations, the otherwise error prone practice of manual garbage collection can become a security threat if an attacker can maliciously invoke one of your finalize() methods because it is declared with public access.", + ExtendedDescription: "A program should never call finalize explicitly, except to call super.finalize() inside an implementation of finalize(). In mobile code situations, the otherwise error prone practice of manual garbage collection can become a security threat if an attacker can maliciously invoke a finalize() method because it is declared with public access.", Lang: "en", }, "584": { @@ -3417,7 +4915,7 @@ var CweDictEn = map[string]Cwe{ CweID: "587", Name: "Assignment of a Fixed Address to a Pointer", Description: "The software sets a pointer to a specific address other than NULL or 0.", - ExtendedDescription: "Using a fixed address is not portable because that address will probably not be valid in all environments or platforms.", + ExtendedDescription: "Using a fixed address is not portable, because that address will probably not be valid in all environments or platforms.", Lang: "en", }, "588": { @@ -3480,28 +4978,28 @@ var CweDictEn = map[string]Cwe{ CweID: "595", Name: "Comparison of Object References Instead of Object Contents", Description: "The program compares object references instead of the contents of the objects themselves, preventing it from detecting equivalent objects.", - ExtendedDescription: "", + ExtendedDescription: "For example, in Java, comparing objects using == usually produces deceptive results, since the == operator compares object references rather than values; often, this means that using == for strings is actually comparing the strings' references, not their values.", Lang: "en", }, "596": { CweID: "596", - Name: "Incorrect Semantic Object Comparison", - Description: "The software does not correctly compare two objects based on their conceptual content.", + Name: "DEPRECATED: Incorrect Semantic Object Comparison", + Description: "This weakness has been deprecated. It was poorly described and difficult to distinguish from other entries. It was also inappropriate to assign a separate ID solely because of domain-specific considerations. Its closest equivalent is CWE-1023.", ExtendedDescription: "", Lang: "en", }, "597": { CweID: "597", Name: "Use of Wrong Operator in String Comparison", - Description: "The product uses the wrong operator when comparing a string, such as using '==' when the equals() method should be used instead.", - ExtendedDescription: "In Java, using == or != to compare two strings for equality actually compares two objects for equality, not their values. Chances are good that the two references will never be equal. While this weakness often only affects program correctness, if the equality is used for a security decision, it could be leveraged to affect program security.", + Description: `The product uses the wrong operator when comparing a string, such as using "==" when the .equals() method should be used instead.`, + ExtendedDescription: "In Java, using == or != to compare two strings for equality actually compares two objects for equality rather than their string values for equality. Chances are good that the two references will never be equal. While this weakness often only affects program correctness, if the equality is used for a security decision, the unintended comparison result could be leveraged to affect program security.", Lang: "en", }, "598": { CweID: "598", - Name: "Information Exposure Through Query Strings in GET Request", - Description: "The web application uses the GET method to process requests that contain sensitive information, which can expose that information through the browser's history, Referers, web logs, and other sources.", - ExtendedDescription: "", + Name: "Use of GET Request Method With Sensitive Query Strings", + Description: "The web application uses the HTTP GET method to process a request and includes sensitive information in the query string of that request.", + ExtendedDescription: "The query string for the URL could be saved in the browser's history, passed through Referers to other web sites, stored in web logs, or otherwise recorded in other sources. If the query string contains sensitive information such as session identifiers, then attackers can use this information to launch further attacks.", Lang: "en", }, "599": { @@ -3520,7 +5018,7 @@ var CweDictEn = map[string]Cwe{ }, "600": { CweID: "600", - Name: "Uncaught Exception in Servlet", + Name: "Uncaught Exception in Servlet ", Description: "The Servlet does not catch all exceptions, which may reveal sensitive debugging information.", ExtendedDescription: "When a Servlet throws an exception, the default error response the Servlet container sends back to the user typically includes debugging information. This information is of great value to an attacker. For example, a stack trace might show the attacker a malformed SQL query string, the type of database being used, and the version of the application container. This information enables the attacker to target known vulnerabilities in these components.", Lang: "en", @@ -3556,7 +5054,7 @@ var CweDictEn = map[string]Cwe{ "606": { CweID: "606", Name: "Unchecked Input for Loop Condition", - Description: "The product does not properly check inputs that are used for loop conditions, potentially leading to a denial of service because of excessive looping.", + Description: "The product does not properly check inputs that are used for loop conditions, potentially leading to a denial of service or other consequences because of excessive looping.", ExtendedDescription: "", Lang: "en", }, @@ -3597,22 +5095,22 @@ var CweDictEn = map[string]Cwe{ }, "611": { CweID: "611", - Name: "Improper Restriction of XML External Entity Reference ('XXE')", + Name: "Improper Restriction of XML External Entity Reference", Description: "The software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.", ExtendedDescription: "", Lang: "en", }, "612": { CweID: "612", - Name: "Information Exposure Through Indexing of Private Data", - Description: "The product performs an indexing routine against private documents, but does not sufficiently verify that the actors who can access the index also have the privileges to access the private documents.", - ExtendedDescription: "When an indexing routine is applied against a group of private documents, and that index's results are available to outsiders who do not have access to those documents, then outsiders might be able to obtain sensitive information by conducting targeted searches. The risk is especially dangerous if search results include surrounding text that was not part of the search query. This issue can appear in search engines that are not configured (or implemented) to ignore critical files that should remain hidden; even without permissions to download these files directly, the remote user could read them.", + Name: "Improper Authorization of Index Containing Sensitive Information", + Description: "The product creates a search index of private or sensitive documents, but it does not properly limit index access to actors who are authorized to see the original information.", + ExtendedDescription: "Web sites and other document repositories may apply an indexing routine against a group of private documents to facilitate search. If the index's results are available to parties who do not have access to the documents being indexed, then attackers could obtain portions of the documents by conducting targeted searches and reading the results. The risk is especially dangerous if search results include surrounding text that was not part of the search query. This issue can appear in search engines that are not configured (or implemented) to ignore critical files that should remain hidden; even without permissions to download these files directly, the remote user could read them.", Lang: "en", }, "613": { CweID: "613", Name: "Insufficient Session Expiration", - Description: "According to WASC, 'Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.'", + Description: `According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."`, ExtendedDescription: "", Lang: "en", }, @@ -3625,7 +5123,7 @@ var CweDictEn = map[string]Cwe{ }, "615": { CweID: "615", - Name: "Information Exposure Through Comments", + Name: "Inclusion of Sensitive Information in Source Code Comments", Description: "While adding general comments is very useful, some programmers tend to leave important data, such as: filenames related to the web application, old links or links which were not meant to be browsed by users, old code fragments, etc.", ExtendedDescription: "An attacker who finds these comments can map the application's structure and files, expose hidden parts of the site, and study the fragments of code to reverse engineer the application, which may help develop further attacks against the site.", Lang: "en", @@ -3634,7 +5132,7 @@ var CweDictEn = map[string]Cwe{ CweID: "616", Name: "Incomplete Identification of Uploaded File Variables (PHP)", Description: "The PHP application uses an old method for processing uploaded files by referencing the four global variables that are set for each file (e.g. $varname, $varname_size, $varname_name, $varname_type). These variables could be overwritten by attackers, causing the application to process unauthorized files.", - ExtendedDescription: "These global variables could be overwritten by POST requests, cookies, or other methods of populating or overwriting these variables. This could be used to read or process arbitrary files by providing values such as '/etc/passwd'.", + ExtendedDescription: `These global variables could be overwritten by POST requests, cookies, or other methods of populating or overwriting these variables. This could be used to read or process arbitrary files by providing values such as "/etc/passwd".`, Lang: "en", }, "617": { @@ -3654,7 +5152,7 @@ var CweDictEn = map[string]Cwe{ "619": { CweID: "619", Name: "Dangling Database Cursor ('Cursor Injection')", - Description: "If a database cursor is not closed properly, then it could become accessible to other users while retaining the same privileges that were originally assigned, leaving the cursor 'dangling.'", + Description: `If a database cursor is not closed properly, then it could become accessible to other users while retaining the same privileges that were originally assigned, leaving the cursor "dangling."`, ExtendedDescription: "For example, an improper dangling cursor could arise from unhandled exceptions. The impact of the issue depends on the cursor's role, but SQL injection attacks are commonly possible.", Lang: "en", }, @@ -3682,7 +5180,7 @@ var CweDictEn = map[string]Cwe{ "622": { CweID: "622", Name: "Improper Validation of Function Hook Arguments", - Description: "A product adds hooks to user-accessible API functions, but does not properly validate the arguments. This could lead to resultant vulnerabilities.", + Description: "The product adds hooks to user-accessible API functions, but it does not properly validate the arguments. This could lead to resultant vulnerabilities.", ExtendedDescription: "Such hooks can be used in defensive software that runs with privileges, such as anti-virus or firewall, which hooks kernel calls. When the arguments are not validated, they could be used to bypass the protection scheme or attack the product itself.", Lang: "en", }, @@ -3732,7 +5230,7 @@ var CweDictEn = map[string]Cwe{ CweID: "636", Name: "Not Failing Securely ('Failing Open')", Description: "When the product encounters an error condition or failure, its design requires it to fall back to a state that is less secure than other options that are available, such as selecting the weakest encryption algorithm or using the most permissive access control restrictions.", - ExtendedDescription: "By entering a less secure state, the product inherits the weaknesses associated with that state, making it easier to compromise. At the least, it causes administrators to have a false sense of security. This weakness typically occurs as a result of wanting to 'fail functional' to minimize administration and support costs, instead of 'failing safe.'", + ExtendedDescription: `By entering a less secure state, the product inherits the weaknesses associated with that state, making it easier to compromise. At the least, it causes administrators to have a false sense of security. This weakness typically occurs as a result of wanting to "fail functional" to minimize administration and support costs, instead of "failing safe."`, Lang: "en", }, "637": { @@ -3809,7 +5307,7 @@ var CweDictEn = map[string]Cwe{ CweID: "646", Name: "Reliance on File Name or Extension of Externally-Supplied File", Description: "The software allows a file to be uploaded, but it relies on the file name or extension of the file to determine the appropriate behaviors. This could be used by attackers to cause the file to be misclassified and processed in a dangerous fashion.", - ExtendedDescription: "An application might use the file name or extension of of a user-supplied file to determine the proper course of action, such as selecting the correct process to which control should be passed, deciding what data should be made available, or what resources should be allocated. If the attacker can cause the code to misclassify the supplied file, then the wrong action could occur. For example, an attacker could supply a file that ends in a '.php.gif' extension that appears to be a GIF image, but would be processed as PHP code. In extreme cases, code execution is possible, but the attacker could also cause exhaustion of resources, denial of service, exposure of debug or system data (including application source code), or being bound to a particular server side process. This weakness may be due to a vulnerability in any of the technologies used by the web and application servers, due to misconfiguration, or resultant from another flaw in the application itself.", + ExtendedDescription: `An application might use the file name or extension of of a user-supplied file to determine the proper course of action, such as selecting the correct process to which control should be passed, deciding what data should be made available, or what resources should be allocated. If the attacker can cause the code to misclassify the supplied file, then the wrong action could occur. For example, an attacker could supply a file that ends in a ".php.gif" extension that appears to be a GIF image, but would be processed as PHP code. In extreme cases, code execution is possible, but the attacker could also cause exhaustion of resources, denial of service, exposure of debug or system data (including application source code), or being bound to a particular server side process. This weakness may be due to a vulnerability in any of the technologies used by the web and application servers, due to misconfiguration, or resultant from another flaw in the application itself.`, Lang: "en", }, "647": { @@ -3830,7 +5328,7 @@ var CweDictEn = map[string]Cwe{ CweID: "649", Name: "Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking", Description: "The software uses obfuscation or encryption of inputs that should not be mutable by an external actor, but the software does not use integrity checks to detect if those inputs have been modified.", - ExtendedDescription: "When an application relies on obfuscation or incorrectly applied / weak encryption to protect client-controllable tokens or parameters, that may have an effect on the user state, system state, or some decision made on the server. Without protecting the tokens/parameters for integrity, the application is vulnerable to an attack where an adversary blindly traverses the space of possible values of the said token/parameter in order to attempt to gain an advantage. The goal of the attacker is to find another admissible value that will somehow elevate their privileges in the system, disclose information or change the behavior of the system in some way beneficial to the attacker. If the application does not protect these critical tokens/parameters for integrity, it will not be able to determine that these values have been tampered with. Measures that are used to protect data for confidentiality should not be relied upon to provide the integrity service.", + ExtendedDescription: "When an application relies on obfuscation or incorrectly applied / weak encryption to protect client-controllable tokens or parameters, that may have an effect on the user state, system state, or some decision made on the server. Without protecting the tokens/parameters for integrity, the application is vulnerable to an attack where an adversary traverses the space of possible values of the said token/parameter in order to attempt to gain an advantage. The goal of the attacker is to find another admissible value that will somehow elevate their privileges in the system, disclose information or change the behavior of the system in some way beneficial to the attacker. If the application does not protect these critical tokens/parameters for integrity, it will not be able to determine that these values have been tampered with. Measures that are used to protect data for confidentiality should not be relied upon to provide the integrity service.", Lang: "en", }, "65": { @@ -3849,7 +5347,7 @@ var CweDictEn = map[string]Cwe{ }, "651": { CweID: "651", - Name: "Information Exposure Through WSDL File", + Name: "Exposure of WSDL File Containing Sensitive Information", Description: "The Web services architecture may require exposing a Web Service Definition Language (WSDL) file that contains information on the publicly accessible services and how callers of these services should interact with them (e.g. what parameters they expect and what types they return).", ExtendedDescription: "", Lang: "en", @@ -3863,8 +5361,8 @@ var CweDictEn = map[string]Cwe{ }, "653": { CweID: "653", - Name: "Insufficient Compartmentalization", - Description: "The product does not sufficiently compartmentalize functionality or processes that require different privilege levels, rights, or permissions.", + Name: "Improper Isolation or Compartmentalization", + Description: "The product does not properly compartmentalize or isolate functionality, processes, or resources that require different privilege levels, rights, or permissions.", ExtendedDescription: "When a weakness occurs in functionality that is accessible by lower-privileged users, then without strong boundaries, an attack might extend the scope of the damage to higher-privileged users.", Lang: "en", }, @@ -3886,7 +5384,7 @@ var CweDictEn = map[string]Cwe{ CweID: "656", Name: "Reliance on Security Through Obscurity", Description: "The software uses a protection mechanism whose strength depends heavily on its obscurity, such that knowledge of its algorithms or key data is sufficient to defeat the mechanism.", - ExtendedDescription: "This reliance on 'security through obscurity' can produce resultant weaknesses if an attacker is able to reverse engineer the inner workings of the mechanism. Note that obscurity can be one small part of defense in depth, since it can create more work for an attacker; however, it is a significant risk if used as the primary means of protection.", + ExtendedDescription: `This reliance on "security through obscurity" can produce resultant weaknesses if an attacker is able to reverse engineer the inner workings of the mechanism. Note that obscurity can be one small part of defense in depth, since it can create more work for an attacker; however, it is a significant risk if used as the primary means of protection.`, Lang: "en", }, "657": { @@ -3899,14 +5397,14 @@ var CweDictEn = map[string]Cwe{ "66": { CweID: "66", Name: "Improper Handling of File Names that Identify Virtual Resources", - Description: "The product does not handle or incorrectly handles a file name that identifies a 'virtual' resource that is not directly specified within the directory that is associated with the file name, causing the product to perform file-based operations on a resource that is not a file.", + Description: `The product does not handle or incorrectly handles a file name that identifies a "virtual" resource that is not directly specified within the directory that is associated with the file name, causing the product to perform file-based operations on a resource that is not a file.`, ExtendedDescription: "Virtual file names are represented like normal file names, but they are effectively aliases for other resources that do not behave like normal files. Depending on their functionality, they could be alternate entities. They are not necessarily listed in directories.", Lang: "en", }, "662": { CweID: "662", Name: "Improper Synchronization", - Description: "The software attempts to use a shared resource in an exclusive manner, but does not prevent or incorrectly prevents use of the resource by another thread or process.", + Description: "The software utilizes multiple threads or processes to allow temporary access to a shared resource that can only be exclusive to one process at a time, but it does not properly synchronize these actions, which might cause simultaneous accesses of this resource by multiple threads or processes.", ExtendedDescription: "", Lang: "en", }, @@ -3941,7 +5439,7 @@ var CweDictEn = map[string]Cwe{ "667": { CweID: "667", Name: "Improper Locking", - Description: "The software does not properly acquire a lock on a resource, or it does not properly release a lock on a resource, leading to unexpected resource state changes and behaviors.", + Description: "The software does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.", ExtendedDescription: "", Lang: "en", }, @@ -3997,13 +5495,13 @@ var CweDictEn = map[string]Cwe{ "674": { CweID: "674", Name: "Uncontrolled Recursion", - Description: "The product does not properly control the amount of recursion that takes place, which consumes excessive resources, such as allocated memory or the program stack.", + Description: "The product does not properly control the amount of recursion which takes place, consuming excessive resources, such as allocated memory or the program stack.", ExtendedDescription: "", Lang: "en", }, "675": { CweID: "675", - Name: "Duplicate Operations on Resource", + Name: "Multiple Operations on Resource in Single-Operation Context", Description: "The product performs the same operation on a resource two or more times, when the operation should only be applied once.", ExtendedDescription: "", Lang: "en", @@ -4108,16 +5606,16 @@ var CweDictEn = map[string]Cwe{ }, "692": { CweID: "692", - Name: "Incomplete Blacklist to Cross-Site Scripting", - Description: "The product uses a blacklist-based protection mechanism to defend against XSS attacks, but the blacklist is incomplete, allowing XSS variants to succeed.", - ExtendedDescription: "While XSS might seem simple to prevent, web browsers vary so widely in how they parse web pages, that a blacklist cannot keep track of all the variations. The 'XSS Cheat Sheet' [REF-564] contains a large number of attacks that are intended to bypass incomplete blacklists.", + Name: "Incomplete Denylist to Cross-Site Scripting", + Description: "The product uses a denylist-based protection mechanism to defend against XSS attacks, but the denylist is incomplete, allowing XSS variants to succeed.", + ExtendedDescription: `While XSS might seem simple to prevent, web browsers vary so widely in how they parse web pages, that a denylist cannot keep track of all the variations. The "XSS Cheat Sheet" [REF-714] contains a large number of attacks that are intended to bypass incomplete denylists.`, Lang: "en", }, "693": { CweID: "693", Name: "Protection Mechanism Failure", Description: "The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.", - ExtendedDescription: "This weakness covers three distinct situations. A 'missing' protection mechanism occurs when the application does not define any mechanism against a certain class of attack. An 'insufficient' protection mechanism might provide some defenses - for example, against the most common attacks - but it does not protect against everything that is intended. Finally, an 'ignored' mechanism occurs when a mechanism is available and in active use within the product, but the developer has not applied it in some code path.", + ExtendedDescription: `This weakness covers three distinct situations. A "missing" protection mechanism occurs when the application does not define any mechanism against a certain class of attack. An "insufficient" protection mechanism might provide some defenses - for example, against the most common attacks - but it does not protect against everything that is intended. Finally, an "ignored" mechanism occurs when a mechanism is available and in active use within the product, but the developer has not applied it in some code path.`, Lang: "en", }, "694": { @@ -4137,14 +5635,14 @@ var CweDictEn = map[string]Cwe{ "696": { CweID: "696", Name: "Incorrect Behavior Order", - Description: "The software performs multiple related behaviors, but the behaviors are performed in the wrong order in ways which may produce resultant weaknesses.", + Description: "The product performs multiple related behaviors, but the behaviors are performed in the wrong order in ways which may produce resultant weaknesses.", ExtendedDescription: "", Lang: "en", }, "697": { CweID: "697", - Name: "Insufficient Comparison", - Description: "The software compares two entities in a security-relevant context, but the comparison is insufficient, which may lead to resultant weaknesses.", + Name: "Incorrect Comparison", + Description: "The software compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses.", ExtendedDescription: "", Lang: "en", }, @@ -4172,7 +5670,7 @@ var CweDictEn = map[string]Cwe{ "704": { CweID: "704", Name: "Incorrect Type Conversion or Cast", - Description: "The software does not correctly convert an object, resource or structure from one type to a different type.", + Description: "The software does not correctly convert an object, resource, or structure from one type to a different type.", ExtendedDescription: "", Lang: "en", }, @@ -4192,8 +5690,8 @@ var CweDictEn = map[string]Cwe{ }, "707": { CweID: "707", - Name: "Improper Enforcement of Message or Data Structure", - Description: "The software does not enforce or incorrectly enforces that structured messages or data are well-formed before being read from an upstream component or sent to a downstream component.", + Name: "Improper Neutralization", + Description: "The product does not ensure or incorrectly ensures that structured messages or data are well-formed and that certain security properties are met before being read from an upstream component or sent to a downstream component.", ExtendedDescription: "", Lang: "en", }, @@ -4235,14 +5733,14 @@ var CweDictEn = map[string]Cwe{ "732": { CweID: "732", Name: "Incorrect Permission Assignment for Critical Resource", - Description: "The software specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.", + Description: "The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.", ExtendedDescription: "When a resource is given a permissions setting that provides access to a wider range of actors than required, it could lead to the exposure of sensitive information, or the modification of that resource by unintended parties. This is especially dangerous when the resource is related to program configuration, execution or sensitive user data.", Lang: "en", }, "733": { CweID: "733", Name: "Compiler Optimization Removal or Modification of Security-critical Code", - Description: "The developer builds a security-critical protection mechanism into the software but the compiler optimizes the program such that the mechanism is removed or modified.", + Description: "The developer builds a security-critical protection mechanism into the software, but the compiler optimizes the program such that the mechanism is removed or modified.", ExtendedDescription: "", Lang: "en", }, @@ -4270,7 +5768,7 @@ var CweDictEn = map[string]Cwe{ "754": { CweID: "754", Name: "Improper Check for Unusual or Exceptional Conditions", - Description: "The software does not check or improperly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the software.", + Description: "The software does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the software.", ExtendedDescription: "", Lang: "en", }, @@ -4313,7 +5811,7 @@ var CweDictEn = map[string]Cwe{ CweID: "76", Name: "Improper Neutralization of Equivalent Special Elements", Description: "The software properly neutralizes certain special elements, but it improperly neutralizes equivalent special elements.", - ExtendedDescription: "The software may have a fixed list of special characters it believes is complete. However, there may be alternate encodings, or representations that also have the same meaning. For example, the software may filter out a leading slash (/) to prevent absolute path names, but does not account for a tilde (~) followed by a user name, which on some *nix systems could be expanded to an absolute pathname. Alternately, the software might filter a dangerous '-e' command-line switch when calling an external program, but it might not account for '--exec' or other switches that have the same semantics.", + ExtendedDescription: `The software may have a fixed list of special characters it believes is complete. However, there may be alternate encodings, or representations that also have the same meaning. For example, the software may filter out a leading slash (/) to prevent absolute path names, but does not account for a tilde (~) followed by a user name, which on some *nix systems could be expanded to an absolute pathname. Alternately, the software might filter a dangerous "-e" command-line switch when calling an external program, but it might not account for "--exec" or other switches that have the same semantics.`, Lang: "en", }, "760": { @@ -4360,8 +5858,8 @@ var CweDictEn = map[string]Cwe{ }, "766": { CweID: "766", - Name: "Critical Variable Declared Public", - Description: "The software declares a critical variable or field to be public when intended security policy requires it to be private.", + Name: "Critical Data Element Declared Public", + Description: "The software declares a critical variable, field, or member to be public when intended security policy requires it to be private.", ExtendedDescription: "", Lang: "en", }, @@ -4381,8 +5879,8 @@ var CweDictEn = map[string]Cwe{ }, "769": { CweID: "769", - Name: "Uncontrolled File Descriptor Consumption", - Description: "The software does not properly limit the number of open file descriptors that it uses.", + Name: "DEPRECATED: Uncontrolled File Descriptor Consumption", + Description: "This entry has been deprecated because it was a duplicate of CWE-774. All content has been transferred to CWE-774.", ExtendedDescription: "", Lang: "en", }, @@ -4396,7 +5894,7 @@ var CweDictEn = map[string]Cwe{ "770": { CweID: "770", Name: "Allocation of Resources Without Limits or Throttling", - Description: "The software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on how many resources can be allocated, in violation of the intended security policy for that actor.", + Description: "The software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.", ExtendedDescription: "", Lang: "en", }, @@ -4411,7 +5909,7 @@ var CweDictEn = map[string]Cwe{ CweID: "772", Name: "Missing Release of Resource after Effective Lifetime", Description: "The software does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.", - ExtendedDescription: "When a resource is not released after use, it can allow attackers to cause a denial of service.", + ExtendedDescription: "When a resource is not released after use, it can allow attackers to cause a denial of service by causing the allocation of resources without triggering their release. Frequently-affected resources include memory, CPU, disk space, power or battery, etc.", Lang: "en", }, "773": { @@ -4446,7 +5944,7 @@ var CweDictEn = map[string]Cwe{ CweID: "777", Name: "Regular Expression without Anchors", Description: "The software uses a regular expression to perform neutralization, but the regular expression is not anchored and may allow malicious or malformed data to slip through.", - ExtendedDescription: "When performing tasks such as whitelist validation, data is examined and possibly modified to ensure that it is well-formed and adheres to a list of safe values. If the regular expression is not anchored, malicious or malformed data may be included before or after any string matching the regular expression. The type of malicious data that is allowed will depend on the context of the application and which anchors are omitted from the regular expression.", + ExtendedDescription: "When performing tasks such as validating against a set of allowed inputs (allowlist), data is examined and possibly modified to ensure that it is well-formed and adheres to a list of safe values. If the regular expression is not anchored, malicious or malformed data may be included before or after any string matching the regular expression. The type of malicious data that is allowed will depend on the context of the application and which anchors are omitted from the regular expression.", Lang: "en", }, "778": { @@ -4523,7 +6021,7 @@ var CweDictEn = map[string]Cwe{ CweID: "787", Name: "Out-of-bounds Write", Description: "The software writes data past the end, or before the beginning, of the intended buffer.", - ExtendedDescription: "This typically occurs when the pointer or its index is incremented or decremented to a position beyond the bounds of the buffer or when pointer arithmetic results in a position outside of the valid memory location to name a few. This may result in corruption of sensitive information, a crash, or code execution among other things.", + ExtendedDescription: "Typically, this can result in corruption of data, a crash, or code execution. The software may modify an index or perform pointer arithmetic that references a memory location that is outside of the boundaries of the buffer. A subsequent write operation then produces undefined or unexpected results.", Lang: "en", }, "788": { @@ -4535,8 +6033,8 @@ var CweDictEn = map[string]Cwe{ }, "789": { CweID: "789", - Name: "Uncontrolled Memory Allocation", - Description: "The product allocates memory based on an untrusted size value, but it does not validate or incorrectly validates the size, allowing arbitrary amounts of memory to be allocated.", + Name: "Memory Allocation with Excessive Size Value", + Description: "The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.", ExtendedDescription: "", Lang: "en", }, @@ -4592,14 +6090,14 @@ var CweDictEn = map[string]Cwe{ "796": { CweID: "796", Name: "Only Filtering Special Elements Relative to a Marker", - Description: "The software receives data from an upstream component, but only accounts for special elements positioned relative to a marker (e.g. 'at the beginning/end of a string; the second argument'), thereby missing remaining special elements that may exist before sending it to a downstream component.", + Description: `The software receives data from an upstream component, but only accounts for special elements positioned relative to a marker (e.g. "at the beginning/end of a string; the second argument"), thereby missing remaining special elements that may exist before sending it to a downstream component.`, ExtendedDescription: "", Lang: "en", }, "797": { CweID: "797", Name: "Only Filtering Special Elements at an Absolute Position", - Description: "The software receives data from an upstream component, but only accounts for special elements at an absolute position (e.g. 'byte number 10'), thereby missing remaining special elements that may exist before sending it to a downstream component.", + Description: `The software receives data from an upstream component, but only accounts for special elements at an absolute position (e.g. "byte number 10"), thereby missing remaining special elements that may exist before sending it to a downstream component.`, ExtendedDescription: "", Lang: "en", }, @@ -4627,7 +6125,7 @@ var CweDictEn = map[string]Cwe{ "80": { CweID: "80", Name: "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)", - Description: "The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as '<', '>', and '&' that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages.", + Description: `The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages.`, ExtendedDescription: "This may allow such characters to be treated as control characters, which are executed client-side in the context of the user's session. Although this can be classified as an injection problem, the more pertinent issue is the improper conversion of such special characters to respective context-appropriate entities before displaying them to the user.", Lang: "en", }, @@ -4683,7 +6181,7 @@ var CweDictEn = map[string]Cwe{ "821": { CweID: "821", Name: "Incorrect Synchronization", - Description: "The software utilizes a shared resource in a concurrent manner but it does not correctly synchronize access to the resource.", + Description: "The software utilizes a shared resource in a concurrent manner, but it does not correctly synchronize access to the resource.", ExtendedDescription: "If access to a shared resource is not correctly synchronized, then the resource may not be in a state that is expected by the software. This might lead to unexpected or insecure behaviors, especially if an attacker can influence the shared resource.", Lang: "en", }, @@ -4746,7 +6244,7 @@ var CweDictEn = map[string]Cwe{ "83": { CweID: "83", Name: "Improper Neutralization of Script in Attributes in a Web Page", - Description: "The software does not neutralize or incorrectly neutralizes 'javascript:' or other URIs from dangerous attributes within tags, such as onmouseover, onload, onerror, or style.", + Description: `The software does not neutralize or incorrectly neutralizes "javascript:" or other URIs from dangerous attributes within tags, such as onmouseover, onload, onerror, or style.`, ExtendedDescription: "", Lang: "en", }, @@ -4803,7 +6301,7 @@ var CweDictEn = map[string]Cwe{ CweID: "837", Name: "Improper Enforcement of a Single, Unique Action", Description: "The software requires that an actor should only be able to perform an action once, or to have only one unique action, but the software does not enforce or improperly enforces this restriction.", - ExtendedDescription: "In various applications, a user is only expected to perform a certain action once, such as voting, requesting a refund, or making a purchase. When this restriction is not enforced, sometimes this can have security implications. For example, in a voting application, an attacker could attempt to 'stuff the ballot box' by voting multiple times. If these votes are counted separately, then the attacker could directly affect who wins the vote. This could have significant business impact depending on the purpose of the software.", + ExtendedDescription: `In various applications, a user is only expected to perform a certain action once, such as voting, requesting a refund, or making a purchase. When this restriction is not enforced, sometimes this can have security implications. For example, in a voting application, an attacker could attempt to "stuff the ballot box" by voting multiple times. If these votes are counted separately, then the attacker could directly affect who wins the vote. This could have significant business impact depending on the purpose of the software.`, Lang: "en", }, "838": { @@ -4816,7 +6314,7 @@ var CweDictEn = map[string]Cwe{ "839": { CweID: "839", Name: "Numeric Range Comparison Without Minimum Check", - Description: "The program checks a value to ensure that it does not exceed a maximum, but it does not verify that the value exceeds the minimum.", + Description: "The program checks a value to ensure that it is less than or equal to a maximum, but it does not also verify that the value is greater than or equal to the minimum.", ExtendedDescription: "", Lang: "en", }, @@ -4859,7 +6357,7 @@ var CweDictEn = map[string]Cwe{ CweID: "86", Name: "Improper Neutralization of Invalid Characters in Identifiers in Web Pages", Description: "The software does not neutralize or incorrectly neutralizes invalid characters or byte sequences in the middle of tag names, URI schemes, and other identifiers.", - ExtendedDescription: "Some web browsers may remove these sequences, resulting in output that may have unintended control implications. For example, the software may attempt to remove a 'javascript:' URI scheme, but a 'java%00script:' URI may bypass this check and still be rendered as active javascript by some browsers, allowing XSS or other attacks.", + ExtendedDescription: `Some web browsers may remove these sequences, resulting in output that may have unintended control implications. For example, the software may attempt to remove a "javascript:" URI scheme, but a "java%00script:" URI may bypass this check and still be rendered as active javascript by some browsers, allowing XSS or other attacks.`, Lang: "en", }, "862": { @@ -4885,8 +6383,8 @@ var CweDictEn = map[string]Cwe{ }, "88": { CweID: "88", - Name: "Argument Injection or Modification", - Description: "The software does not sufficiently delimit the arguments being passed to a component in another control sphere, allowing alternate arguments to be provided, leading to potentially security-relevant changes.", + Name: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", + Description: "The software constructs a string for a command to executed by a separate componentin another control sphere, but it does not properly delimit theintended arguments, options, or switches within that command string.", ExtendedDescription: "", Lang: "en", }, @@ -4914,8 +6412,8 @@ var CweDictEn = map[string]Cwe{ "908": { CweID: "908", Name: "Use of Uninitialized Resource", - Description: "The software uses a resource that has not been properly initialized.", - ExtendedDescription: "This can have security implications when the associated resource is expected to have certain properties or values.", + Description: "The software uses or accesses a resource that has not been initialized.", + ExtendedDescription: "When a resource has not been properly initialized, the software may behave unexpectedly. This may lead to a crash or invalid memory access, but the consequences vary depending on the type of resource and how it is used within the software.", Lang: "en", }, "909": { @@ -4929,7 +6427,7 @@ var CweDictEn = map[string]Cwe{ CweID: "91", Name: "XML Injection (aka Blind XPath Injection)", Description: "The software does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system.", - ExtendedDescription: "Within XML, special elements could include reserved words or characters such as '<', '>', ''', and '&', which could then be used to add new data or modify XML syntax.", + ExtendedDescription: `Within XML, special elements could include reserved words or characters such as "<", ">", """, and "&", which could then be used to add new data or modify XML syntax.`, Lang: "en", }, "910": { @@ -4950,7 +6448,7 @@ var CweDictEn = map[string]Cwe{ CweID: "912", Name: "Hidden Functionality", Description: "The software contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is obvious to the software's users or administrators.", - ExtendedDescription: "Hidden functionality can take many forms, such as intentionally malicious code, 'Easter Eggs' that contain extraneous functionality such as games, developer-friendly shortcuts that reduce maintenance or support costs such as hard-coded accounts, etc. From a security perspective, even when the functionality is not intentionally malicious or damaging, it can increase the software's attack surface and expose additional weaknesses beyond what is already exposed by the intended functionality. Even if it is not easily accessible, the hidden functionality could be useful for attacks that modify the control flow of the application.", + ExtendedDescription: `Hidden functionality can take many forms, such as intentionally malicious code, "Easter Eggs" that contain extraneous functionality such as games, developer-friendly shortcuts that reduce maintenance or support costs such as hard-coded accounts, etc. From a security perspective, even when the functionality is not intentionally malicious or damaging, it can increase the software's attack surface and expose additional weaknesses beyond what is already exposed by the intended functionality. Even if it is not easily accessible, the hidden functionality could be useful for attacks that modify the control flow of the application.`, Lang: "en", }, "913": { @@ -4998,7 +6496,7 @@ var CweDictEn = map[string]Cwe{ "92": { CweID: "92", Name: "DEPRECATED: Improper Sanitization of Custom Special Characters", - Description: "This entry has been deprecated. It originally came from PLOVER, which sometimes defined 'other' and 'miscellaneous' categories in order to satisfy exhaustiveness requirements for taxonomies. Within the context of CWE, the use of a more abstract entry is preferred in mapping situations. CWE-75 is a more appropriate mapping.", + Description: `This entry has been deprecated. It originally came from PLOVER, which sometimes defined "other" and "miscellaneous" categories in order to satisfy exhaustiveness requirements for taxonomies. Within the context of CWE, the use of a more abstract entry is preferred in mapping situations. CWE-75 is a more appropriate mapping.`, ExtendedDescription: "", Lang: "en", }, @@ -5034,7 +6532,7 @@ var CweDictEn = map[string]Cwe{ CweID: "924", Name: "Improper Enforcement of Message Integrity During Transmission in a Communication Channel", Description: "The software establishes a communication channel with an endpoint and receives a message from that endpoint, but it does not sufficiently ensure that the message was not modified during transmission.", - ExtendedDescription: "A man-in-the-middle (MITM) attacker might be able to modify the message and spoof the endpoint.", + ExtendedDescription: "Attackers might be able to modify the message and spoof the endpoint by interfering with the data as it crosses the network or by redirecting the connection to a system under their control.", Lang: "en", }, "925": { @@ -5095,7 +6593,7 @@ var CweDictEn = map[string]Cwe{ }, "942": { CweID: "942", - Name: "Overly Permissive Cross-domain Whitelist", + Name: "Permissive Cross-domain Policy with Untrusted Domains", Description: "The software uses a cross-domain policy file that includes domains that should not be trusted.", ExtendedDescription: "", Lang: "en", @@ -5110,7 +6608,7 @@ var CweDictEn = map[string]Cwe{ "95": { CweID: "95", Name: "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", - Description: "The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call (e.g. 'eval').", + Description: `The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call (e.g. "eval").`, ExtendedDescription: "This may allow an attacker to execute arbitrary code, or at least modify what code can be executed.", Lang: "en", }, @@ -5131,7 +6629,7 @@ var CweDictEn = map[string]Cwe{ "98": { CweID: "98", Name: "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", - Description: "The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in 'require,' 'include,' or similar functions.", + Description: `The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.`, ExtendedDescription: "In certain versions and configurations of PHP, this can allow an attacker to specify a URL to a remote location from which the software will obtain the code to execute. In other cases in association with path traversal, the attacker can specify a local file that may contain executable statements that can be parsed by PHP.", Lang: "en", }, diff --git a/cwe/ja.go b/cwe/ja.go index 2e23e3ca..4b1d7dc8 100644 --- a/cwe/ja.go +++ b/cwe/ja.go @@ -2,331 +2,23 @@ package cwe // CweDictJa is the Cwe dictionary var CweDictJa = map[string]Cwe{ - "119": { - CweID: "119", - Name: "バッファエラー(CWE-119)", + "669": { + CweID: "669", + Name: "領域間での誤ったリソース移動(CWE-669)", Description: "", ExtendedDescription: "", Lang: "ja", }, - "20": { - CweID: "20", - Name: "不適切な入力確認(CWE-20)", + "405": { + CweID: "405", + Name: "非対称のリソース消費に関する脆弱性(CWE-405)", Description: "", ExtendedDescription: "", Lang: "ja", }, - "264": { - CweID: "264", - Name: "認可・権限・アクセス制御(CWE-264)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "362": { - CweID: "362", - Name: "競合状態(CWE-362)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "59": { - CweID: "59", - Name: "リンク解釈の問題(CWE-59)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "310": { - CweID: "310", - Name: "暗号の問題(CWE-310)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "288": { - CweID: "288", - Name: "代替パスまたはチャネルを使用した認証回避(CWE-288)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "384": { - CweID: "384", - Name: "セッションの固定化(CWE-384)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "89": { - CweID: "89", - Name: "SQLインジェクション(CWE-89)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "74": { - CweID: "74", - Name: "インジェクション(CWE-74)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "79": { - CweID: "79", - Name: "クロスサイトスクリプティング(CWE-79)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "601": { - CweID: "601", - Name: "オープンリダイレクト(CWE-601)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "352": { - CweID: "352", - Name: "クロスサイトリクエストフォージェリ(CWE-352)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "200": { - CweID: "200", - Name: "情報漏えい(CWE-200)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "285": { - CweID: "285", - Name: "不適切な認可(CWE-285)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "77": { - CweID: "77", - Name: "コマンドインジェクション(CWE-77)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "611": { - CweID: "611", - Name: "XML 外部エンティティ参照の不適切な制限(CWE-611)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "noinfo": { - CweID: "noinfo", - Name: "情報不足(CWE-noinfo)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "284": { - CweID: "284", - Name: "不適切なアクセス制御(CWE-284)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "190": { - CweID: "190", - Name: "整数オーバーフローまたはラップアラウンド(CWE-190)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "129": { - CweID: "129", - Name: "配列インデックスの不適切な検証(CWE-129)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "416": { - CweID: "416", - Name: "解放済みメモリの使用(CWE-416)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "918": { - CweID: "918", - Name: "サーバサイドのリクエストフォージェリ(CWE-918)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "22": { - CweID: "22", - Name: "パス・トラバーサル(CWE-22)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "78": { - CweID: "78", - Name: "OSコマンドインジェクション(CWE-78)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "287": { - CweID: "287", - Name: "不適切な認証(CWE-287)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "254": { - CweID: "254", - Name: "セキュリティ機能(CWE-254)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "798": { - CweID: "798", - Name: "ハードコードされた認証情報の使用(CWE-798)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "415": { - CweID: "415", - Name: "二重解放(CWE-415)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "399": { - CweID: "399", - Name: "リソース管理の問題(CWE-399)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "125": { - CweID: "125", - Name: "境界外読み取り(CWE-125)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "434": { - CweID: "434", - Name: "危険なタイプのファイルの無制限アップロード(CWE-434)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "295": { - CweID: "295", - Name: "不正な証明書検証(CWE-295)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "16": { - CweID: "16", - Name: "環境設定(CWE-16)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "172": { - CweID: "172", - Name: "エンコーディングエラー(CWE-172)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "134": { - CweID: "134", - Name: "書式文字列の問題(CWE-134)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "255": { - CweID: "255", - Name: "証明書・パスワードの管理(CWE-255)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "476": { - CweID: "476", - Name: "NULL ポインタデリファレンス(CWE-476)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "787": { - CweID: "787", - Name: "境界外書き込み(CWE-787)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "275": { - CweID: "275", - Name: "パーミッションの問題(CWE-275)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "502": { - CweID: "502", - Name: "信頼性のないデータのデシリアライゼーション(CWE-502)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "19": { - CweID: "19", - Name: "データ処理(CWE-19)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "94": { - CweID: "94", - Name: "コード・インジェクション(CWE-94)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "189": { - CweID: "189", - Name: "数値処理の問題(CWE-189)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "121": { - CweID: "121", - Name: "スタックベースのバッファオーバーフロー(CWE-121)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "326": { - CweID: "326", - Name: "不適切な暗号強度(CWE-326)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "532": { - CweID: "532", - Name: "ログファイルからの情報漏えい(CWE-532)", + "912": { + CweID: "912", + Name: "非公開の機能(CWE-912)", Description: "", ExtendedDescription: "", Lang: "ja", @@ -338,6 +30,20 @@ var CweDictJa = map[string]Cwe{ ExtendedDescription: "", Lang: "ja", }, + "539": { + CweID: "539", + Name: "重要情報を含む永続 Cookie の使用(CWE-539)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "642": { + CweID: "642", + Name: "重要な状態データの外部制御(CWE-642)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, "306": { CweID: "306", Name: "重要な機能に対する認証の欠如(CWE-306)", @@ -345,170 +51,296 @@ var CweDictJa = map[string]Cwe{ ExtendedDescription: "", Lang: "ja", }, - "754": { - CweID: "754", - Name: "例外的な状態における不適切なチェック(CWE-754)", + "312": { + CweID: "312", + Name: "重要な情報の平文保存(CWE-312)", Description: "", ExtendedDescription: "", Lang: "ja", }, - "613": { - CweID: "613", - Name: "不適切なセッション期限(CWE-613)", + "319": { + CweID: "319", + Name: "重要な情報の平文での送信(CWE-319)", Description: "", ExtendedDescription: "", Lang: "ja", }, - "400": { - CweID: "400", - Name: "リソースの枯渇(CWE-400)", + "922": { + CweID: "922", + Name: "重要な情報のセキュアでない格納(CWE-922)", Description: "", ExtendedDescription: "", Lang: "ja", }, - "228": { - CweID: "228", - Name: "不正な構文構造の不適切な処理(CWE-228)", + "732": { + CweID: "732", + Name: "重要なリソースに対する不適切なパーミッションの割り当て(CWE-732)", Description: "", ExtendedDescription: "", Lang: "ja", }, - "428": { - CweID: "428", - Name: "引用されない検索パスまたは要素(CWE-428)", + "311": { + CweID: "311", + Name: "重要なデータの暗号化の欠如(CWE-311)", Description: "", ExtendedDescription: "", Lang: "ja", }, - "184": { - CweID: "184", - Name: "不完全なブラックリスト(CWE-184)", + "129": { + CweID: "129", + Name: "配列インデックスの不適切な検証(CWE-129)", Description: "", ExtendedDescription: "", Lang: "ja", }, - "426": { - CweID: "426", - Name: "信頼性のない検索パス(CWE-426)", + "645": { + CweID: "645", + Name: "過度に制限されたアカウントロックアウトメカニズム(CWE-645)", Description: "", ExtendedDescription: "", Lang: "ja", }, - "347": { - CweID: "347", - Name: "デジタル署名の不適切な検証(CWE-347)", + "307": { + CweID: "307", + Name: "過度な認証試行の不適切な制限(CWE-307)", Description: "", ExtendedDescription: "", Lang: "ja", }, - "345": { - CweID: "345", - Name: "データの信頼性についての不十分な検証(CWE-345)", + "834": { + CweID: "834", + Name: "過度なイテレーション(CWE-834)", Description: "", ExtendedDescription: "", Lang: "ja", }, - "388": { - CweID: "388", - Name: "エラー処理(CWE-388)", + "789": { + CweID: "789", + Name: "過剰なサイズ値のメモリ割り当て(CWE-789)", Description: "", ExtendedDescription: "", Lang: "ja", }, - "704": { - CweID: "704", - Name: "不正な型変換またはキャスト(CWE-704)", + "924": { + CweID: "924", + Name: "通信チャネルで送信中のメッセージの整合性への不適切な強制(CWE-924)", Description: "", ExtendedDescription: "", Lang: "ja", }, - "369": { - CweID: "369", - Name: "ゼロ除算(CWE-369)", + "201": { + CweID: "201", + Name: "送信データへの重要な情報の挿入(CWE-201)", Description: "", ExtendedDescription: "", Lang: "ja", }, - "122": { - CweID: "122", - Name: "ヒープベースのバッファオーバーフロー(CWE-122)", + "706": { + CweID: "706", + Name: "誤って解決された名前や参照の使用(CWE-706)", Description: "", ExtendedDescription: "", Lang: "ja", }, - "824": { - CweID: "824", - Name: "初期化されていないポインタのアクセス(CWE-824)", + "668": { + CweID: "668", + Name: "誤った領域へのリソースの漏えい(CWE-668)", Description: "", ExtendedDescription: "", Lang: "ja", }, - "822": { - CweID: "822", - Name: "信頼性のないポインタデリファレンス(CWE-822)", + "256": { + CweID: "256", + Name: "認証情報の平文保存(CWE-256)", Description: "", ExtendedDescription: "", Lang: "ja", }, - "90": { - CweID: "90", - Name: "LDAP インジェクション(CWE-90)", + "523": { + CweID: "523", + Name: "認証情報の保護しない転送(CWE-523)", Description: "", ExtendedDescription: "", Lang: "ja", }, - "nocwe": { - CweID: "nocwe", - Name: "CWE以外(CWE-nocwe)", + "522": { + CweID: "522", + Name: "認証情報の不十分な保護(CWE-522)", Description: "", ExtendedDescription: "", Lang: "ja", }, - "330": { - CweID: "330", - Name: "不十分なランダム値の使用(CWE-330)", + "302": { + CweID: "302", + Name: "認証回避の脆弱性(CWE-302)", Description: "", ExtendedDescription: "", Lang: "ja", }, - "91": { - CweID: "91", - Name: "ブラインド XPath インジェクション(CWE-91)", + "303": { + CweID: "303", + Name: "認証アルゴリズムの不適切な実装(CWE-303)", Description: "", ExtendedDescription: "", Lang: "ja", }, - "404": { - CweID: "404", - Name: "リソースの不適切なシャットダウンおよびリリース(CWE-404)", + "862": { + CweID: "862", + Name: "認証の欠如(CWE-862)", Description: "", ExtendedDescription: "", Lang: "ja", }, - "327": { - CweID: "327", - Name: "不完全、または危険な暗号アルゴリズムの使用(CWE-327)", + "264": { + CweID: "264", + Name: "認可・権限・アクセス制御(CWE-264)", Description: "", ExtendedDescription: "", Lang: "ja", }, - "441": { - CweID: "441", - Name: "フィルタリング回避(CWE-441)", + "497": { + CweID: "497", + Name: "認可されていない制御領域への重要情報の漏えい(CWE-497)", Description: "", ExtendedDescription: "", Lang: "ja", }, - "294": { - CweID: "294", - Name: "Capture-replay による認証回避(CWE-294)", + "359": { + CweID: "359", + Name: "認可されていないアクターへの個人情報の漏えい(CWE-359)", Description: "", ExtendedDescription: "", Lang: "ja", }, - "821": { - CweID: "821", - Name: "不正な同期(CWE-821)", + "299": { + CweID: "299", + Name: "証明書失効の不適切なチェック(CWE-299)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "255": { + CweID: "255", + Name: "証明書・パスワードの管理(CWE-255)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "DesignError": { + CweID: "DesignError", + Name: "設計上の問題(CWE-DesignError)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "260": { + CweID: "260", + Name: "設定ファイル内のパスワード(CWE-260)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "682": { + CweID: "682", + Name: "計算の誤り(CWE-682)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "917": { + CweID: "917", + Name: "言語構文の表現に使用される特殊な要素の不適切な無効化(CWE-917)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "436": { + CweID: "436", + Name: "解釈の競合(CWE-436)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "416": { + CweID: "416", + Name: "解放済みメモリの使用(CWE-416)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "435": { + CweID: "435", + Name: "複数の正しく動作するエンティティ間における不適切な相互作用(CWE-435)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "521": { + CweID: "521", + Name: "脆弱なパスワードの要求(CWE-521)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "36": { + CweID: "36", + Name: "絶対パストラバーサル(CWE-36)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "362": { + CweID: "362", + Name: "競合状態(CWE-362)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "694": { + CweID: "694", + Name: "競合する識別子を使用した複数のリソースの使用(CWE-694)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "385": { + CweID: "385", + Name: "秘密のタイミングチャネル(CWE-385)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "23": { + CweID: "23", + Name: "相対パストラバーサル(CWE-23)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "16": { + CweID: "16", + Name: "環境設定(CWE-16)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "371": { + CweID: "371", + Name: "状態の問題(CWE-371)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "75": { + CweID: "75", + Name: "特殊要素の不適切なサニタイジング(CWE-75)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "271": { + CweID: "271", + Name: "特権の削除/エラーの低下(CWE-271)", Description: "", ExtendedDescription: "", Lang: "ja", @@ -520,23 +352,114 @@ var CweDictJa = map[string]Cwe{ ExtendedDescription: "", Lang: "ja", }, - "123": { - CweID: "123", - Name: "任意の場所に任意の値を書き込むことができる状態(CWE-123)", + "763": { + CweID: "763", + Name: "無効なポインタや参照の解放(CWE-763)", Description: "", ExtendedDescription: "", Lang: "ja", }, - "640": { - CweID: "640", - Name: "パスワードを忘れた場合の脆弱なパスワードリカバリの仕組み(CWE-640)", + "676": { + CweID: "676", + Name: "潜在的に危険な関数の使用(CWE-676)", Description: "", ExtendedDescription: "", Lang: "ja", }, - "93": { - CweID: "93", - Name: "CRLF インジェクション(CWE-93)", + "920": { + CweID: "920", + Name: "消費電力の不適切な制限(CWE-920)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "565": { + CweID: "565", + Name: "検証および完全性チェックを行っていない Cookie への依存(CWE-565)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "305": { + CweID: "305", + Name: "根本の脆弱性による認証回避(CWE-305)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "242": { + CweID: "242", + Name: "本質的に危険な機能の使用(CWE-242)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "252": { + CweID: "252", + Name: "未チェックの戻り値(CWE-252)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "1076": { + CweID: "1076", + Name: "期待した規則への不十分な順守(CWE-1076)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "672": { + CweID: "672", + Name: "有効期限後または解放後のリソースの操作(CWE-672)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "401": { + CweID: "401", + Name: "有効期限後のメモリの解放の欠如(CWE-401)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "775": { + CweID: "775", + Name: "有効期限後のファイル記述子またはハンドルの解放の欠如(CWE-775)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "772": { + CweID: "772", + Name: "有効なライフタイム後のリソースの解放の欠如(CWE-772)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "134": { + CweID: "134", + Name: "書式文字列の問題(CWE-134)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "325": { + CweID: "325", + Name: "暗号化処理の不備(CWE-325)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "310": { + CweID: "310", + Name: "暗号の問題(CWE-310)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "338": { + CweID: "338", + Name: "暗号における脆弱な PRNG の使用(CWE-338)", Description: "", ExtendedDescription: "", Lang: "ja", @@ -548,6 +471,13 @@ var CweDictJa = map[string]Cwe{ ExtendedDescription: "", Lang: "ja", }, + "190": { + CweID: "190", + Name: "整数オーバーフローまたはラップアラウンド(CWE-190)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, "191": { CweID: "191", Name: "整数アンダーフロー(CWE-191)", @@ -555,9 +485,520 @@ var CweDictJa = map[string]Cwe{ ExtendedDescription: "", Lang: "ja", }, - "534": { - CweID: "534", - Name: "デバッグログファイルからの情報漏えい(CWE-534)", + "197": { + CweID: "197", + Name: "数値打ち切り誤差(CWE-197)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "681": { + CweID: "681", + Name: "数値型間の変換の誤り(CWE-681)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "189": { + CweID: "189", + Name: "数値処理の問題(CWE-189)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "199": { + CweID: "199", + Name: "情報管理の問題(CWE-199)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "200": { + CweID: "200", + Name: "情報漏えい(CWE-200)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "noinfo": { + CweID: "noinfo", + Name: "情報不足(CWE-noinfo)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "257": { + CweID: "257", + Name: "復元可能な形式でのパスワード保存(CWE-257)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "916": { + CweID: "916", + Name: "強度が不十分なパスワードハッシュの使用(CWE-916)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "428": { + CweID: "428", + Name: "引用されない検索パスまたは要素(CWE-428)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "88": { + CweID: "88", + Name: "引数の挿入または変更(CWE-88)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "670": { + CweID: "670", + Name: "常に不適切な制御フローの実装(CWE-670)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "353": { + CweID: "353", + Name: "完全性チェックの欠如(CWE-353)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "377": { + CweID: "377", + Name: "安全でない一時ファイル(CWE-377)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "552": { + CweID: "552", + Name: "外部からアクセス可能なファイルまたはディレクトリ(CWE-552)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "412": { + CweID: "412", + Name: "外部からの操作の制限不備(CWE-412)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "453": { + CweID: "453", + Name: "変数の安全ではないデフォルト値への初期化(CWE-453)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "193": { + CweID: "193", + Name: "境界条件の判定(CWE-193)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "125": { + CweID: "125", + Name: "境界外読み取り(CWE-125)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "787": { + CweID: "787", + Name: "境界外書き込み(CWE-787)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "506": { + CweID: "506", + Name: "埋め込まれた悪意のあるコード(CWE-506)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "843": { + CweID: "843", + Name: "型の取り違え(CWE-843)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "820": { + CweID: "820", + Name: "同期の欠如(CWE-820)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "346": { + CweID: "346", + Name: "同一生成元ポリシー違反(CWE-346)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "605": { + CweID: "605", + Name: "同一ポートに複数のソケットをバインドする問題(CWE-605)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "120": { + CweID: "120", + Name: "古典的バッファオーバーフロー(CWE-120)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "357": { + CweID: "357", + Name: "危険な操作に対する不十分な警告(CWE-357)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "749": { + CweID: "749", + Name: "危険なメソッドや機能の公開(CWE-749)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "434": { + CweID: "434", + Name: "危険なタイプのファイルの無制限アップロード(CWE-434)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "915": { + CweID: "915", + Name: "動的に決定されたオブジェクト属性の不適切に制御された変更(CWE-915)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "913": { + CweID: "913", + Name: "動的に操作されるコードリソースの不適切な制御(CWE-913)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "279": { + CweID: "279", + Name: "割り当てられたパーミッションの不適切な実行(CWE-279)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "273": { + CweID: "273", + Name: "削除された特権に対する不適切なチェック(CWE-273)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "770": { + CweID: "770", + Name: "制限またはスロットリング無しのリソースの割り当て(CWE-770)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "774": { + CweID: "774", + Name: "制限またはスロットリング無しのファイル記述子またはハンドルの割り当て(CWE-774)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "427": { + CweID: "427", + Name: "制御されていない検索パスの要素(CWE-427)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "617": { + CweID: "617", + Name: "到達可能なアサーション(CWE-617)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "610": { + CweID: "610", + Name: "別領域リソースに対する外部からの制御可能な参照(CWE-610)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "908": { + CweID: "908", + Name: "初期化されていないリソースの使用(CWE-908)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "1187": { + CweID: "1187", + Name: "初期化されていないリソースの使用(CWE-1187)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "824": { + CweID: "824", + Name: "初期化されていないポインタのアクセス(CWE-824)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "838": { + CweID: "838", + Name: "出力コンテキストの不適切なエンコード(CWE-838)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "115": { + CweID: "115", + Name: "入力の誤った解釈(CWE-115)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "1286": { + CweID: "1286", + Name: "入力の構文的正当性の不適切な検証(CWE-1286)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "349": { + CweID: "349", + Name: "信頼できるデータ受け入れ時の信頼できない無関係なデータの受け入れ(CWE-349)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "426": { + CweID: "426", + Name: "信頼できない検索パス(CWE-426)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "829": { + CweID: "829", + Name: "信頼できない制御領域からの機能の組み込み(CWE-829)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "822": { + CweID: "822", + Name: "信頼できないポインタデリファレンス(CWE-822)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "502": { + CweID: "502", + Name: "信頼できないデータのデシリアライゼーション(CWE-502)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "693": { + CweID: "693", + Name: "保護メカニズムの不具合(CWE-693)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "212": { + CweID: "212", + Name: "保存または転送前の重要な情報の不適切な削除(CWE-212)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "703": { + CweID: "703", + Name: "例外的な状況に対する不適切なチェックまたは処理(CWE-703)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "755": { + CweID: "755", + Name: "例外的な状態における不適切な処理(CWE-755)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "754": { + CweID: "754", + Name: "例外的な状態における不適切なチェック(CWE-754)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "123": { + CweID: "123", + Name: "任意の場所に任意の値を書き込み可能な状態(CWE-123)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "288": { + CweID: "288", + Name: "代替パスまたはチャネルを使用した認証回避(CWE-288)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "87": { + CweID: "87", + Name: "代替 XSS 構文の不適切な無効化(CWE-87)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "415": { + CweID: "415", + Name: "二重解放(CWE-415)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "760": { + CweID: "760", + Name: "予測可能な Salt の一方向ハッシュの使用(CWE-760)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "300": { + CweID: "300", + Name: "中間者の問題(CWE-300)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "358": { + CweID: "358", + Name: "不適切に実装されたセキュリティチェック(CWE-358)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "805": { + CweID: "805", + Name: "不適切な長さの値によるバッファへのアクセス(CWE-805)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "287": { + CweID: "287", + Name: "不適切な認証(CWE-287)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "285": { + CweID: "285", + Name: "不適切な認可(CWE-285)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "707": { + CweID: "707", + Name: "不適切な無害化(CWE-707)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "697": { + CweID: "697", + Name: "不適切な比較(CWE-697)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "266": { + CweID: "266", + Name: "不適切な権限設定(CWE-266)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "269": { + CweID: "269", + Name: "不適切な権限管理(CWE-269)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "79": { + CweID: "79", + Name: "クロスサイトスクリプティング(CWE-79)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "80": { + CweID: "80", + Name: "クロスサイトスクリプティング (Basic XSS)(CWE-80)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "171": { + CweID: "171", + Name: "クレンジング、正規化、および比較エラー(CWE-171)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "470": { + CweID: "470", + Name: "クラスまたはコードを選択する外部から制御された入力の使用(CWE-470)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "603": { + CweID: "603", + Name: "クライアント側認証の使用(CWE-603)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "248": { + CweID: "248", + Name: "キャッチされない例外(CWE-248)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "601": { + CweID: "601", + Name: "オープンリダイレクト(CWE-601)", Description: "", ExtendedDescription: "", Lang: "ja", @@ -569,6 +1010,188 @@ var CweDictJa = map[string]Cwe{ ExtendedDescription: "", Lang: "ja", }, + "322": { + CweID: "322", + Name: "エンティティ認証のない鍵交換(CWE-322)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "172": { + CweID: "172", + Name: "エンコーディングエラー(CWE-172)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "388": { + CweID: "388", + Name: "エラー処理(CWE-388)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "209": { + CweID: "209", + Name: "エラーメッセージによる情報漏えい(CWE-209)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "150": { + CweID: "150", + Name: "エスケープ、メタ、またはコントロールシーケンスの不適切な無効化(CWE-150)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "118": { + CweID: "118", + Name: "インデックス化が可能なリソースの不適切なアクセス (範囲エラー)(CWE-118)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "74": { + CweID: "74", + Name: "インジェクション(CWE-74)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "407": { + CweID: "407", + Name: "アルゴリズムの複雑性(CWE-407)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "757": { + CweID: "757", + Name: "アルゴリズムのダウングレード(CWE-757)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "489": { + CweID: "489", + Name: "アクティブ状態のデバッグコード(CWE-489)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "921": { + CweID: "921", + Name: "アクセス制御のないメカニズムでの重要データの保存(CWE-921)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "Other": { + CweID: "Other", + Name: "その他(CWE-Other)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "643": { + CweID: "643", + Name: "Xpath インジェクション(CWE-643)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "112": { + CweID: "112", + Name: "XML 検証の欠如(CWE-112)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "611": { + CweID: "611", + Name: "XML 外部エンティティ参照の不適切な制限(CWE-611)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "61": { + CweID: "61", + Name: "UNIX Symbolic Link のフォロー(CWE-61)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "367": { + CweID: "367", + Name: "Time-of-check Time-of-use (TOCTOU) 競合状態(CWE-367)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "759": { + CweID: "759", + Name: "Salt を使用しない一方向ハッシュの使用(CWE-759)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "89": { + CweID: "89", + Name: "SQLインジェクション(CWE-89)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "332": { + CweID: "332", + Name: "PRNG における不十分なエントロピー(CWE-332)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "335": { + CweID: "335", + Name: "PRNG におけるシードの不正な使用(CWE-335)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "98": { + CweID: "98", + Name: "PHP リモートファイルインクルージョン(CWE-98)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "78": { + CweID: "78", + Name: "OSコマンドインジェクション(CWE-78)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "476": { + CweID: "476", + Name: "NULL ポインタデリファレンス(CWE-476)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "158": { + CweID: "158", + Name: "NULL バイトまたは NULL キャラクタの不適切な無害化(CWE-158)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, + "90": { + CweID: "90", + Name: "LDAP インジェクション(CWE-90)", + Description: "", + ExtendedDescription: "", + Lang: "ja", + }, "113": { CweID: "113", Name: "HTTP レスポンスの分割(CWE-113)", @@ -583,289 +1206,9 @@ var CweDictJa = map[string]Cwe{ ExtendedDescription: "", Lang: "ja", }, - "757": { - CweID: "757", - Name: "アルゴリズムのダウングレード(CWE-757)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "120": { - CweID: "120", - Name: "古典的バッファオーバーフロー(CWE-120)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "257": { - CweID: "257", - Name: "復元可能な形式でのパスワード保存(CWE-257)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "451": { - CweID: "451", - Name: "ユーザインターフェースにおける重要情報の誤った表示(CWE-451)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "775": { - CweID: "775", - Name: "有効期限後のファイル記述子またはハンドルの解放の欠如(CWE-775)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "332": { - CweID: "332", - Name: "PRNG における不十分なエントロピー(CWE-332)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "749": { - CweID: "749", - Name: "危険なメソッドや機能の公開(CWE-749)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "590": { - CweID: "590", - Name: "ヒープ領域の不適切な解放(CWE-590)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "290": { - CweID: "290", - Name: "スプーフィングによる認証回避(CWE-290)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "843": { - CweID: "843", - Name: "型の取り違え(CWE-843)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "417": { - CweID: "417", - Name: "チャネルおよびパスのエラー(CWE-417)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "410": { - CweID: "410", - Name: "不十分なリソースプール(CWE-410)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "18": { - CweID: "18", - Name: "ソースコード(CWE-18)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "605": { - CweID: "605", - Name: "同一ポートに複数のソケットをバインドする問題(CWE-605)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "682": { - CweID: "682", - Name: "計算の誤り(CWE-682)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "17": { - CweID: "17", - Name: "コード(CWE-17)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "338": { - CweID: "338", - Name: "暗号における脆弱な PRNG の使用(CWE-338)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "358": { - CweID: "358", - Name: "不適切に実装されたセキュリティチェック(CWE-358)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "674": { - CweID: "674", - Name: "不適切な再帰制御(CWE-674)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "412": { - CweID: "412", - Name: "外部からの操作の制限不備(CWE-412)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "378": { - CweID: "378", - Name: "不適切なアクセスパーミションでの一時ファイル作成(CWE-378)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "379": { - CweID: "379", - Name: "不適切なアクセスパーミションのディレクトリに一時ファイル作成(CWE-379)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "302": { - CweID: "302", - Name: "認証回避の脆弱性(CWE-302)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "75": { - CweID: "75", - Name: "特殊要素の不適切なサニタイジング(CWE-75)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "116": { - CweID: "116", - Name: "不適切なエンコード、または出力のエスケープ(CWE-116)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "346": { - CweID: "346", - Name: "同一生成元ポリシー違反(CWE-346)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "521": { - CweID: "521", - Name: "脆弱なパスワードの要求(CWE-521)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "664": { - CweID: "664", - Name: "ライフタイムを通してのリソースの不適切な制御(CWE-664)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "80": { - CweID: "80", - Name: "クロスサイトスクリプティング (Basic XSS)(CWE-80)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "204": { - CweID: "204", - Name: "リクエストに対するレスポンス内容の違いに起因する情報漏えい(CWE-204)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "199": { - CweID: "199", - Name: "情報管理の問題(CWE-199)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "88": { - CweID: "88", - Name: "引数の挿入または変更(CWE-88)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "407": { - CweID: "407", - Name: "アルゴリズムの複雑性(CWE-407)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "913": { - CweID: "913", - Name: "動的に操作されるコードリソースの不適切な制御(CWE-913)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "118": { - CweID: "118", - Name: "インデックス化が可能なリソースの不適切なアクセス (範囲エラー)(CWE-118)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "427": { - CweID: "427", - Name: "制御されていない検索パスの要素(CWE-427)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "485": { - CweID: "485", - Name: "不十分なカプセル化(CWE-485)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "494": { - CweID: "494", - Name: "ダウンロードしたコードの完全性検証不備(CWE-494)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "639": { - CweID: "639", - Name: "ユーザ制御の鍵による認証回避(CWE-639)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "99": { - CweID: "99", - Name: "リソースの挿入(CWE-99)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "276": { - CweID: "276", - Name: "不適切なデフォルトパーミッション(CWE-276)", + "644": { + CweID: "644", + Name: "HTTP ヘッダのスクリプト構文の不適切な無効化(CWE-644)", Description: "", ExtendedDescription: "", Lang: "ja", @@ -877,135 +1220,37 @@ var CweDictJa = map[string]Cwe{ ExtendedDescription: "", Lang: "ja", }, - "260": { - CweID: "260", - Name: "設定ファイル内のパスワード(CWE-260)", + "776": { + CweID: "776", + Name: "DTD の再帰的なエンティティ参照の不適切な制限(CWE-776)", Description: "", ExtendedDescription: "", Lang: "ja", }, - "836": { - CweID: "836", - Name: "パスワードの代わりにパスワードハッシュを使用する認証(CWE-836)", + "294": { + CweID: "294", + Name: "Capture-replay による認証回避(CWE-294)", Description: "", ExtendedDescription: "", Lang: "ja", }, - "943": { - CweID: "943", - Name: "データクエリロジックの特殊要素の不適切な中立化(CWE-943)", + "nocwe": { + CweID: "nocwe", + Name: "CWE以外(CWE-nocwe)", Description: "", ExtendedDescription: "", Lang: "ja", }, - "665": { - CweID: "665", - Name: "不適切な初期化(CWE-665)", + "1236": { + CweID: "1236", + Name: "CSV ファイル内の数式要素の不適切な中和(CWE-1236)", Description: "", ExtendedDescription: "", Lang: "ja", }, - "769": { - CweID: "769", - Name: "ファイル記述子の枯渇(CWE-769)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "522": { - CweID: "522", - Name: "認証情報の不十分な保護(CWE-522)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "693": { - CweID: "693", - Name: "保護メカニズムの不具合(CWE-693)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "538": { - CweID: "538", - Name: "ファイルおよびディレクトリ情報の漏えい(CWE-538)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "863": { - CweID: "863", - Name: "不正な認証(CWE-863)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "862": { - CweID: "862", - Name: "認証の欠如(CWE-862)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "321": { - CweID: "321", - Name: "ハードコードされた暗号鍵の使用(CWE-321)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "1": { - CweID: "1", - Name: "ロケーション(CWE-1)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "354": { - CweID: "354", - Name: "データの整合性検証不備(CWE-354)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "552": { - CweID: "552", - Name: "外部からアクセス可能なファイルまたはディレクトリ(CWE-552)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "297": { - CweID: "297", - Name: "ホストの不一致による証明書の不適切な検証(CWE-297)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "150": { - CweID: "150", - Name: "エスケープ、メタ、またはコントロールシーケンスの不適切な無効化(CWE-150)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "371": { - CweID: "371", - Name: "状態の問題(CWE-371)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "203": { - CweID: "203", - Name: "セキュリティ関連の処理に対するレスポンスの違いに起因する情報漏えい(CWE-203)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, - "208": { - CweID: "208", - Name: "タイミングの違いに起因する情報漏えい(CWE-208)", + "93": { + CweID: "93", + Name: "CRLF インジェクション(CWE-93)", Description: "", ExtendedDescription: "", Lang: "ja", @@ -1017,11 +1262,4 @@ var CweDictJa = map[string]Cwe{ ExtendedDescription: "", Lang: "ja", }, - "21": { - CweID: "21", - Name: "パス名トラバーサルおよび同値エラー(CWE-21)", - Description: "", - ExtendedDescription: "", - Lang: "ja", - }, } diff --git a/cwe/owasp.go b/cwe/owasp.go index 3f3466da..35d50563 100644 --- a/cwe/owasp.go +++ b/cwe/owasp.go @@ -1,7 +1,12 @@ package cwe -// OwaspTopTen2017 has CWE-ID in OWSP Top 10 -var OwaspTopTen2017 = map[string]string{ +// OwaspTopTens has CWE-ID in OWASP Top 10 +var OwaspTopTens = map[string]map[string]string{ + "2017": owaspTopTen2017, + "2021": owaspTopTen2021, +} + +var owaspTopTen2017 = map[string]string{ "77": "1", "89": "1", "564": "1", @@ -36,30 +41,265 @@ var OwaspTopTen2017 = map[string]string{ "778": "10", } -// OwaspTopTen2017GitHubURLEn has GitHub links -var OwaspTopTen2017GitHubURLEn = map[string]string{ - "1": "https://github.com/OWASP/Top10/blob/master/2017/en/0xa1-injection.md", - "2": "https://github.com/OWASP/Top10/blob/master/2017/en/0xa2-broken-authentication.md", - "3": "https://github.com/OWASP/Top10/blob/master/2017/en/0xa3-sensitive-data-disclosure.md", - "4": "https://github.com/OWASP/Top10/blob/master/2017/en/0xa4-xxe.md", - "5": "https://github.com/OWASP/Top10/blob/master/2017/en/0xa5-broken-access-control.md", - "6": "https://github.com/OWASP/Top10/blob/master/2017/en/0xa6-security-misconfiguration.md", - "7": "https://github.com/OWASP/Top10/blob/master/2017/en/0xa7-xss.md", - "8": "https://github.com/OWASP/Top10/blob/master/2017/en/0xa8-insecure-deserialization.md", - "9": "https://github.com/OWASP/Top10/blob/master/2017/en/0xa9-known-vulns.md", - "10": "https://github.com/OWASP/Top10/blob/master/2017/en/0xaa-logging-detection-response.md", +var owaspTopTen2021 = map[string]string{ + "22": "1", + "23": "1", + "35": "1", + "59": "1", + "200": "1", + "201": "1", + "219": "1", + "264": "1", + "275": "1", + "276": "1", + "284": "1", + "285": "1", + "352": "1", + "359": "1", + "377": "1", + "402": "1", + "425": "1", + "441": "1", + "497": "1", + "538": "1", + "540": "1", + "552": "1", + "566": "1", + "601": "1", + "639": "1", + "651": "1", + "668": "1", + "706": "1", + "862": "1", + "863": "1", + "913": "1", + "922": "1", + "1275": "1", + + "261": "2", + "296": "2", + "310": "2", + "319": "2", + "321": "2", + "322": "2", + "323": "2", + "324": "2", + "325": "2", + "326": "2", + "327": "2", + "328": "2", + "329": "2", + "330": "2", + "331": "2", + "335": "2", + "336": "2", + "337": "2", + "338": "2", + "340": "2", + "347": "2", + "523": "2", + "720": "2", + "757": "2", + "759": "2", + "760": "2", + "780": "2", + "818": "2", + "916": "2", + + "20": "3", + "74": "3", + "75": "3", + "77": "3", + "78": "3", + "79": "3", + "80": "3", + "83": "3", + "87": "3", + "88": "3", + "89": "3", + "90": "3", + "91": "3", + "93": "3", + "94": "3", + "95": "3", + "96": "3", + "97": "3", + "98": "3", + "99": "3", + "100": "3", + "113": "3", + "116": "3", + "138": "3", + "184": "3", + "470": "3", + "471": "3", + "564": "3", + "610": "3", + "643": "3", + "644": "3", + "652": "3", + "917": "3", + + "73": "4", + "183": "4", + "209": "4", + "213": "4", + "235": "4", + "256": "4", + "257": "4", + "266": "4", + "269": "4", + "280": "4", + "311": "4", + "312": "4", + "313": "4", + "316": "4", + "419": "4", + "430": "4", + "434": "4", + "444": "4", + "451": "4", + "472": "4", + "501": "4", + "522": "4", + "525": "4", + "539": "4", + "579": "4", + "598": "4", + "602": "4", + "642": "4", + "646": "4", + "650": "4", + "653": "4", + "656": "4", + "657": "4", + "799": "4", + "807": "4", + "840": "4", + "841": "4", + "927": "4", + "1021": "4", + "1173": "4", + + "2": "5", + "11": "5", + "13": "5", + "15": "5", + "16": "5", + "260": "5", + "315": "5", + "520": "5", + "526": "5", + "537": "5", + "541": "5", + "547": "5", + "611": "5", + "614": "5", + "756": "5", + "776": "5", + "942": "5", + "1004": "5", + "1032": "5", + "1174": "5", + + "937": "6", + "1035": "6", + "1104": "6", + + "255": "7", + "259": "7", + "287": "7", + "288": "7", + "290": "7", + "294": "7", + "295": "7", + "297": "7", + "300": "7", + "302": "7", + "304": "7", + "306": "7", + "307": "7", + "346": "7", + "384": "7", + "521": "7", + "613": "7", + "620": "7", + "640": "7", + "798": "7", + "940": "7", + "1216": "7", + + "345": "8", + "353": "8", + "426": "8", + "494": "8", + "502": "8", + "565": "8", + "784": "8", + "829": "8", + "830": "8", + "915": "8", + + "117": "9", + "223": "9", + "532": "9", + "778": "9", + + "918": "10", } -// OwaspTopTen2017GitHubURLJa has GitHub links -var OwaspTopTen2017GitHubURLJa = map[string]string{ - "1": "https://github.com/OWASP/Top10/blob/master/2017/ja/0xa1-injection.md", - "2": "https://github.com/OWASP/Top10/blob/master/2017/ja/0xa2-broken-authentication.md", - "3": "https://github.com/OWASP/Top10/blob/master/2017/ja/0xa3-sensitive-data-disclosure.md", - "4": "https://github.com/OWASP/Top10/blob/master/2017/ja/0xa4-xxe.md", - "5": "https://github.com/OWASP/Top10/blob/master/2017/ja/0xa5-broken-access-control.md", - "6": "https://github.com/OWASP/Top10/blob/master/2017/ja/0xa6-security-misconfiguration.md", - "7": "https://github.com/OWASP/Top10/blob/master/2017/ja/0xa7-xss.md", - "8": "https://github.com/OWASP/Top10/blob/master/2017/ja/0xa8-insecure-deserialization.md", - "9": "https://github.com/OWASP/Top10/blob/master/2017/ja/0xa9-known-vulns.md", - "10": "https://github.com/OWASP/Top10/blob/master/2017/ja/0xaa-logging-detection-response.md", +// OwaspTopTenURLsEn has GitHub links +var OwaspTopTenURLsEn = map[string]map[string]string{ + "2017": { + "1": "https://github.com/OWASP/Top10/blob/master/2017/en/0xa1-injection.md", + "2": "https://github.com/OWASP/Top10/blob/master/2017/en/0xa2-broken-authentication.md", + "3": "https://github.com/OWASP/Top10/blob/master/2017/en/0xa3-sensitive-data-disclosure.md", + "4": "https://github.com/OWASP/Top10/blob/master/2017/en/0xa4-xxe.md", + "5": "https://github.com/OWASP/Top10/blob/master/2017/en/0xa5-broken-access-control.md", + "6": "https://github.com/OWASP/Top10/blob/master/2017/en/0xa6-security-misconfiguration.md", + "7": "https://github.com/OWASP/Top10/blob/master/2017/en/0xa7-xss.md", + "8": "https://github.com/OWASP/Top10/blob/master/2017/en/0xa8-insecure-deserialization.md", + "9": "https://github.com/OWASP/Top10/blob/master/2017/en/0xa9-known-vulns.md", + "10": "https://github.com/OWASP/Top10/blob/master/2017/en/0xaa-logging-detection-response.md", + }, + "2021": { + "1": "https://github.com/OWASP/Top10/blob/master/2021/docs/A01_2021-Broken_Access_Control.md", + "2": "https://github.com/OWASP/Top10/blob/master/2021/docs/A02_2021-Cryptographic_Failures.md", + "3": "https://github.com/OWASP/Top10/blob/master/2021/docs/A03_2021-Injection.md", + "4": "https://github.com/OWASP/Top10/blob/master/2021/docs/A04_2021-Insecure_Design.md", + "5": "https://github.com/OWASP/Top10/blob/master/2021/docs/A05_2021-Security_Misconfiguration.md", + "6": "https://github.com/OWASP/Top10/blob/master/2021/docs/A06_2021-Vulnerable_and_Outdated_Components.md", + "7": "https://github.com/OWASP/Top10/blob/master/2021/docs/A07_2021-Identification_and_Authentication_Failures.md", + "8": "https://github.com/OWASP/Top10/blob/master/2021/docs/A08_2021-Software_and_Data_Integrity_Failures.md", + "9": "https://github.com/OWASP/Top10/blob/master/2021/docs/A09_2021-Security_Logging_and_Monitoring_Failures.md", + "10": "https://github.com/OWASP/Top10/blob/master/2021/docs/A10_2021-Server-Side_Request_Forgery_(SSRF).md", + }, +} + +// OwaspTopTenURLsJa has GitHub links +var OwaspTopTenURLsJa = map[string]map[string]string{ + "2017": { + "1": "https://github.com/OWASP/Top10/blob/master/2017/ja/0xa1-injection.md", + "2": "https://github.com/OWASP/Top10/blob/master/2017/ja/0xa2-broken-authentication.md", + "3": "https://github.com/OWASP/Top10/blob/master/2017/ja/0xa3-sensitive-data-disclosure.md", + "4": "https://github.com/OWASP/Top10/blob/master/2017/ja/0xa4-xxe.md", + "5": "https://github.com/OWASP/Top10/blob/master/2017/ja/0xa5-broken-access-control.md", + "6": "https://github.com/OWASP/Top10/blob/master/2017/ja/0xa6-security-misconfiguration.md", + "7": "https://github.com/OWASP/Top10/blob/master/2017/ja/0xa7-xss.md", + "8": "https://github.com/OWASP/Top10/blob/master/2017/ja/0xa8-insecure-deserialization.md", + "9": "https://github.com/OWASP/Top10/blob/master/2017/ja/0xa9-known-vulns.md", + "10": "https://github.com/OWASP/Top10/blob/master/2017/ja/0xaa-logging-detection-response.md", + }, + "2021": { + "1": "https://github.com/OWASP/Top10/blob/master/2021/docs/A01_2021-Broken_Access_Control.ja.md", + "2": "https://github.com/OWASP/Top10/blob/master/2021/docs/A02_2021-Cryptographic_Failures.ja.md", + "3": "https://github.com/OWASP/Top10/blob/master/2021/docs/A03_2021-Injection.ja.md", + "4": "https://github.com/OWASP/Top10/blob/master/2021/docs/A04_2021-Insecure_Design.ja.md", + "5": "https://github.com/OWASP/Top10/blob/master/2021/docs/A05_2021-Security_Misconfiguration.ja.md", + "6": "https://github.com/OWASP/Top10/blob/master/2021/docs/A06_2021-Vulnerable_and_Outdated_Components.ja.md", + "7": "https://github.com/OWASP/Top10/blob/master/2021/docs/A07_2021-Identification_and_Authentication_Failures.ja.md", + "8": "https://github.com/OWASP/Top10/blob/master/2021/docs/A08_2021-Software_and_Data_Integrity_Failures.ja.md", + "9": "https://github.com/OWASP/Top10/blob/master/2021/docs/A09_2021-Security_Logging_and_Monitoring_Failures.ja.md", + "10": "https://github.com/OWASP/Top10/blob/master/2021/docs/A10_2021-Server-Side_Request_Forgery_(SSRF).ja.md", + }, } diff --git a/cwe/sans.go b/cwe/sans.go index 01bbfefd..a6877cf8 100644 --- a/cwe/sans.go +++ b/cwe/sans.go @@ -1,7 +1,41 @@ package cwe -// SansTopTwentyfive has CWE-ID in CWE/SANS Top 25 -var SansTopTwentyfive = map[string]string{ +// SansTopTwentyfives has CWE-ID in CWE/SANS Top 25 +var SansTopTwentyfives = map[string]map[string]string{ + "2010": sansTopTwentyfive2010, + "2011": sansTopTwentyfive2011, + "latest": sansTopTwentyfiveLatest, +} + +var sansTopTwentyfive2010 = map[string]string{ + "79": "1", + "89": "2", + "120": "3", + "352": "4", + "285": "5", + "807": "6", + "22": "7", + "434": "8", + "78": "9", + "311": "10", + "798": "11", + "805": "12", + "98": "13", + "129": "14", + "754": "15", + "209": "16", + "190": "17", + "131": "18", + "306": "19", + "494": "20", + "732": "21", + "770": "22", + "601": "23", + "327": "24", + "362": "25", +} + +var sansTopTwentyfive2011 = map[string]string{ "89": "1", "78": "2", "120": "3", @@ -29,5 +63,37 @@ var SansTopTwentyfive = map[string]string{ "759": "25", } -// SansTopTwentyfiveURL is a URL of sans 25 -var SansTopTwentyfiveURL = "https://www.sans.org/top25-software-errors/" +var sansTopTwentyfiveLatest = map[string]string{ + "119": "1", + "79": "2", + "20": "3", + "200": "4", + "125": "5", + "89": "6", + "416": "7", + "190": "8", + "352": "9", + "22": "10", + "78": "11", + "787": "12", + "287": "13", + "476": "14", + "732": "15", + "434": "16", + "611": "17", + "94": "18", + "798": "19", + "400": "20", + "772": "21", + "426": "22", + "502": "23", + "269": "24", + "295": "25", +} + +// SansTopTwentyfiveURLs has CWE/SANS Top25 links +var SansTopTwentyfiveURLs = map[string]string{ + "2010": "https://cwe.mitre.org/top25/archive/2010/2010_cwe_sans_top25.html", + "2011": "https://cwe.mitre.org/top25/archive/2011/2011_cwe_sans_top25.html", + "latest": "https://www.sans.org/top25-software-errors/", +} diff --git a/detector/detector.go b/detector/detector.go index 0ceda39c..6717e1f1 100644 --- a/detector/detector.go +++ b/detector/detector.go @@ -567,17 +567,13 @@ func FillCweDict(r *models.ScanResult) { dict := map[string]models.CweDictEntry{} for id := range uniqCweIDMap { - entry := models.CweDictEntry{} + entry := models.CweDictEntry{ + OwaspTopTens: map[string]string{}, + CweTopTwentyfives: map[string]string{}, + SansTopTwentyfives: map[string]string{}, + } if e, ok := cwe.CweDictEn[id]; ok { - if rank, ok := cwe.OwaspTopTen2017[id]; ok { - entry.OwaspTopTen2017 = rank - } - if rank, ok := cwe.CweTopTwentyfive2019[id]; ok { - entry.CweTopTwentyfive2019 = rank - } - if rank, ok := cwe.SansTopTwentyfive[id]; ok { - entry.SansTopTwentyfive = rank - } + fillCweRank(&entry, id) entry.En = &e } else { logging.Log.Debugf("CWE-ID %s is not found in English CWE Dict", id) @@ -586,23 +582,34 @@ func FillCweDict(r *models.ScanResult) { if r.Lang == "ja" { if e, ok := cwe.CweDictJa[id]; ok { - if rank, ok := cwe.OwaspTopTen2017[id]; ok { - entry.OwaspTopTen2017 = rank - } - if rank, ok := cwe.CweTopTwentyfive2019[id]; ok { - entry.CweTopTwentyfive2019 = rank - } - if rank, ok := cwe.SansTopTwentyfive[id]; ok { - entry.SansTopTwentyfive = rank - } + fillCweRank(&entry, id) entry.Ja = &e } else { logging.Log.Debugf("CWE-ID %s is not found in Japanese CWE Dict", id) entry.Ja = &cwe.Cwe{CweID: id} } } + dict[id] = entry } r.CweDict = dict return } + +func fillCweRank(entry *models.CweDictEntry, id string) { + for year, ranks := range cwe.OwaspTopTens { + if rank, ok := ranks[id]; ok { + entry.OwaspTopTens[year] = rank + } + } + for year, ranks := range cwe.CweTopTwentyfives { + if rank, ok := ranks[id]; ok { + entry.CweTopTwentyfives[year] = rank + } + } + for year, ranks := range cwe.SansTopTwentyfives { + if rank, ok := ranks[id]; ok { + entry.SansTopTwentyfives[year] = rank + } + } +} diff --git a/models/scanresults.go b/models/scanresults.go index 8b657318..e0e7a818 100644 --- a/models/scanresults.go +++ b/models/scanresults.go @@ -436,23 +436,23 @@ func (r *ScanResult) SortForJSONOutput() { // CweDict is a dictionary for CWE type CweDict map[string]CweDictEntry +// AttentionCWE has OWASP TOP10, CWE TOP25, CWE/SANS TOP25 rank and url +type AttentionCWE struct { + Rank string + URL string +} + // Get the name, url, top10URL for the specified cweID, lang -func (c CweDict) Get(cweID, lang string) (name, url, top10Rank, top10URL, cweTop25Rank, cweTop25URL, sansTop25Rank, sansTop25URL string) { +func (c CweDict) Get(cweID, lang string) (name, url string, owasp, cwe25, sans map[string]AttentionCWE) { cweNum := strings.TrimPrefix(cweID, "CWE-") + dict, ok := c[cweNum] + if !ok { + return + } + + owasp, cwe25, sans = fillAttentionCwe(dict, lang) switch lang { case "ja": - if dict, ok := c[cweNum]; ok && dict.OwaspTopTen2017 != "" { - top10Rank = dict.OwaspTopTen2017 - top10URL = cwe.OwaspTopTen2017GitHubURLJa[dict.OwaspTopTen2017] - } - if dict, ok := c[cweNum]; ok && dict.CweTopTwentyfive2019 != "" { - cweTop25Rank = dict.CweTopTwentyfive2019 - cweTop25URL = cwe.CweTopTwentyfive2019URL - } - if dict, ok := c[cweNum]; ok && dict.SansTopTwentyfive != "" { - sansTop25Rank = dict.SansTopTwentyfive - sansTop25URL = cwe.SansTopTwentyfiveURL - } if dict, ok := cwe.CweDictJa[cweNum]; ok { name = dict.Name url = fmt.Sprintf("http://jvndb.jvn.jp/ja/cwe/%s.html", cweID) @@ -463,18 +463,6 @@ func (c CweDict) Get(cweID, lang string) (name, url, top10Rank, top10URL, cweTop url = fmt.Sprintf("https://cwe.mitre.org/data/definitions/%s.html", cweID) } default: - if dict, ok := c[cweNum]; ok && dict.OwaspTopTen2017 != "" { - top10Rank = dict.OwaspTopTen2017 - top10URL = cwe.OwaspTopTen2017GitHubURLEn[dict.OwaspTopTen2017] - } - if dict, ok := c[cweNum]; ok && dict.CweTopTwentyfive2019 != "" { - cweTop25Rank = dict.CweTopTwentyfive2019 - cweTop25URL = cwe.CweTopTwentyfive2019URL - } - if dict, ok := c[cweNum]; ok && dict.SansTopTwentyfive != "" { - sansTop25Rank = dict.SansTopTwentyfive - sansTop25URL = cwe.SansTopTwentyfiveURL - } url = fmt.Sprintf("https://cwe.mitre.org/data/definitions/%s.html", cweID) if dict, ok := cwe.CweDictEn[cweNum]; ok { name = dict.Name @@ -483,11 +471,47 @@ func (c CweDict) Get(cweID, lang string) (name, url, top10Rank, top10URL, cweTop return } +func fillAttentionCwe(dict CweDictEntry, lang string) (owasp, cwe25, sans map[string]AttentionCWE) { + owasp, cwe25, sans = map[string]AttentionCWE{}, map[string]AttentionCWE{}, map[string]AttentionCWE{} + switch lang { + case "ja": + for year, rank := range dict.OwaspTopTens { + owasp[year] = AttentionCWE{ + Rank: rank, + URL: cwe.OwaspTopTenURLsJa[year][rank], + } + } + default: + for year, rank := range dict.OwaspTopTens { + owasp[year] = AttentionCWE{ + Rank: rank, + URL: cwe.OwaspTopTenURLsEn[year][rank], + } + } + } + + for year, rank := range dict.CweTopTwentyfives { + cwe25[year] = AttentionCWE{ + Rank: rank, + URL: cwe.CweTopTwentyfiveURLs[year], + } + } + + for year, rank := range dict.SansTopTwentyfives { + sans[year] = AttentionCWE{ + Rank: rank, + URL: cwe.SansTopTwentyfiveURLs[year], + } + } + + return +} + // CweDictEntry is a entry of CWE type CweDictEntry struct { - En *cwe.Cwe `json:"en,omitempty"` - Ja *cwe.Cwe `json:"ja,omitempty"` - OwaspTopTen2017 string `json:"owaspTopTen2017"` - CweTopTwentyfive2019 string `json:"cweTopTwentyfive2019"` - SansTopTwentyfive string `json:"sansTopTwentyfive"` + En *cwe.Cwe `json:"en,omitempty"` + Ja *cwe.Cwe `json:"ja,omitempty"` + OwaspTopTens map[string]string `json:"owaspTopTens"` + CweTopTwentyfives map[string]string `json:"cweTopTwentyfives"` + SansTopTwentyfives map[string]string `json:"sansTopTwentyfives"` } diff --git a/reporter/slack.go b/reporter/slack.go index 3ee68d80..ee0842ad 100644 --- a/reporter/slack.go +++ b/reporter/slack.go @@ -326,23 +326,19 @@ func (w SlackWriter) attachmentText(vinfo models.VulnInfo, cweDict map[string]mo func (w SlackWriter) cweIDs(vinfo models.VulnInfo, osFamily string, cweDict models.CweDict) string { links := []string{} for _, c := range vinfo.CveContents.UniqCweIDs(osFamily) { - name, url, top10Rank, top10URL, cweTop25Rank, cweTop25URL, sansTop25Rank, sansTop25URL := cweDict.Get(c.Value, w.lang) - line := "" - if top10Rank != "" { - line = fmt.Sprintf("<%s|[OWASP Top %s]>", - top10URL, top10Rank) + name, url, owasp, cwe25, sans := cweDict.Get(c.Value, w.lang) + line := fmt.Sprintf("<%s|%s>: %s", url, c.Value, name) + for year, info := range owasp { + links = append(links, fmt.Sprintf("<%s|[OWASP(%s) Top %s]> %s", info.URL, year, info.Rank, line)) } - if cweTop25Rank != "" { - line = fmt.Sprintf("<%s|[CWE Top %s]>", - cweTop25URL, cweTop25Rank) + for year, info := range cwe25 { + links = append(links, fmt.Sprintf("<%s|[CWE(%s) Top %s]> %s", info.URL, year, info.Rank, line)) } - if sansTop25Rank != "" { - line = fmt.Sprintf("<%s|[CWE/SANS Top %s]>", - sansTop25URL, sansTop25Rank) + for year, info := range sans { + links = append(links, fmt.Sprintf("<%s|[CWE/SANS(%s) Top %s]> %s", info.URL, year, info.Rank, line)) } - if top10Rank == "" && cweTop25Rank == "" && sansTop25Rank == "" { - links = append(links, fmt.Sprintf("%s <%s|%s>: %s", - line, url, c.Value, name)) + if len(owasp) == 0 && len(cwe25) == 0 && len(sans) == 0 { + links = append(links, line) } } return strings.Join(links, "\n") diff --git a/reporter/util.go b/reporter/util.go index b00685d6..05544c2e 100644 --- a/reporter/util.go +++ b/reporter/util.go @@ -19,6 +19,7 @@ import ( "github.com/future-architect/vuls/models" "github.com/gosuri/uitable" "github.com/olekukonko/tablewriter" + "golang.org/x/exp/slices" "golang.org/x/xerrors" ) @@ -432,31 +433,42 @@ No CVE-IDs are found in updatable packages. data = append(data, []string{"Confidence", confidence.String()}) } - cweURLs, top10URLs := []string{}, []string{} - cweTop25URLs, sansTop25URLs := []string{}, []string{} + cweURLs, top10URLs, cweTop25URLs, sansTop25URLs := []string{}, map[string][]string{}, map[string][]string{}, map[string][]string{} for _, v := range vuln.CveContents.UniqCweIDs(r.Family) { - name, url, top10Rank, top10URL, cweTop25Rank, cweTop25URL, sansTop25Rank, sansTop25URL := r.CweDict.Get(v.Value, r.Lang) - if top10Rank != "" { - data = append(data, []string{"CWE", - fmt.Sprintf("[OWASP Top%s] %s: %s (%s)", - top10Rank, v.Value, name, v.Type)}) - top10URLs = append(top10URLs, top10URL) + name, url, owasp, cwe25, sans := r.CweDict.Get(v.Value, r.Lang) + + ds := [][]string{} + for year, info := range owasp { + ds = append(ds, []string{"CWE", fmt.Sprintf("[OWASP(%s) Top%s] %s: %s (%s)", year, info.Rank, v.Value, name, v.Type)}) + top10URLs[year] = append(top10URLs[year], info.URL) } - if cweTop25Rank != "" { - data = append(data, []string{"CWE", - fmt.Sprintf("[CWE Top%s] %s: %s (%s)", - cweTop25Rank, v.Value, name, v.Type)}) - cweTop25URLs = append(cweTop25URLs, cweTop25URL) + slices.SortFunc(ds, func(a, b []string) bool { + return a[1] < b[1] + }) + data = append(data, ds...) + + ds = [][]string{} + for year, info := range cwe25 { + ds = append(ds, []string{"CWE", fmt.Sprintf("[CWE(%s) Top%s] %s: %s (%s)", year, info.Rank, v.Value, name, v.Type)}) + cweTop25URLs[year] = append(cweTop25URLs[year], info.URL) } - if sansTop25Rank != "" { - data = append(data, []string{"CWE", - fmt.Sprintf("[CWE/SANS Top%s] %s: %s (%s)", - sansTop25Rank, v.Value, name, v.Type)}) - sansTop25URLs = append(sansTop25URLs, sansTop25URL) + slices.SortFunc(ds, func(a, b []string) bool { + return a[1] < b[1] + }) + data = append(data, ds...) + + ds = [][]string{} + for year, info := range sans { + ds = append(ds, []string{"CWE", fmt.Sprintf("[CWE/SANS(%s) Top%s] %s: %s (%s)", year, info.Rank, v.Value, name, v.Type)}) + sansTop25URLs[year] = append(sansTop25URLs[year], info.URL) } - if top10Rank == "" && cweTop25Rank == "" && sansTop25Rank == "" { - data = append(data, []string{"CWE", fmt.Sprintf("%s: %s (%s)", - v.Value, name, v.Type)}) + slices.SortFunc(ds, func(a, b []string) bool { + return a[1] < b[1] + }) + data = append(data, ds...) + + if len(owasp) == 0 && len(cwe25) == 0 && len(sans) == 0 { + data = append(data, []string{"CWE", fmt.Sprintf("%s: %s (%s)", v.Value, name, v.Type)}) } cweURLs = append(cweURLs, url) } @@ -474,15 +486,34 @@ No CVE-IDs are found in updatable packages. m[exploit.URL] = struct{}{} } - for _, url := range top10URLs { - data = append(data, []string{"OWASP Top10", url}) + for year, urls := range top10URLs { + ds := [][]string{} + for _, url := range urls { + ds = append(ds, []string{fmt.Sprintf("OWASP(%s) Top10", year), url}) + } + slices.SortFunc(ds, func(a, b []string) bool { + return a[0] < b[0] + }) + data = append(data, ds...) } - if len(cweTop25URLs) != 0 { - data = append(data, []string{"CWE Top25", cweTop25URLs[0]}) + + ds := [][]string{} + for year, urls := range cweTop25URLs { + ds = append(ds, []string{fmt.Sprintf("CWE(%s) Top25", year), urls[0]}) } - if len(sansTop25URLs) != 0 { - data = append(data, []string{"SANS/CWE Top25", sansTop25URLs[0]}) + slices.SortFunc(ds, func(a, b []string) bool { + return a[0] < b[0] + }) + data = append(data, ds...) + + ds = [][]string{} + for year, urls := range sansTop25URLs { + ds = append(ds, []string{fmt.Sprintf("SANS/CWE(%s) Top25", year), urls[0]}) } + slices.SortFunc(ds, func(a, b []string) bool { + return a[0] < b[0] + }) + data = append(data, ds...) for _, alert := range vuln.AlertDict.CISA { data = append(data, []string{"CISA Alert", alert.URL})